package com.sun.identity.saml2.profile;

import com.sun.identity.plugin.datastore.DataStoreProvider;
import com.sun.identity.plugin.datastore.DataStoreProviderException;
import com.sun.identity.saml.xmlsig.KeyProvider;
import com.sun.identity.saml2.assertion.Assertion;
import com.sun.identity.saml2.assertion.AssertionFactory;
import com.sun.identity.saml2.assertion.Attribute;
import com.sun.identity.saml2.assertion.AttributeStatement;
import com.sun.identity.saml2.assertion.Conditions;
import com.sun.identity.saml2.assertion.EncryptedAssertion;
import com.sun.identity.saml2.assertion.EncryptedID;
import com.sun.identity.saml2.assertion.Issuer;
import com.sun.identity.saml2.assertion.NameID;
import com.sun.identity.saml2.assertion.Subject;
import com.sun.identity.saml2.common.SAML2Constants;
import com.sun.identity.saml2.common.SAML2Exception;
import com.sun.identity.saml2.common.SAML2SDKUtils;
import com.sun.identity.saml2.common.SAML2Utils;
import com.sun.identity.saml2.common.SOAPCommunicator;
import com.sun.identity.saml2.jaxb.assertion.AttributeElement;
import com.sun.identity.saml2.jaxb.assertion.AttributeValueElement;
import com.sun.identity.saml2.jaxb.entityconfig.AttributeQueryConfigElement;
import com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement;
import com.sun.identity.saml2.jaxb.metadata.AttributeServiceElement;
import com.sun.identity.saml2.jaxb.metadataextquery.AttributeQueryDescriptorElement;
import com.sun.identity.saml2.key.EncInfo;
import com.sun.identity.saml2.key.KeyUtil;
import com.sun.identity.saml2.meta.SAML2MetaException;
import com.sun.identity.saml2.meta.SAML2MetaManager;
import com.sun.identity.saml2.meta.SAML2MetaUtils;
import com.sun.identity.saml2.plugins.AttributeAuthorityMapper;
import com.sun.identity.saml2.protocol.AttributeQuery;
import com.sun.identity.saml2.protocol.ProtocolFactory;
import com.sun.identity.saml2.protocol.Response;
import com.sun.identity.saml2.protocol.Status;
import com.sun.identity.saml2.protocol.StatusCode;
import com.sun.identity.saml2.xmlenc.EncManager;
import com.sun.identity.wsfederation.common.WSFederationConstants;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.crypto.SecretKey;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.soap.SOAPException;
import org.forgerock.openam.utils.Time;

/* loaded from: input_file:com/sun/identity/saml2/profile/AttributeQueryUtil.class */
public class AttributeQueryUtil {
    private static final String DEFAULT_ATTRIBUTE_NAME_FORMAT = "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified";
    static DataStoreProvider dsProvider;
    static KeyProvider keyProvider = KeyUtil.getKeyProviderInstance();
    static Hashtable attrAuthorityMapperCache = new Hashtable();
    static SAML2MetaManager metaManager = SAML2Utils.getSAML2MetaManager();

    private AttributeQueryUtil() {
    }

    public static Response sendAttributeQuery(AttributeQuery attributeQuery, String str, String str2, String str3, String str4, String str5) throws SAML2Exception {
        try {
            AttributeAuthorityDescriptorElement attributeAuthorityDescriptor = metaManager.getAttributeAuthorityDescriptor(str2, str);
            if (attributeAuthorityDescriptor == null) {
                throw new SAML2Exception(SAML2Utils.bundle.getString("attrAuthorityNotFound"));
            }
            if (str5 == null) {
                throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedBinding"));
            }
            String findLocation = findLocation(attributeAuthorityDescriptor, str5, str3, str4);
            if (findLocation == null) {
                throw new SAML2Exception(SAML2Utils.bundle.getString("attrAuthorityNotFound"));
            }
            if (!str5.equalsIgnoreCase(SAML2Constants.SOAP)) {
                throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedBinding"));
            }
            signAttributeQuery(attributeQuery, str2, true);
            return sendAttributeQuerySOAP(attributeQuery, findLocation, str, attributeAuthorityDescriptor);
        } catch (SAML2MetaException e) {
            SAML2Utils.debug.error("AttributeQueryUtil.sendAttributeQuery:", e);
            throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
        }
    }

    public static void sendAttributeQuery(AttributeQuery attributeQuery, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, String str3, String str4, String str5) throws SAML2Exception {
        try {
            AttributeAuthorityDescriptorElement attributeAuthorityDescriptor = metaManager.getAttributeAuthorityDescriptor(str2, str);
            if (attributeAuthorityDescriptor == null) {
                throw new SAML2Exception(SAML2Utils.bundle.getString("attrAuthorityNotFound"));
            }
            if (str5 == null) {
                throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedBinding"));
            }
            String findLocation = findLocation(attributeAuthorityDescriptor, str5, str3, str4);
            if (findLocation == null) {
                throw new SAML2Exception(SAML2Utils.bundle.getString("attrAuthorityNotFound"));
            }
            if (!str5.equalsIgnoreCase(SAML2Constants.HTTP_POST)) {
                throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedBinding"));
            }
            signAttributeQuery(attributeQuery, str2, false);
            SAML2Utils.postToTarget(httpServletRequest, httpServletResponse, "SAMLRequest", SAML2Utils.encodeForPOST(attributeQuery.toXMLString(true, true)), null, null, findLocation);
        } catch (SAML2MetaException e) {
            SAML2Utils.debug.error("AttributeQueryUtil.sendAttributeQuery:", e);
            throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
        }
    }

