package com.sun.identity.saml2.profile;

import com.sun.identity.common.HttpURLConnectionManager;
import com.sun.identity.federation.common.IFSConstants;
import com.sun.identity.saml.common.SAMLUtils;
import com.sun.identity.saml.xmlsig.KeyProvider;
import com.sun.identity.saml2.assertion.Assertion;
import com.sun.identity.saml2.assertion.AssertionFactory;
import com.sun.identity.saml2.assertion.AssertionIDRef;
import com.sun.identity.saml2.assertion.Issuer;
import com.sun.identity.saml2.common.SAML2Constants;
import com.sun.identity.saml2.common.SAML2Exception;
import com.sun.identity.saml2.common.SAML2FailoverUtils;
import com.sun.identity.saml2.common.SAML2Utils;
import com.sun.identity.saml2.common.SOAPCommunicator;
import com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement;
import com.sun.identity.saml2.jaxb.metadata.AssertionIDRequestServiceElement;
import com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement;
import com.sun.identity.saml2.jaxb.metadata.RoleDescriptorType;
import com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement;
import com.sun.identity.saml2.key.KeyUtil;
import com.sun.identity.saml2.meta.SAML2MetaException;
import com.sun.identity.saml2.meta.SAML2MetaManager;
import com.sun.identity.saml2.plugins.AssertionIDRequestMapper;
import com.sun.identity.saml2.protocol.AssertionIDRequest;
import com.sun.identity.saml2.protocol.ProtocolFactory;
import com.sun.identity.saml2.protocol.Response;
import com.sun.identity.saml2.protocol.Status;
import com.sun.identity.saml2.protocol.StatusCode;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.soap.SOAPException;
import org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException;
import org.forgerock.openam.utils.Time;

/* loaded from: input_file:com/sun/identity/saml2/profile/AssertionIDRequestUtil.class */
public class AssertionIDRequestUtil {
    static KeyProvider keyProvider = KeyUtil.getKeyProviderInstance();
    static SAML2MetaManager metaManager = SAML2Utils.getSAML2MetaManager();
    static Hashtable assertionIDRequestMapperCache = new Hashtable();
    static final String MIME_TYPE_ASSERTION = "application/samlassertion+xml";

    private AssertionIDRequestUtil() {
    }

    public static Response sendAssertionIDRequest(AssertionIDRequest assertionIDRequest, String str, String str2, String str3, String str4) throws SAML2Exception {
        StringBuffer stringBuffer = new StringBuffer();
        RoleDescriptorType roleDescriptorAndLocation = getRoleDescriptorAndLocation(str, str2, str3, str4, stringBuffer);
        if (!str4.equalsIgnoreCase(SAML2Constants.SOAP)) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedBinding"));
        }
        signAssertionIDRequest(assertionIDRequest, str3, true);
        return sendAssertionIDRequestBySOAP(assertionIDRequest, stringBuffer.toString(), str3, str, str2, roleDescriptorAndLocation);
    }

