package com.sun.identity.multiprotocol;

import com.sun.identity.cot.CircleOfTrustManager;
import com.sun.identity.plugin.session.SessionException;
import com.sun.identity.plugin.session.SessionManager;
import com.sun.identity.plugin.session.SessionProvider;
import com.sun.identity.saml2.common.SAML2Constants;
import com.sun.identity.saml2.common.SAML2Exception;
import com.sun.identity.saml2.common.SAML2Utils;
import com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement;
import com.sun.identity.saml2.meta.SAML2MetaManager;
import com.sun.identity.saml2.profile.IDPCache;
import com.sun.identity.saml2.profile.IDPSession;
import com.sun.identity.saml2.profile.LogoutUtil;
import com.sun.identity.saml2.profile.NameIDandSPpair;
import com.sun.identity.shared.debug.Debug;
import java.net.URLEncoder;
import java.util.HashMap;
import java.util.List;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/sun/identity/multiprotocol/SAML2SingleLogoutHandler.class */
public class SAML2SingleLogoutHandler implements SingleLogoutHandler {
    private Debug debug;

    public SAML2SingleLogoutHandler() {
        this.debug = null;
        SingleLogoutManager.getInstance();
        this.debug = SingleLogoutManager.debug;
    }

    @Override // com.sun.identity.multiprotocol.SingleLogoutHandler
    public int doIDPSingleLogout(Set set, String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z, boolean z2, String str2, String str3, String str4, String str5, String str6, String str7, String str8, int i) throws Exception {
        SingleLogoutManager.getInstance();
        SingleLogoutManager.debug.message("SAML2SingleLogoutHandler.doIDPSingleLogout : start");
        if (!isSessionUsedInSAML2(set, str)) {
            this.debug.message("SAML2SingleLogoutHander.doIDPSLO : no action");
            return 4;
        }
        if (!z) {
            this.debug.message("SAML2SingleLogoutHandler.doIDPSLO : HTTP initiated SLO");
            String str9 = MultiProtocolUtils.geServerBaseURL(httpServletRequest) + "/IDPSloInit?" + SAML2Constants.BINDING + "=" + SAML2Constants.HTTP_REDIRECT + "&RelayState=" + URLEncoder.encode(str6, "UTF-8");
            if (this.debug.messageEnabled()) {
                this.debug.message("SAML2SingleLogoutHandler.doIDPSLO: HTTP init, redirect to " + str9);
            }
            httpServletResponse.sendRedirect(str9);
            return 3;
        }
        SAML2MetaManager sAML2MetaManager = new SAML2MetaManager();
        String findIDPMetaAlias = findIDPMetaAlias(str4, str5, str3, str2, sAML2MetaManager);
        if (findIDPMetaAlias == null) {
            return 4;
        }
        if (this.debug.messageEnabled()) {
            this.debug.message("SAML2SingleLogoutHandler: userID=" + str + ", session=" + set + ", isSOAInited=" + z + ", isIDPInited=" + z2 + ", protocol=" + str2 + ", relam=" + str3 + ", idpEntityID=" + str4 + ", spEntityID=" + str5 + ", status=" + i + "\nlogout Request XML=" + str7 + "\nlogout response XML=" + str8);
        }
        return handleSOAPInitiatedSingleLogout(set, str, httpServletRequest, httpServletResponse, str3, findIDPMetaAlias, sAML2MetaManager.getEntityByMetaAlias(findIDPMetaAlias), str6, sAML2MetaManager);
    }

    private String findIDPMetaAlias(String str, String str2, String str3, String str4, SAML2MetaManager sAML2MetaManager) {
        Set listCircleOfTrustMember;
        try {
            List allHostedIdentityProviderEntities = sAML2MetaManager.getAllHostedIdentityProviderEntities(str3);
            if (this.debug.messageEnabled()) {
                this.debug.message("SAML2SingleLogoutHandler.findIDPMetaAlias:  all hosted SAML2 IDPs = " + allHostedIdentityProviderEntities);
            }
            if (allHostedIdentityProviderEntities == null || allHostedIdentityProviderEntities.isEmpty()) {
                return null;
            }
            CircleOfTrustManager circleOfTrustManager = new CircleOfTrustManager();
            Set<String> allActiveCirclesOfTrust = circleOfTrustManager.getAllActiveCirclesOfTrust(str3);
            int size = allHostedIdentityProviderEntities.size();
            for (int i = 0; i < size; i++) {
                String str5 = (String) allHostedIdentityProviderEntities.get(i);
                for (String str6 : allActiveCirclesOfTrust) {
                    if (this.debug.messageEnabled()) {
                        this.debug.message("SAML2SLOHandler.findIDPMetaAlias:  check COT = " + str6);
                    }
                    Set listCircleOfTrustMember2 = circleOfTrustManager.listCircleOfTrustMember(str3, str6, "saml2");
                    if (listCircleOfTrustMember2 != null && listCircleOfTrustMember2.contains(str5) && (listCircleOfTrustMember = circleOfTrustManager.listCircleOfTrustMember(str3, str6, str4)) != null && listCircleOfTrustMember.contains(str) && (str2 == null || str2.length() == 0 || listCircleOfTrustMember.contains(str2))) {
                        if (SingleLogoutManager.debug.messageEnabled()) {
                            SingleLogoutManager.debug.message("SAML2SingleLogoutHandler.findIDPMetaAlias : found IDP " + str5 + " in COT " + str6);
                        }
                        return sAML2MetaManager.getIDPSSOConfig(str3, str5).getMetaAlias();
                    }
                }
            }
            return null;
        } catch (Exception e) {
            SingleLogoutManager.debug.error("SAML2SingleLogoutHandler.findIDPMetaAlias", e);
            return null;
        }
    }

