package com.sun.identity.authentication.client;

import com.iplanet.am.util.AMClientDetector;
import com.iplanet.am.util.SystemProperties;
import com.iplanet.dpro.session.SessionException;
import com.iplanet.dpro.session.SessionID;
import com.iplanet.dpro.session.share.SessionEncodeURL;
import com.iplanet.services.cdm.AuthClient;
import com.iplanet.services.cdm.Client;
import com.iplanet.services.cdm.ClientsManager;
import com.iplanet.services.naming.ServerEntryNotFoundException;
import com.iplanet.services.naming.WebtopNaming;
import com.iplanet.services.util.Crypt;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.iplanet.sso.SSOTokenManager;
import com.sun.identity.authentication.AuthContext;
import com.sun.identity.authentication.service.AuthException;
import com.sun.identity.authentication.util.ISAuthConstants;
import com.sun.identity.common.DNUtils;
import com.sun.identity.common.FqdnValidator;
import com.sun.identity.common.HttpURLConnectionManager;
import com.sun.identity.common.ISLocaleContext;
import com.sun.identity.common.RequestUtils;
import com.sun.identity.common.ResourceLookup;
import com.sun.identity.federation.common.IFSConstants;
import com.sun.identity.policy.PolicyException;
import com.sun.identity.policy.PolicyUtils;
import com.sun.identity.saml2.common.SAML2Constants;
import com.sun.identity.security.AdminTokenAction;
import com.sun.identity.security.EncodeAction;
import com.sun.identity.shared.Constants;
import com.sun.identity.shared.debug.Debug;
import com.sun.identity.shared.encode.Base64;
import com.sun.identity.shared.encode.CookieUtils;
import com.sun.identity.shared.encode.URLEncDec;
import com.sun.identity.sm.SMSEntry;
import com.sun.identity.sm.SMSException;
import com.sun.identity.sm.ServiceSchemaManager;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.PrintWriter;
import java.io.UnsupportedEncodingException;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLDecoder;
import java.security.AccessController;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Objects;
import java.util.ResourceBundle;
import java.util.Set;
import java.util.StringTokenizer;
import javax.servlet.ServletContext;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.configuration.tree.DefaultExpressionEngine;
import org.forgerock.openam.core.realms.Realm;
import org.forgerock.openam.entitlement.conditions.environment.AuthSchemeCondition;
import org.forgerock.openam.sdk.org.forgerock.http.swagger.SwaggerApiProducer;
import org.forgerock.openam.security.whitelist.ValidGotoUrlExtractor;
import org.forgerock.openam.session.SessionServiceURLService;
import org.forgerock.openam.shared.security.whitelist.RedirectUrlValidator;
import org.forgerock.openam.utils.ClientUtils;
import org.forgerock.openam.utils.StringUtils;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.0.jar:com/sun/identity/authentication/client/AuthClientUtils.class */
public class AuthClientUtils {
    public static final String DEFAULT_CLIENT_TYPE = "genericHTML";
    public static final String COMPOSITE_ADVICE = "sunamcompositeadvice";
    private static final String DEFAULT_CONTENT_TYPE = "text/html";
    private static final String DEFAULT_FILE_PATH = "html";
    private static final String DEFAULT_COOKIE_SUPPORT = "true";
    public static final String ERROR_MESSAGE = "Error_Message";
    public static final String ERROR_TEMPLATE = "Error_Template";
    public static final String MSG_DELIMITER = "|";
    public static final String BUNDLE_NAME = "amAuth";
    private static final String HTTP_REFERER = "Referer";
    private static AMClientDetector clientDetector;
    private static Client defaultClient;
    private static volatile ResourceBundle bundle;
    private static String serverURL;
    private static boolean setRequestEncoding = false;
    private static final boolean urlRewriteInPath = Boolean.valueOf(SystemProperties.get(Constants.REWRITE_AS_PATH, "")).booleanValue();
    public static final String templatePath = "/config/auth";
    private static final String rootSuffix = SMSEntry.getRootSuffix();
    protected static final RedirectUrlValidator<String> REDIRECT_URL_VALIDATOR = new RedirectUrlValidator<>(ValidGotoUrlExtractor.getInstance());
    private static SessionServiceURLService sessionServiceURLService = SessionServiceURLService.getInstance();
    private static final String DSAME_VERSION = "7.0";
    private static String dsameVersion = SystemProperties.get(Constants.AM_VERSION, DSAME_VERSION);
    private static final boolean isVersionHeaderEnabled = SystemProperties.getAsBoolean(Constants.AM_VERSION_HEADER_ENABLED, false);
    private static String cookieName = SystemProperties.get(Constants.AM_COOKIE_NAME);
    private static String authCookieName = SystemProperties.get(Constants.AM_AUTH_COOKIE_NAME, ISAuthConstants.AUTH_COOKIE_NAME);
    private static String distAuthCookieName = SystemProperties.get(Constants.AM_DIST_AUTH_COOKIE_NAME, ISAuthConstants.DIST_AUTH_COOKIE_NAME);
    private static String serviceURI = getServiceURI() + IFSConstants.LOGIN_PAGE;
    static Debug utilDebug = Debug.getInstance("amAuthClientUtils");
    private static String[] ignoreList = {"IDtoken0", "IDtoken1", "IDtoken2", "IDButton", ISAuthConstants.AUTH_COOKIE_NAME, "encoded", "IDToken3"};
    private static boolean useCache = Boolean.getBoolean(SystemProperties.get(Constants.URL_CONNECTION_USE_CACHE, "false"));
    private static boolean isSessionHijackingEnabled = Boolean.valueOf(SystemProperties.get(Constants.IS_ENABLE_UNIQUE_COOKIE, "false")).booleanValue();
    private static String hostUrlCookieName = SystemProperties.get(Constants.AUTH_UNIQUE_COOKIE_NAME, "sunIdentityServerAuthNServer");
    private static String hostUrlCookieDomain = SystemProperties.get(Constants.AUTH_UNIQUE_COOKIE_DOMAIN);
    private static final String distAuthCluster = SystemProperties.get(Constants.DISTAUTH_CLUSTER, "");
    private static ArrayList distAuthClusterList = new ArrayList();
    private static final String distAuthSites = SystemProperties.get(Constants.AM_DISTAUTH_SITES, "");
    private static Map<String, Set<String>> distAuthSitesMap = new HashMap();
    private static final List<String> RETAINED_HTTP_REQUEST_HEADERS = new ArrayList();
    private static final List<String> RETAINED_HTTP_HEADERS = new ArrayList();

