package com.sun.identity.federation.services.fednsso;

import com.sun.identity.federation.common.FSException;
import com.sun.identity.federation.common.FSUtils;
import com.sun.identity.federation.common.IFSConstants;
import com.sun.identity.federation.common.LogUtil;
import com.sun.identity.federation.jaxb.entityconfig.BaseConfigType;
import com.sun.identity.federation.key.KeyUtil;
import com.sun.identity.federation.message.FSAssertionArtifact;
import com.sun.identity.federation.message.FSAuthnRequest;
import com.sun.identity.federation.message.FSResponse;
import com.sun.identity.federation.message.FSSAMLRequest;
import com.sun.identity.federation.services.FSAssertionManager;
import com.sun.identity.federation.services.util.FSServiceUtils;
import com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType;
import com.sun.identity.plugin.session.SessionException;
import com.sun.identity.plugin.session.SessionManager;
import com.sun.identity.saml.assertion.Assertion;
import com.sun.identity.saml.assertion.AudienceRestrictionCondition;
import com.sun.identity.saml.assertion.NameIdentifier;
import com.sun.identity.saml.common.SAMLException;
import com.sun.identity.saml.common.SAMLResponderException;
import com.sun.identity.saml.common.SAMLUtils;
import com.sun.identity.saml.protocol.AssertionArtifact;
import com.sun.identity.saml.protocol.Request;
import com.sun.identity.saml.protocol.Status;
import com.sun.identity.saml.protocol.StatusCode;
import com.sun.identity.saml.xmlsig.XMLSignatureManager;
import com.sun.identity.saml2.common.SAML2Constants;
import com.sun.identity.shared.encode.URLEncDec;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.logging.Level;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.soap.SOAPMessage;
import org.forgerock.openam.utils.ClientUtils;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:com/sun/identity/federation/services/fednsso/FSSSOBrowserArtifactProfileHandler.class */
public class FSSSOBrowserArtifactProfileHandler extends FSSSOAndFedHandler {
    private Element samlRequestElement;
    private SOAPMessage soapMsg;

    public void setSOAPMessage(SOAPMessage sOAPMessage) {
        this.soapMsg = sOAPMessage;
    }

    public void setSAMLRequestElement(Element element) {
        FSUtils.debug.message("FSBrowserArtifactConsumerHandler.setSAMLRequestElement: Called");
        this.samlRequestElement = element;
    }

    protected FSSSOBrowserArtifactProfileHandler() {
        this.samlRequestElement = null;
        this.soapMsg = null;
    }

    public FSSSOBrowserArtifactProfileHandler(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FSAuthnRequest fSAuthnRequest, SPDescriptorType sPDescriptorType, BaseConfigType baseConfigType, String str, String str2) {
        super(httpServletRequest, httpServletResponse, fSAuthnRequest, sPDescriptorType, baseConfigType, str, str2);
        this.samlRequestElement = null;
        this.soapMsg = null;
    }

    public FSSSOBrowserArtifactProfileHandler(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Request request) {
        this.samlRequestElement = null;
        this.soapMsg = null;
        this.request = httpServletRequest;
        this.response = httpServletResponse;
    }

