package com.sun.identity.federation.services.fednsso;

import com.sun.identity.common.PeriodicGroupRunnable;
import com.sun.identity.common.ScheduleableGroupAction;
import com.sun.identity.common.SystemConfigurationUtil;
import com.sun.identity.common.SystemTimerPool;
import com.sun.identity.common.TaskRunnable;
import com.sun.identity.common.TimerPool;
import com.sun.identity.federation.accountmgmt.FSAccountFedInfo;
import com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey;
import com.sun.identity.federation.accountmgmt.FSAccountManager;
import com.sun.identity.federation.common.FSException;
import com.sun.identity.federation.common.FSUtils;
import com.sun.identity.federation.common.IFSConstants;
import com.sun.identity.federation.common.LogUtil;
import com.sun.identity.federation.jaxb.entityconfig.BaseConfigType;
import com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement;
import com.sun.identity.federation.key.KeyUtil;
import com.sun.identity.federation.message.FSAssertion;
import com.sun.identity.federation.message.FSAuthenticationStatement;
import com.sun.identity.federation.message.FSAuthnRequest;
import com.sun.identity.federation.message.FSAuthnResponse;
import com.sun.identity.federation.message.FSResponse;
import com.sun.identity.federation.message.FSSubject;
import com.sun.identity.federation.message.common.AuthnContext;
import com.sun.identity.federation.meta.IDFFMetaManager;
import com.sun.identity.federation.meta.IDFFMetaUtils;
import com.sun.identity.federation.plugins.FederationSPAdapter;
import com.sun.identity.federation.services.FSAttributeMapper;
import com.sun.identity.federation.services.FSRealmAttributeMapper;
import com.sun.identity.federation.services.FSSPAuthenticationContextInfo;
import com.sun.identity.federation.services.FSSession;
import com.sun.identity.federation.services.FSSessionManager;
import com.sun.identity.federation.services.FSSessionPartner;
import com.sun.identity.federation.services.logout.FSTokenListener;
import com.sun.identity.federation.services.util.FSServiceUtils;
import com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType;
import com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType;
import com.sun.identity.plugin.session.SessionException;
import com.sun.identity.plugin.session.SessionManager;
import com.sun.identity.plugin.session.SessionProvider;
import com.sun.identity.saml.assertion.Attribute;
import com.sun.identity.saml.assertion.AttributeStatement;
import com.sun.identity.saml.assertion.AudienceRestrictionCondition;
import com.sun.identity.saml.assertion.Conditions;
import com.sun.identity.saml.assertion.NameIdentifier;
import com.sun.identity.saml.assertion.Statement;
import com.sun.identity.saml.assertion.Subject;
import com.sun.identity.saml.assertion.SubjectConfirmation;
import com.sun.identity.saml.common.SAMLConstants;
import com.sun.identity.saml.common.SAMLException;
import com.sun.identity.saml.common.SAMLResponderException;
import com.sun.identity.saml.common.SAMLServiceManager;
import com.sun.identity.saml.protocol.Response;
import com.sun.identity.saml.servlet.POSTCleanUpRunnable;
import com.sun.identity.saml.xmlsig.XMLSignatureManager;
import com.sun.identity.saml2.common.SAML2Constants;
import com.sun.identity.shared.DateUtils;
import com.sun.identity.shared.encode.CookieUtils;
import com.sun.identity.shared.xml.XMLUtils;
import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.forgerock.openam.utils.Time;
import org.w3c.dom.Element;

/* loaded from: input_file:com/sun/identity/federation/services/fednsso/FSAssertionArtifactHandler.class */
public class FSAssertionArtifactHandler {
    private String idpSessionIndex;
    private Date reAuthnOnOrAfterDate;
    private AuthnContext authnContextStmt;
    protected HttpServletRequest request;
    protected HttpServletResponse response;
    protected IDPDescriptorType idpDescriptor;
    protected String idpEntityId;
    protected FSAuthnRequest authnRequest;
    protected String relayState;
    private static TaskRunnable cGoThrough;
    private static TaskRunnable cPeriodic;
    protected boolean doFederate;
    protected String nameIDPolicy;
    protected AttributeStatement bootStrapStatement;
    protected AttributeStatement _autoFedStatement;
    protected Map autoFedSearchMap;
    protected List securityAssertions;
    protected Object ssoToken;
    protected FSAuthnResponse authnResponse;
    protected Element samlResponseElt;
    protected List attrStatements;
    protected SPDescriptorType hostDesc;
    protected BaseConfigType hostConfig;
    protected String realm;
    protected String hostEntityId;
    protected String hostMetaAlias;
    protected FSAttributeMapper attributeMapper;
    protected FSRealmAttributeMapper realmAttributeMapper;
    protected FSResponse samlResponse;
    protected static Map idTimeMap = Collections.synchronizedMap(new HashMap());
    protected static String ANONYMOUS_PRINCIPAL = "anonymous";

    public void setHostEntityId(String str) {
        this.hostEntityId = str;
    }

    public void setHostDescriptor(SPDescriptorType sPDescriptorType) {
        this.hostDesc = sPDescriptorType;
    }

    public void setHostDescriptorConfig(BaseConfigType baseConfigType) {
        this.hostConfig = baseConfigType;
    }

    public void setMetaAlias(String str) {
        this.hostMetaAlias = str;
    }

    public String getHostEntityId() {
        return this.hostEntityId;
    }

    public String getRealm() {
        return this.realm;
    }

    public void setRealm(String str) {
        this.realm = str;
    }

    public FSAuthnRequest getAuthnRequest() {
        return this.authnRequest;
    }

    public void setAuthnRequest(FSAuthnRequest fSAuthnRequest) {
        this.authnRequest = fSAuthnRequest;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public FSAssertionArtifactHandler() {
        this.idpSessionIndex = null;
        this.reAuthnOnOrAfterDate = null;
        this.authnContextStmt = null;
        this.request = null;
        this.response = null;
        this.idpDescriptor = null;
        this.idpEntityId = null;
        this.authnRequest = null;
        this.relayState = null;
        this.doFederate = false;
        this.nameIDPolicy = null;
        this.bootStrapStatement = null;
        this._autoFedStatement = null;
        this.autoFedSearchMap = null;
        this.securityAssertions = null;
        this.ssoToken = null;
        this.authnResponse = null;
        this.samlResponseElt = null;
        this.attrStatements = new ArrayList();
        this.hostDesc = null;
        this.hostConfig = null;
        this.realm = null;
        this.hostEntityId = null;
        this.hostMetaAlias = null;
        this.attributeMapper = null;
        this.realmAttributeMapper = null;
        this.samlResponse = null;
    }

    public FSAssertionArtifactHandler(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, IDPDescriptorType iDPDescriptorType, String str, boolean z, String str2, String str3) {
        this.idpSessionIndex = null;
        this.reAuthnOnOrAfterDate = null;
        this.authnContextStmt = null;
        this.request = null;
        this.response = null;
        this.idpDescriptor = null;
        this.idpEntityId = null;
        this.authnRequest = null;
        this.relayState = null;
        this.doFederate = false;
        this.nameIDPolicy = null;
        this.bootStrapStatement = null;
        this._autoFedStatement = null;
        this.autoFedSearchMap = null;
        this.securityAssertions = null;
        this.ssoToken = null;
        this.authnResponse = null;
        this.samlResponseElt = null;
        this.attrStatements = new ArrayList();
        this.hostDesc = null;
        this.hostConfig = null;
        this.realm = null;
        this.hostEntityId = null;
        this.hostMetaAlias = null;
        this.attributeMapper = null;
        this.realmAttributeMapper = null;
        this.samlResponse = null;
        this.request = httpServletRequest;
        this.response = httpServletResponse;
        this.relayState = str3;
        this.idpDescriptor = iDPDescriptorType;
        this.idpEntityId = str;
        this.doFederate = z;
        this.nameIDPolicy = str2;
    }