    public static Assertion sendAssertionIDRequestURI(String str, String str2, String str3, String str4) throws SAML2Exception {
        StringBuffer stringBuffer = new StringBuffer();
        getRoleDescriptorAndLocation(str2, str3, str4, SAML2Constants.URI, stringBuffer);
        if (stringBuffer.indexOf("?") == -1) {
            stringBuffer.append("?");
        } else {
            stringBuffer.append("&");
        }
        stringBuffer.append("ID=").append(str);
        try {
            try {
                HttpURLConnection connection = HttpURLConnectionManager.getConnection(new URL(fillInBasicAuthInfo(stringBuffer.toString(), str4, str2, str3)));
                connection.setInstanceFollowRedirects(false);
                connection.setUseCaches(false);
                connection.setDoOutput(false);
                connection.connect();
                int responseCode = connection.getResponseCode();
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.message("AssertionIDRequestUtil.sendAssertionIDRequestURI: Response code = " + responseCode + ", Response message = " + connection.getResponseMessage());
                }
                if (responseCode != 200) {
                    return null;
                }
                String contentType = connection.getContentType();
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.message("AssertionIDRequestUtil.sendAssertionIDRequestURI: Content type = " + contentType);
                }
                if (contentType == null || contentType.indexOf(MIME_TYPE_ASSERTION) == -1) {
                    return null;
                }
                int contentLength = connection.getContentLength();
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.message("AssertionIDRequestUtil.sendAssertionIDRequestURI: Content length = " + contentLength);
                }
                BufferedInputStream bufferedInputStream = new BufferedInputStream(connection.getInputStream());
                StringBuffer stringBuffer2 = new StringBuffer();
                byte[] bArr = new byte[2048];
                if (contentLength != -1) {
                    int i = 0;
                    while (i < contentLength) {
                        int i2 = contentLength - i;
                        int read = bufferedInputStream.read(bArr, 0, i2 < bArr.length ? i2 : bArr.length);
                        if (read == -1) {
                            break;
                        }
                        if (read > 0) {
                            i += read;
                            stringBuffer2.append(new String(bArr, 0, read));
                        }
                    }
                } else {
                    int i3 = 0;
                    while (true) {
                        int read2 = bufferedInputStream.read(bArr);
                        if (read2 == -1) {
                            break;
                        }
                        i3 += read2;
                        stringBuffer2.append(new String(bArr, 0, read2));
                    }
                }
                return AssertionFactory.getInstance().createAssertion(stringBuffer2.toString());
            } catch (IOException e) {
                SAML2Utils.debug.error("AssertionIDRequest.sendAssertionIDRequestURI:", e);
                throw new SAML2Exception(e.getMessage());
            }
        } catch (MalformedURLException e2) {
            throw new SAML2Exception(e2.getMessage());
        }
    }

    /* JADX WARN: Type inference failed for: r16v0, types: [java.lang.Throwable, com.sun.identity.saml2.common.SAML2Exception] */
    public static void processAssertionIDRequestURI(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, String str3) throws IOException {
        String parameter = httpServletRequest.getParameter("ID");
        if (parameter == null) {
            SAMLUtils.sendError(httpServletRequest, httpServletResponse, 400, "nullAssertionID", SAML2Utils.bundle.getString("nullAssertionID"));
            return;
        }
        try {
            try {
                getAssertionIDRequestMapper(str3, str, str2).authenticateRequesterURI(httpServletRequest, httpServletResponse, str, str2, str3);
                Assertion assertion = (Assertion) IDPCache.assertionByIDCache.get(parameter);
                if (assertion == null || !assertion.isTimeValid()) {
                    SAMLUtils.sendError(httpServletRequest, httpServletResponse, 404, "invalidAssertionID", SAML2Utils.bundle.getString("invalidAssertionID"));
                    return;
                }
                httpServletResponse.setContentType(MIME_TYPE_ASSERTION);
                httpServletResponse.addHeader("Cache-Control", "no-cache, no-store");
                httpServletResponse.addHeader("Pragma", "no-cache");
                try {
                    try {
                        byte[] bytes = assertion.toXMLString(true, true).getBytes("UTF-8");
                        httpServletResponse.setContentLength(bytes.length);
                        BufferedOutputStream bufferedOutputStream = null;
                        try {
                            try {
                                bufferedOutputStream = new BufferedOutputStream(httpServletResponse.getOutputStream());
                                bufferedOutputStream.write(bytes, 0, bytes.length);
                                if (bufferedOutputStream != null) {
                                    try {
                                        bufferedOutputStream.close();
                                    } catch (IOException e) {
                                        SAML2Utils.debug.error("AssertionIDRequestUtil.processAssertionIDRequestURI:", e);
                                    }
                                }
                            } catch (Throwable th) {
                                if (bufferedOutputStream != null) {
                                    try {
                                        bufferedOutputStream.close();
                                    } catch (IOException e2) {
                                        SAML2Utils.debug.error("AssertionIDRequestUtil.processAssertionIDRequestURI:", e2);
                                    }
                                }
                                throw th;
                            }
                        } catch (IOException e3) {
                            SAML2Utils.debug.error("AssertionIDRequestUtil.processAssertionIDRequestURI:", e3);
                            if (bufferedOutputStream != null) {
                                try {
                                    bufferedOutputStream.close();
                                } catch (IOException e4) {
                                    SAML2Utils.debug.error("AssertionIDRequestUtil.processAssertionIDRequestURI:", e4);
                                }
                            }
                        }
                    } catch (UnsupportedEncodingException e5) {
                        if (SAML2Utils.debug.messageEnabled()) {
                            SAML2Utils.debug.message("AssertionIDRequestUtil.processAssertionIDRequestURI:", e5);
                        }
                        SAMLUtils.sendError(httpServletRequest, httpServletResponse, IFSConstants.MAX_CACHING_TIME, "unsupportedEncoding", e5.getMessage());
                    }
                } catch (SAML2Exception e6) {
                    if (SAML2Utils.debug.messageEnabled()) {
                        SAML2Utils.debug.message("AssertionIDRequestUtil.processAssertionIDRequestURI:", (Throwable) e6);
                    }
                    SAMLUtils.sendError(httpServletRequest, httpServletResponse, IFSConstants.MAX_CACHING_TIME, "invalidAssertion", e6.getMessage());
                }
            } catch (SAML2Exception e7) {
                SAMLUtils.sendError(httpServletRequest, httpServletResponse, 403, "failedToAuthenticateRequesterURI", e7.getMessage());
            }
        } catch (SAML2Exception e8) {
            SAMLUtils.sendError(httpServletRequest, httpServletResponse, IFSConstants.MAX_CACHING_TIME, "failedToGetAssertionIDRequestMapper", e8.getMessage());
        }
    }

