package com.sun.identity.wsfederation.common;

import com.sun.identity.multiprotocol.SingleLogoutManager;
import com.sun.identity.plugin.datastore.DataStoreProvider;
import com.sun.identity.plugin.datastore.DataStoreProviderException;
import com.sun.identity.plugin.datastore.DataStoreProviderManager;
import com.sun.identity.plugin.session.SessionException;
import com.sun.identity.plugin.session.SessionManager;
import com.sun.identity.plugin.session.SessionProvider;
import com.sun.identity.saml.assertion.Assertion;
import com.sun.identity.saml.assertion.NameIdentifier;
import com.sun.identity.saml.xmlsig.XMLSignatureManager;
import com.sun.identity.saml2.common.SAML2Constants;
import com.sun.identity.saml2.common.SAML2Exception;
import com.sun.identity.saml2.common.SAML2Utils;
import com.sun.identity.saml2.xmlsig.SigManager;
import com.sun.identity.shared.DateUtils;
import com.sun.identity.shared.debug.Debug;
import com.sun.identity.shared.locale.Locale;
import com.sun.identity.wsfederation.jaxb.entityconfig.IDPSSOConfigElement;
import com.sun.identity.wsfederation.key.KeyUtil;
import com.sun.identity.wsfederation.logging.LogUtil;
import com.sun.identity.wsfederation.meta.WSFederationMetaException;
import com.sun.identity.wsfederation.meta.WSFederationMetaManager;
import com.sun.identity.wsfederation.meta.WSFederationMetaUtils;
import com.sun.identity.wsfederation.plugins.IDPAccountMapper;
import com.sun.identity.wsfederation.plugins.IDPAttributeMapper;
import com.sun.identity.wsfederation.plugins.whitelist.ValidWReplyExtractor;
import com.sun.identity.wsfederation.profile.SAML11RequestedSecurityToken;
import java.io.IOException;
import java.security.cert.X509Certificate;
import java.text.ParseException;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.ResourceBundle;
import java.util.logging.Level;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.forgerock.openam.shared.security.whitelist.RedirectUrlValidator;
import org.forgerock.openam.utils.StringUtils;
import org.forgerock.openam.utils.Time;

/* loaded from: input_file:com/sun/identity/wsfederation/common/WSFederationUtils.class */
public class WSFederationUtils {
    private static WSFederationMetaManager metaManager;
    public static DataStoreProvider dsProvider;
    public static SessionProvider sessionProvider;
    public static Debug debug = Debug.getInstance(WSFederationConstants.AM_WSFEDERATION);
    public static ResourceBundle bundle = Locale.getInstallResourceBundle(WSFederationConstants.BUNDLE_NAME);
    private static HashMap wctxMap = new HashMap();
    private static final RedirectUrlValidator<ValidWReplyExtractor.WSFederationEntityInfo> WREPLY_VALIDATOR = new RedirectUrlValidator<>(new ValidWReplyExtractor());

    private WSFederationUtils() {
    }

    public static WSFederationMetaManager getMetaManager() {
        return metaManager;
    }

    public static String accountRealmFromUserAgent(String str, String str2) {
        int indexOf = str.indexOf(40);
        if (indexOf == -1) {
            if (!debug.warningEnabled()) {
                return null;
            }
            debug.warning("WSFederationUtils.accountRealmFromUserAgentCan't find left bracket");
            return null;
        }
        int lastIndexOf = str.lastIndexOf(41);
        if (lastIndexOf == -1 || lastIndexOf < indexOf) {
            if (!debug.warningEnabled()) {
                return null;
            }
            debug.warning("WSFederationUtils.accountRealmFromUserAgentCan't find right bracket");
            return null;
        }
        String substring = str.substring(indexOf + 1, lastIndexOf);
        if (substring.length() == 0) {
            if (!debug.warningEnabled()) {
                return null;
            }
            debug.warning("WSFederationUtils.accountRealmFromUserAgentzero length between brackets");
            return null;
        }
        String[] split = substring.split("[\\s]*;[\\s]*");
        if (split == null) {
            if (!debug.warningEnabled()) {
                return null;
            }
            debug.warning("WSFederationUtils.accountRealmFromUserAgentzero length between brackets");
            return null;
        }
        for (int i = 0; i < split.length; i++) {
            if (split[i].indexOf(str2) != -1) {
                String[] split2 = split[i].split("[\\s]*:[\\s]*");
                if (split2.length < 2) {
                    if (!debug.warningEnabled()) {
                        return null;
                    }
                    debug.warning("WSFederationUtils.accountRealmFromUserAgentcan't see accountRealm in " + split[i]);
                    return null;
                }
                if (split2[0].equals(str2)) {
                    return split2[1];
                }
                if (!debug.warningEnabled()) {
                    return null;
                }
                debug.warning("WSFederationUtils.accountRealmFromUserAgentcan't understand " + split[i]);
                return null;
            }
        }
        return null;
    }