    public FSAssertionArtifactHandler(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, IDPDescriptorType iDPDescriptorType, String str, FSAuthnRequest fSAuthnRequest, boolean z, String str2) {
        this.idpSessionIndex = null;
        this.reAuthnOnOrAfterDate = null;
        this.authnContextStmt = null;
        this.request = null;
        this.response = null;
        this.idpDescriptor = null;
        this.idpEntityId = null;
        this.authnRequest = null;
        this.relayState = null;
        this.doFederate = false;
        this.nameIDPolicy = null;
        this.bootStrapStatement = null;
        this._autoFedStatement = null;
        this.autoFedSearchMap = null;
        this.securityAssertions = null;
        this.ssoToken = null;
        this.authnResponse = null;
        this.samlResponseElt = null;
        this.attrStatements = new ArrayList();
        this.hostDesc = null;
        this.hostConfig = null;
        this.realm = null;
        this.hostEntityId = null;
        this.hostMetaAlias = null;
        this.attributeMapper = null;
        this.realmAttributeMapper = null;
        this.samlResponse = null;
        this.request = httpServletRequest;
        this.response = httpServletResponse;
        this.relayState = str2;
        this.idpDescriptor = iDPDescriptorType;
        this.idpEntityId = str;
        if (fSAuthnRequest != null) {
            this.authnRequest = fSAuthnRequest;
            this.nameIDPolicy = fSAuthnRequest.getNameIDPolicy();
        }
        this.doFederate = z;
    }

