package com.sun.identity.saml2.profile;

import com.sun.identity.plugin.monitoring.FedMonAgent;
import com.sun.identity.plugin.monitoring.FedMonSAML2Svc;
import com.sun.identity.plugin.monitoring.MonitorManager;
import com.sun.identity.plugin.session.SessionException;
import com.sun.identity.plugin.session.SessionListener;
import com.sun.identity.plugin.session.SessionManager;
import com.sun.identity.plugin.session.SessionProvider;
import com.sun.identity.saml2.assertion.NameID;
import com.sun.identity.saml2.common.SAML2Constants;
import com.sun.identity.saml2.common.SAML2Exception;
import com.sun.identity.saml2.common.SAML2FailoverUtils;
import com.sun.identity.saml2.common.SAML2Utils;
import com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement;
import com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement;
import com.sun.identity.saml2.logging.LogUtil;
import com.sun.identity.saml2.meta.SAML2MetaException;
import com.sun.identity.saml2.meta.SAML2MetaManager;
import com.sun.identity.saml2.meta.SAML2MetaUtils;
import com.sun.identity.shared.debug.Debug;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.logging.Level;
import org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException;

/* loaded from: input_file:com/sun/identity/saml2/profile/IDPSessionListener.class */
public class IDPSessionListener implements SessionListener {
    private static SAML2MetaManager sm;
    private static Debug debug = SAML2Utils.debug;
    private static FedMonAgent agent;
    private static FedMonSAML2Svc saml2Svc;