    @Override // com.sun.identity.federation.services.fednsso.FSSSOAndFedHandler
    public void processAuthnRequest(FSAuthnRequest fSAuthnRequest, boolean z) {
        FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.processAuthnRequest: Called");
        try {
            if (!z) {
                boolean isAuthnRequestsSigned = this.spDescriptor.isAuthnRequestsSigned();
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.processAuthnRequest: ProviderID : " + this.spEntityId + " AuthnRequestSigned : " + isAuthnRequestsSigned);
                }
                if (FSServiceUtils.isSigningOn() && isAuthnRequestsSigned) {
                    if (!verifyRequestSignature(fSAuthnRequest)) {
                        FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler.processAuthnRequest: AuthnRequest Signature Verification Failed");
                        LogUtil.error(Level.INFO, LogUtil.SIGNATURE_VERIFICATION_FAILED, new String[]{FSUtils.bundle.getString("signatureVerificationFailed")}, this.ssoToken);
                        sendSAMLArtifacts(null);
                        return;
                    } else if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.processAuthnRequest: AuthnRequest Signature Verified");
                    }
                }
                if (!processPreAuthnSSO(fSAuthnRequest)) {
                    if (FSUtils.debug.warningEnabled()) {
                        FSUtils.debug.warning("FSSSOBrowserArtifactProfileHandler.processAuthnRequest: AuthnRequest Processing failed");
                    }
                    LogUtil.error(Level.INFO, LogUtil.AUTHN_REQUEST_PROCESSING_FAILED, new String[]{FSUtils.bundle.getString("AuthnRequestProcessingFailed")}, this.ssoToken);
                    sendSAMLArtifacts(null);
                } else if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.processAuthnRequest: AuthnRequest Processing  successful");
                }
            } else if (!processPostAuthnSSO(fSAuthnRequest)) {
                if (FSUtils.debug.warningEnabled()) {
                    FSUtils.debug.warning("FSSSOBrowserArtifactProfileHandler.processAuthnRequest: AuthnRequest Processing failed");
                }
                LogUtil.error(Level.INFO, LogUtil.AUTHN_REQUEST_PROCESSING_FAILED, new String[]{FSUtils.bundle.getString("AuthnRequestProcessingFailed")}, this.ssoToken);
                sendSAMLArtifacts(null);
            } else if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.processAuthnRequest: AuthnRequest Processingsuccessful");
            }
        } catch (Exception e) {
            FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler.processAuthnRequest: Exception Occured: ", e);
            sendSAMLArtifacts(null);
        }
    }

    @Override // com.sun.identity.federation.services.fednsso.FSSSOAndFedHandler
    public FSResponse processSAMLRequest(FSSAMLRequest fSSAMLRequest) {
        FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.processSAMLRequest: Called");
        try {
            return createSAMLResponse(fSSAMLRequest);
        } catch (Exception e) {
            FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler.processSAMLRequest: Fatal error, cannot create status or response: ", e);
            return null;
        }
    }