    /* JADX WARN: Type inference failed for: r15v0, types: [java.lang.Throwable, com.sun.identity.saml2.common.SAML2Exception] */
    /* JADX WARN: Type inference failed for: r15v1, types: [java.lang.Throwable, com.sun.identity.saml2.common.SAML2Exception] */
    /* JADX WARN: Type inference failed for: r19v0, types: [java.lang.Throwable, com.sun.identity.saml2.common.SAML2Exception] */
    /* JADX WARN: Type inference failed for: r25v0, types: [java.lang.Throwable, com.sun.identity.saml2.common.SAML2Exception] */
    /* JADX WARN: Type inference failed for: r27v1, types: [java.lang.Throwable, com.sun.identity.saml2.common.SAML2Exception] */
    public static Response processAttributeQuery(AttributeQuery attributeQuery, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, String str3) throws SAML2Exception {
        AttributeAuthorityMapper attributeAuthorityMapper = getAttributeAuthorityMapper(str2, str, str3);
        getAttributeQueryProfile(str3);
        try {
            attributeAuthorityMapper.authenticateRequester(httpServletRequest, httpServletResponse, attributeQuery, str, str2);
            try {
                attributeAuthorityMapper.validateAttributeQuery(httpServletRequest, httpServletResponse, attributeQuery, str, str2);
                String value = attributeQuery.getIssuer().getValue();
                try {
                    AttributeAuthorityDescriptorElement attributeAuthorityDescriptor = metaManager.getAttributeAuthorityDescriptor(str2, str);
                    if (attributeAuthorityDescriptor == null) {
                        return SAML2Utils.getErrorResponse(attributeQuery, SAML2Constants.REQUESTER, null, SAML2Utils.bundle.getString("attrAuthorityNotFound"), null);
                    }
                    try {
                        Object identity = attributeAuthorityMapper.getIdentity(httpServletRequest, httpServletResponse, attributeQuery, str, str2);
                        if (identity == null) {
                            if (SAML2Utils.debug.messageEnabled()) {
                                SAML2Utils.debug.message("AttributeQueryUtil.processAttributeQuery: unable to find identity.");
                            }
                            return SAML2Utils.getErrorResponse(attributeQuery, SAML2Constants.REQUESTER, SAML2Constants.UNKNOWN_PRINCIPAL, null, null);
                        }
                        List list = (List) httpServletRequest.getAttribute("AttributeQueryUtil-desiredAttrs");
                        if (list == null) {
                            list = attributeQuery.getAttributes();
                        }
                        try {
                            List<Attribute> verifyDesiredAttributes = verifyDesiredAttributes(attributeAuthorityDescriptor.getAttribute(), list);
                            List attributes = attributeAuthorityMapper.getAttributes(identity, attributeQuery, str, str2);
                            if (httpServletRequest.getAttribute("AttributeQueryUtil-storeAllAttributes") != null) {
                                httpServletRequest.setAttribute("AttributeQueryUtil-allAttributes", attributes);
                            }
                            List<Attribute> filterAttributes = filterAttributes(attributes, verifyDesiredAttributes);
                            ProtocolFactory protocolFactory = ProtocolFactory.getInstance();
                            Response createResponse = protocolFactory.createResponse();
                            ArrayList arrayList = new ArrayList();
                            try {
                                Assertion assertion = getAssertion(attributeQuery, str, value, str2, str3, filterAttributes);
                                EncryptedID encryptedID = attributeQuery.getSubject().getEncryptedID();
                                if (encryptedID != null) {
                                    try {
                                        signAssertion(assertion, str2, str, true);
                                        arrayList.add(encryptAssertion(assertion, encryptedID, str, value, str2, str3));
                                        createResponse.setEncryptedAssertion(arrayList);
                                    } catch (SAML2Exception e) {
                                        if (SAML2Utils.debug.messageEnabled()) {
                                            SAML2Utils.debug.message("AttributeQueryUtil.processAttributeQuery:", (Throwable) e);
                                        }
                                        return SAML2Utils.getErrorResponse(attributeQuery, SAML2Constants.RESPONDER, null, e.getMessage(), null);
                                    }
                                } else {
                                    arrayList.add(assertion);
                                    createResponse.setAssertion(arrayList);
                                }
                                createResponse.setID(SAML2Utils.generateID());
                                createResponse.setInResponseTo(attributeQuery.getID());
                                createResponse.setVersion(SAML2Constants.VERSION_2_0);
                                createResponse.setIssueInstant(Time.newDate());
                                Status createStatus = protocolFactory.createStatus();
                                StatusCode createStatusCode = protocolFactory.createStatusCode();
                                createStatusCode.setValue(SAML2Constants.SUCCESS);
                                createStatus.setStatusCode(createStatusCode);
                                createResponse.setStatus(createStatus);
                                Issuer createIssuer = AssertionFactory.getInstance().createIssuer();
                                createIssuer.setValue(str);
                                createResponse.setIssuer(createIssuer);
                                signResponse(createResponse, str, str2, true);
                                return createResponse;
                            } catch (SAML2Exception e2) {
                                if (SAML2Utils.debug.messageEnabled()) {
                                    SAML2Utils.debug.message("AttributeQueryUtil.processAttributeQuery:", (Throwable) e2);
                                }
                                return SAML2Utils.getErrorResponse(attributeQuery, SAML2Constants.RESPONDER, null, e2.getMessage(), null);
                            }
                        } catch (SAML2Exception e3) {
                            return SAML2Utils.getErrorResponse(attributeQuery, SAML2Constants.REQUESTER, SAML2Constants.INVALID_ATTR_NAME_OR_VALUE, null, null);
                        }
                    } catch (SAML2Exception e4) {
                        if (SAML2Utils.debug.messageEnabled()) {
                            SAML2Utils.debug.message("AttributeQueryUtil.processAttributeQuery: ", (Throwable) e4);
                        }
                        return SAML2Utils.getErrorResponse(attributeQuery, SAML2Constants.REQUESTER, SAML2Constants.UNKNOWN_PRINCIPAL, e4.getMessage(), null);
                    }
                } catch (SAML2MetaException e5) {
                    SAML2Utils.debug.error("AttributeQueryUtil.processAttributeQuery:", e5);
                    return SAML2Utils.getErrorResponse(attributeQuery, SAML2Constants.RESPONDER, null, SAML2Utils.bundle.getString("metaDataError"), null);
                }
            } catch (SAML2Exception e6) {
                SAML2Utils.debug.error("AttributeQueryUtil.processAttributeQuery:", (Throwable) e6);
                return SAML2Utils.getErrorResponse(attributeQuery, SAML2Constants.REQUESTER, null, e6.getMessage(), null);
            }
        } catch (SAML2Exception e7) {
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message("AttributeQueryUtil.processAttributeQuery: ", (Throwable) e7);
            }
            return SAML2Utils.getErrorResponse(attributeQuery, SAML2Constants.REQUESTER, null, e7.getMessage(), null);
        }
    }

