package com.sun.identity.federation.services.logout;

import com.sun.identity.federation.common.FSException;
import com.sun.identity.federation.common.FSUtils;
import com.sun.identity.federation.common.IFSConstants;
import com.sun.identity.federation.common.LogUtil;
import com.sun.identity.federation.jaxb.entityconfig.BaseConfigType;
import com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement;
import com.sun.identity.federation.key.KeyUtil;
import com.sun.identity.federation.message.FSLogoutNotification;
import com.sun.identity.federation.message.common.FSMsgException;
import com.sun.identity.federation.meta.IDFFMetaException;
import com.sun.identity.federation.meta.IDFFMetaManager;
import com.sun.identity.federation.meta.IDFFMetaUtils;
import com.sun.identity.federation.plugins.FederationSPAdapter;
import com.sun.identity.federation.services.FSServiceManager;
import com.sun.identity.federation.services.util.FSServiceUtils;
import com.sun.identity.federation.services.util.FSSignatureUtil;
import com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType;
import com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType;
import com.sun.identity.plugin.session.SessionException;
import com.sun.identity.plugin.session.SessionManager;
import com.sun.identity.plugin.session.SessionProvider;
import com.sun.identity.saml.common.SAMLException;
import com.sun.identity.saml.common.SAMLResponderException;
import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.logging.Level;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/sun/identity/federation/services/logout/FSProcessLogoutServlet.class */
public class FSProcessLogoutServlet extends HttpServlet {
    private static IDFFMetaManager metaManager = null;

    public void init(ServletConfig servletConfig) throws ServletException {
        super.init(servletConfig);
        FSUtils.debug.message("FSProcessLogoutServlet Initializing...");
        metaManager = FSUtils.getIDFFMetaManager();
    }

    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        doGetPost(httpServletRequest, httpServletResponse);
    }

    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        doGetPost(httpServletRequest, httpServletResponse);
    }