    /* JADX WARN: Type inference failed for: r31v0, types: [java.lang.Throwable, com.sun.identity.federation.common.FSException] */
    private FSResponse createSAMLResponse(FSSAMLRequest fSSAMLRequest) throws FSException {
        String str;
        FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.createSAMLResponse: Called");
        FSResponse fSResponse = null;
        String generateID = FSUtils.generateID();
        String requestID = fSSAMLRequest.getRequestID();
        ArrayList arrayList = new ArrayList();
        String clientIPAddress = ClientUtils.getClientIPAddress(this.request);
        String str2 = FSUtils.bundle.getString("responseLogMessage") + " " + clientIPAddress;
        int contentType = fSSAMLRequest.getContentType();
        if (contentType == -1) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.createSAMLResponse: Found element in the request which are not supported");
            }
            try {
                fSResponse = new FSResponse(generateID, requestID, new Status(new StatusCode(IFSConstants.SAML_RESPONDER), FSUtils.bundle.getString("unsupportedElement"), null), arrayList);
                fSResponse.setMinorVersion(fSSAMLRequest.getMinorVersion());
            } catch (SAMLException e) {
                FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler.createSAMLResponse: Fatal error, cannot create status or response: ", e);
            }
            if (LogUtil.isAccessLoggable(Level.FINER)) {
                LogUtil.access(Level.FINER, LogUtil.CREATE_SAML_RESPONSE, new String[]{str2, fSResponse.toString()});
            } else {
                LogUtil.access(Level.INFO, LogUtil.CREATE_SAML_RESPONSE, new String[]{str2, FSUtils.bundle.getString("responseID") + "=" + fSResponse.getResponseID() + "," + FSUtils.bundle.getString(SAML2Constants.IN_RESPONSE_TO) + "=" + fSResponse.getInResponseTo()});
            }
            return fSResponse;
        }
        try {
            FSAssertionManager fSAssertionManager = FSAssertionManager.getInstance(this.metaAlias);
            List list = null;
            ArrayList arrayList2 = new ArrayList();
            if (contentType == 3) {
                list = fSSAMLRequest.getAssertionArtifact();
                int size = list.size();
                String str3 = null;
                AssertionArtifact assertionArtifact = null;
                for (int i = 0; i < size; i++) {
                    assertionArtifact = (AssertionArtifact) list.get(i);
                    if (str3 == null) {
                        str3 = assertionArtifact.getSourceID();
                    } else if (!str3.equals(assertionArtifact.getSourceID())) {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.createSAMLResponse: Artifacts not from the same source");
                        }
                        try {
                            fSResponse = new FSResponse(generateID, requestID, new Status(new StatusCode(IFSConstants.SAML_REQUESTER, new StatusCode(IFSConstants.FEDERATION_NOT_EXISTS_STATUS, null)), FSUtils.bundle.getString("mismatchSourceID"), null), arrayList);
                            fSResponse.setMinorVersion(fSSAMLRequest.getMinorVersion());
                        } catch (SAMLException e2) {
                            FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler.createSAMLResponse: Fatal error, cannot create status or response: ", e2);
                        }
                        if (LogUtil.isAccessLoggable(Level.FINER)) {
                            LogUtil.access(Level.FINER, LogUtil.CREATE_SAML_RESPONSE, new String[]{str2, fSResponse.toString()});
                        } else {
                            LogUtil.access(Level.INFO, LogUtil.CREATE_SAML_RESPONSE, new String[]{str2, FSUtils.bundle.getString("responseID") + "=" + fSResponse.getResponseID() + "," + FSUtils.bundle.getString(SAML2Constants.IN_RESPONSE_TO) + "=" + fSResponse.getInResponseTo()});
                        }
                        return fSResponse;
                    }
                }
                if (assertionArtifact == null) {
                    FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler.createSAMLResponse: No artifact found in samlRequest");
                    try {
                        FSResponse fSResponse2 = new FSResponse(generateID, requestID, new Status(new StatusCode(IFSConstants.SAML_REQUESTER), FSUtils.bundle.getString("missingArtifact"), null), arrayList);
                        fSResponse2.setMinorVersion(fSSAMLRequest.getMinorVersion());
                        return fSResponse2;
                    } catch (SAMLException e3) {
                        FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler.createSAMLResponse:Fatal error, cannot create status or response: ", e3);
                        return null;
                    }
                }
                try {
                    str = fSAssertionManager.getDestIdForArtifact(assertionArtifact);
                } catch (FSException e4) {
                    FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler.createSAMLResponse: FSException Occured while retrieving sp's providerID for the artifact: ", e4);
                    str = null;
                }
                if (str == null) {
                    FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler.createSAMLResponse: artifact received does not correspond to any SP");
                    String string = FSUtils.bundle.getString("invalidSource");
                    try {
                        Status errorStatus = fSAssertionManager.getErrorStatus(assertionArtifact);
                        FSResponse fSResponse3 = new FSResponse(generateID, requestID, errorStatus != null ? errorStatus : new Status(new StatusCode(IFSConstants.SAML_REQUESTER, new StatusCode(IFSConstants.FEDERATION_NOT_EXISTS_STATUS, null)), string, null), arrayList);
                        fSResponse3.setMinorVersion(fSSAMLRequest.getMinorVersion());
                        return fSResponse3;
                    } catch (SAMLException e5) {
                        FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler.createSAMLResponse:Fatal error, cannot create status or response: ", e5);