    public static String getAttributeQueryProfile(String str) {
        if (str == null) {
            return null;
        }
        if (str.equals("default")) {
            return SAML2Constants.DEFAULT_ATTR_QUERY_PROFILE;
        }
        if (str.equals(SAML2Constants.X509_SUBJECT_ATTR_QUERY_PROFILE_ALIAS)) {
            return SAML2Constants.X509_SUBJECT_ATTR_QUERY_PROFILE;
        }
        return null;
    }

    private static void signAttributeQuery(AttributeQuery attributeQuery, String str, boolean z) throws SAML2Exception {
        String signingCertAlias = SAML2Utils.getSigningCertAlias(str, attributeQuery.getIssuer().getValue(), SAML2Constants.ATTR_QUERY_ROLE);
        PrivateKey privateKey = keyProvider.getPrivateKey(signingCertAlias);
        if (privateKey == null) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("missingSigningCertAlias"));
        }
        X509Certificate x509Certificate = null;
        if (z) {
            x509Certificate = keyProvider.getX509Certificate(signingCertAlias);
        }
        if (privateKey != null) {
            attributeQuery.sign(privateKey, x509Certificate);
        }
    }

    public static void validateEntityRequester(AttributeQuery attributeQuery, String str, String str2) throws SAML2Exception {
        Issuer issuer = attributeQuery.getIssuer();
        String format = issuer.getFormat();
        if (format != null && format.length() != 0 && !format.equals(SAML2Constants.UNSPECIFIED) && !format.equals(SAML2Constants.ENTITY)) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("attrQueryIssuerInvalid"));
        }
        issuer.getValue();
        if (!SAML2Utils.isSourceSiteValid(issuer, str2, str)) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("attrQueryIssuerInvalid"));
        }
    }

    public static void verifyAttrQuerySignature(AttributeQuery attributeQuery, String str, String str2) throws SAML2Exception {
        if (!attributeQuery.isSigned()) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("attrQueryNotSigned"));
        }
        String value = attributeQuery.getIssuer().getValue();
        AttributeQueryDescriptorElement attributeQueryDescriptor = metaManager.getAttributeQueryDescriptor(str2, value);
        if (attributeQueryDescriptor == null) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("attrQueryIssuerNotFound"));
        }
        Set<X509Certificate> verificationCerts = KeyUtil.getVerificationCerts(attributeQueryDescriptor, value, SAML2Constants.ATTR_QUERY_ROLE);
        if (verificationCerts.isEmpty()) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("missingSigningCertAlias"));
        }
        boolean isSignatureValid = attributeQuery.isSignatureValid(verificationCerts);
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("AttributeQueryUtil.verifyAttributeQuery: Signature validity is : " + isSignatureValid);
        }
        if (!isSignatureValid) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSignatureAttrQuery"));
        }
    }

    /* JADX WARN: Type inference failed for: r15v0, types: [java.lang.Throwable, com.sun.identity.plugin.datastore.DataStoreProviderException] */
    public static String getIdentityFromDataStoreX509Subject(AttributeQuery attributeQuery, String str, String str2) throws SAML2Exception {
        Subject subject = attributeQuery.getSubject();
        EncryptedID encryptedID = subject.getEncryptedID();
        NameID decrypt = encryptedID != null ? encryptedID.decrypt(KeyUtil.getDecryptionKeys(str2, str, SAML2Constants.ATTR_AUTH_ROLE)) : subject.getNameID();
        if (!SAML2Constants.X509_SUBJECT_NAME.equals(decrypt.getFormat())) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedAttrQuerySubjectNameID"));
        }
        String attributeValueFromAttrAuthorityConfig = getAttributeValueFromAttrAuthorityConfig(str2, str, SAML2Constants.X509_SUBJECT_DATA_STORE_ATTR_NAME);
        if (attributeValueFromAttrAuthorityConfig == null || attributeValueFromAttrAuthorityConfig.length() == 0) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("x509SubjectMappingNotConfigured"));
        }
        String value = decrypt.getValue();
        HashMap hashMap = new HashMap();
        HashSet hashSet = new HashSet();
        hashSet.add(value);
        hashMap.put(attributeValueFromAttrAuthorityConfig, hashSet);
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("AttributeQueryUtil.getIdentityFromDataStoreX509Subject: mappingAttrName = " + attributeValueFromAttrAuthorityConfig + ", X509 subject DN = " + value);
        }
        try {
            return dsProvider.getUserID(str2, hashMap);
        } catch (DataStoreProviderException e) {
            SAML2Utils.debug.error("AttributeQueryUtil.getIdentityFromDataStoreX509Subject:", (Throwable) e);
            throw new SAML2Exception(e.getMessage());
        }
    }