    public void processAuthnResponse(FSAuthnResponse fSAuthnResponse) {
        int i;
        FSUtils.debug.message("FSAssertionArtifactHandler.ProcessAuthnResponse: Called");
        this.authnResponse = fSAuthnResponse;
        FederationSPAdapter sPAdapter = FSServiceUtils.getSPAdapter(this.hostEntityId, this.hostConfig);
        if (sPAdapter != null) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSAssertionArtifactHandler, POST Invokde spAdapter.preSSOFederationProcess");
            }
            try {
                sPAdapter.preSSOFederationProcess(this.hostEntityId, this.request, this.response, this.authnRequest, fSAuthnResponse, null);
            } catch (Exception e) {
                FSUtils.debug.error("FSAssertionArtifactHandler SPAdapter.preSSOFederationSuccess", e);
            }
        }
        String baseURL = FSServiceUtils.getBaseURL(this.request);
        String commonLoginPageURL = FSServiceUtils.getCommonLoginPageURL(this.hostMetaAlias, this.authnRequest.getRelayState(), null, this.request, baseURL);
        this.relayState = this.authnRequest.getRelayState();
        if (this.relayState == null || this.relayState.trim().length() == 0) {
            this.relayState = IDFFMetaUtils.getFirstAttributeValueFromConfig(this.hostConfig, IFSConstants.PROVIDER_HOME_PAGE_URL);
            if (this.relayState == null || this.relayState.trim().length() == 0) {
                this.relayState = baseURL + IFSConstants.SP_DEFAULT_RELAY_STATE;
            }
        }
        try {
            if (fSAuthnResponse == null) {
                LogUtil.error(Level.INFO, LogUtil.MISSING_AUTHN_RESPONSE, new String[]{FSUtils.bundle.getString("missingAuthnResponse")}, this.ssoToken);
                FSUtils.debug.error("FSAssertionArtifactHandler.processAuthnResponse: " + FSUtils.bundle.getString("missingAuthnResponse") + " AuthnRequest Processing Failed at the IDP Redirecting to the Framed Login Page");
                this.response.sendRedirect(commonLoginPageURL);
                return;
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSAssertionArtifactHandler.doPost:Received " + fSAuthnResponse.toXMLString());
            }
            if (!verifyResponseStatus(fSAuthnResponse)) {
                FSSessionManager.getInstance(this.hostMetaAlias).removeAuthnRequest(fSAuthnResponse.getInResponseTo());
                LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, new String[]{fSAuthnResponse.toXMLString()}, this.ssoToken);
                FSUtils.debug.warning("FSAssertionArtifactHandler. processAuthnResponse: " + FSUtils.bundle.getString("invalidResponse") + " AuthnRequest Processing Failed at the IDP Redirecting to the Framed Login Page");
                if (sPAdapter == null || !sPAdapter.postSSOFederationFailure(this.hostEntityId, this.request, this.response, this.authnRequest, fSAuthnResponse, null, 1)) {
                    this.response.sendRedirect(commonLoginPageURL);
                    return;
                }
                return;
            }
            FSSubject fSSubject = (FSSubject) validateAssertions(fSAuthnResponse.getAssertion());
            if (fSSubject == null) {
                LogUtil.error(Level.INFO, LogUtil.INVALID_ASSERTION, new String[]{FSUtils.bundle.getString("invalidAssertion")}, this.ssoToken);
                FSUtils.debug.error("FSAssertionArtifactHandler.processAuthnResponse: " + FSUtils.bundle.getString("InvalidResponse") + " AuthnRequest Processing Failed at the IDP Redirecting to the Framed Login Page");
                this.response.sendRedirect(commonLoginPageURL);
                return;
            }
            FSSessionManager fSSessionManager = FSSessionManager.getInstance(this.hostMetaAlias);
            if (this.doFederate) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSAssertionArtifactHandler.processAuthnResponse: Initiate Account Federation");
                }
                NameIdentifier iDPProvidedNameIdentifier = fSSubject.getIDPProvidedNameIdentifier();
                if (iDPProvidedNameIdentifier == null) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSAssertionArtifactHandler.processAuthnResponse: IDPProvided NameIdentifier is null");
                    }
                    iDPProvidedNameIdentifier = fSSubject.getNameIdentifier();
                }
                if (iDPProvidedNameIdentifier == null) {
                    throw new FSException("missingNIofSubject", (Object[]) null);
                }
                int doAccountFederation = doAccountFederation(iDPProvidedNameIdentifier);
                if (doAccountFederation == 0) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSAssertionArtifactHandler.processAuthnResponse: Account federation successful");
                    }
                    String inResponseTo = fSAuthnResponse.getInResponseTo();
                    fSSessionManager.removeAuthnRequest(inResponseTo);
                    fSSessionManager.removeLocalSessionToken(inResponseTo);
                    return;
                }
                LogUtil.error(Level.INFO, LogUtil.ACCOUNT_FEDERATION_FAILED, new String[]{FSUtils.bundle.getString("AccountFederationFailed")}, this.ssoToken);
                FSUtils.debug.error("FSAssertionArtifactHandler.processAuthnResponse: " + FSUtils.bundle.getString("AccountFederationFailed") + " AuthnRequest Processing Failed at the IDP Redirecting to the Framed Login Page");
                if (sPAdapter == null || !sPAdapter.postSSOFederationFailure(this.hostEntityId, this.request, this.response, this.authnRequest, fSAuthnResponse, this.samlResponse, doAccountFederation)) {
                    this.response.sendRedirect(commonLoginPageURL);
                }
                return;
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSAssertionArtifactHandler.processAuthnResponse: Initiate SingleSign-On");
            }
            NameIdentifier iDPProvidedNameIdentifier2 = fSSubject.getIDPProvidedNameIdentifier();
            NameIdentifier nameIdentifier = fSSubject.getNameIdentifier();
            if (iDPProvidedNameIdentifier2 == null) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSAssertionArtifactHandler.processAuthnResponse: IDPProvided NameIdentifier is null");
                }
                iDPProvidedNameIdentifier2 = nameIdentifier;
            }
            if (iDPProvidedNameIdentifier2 == null || nameIdentifier == null) {
                LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, new String[]{FSUtils.bundle.getString("invalidResponse")}, this.ssoToken);
                FSUtils.debug.error("FSAssertionArtifactHandler. processAuthnResponse: " + FSUtils.bundle.getString("invalidResponse") + " AuthnRequest Processing Failed at the IDP Redirecting to the Framed Login Page");
                this.response.sendRedirect(commonLoginPageURL);
                return;
            }
            String name = iDPProvidedNameIdentifier2.getName();
            String name2 = nameIdentifier.getName();
            if (name == null || name2 == null) {
                LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, new String[]{FSUtils.bundle.getString("invalidResponse")}, this.ssoToken);
                FSUtils.debug.error("FSAssertionArtifactHandler.processAuthnResponse: " + FSUtils.bundle.getString("invalidResponse") + " AuthnRequest Processing Failed at the IDP Redirecting to the Framed Login Page");
                this.response.sendRedirect(commonLoginPageURL);
                return;
            }
            if (name.equals(name2)) {
                nameIdentifier = iDPProvidedNameIdentifier2;
                i = 1;
            } else {
                i = 0;
            }
            HashMap hashMap = new HashMap();
            hashMap.put(IFSConstants.FS_USER_PROVIDER_ENV_AUTHNRESPONSE_KEY, fSAuthnResponse);
            int doSingleSignOn = doSingleSignOn(nameIdentifier, i, iDPProvidedNameIdentifier2, hashMap);
            if (doSingleSignOn != 0) {
                LogUtil.error(Level.INFO, LogUtil.SINGLE_SIGNON_FAILED, new String[]{FSUtils.bundle.getString("SSOfailed")}, this.ssoToken);
                FSUtils.debug.error("FSAssertionArtifactHandler.processAuthnResponse: " + FSUtils.bundle.getString("invalidResponse") + " AuthnRequest Processing Failed at the IDP Redirecting to the Framed Login Page");
                if (sPAdapter == null || !sPAdapter.postSSOFederationFailure(this.hostEntityId, this.request, this.response, this.authnRequest, fSAuthnResponse, null, doSingleSignOn)) {
                    this.response.sendRedirect(commonLoginPageURL);
                    return;
                }
                return;
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSAssertionArtifactHandler.processAuthnResponse: Accountfederation successful");
            }
            String inResponseTo2 = fSAuthnResponse.getInResponseTo();
            fSSessionManager.removeAuthnRequest(inResponseTo2);
            if (isIDPProxyEnabled(inResponseTo2)) {
                sendProxyResponse(inResponseTo2);
                return;
            }
            LogUtil.access(Level.INFO, LogUtil.ACCESS_GRANTED_REDIRECT_TO, new String[]{this.relayState}, this.ssoToken);
            FSUtils.debug.message("ArtifactHandler.notfederated, postSSO");
            if (sPAdapter != null) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSAssertionArtifactHandler, Invoke spAdapter.postSSOFederationSuccess");
                }
                try {
                    if (sPAdapter.postSSOFederationSuccess(this.hostEntityId, this.request, this.response, this.ssoToken, this.authnRequest, fSAuthnResponse, null)) {
                        return;
                    }
                } catch (Exception e2) {