    private void doGetPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        FSUtils.debug.message("FSProcessLogoutServlet doGetPost...");
        String parameter = httpServletRequest.getParameter("metaAlias");
        if (parameter == null || parameter.length() == 0) {
            parameter = FSServiceUtils.getMetaAlias(httpServletRequest);
        }
        if (parameter == null || parameter.length() < 1) {
            FSUtils.debug.error("Unable to retrieve alias, Hosted Provider. Cannot process request");
            httpServletResponse.sendError(IFSConstants.MAX_CACHING_TIME, FSUtils.bundle.getString("aliasNotFound"));
            return;
        }
        if (metaManager == null) {
            FSUtils.debug.error("Cannot retrieve hosted descriptor. Cannot process request");
            httpServletResponse.sendError(IFSConstants.MAX_CACHING_TIME, FSUtils.bundle.getString(IFSConstants.FAILED_HOSTED_DESCRIPTOR));
            return;
        }
        String realmByMetaAlias = IDFFMetaUtils.getRealmByMetaAlias(parameter);
        IDPDescriptorType iDPDescriptorType = null;
        IDPDescriptorConfigElement iDPDescriptorConfigElement = null;
        try {
            String providerRoleByMetaAlias = metaManager.getProviderRoleByMetaAlias(parameter);
            String entityIDByMetaAlias = metaManager.getEntityIDByMetaAlias(parameter);
            if (providerRoleByMetaAlias != null) {
                if (providerRoleByMetaAlias.equalsIgnoreCase("IDP")) {
                    iDPDescriptorType = metaManager.getIDPDescriptor(realmByMetaAlias, entityIDByMetaAlias);
                    iDPDescriptorConfigElement = metaManager.getIDPDescriptorConfig(realmByMetaAlias, entityIDByMetaAlias);
                } else if (providerRoleByMetaAlias.equalsIgnoreCase(IFSConstants.SP)) {
                    iDPDescriptorType = metaManager.getSPDescriptor(realmByMetaAlias, entityIDByMetaAlias);
                    iDPDescriptorConfigElement = metaManager.getSPDescriptorConfig(realmByMetaAlias, entityIDByMetaAlias);
                }
            }
            if (iDPDescriptorType == null) {
                throw new IDFFMetaException((String) null);
            }
            String logoutDonePageURL = FSServiceUtils.getLogoutDonePageURL(httpServletRequest, iDPDescriptorConfigElement, parameter);
            String errorPageURL = FSServiceUtils.getErrorPageURL(httpServletRequest, iDPDescriptorConfigElement, parameter);
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("logoutDoneURL : " + logoutDonePageURL + "\ncommonErrorPage : " + errorPageURL);
            }
            String str = (String) httpServletRequest.getAttribute("logoutSource");
            if (str == null) {
                str = httpServletRequest.getParameter("logoutSource");
            }
            Object validToken = getValidToken(httpServletRequest);
            String str2 = null;
            if (validToken != null) {
                try {
                    str2 = SessionManager.getProvider().getPrincipalName(validToken);
                } catch (SessionException e) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("Couldn't get user object:", e);
                    }
                }
                if (str != null) {
                    if (str.equalsIgnoreCase(IFSConstants.AUTH_LOCAL)) {
                        FSUtils.debug.message("Control where Source is local -  from applink");
                        doLogoutInitiation(httpServletRequest, httpServletResponse, iDPDescriptorType, iDPDescriptorConfigElement, realmByMetaAlias, entityIDByMetaAlias, providerRoleByMetaAlias, parameter, validToken, logoutDonePageURL, str);
                        return;
                    } else if (str.equalsIgnoreCase("remote")) {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("Control where Source is remote - not from applink but from other provider. Token valid");
                        }
                        doLogoutInitiation(httpServletRequest, httpServletResponse, iDPDescriptorType, iDPDescriptorConfigElement, realmByMetaAlias, entityIDByMetaAlias, providerRoleByMetaAlias, parameter, validToken, logoutDonePageURL, str);
                        return;
                    } else if (str.equalsIgnoreCase("logoutGet")) {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("Control where Source is Http Get action - not from applink. Initiation will take care in preLogouthandler ");
                        }
                        doLogoutInitiation(httpServletRequest, httpServletResponse, iDPDescriptorType, iDPDescriptorConfigElement, realmByMetaAlias, entityIDByMetaAlias, providerRoleByMetaAlias, parameter, validToken, logoutDonePageURL, str);
                        return;
                    }
                }
            } else if (str != null) {
                if (str.equalsIgnoreCase(IFSConstants.AUTH_LOCAL)) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSProcessLogoutServlet, control where Source is local");
                    }
                    FSServiceUtils.returnLocallyAfterOperation(httpServletResponse, logoutDonePageURL, false, IFSConstants.LOGOUT_SUCCESS, IFSConstants.LOGOUT_NO_SESSION);
                    return;
                } else if (str.equalsIgnoreCase("remote")) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("Control where Source is remote - not from applink but from other provider");
                    }
                    FSServiceUtils.returnLocallyAfterOperation(httpServletResponse, logoutDonePageURL, true, IFSConstants.LOGOUT_SUCCESS, IFSConstants.LOGOUT_FAILURE);
                    return;
                } else if (str.equalsIgnoreCase("logoutGet")) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("Control where Source is Http Get action - not from app link ");
                    }
                    FSServiceUtils.returnLocallyAfterOperation(httpServletResponse, logoutDonePageURL, true, IFSConstants.LOGOUT_SUCCESS, IFSConstants.LOGOUT_FAILURE);
                    return;
                }
            }
            try {
                FSLogoutNotification parseURLEncodedRequest = FSLogoutNotification.parseURLEncodedRequest(httpServletRequest);
                if (parseURLEncodedRequest != null) {
                    doRequestProcessing(httpServletRequest, httpServletResponse, iDPDescriptorType, iDPDescriptorConfigElement, providerRoleByMetaAlias, realmByMetaAlias, entityIDByMetaAlias, parameter, parseURLEncodedRequest, errorPageURL, str2, validToken);
                } else {
                    FSUtils.debug.message("Bad Logout request. calling showErrorPage");
                    FSServiceUtils.showErrorPage(httpServletResponse, errorPageURL, IFSConstants.LOGOUT_REQUEST_IMPROPER, IFSConstants.LOGOUT_FAILED);
                }
            } catch (FSMsgException e2) {
                FSUtils.debug.message("Bad Logout request. calling showErrorPage");
                FSServiceUtils.showErrorPage(httpServletResponse, errorPageURL, IFSConstants.LOGOUT_REQUEST_IMPROPER, IFSConstants.LOGOUT_FAILED);
            }
        } catch (IDFFMetaException e3) {
            FSUtils.debug.error("Unable to find Hosted Provider. not process request", e3);
            httpServletResponse.sendError(IFSConstants.MAX_CACHING_TIME, FSUtils.bundle.getString(IFSConstants.FAILED_HOSTED_DESCRIPTOR));
        }
    }

    private Object getValidToken(HttpServletRequest httpServletRequest) {
        FSUtils.debug.message("Entered FSProcessLogoutServlet::getValidToken");
        try {
            SessionProvider provider = SessionManager.getProvider();
            Object session = provider.getSession(httpServletRequest);
            if (session != null && provider.isValid(session)) {
                return session;
            }
            FSUtils.debug.message("session is not valid, redirecting for authentication");
            return null;
        } catch (SessionException e) {
            if (!FSUtils.debug.messageEnabled()) {
                return null;
            }
            FSUtils.debug.message("SessionException caught: " + e);
            return null;
        }
    }