                        return null;
                    }
                }
                try {
                    if (!metaManager.isTrustedProvider(this.realm, this.hostedEntityId, str)) {
                        FSUtils.debug.error("FSSSOAndFedHandler.processAuthnRequest: RemoteProvider is not trusted");
                        FSResponse fSResponse4 = new FSResponse(generateID, requestID, new Status(new StatusCode(IFSConstants.SAML_REQUESTER), FSUtils.bundle.getString("AuthnRequestProcessingFailed"), null), arrayList);
                        fSResponse4.setMinorVersion(fSSAMLRequest.getMinorVersion());
                        return fSResponse4;
                    }
                    this.spDescriptor = metaManager.getSPDescriptor(this.realm, str);
                    this.spEntityId = str;
                    clientIPAddress = str;
                    if (FSServiceUtils.isSigningOn()) {
                        if (!verifySAMLRequestSignature(this.samlRequestElement, this.soapMsg)) {
                            FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler.createSAMLResponse: SAMLRequest signature verification failed");
                            try {
                                fSResponse = new FSResponse(generateID, requestID, new Status(new StatusCode(IFSConstants.SAML_REQUESTER), FSUtils.bundle.getString("signatureVerificationFailed"), null), arrayList);
                                fSResponse.setMinorVersion(fSSAMLRequest.getMinorVersion());
                                return fSResponse;
                            } catch (SAMLException e6) {
                                FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler.createSAMLResponse:Fatal error, cannot create status or response: " + e6.getMessage());
                            }
                        } else if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("FSSSOBrowserArtProfileHandler.createSAMLResp: SAMLRequest signature verified");
                        }
                    }
                    for (int i2 = 0; i2 < size; i2++) {
                        try {
                            Assertion assertion = fSAssertionManager.getAssertion((AssertionArtifact) list.get(i2), this.spEntityId);
                            if (assertion != null) {
                                arrayList2.add(i2, assertion);
                            }
                        } catch (FSException e7) {
                            if (FSUtils.debug.messageEnabled()) {
                                FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.createSAMLResponse:could not find matching assertion:", (Throwable) e7);
                            }
                            try {
                                fSResponse = new FSResponse(generateID, requestID, new Status(new StatusCode("samlp:Success"), e7.getMessage(), null), arrayList);
                                fSResponse.setMinorVersion(fSSAMLRequest.getMinorVersion());
                            } catch (SAMLException e8) {
                                FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler.createSAMLResponse:Fatal error, cannot create status or response: ", e8);
                            }
                            if (LogUtil.isAccessLoggable(Level.FINER)) {
                                LogUtil.access(Level.FINER, LogUtil.CREATE_SAML_RESPONSE, new String[]{str2, fSResponse.toString()});
                            } else {
                                LogUtil.access(Level.INFO, LogUtil.CREATE_SAML_RESPONSE, new String[]{str2, FSUtils.bundle.getString("responseID") + "=" + fSResponse.getResponseID() + "," + FSUtils.bundle.getString(SAML2Constants.IN_RESPONSE_TO) + "=" + fSResponse.getInResponseTo()});
                            }
                            return fSResponse;
                        }
                    }
                } catch (Exception e9) {
                    FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler.createSAMLResponse: FSAllianceManagementException Occured while getting", e9);
                    try {
                        FSResponse fSResponse5 = new FSResponse(generateID, requestID, new Status(new StatusCode(IFSConstants.SAML_REQUESTER), e9.getMessage(), null), arrayList);
                        fSResponse5.setMinorVersion(fSSAMLRequest.getMinorVersion());
                        return fSResponse5;
                    } catch (SAMLException e10) {
                        FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler.createSAMLResponse:Fatal error, cannot create status or response: ", e10);
                        return null;
                    }
                }
            }
            int size2 = arrayList2.size();
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.createSAMLResponse: found " + size2 + "assertions.");
            }
            for (int i3 = 0; i3 < size2; i3++) {
                Assertion assertion2 = (Assertion) arrayList2.get(i3);
                Set audienceRestrictionCondition = assertion2.getConditions().getAudienceRestrictionCondition();
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.createSAMLResponse: checking to see if assertions are for host:" + clientIPAddress);
                }
                if (audienceRestrictionCondition != null && !audienceRestrictionCondition.isEmpty()) {
                    Iterator it = audienceRestrictionCondition.iterator();
                    while (it.hasNext()) {
                        if (!((AudienceRestrictionCondition) it.next()).containsAudience(clientIPAddress)) {
                            if (FSUtils.debug.messageEnabled()) {
                                FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.createSAMLResponse: removing TRC notmeant for this host");
                            }
                            arrayList2.remove(assertion2);
                        }
                    }
                }
            }
            if (arrayList2.size() == 0) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.createSAMLResponse: Matching Assertions(s) not created for this host");