    protected AuthClientUtils() {
    }

    private static List<String> getHeaderNameListForProperty(String str) {
        String str2 = SystemProperties.get(str);
        return str2 != null ? Arrays.asList(str2.toLowerCase().split(",")) : Collections.EMPTY_LIST;
    }

    public static Hashtable parseRequestParameters(HttpServletRequest httpServletRequest) {
        return decodeHash(httpServletRequest);
    }

    private static Hashtable<String, String> decodeHash(HttpServletRequest httpServletRequest) {
        Hashtable<String, String> hashtable = new Hashtable<>();
        String characterEncoding = httpServletRequest.getCharacterEncoding();
        String str = characterEncoding != null ? characterEncoding : "UTF-8";
        if (utilDebug.messageEnabled()) {
            utilDebug.message("AuthUtils::decodeHash: clientEncoding='{}', encoding='{}'", characterEncoding, str);
        }
        Enumeration parameterNames = httpServletRequest.getParameterNames();
        boolean parseBoolean = Boolean.parseBoolean(httpServletRequest.getParameter("encoded"));
        while (parameterNames.hasMoreElements()) {
            String str2 = (String) parameterNames.nextElement();
            String parameter = httpServletRequest.getParameter(str2);
            if (parameter == null) {
                if (utilDebug.messageEnabled()) {
                    utilDebug.message("AuthUtils::decodeHash parameter '{}' is null", str2);
                }
            } else if (str2.equalsIgnoreCase("SunQueryParamsString")) {
                if (!parameter.isEmpty()) {
                    String decodeAsUTF8String = Base64.decodeAsUTF8String(parameter);
                    if (decodeAsUTF8String != null) {
                        if (utilDebug.messageEnabled()) {
                            utilDebug.message("AuthUtils::decodeHash base 64 decoded '{}'='{}'", str2, decodeAsUTF8String);
                        }
                        StringTokenizer stringTokenizer = new StringTokenizer(decodeAsUTF8String, "&");
                        while (stringTokenizer.hasMoreTokens()) {
                            String nextToken = stringTokenizer.nextToken();
                            if (nextToken.indexOf("=") != -1) {
                                int indexOf = nextToken.indexOf("=");
                                putDecodedValue(hashtable, nextToken.substring(0, indexOf), nextToken.substring(indexOf + 1), str);
                            }
                        }
                    } else if (utilDebug.warningEnabled()) {
                        utilDebug.warning("As parameter 'encoded' is true, parameter ['{}']='{}' should be base64 encoded", str2, parameter);
                    }
                }
            } else if (str2.equals("goto") || str2.equals(RedirectUrlValidator.GOTO_ON_FAIL)) {
                if (utilDebug.messageEnabled()) {
                    utilDebug.message("AuthUtils::decodeHash '{}'='{}', encoded='{}'", str2, parameter, Boolean.valueOf(parseBoolean));
                }
                if (parseBoolean) {
                    String decodeAsUTF8String2 = Base64.decodeAsUTF8String(parameter);
                    if (decodeAsUTF8String2 == null && utilDebug.warningEnabled()) {
                        utilDebug.warning("As parameter 'encoded' is true, parameter ['{}']='{}' should be base64 encoded", str2, parameter);
                    }
                    parameter = decodeAsUTF8String2;
                    if (utilDebug.messageEnabled()) {
                        utilDebug.message("AuthUtils::decodeHash base 64 decoded '{}'='{}'", str2, parameter);
                    }
                }
                putDecodedValue(hashtable, str2, parameter, str);
            } else {
                putDecodedValue(hashtable, str2, parameter, str);
            }
        }
        return hashtable;
    }

    public static Cookie getLogoutCookie(SessionID sessionID, String str) {
        Cookie createCookie = createCookie(getLogoutCookieString(sessionID), str);
        createCookie.setMaxAge(0);
        return createCookie;
    }