    private void doRequestProcessing(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ProviderDescriptorType providerDescriptorType, BaseConfigType baseConfigType, String str, String str2, String str3, String str4, FSLogoutNotification fSLogoutNotification, String str5, String str6, Object obj) {
        FSUtils.debug.message("Entered FSProcessLogoutServlet::doRequestProcessing");
        int minorVersion = fSLogoutNotification.getMinorVersion();
        String providerId = fSLogoutNotification.getProviderId();
        ProviderDescriptorType providerDescriptorType2 = null;
        boolean z = false;
        if (str != null) {
            try {
                if (str.equalsIgnoreCase("IDP")) {
                    providerDescriptorType2 = metaManager.getSPDescriptor(str2, providerId);
                } else if (str.equalsIgnoreCase(IFSConstants.SP)) {
                    providerDescriptorType2 = metaManager.getIDPDescriptor(str2, providerId);
                    z = true;
                }
            } catch (IDFFMetaException e) {
                FSUtils.debug.error("Remote provider metadata not found.");
                LogUtil.error(Level.INFO, LogUtil.INVALID_PROVIDER, new String[]{providerId, str2}, obj);
                FSLogoutUtil.returnToSource(httpServletResponse, providerDescriptorType2, IFSConstants.SAML_RESPONDER, str5, minorVersion, baseConfigType, str3, str6);
                return;
            }
        }
        if (providerDescriptorType2 == null) {
            throw new IDFFMetaException((String) null);
        }
        boolean z2 = true;
        if (FSServiceUtils.isSigningOn()) {
            try {
                FSUtils.debug.message("Calling verifyLogoutSignature");
                z2 = verifyLogoutSignature(httpServletRequest, providerDescriptorType2, providerId, z);
            } catch (FSException e2) {
                FSUtils.debug.error("FSProcessLogoutServlet::doRequestProcessing Signature on Logout request is invalidCannot proceed federation Logout");
                LogUtil.error(Level.INFO, LogUtil.INVALID_SIGNATURE, new String[]{str6}, obj);
                FSLogoutUtil.returnToSource(httpServletResponse, providerDescriptorType2, IFSConstants.SAML_REQUESTER, str5, minorVersion, baseConfigType, str3, str6);
                return;
            } catch (SAMLException e3) {
                FSUtils.debug.error("FSProcessLogoutServlet::doRequestProcessing(SAML) Signature on Logout request is invalidCannot proceed federation Logout");
                LogUtil.error(Level.INFO, LogUtil.INVALID_SIGNATURE, new String[]{str6}, obj);
                FSLogoutUtil.returnToSource(httpServletResponse, providerDescriptorType2, IFSConstants.SAML_REQUESTER, str5, minorVersion, baseConfigType, str3, str6);
                return;
            }
        }
        String str7 = IFSConstants.SAML_RESPONDER;
        if (!z2) {
            FSUtils.debug.error("FSProcessLogoutServlet::doRequestProcesing Signature on Logout request is invalidCannot proceed federation Logout");
            LogUtil.error(Level.INFO, LogUtil.INVALID_SIGNATURE, new String[]{str6}, obj);
            str7 = IFSConstants.SAML_REQUESTER;
        } else if (!metaManager.isTrustedProvider(str2, str3, providerId)) {
            FSUtils.debug.error("Remote provider not in trusted list");
        } else if (obj != null) {
            FSServiceManager fSServiceManager = FSServiceManager.getInstance();
            if (fSServiceManager == null) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSServiceManager Instance null. Cannot continue logout");
                }
                LogUtil.error(Level.INFO, LogUtil.LOGOUT_FAILED, new String[]{str6}, obj);
                FSLogoutUtil.returnToSource(httpServletResponse, providerDescriptorType2, IFSConstants.SAML_RESPONDER, str5, minorVersion, baseConfigType, str3, str6);
                return;
            }
            FSUtils.debug.message("FSServiceManager Instance not null");
            callPreSingleLogoutProcess(httpServletRequest, httpServletResponse, str, baseConfigType, str3, str6, fSLogoutNotification);
            FSPreLogoutHandler preLogoutHandler = fSServiceManager.getPreLogoutHandler();
            if (preLogoutHandler != null) {
                preLogoutHandler.setLogoutRequest(fSLogoutNotification);
                preLogoutHandler.setHostedDescriptor(providerDescriptorType);
                preLogoutHandler.setHostedDescriptorConfig(baseConfigType);
                preLogoutHandler.setRealm(str2);
                preLogoutHandler.setHostedEntityId(str3);
                preLogoutHandler.setHostedProviderRole(str);
                preLogoutHandler.setMetaAlias(str4);
                preLogoutHandler.setRemoteEntityId(providerId);
                preLogoutHandler.setRemoteDescriptor(providerDescriptorType2);
                preLogoutHandler.processHttpSingleLogoutRequest(httpServletRequest, httpServletResponse, obj);
                return;
            }
        } else {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("Invalid session in request processing. Nothing to logout");
            }
            str6 = FSLogoutUtil.getUserFromRequest(fSLogoutNotification, str2, str3, str, baseConfigType, str4);
            if (str6 != null) {
                FSLogoutUtil.destroyPrincipalSession(str6, str4, fSLogoutNotification.getSessionIndex(), httpServletRequest, httpServletResponse);
                FSLogoutUtil.returnToSource(httpServletResponse, providerDescriptorType2, IFSConstants.SAML_RESPONDER, str5, minorVersion, baseConfigType, str3, str6);
                return;
            }
        }
        FSLogoutUtil.returnToSource(httpServletResponse, providerDescriptorType2, str7, str5, minorVersion, baseConfigType, str3, str6);
    }