    /* JADX WARN: Type inference failed for: r12v0, types: [java.lang.Throwable, com.sun.identity.saml2.common.SAML2Exception] */
    /* JADX WARN: Type inference failed for: r15v0, types: [java.lang.Throwable, com.sun.identity.saml2.meta.SAML2MetaException] */
    public static Response processAssertionIDRequest(AssertionIDRequest assertionIDRequest, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, String str3) throws SAML2Exception {
        try {
            verifyAssertionIDRequest(assertionIDRequest, str, str2, str3);
            assertionIDRequest.getIssuer().getValue();
            IDPSSODescriptorElement iDPSSODescriptorElement = null;
            try {
                if (SAML2Constants.IDP_ROLE.equals(str2)) {
                    iDPSSODescriptorElement = metaManager.getIDPSSODescriptor(str3, str);
                } else if (SAML2Constants.AUTHN_AUTH_ROLE.equals(str2)) {
                    iDPSSODescriptorElement = metaManager.getAuthnAuthorityDescriptor(str3, str);
                } else if (SAML2Constants.ATTR_AUTH_ROLE.equals(str2)) {
                    iDPSSODescriptorElement = metaManager.getAttributeAuthorityDescriptor(str3, str);
                }
                if (iDPSSODescriptorElement == null) {
                    return SAML2Utils.getErrorResponse(assertionIDRequest, SAML2Constants.REQUESTER, null, SAML2Utils.bundle.getString("samlAuthorityNotFound"), str);
                }
                ArrayList arrayList = null;
                Iterator it = assertionIDRequest.getAssertionIDRefs().iterator();
                while (it.hasNext()) {
                    String value = ((AssertionIDRef) it.next()).getValue();
                    Assertion assertion = (Assertion) IDPCache.assertionByIDCache.get(value);
                    if (assertion == null && SAML2FailoverUtils.isSAML2FailoverEnabled()) {
                        if (SAML2Utils.debug.messageEnabled()) {
                            SAML2Utils.debug.message("AssertionIDRequestUtil.processAssertionIDRequest: reading assertion from the SAML2 Token Repository using assertionID:" + value);
                        }
                        String str4 = null;
                        try {
                            str4 = (String) SAML2FailoverUtils.retrieveSAML2Token(value);
                        } catch (SAML2TokenRepositoryException e) {
                            SAML2Utils.debug.error("AssertionIDRequestUtil.processAssertionIDRequest: There was a problem reading assertion from the SAML2 Token Repository using assertionID:" + value, e);
                        }
                        if (str4 != null) {
                            assertion = AssertionFactory.getInstance().createAssertion(str4);
                        }
                    }
                    if (assertion != null && assertion.isTimeValid()) {
                        if (arrayList == null) {
                            arrayList = new ArrayList();
                        }
                        arrayList.add(assertion);
                    }
                }
                ProtocolFactory protocolFactory = ProtocolFactory.getInstance();
                Response createResponse = protocolFactory.createResponse();
                createResponse.setAssertion(arrayList);
                createResponse.setID(SAML2Utils.generateID());
                createResponse.setInResponseTo(assertionIDRequest.getID());
                createResponse.setVersion(SAML2Constants.VERSION_2_0);
                createResponse.setIssueInstant(Time.newDate());
                Status createStatus = protocolFactory.createStatus();
                StatusCode createStatusCode = protocolFactory.createStatusCode();
                createStatusCode.setValue(SAML2Constants.SUCCESS);
                createStatus.setStatusCode(createStatusCode);
                createResponse.setStatus(createStatus);
                Issuer createIssuer = AssertionFactory.getInstance().createIssuer();
                createIssuer.setValue(str);
                createResponse.setIssuer(createIssuer);
                signResponse(createResponse, str, str2, str3, true);
                return createResponse;
            } catch (SAML2MetaException e2) {
                SAML2Utils.debug.error("AssertionIDRequestUtil.processAssertionIDRequest:", (Throwable) e2);
                return SAML2Utils.getErrorResponse(assertionIDRequest, SAML2Constants.RESPONDER, null, e2.getMessage(), str);
            }
        } catch (SAML2Exception e3) {
            SAML2Utils.debug.error("AssertionIDRequestUtil.processAssertionIDRequest:", (Throwable) e3);
            return SAML2Utils.getErrorResponse(assertionIDRequest, SAML2Constants.REQUESTER, null, e3.getMessage(), str);
        }
    }