                }
                try {
                    fSResponse = new FSResponse(generateID, requestID, new Status(new StatusCode("samlp:Success"), FSUtils.bundle.getString("mismatchDest"), null), arrayList);
                    fSResponse.setMinorVersion(fSSAMLRequest.getMinorVersion());
                } catch (SAMLException e11) {
                    FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler.createSAMLResponse: Fatal error, cannot create status or response:", e11);
                }
                if (LogUtil.isAccessLoggable(Level.FINER)) {
                    LogUtil.access(Level.FINER, LogUtil.CREATE_SAML_RESPONSE, new String[]{str2, fSResponse.toString()});
                } else {
                    LogUtil.access(Level.INFO, LogUtil.CREATE_SAML_RESPONSE, new String[]{str2, FSUtils.bundle.getString("responseID") + "=" + fSResponse.getResponseID() + "," + FSUtils.bundle.getString(SAML2Constants.IN_RESPONSE_TO) + "=" + fSResponse.getInResponseTo()});
                }
                return fSResponse;
            }
            if (contentType != 3) {
                try {
                    fSResponse = new FSResponse(generateID, requestID, new Status(new StatusCode("samlp:Success"), null, null), arrayList2);
                    fSResponse.setMinorVersion(fSSAMLRequest.getMinorVersion());
                } catch (SAMLException e12) {
                    FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler.createSAMLResponse: Fatal error, cannot create status or response:", e12);
                }
                if (LogUtil.isAccessLoggable(Level.FINER)) {
                    LogUtil.access(Level.FINER, LogUtil.CREATE_SAML_RESPONSE, new String[]{str2, fSResponse.toString()});
                } else {
                    LogUtil.access(Level.INFO, LogUtil.CREATE_SAML_RESPONSE, new String[]{str2, FSUtils.bundle.getString("responseID") + "=" + fSResponse.getResponseID() + "," + FSUtils.bundle.getString(SAML2Constants.IN_RESPONSE_TO) + "=" + fSResponse.getInResponseTo()});
                }
                return fSResponse;
            }
            if (arrayList2.size() != list.size()) {
                try {
                    fSResponse = new FSResponse(generateID, requestID, new Status(new StatusCode("samlp:Success"), FSUtils.bundle.getString("unequalMatch"), null), arrayList2);
                    fSResponse.setMinorVersion(fSSAMLRequest.getMinorVersion());
                } catch (SAMLException e13) {
                    FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler.createSAMLResponse: Fatal error, cannot create status or response:", e13);
                }
                if (LogUtil.isAccessLoggable(Level.FINER)) {
                    LogUtil.access(Level.FINER, LogUtil.CREATE_SAML_RESPONSE, new String[]{str2, fSResponse.toString()});
                } else {
                    LogUtil.access(Level.INFO, LogUtil.CREATE_SAML_RESPONSE, new String[]{str2, FSUtils.bundle.getString("responseID") + "=" + fSResponse.getResponseID() + "," + FSUtils.bundle.getString(SAML2Constants.IN_RESPONSE_TO) + "=" + fSResponse.getInResponseTo()});
                }
                return fSResponse;
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.createSAMLResponse: Matching Assertion found");
            }
            try {
                FSResponse fSResponse6 = new FSResponse(generateID, requestID, new Status(new StatusCode("samlp:Success"), null, null), arrayList2);
                fSResponse6.setMinorVersion(fSSAMLRequest.getMinorVersion());
                if (LogUtil.isAccessLoggable(Level.FINER)) {
                    LogUtil.access(Level.FINER, LogUtil.CREATE_SAML_RESPONSE, new String[]{str2, fSResponse6.toString()});
                } else {
                    LogUtil.access(Level.INFO, LogUtil.CREATE_SAML_RESPONSE, new String[]{str2, FSUtils.bundle.getString("responseID") + "=" + fSResponse6.getResponseID() + "," + FSUtils.bundle.getString(SAML2Constants.IN_RESPONSE_TO) + "=" + fSResponse6.getInResponseTo()});
                }
                return fSResponse6;
            } catch (SAMLException e14) {
                FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler.createSAMLResponse: Fatal error, cannot create status or response:", e14);
                return null;
            } catch (Exception e15) {
                FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler.createSAMLResponse: Fatal error, cannot create status or response:", e15);
                return null;
            }
        } catch (FSException e16) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.createSAMLResponse: Cannot instantiate FSAssertionManager");
            }
            try {
                fSResponse = new FSResponse(generateID, requestID, new Status(new StatusCode(IFSConstants.SAML_RESPONDER), e16.getMessage(), null), arrayList);
                fSResponse.setMinorVersion(fSSAMLRequest.getMinorVersion());
            } catch (SAMLException e17) {
                FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler.createSAMLResponse: Fatal error, cannot create status or response: ", e17);
            }
            if (LogUtil.isAccessLoggable(Level.FINER)) {
                LogUtil.access(Level.FINER, LogUtil.CREATE_SAML_RESPONSE, new String[]{str2, fSResponse.toString()});
            } else {
                LogUtil.access(Level.INFO, LogUtil.CREATE_SAML_RESPONSE, new String[]{str2, FSUtils.bundle.getString("responseID") + "=" + fSResponse.getResponseID() + "," + FSUtils.bundle.getString(SAML2Constants.IN_RESPONSE_TO) + "=" + fSResponse.getInResponseTo()});
            }
            return fSResponse;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.sun.identity.federation.services.fednsso.FSSSOAndFedHandler
    public boolean doSingleSignOn(Object obj, String str, NameIdentifier nameIdentifier, NameIdentifier nameIdentifier2) {
        FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.doSingleSignOn: Called");
        this.ssoToken = obj;
        sendSAMLArtifacts(createSAMLAssertionArtifact(obj, str, nameIdentifier, nameIdentifier2));
        return true;
    }