    private void doLogoutInitiation(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ProviderDescriptorType providerDescriptorType, BaseConfigType baseConfigType, String str, String str2, String str3, String str4, Object obj, String str5, String str6) {
        FSUtils.debug.message("FSProcessLogoutServlet::doLogoutInitiation");
        FSServiceManager fSServiceManager = FSServiceManager.getInstance();
        String parameter = httpServletRequest.getParameter("RelayState");
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSProcessLogoutServlet.doLogoutInit: relay=" + parameter);
        }
        if (fSServiceManager != null) {
            FSUtils.debug.message("FSServiceManager Instance not null");
            FSPreLogoutHandler preLogoutHandler = fSServiceManager.getPreLogoutHandler();
            if (preLogoutHandler != null) {
                preLogoutHandler.setHostedDescriptor(providerDescriptorType);
                preLogoutHandler.setHostedDescriptorConfig(baseConfigType);
                preLogoutHandler.setRealm(str);
                preLogoutHandler.setHostedEntityId(str2);
                preLogoutHandler.setHostedProviderRole(str3);
                preLogoutHandler.setMetaAlias(str4);
                preLogoutHandler.setRelayState(parameter);
                preLogoutHandler.handleSingleLogout(httpServletRequest, httpServletResponse, obj, str6);
                return;
            }
            FSUtils.debug.error("FSPreLogoutHandler is null.Cannot continue logout");
            LogUtil.error(Level.INFO, LogUtil.LOGOUT_FAILED_INVALID_HANDLER, new String[]{str5}, obj);
        } else {
            FSUtils.debug.message("FSServiceManager Instance null. Cannot continue logout");
        }
        FSServiceUtils.returnLocallyAfterOperation(httpServletResponse, str5, false, IFSConstants.LOGOUT_SUCCESS, IFSConstants.LOGOUT_FAILURE);
    }

    private boolean verifyLogoutSignature(HttpServletRequest httpServletRequest, ProviderDescriptorType providerDescriptorType, String str, boolean z) throws SAMLException, FSException {
        FSUtils.debug.message("Entered FSProcessLogoutServlet::verifyLogoutSignature");
        X509Certificate verificationCert = KeyUtil.getVerificationCert(providerDescriptorType, str, z);
        if (verificationCert == null) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSProcessLogoutServlet.verifyLogoutSignature: couldn't obtain this site's cert.");
            }
            throw new SAMLResponderException(FSUtils.bundle.getString(IFSConstants.NO_CERT));
        }
        if (FSSignatureUtil.verifyRequestSignature(httpServletRequest, verificationCert)) {
            FSUtils.debug.message("Logout request is properly signed");
            return true;
        }
        FSUtils.debug.error("Logout request is not properly signed");
        return false;
    }

    private void callPreSingleLogoutProcess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, BaseConfigType baseConfigType, String str2, String str3, FSLogoutNotification fSLogoutNotification) {
        FederationSPAdapter sPAdapter;
        if (str == null || !str.equalsIgnoreCase(IFSConstants.SP) || (sPAdapter = FSServiceUtils.getSPAdapter(str2, baseConfigType)) == null) {
            return;
        }
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSProcessLogoutServlet, call preSingleLogoutProcess");
        }
        try {
            sPAdapter.preSingleLogoutProcess(str2, httpServletRequest, httpServletResponse, str3, fSLogoutNotification, null, IFSConstants.LOGOUT_IDP_REDIRECT_PROFILE);
        } catch (Exception e) {
            FSUtils.debug.error("preSingleLogoutProcess.IDP/HTTP", e);
        }
    }
}