    private static RoleDescriptorType getRoleDescriptorAndLocation(String str, String str2, String str3, String str4, StringBuffer stringBuffer) throws SAML2Exception {
        List assertionIDRequestService;
        IDPSSODescriptorElement iDPSSODescriptorElement;
        try {
            if (str2 == null) {
                throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedRole"));
            }
            if (str2.equals(SAML2Constants.IDP_ROLE)) {
                IDPSSODescriptorElement iDPSSODescriptor = metaManager.getIDPSSODescriptor(str3, str);
                if (iDPSSODescriptor == null) {
                    throw new SAML2Exception(SAML2Utils.bundle.getString("idpNotFound"));
                }
                assertionIDRequestService = iDPSSODescriptor.getAssertionIDRequestService();
                iDPSSODescriptorElement = iDPSSODescriptor;
            } else if (str2.equals(SAML2Constants.AUTHN_AUTH_ROLE)) {
                IDPSSODescriptorElement authnAuthorityDescriptor = metaManager.getAuthnAuthorityDescriptor(str3, str);
                if (authnAuthorityDescriptor == null) {
                    throw new SAML2Exception(SAML2Utils.bundle.getString("authnAuthorityNotFound"));
                }
                assertionIDRequestService = authnAuthorityDescriptor.getAssertionIDRequestService();
                iDPSSODescriptorElement = authnAuthorityDescriptor;
            } else {
                if (!str2.equals(SAML2Constants.ATTR_AUTH_ROLE)) {
                    throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedRole"));
                }
                IDPSSODescriptorElement attributeAuthorityDescriptor = metaManager.getAttributeAuthorityDescriptor(str3, str);
                if (attributeAuthorityDescriptor == null) {
                    throw new SAML2Exception(SAML2Utils.bundle.getString("attrAuthorityNotFound"));
                }
                assertionIDRequestService = attributeAuthorityDescriptor.getAssertionIDRequestService();
                iDPSSODescriptorElement = attributeAuthorityDescriptor;
            }
            if (str4 == null) {
                throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedBinding"));
            }
            if (assertionIDRequestService == null || assertionIDRequestService.isEmpty()) {
                throw new SAML2Exception(SAML2Utils.bundle.getString("aIDReqServiceNotFound"));
            }
            Iterator it = assertionIDRequestService.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                AssertionIDRequestServiceElement assertionIDRequestServiceElement = (AssertionIDRequestServiceElement) it.next();
                if (str4.equalsIgnoreCase(assertionIDRequestServiceElement.getBinding())) {
                    stringBuffer.append(assertionIDRequestServiceElement.getLocation());
                    break;
                }
            }
            if (stringBuffer.length() == 0) {
                throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedBinding"));
            }
            return iDPSSODescriptorElement;
        } catch (SAML2MetaException e) {
            SAML2Utils.debug.error("AssertionIDRequest.getRoleDescriptorAndLocation:", e);
            throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
        }
    }