    private boolean isSessionUsedInSAML2(Set set, String str) {
        if (set == null || set.isEmpty()) {
            return false;
        }
        return MultiProtocolUtils.usedInProtocol(set.iterator().next(), "saml2");
    }

    private int handleSOAPInitiatedSingleLogout(Set set, String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str2, String str3, String str4, String str5, SAML2MetaManager sAML2MetaManager) throws SAML2Exception, SessionException {
        this.debug.message("SAML2SingleLogoutHanlder: handleSOAPInitiatedSLO");
        SessionProvider provider = SessionManager.getProvider();
        if (set == null || set.isEmpty()) {
            return 4;
        }
        Object next = set.iterator().next();
        if (!provider.isValid(next)) {
            return 4;
        }
        if (this.debug.messageEnabled()) {
            this.debug.message("SAML2SLOHandler.handleSOAPSLO: handler session " + next + " for user " + str);
        }
        String[] property = provider.getProperty(next, SAML2Constants.IDP_SESSION_INDEX);
        if (this.debug.messageEnabled()) {
            this.debug.message("SAML2SLOHandler.handleSOAPSLO: session index = " + property);
        }
        if (property == null || property.length == 0) {
            if (!this.debug.warningEnabled()) {
                return 4;
            }
            this.debug.warning("SAML2SLOHandler.handleSOAPSLO: Null session index for " + next);
            return 4;
        }
        IDPSession iDPSession = IDPCache.idpSessionsByIndices.get(property[0]);
        if (iDPSession == null) {
            this.debug.error("SAML2SLOHanlder.handleSOAPSLO: IDP no longer has this session index " + property[0]);
            return 2;
        }
        List<NameIDandSPpair> nameIDandSPpairs = iDPSession.getNameIDandSPpairs();
        int size = nameIDandSPpairs.size();
        if (this.debug.messageEnabled()) {
            this.debug.message("SAML2SLOHanlder.handleSOAPSLO: NameIDandSPpair for " + property[0] + " is " + nameIDandSPpairs + ", size=" + size);
        }
        int i = 0;
        for (int i2 = 0; i2 < size; i2++) {
            NameIDandSPpair nameIDandSPpair = nameIDandSPpairs.get(i2);
            String sPEntityID = nameIDandSPpair.getSPEntityID();
            if (this.debug.messageEnabled()) {
                this.debug.message("SAML2SLOHanlder.handleSOAPSLO: SP for " + property[0] + " is " + sPEntityID);
            }
            List singleLogoutService = SAML2Utils.getSAML2MetaManager().getSPSSODescriptor(str2, sPEntityID).getSingleLogoutService();
            SPSSOConfigElement sPSSOConfig = SAML2Utils.getSAML2MetaManager().getSPSSOConfig(str2, sPEntityID);
            HashMap hashMap = new HashMap();
            hashMap.put(SAML2Constants.ROLE, SAML2Constants.IDP_ROLE);
            try {
                LogoutUtil.doLogout(str3, sPEntityID, singleLogoutService, null, SAML2Constants.SOAP, str5, property[0], nameIDandSPpair.getNameID(), httpServletRequest, httpServletResponse, hashMap, sPSSOConfig);
            } catch (SAML2Exception e) {
                this.debug.error("SAML2SLOHandler:handleSOAPSLO.doLogout", e);
                i++;
            }
        }
        int i3 = 0;
        if (i == size) {
            i3 = 2;
        } else if (i > 0) {
            i3 = 1;
        }
        MultiProtocolUtils.invalidateSession(next, httpServletRequest, httpServletResponse, "saml2");
        IDPCache.idpSessionsByIndices.remove(property[0]);
        IDPCache.authnContextCache.remove(property[0]);
        if (this.debug.messageEnabled()) {
            this.debug.message("SAML2SLOHandler.doSOAPSLO: return status for " + next + " is " + i3);
        }
        return i3;
    }
}