    /* JADX WARN: Type inference failed for: r16v0, types: [java.lang.Throwable, com.sun.identity.plugin.datastore.DataStoreProviderException] */
    /* JADX WARN: Type inference failed for: r21v1, types: [java.lang.Throwable, com.sun.identity.plugin.datastore.DataStoreProviderException] */
    public static String getIdentity(AttributeQuery attributeQuery, String str, String str2) throws SAML2Exception {
        int indexOf;
        Subject subject = attributeQuery.getSubject();
        EncryptedID encryptedID = subject.getEncryptedID();
        NameID decrypt = encryptedID != null ? encryptedID.decrypt(KeyUtil.getDecryptionKeys(str2, str, SAML2Constants.ATTR_AUTH_ROLE)) : subject.getNameID();
        String format = decrypt.getFormat();
        if (SAML2Constants.NAMEID_TRANSIENT_FORMAT.equals(format)) {
            return (String) IDPCache.userIDByTransientNameIDValue.get(decrypt.getValue());
        }
        if (!SAML2Constants.UNSPECIFIED.equals(format)) {
            try {
                return dsProvider.getUserID(str2, SAML2Utils.getNameIDKeyMap(decrypt, str, attributeQuery.getIssuer().getValue(), str2, SAML2Constants.IDP_ROLE));
            } catch (DataStoreProviderException e) {
                SAML2Utils.debug.error("AttributeQueryUtil.getIdentityFromDataStore:", (Throwable) e);
                throw new SAML2Exception(e.getMessage());
            }
        }
        HashMap hashMap = new HashMap();
        HashSet hashSet = new HashSet();
        hashSet.add(decrypt.getValue());
        String str3 = WSFederationConstants.UID;
        Iterator<String> it = SAML2MetaUtils.getAttributes(SAML2Utils.getSAML2MetaManager().getIDPSSOConfig(str2, str)).get(SAML2Constants.NAME_ID_FORMAT_MAP).iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            String next = it.next();
            if (next != null && next.length() > 2 && next.startsWith(format) && (indexOf = next.indexOf(61)) != -1 && indexOf < next.length() - 2) {
                str3 = next.substring(indexOf + 1);
                SAML2Utils.debug.message("AttributeQueryUtil.getIdentity: NameID attribute from map: " + str3);
                break;
            }
        }
        hashMap.put(str3, hashSet);
        try {
            return dsProvider.getUserID(str2, hashMap);
        } catch (DataStoreProviderException e2) {
            SAML2Utils.debug.error("AttributeQueryUtil.getIdentityFromDataStore1:", (Throwable) e2);
            throw new SAML2Exception(e2.getMessage());
        }
    }

    public static List getUserAttributes(String str, AttributeQuery attributeQuery, String str2, String str3) throws SAML2Exception {
        Map configAttributeMap = SAML2Utils.getConfigAttributeMap(str3, attributeQuery.getIssuer().getValue(), SAML2Constants.SP_ROLE);
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("AttributeQueryUtil.getUserAttributes: remote SP attribute map = " + configAttributeMap);
        }
        if (configAttributeMap == null || configAttributeMap.isEmpty()) {
            configAttributeMap = SAML2Utils.getConfigAttributeMap(str3, str2, SAML2Constants.IDP_ROLE);
            if (configAttributeMap == null || configAttributeMap.isEmpty()) {
                if (!SAML2Utils.debug.messageEnabled()) {
                    return null;
                }
                SAML2Utils.debug.message("AttributeQueryUtil.getUserAttributes:Configuration map is not defined.");
                return null;
            }
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message("AttributeQueryUtil.getUserAttributes: hosted IDP attribute map=" + configAttributeMap);
            }
        }
        ArrayList arrayList = new ArrayList();
        HashSet hashSet = new HashSet();
        hashSet.addAll(configAttributeMap.values());
        Map<String, Set<String>> map = null;
        try {
            map = dsProvider.getAttributes(str, hashSet);
        } catch (DataStoreProviderException e) {
            if (SAML2Utils.debug.warningEnabled()) {
                SAML2Utils.debug.warning("AttributeQueryUtil.getUserAttributes:", e);
            }
        }
        for (String str4 : configAttributeMap.keySet()) {
            String str5 = (String) configAttributeMap.get(str4);
            String[] strArr = null;
            if (map != null && !map.isEmpty()) {
                Set<String> set = map.get(str5);
                if (set != null && !set.isEmpty()) {
                    strArr = (String[]) set.toArray(new String[set.size()]);
                } else if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.message("AttributeQueryUtil.getUserAttributes: user profile does not have value for " + str5);
                }
            }
            if (strArr != null && strArr.length != 0) {
                arrayList.add(SAML2Utils.getSAMLAttribute(str4, strArr));
            } else if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message("AttributeQueryUtil.getUserAttributes: user does not have " + str5);
            }
        }
        return arrayList;
    }

    public static void signResponse(Response response, String str, String str2, boolean z) throws SAML2Exception {
        String signingCertAlias = SAML2Utils.getSigningCertAlias(str2, str, SAML2Constants.ATTR_AUTH_ROLE);
        PrivateKey privateKey = keyProvider.getPrivateKey(signingCertAlias);
        if (privateKey == null) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("missingSigningCertAlias"));
        }
        X509Certificate x509Certificate = null;
        if (z) {
            x509Certificate = keyProvider.getX509Certificate(signingCertAlias);
        }
        if (privateKey != null) {
            response.sign(privateKey, x509Certificate);
        }
    }

    private static Assertion getAssertion(AttributeQuery attributeQuery, String str, String str2, String str3, String str4, List list) throws SAML2Exception {
        AssertionFactory assertionFactory = AssertionFactory.getInstance();
        Assertion createAssertion = assertionFactory.createAssertion();
        createAssertion.setID(SAML2Utils.generateID());
        createAssertion.setVersion(SAML2Constants.VERSION_2_0);
        createAssertion.setIssueInstant(Time.newDate());
        Issuer createIssuer = assertionFactory.createIssuer();
        createIssuer.setValue(str);
        createAssertion.setIssuer(createIssuer);
        Subject subject = attributeQuery.getSubject();
        Subject createSubject = assertionFactory.createSubject();
        createSubject.setEncryptedID(subject.getEncryptedID());
        createSubject.setNameID(subject.getNameID());
        createSubject.setBaseID(subject.getBaseID());
        createSubject.setSubjectConfirmation(subject.getSubjectConfirmation());
        createAssertion.setSubject(createSubject);
        if (list != null && !list.isEmpty()) {
            AttributeStatement createAttributeStatement = assertionFactory.createAttributeStatement();
            createAttributeStatement.setAttribute(list);
            ArrayList arrayList = new ArrayList();
            arrayList.add(createAttributeStatement);
            createAssertion.setAttributeStatements(arrayList);
        }
        createAssertion.setConditions(IDPSSOUtil.getConditions(str2, IDPSSOUtil.getNotBeforeSkewTime(str3, str), IDPSSOUtil.getEffectiveTime(str3, str)));
        return createAssertion;
    }