                    FSUtils.debug.error("FSAssertionArtifadctHandler SPAdapter.postSSOFederationSuccess:", e2);
                }
            }
            redirectToResource(this.relayState);
        } catch (Exception e3) {
            FSUtils.debug.error("FSAssertionArtifactHandler.processAuthnResponse: Exception Occured: ", e3);
            try {
                FSUtils.debug.error("FSAssertionArtifactHandler.processAuthnResponse: " + FSUtils.bundle.getString("invalidResponse") + " AuthnRequest Processing Failed at the IDP Redirecting to the Framed Login Page");
                this.response.sendRedirect(commonLoginPageURL);
            } catch (IOException e4) {
                FSUtils.debug.error("FSAssertionArtifactHandler.processAuthnResponse: IOException Occured: ", e4);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean verifyResponseStatus(Response response) {
        FSUtils.debug.message("FSAssertionArtifactHandler.verifyResponseStatus: Called");
        if (!response.getStatus().getStatusCode().getValue().endsWith(":Success")) {
            FSUtils.debug.warning("FSAssertionArtifactHandler.verifyResponse: Incorrect StatusCode value.");
            return false;
        }
        if (!FSUtils.debug.messageEnabled()) {
            return true;
        }
        FSUtils.debug.message("FSAssertionArtifactHandler.verifyResponse: StatusCode value verified.");
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Subject validateAssertions(List list) {
        Set confirmationMethod;
        FSUtils.debug.message("FSAssertionArtifactHandler.validateAssertions: Called");
        FSSubject fSSubject = null;
        Iterator it = list.iterator();
        long currentTimeMillis = Time.currentTimeMillis() + 180000;
        while (it.hasNext()) {
            FSAssertion fSAssertion = (FSAssertion) it.next();
            if (!this.authnRequest.getRequestID().equals(fSAssertion.getInResponseTo())) {
                FSUtils.debug.error("FSAssertionArtifactHandler.validateAssertion: assertion does not correspond to any valid request");
                return null;
            }
            if (FSServiceUtils.isSigningOn() && !verifyAssertionSignature(fSAssertion)) {
                FSUtils.debug.error("FSAssertionArtifactHandler.validateAssertion: assertion signature verification failed");
                return null;
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSAssertionArtifactHandler.validateAssertion: Assertion signature verified");
            }
            String assertionID = fSAssertion.getAssertionID();
            if (idTimeMap.containsKey(assertionID)) {
                FSUtils.debug.error("FSAssertionArtifactHandler.validateAssertion: Assertion: " + assertionID + " is used");
                return null;
            }
            String issuer = fSAssertion.getIssuer();
            try {
                if (this.idpEntityId == null) {
                    FSUtils.debug.error("FSAssertionArtifactHandler.validateAssertion: Assertion issuer is: " + issuer);
                    IDPDescriptorType iDPDescriptor = FSUtils.getIDFFMetaManager().getIDPDescriptor(this.realm, issuer);
                    if (iDPDescriptor == null) {
                        FSUtils.debug.error("FSAssertionArtifactHandler.validateAssertion: Assertion issuer is not on the trust list");
                        return null;
                    }
                    setProviderDescriptor(iDPDescriptor);
                    setProviderEntityId(issuer);
                } else if (!this.idpEntityId.equals(issuer)) {
                    FSUtils.debug.error("FSAssertionArtifactHandler.validateAssertion: Assertion issuer is not the entity where AuthnRequest was sent originally.");
                    return null;
                }
                if (!fSAssertion.isTimeValid()) {
                    FSUtils.debug.error("FSAssertionArtifactHandler.validateAssertion: Assertion's time is not valid.");
                    return null;
                }
                Conditions conditions = fSAssertion.getConditions();
                if (!forThisServer(conditions)) {
                    FSUtils.debug.error("FSAssertionArtifactHandler.validateAssertion: assertion is not issued for this site.");
                    return null;
                }
                boolean z = false;
                if (fSAssertion.getStatement() != null) {
                    for (Statement statement : fSAssertion.getStatement()) {
                        int statementType = statement.getStatementType();
                        if (statementType == 1) {
                            FSAuthenticationStatement fSAuthenticationStatement = (FSAuthenticationStatement) statement;
                            z = true;
                            try {
                                if (FSUtils.debug.messageEnabled()) {
                                    FSUtils.debug.message("FSAssertionArtifactHandler.validateAssertion: validating AuthenticationStatement:" + fSAuthenticationStatement.toXMLString());
                                }
                                this.reAuthnOnOrAfterDate = fSAuthenticationStatement.getReauthenticateOnOrAfter();
                                this.idpSessionIndex = fSAuthenticationStatement.getSessionIndex();
                                this.authnContextStmt = fSAuthenticationStatement.getAuthnContext();
                                fSSubject = (FSSubject) fSAuthenticationStatement.getSubject();
                                if (fSSubject == null) {
                                    FSUtils.debug.error("FSAssertionArtifactHandler.validateAssertion: Subject is null");
                                    return null;
                                }
                                try {
                                    if (FSUtils.debug.messageEnabled()) {
                                        FSUtils.debug.message("FSAssertionArtifactHandler.validateAssertion: found Authentication Statement. Subject = " + fSSubject.toXMLString());
                                    }
                                    SubjectConfirmation subjectConfirmation = fSSubject.getSubjectConfirmation();
                                    if (subjectConfirmation == null || (confirmationMethod = subjectConfirmation.getConfirmationMethod()) == null || confirmationMethod.size() != 1) {
                                        FSUtils.debug.error("FSAssertionArtifactHandler.validateAssertion: missing or extra ConfirmationMethod.");
                                        return null;
                                    }
                                    String str = (String) confirmationMethod.iterator().next();
                                    if (str == null || !(str.equals("urn:oasis:names:tc:SAML:1.0:cm:bearer") || str.equals(SAMLConstants.CONFIRMATION_METHOD_ARTIFACT) || str.equals("urn:oasis:names:tc:SAML:1.0:cm:artifact-01"))) {
                                        FSUtils.debug.error("FSAssertionArtifactHandler.validateAssertion: wrong ConfirmationMethod");
                                        return null;
                                    }
                                    if (FSUtils.debug.messageEnabled()) {
                                        FSUtils.debug.message("FSAssertionArtifactHandler.validateAssertion: Confirmation method: " + str);
                                    }
                                } catch (FSException e) {
                                    FSUtils.debug.error("FSAssertionArtifactHandler.validateAssertion:  Exception. Invalid subject: ", e);
                                }
                            } catch (FSException e2) {
                                FSUtils.debug.error("FSAssertionArtifactHandler.validateAssertion: Exception. Invalid AuthenticationStatement: ", e2);
                                return null;
                            }
                        } else if (statementType == 3) {
                            AttributeStatement attributeStatement = (AttributeStatement) statement;
                            if (!checkForAttributeStatement(attributeStatement)) {
                                this.attrStatements.add(attributeStatement);
                            }
                        }
                    }
                }
                if (!z) {
                    if (!FSUtils.debug.messageEnabled()) {
                        return null;
                    }
                    FSUtils.debug.message("FSAssertionArtifactHandler.validateAssertion: No Authentication statement found in the Assertion. User is not authenticated by the IDP");
                    return null;
                }
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSAssertionArtifactHandler.validateAssertion: Adding " + assertionID + " to idTimeMap.");
                }
                Date notOnorAfter = conditions.getNotOnorAfter();
                if (notOnorAfter != null) {
                    cGoThrough.addElement(assertionID);
                    idTimeMap.put(assertionID, new Long(notOnorAfter.getTime()));
                } else {
                    cPeriodic.addElement(assertionID);
                    idTimeMap.put(assertionID, assertionID);
                }
                this.securityAssertions = fSAssertion.getDiscoveryCredential();
            } catch (Exception e3) {
                FSUtils.debug.error("FSAssertionArtifactHandler.validateAssertion: Assertion issuer is not on the trust list");
                return null;
            }
        }
        if (fSSubject != null) {
            return fSSubject;
        }
        FSUtils.debug.error("FSAssertionArtifactHandler.validateAssertion: couldn't find Subject.");
        return null;
    }