    private static void signAssertionIDRequest(AssertionIDRequest assertionIDRequest, String str, boolean z) throws SAML2Exception {
        String signingCertAlias = SAML2Utils.getSigningCertAlias(str, assertionIDRequest.getIssuer().getValue(), SAML2Constants.SP_ROLE);
        PrivateKey privateKey = keyProvider.getPrivateKey(signingCertAlias);
        X509Certificate x509Certificate = null;
        if (z) {
            x509Certificate = keyProvider.getX509Certificate(signingCertAlias);
        }
        if (privateKey != null) {
            assertionIDRequest.sign(privateKey, x509Certificate);
        }
    }

    private static void verifyAssertionIDRequest(AssertionIDRequest assertionIDRequest, String str, String str2, String str3) throws SAML2Exception {
        Issuer issuer = assertionIDRequest.getIssuer();
        String value = issuer.getValue();
        if (!SAML2Utils.isSourceSiteValid(issuer, str3, str)) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("assertionIDRequestIssuerInvalid"));
        }
        SPSSODescriptorElement sPSSODescriptor = metaManager.getSPSSODescriptor(str3, value);
        if (sPSSODescriptor == null) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("assertionIDRequestIssuerNotFound"));
        }
        Set<X509Certificate> verificationCerts = KeyUtil.getVerificationCerts(sPSSODescriptor, value, SAML2Constants.SP_ROLE);
        if (verificationCerts.isEmpty()) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("missingSigningCertAlias"));
        }
        boolean isSignatureValid = assertionIDRequest.isSignatureValid(verificationCerts);
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("AssertionIDRequestUtil.verifyAssertionIDRequest: Signature validity is : " + isSignatureValid);
        }
        if (!isSignatureValid) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSignatureAssertionIDRequest"));
        }
    }

    private static void signResponse(Response response, String str, String str2, String str3, boolean z) throws SAML2Exception {
        String signingCertAlias = SAML2Utils.getSigningCertAlias(str3, str, str2);
        String signingCertEncryptedKeyPass = SAML2Utils.getSigningCertEncryptedKeyPass(str3, str, str2);
        PrivateKey privateKey = (signingCertEncryptedKeyPass == null || signingCertEncryptedKeyPass.isEmpty()) ? keyProvider.getPrivateKey(signingCertAlias) : keyProvider.getPrivateKey(signingCertAlias, signingCertEncryptedKeyPass);
        X509Certificate x509Certificate = null;
        if (z) {
            x509Certificate = keyProvider.getX509Certificate(signingCertAlias);
        }
        if (privateKey != null) {
            response.sign(privateKey, x509Certificate);
        }
    }

    private static String fillInBasicAuthInfo(String str, String str2, String str3, String str4) {
        IDPSSOConfigElement iDPSSOConfigElement = null;
        try {
            if (str4.equals(SAML2Constants.IDP_ROLE)) {
                iDPSSOConfigElement = metaManager.getIDPSSOConfig(str2, str3);
            } else if (str4.equals(SAML2Constants.AUTHN_AUTH_ROLE)) {
                iDPSSOConfigElement = metaManager.getAuthnAuthorityConfig(str2, str3);
            } else if (str4.equals(SAML2Constants.ATTR_AUTH_ROLE)) {
                iDPSSOConfigElement = metaManager.getAttributeAuthorityConfig(str2, str3);
            }
        } catch (SAML2MetaException e) {
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message("AssertionIDRequestUtil.getSSOConfig:", e);
            }
        }
        return SAML2Utils.fillInBasicAuthInfo(iDPSSOConfigElement, str);
    }