    public static String getLogoutCookieString(SessionID sessionID) {
        String str = null;
        try {
            str = (String) AccessController.doPrivileged(new EncodeAction("LOGOUT@" + sessionID.getSessionServerProtocol() + Constants.AT + sessionID.getSessionServer() + Constants.AT + sessionID.getSessionServerPort() + Constants.AT + sessionID.getSessionDomain(), Crypt.getHardcodedKeyEncryptor()));
            if (utilDebug.messageEnabled()) {
                utilDebug.message("Logout cookie : " + str);
            }
        } catch (Exception e) {
            if (utilDebug.messageEnabled()) {
                utilDebug.message("Error creating cookie : " + e.getMessage());
            }
        }
        return str;
    }

    public static Cookie createCookie(String str, String str2) {
        String cookieName2 = getCookieName();
        if (utilDebug.messageEnabled()) {
            utilDebug.message("cookieName='{}', cookieValue='{}', cookieDomain='{}'", cookieName2, str, str2);
        }
        return createCookie(cookieName2, str, str2);
    }

    public static String getQueryOrgName(HttpServletRequest httpServletRequest, String str) {
        String str2 = null;
        if (str != null && str.length() != 0) {
            str2 = str;
        } else if (httpServletRequest != null) {
            str2 = httpServletRequest.getServerName();
        }
        if (utilDebug.messageEnabled()) {
            utilDebug.message("queryOrg is :" + str2);
        }
        return str2;
    }

    public static void printCookies(HttpServletRequest httpServletRequest) {
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies == null) {
            utilDebug.message("No Cookie in header");
            return;
        }
        for (int i = 0; i < cookies.length; i++) {
            if (utilDebug.messageEnabled()) {
                utilDebug.message("Received Cookie: '{}'='{}'", cookies[i].getName(), cookies[i].getValue());
            }
        }
    }

    public static void printHash(Hashtable hashtable) {
        try {
            if (utilDebug.messageEnabled()) {
                utilDebug.message("AuthRequest: In printHash" + hashtable);
            }
            if (hashtable == null) {
                return;
            }
            Enumeration keys = hashtable.keys();
            while (keys.hasMoreElements()) {
                Object nextElement = keys.nextElement();
                Object obj = hashtable.get(nextElement);
                utilDebug.message("printHash Key is : " + nextElement);
                if (obj instanceof String[]) {
                    for (String str : (String[]) obj) {
                        if (utilDebug.messageEnabled()) {
                            utilDebug.message("printHash : String[] keyname '{}'='{}'", nextElement, str);
                        }
                    }
                }
            }
        } catch (Exception e) {
            if (utilDebug.messageEnabled()) {
                utilDebug.warning("Exception: printHash :", e);
            }
        }
    }

    public static void setlbCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthException {
        String str = getlbCookieName();
        if (str == null || str.length() == 0) {
            return;
        }
        Set<String> cookieDomainsForRequest = getCookieDomainsForRequest(httpServletRequest);
        if (cookieDomainsForRequest.isEmpty()) {
            CookieUtils.addCookieToResponse(httpServletResponse, createlbCookie(null));
            return;
        }
        Iterator<String> it = cookieDomainsForRequest.iterator();
        while (it.hasNext()) {
            CookieUtils.addCookieToResponse(httpServletResponse, createlbCookie(it.next()));
        }
    }

    public static Cookie createCookie(String str, String str2, String str3) {
        if (utilDebug.messageEnabled()) {
            utilDebug.message("cookieName='{}', cookieValue='{}', cookieDomain='{}'", str, str2, str3);
        }
        Cookie cookie = null;
        try {
            cookie = CookieUtils.newCookie(str, str2, "/", str3);
        } catch (Exception e) {
            if (utilDebug.messageEnabled()) {
                utilDebug.message("Error creating cookie. : " + e.getMessage());
            }
        }
        if (utilDebug.messageEnabled()) {
            utilDebug.message("createCookie Cookie is set : " + cookie);
        }
        return cookie;
    }

    public static void clearlbCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String str = getlbCookieName();
        if (str == null || str.length() == 0) {
            return;
        }
        Set<String> cookieDomainsForRequest = getCookieDomainsForRequest(httpServletRequest);
        if (cookieDomainsForRequest.isEmpty()) {
            httpServletResponse.addCookie(createCookie(str, "LOGOUT", 0, null));
            return;
        }
        Iterator<String> it = cookieDomainsForRequest.iterator();
        while (it.hasNext()) {
            httpServletResponse.addCookie(createCookie(str, "LOGOUT", 0, it.next()));
        }
    }

    public static String getErrorMessage(String str) {
        return getErrorVal(str, ERROR_MESSAGE);
    }

    public static String getErrorTemplate(String str) {
        return getErrorVal(str, ERROR_TEMPLATE);
    }

    public static boolean checkForCookies(HttpServletRequest httpServletRequest) {
        return (CookieUtils.getCookieValueFromReq(httpServletRequest, getAuthCookieName()) == null && CookieUtils.getCookieValueFromReq(httpServletRequest, getCookieName()) == null) ? false : true;
    }