    private boolean checkForAttributeStatement(AttributeStatement attributeStatement) {
        List attribute = attributeStatement.getAttribute();
        if (attribute == null || attribute.size() == 0) {
            return false;
        }
        Attribute attribute2 = (Attribute) attribute.iterator().next();
        if (attribute2.getAttributeName().equals("DiscoveryResourceOffering")) {
            this.bootStrapStatement = attributeStatement;
            return true;
        }
        if (!attribute2.getAttributeName().equals(IFSConstants.AUTO_FED_ATTR)) {
            return false;
        }
        this._autoFedStatement = attributeStatement;
        List list = null;
        try {
            list = attribute2.getAttributeValue();
        } catch (SAMLException e) {
            FSUtils.debug.error("FSAssertionArtifactHandler.checkForAttributeStatement: ", e);
        }
        String str = null;
        if (list != null && list.size() != 0) {
            str = XMLUtils.getElementValue((Element) list.iterator().next());
        }
        String firstAttributeValueFromConfig = IDFFMetaUtils.getFirstAttributeValueFromConfig(this.hostConfig, IFSConstants.ENABLE_AUTO_FEDERATION);
        if (firstAttributeValueFromConfig == null || !firstAttributeValueFromConfig.equalsIgnoreCase("true") || str == null) {
            return true;
        }
        this.autoFedSearchMap = new HashMap();
        HashSet hashSet = new HashSet();
        hashSet.add(str);
        this.autoFedSearchMap.put(IDFFMetaUtils.getFirstAttributeValueFromConfig(this.hostConfig, IFSConstants.AUTO_FEDERATION_ATTRIBUTE), hashSet);
        return true;
    }

    protected boolean verifyAssertionSignature(FSAssertion fSAssertion) {
        FSUtils.debug.message("FSAssertionArtifactHandler.verifyAssertionSignature: Called");
        try {
            if (!fSAssertion.isSigned()) {
                if (!FSUtils.debug.messageEnabled()) {
                    return false;
                }
                FSUtils.debug.message("FSAssertionArtifactHandler.verifyAssertionSignature: Assertion is not signed");
                return false;
            }
            X509Certificate verificationCert = KeyUtil.getVerificationCert(this.idpDescriptor, this.idpEntityId, true);
            if (verificationCert == null) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSAssertionArtifactHandler.verifyAssertionSignature: couldn't obtain this site's cert.");
                }
                throw new SAMLResponderException(FSUtils.bundle.getString(IFSConstants.NO_CERT));
            }
            XMLSignatureManager xMLSignatureManager = XMLSignatureManager.getInstance();
            if (this.authnResponse != null) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSAssertionArtifactHander.verifyAssertionSignature:  xml string to be verified:" + XMLUtils.print(this.authnResponse.getDOMElement().getOwnerDocument()));
                }
                return xMLSignatureManager.verifyXMLSignature(this.authnResponse.getDOMElement().getOwnerDocument(), verificationCert);
            }
            if (this.samlResponseElt == null) {
                return false;
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSAssertionArtifactHander.verifyAssertionSignature:  xml string to be verified:" + XMLUtils.print(this.samlResponseElt.getOwnerDocument()));
            }
            return xMLSignatureManager.verifyXMLSignature(this.samlResponseElt.getOwnerDocument(), verificationCert);
        } catch (Exception e) {
            FSUtils.debug.error("FSAssertionArtifactHandler.verifyAssertionSignature: Exception occured while verifying IDP's signature:", e);
            return false;
        }
    }