    private static void signAssertion(Assertion assertion, String str, String str2, boolean z) throws SAML2Exception {
        String signingCertAlias = SAML2Utils.getSigningCertAlias(str, str2, SAML2Constants.ATTR_AUTH_ROLE);
        PrivateKey privateKey = keyProvider.getPrivateKey(signingCertAlias);
        X509Certificate x509Certificate = null;
        if (z) {
            x509Certificate = keyProvider.getX509Certificate(signingCertAlias);
        }
        if (privateKey != null) {
            assertion.sign(privateKey, x509Certificate);
        }
    }

    private static EncryptedAssertion encryptAssertion(Assertion assertion, EncryptedID encryptedID, String str, String str2, String str3, String str4) throws SAML2Exception {
        SecretKey secretKey = EncManager.getEncInstance().getSecretKey(encryptedID.toXMLString(true, true), KeyUtil.getDecryptionKeys(str3, str, SAML2Constants.ATTR_AUTH_ROLE));
        EncInfo encInfo = KeyUtil.getEncInfo(metaManager.getAttributeQueryDescriptor(str3, str2), str2, SAML2Constants.ATTR_QUERY_ROLE);
        return AssertionFactory.getInstance().createEncryptedAssertion(EncManager.getEncInstance().encrypt(assertion.toXMLString(true, true), encInfo.getWrappingKey(), secretKey, encInfo.getDataEncAlgorithm(), encInfo.getDataEncStrength(), str2, SAML2SDKUtils.ENCRYPTED_ASSERTION));
    }

    private static List<Attribute> verifyDesiredAttributes(List<AttributeElement> list, List<Attribute> list2) throws SAML2Exception {
        if (list == null || list.isEmpty()) {
            return list2;
        }
        if (list2 == null || list2.isEmpty()) {
            return convertAttributes(list);
        }
        for (Attribute attribute : list2) {
            boolean z = false;
            Iterator<AttributeElement> it = list.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                AttributeElement next = it.next();
                if (isSameAttribute(attribute, next)) {
                    if (!isValueValid(attribute, next)) {
                        throw new SAML2Exception("Attribute value not supported");
                    }
                    z = true;
                    it.remove();
                }
            }
            if (!z) {
                throw new SAML2Exception("Attribute name not supported");
            }
        }
        return list2;
    }

    private static List convertAttributes(List list) throws SAML2Exception {
        ArrayList arrayList = new ArrayList();
        Iterator it = list.iterator();
        while (it.hasNext()) {
            AttributeElement attributeElement = (AttributeElement) it.next();
            Attribute createAttribute = AssertionFactory.getInstance().createAttribute();
            createAttribute.setName(attributeElement.getName());
            createAttribute.setNameFormat(attributeElement.getNameFormat());
            createAttribute.setFriendlyName(attributeElement.getFriendlyName());
            List attributeValue = attributeElement.getAttributeValue();
            if (attributeValue != null && !attributeValue.isEmpty()) {
                ArrayList arrayList2 = new ArrayList();
                Iterator it2 = attributeValue.iterator();
                while (it2.hasNext()) {
                    List content = ((AttributeValueElement) it.next()).getContent();
                    if (content != null && !content.isEmpty()) {
                        arrayList2.add(content.get(0));
                    }
                }
                if (!arrayList2.isEmpty()) {
                    createAttribute.setAttributeValueString(arrayList2);
                }
            }
            arrayList.add(createAttribute);
        }
        return arrayList;
    }

    private static List<Attribute> filterAttributes(List<Attribute> list, List<Attribute> list2) {
        if (list == null || list.isEmpty()) {
            SAML2Utils.debug.message("AttributeQueryUtil.filterAttributes: attributes are null");
            return list;
        }
        if (list2 == null || list2.isEmpty()) {
            SAML2Utils.debug.message("AttributeQueryUtil.filterAttributes: desired attributes are null");
            return list;
        }
        ArrayList arrayList = new ArrayList();
        if (!list2.isEmpty()) {
            for (Attribute attribute : list2) {
                Iterator<Attribute> it = list.iterator();
                while (true) {
                    if (it.hasNext()) {
                        Attribute next = it.next();
                        if (isSameAttribute(next, attribute)) {
                            Attribute filterAttributeValues = filterAttributeValues(next, attribute);
                            if (filterAttributeValues != null) {
                                String friendlyName = attribute.getFriendlyName();
                                if (friendlyName != null && friendlyName.length() > 0) {
                                    try {
                                        filterAttributeValues.setFriendlyName(friendlyName);
                                    } catch (SAML2Exception e) {
                                    }
                                }
                                arrayList.add(filterAttributeValues);
                            }
                        }
                    }
                }
            }
        }
        return arrayList;
    }

    private static boolean isSameAttribute(Attribute attribute, Attribute attribute2) {
        return attribute2.getName().equals(attribute.getName()) && isNameFormatMatching(attribute2.getNameFormat(), attribute.getNameFormat());
    }