    public static String getOrigRedirectURL(HttpServletRequest httpServletRequest, SessionID sessionID) {
        String str = null;
        if (sessionID != null) {
            try {
                str = sessionID.toString();
            } catch (Exception e) {
                if (!utilDebug.messageEnabled()) {
                    return null;
                }
                utilDebug.message("Error in getOrigRedirectURL:", e);
                return null;
            }
        }
        SSOTokenManager sSOTokenManager = SSOTokenManager.getInstance();
        SSOToken createSSOToken = sSOTokenManager.createSSOToken(str);
        if (!sSOTokenManager.isValidToken(createSSOToken)) {
            return null;
        }
        utilDebug.message("Valid SSOToken");
        return REDIRECT_URL_VALIDATOR.getRedirectUrl(createSSOToken.getProperty("Organization"), REDIRECT_URL_VALIDATOR.getAndDecodeParameter(httpServletRequest, "goto"), createSSOToken.getProperty("successURL"));
    }

    public static String addLogoutCookieToURL(String str, String str2, boolean z) {
        String str3;
        if (str2 == null || z) {
            str3 = str;
        } else {
            StringBuilder sb = new StringBuilder();
            sb.append(URLEncDec.encode(getCookieName())).append("=").append(URLEncDec.encode(str2));
            if (str.indexOf("?") != -1) {
                sb.insert(0, "&amp;");
            } else {
                sb.insert(0, "?");
            }
            sb.insert(0, str);
            str3 = sb.toString();
            if (utilDebug.messageEnabled()) {
                utilDebug.message("cookieString is : " + ((Object) sb));
            }
        }
        return str3;
    }

    private static SessionID getSidFromCookie(HttpServletRequest httpServletRequest) {
        SessionID sessionID = null;
        String sidFromURL = SessionEncodeURL.getSidFromURL(httpServletRequest, getAuthCookieName());
        if (sidFromURL == null) {
            sidFromURL = CookieUtils.getCookieValueFromReq(httpServletRequest, getAuthCookieName());
        }
        if (sidFromURL != null && !sidFromURL.isEmpty()) {
            sessionID = new SessionID(sidFromURL);
            utilDebug.message("sidValue from Auth Cookie");
        }
        return sessionID;
    }

    public static SessionID getSessionIDFromRequest(HttpServletRequest httpServletRequest) {
        boolean z = httpServletRequest != null && httpServletRequest.getMethod().equalsIgnoreCase("GET");
        SessionID sessionID = new SessionID(httpServletRequest);
        SessionID sidFromCookie = getSidFromCookie(httpServletRequest);
        SessionID sessionID2 = sidFromCookie == null ? sessionID : z ? sessionID : sidFromCookie;
        if (utilDebug.messageEnabled()) {
            utilDebug.message("AuthUtils:returning sessionID:" + sessionID2);
        }
        return sessionID2;
    }

    public static boolean newSessionArgExists(Hashtable hashtable) {
        String str = (String) hashtable.get(IFSConstants.ARGKEY);
        boolean z = str != null && str.equals(IFSConstants.NEWSESSION);
        if (utilDebug.messageEnabled()) {
            utilDebug.message("newSessionArgExists : " + z);
        }
        return z;
    }

    public static AuthContext.IndexType getIndexType(String str) {
        AuthContext.IndexType indexType = null;
        if (utilDebug.messageEnabled()) {
            utilDebug.message("getIndexType : strIndexType = " + str);
        }
        if (str != null) {
            if (str.equalsIgnoreCase("user")) {
                indexType = AuthContext.IndexType.USER;
            } else if (str.equalsIgnoreCase("role")) {
                indexType = AuthContext.IndexType.ROLE;
            } else if (str.equalsIgnoreCase("service")) {
                indexType = AuthContext.IndexType.SERVICE;
            } else if (str.equalsIgnoreCase("module_instance")) {
                indexType = AuthContext.IndexType.MODULE_INSTANCE;
            } else if (str.equalsIgnoreCase(IFSConstants.LEVEL)) {
                indexType = AuthContext.IndexType.LEVEL;
            } else if (str.equalsIgnoreCase("composite_advice")) {
                indexType = AuthContext.IndexType.COMPOSITE_ADVICE;
            }
        }
        if (utilDebug.messageEnabled()) {
            utilDebug.message("getIndexType : IndexType = " + indexType);
        }
        return indexType;
    }

    public static String getIndexName(SSOToken sSOToken, AuthContext.IndexType indexType) {
        String str = "";
        try {
            if (indexType == AuthContext.IndexType.USER) {
                str = sSOToken.getProperty(ISAuthConstants.USER_TOKEN);
            } else if (indexType == AuthContext.IndexType.ROLE) {
                str = sSOToken.getProperty(ISAuthConstants.ROLE);
            } else if (indexType == AuthContext.IndexType.SERVICE) {
                str = sSOToken.getProperty("Service");
            } else if (indexType == AuthContext.IndexType.MODULE_INSTANCE) {
                str = getLatestIndexName(sSOToken.getProperty(ISAuthConstants.AUTH_TYPE));
            } else if (indexType == AuthContext.IndexType.LEVEL) {
                str = sSOToken.getProperty("AuthLevel");
            }
            if (utilDebug.messageEnabled()) {
                utilDebug.message("getIndexName : IndexType='{}', IndexName='{}'", indexType, str);
            }
            return str;
        } catch (Exception e) {
            if (utilDebug.messageEnabled()) {
                utilDebug.message("Error in getIndexName :" + e.toString());
            }
            return str;
        }
    }