    protected boolean forThisServer(Conditions conditions) {
        Set audienceRestrictionCondition;
        FSUtils.debug.message("FSAssertionArtifactHandler.forThisServer: Called");
        if (conditions == null || this.hostEntityId == null || this.hostEntityId.length() == 0 || (audienceRestrictionCondition = conditions.getAudienceRestrictionCondition()) == null || audienceRestrictionCondition.isEmpty()) {
            return true;
        }
        boolean z = false;
        Iterator it = audienceRestrictionCondition.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (((AudienceRestrictionCondition) it.next()).containsAudience(this.hostEntityId)) {
                z = true;
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSAssertionArtifactHandler.forThisServer: Assertion is validated to befor this server");
                }
            }
        }
        return z;
    }

    /* JADX WARN: Type inference failed for: r26v0, types: [java.lang.Throwable, com.sun.identity.plugin.session.SessionException] */
    protected int generateToken(NameIdentifier nameIdentifier, int i, NameIdentifier nameIdentifier2, Map map) {
        FSAccountFedInfo readAccountFedInfo;
        FSUtils.debug.message("FSAssertionArtifactHandler.generateToken: Called");
        if (nameIdentifier == null) {
            FSUtils.debug.error("FSAssertionArtifactHandler.generateToken: Invalid userDN input");
            return 10;
        }
        try {
            String name = nameIdentifier.getName();
            String nameQualifier = nameIdentifier.getNameQualifier();
            if (nameQualifier == null || nameQualifier.length() == 0) {
                nameQualifier = this.hostEntityId;
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSAssertionArtifactHandler.generateToken: Trying to get userDN for opaqueHandle= " + name + " ,securityDomain= " + nameQualifier + " And HandleType=" + i);
            }
            String affiliationID = this.authnRequest.getAffiliationID();
            FSAccountFedInfoKey fSAccountFedInfoKey = new FSAccountFedInfoKey(nameQualifier, name);
            FSAccountManager fSAccountManager = FSAccountManager.getInstance(this.hostMetaAlias);
            String userID = fSAccountManager.getUserID(fSAccountFedInfoKey, this.realm, map);
            if (userID != null) {
                readAccountFedInfo = affiliationID != null ? fSAccountManager.readAccountFedInfo(userID, affiliationID) : fSAccountManager.readAccountFedInfo(userID, this.idpEntityId, name);
                if (readAccountFedInfo == null) {
                    FSUtils.debug.error("FSAssertionArtifactHandler.generateToken: User's account is not federated, id=" + userID);
                    return 11;
                }
            } else if (nameIdentifier2 == null || !nameQualifier.equals(affiliationID)) {
                FSAccountFedInfoKey fSAccountFedInfoKey2 = new FSAccountFedInfoKey(this.idpEntityId, name);
                if (fSAccountFedInfoKey2 == null) {
                    FSUtils.debug.error("FSAssertionArtifactHandler.generateToken: Can't dereference handle.");
                    return 11;
                }
                userID = fSAccountManager.getUserID(fSAccountFedInfoKey2, this.realm, map);
                if (userID != null) {
                    FSAccountFedInfo readAccountFedInfo2 = fSAccountManager.readAccountFedInfo(userID, this.idpEntityId);
                    if (readAccountFedInfo2 == null || !readAccountFedInfo2.isFedStatusActive()) {
                        FSUtils.debug.error("FSAssertionArtifactHandler.generateToken: Can't dereference handle.");
                        return 11;
                    }
                    NameIdentifier localNameIdentifier = readAccountFedInfo2.getLocalNameIdentifier();
                    if (localNameIdentifier != null) {
                        localNameIdentifier.setNameQualifier(this.hostEntityId);
                    }
                    fSAccountManager.removeAccountFedInfo(userID, readAccountFedInfo2);
                    NameIdentifier remoteNameIdentifier = readAccountFedInfo2.getRemoteNameIdentifier();
                    if (remoteNameIdentifier != null) {
                        remoteNameIdentifier.setNameQualifier(this.hostEntityId);
                    }
                    readAccountFedInfo = new FSAccountFedInfo(this.idpEntityId, localNameIdentifier, remoteNameIdentifier, true);
                    fSAccountManager.removeAccountFedInfoKey(userID, fSAccountFedInfoKey2);
                    fSAccountManager.writeAccountFedInfo(userID, new FSAccountFedInfoKey(this.hostEntityId, name), readAccountFedInfo);
                } else {
                    String firstAttributeValueFromConfig = IDFFMetaUtils.getFirstAttributeValueFromConfig(this.hostConfig, IFSConstants.ENABLE_AUTO_FEDERATION);
                    if (firstAttributeValueFromConfig == null || !firstAttributeValueFromConfig.equalsIgnoreCase("true") || this._autoFedStatement == null) {
                        FSUtils.debug.error("FSAssertionArtifactHandler.generateToken: Can't dereference handle.");
                        return 11;
                    }
                    userID = fSAccountManager.getUserID(this.autoFedSearchMap, this.realm, (Map) null);
                    if (userID == null) {
                        FSUtils.debug.error("FSAssertionArtifactHandler. generateToken:Can't dereference handle.");
                        return 12;
                    }
                    FSAccountFedInfoKey fSAccountFedInfoKey3 = new FSAccountFedInfoKey(this.hostEntityId, name);
                    readAccountFedInfo = new FSAccountFedInfo(this.idpEntityId, (NameIdentifier) null, nameIdentifier, true);
                    fSAccountManager.writeAccountFedInfo(userID, fSAccountFedInfoKey3, readAccountFedInfo);
                }
            } else {
                FSAccountFedInfoKey fSAccountFedInfoKey4 = new FSAccountFedInfoKey(affiliationID, nameIdentifier2.getName());
                userID = fSAccountManager.getUserID(fSAccountFedInfoKey4, this.realm, map);
                if (userID == null) {
                    FSUtils.debug.error("FSAssertionArtifactHandler.generateToken: Can't dereference handle. fedKey=" + fSAccountFedInfoKey4.toString());
                    return 11;
                }
                FSAccountFedInfo readAccountFedInfo3 = fSAccountManager.readAccountFedInfo(userID, affiliationID);
                if (readAccountFedInfo3 != null) {
                    fSAccountManager.removeAccountFedInfo(userID, readAccountFedInfo3);
                }
                readAccountFedInfo = new FSAccountFedInfo(this.idpEntityId, nameIdentifier, nameIdentifier2, true);
                readAccountFedInfo.setAffiliation(true);
                fSAccountManager.writeAccountFedInfo(userID, new FSAccountFedInfoKey(nameQualifier, name), readAccountFedInfo);
            }
            String str = null;
            int i2 = 0;
            Map sPAuthContextInfo = FSServiceUtils.getSPAuthContextInfo(this.hostConfig);
            if (this.authnContextStmt == null || this.authnContextStmt.getAuthnContextClassRef() == null || this.authnContextStmt.getAuthnContextClassRef().length() == 0) {
                FSUtils.debug.warning("FSAssertionArtifactHandler.generateToken: Could not find AuthnContextClassRef in the AuthenticationStatement. Using default authnContextClass");
            } else {
                str = this.authnContextStmt.getAuthnContextClassRef();
                if (str != null && str.length() != 0) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSAssertionArtifactHandler.generateToken: AuthnContextClassRef found in AuthenticationStatement:" + str);
                    }
                    FSSPAuthenticationContextInfo fSSPAuthenticationContextInfo = (FSSPAuthenticationContextInfo) sPAuthContextInfo.get(str);
                    if (fSSPAuthenticationContextInfo != null) {
                        i2 = fSSPAuthenticationContextInfo.getAuthenticationLevel();
                    } else {
                        FSUtils.debug.error("FSAssertionArtifactHandler.generateToken: Could not find AuthnContextClassInfo for authnContextClassRef: " + str + "Using default authnContextClass");
                        str = null;
                    }
                }
            }
            if (str == null || str.length() == 0) {
                str = IDFFMetaUtils.getFirstAttributeValueFromConfig(this.hostConfig, IFSConstants.DEFAULT_AUTHNCONTEXT);
                FSSPAuthenticationContextInfo fSSPAuthenticationContextInfo2 = (FSSPAuthenticationContextInfo) sPAuthContextInfo.get(str);
                if (fSSPAuthenticationContextInfo2 == null) {
                    FSUtils.debug.error("FSAssertionArtifactHandler.generateToken: Could not find authentication level for default authentication context class");
                    return 10;
                }
                i2 = fSSPAuthenticationContextInfo2.getAuthenticationLevel();
            }
            HashMap hashMap = new HashMap();
            hashMap.put(SessionProvider.PRINCIPAL_NAME, userID);
            hashMap.put("realm", this.realm);
            hashMap.put("AuthLevel", String.valueOf(i2));
            hashMap.put(SessionProvider.AUTH_INSTANT, getAuthInstant());
            hashMap.put("idpEntityID", this.idpEntityId);
            SessionProvider provider = SessionManager.getProvider();
            try {
                Object createSession = provider.createSession(hashMap, this.request, this.response, new StringBuffer(this.relayState));
                try {
                    provider.addListener(createSession, new FSTokenListener(this.hostMetaAlias));
                } catch (Exception e) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSAssertionArtifactHandler.generateToken:Couldn't add listener to session:", e);
                    }
                }
                String sessionID = provider.getSessionID(createSession);
                this.ssoToken = createSession;
                String property = SystemConfigurationUtil.getProperty(IFSConstants.FEDERATE_COOKIE_NAME);
                Iterator<String> it = SystemConfigurationUtil.getCookieDomainsForRequest(this.request).iterator();
                while (it.hasNext()) {
                    CookieUtils.addCookieToResponse(this.response, CookieUtils.newCookie(property, "yes", IFSConstants.PERSISTENT_COOKIE_AGE, "/", it.next()));
                }
                FSSessionManager fSSessionManager = FSSessionManager.getInstance(this.hostMetaAlias);
                FSSession session = fSSessionManager.getSession(userID, sessionID);
                if (session != null) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSAssertionArtifactHandler.generateToken: An Existing session found for userID:" + userID + " And SessionID: " + sessionID + " Adding partner to the Session");
                    }
                    session.addSessionPartner(new FSSessionPartner(this.idpEntityId, true));
                    session.setSessionIndex(this.idpSessionIndex);
                    fSSessionManager.addSession(userID, session);
                } else {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSAssertionArtifactHandler.generateToken: No existing session found for userID:" + userID + " And SessionID: " + sessionID + " Creating a new Session");
                    }
                    session = new FSSession(sessionID);
                    session.addSessionPartner(new FSSessionPartner(this.idpEntityId, true));
                    if (this.idpSessionIndex != null) {
                        session.setSessionIndex(this.idpSessionIndex);
                    }
                    fSSessionManager.addSession(userID, session);
                }
                if (str != null) {
                    session.setAuthnContext(str);
                }
                if (readAccountFedInfo != null) {
                    session.setAccountFedInfo(readAccountFedInfo);
                }
                if (this.bootStrapStatement != null) {
                    session.setBootStrapAttributeStatement(this.bootStrapStatement);
                }
                if (this._autoFedStatement != null) {
                    session.setAutoFedStatement(this._autoFedStatement);
                }
                if (this.attrStatements.size() != 0) {
                    session.setAttributeStatements(this.attrStatements);
                    Map map2 = null;
                    setAttributeMapper();
                    if (this.realmAttributeMapper != null) {
                        map2 = this.realmAttributeMapper.getAttributes(this.attrStatements, this.realm, this.hostEntityId, this.idpEntityId, this.ssoToken);
                    } else if (this.attributeMapper != null) {
                        map2 = this.attributeMapper.getAttributes(this.attrStatements, this.hostEntityId, this.idpEntityId, this.ssoToken);
                    }
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSAssertionArtifactHandler.generateToken: Attribute map :" + map2);
                    }
                    if (map2 != null) {
                        setAttributeMap(this.ssoToken, map2);
                    }
                }
                if (this.securityAssertions == null) {
                    return 0;
                }
                session.setBootStrapCredential(this.securityAssertions);
                return 0;
            } catch (SessionException e2) {
                FSUtils.debug.error("FSAssertionArtifactHandler.generateToken:cannot generate token:", (Throwable) e2);
                int errCode = e2.getErrCode();
                return errCode == SessionException.AUTH_USER_INACTIVE ? 13 : errCode == SessionException.AUTH_USER_LOCKED ? 14 : errCode == SessionException.AUTH_ACCOUNT_EXPIRED ? 15 : 16;
            }
        } catch (Exception e3) {
            FSUtils.debug.error("FSAssertionArtifactHandler.generateToken: Exception Occured ", e3);
            return 10;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void processSAMLRequest() {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public int doSingleSignOn(NameIdentifier nameIdentifier, int i, NameIdentifier nameIdentifier2, Map map) {
        FSUtils.debug.message("FSAssertionArtifactHandler.doSingleSignOn: Called");
        int generateToken = generateToken(nameIdentifier, i, nameIdentifier2, map);
        if (generateToken != 0) {
            LogUtil.error(Level.INFO, LogUtil.FAILED_SSO_TOKEN_GENERATION, new String[]{FSUtils.bundle.getString("failGenerateSSOToken")}, this.ssoToken);
        }
        return generateToken;
    }