    private static Attribute filterAttributeValues(Attribute attribute, Attribute attribute2) {
        List<String> attributeValueString = attribute2.getAttributeValueString();
        if (attributeValueString == null || attributeValueString.isEmpty()) {
            return attribute;
        }
        List attributeValueString2 = attribute.getAttributeValueString();
        if (attributeValueString2 == null || attributeValueString2.isEmpty()) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        for (String str : attributeValueString) {
            if (attributeValueString2.contains(str)) {
                arrayList.add(str);
            }
        }
        if (arrayList.isEmpty()) {
            return null;
        }
        if (arrayList.size() == attributeValueString.size()) {
            return attribute2;
        }
        try {
            Attribute createAttribute = AssertionFactory.getInstance().createAttribute();
            createAttribute.setName(attribute2.getName());
            createAttribute.setNameFormat(attribute2.getNameFormat());
            createAttribute.setFriendlyName(attribute2.getFriendlyName());
            createAttribute.setAnyAttribute(attribute2.getAnyAttribute());
            createAttribute.setAttributeValueString(arrayList);
            return createAttribute;
        } catch (SAML2Exception e) {
            if (!SAML2Utils.debug.messageEnabled()) {
                return null;
            }
            SAML2Utils.debug.message("AttributeQueryUtil.filterAttributeValues:", e);
            return null;
        }
    }

    private static boolean isSameAttribute(Attribute attribute, AttributeElement attributeElement) {
        return attribute.getName().equals(attributeElement.getName()) && isNameFormatMatching(attribute.getNameFormat(), attributeElement.getNameFormat());
    }

    private static boolean isNameFormatMatching(String str, String str2) {
        return str == null || DEFAULT_ATTRIBUTE_NAME_FORMAT.equals(str) || str.equals(str2);
    }

    private static boolean isValueValid(Attribute attribute, AttributeElement attributeElement) {
        List attributeValue;
        List attributeValueString = attribute.getAttributeValueString();
        if (attributeValueString == null || attributeValueString.isEmpty() || (attributeValue = attributeElement.getAttributeValue()) == null || attributeValue.isEmpty()) {
            return true;
        }
        ArrayList arrayList = new ArrayList();
        Iterator it = attributeValue.iterator();
        while (it.hasNext()) {
            arrayList.addAll(((AttributeValueElement) it.next()).getContent());
        }
        try {
            return arrayList.containsAll(attributeValueString);
        } catch (Exception e) {
            if (!SAML2Utils.debug.messageEnabled()) {
                return false;
            }
            SAML2Utils.debug.message("AttributeQueryUtil.isValueValid:", e);
            return false;
        }
    }

    private static Response sendAttributeQuerySOAP(AttributeQuery attributeQuery, String str, String str2, AttributeAuthorityDescriptorElement attributeAuthorityDescriptorElement) throws SAML2Exception {
        String xMLString = attributeQuery.toXMLString(true, true);
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("AttributeQueryUtil.sendAttributeQuerySOAP: attrQueryXMLString = " + xMLString);
            SAML2Utils.debug.message("AttributeQueryUtil.sendAttributeQuerySOAP: attributeServiceURL = " + str);
        }
        try {
            Response createResponse = ProtocolFactory.getInstance().createResponse(SOAPCommunicator.getInstance().getSamlpElement(SOAPCommunicator.getInstance().sendSOAPMessage(xMLString, str, true), "Response"));
            Status status = createResponse.getStatus();
            if (SAML2Constants.SUCCESS.equals(status.getStatusCode().getValue())) {
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.message("AttributeQueryUtil.sendAttributeQuerySOAP: response = " + createResponse.toXMLString(true, true));
                }
                verifyResponse(createResponse, attributeQuery, str2, attributeAuthorityDescriptorElement);
                return createResponse;
            }
            String statusMessage = status.getStatusMessage() == null ? "" : status.getStatusMessage();
            String xMLString2 = status.getStatusDetail() == null ? "" : status.getStatusDetail().toXMLString();
            SAML2Utils.debug.error("AttributeQueryUtil.sendAttributeQuerySOAP: Non-Success status " + status.getStatusCode().getValue() + ", message: " + statusMessage + ", detail: " + xMLString2);
            throw new SAML2Exception(SAML2SDKUtils.BUNDLE_NAME, "failureStatusAttributeQuery", new Object[]{status.getStatusCode().getValue(), statusMessage, xMLString2});
        } catch (SOAPException e) {
            SAML2Utils.debug.error("AttributeQueryUtil.sendAttributeQuerySOAP: ", e);
            throw new SAML2Exception(SAML2Utils.bundle.getString("errorSendingAttributeQuery"));
        }
    }

    private static void verifyResponse(Response response, AttributeQuery attributeQuery, String str, AttributeAuthorityDescriptorElement attributeAuthorityDescriptorElement) throws SAML2Exception {
        String id = attributeQuery.getID();
        if (id != null && !id.equals(response.getInResponseTo())) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("invalidInResponseToAttrQuery"));
        }
        Issuer issuer = response.getIssuer();
        if (issuer == null) {
            return;
        }
        if (!str.equals(issuer.getValue())) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("responseIssuerMismatch"));
        }
        if (!response.isSigned()) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("responseNotSigned"));
        }
        Set<X509Certificate> verificationCerts = KeyUtil.getVerificationCerts(attributeAuthorityDescriptorElement, str, SAML2Constants.ATTR_AUTH_ROLE);
        if (verificationCerts.isEmpty()) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("missingSigningCertAlias"));
        }
        boolean isSignatureValid = response.isSignatureValid(verificationCerts);
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("AttributeQueryUtil.verifyResponse: Signature validity is : " + isSignatureValid);
        }
        if (!isSignatureValid) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSignatureOnResponse"));
        }
    }

    private static String findLocation(AttributeAuthorityDescriptorElement attributeAuthorityDescriptorElement, String str, String str2, String str3) {
        SAML2Utils.debug.message("AttributeQueryUtil.findLocation entering...");
        List attributeProfile = attributeAuthorityDescriptorElement.getAttributeProfile();
        if (attributeProfile == null || attributeProfile.isEmpty()) {
            SAML2Utils.debug.message("AttributeQueryUtil.findLocation: attrProfiles is null or empty");
            if (str3 != null) {
                SAML2Utils.debug.message("AttributeQueryUtil.findLocation: attrProfiles is null or empty and attrProfile is null");
                return null;
            }
        } else if (!attributeProfile.contains(str3)) {
            SAML2Utils.debug.message("AttributeQueryUtil.findLocation: attrProfile not found in the attrProfiles");
            return null;
        }
        SAML2Utils.debug.message("AttributeQueryUtil.findLocation: entering...");
        for (AttributeServiceElement attributeServiceElement : attributeAuthorityDescriptorElement.getAttributeService()) {
            if (isValidAttributeService(str, attributeServiceElement, str2)) {
                SAML2Utils.debug.message("AttributeQueryUtil.findLocation: found valid service");
                return attributeServiceElement.getLocation();
            }
        }
        SAML2Utils.debug.message("AttributeQueryUtil.findLocation: nothing found, leaving last line with null");
        return null;
    }