    private static String getLatestIndexName(String str) {
        String str2 = str;
        if (str != null) {
            StringTokenizer stringTokenizer = new StringTokenizer(str, "|");
            if (stringTokenizer.hasMoreTokens()) {
                str2 = stringTokenizer.nextToken();
            }
        }
        return str2;
    }

    public static boolean isContain(String str, String str2) {
        if (str == null) {
            return false;
        }
        try {
            if (str.indexOf("|") == -1) {
                return str.trim().equals(str2.trim());
            }
            StringTokenizer stringTokenizer = new StringTokenizer(str, "|");
            while (stringTokenizer.hasMoreTokens()) {
                if (stringTokenizer.nextToken().equals(str2)) {
                    return true;
                }
            }
            return false;
        } catch (Exception e) {
            utilDebug.error("AuthClientUtils.isContain: error : ", e);
            return false;
        }
    }

    public static boolean checkSessionUpgrade(SSOToken sSOToken, Hashtable hashtable) {
        utilDebug.message("Check Session upgrade!");
        boolean z = false;
        try {
            if (hashtable.get("user") != null) {
                if (utilDebug.messageEnabled()) {
                    utilDebug.message("AuthClientUtils.checkSessionUpgrade: user");
                }
                String str = (String) hashtable.get("user");
                String property = sSOToken.getProperty(ISAuthConstants.USER_TOKEN);
                if (utilDebug.messageEnabled()) {
                    utilDebug.message("user='{}', userToken ='{}'", str, property);
                }
                if (!str.equals(property)) {
                    z = true;
                }
            } else if (hashtable.get("role") != null) {
                if (utilDebug.messageEnabled()) {
                    utilDebug.message("AuthClientUtils.checkSessionUpgrade: role");
                }
                if (!isContain(sSOToken.getProperty(ISAuthConstants.ROLE), (String) hashtable.get("role"))) {
                    z = true;
                }
            } else if (hashtable.get("service") != null && hashtable.get("sunamcompositeadvice") == null) {
                if (utilDebug.messageEnabled()) {
                    utilDebug.message("AuthClientUtils.checkSessionUpgrade:service");
                }
                if (!isContain(sSOToken.getProperty("Service"), (String) hashtable.get("service"))) {
                    z = true;
                }
            } else if (hashtable.get(ISAuthConstants.MODULE_PARAM) != null) {
                if (utilDebug.messageEnabled()) {
                    utilDebug.message("AuthClientUtils.checkSessionUpgrade:module");
                }
                if (!isContain(sSOToken.getProperty(ISAuthConstants.AUTH_TYPE), (String) hashtable.get(ISAuthConstants.MODULE_PARAM))) {
                    z = true;
                }
            } else if (hashtable.get("authlevel") != null) {
                if (utilDebug.messageEnabled()) {
                    utilDebug.message("checksessionUpgrade: authlevel");
                }
                if (Integer.parseInt((String) hashtable.get("authlevel")) > Integer.parseInt(sSOToken.getProperty("AuthLevel"))) {
                    z = true;
                }
            } else if (hashtable.get("sunamcompositeadvice") != null) {
                if (utilDebug.messageEnabled()) {
                    utilDebug.message("checksessionUpgrade: composite advice");
                }
                z = true;
            }
        } catch (Exception e) {
            utilDebug.message("Exception in checkSessionUpgrade : ", e);
        }
        if (utilDebug.messageEnabled()) {
            utilDebug.message("Check session upgrade : " + z);
        }
        return z;
    }

    public static boolean isSessionUpgradeOrForceAuth(HttpServletRequest httpServletRequest) {
        Hashtable parseRequestParameters = parseRequestParameters(httpServletRequest);
        boolean forceAuthFlagExists = forceAuthFlagExists(parseRequestParameters);
        if (!forceAuthFlagExists) {
            try {
                return checkSessionUpgrade(SSOTokenManager.getInstance().createSSOToken(httpServletRequest), parseRequestParameters);
            } catch (SSOException e) {
                if (utilDebug.messageEnabled()) {
                    utilDebug.message("Unable to create sso token for isSessionUpgrade check: ", e);
                }
            }
        }
        return forceAuthFlagExists;
    }

    public static String getCookieURLForSessionUpgrade(HttpServletRequest httpServletRequest) {
        String cookieURL;
        try {
            SSOTokenManager sSOTokenManager = SSOTokenManager.getInstance();
            SSOToken createSSOToken = sSOTokenManager.createSSOToken(httpServletRequest);
            Hashtable parseRequestParameters = parseRequestParameters(httpServletRequest);
            if (!sSOTokenManager.isValidToken(createSSOToken) || (cookieURL = getCookieURL(new SessionID(createSSOToken.getTokenID().toString()))) == null || isLocalServer(cookieURL, true)) {
                return null;
            }
            if (!forceAuthFlagExists(parseRequestParameters)) {
                if (!checkSessionUpgrade(createSSOToken, parseRequestParameters)) {
                    return null;
                }
            }
            return cookieURL;
        } catch (SSOException e) {
            if (!utilDebug.messageEnabled()) {
                return null;
            }
            utilDebug.message("SSOException occurred while checking session upgrade case", e);
            return null;
        }
    }