    protected void redirectToResource(String str) throws FSException {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public int doAccountFederation(NameIdentifier nameIdentifier) {
        Object obj;
        FSAccountFedInfoKey fSAccountFedInfoKey;
        FSUtils.debug.message("FSAssertionArtifactHandler.doAccountFederation:Called");
        if (nameIdentifier == null) {
            FSUtils.debug.error("FSAssertionArtifactHandler.doAccountFederation:" + FSUtils.bundle.getString("invalidInput"));
            return 3;
        }
        try {
            SessionProvider provider = SessionManager.getProvider();
            try {
                obj = provider.getSession(this.request);
                if (obj == null || !provider.isValid(obj)) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSAssertionArtifactHandler.doAccountFederation: couldn't obtain session from cookie");
                    }
                    obj = null;
                }
            } catch (SessionException e) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSAssertionArtifactHandler.doAccountFederation: exception when getting session from cookie:");
                }
                obj = null;
            }
            FSSessionManager fSSessionManager = null;
            if (obj == null && this.nameIDPolicy != null && this.nameIDPolicy.equals(IFSConstants.NAME_ID_POLICY_ONETIME)) {
                try {
                    obj = generateAnonymousToken(this.response);
                } catch (SessionException e2) {
                    int errCode = e2.getErrCode();
                    return errCode == SessionException.AUTH_USER_INACTIVE ? 6 : errCode == SessionException.AUTH_USER_LOCKED ? 7 : errCode == SessionException.AUTH_ACCOUNT_EXPIRED ? 8 : 5;
                }
            }
            if (obj == null) {
                FSUtils.debug.error("FSAssertionArtifactHandler.doAccountFederation:Account federation failed. Invalid session");
                return 5;
            }
            try {
                String name = nameIdentifier.getName();
                String principalName = provider.getPrincipalName(obj);
                String nameQualifier = nameIdentifier.getNameQualifier();
                if (nameQualifier == null || nameQualifier.length() == 0) {
                    nameQualifier = this.hostEntityId;
                }
                FSAccountFedInfo fSAccountFedInfo = new FSAccountFedInfo(this.idpEntityId, (NameIdentifier) null, nameIdentifier, true);
                FSAccountManager fSAccountManager = FSAccountManager.getInstance(this.hostMetaAlias);
                String affiliationID = this.authnRequest.getAffiliationID();
                if (affiliationID != null) {
                    fSAccountFedInfoKey = new FSAccountFedInfoKey(affiliationID, name);
                    fSAccountFedInfo.setAffiliation(true);
                } else {
                    fSAccountFedInfoKey = new FSAccountFedInfoKey(nameQualifier, name);
                }
                if (this.nameIDPolicy == null || !this.nameIDPolicy.equals(IFSConstants.NAME_ID_POLICY_ONETIME)) {
                    fSAccountManager.writeAccountFedInfo(principalName, fSAccountFedInfoKey, fSAccountFedInfo);
                }
                if (0 == 0) {
                    fSSessionManager = FSSessionManager.getInstance(this.hostMetaAlias);
                }
                String sessionID = provider.getSessionID(obj);
                FSSession session = fSSessionManager.getSession(principalName, sessionID);
                if (session != null) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSAssertionArtifactHandler.doAccountFederation: No existing session found  for userID:" + principalName + " And SessionID: " + sessionID + " Creating a new Session");
                    }
                    session.addSessionPartner(new FSSessionPartner(this.idpEntityId, true));
                    session.setSessionIndex(this.idpSessionIndex);
                } else {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSAssertionArtifactHandler.doAccountFederation: An Existing session foundfor userID:" + principalName + " And SessionID: " + sessionID + " Adding partner to the Session");
                    }
                    session = new FSSession(sessionID);
                    session.addSessionPartner(new FSSessionPartner(this.idpEntityId, true));
                    if (this.idpSessionIndex != null) {
                        session.setSessionIndex(this.idpSessionIndex);
                    }
                }
                if (this.nameIDPolicy != null && this.nameIDPolicy.equals(IFSConstants.NAME_ID_POLICY_ONETIME)) {
                    session.setOneTime(true);
                    session.setUserID(principalName);
                }
                String str = null;
                if (this.authnContextStmt != null) {
                    str = this.authnContextStmt.getAuthnContextClassRef();
                }
                if (str == null || str.length() == 0) {
                    str = IDFFMetaUtils.getFirstAttributeValueFromConfig(this.hostConfig, IFSConstants.DEFAULT_AUTHNCONTEXT);
                }
                if (str != null) {
                    session.setAuthnContext(str);
                }
                session.setAccountFedInfo(fSAccountFedInfo);
                if (this.bootStrapStatement != null) {
                    session.setBootStrapAttributeStatement(this.bootStrapStatement);
                }
                if (this.attrStatements.size() != 0) {
                    Map map = null;
                    setAttributeMapper();
                    if (this.realmAttributeMapper != null) {
                        map = this.realmAttributeMapper.getAttributes(this.attrStatements, this.realm, this.hostEntityId, this.idpEntityId, obj);
                    } else if (this.attributeMapper != null) {
                        map = this.attributeMapper.getAttributes(this.attrStatements, this.hostEntityId, this.idpEntityId, obj);
                    }
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSAssertionArtifactHandler.generateToken: Attribute map :" + map);
                    }
                    if (map != null) {
                        setAttributeMap(obj, map);
                    }
                }
                if (this.securityAssertions != null) {
                    session.setBootStrapCredential(this.securityAssertions);
                }
                fSSessionManager.addSession(principalName, session);
                LogUtil.access(Level.INFO, LogUtil.ACCESS_GRANTED_REDIRECT_TO, new String[]{this.relayState}, obj);
                if (this.nameIDPolicy == null || !this.nameIDPolicy.equals(IFSConstants.NAME_ID_POLICY_ONETIME)) {
                    String property = SystemConfigurationUtil.getProperty(IFSConstants.FEDERATE_COOKIE_NAME);
                    Iterator<String> it = SystemConfigurationUtil.getCookieDomainsForRequest(this.request).iterator();
                    while (it.hasNext()) {
                        CookieUtils.addCookieToResponse(this.response, CookieUtils.newCookie(property, "yes", IFSConstants.PERSISTENT_COOKIE_AGE, "/", it.next()));
                    }
                }
                FederationSPAdapter sPAdapter = FSServiceUtils.getSPAdapter(this.hostEntityId, this.hostConfig);
                if (sPAdapter != null) {
                    FSUtils.debug.message("Invoke spAdapter");
                    try {
                        if (sPAdapter.postSSOFederationSuccess(this.hostEntityId, this.request, this.response, obj, this.authnRequest, this.authnResponse, this.samlResponse)) {
                            return 0;
                        }
                    } catch (Exception e3) {
                        FSUtils.debug.error("FSAssertionArtifactHandler SPAdapter.postSSOFederationSuccess", e3);
                    }
                }
                try {
                    redirectToResource(this.relayState);
                    return 0;
                } catch (Exception e4) {
                    return 3;
                }
            } catch (Exception e5) {
                FSUtils.debug.error("FSAssertionArtifactHandler.doAccountFederation:" + FSUtils.bundle.getString("ExceptionOccured"), e5);
                return 9;
            }
        } catch (SessionException e6) {
            FSUtils.debug.error("FSAssertionArtifactHandler.doAccountFederation: Couldn't obtain session provider:", e6);
            LogUtil.error(Level.INFO, LogUtil.FAILED_SSO_TOKEN_GENERATION, new String[]{FSUtils.bundle.getString("failGenerateSSOToken")});
            return 4;
        }
    }

    protected Object generateAnonymousToken(HttpServletResponse httpServletResponse) throws SessionException {
        FSUtils.debug.message("FSAssertionArtifactHandler.generateAnonymous");
        try {
            HashMap hashMap = new HashMap();
            hashMap.put(SessionProvider.PRINCIPAL_NAME, ANONYMOUS_PRINCIPAL);
            hashMap.put("realm", this.realm);
            hashMap.put("AuthLevel", "0");
            hashMap.put(SessionProvider.AUTH_INSTANT, getAuthInstant());
            hashMap.put("idpEntityID", this.idpEntityId);
            SessionProvider provider = SessionManager.getProvider();
            Object createSession = provider.createSession(hashMap, this.request, httpServletResponse, new StringBuffer(this.relayState));
            try {
                provider.addListener(createSession, new FSTokenListener(this.hostMetaAlias));
            } catch (Exception e) {
                FSUtils.debug.error("FSAssertionArtifactHandler.generateAnonymousToken:Couldn't add listener to session:", e);
            }
            return createSession;
        } catch (SessionException e2) {
            FSUtils.debug.error("FSAssertionArtifactHandler.genAnonymousToken failed.", e2);
            throw e2;
        } catch (Exception e3) {
            FSUtils.debug.error("FSAssertionArtifactHandler.generateAnonymousToken failed.", e3);
            return null;
        }
    }