    protected List createSAMLAssertionArtifact(Object obj, String str, NameIdentifier nameIdentifier, NameIdentifier nameIdentifier2) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.createSAMLAssertionArtifact: Called");
        }
        ArrayList arrayList = new ArrayList();
        try {
            AssertionArtifact createFSAssertionArtifact = FSAssertionManager.getInstance(this.metaAlias).createFSAssertionArtifact(SessionManager.getProvider().getSessionID(obj), this.realm, this.spEntityId, nameIdentifier, nameIdentifier2, str, this.authnRequest.getMinorVersion());
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("AssertionArtifact id = " + createFSAssertionArtifact.toString());
            }
            arrayList.add(createFSAssertionArtifact.getAssertionArtifact());
            return arrayList;
        } catch (FSException e) {
            FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler.createSAMLAssertionArtifact(0): ", e);
            return null;
        } catch (SessionException e2) {
            FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler.createSAMLAssertionArtifact(2): ", e2);
            return null;
        } catch (SAMLException e3) {
            FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler.createSAMLAssertionArtifact(1): ", e3);
            return null;
        }
    }

    private void sendSAMLArtifacts(List list) {
        FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.sendSAMLArtifacts: Called");
        if (list == null) {
            list = createFaultSAMLArtifact();
        }
        try {
            String assertionConsumerServiceURL = FSServiceUtils.getAssertionConsumerServiceURL(this.spDescriptor, this.authnRequest.getAssertionConsumerServiceID());
            StringBuilder sb = new StringBuilder(1000);
            if (list == null || list.isEmpty()) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.sendSAMLArtifacts: Sending null artifact");
                }
                sb.append("SAMLart").append("=").append("&");
            } else {
                Iterator it = list.iterator();
                while (it.hasNext()) {
                    String encode = URLEncDec.encode((String) it.next());
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.sendSAMLArtifacts: " + encode);
                    }
                    sb.append("SAMLart").append("=").append(encode).append("&");
                }
            }
            StringBuilder sb2 = new StringBuilder(1000);
            if (assertionConsumerServiceURL.indexOf(63) == -1) {
                sb2.append(assertionConsumerServiceURL).append("?");
            } else {
                sb2.append(assertionConsumerServiceURL).append("&");
            }
            sb2.append(sb.toString());
            String relayState = this.authnRequest.getRelayState();
            if (relayState != null) {
                sb2.append("RelayState").append("=").append(URLEncDec.encode(relayState));
            }
            this.response.setStatus(302);
            String sb3 = sb2.toString();
            this.response.setContentType("text/html");
            this.response.setHeader("Location", sb3);
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.sendSAMLArtifacts: Sending artifacts to: " + sb3);
            }
            LogUtil.access(Level.FINER, LogUtil.REDIRECT_TO, new String[]{sb3}, this.ssoToken);
            this.response.sendRedirect(sb3);
        } catch (Exception e) {
            FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler.sendSAMLArtifacts: ", e);
        }
    }