    public static String getCookieURL(SessionID sessionID) {
        String str = null;
        try {
            URL sessionServiceURL = sessionServiceURLService.getSessionServiceURL(sessionID);
            str = sessionServiceURL.getProtocol() + ISAuthConstants.URL_SEPARATOR + sessionServiceURL.getHost() + ":" + Integer.toString(sessionServiceURL.getPort()) + serviceURI;
        } catch (SessionException e) {
            if (utilDebug.messageEnabled()) {
                utilDebug.message("LoginServlet error in Session : ", e);
            }
        }
        return str;
    }

    public static boolean isClientDetectionEnabled() {
        boolean z = false;
        if (clientDetector != null) {
            z = clientDetector.isDetectionEnabled();
        } else {
            utilDebug.message("getClientDetector,Service does not exist");
        }
        if (utilDebug.messageEnabled()) {
            utilDebug.message("clientDetectionEnabled = " + z);
        }
        return z;
    }

    public static String getClientType(HttpServletRequest httpServletRequest) {
        if (!isClientDetectionEnabled() || clientDetector == null) {
            return getDefaultClientType();
        }
        if (utilDebug.messageEnabled()) {
            utilDebug.message("clienttype = " + clientDetector.getClientType(httpServletRequest));
        }
        return clientDetector.getClientType(httpServletRequest);
    }

    public static String getDefaultClientType() {
        String str = "genericHTML";
        if (defaultClient != null) {
            try {
                str = defaultClient.getClientType();
            } catch (Exception e) {
                utilDebug.error("getDefaultClientType Error : ", e);
            }
        }
        if (utilDebug.messageEnabled()) {
            utilDebug.message("getDefaultClientType, ClientType = " + str);
        }
        return str;
    }

    private static Client getClientInstance(String str) {
        if (!str.equals(getDefaultClientType())) {
            try {
                return AuthClient.getInstance(str, null);
            } catch (Exception e) {
                utilDebug.warning("getClientInstance: clientType='{}'", str, e);
            }
        }
        return defaultClient;
    }

    private static String getProperty(String str, String str2) {
        if (clientDetector == null || !isClientDetectionEnabled()) {
            return null;
        }
        try {
            return getClientInstance(str).getProperty(str2);
        } catch (Exception e) {
            utilDebug.warning("Error retrieving Client Data : property='{}'", str2, e);
            return getDefaultProperty(str2);
        }
    }

    public static String getDefaultProperty(String str) {
        try {
            return defaultClient.getProperty(str);
        } catch (Exception e) {
            utilDebug.warning("Could not get property='{}'", str, e);
            return null;
        }
    }

    public static String getCharSet(String str, Locale locale) {
        String str2;
        String str3 = Client.CDM_DEFAULT_CHARSET;
        if (isClientDetectionEnabled()) {
            try {
                str2 = getClientInstance(str).getCharset(locale);
            } catch (Exception e) {
                if (utilDebug.warningEnabled()) {
                    utilDebug.warning("AuthClientUtils.getCharSet:Client data was not found, setting charset to UTF-8.");
                }
                str2 = "UTF-8";
            }
            if (utilDebug.messageEnabled()) {
                utilDebug.message("AuthClientUtils.getCharSet: Charset from Client is charset='{}'", str2);
            }
        } else {
            str2 = "UTF-8";
        }
        return str2;
    }

    public static String getFilePath(String str) {
        String property = getProperty(str, ISAuthConstants.FILE_PATH_PROPERTY);
        return property == null ? "html" : property;
    }

    public static String getContentType(String str) {
        String property = getProperty(str, "contentType");
        return property == null ? "text/html" : property;
    }

    public static String getCookieSupport(String str) {
        String property = getProperty(str, ISAuthConstants.COOKIE_SUPPORT_PROPERTY);
        return property == null ? "true" : property;
    }

    public static boolean isGenericHTMLClient(String str) {
        String property = getProperty(str, "genericHTML");
        return property == null || "true".equals(property);
    }

    public static boolean isSetCookie(String str) {
        boolean cookieVal = setCookieVal(str, "true");
        if (utilDebug.messageEnabled()) {
            utilDebug.message("setCookie : " + cookieVal);
        }
        return cookieVal;
    }

    public static boolean setCookieVal(String str, String str2) {
        String cookieSupport = getCookieSupport(str);
        boolean cookieDetect = getCookieDetect(cookieSupport);
        boolean z = (cookieSupport != null && (cookieSupport.equalsIgnoreCase(str2) || cookieSupport.equalsIgnoreCase(ISAuthConstants.COOKIE_DETECT_PROPERTY))) || cookieDetect;
        if (utilDebug.messageEnabled()) {
            utilDebug.message("cookieSupport='{}', cookieDetect='{}', setCookie='{}'", cookieSupport, Boolean.valueOf(cookieDetect), Boolean.valueOf(z));
        }
        return z;
    }