    public static String putReplyURL(String str) {
        String generateID = SAML2Utils.generateID();
        synchronized (wctxMap) {
            wctxMap.put(generateID, str);
        }
        return generateID;
    }

    public static String removeReplyURL(String str) {
        String str2;
        synchronized (wctxMap) {
            str2 = (String) wctxMap.remove(str);
        }
        return str2;
    }

    public static boolean isSignatureValid(Assertion assertion, String str, String str2) {
        boolean z;
        String assertion2 = assertion.toString(true, true);
        String assertionID = assertion.getAssertionID();
        try {
            X509Certificate verificationCert = KeyUtil.getVerificationCert(metaManager.getEntityDescriptor(str, str2), str2, true);
            XMLSignatureManager.getInstance();
            z = SigManager.getSigInstance().verify(assertion2, assertionID, Collections.singleton(verificationCert));
        } catch (SAML2Exception e) {
            z = false;
        } catch (WSFederationMetaException e2) {
            z = false;
        }
        if (!z) {
            String[] strArr = new String[3];
            strArr[0] = LogUtil.isErrorLoggable(Level.FINER) ? assertion2 : assertionID;
            strArr[1] = str;
            strArr[2] = str2;
            LogUtil.error(Level.INFO, LogUtil.INVALID_SIGNATURE_ASSERTION, strArr, null);
        }
        return z;
    }

    public static boolean isTimeValid(Assertion assertion, int i) {
        long currentTimeMillis = Time.currentTimeMillis();
        Date notOnorAfter = assertion.getConditions().getNotOnorAfter();
        String assertionID = assertion.getAssertionID();
        if (notOnorAfter == null) {
            String[] strArr = new String[1];
            strArr[0] = LogUtil.isErrorLoggable(Level.FINER) ? assertion.toString(true, true) : assertionID;
            LogUtil.error(Level.INFO, LogUtil.MISSING_CONDITIONS_NOT_ON_OR_AFTER, strArr, null);
            return false;
        }
        if (notOnorAfter.getTime() + (i * 1000) < currentTimeMillis) {
            String[] strArr2 = new String[4];
            strArr2[0] = LogUtil.isErrorLoggable(Level.FINER) ? assertion.toString(true, true) : assertionID;
            strArr2[1] = notOnorAfter.toString();
            strArr2[2] = Integer.toString(i);
            strArr2[3] = new Date(currentTimeMillis).toString();
            LogUtil.error(Level.INFO, LogUtil.ASSERTION_EXPIRED, strArr2, null);
            return false;
        }
        Date notBefore = assertion.getConditions().getNotBefore();
        if (notBefore == null) {
            String[] strArr3 = new String[1];
            strArr3[0] = LogUtil.isErrorLoggable(Level.FINER) ? assertion.toString(true, true) : assertionID;
            LogUtil.error(Level.INFO, LogUtil.MISSING_CONDITIONS_NOT_BEFORE, strArr3, null);
            return false;
        }
        if (notBefore.getTime() - (i * 1000) <= currentTimeMillis) {
            return true;
        }
        String[] strArr4 = new String[4];
        strArr4[0] = LogUtil.isErrorLoggable(Level.FINER) ? assertion.toString(true, true) : assertionID;
        strArr4[1] = notBefore.toString();
        strArr4[2] = Integer.toString(i);
        strArr4[3] = new Date(currentTimeMillis).toString();
        LogUtil.error(Level.INFO, LogUtil.ASSERTION_NOT_YET_VALID, strArr4, null);
        return false;
    }