    private List createFaultSAMLArtifact() {
        FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler. In createFaultSAMLArtifacts");
        String generateAssertionHandle = SAMLUtils.generateAssertionHandle();
        if (generateAssertionHandle == null) {
            if (!FSUtils.debug.messageEnabled()) {
                return null;
            }
            FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.create FaultSAMLArtifacts: couldn't generate assertion handle.");
            return null;
        }
        try {
            FSAssertionArtifact fSAssertionArtifact = new FSAssertionArtifact(SAMLUtils.stringToByteArray(FSUtils.generateSourceID(this.hostedEntityId)), generateAssertionHandle.getBytes(IFSConstants.SOURCEID_ENCODING));
            ArrayList arrayList = new ArrayList();
            arrayList.add(fSAssertionArtifact.getAssertionArtifact());
            FSAssertionManager.getInstance(this.metaAlias).setErrStatus(fSAssertionArtifact, this.noFedStatus);
            return arrayList;
        } catch (Exception e) {
            FSUtils.debug.error("FSBrowserArtifactProfileHandler.createFaultSAMLArtifacts: ", e);
            return null;
        }
    }

    protected boolean verifySAMLRequestSignature(Element element, SOAPMessage sOAPMessage) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.verifySAMLRequestSignature: Called");
        }
        try {
            X509Certificate verificationCert = KeyUtil.getVerificationCert(this.spDescriptor, this.spEntityId, false);
            if (verificationCert != null) {
                return XMLSignatureManager.getInstance().verifyXMLSignature((Document) FSServiceUtils.createSOAPDOM(sOAPMessage), verificationCert);
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.verifySAMLRequestSignature: couldn't obtain this site's cert.");
            }
            throw new SAMLResponderException(FSUtils.bundle.getString(IFSConstants.NO_CERT));
        } catch (Exception e) {
            FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler.verifySAMLRequestSignature: Exception occured while verifying IDP's signature:", e);
            return false;
        }
    }
}