    public static boolean getCookieDetect(String str) {
        boolean z = str == null || str.equalsIgnoreCase(ISAuthConstants.COOKIE_DETECT_PROPERTY);
        if (utilDebug.messageEnabled()) {
            utilDebug.message("CookieDetect : " + z);
        }
        return z;
    }

    public static String getClientURLFromString(String str, int i, HttpServletRequest httpServletRequest) {
        String substring;
        String str2 = null;
        if (str != null && (substring = str.substring(0, i)) != null && substring.equals(getClientType(httpServletRequest)) && str.length() > i) {
            str2 = str.substring(i + 1);
        }
        if (utilDebug.messageEnabled()) {
            utilDebug.message("Client URL is :" + str2);
        }
        return str2;
    }

    public static boolean isUrlRewrite(String str) {
        boolean cookieVal = setCookieVal(str, "false");
        if (utilDebug.messageEnabled()) {
            utilDebug.message("rewriteURL : " + cookieVal);
        }
        return cookieVal;
    }

    public static String getDSAMEVersion() {
        return dsameVersion;
    }

    public static boolean isVersionHeaderEnabled() {
        return isVersionHeaderEnabled;
    }

    public static String getAuthCookieName() {
        return authCookieName;
    }

    public static String getDistAuthCookieName() {
        return distAuthCookieName;
    }

    public static String getCookieName() {
        return cookieName;
    }

    public static String getlbCookieName() {
        String str = SystemProperties.isServerMode() ? SystemProperties.get(Constants.AM_LB_COOKIE_NAME, "amlbcookie") : SystemProperties.get(Constants.AM_DISTAUTH_LB_COOKIE_NAME);
        if (utilDebug.messageEnabled()) {
            utilDebug.message("AuthClientUtils.getlbCookieName() loadBalanceCookieName is:" + str);
        }
        return str;
    }

    public static String getlbCookieValue() {
        if (!SystemProperties.isServerMode()) {
            return SystemProperties.get(Constants.AM_DISTAUTH_LB_COOKIE_VALUE);
        }
        try {
            return WebtopNaming.getLBCookieValue(WebtopNaming.getAMServerID());
        } catch (Exception e) {
            if (!utilDebug.messageEnabled()) {
                return null;
            }
            utilDebug.message("AuthClientUtils.getlbCookieValue(). Can't get the lbCookie value.", e);
            return null;
        }
    }

    public static Set<String> getCookieDomains() {
        Set<String> set = Collections.EMPTY_SET;
        try {
            try {
                set = new ServiceSchemaManager("iPlanetAMPlatformService", (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance())).getGlobalSchema().getAttributeDefaults().get("iplanet-am-platform-cookie-domains");
            } catch (SMSException e) {
                utilDebug.message("getCookieDomains - SMSException ");
            }
            if (set == null) {
                set = Collections.singleton(null);
            }
        } catch (SSOException e2) {
            utilDebug.message("getCookieDomains - SSOException ");
        }
        if (utilDebug.messageEnabled() && !set.isEmpty()) {
            StringBuilder sb = new StringBuilder("CookieDomains : ");
            Iterator<String> it = set.iterator();
            while (it.hasNext()) {
                sb.append("  '").append(it.next()).append("'");
            }
            utilDebug.message(sb.toString());
        }
        return set;
    }

    public static Set<String> getCookieDomainsForRequest(HttpServletRequest httpServletRequest) {
        Set<String> cookieDomains = getCookieDomains();
        if (httpServletRequest == null) {
            return cookieDomains;
        }
        Set<String> matchingCookieDomains = CookieUtils.getMatchingCookieDomains(httpServletRequest, cookieDomains);
        if (utilDebug.messageEnabled()) {
            utilDebug.message("AuthClientUtils:getCookieDomainsForRequest returns " + matchingCookieDomains);
        }
        return matchingCookieDomains;
    }

    public static String getOrganizationDN(String str, boolean z, HttpServletRequest httpServletRequest) {
        String str2 = null;
        try {
            str2 = Realm.of(str).asDN();
            if (str2 != null && str2.length() != 0) {
                str2 = str2.toLowerCase();
            }
        } catch (Exception e) {
            if (utilDebug.messageEnabled()) {
                utilDebug.message("Could not get orgName", e);
            }
        }
        if ((str2 == null || str2.length() == 0) && z && httpServletRequest != null) {
            String stringBuffer = httpServletRequest.getRequestURL().toString();
            int indexOf = stringBuffer.indexOf(";");
            str = indexOf != -1 ? stripPort(stringBuffer.substring(0, indexOf)) : stripPort(stringBuffer);
            try {
                str2 = Realm.of(str).asDN();
            } catch (Exception e2) {
                if (utilDebug.messageEnabled()) {
                    utilDebug.message("Could not get orgName='{}'", str, e2);
                }
            }
        }
        if (utilDebug.messageEnabled()) {
            utilDebug.message("getOrganizationDN : orgParam.='{}', orgDN='{}'", str, str2);
        }
        return str2;
    }