    protected FSAuthnRequest getInResponseToRequest(String str) {
        FSUtils.debug.message("FSBrowserArtifactConsumerHandler.getInResponseToRequest: Called");
        FSAuthnRequest authnRequest = FSSessionManager.getInstance(this.hostMetaAlias).getAuthnRequest(str);
        this.authnRequest = authnRequest;
        return authnRequest;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getProvider(String str) {
        FSUtils.debug.message("FSAssertionArtifactHandler.getProvider: Called");
        return FSSessionManager.getInstance(this.hostMetaAlias).getIDPEntityID(str);
    }

    public void setProviderDescriptor(IDPDescriptorType iDPDescriptorType) {
        this.idpDescriptor = iDPDescriptorType;
    }

    public void setProviderEntityId(String str) {
        this.idpEntityId = str;
    }

    public String getAuthInstant() {
        return DateUtils.toUTCDateFormat(Time.newDate());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isIDPProxyEnabled(String str) {
        return FSSessionManager.getInstance(this.hostMetaAlias).getProxySPDescriptor(str) != null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void sendProxyResponse(String str) {
        FSUtils.debug.message("FSAssertionArtifactHandler.sendProxyResponse::");
        FSSessionManager fSSessionManager = FSSessionManager.getInstance(this.hostMetaAlias);
        FSAuthnRequest proxySPAuthnRequest = fSSessionManager.getProxySPAuthnRequest(str);
        if (FSUtils.debug.messageEnabled()) {
            try {
                FSUtils.debug.message("FSAssertionHandler.sendProxyResponse:" + proxySPAuthnRequest.toXMLString());
            } catch (Exception e) {
                FSUtils.debug.error("FSAssertionHandler.sendProxyResponse:toString(): Failed.", e);
            }
        }
        SPDescriptorType proxySPDescriptor = fSSessionManager.getProxySPDescriptor(str);
        String providerId = proxySPAuthnRequest.getProviderId();
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSAssertionArtifactHandler.sendProxyResponse:Original requesting service provider id:" + providerId);
        }
        FSSession session = fSSessionManager.getSession(this.ssoToken);
        if (this.authnContextStmt != null) {
            session.setAuthnContext(this.authnContextStmt.getAuthnContextClassRef());
        }
        session.addSessionPartner(new FSSessionPartner(providerId, false));
        if (FSUtils.debug.messageEnabled()) {
            for (FSSessionPartner fSSessionPartner : session.getSessionPartners()) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message(SAML2Constants.PARTNERS + fSSessionPartner.getPartner());
                }
            }
        }
        IDFFMetaManager iDFFMetaManager = FSUtils.getIDFFMetaManager();
        SPDescriptorConfigElement sPDescriptorConfigElement = null;
        try {
            sPDescriptorConfigElement = iDFFMetaManager.getSPDescriptorConfig(this.realm, providerId);
        } catch (Exception e2) {
            FSUtils.debug.error("FSAssertionArtifactHandler.sendProxyResponse:Couldn't obtain proxy sp meta:", e2);
        }
        FSProxyHandler fSProxyHandler = new FSProxyHandler(this.request, this.response, proxySPAuthnRequest, proxySPDescriptor, sPDescriptorConfigElement, providerId, proxySPAuthnRequest.getRelayState(), this.ssoToken);
        IDPDescriptorType iDPDescriptorType = null;
        BaseConfigType baseConfigType = null;
        String str2 = null;
        try {
            iDPDescriptorType = iDFFMetaManager.getIDPDescriptor(this.realm, this.hostEntityId);
            baseConfigType = iDFFMetaManager.getIDPDescriptorConfig(this.realm, this.hostEntityId);
            str2 = baseConfigType.getMetaAlias();
        } catch (Exception e3) {
            FSUtils.debug.error("FSAssertionartifactHandler.sendProxyResponse:Exception when obtaining local idp meta:", e3);
        }
        fSProxyHandler.setRealm(this.realm);
        fSProxyHandler.setHostedEntityId(this.hostEntityId);
        fSProxyHandler.setHostedDescriptor(iDPDescriptorType);
        fSProxyHandler.setHostedDescriptorConfig(baseConfigType);
        fSProxyHandler.setMetaAlias(str2);
        fSProxyHandler.processAuthnRequest(proxySPAuthnRequest, true);
    }

    private void setAttributeMap(Object obj, Map map) {
        if (map == null || map.isEmpty()) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSAssertionArtifactHandler.setAttributeMap: Attribute map is empty");
                return;
            }
            return;
        }
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSAssertionArtifactHandler.setAttributeMap: Attribute map that will be populated to ssotoken:" + map);
        }
        try {
            Set<Map.Entry> entrySet = map.entrySet();
            SessionProvider provider = SessionManager.getProvider();
            for (Map.Entry entry : entrySet) {
                provider.setProperty(obj, (String) entry.getKey(), new String[]{(String) entry.getValue()});
            }
        } catch (Exception e) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSAssertionArtifactHandler.setAttributeMap:Cannot set attributes to session:", e);
            }
        }
    }

    private void setAttributeMapper() {
        String firstAttributeValueFromConfig = IDFFMetaUtils.getFirstAttributeValueFromConfig(this.hostConfig, IFSConstants.ATTRIBUTE_MAPPER_CLASS);
        if (firstAttributeValueFromConfig == null || firstAttributeValueFromConfig.length() == 0) {
            return;
        }
        try {
            Object newInstance = Thread.currentThread().getContextClassLoader().loadClass(firstAttributeValueFromConfig).newInstance();
            if (newInstance instanceof FSRealmAttributeMapper) {
                this.realmAttributeMapper = (FSRealmAttributeMapper) newInstance;
            } else if (newInstance instanceof FSAttributeMapper) {
                this.attributeMapper = (FSAttributeMapper) newInstance;
            }
        } catch (Exception e) {
            FSUtils.debug.error("FSAssertionArtifactHandler.getAttributeMapper:", e);
        }
    }

    static {
        cGoThrough = null;
        cPeriodic = null;
        long intValue = ((Integer) SAMLServiceManager.getAttribute("iplanet-am-saml-cleanup-interval")).intValue() * 1000;
        cGoThrough = new POSTCleanUpRunnable(intValue, idTimeMap);
        TimerPool timerPool = SystemTimerPool.getTimerPool();
        timerPool.schedule(cGoThrough, new Date(((Time.currentTimeMillis() + intValue) / 1000) * 1000));
        cPeriodic = new PeriodicGroupRunnable(new ScheduleableGroupAction() { // from class: com.sun.identity.federation.services.fednsso.FSAssertionArtifactHandler.1
            public void doGroupAction(Object obj) {
                FSAssertionArtifactHandler.idTimeMap.remove(obj);
            }
        }, intValue, 180000L, true);
        timerPool.schedule(cPeriodic, new Date(((Time.currentTimeMillis() + intValue) / 1000) * 1000));
    }
}