    public static void processMultiProtocolLogout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) {
        debug.message("WSFederationUtils.processMPSingleLogout");
        try {
            String str = (String) httpServletRequest.getAttribute(WSFederationConstants.LOGOUT_WREPLY);
            String str2 = (String) httpServletRequest.getAttribute(WSFederationConstants.REALM_PARAM);
            String str3 = (String) httpServletRequest.getAttribute(WSFederationConstants.ENTITYID_PARAM);
            HashSet hashSet = new HashSet();
            hashSet.add(obj);
            if (SingleLogoutManager.getInstance().doIDPSingleLogout(hashSet, SessionManager.getProvider().getPrincipalName(obj), httpServletRequest, httpServletResponse, false, true, "wsfed", str2, str3, null, str, null, null, 0) != 3) {
                httpServletResponse.sendRedirect(str);
            }
        } catch (SessionException e) {
            debug.message("WSFederationUtils.processMultiProtocolLogout", e);
        } catch (IOException e2) {
            debug.message("WSFederationUtils.processMultiProtocolLogout", e2);
        } catch (Exception e3) {
            debug.message("WSFederationUtils.processMultiProtocolLogout", e3);
        }
    }

    public static boolean isWReplyURLValid(HttpServletRequest httpServletRequest, String str) {
        String metaAliasByUri = WSFederationMetaUtils.getMetaAliasByUri(httpServletRequest.getRequestURI());
        try {
            return isWReplyURLValid(metaAliasByUri, str, new WSFederationMetaManager().getRoleByMetaAlias(metaAliasByUri));
        } catch (WSFederationMetaException e) {
            debug.warning("Can't get metaManager.", e);
            return false;
        }
    }

    /* JADX WARN: Type inference failed for: r10v0, types: [java.lang.Throwable, com.sun.identity.wsfederation.common.WSFederationException] */
    public static boolean isWReplyURLValid(String str, String str2, String str3) {
        boolean z = false;
        if (str != null) {
            String realmByMetaAlias = WSFederationMetaUtils.getRealmByMetaAlias(str);
            try {
                String entityByMetaAlias = getMetaManager().getEntityByMetaAlias(str);
                if (entityByMetaAlias != null) {
                    validateWReplyURL(realmByMetaAlias, entityByMetaAlias, str2, str3);
                    z = true;
                }
            } catch (WSFederationException e) {
                if (debug.messageEnabled()) {
                    debug.message("WSFederationUtils.isWReplyURLValid(): wreply " + str2 + " for role " + str3 + " triggered an exception: " + e.getMessage(), (Throwable) e);
                }
                z = false;
            }
        }
        if (debug.messageEnabled()) {
            debug.message("WSFederationUtils.isWReplyURLValid(): wreply " + str2 + " for role " + str3 + " was valid? " + z);
        }
        return z;
    }

    public static void validateWReplyURL(String str, String str2, String str3, String str4) throws WSFederationException {
        if (str3 != null && !str3.isEmpty() && !WREPLY_VALIDATOR.isRedirectUrlValid(str3, ValidWReplyExtractor.WSFederationEntityInfo.from(str, str2, str4))) {
            throw new WSFederationException(bundle.getString("invalidWReplyUrl"));
        }
    }