    @Override // com.sun.identity.plugin.session.SessionListener
    public void sessionInvalidated(Object obj) {
        HashMap hashMap = new HashMap();
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("IDPSessionListener.sessionInvalidated: Entering ...");
        }
        if (obj == null) {
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message("IDPSessionListener.sessionInvalidated: Session is null.");
                return;
            }
            return;
        }
        try {
            SessionProvider provider = SessionManager.getProvider();
            String[] property = provider.getProperty(obj, SAML2Constants.IDP_SESSION_INDEX);
            if (property == null || property.length == 0) {
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.message("IDPSessionListener.sessionInvalidated: No sessionIndex stored in session.");
                    return;
                }
                return;
            }
            String str = property[0];
            if (str == null || str.length() == 0) {
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.message("IDPSessionListener.sessionInvalidated: No sessionIndex stored in session.");
                    return;
                }
                return;
            }
            IDPSession iDPSession = IDPCache.idpSessionsByIndices.get(str);
            if (iDPSession != null) {
                hashMap.put(SAML2Constants.ROLE, SAML2Constants.IDP_ROLE);
                String metaAlias = iDPSession.getMetaAlias();
                String realm = SAML2Utils.getRealm(SAML2MetaUtils.getRealmByMetaAlias(metaAlias));
                String entityByMetaAlias = sm.getEntityByMetaAlias(metaAlias);
                try {
                    for (NameIDandSPpair nameIDandSPpair : iDPSession.getNameIDandSPpairs()) {
                        String sPEntityID = nameIDandSPpair.getSPEntityID();
                        NameID nameID = nameIDandSPpair.getNameID();
                        IDPSSOConfigElement iDPSSOConfig = sm.getIDPSSOConfig(realm, entityByMetaAlias);
                        if (iDPSSOConfig != null) {
                            List<String> list = SAML2MetaUtils.getAttributes(iDPSSOConfig).get(SAML2Constants.IDP_SESSION_SYNC_ENABLED);
                            if (entityByMetaAlias != null && sPEntityID != null && list != null && list.size() != 0) {
                                if (list.get(0).equals("true")) {
                                    if (SAML2Utils.debug.messageEnabled()) {
                                        SAML2Utils.debug.message("IDPSessionListener.sessionInvalidated: IDP Session Synchronization flag is enabled, initiating SLO to SP");
                                    }
                                    initiateIDPSingleLogout(str, metaAlias, realm, SAML2Constants.SOAP, nameID, sPEntityID, hashMap);
                                }
                            }
                        } else if (SAML2Utils.debug.messageEnabled()) {
                            SAML2Utils.debug.message("IDPSessionListener.sessionInvalidated: Unable to retrieve the IDP config data, idpConfig is null");
                        }
                    }
                } catch (SessionException e) {
                    SAML2Utils.debug.error("IDPSessionListener.sessionInvalidated:", e);
                } catch (SAML2MetaException e2) {
                    SAML2Utils.debug.error("IDPSessionListener.sessionInvalidated:", e2);
                } catch (SAML2Exception e3) {
                    SAML2Utils.debug.error("IDPSessionListener.sessionInvalidated:", e3);
                }
                synchronized (IDPCache.idpSessionsByIndices) {
                    Iterator<NameIDandSPpair> it = iDPSession.getNameIDandSPpairs().iterator();
                    while (it.hasNext()) {
                        NameID nameID2 = it.next().getNameID();
                        if (SAML2Constants.NAMEID_TRANSIENT_FORMAT.equals(nameID2.getFormat())) {
                            IDPCache.userIDByTransientNameIDValue.remove(nameID2.getValue());
                        }
                    }
                }
            } else if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message("IDPSessionListener.sessionInvalidated: IDP Session with session index " + str + " already removed.");
            }
            IDPCache.idpSessionsByIndices.remove(str);
            IDPCache.authnContextCache.remove(str);
            String sessionID = provider.getSessionID(obj);
            if (IDPCache.idpSessionsBySessionID.get(sessionID) != null) {
                IDPCache.idpSessionsBySessionID.remove(sessionID);
                if (agent != null && agent.isRunning() && saml2Svc != null) {
                    saml2Svc.setIdpSessionCount(IDPCache.idpSessionsBySessionID.size());
                }
            }
            if (IDPCache.spSessionPartnerBySessionID.get(sessionID) != null) {
                IDPCache.spSessionPartnerBySessionID.remove(sessionID);
            }
            try {
                if (SAML2FailoverUtils.isSAML2FailoverEnabled()) {
                    SAML2FailoverUtils.deleteSAML2Token(str);
                }
            } catch (SAML2TokenRepositoryException e4) {
                SAML2Utils.debug.error("IDPSessionListener.sessionInvalidated: SAML2 Token Repository error, sessionIndex:" + str, e4);
            }
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message("IDPSessionListener.sessionInvalidated: cleaned up the IDP session cache for a session expiring or being destroyed: sessionIndex=" + str);
            }
        } catch (SessionException e5) {
            if (SAML2Utils.debug.warningEnabled()) {
                SAML2Utils.debug.warning("IDPSessionListener.sessionInvalidated: invalid or expired session.", e5);
            }
        } catch (SAML2MetaException e6) {
            if (SAML2Utils.debug.warningEnabled()) {
                SAML2Utils.debug.warning("IDPSessionListener.sessionInvalidated: unable to retrieve idp entity id.", e6);
            }
        }
    }

    private void initiateIDPSingleLogout(String str, String str2, String str3, String str4, NameID nameID, String str5, Map map) throws SAML2MetaException, SAML2Exception, SessionException {
        SPSSODescriptorElement sPSSODescriptor = sm.getSPSSODescriptor(str3, str5);
        if (sPSSODescriptor == null) {
            LogUtil.error(Level.INFO, LogUtil.SP_METADATA_ERROR, new String[]{str5}, null);
            throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
        }
        List singleLogoutService = sPSSODescriptor.getSingleLogoutService();
        if (LogoutUtil.getSLOServiceLocation(singleLogoutService, SAML2Constants.SOAP) != null) {
            LogoutUtil.doLogout(str2, str5, singleLogoutService, null, str4, null, str, nameID, null, null, map, sm.getSPSSOConfig(str3, str5));
        } else if (debug.messageEnabled()) {
            debug.message("IDPSessionListener.initiateIDPSingleLogout(): Unable to synchronize sessions with SP \"" + str5 + "\" since the SP does not have SOAP SLO endpoint specified in its metadata");
        }
    }

    static {
        sm = null;
        try {
            sm = new SAML2MetaManager();
        } catch (SAML2MetaException e) {
            debug.error("Error retreiving metadata", e);
        }
        agent = MonitorManager.getAgent();
        saml2Svc = MonitorManager.getSAML2Svc();
    }
}