    private static Response sendAssertionIDRequestBySOAP(AssertionIDRequest assertionIDRequest, String str, String str2, String str3, String str4, RoleDescriptorType roleDescriptorType) throws SAML2Exception {
        String xMLString = assertionIDRequest.toXMLString(true, true);
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("AssertionIDRequestUtil.sendAssertionIDRequestBySOAP: assertionIDRequest = " + xMLString);
            SAML2Utils.debug.message("AssertionIDRequestUtil.sendAssertionIDRequestBySOAP: location = " + str);
        }
        try {
            Response createResponse = ProtocolFactory.getInstance().createResponse(SOAPCommunicator.getInstance().getSamlpElement(SOAPCommunicator.getInstance().sendSOAPMessage(xMLString, fillInBasicAuthInfo(str, str2, str3, str4), true), "Response"));
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message("AssertionIDRequestUtil.sendAssertionIDRequestBySOAP: response = " + createResponse.toXMLString(true, true));
            }
            verifyResponse(createResponse, assertionIDRequest, str3, str4, roleDescriptorType);
            return createResponse;
        } catch (SOAPException e) {
            SAML2Utils.debug.error("AssertionIDRequestUtil.sendAssertionIDRequestBySOAP:", e);
            throw new SAML2Exception(SAML2Utils.bundle.getString("errorSendingAssertionIDRequest"));
        }
    }

    private static void verifyResponse(Response response, AssertionIDRequest assertionIDRequest, String str, String str2, RoleDescriptorType roleDescriptorType) throws SAML2Exception {
        String id = assertionIDRequest.getID();
        if (id != null && !id.equals(response.getInResponseTo())) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("invalidInResponseToAssertionIDRequest"));
        }
        Issuer issuer = response.getIssuer();
        if (issuer == null) {
            return;
        }
        if (!str.equals(issuer.getValue())) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("responseIssuerMismatch"));
        }
        Set<X509Certificate> verificationCerts = KeyUtil.getVerificationCerts(roleDescriptorType, str, str2);
        if (verificationCerts.isEmpty()) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("missingSigningCertAlias"));
        }
        boolean isSignatureValid = response.isSignatureValid(verificationCerts);
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("AssertionIDRequestUtil .verifyResponse: Signature validity is : " + isSignatureValid);
        }
        if (!isSignatureValid) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSignatureOnResponse"));
        }
    }

    private static AssertionIDRequestMapper getAssertionIDRequestMapper(String str, String str2, String str3) throws SAML2Exception {
        try {
            String attributeValueFromSSOConfig = SAML2Utils.getAttributeValueFromSSOConfig(str, str2, str3, SAML2Constants.ASSERTION_ID_REQUEST_MAPPER);
            if (attributeValueFromSSOConfig == null) {
                attributeValueFromSSOConfig = SAML2Constants.DEFAULT_ASSERTION_ID_REQUEST_MAPPER_CLASS;
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.message("AssertionIDRequestUtil.getAssertionIDRequestMapper: use " + attributeValueFromSSOConfig);
                }
            }
            AssertionIDRequestMapper assertionIDRequestMapper = (AssertionIDRequestMapper) assertionIDRequestMapperCache.get(attributeValueFromSSOConfig);
            if (assertionIDRequestMapper == null) {
                assertionIDRequestMapper = (AssertionIDRequestMapper) Class.forName(attributeValueFromSSOConfig).newInstance();
                assertionIDRequestMapperCache.put(attributeValueFromSSOConfig, assertionIDRequestMapper);
            } else if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message("AssertionIDRequestUtil.getAssertionIDRequestMapper: got the AssertionIDRequestMapper from cache");
            }
            return assertionIDRequestMapper;
        } catch (Exception e) {
            SAML2Utils.debug.error("AssertionIDRequestUtil.getAssertionIDRequestMapper:", e);
            throw new SAML2Exception(e);
        }
    }
}