    public static SAML11RequestedSecurityToken createSAML11Token(String str, String str2, String str3, Object obj, String str4, String str5, boolean z) throws WSFederationException {
        Date stringToDate;
        IDPSSOConfigElement iDPSSOConfig = metaManager.getIDPSSOConfig(str, str2);
        if (iDPSSOConfig == null) {
            debug.error("Cannot find configuration for IdP " + str2);
            throw new WSFederationException(bundle.getString("unableToFindIDPConfiguration"));
        }
        try {
            String str6 = sessionProvider.getProperty(obj, SessionProvider.AUTH_INSTANT)[0];
            IDPAttributeMapper iDPAttributeMapper = getIDPAttributeMapper(WSFederationMetaUtils.getAttributes(iDPSSOConfig));
            IDPAccountMapper iDPAccountMapper = getIDPAccountMapper(WSFederationMetaUtils.getAttributes(iDPSSOConfig));
            List attributes = iDPAttributeMapper.getAttributes(obj, str2, str3, str);
            if (StringUtils.isEmpty(str6)) {
                stringToDate = Time.newDate();
            } else {
                try {
                    stringToDate = DateUtils.stringToDate(str6);
                } catch (ParseException e) {
                    throw new WSFederationException(e);
                }
            }
            NameIdentifier nameID = iDPAccountMapper.getNameID(obj, str, str2, str3);
            int intAttribute = WSFederationMetaUtils.getIntAttribute(iDPSSOConfig, SAML2Constants.ASSERTION_NOTBEFORE_SKEW_ATTRIBUTE, 600);
            int intAttribute2 = WSFederationMetaUtils.getIntAttribute(iDPSSOConfig, SAML2Constants.ASSERTION_EFFECTIVE_TIME_ATTRIBUTE, 600);
            String attribute = WSFederationMetaUtils.getAttribute(iDPSSOConfig, "signingCertAlias");
            if (z && attribute == null) {
                debug.error("SP wants signed assertion, but no signing cert is configured");
                throw new WSFederationException(bundle.getString("noIdPCertAlias"));
            }
            if (!z) {
                attribute = null;
            }
            return new SAML11RequestedSecurityToken(str, str4, str2, intAttribute, intAttribute2, attribute, str5, stringToDate, nameID, attributes);
        } catch (SessionException e2) {
            throw new WSFederationException((Throwable) e2);
        }
    }

    private static IDPAccountMapper getIDPAccountMapper(Map<String, List<String>> map) throws WSFederationException {
        IDPAccountMapper iDPAccountMapper = null;
        List<String> list = map.get(SAML2Constants.IDP_ACCOUNT_MAPPER);
        if (list != null) {
            try {
                iDPAccountMapper = (IDPAccountMapper) Class.forName(list.get(0)).asSubclass(IDPAccountMapper.class).newInstance();
            } catch (ReflectiveOperationException e) {
                throw new WSFederationException(e);
            }
        }
        if (iDPAccountMapper == null) {
            throw new WSFederationException(bundle.getString("failedAcctMapper"));
        }
        return iDPAccountMapper;
    }

    private static IDPAttributeMapper getIDPAttributeMapper(Map<String, List<String>> map) throws WSFederationException {
        IDPAttributeMapper iDPAttributeMapper = null;
        List<String> list = map.get(SAML2Constants.IDP_ATTRIBUTE_MAPPER);
        if (list != null) {
            try {
                iDPAttributeMapper = (IDPAttributeMapper) Class.forName(list.get(0)).asSubclass(IDPAttributeMapper.class).newInstance();
            } catch (ReflectiveOperationException e) {
                throw new WSFederationException(e);
            }
        }
        if (iDPAttributeMapper == null) {
            throw new WSFederationException(bundle.getString("failedAttrMapper"));
        }
        return iDPAttributeMapper;
    }

    static {
        metaManager = null;
        sessionProvider = null;
        try {
            dsProvider = DataStoreProviderManager.getInstance().getDataStoreProvider(WSFederationConstants.WSFEDERATION);
            try {
                sessionProvider = SessionManager.getProvider();
                try {
                    metaManager = new WSFederationMetaManager();
                } catch (WSFederationMetaException e) {
                    debug.error("WSFederationUtils static initializer: Error getting meta service.", e);
                    throw new ExceptionInInitializerError((Throwable) e);
                }
            } catch (SessionException e2) {
                debug.error("WSFederationUtils static initializer: Error getting SessionProvider.", e2);
                throw new ExceptionInInitializerError((Throwable) e2);
            }
        } catch (DataStoreProviderException e3) {
            debug.error("WSFederationUtils static initializer: DataStoreProviderException : ", e3);
            throw new ExceptionInInitializerError((Throwable) e3);
        }
    }
}