    private static boolean isValidAttributeService(String str, AttributeServiceElement attributeServiceElement, String str2) {
        if (str.equalsIgnoreCase(attributeServiceElement.getBinding()) && str2 != null) {
            return str2.equals(SAML2Constants.DEFAULT_ATTR_QUERY_PROFILE) || (SAML2Constants.X509_SUBJECT_ATTR_QUERY_PROFILE.equals(str2) && attributeServiceElement.isSupportsX509Query());
        }
        return false;
    }

    static AttributeAuthorityMapper getAttributeAuthorityMapper(String str, String str2, String str3) throws SAML2Exception {
        try {
            String attributeValueFromAttrAuthorityConfig = getAttributeValueFromAttrAuthorityConfig(str, str2, str3 + "_" + SAML2Constants.ATTRIBUTE_AUTHORITY_MAPPER);
            if (attributeValueFromAttrAuthorityConfig == null) {
                attributeValueFromAttrAuthorityConfig = SAML2Constants.DEFAULT_ATTRIBUTE_AUTHORITY_MAPPER_CLASS;
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.message("AttributeQueryUtil.getAttributeAuthorityMapper: use " + attributeValueFromAttrAuthorityConfig);
                }
            }
            AttributeAuthorityMapper attributeAuthorityMapper = (AttributeAuthorityMapper) attrAuthorityMapperCache.get(attributeValueFromAttrAuthorityConfig);
            if (attributeAuthorityMapper == null) {
                attributeAuthorityMapper = (AttributeAuthorityMapper) Class.forName(attributeValueFromAttrAuthorityConfig).newInstance();
                attrAuthorityMapperCache.put(attributeValueFromAttrAuthorityConfig, attributeAuthorityMapper);
            } else if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message("AttributeQueryUtil.getAttributeAuthorityMapper: got the AttributeAuthorityMapper from cache");
            }
            return attributeAuthorityMapper;
        } catch (Exception e) {
            SAML2Utils.debug.error("AttributeQueryUtil.getAttributeAuthorityMapper: Unable to get IDP Attribute Mapper.", e);
            throw new SAML2Exception(e);
        }
    }

    private static String getAttributeValueFromAttrAuthorityConfig(String str, String str2, String str3) {
        try {
            String str4 = null;
            List<String> list = SAML2MetaUtils.getAttributes(metaManager.getAttributeAuthorityConfig(str, str2)).get(str3);
            if (list != null && !list.isEmpty()) {
                str4 = list.iterator().next().trim();
            }
            return str4;
        } catch (SAML2MetaException e) {
            if (!SAML2Utils.debug.messageEnabled()) {
                return null;
            }
            SAML2Utils.debug.message("AttributeQueryUtil.getAttributeValueFromAttrAuthorityConfig: get AttributeAuthorityConfig failed", e);
            return null;
        }
    }

    public static Map<String, String> getAttributeMapForFedlet(String str, String str2, String str3, List<String> list, String str4, String str5) throws SAML2Exception {
        Map<String, Set<String>> attributesForFedlet = getAttributesForFedlet(str, str2, str3, list, str4, str5);
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, Set<String>> entry : attributesForFedlet.entrySet()) {
            String key = entry.getKey();
            Set<String> value = entry.getValue();
            StringBuilder sb = new StringBuilder();
            for (String str6 : value) {
                if (sb.length() > 0) {
                    sb.append('|');
                }
                sb.append(str6);
            }
            hashMap.put(key, sb.toString());
        }
        return hashMap;
    }

    public static Map<String, Set<String>> getAttributesForFedlet(String str, String str2, String str3, List<String> list, String str4, String str5) throws SAML2Exception {
        AttributeQueryConfigElement attributeQueryConfig = metaManager.getAttributeQueryConfig("/", str);
        if (attributeQueryConfig == null) {
            if (!SAML2Utils.debug.messageEnabled()) {
                return null;
            }
            SAML2Utils.debug.message("AttributeQueryUtil.getAttributesForFedlet: Attribute Query Config is null");
            return null;
        }
        String metaAlias = attributeQueryConfig.getMetaAlias();
        if (metaAlias == null) {
            if (!SAML2Utils.debug.messageEnabled()) {
                return null;
            }
            SAML2Utils.debug.message("AttributeQueryUtil.getAttributesForFedlet: Attribute Query MetaAlias is null");
            return null;
        }
        boolean wantNameIDEncrypted = SAML2Utils.getWantNameIDEncrypted("/", str, SAML2Constants.ATTR_QUERY_ROLE);
        AttributeQuery constructAttrQueryForFedlet = constructAttrQueryForFedlet(str, str2, str3, list, metaAlias, str4, str5, wantNameIDEncrypted);
        String str6 = null;
        if (str4.equals("default")) {
            str6 = SAML2Constants.DEFAULT_ATTR_QUERY_PROFILE;
        } else if (str4.equals(SAML2Constants.X509_SUBJECT_ATTR_QUERY_PROFILE_ALIAS)) {
            str6 = SAML2Constants.X509_SUBJECT_ATTR_QUERY_PROFILE;
        }
        Response sendAttributeQuery = sendAttributeQuery(constructAttrQueryForFedlet, str2, "/", str6, SAML2Constants.BASIC_ATTRIBUTE_PROFILE, SAML2Constants.SOAP);
        boolean validateSAMLResponseForFedlet = validateSAMLResponseForFedlet(sendAttributeQuery, str, wantNameIDEncrypted);
        HashMap hashMap = new HashMap();
        if (validateSAMLResponseForFedlet) {
            if (sendAttributeQuery != null) {
                for (Object obj : wantNameIDEncrypted ? sendAttributeQuery.getEncryptedAssertion() : sendAttributeQuery.getAssertion()) {
                    Assertion decryptedAssertion = wantNameIDEncrypted ? getDecryptedAssertion((EncryptedAssertion) obj, str) : (Assertion) obj;
                    if (decryptedAssertion != null) {
                        List<AttributeStatement> attributeStatements = decryptedAssertion.getAttributeStatements();
                        if (attributeStatements != null && attributeStatements.size() > 0) {
                            Iterator<AttributeStatement> it = attributeStatements.iterator();
                            while (it.hasNext()) {
                                hashMap.putAll(mapAttributes("/", str, str2, str3, it.next().getAttribute()));
                            }
                        } else if (SAML2Utils.debug.messageEnabled()) {
                            SAML2Utils.debug.message("AttributeQueryUtil.getAttributesForFedlet: Empty Statement present in SAML response");
                        }
                    } else if (SAML2Utils.debug.messageEnabled()) {
                        SAML2Utils.debug.message("AttributeQueryUtil.getAttributesForFedlet: Empty Assertion present in SAML response");
                    }
                }
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.message("AttributeQueryUtil.getAttributesForFedlet: attributes received from Attribute Query: " + hashMap);
                }
            }
        } else if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("AttributeQueryUtil.getAttributesForFedlet: Invalid response obtained from Attribute Authority");
        }
        return hashMap;
    }

    private static Map<String, Set<String>> mapAttributes(String str, String str2, String str3, String str4, List<Attribute> list) throws SAML2Exception {
        return SAML2Utils.getSPAttributeMapper(str, str2).getAttributes(list, str4, str2, str3, str);
    }

    private static AttributeQuery constructAttrQueryForFedlet(String str, String str2, String str3, List<String> list, String str4, String str5, String str6, boolean z) throws SAML2Exception {
        String entityByMetaAlias = SAML2Utils.getSAML2MetaManager().getEntityByMetaAlias(str4);
        ProtocolFactory protocolFactory = ProtocolFactory.getInstance();
        AssertionFactory assertionFactory = AssertionFactory.getInstance();
        AttributeQuery createAttributeQuery = protocolFactory.createAttributeQuery();
        Issuer createIssuer = assertionFactory.createIssuer();
        createIssuer.setValue(entityByMetaAlias);
        createAttributeQuery.setIssuer(createIssuer);
        createAttributeQuery.setID(SAML2Utils.generateID());
        createAttributeQuery.setVersion(SAML2Constants.VERSION_2_0);
        createAttributeQuery.setIssueInstant(Time.newDate());
        ArrayList arrayList = new ArrayList();
        for (String str7 : list) {
            Attribute createAttribute = assertionFactory.createAttribute();
            createAttribute.setName(str7);
            createAttribute.setNameFormat(SAML2Constants.BASIC_NAME_FORMAT);
            arrayList.add(createAttribute);
        }
        createAttributeQuery.setAttributes(arrayList);
        Subject createSubject = assertionFactory.createSubject();
        NameID createNameID = assertionFactory.createNameID();
        createNameID.setNameQualifier(str2);
        createNameID.setSPNameQualifier(str);
        if (str5.equals("default")) {
            createNameID.setFormat(SAML2Constants.NAMEID_TRANSIENT_FORMAT);
            createNameID.setValue(str3);
        }
        if (str5.equals(SAML2Constants.X509_SUBJECT_ATTR_QUERY_PROFILE_ALIAS)) {
            createNameID.setFormat(SAML2Constants.X509_SUBJECT_NAME);
            createNameID.setValue(str6);
        }
        if (z) {
            EncInfo encInfo = KeyUtil.getEncInfo(metaManager.getAttributeAuthorityDescriptor("/", str2), str2, SAML2Constants.ATTR_AUTH_ROLE);
            createSubject.setEncryptedID(createNameID.encrypt(encInfo.getWrappingKey(), encInfo.getDataEncAlgorithm(), encInfo.getDataEncStrength(), str2));
        } else {
            createSubject.setNameID(createNameID);
        }
        createAttributeQuery.setSubject(createSubject);
        return createAttributeQuery;
    }

    private static boolean validateSAMLResponseForFedlet(Response response, String str, boolean z) throws SAML2Exception {
        boolean z2 = true;
        if (response != null && response.isSigned()) {
            List encryptedAssertion = z ? response.getEncryptedAssertion() : response.getAssertion();
            if (encryptedAssertion != null) {
                Iterator it = encryptedAssertion.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    Assertion decryptedAssertion = z ? getDecryptedAssertion((EncryptedAssertion) it.next(), str) : (Assertion) it.next();
                    if (decryptedAssertion != null) {
                        Conditions conditions = decryptedAssertion.getConditions();
                        if (conditions != null && conditions.getAudienceRestrictions().size() > 1) {
                            z2 = false;
                            break;
                        }
                        if (decryptedAssertion.getAttributeStatements().size() > 1) {
                            z2 = false;
                            break;
                        }
                    }
                }
            } else {
                return false;
            }
        } else {
            z2 = false;
        }
        return z2;
    }

    private static Assertion getDecryptedAssertion(EncryptedAssertion encryptedAssertion, String str) throws SAML2Exception {
        if (encryptedAssertion != null) {
            return encryptedAssertion.decrypt(KeyUtil.getDecryptionKeys("/", str, SAML2Constants.ATTR_QUERY_ROLE));
        }
        return null;
    }

    static {
        dsProvider = null;
        try {
            dsProvider = SAML2Utils.getDataStoreProvider();
        } catch (SAML2Exception e) {
            SAML2Utils.debug.error("AttributeQueryUtil.static:", e);
        }
    }
}