    public static String getDomainNameByRequest(HttpServletRequest httpServletRequest, Map<String, String> map) {
        boolean z = false;
        String realmFromPolicyAdvice = getRealmFromPolicyAdvice(map);
        if (realmFromPolicyAdvice == null) {
            realmFromPolicyAdvice = getRealmFromAttribute(httpServletRequest);
        }
        String orgParam = getOrgParam(map);
        if (realmFromPolicyAdvice != null) {
            orgParam = realmFromPolicyAdvice;
        }
        if (utilDebug.messageEnabled()) {
            utilDebug.message("orgParam='{}'", orgParam);
        }
        if (orgParam == null || orgParam.length() == 0) {
            z = true;
            orgParam = httpServletRequest.getServerName();
            if (utilDebug.messageEnabled()) {
                utilDebug.message("Hostname='{}'", orgParam);
            }
        }
        String organizationDN = getOrganizationDN(orgParam, z, httpServletRequest);
        if (utilDebug.messageEnabled()) {
            utilDebug.message("orgDN='{}'", organizationDN);
        }
        return organizationDN;
    }

    private static String getRealmFromAttribute(HttpServletRequest httpServletRequest) {
        return (String) httpServletRequest.getAttribute("realm");
    }

    public static String getOrgParam(Map<String, String> map) {
        String str = null;
        if (map != null && !map.isEmpty()) {
            str = map.get("domain");
            if (str == null || str.length() == 0) {
                str = map.get("org");
            }
            if (str == null || str.length() == 0) {
                str = map.get("realm");
            }
        }
        return str;
    }

    static String stripPort(String str) {
        try {
            URL url = new URL(str);
            return url.getProtocol() + ISAuthConstants.URL_SEPARATOR + url.getHost() + url.getFile();
        } catch (MalformedURLException e) {
            if (utilDebug.messageEnabled()) {
                utilDebug.message("URL='{}' is mal formed", str, e);
            }
            return str;
        }
    }

    public static boolean isValidFQDNRequest(String str) {
        if (utilDebug.messageEnabled()) {
            utilDebug.message("hostName is : " + str);
        }
        boolean isHostnameValid = FqdnValidator.getInstance().isHostnameValid(str);
        if (utilDebug.messageEnabled()) {
            if (isHostnameValid) {
                utilDebug.message("hostname  and fqdnDefault match returning true");
            } else {
                utilDebug.message("hostname and fqdnDefault don't match");
            }
            utilDebug.message("retVal is : " + isHostnameValid);
        }
        return isHostnameValid;
    }

    public static String getValidFQDNResource(String str, HttpServletRequest httpServletRequest) {
        if (utilDebug.messageEnabled()) {
            utilDebug.message("Get mapping for " + str);
        }
        String fullyQualifiedHostName = FqdnValidator.getInstance().getFullyQualifiedHostName(str);
        if (fullyQualifiedHostName == null) {
            fullyQualifiedHostName = str;
        }
        if (utilDebug.messageEnabled()) {
            utilDebug.message("fully qualified hostname :" + fullyQualifiedHostName);
        }
        String constructURL = constructURL(fullyQualifiedHostName, httpServletRequest);
        if (utilDebug.messageEnabled()) {
            utilDebug.message("Request URL :" + constructURL);
        }
        return constructURL;
    }

    public static String getHostName(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("host");
        if (header != null) {
            int indexOf = header.indexOf(":");
            if (indexOf != -1) {
                header = header.substring(0, indexOf);
            }
        } else {
            header = httpServletRequest.getServerName();
        }
        if (utilDebug.messageEnabled()) {
            utilDebug.message("Returning host name : " + header);
        }
        return header;
    }

    static String constructURL(String str, HttpServletRequest httpServletRequest) {
        String redirectProtocol = RequestUtils.getRedirectProtocol(httpServletRequest.getScheme(), str);
        int serverPort = httpServletRequest.getServerPort();
        String requestURI = httpServletRequest.getRequestURI();
        String queryString = httpServletRequest.getQueryString();
        StringBuilder sb = new StringBuilder();
        sb.append(redirectProtocol).append(ISAuthConstants.URL_SEPARATOR).append(str).append(":").append(serverPort).append(requestURI);
        if (queryString != null) {
            sb.append("?").append(queryString);
        }
        String sb2 = sb.toString();
        if (utilDebug.messageEnabled()) {
            utilDebug.message("returning new url : " + sb2);
        }
        return sb2;
    }

    private static boolean ignoreParameter(String str) {
        boolean z = false;
        int i = 0;
        while (true) {
            if (i >= ignoreList.length) {
                break;
            }
            if (str.equalsIgnoreCase(ignoreList[i])) {
                z = true;
                break;
            }
            i++;
        }
        return z;
    }

    public static String constructLoginURL(HttpServletRequest httpServletRequest) {
        StringBuilder sb = new StringBuilder(serviceURI);
        StringBuilder sb2 = new StringBuilder();
        String characterEncoding = httpServletRequest.getCharacterEncoding();
        String str = characterEncoding != null ? characterEncoding : "UTF-8";
        boolean parseBoolean = Boolean.parseBoolean(httpServletRequest.getParameter("encoded"));
        if (httpServletRequest.getAttribute("javax.servlet.forward.servlet_path") != null) {
            sb2.append(httpServletRequest.getQueryString());
            if (sb2.length() > 0) {
                sb.append('?').append((CharSequence) sb2);
            }
            if (utilDebug.messageEnabled()) {
                utilDebug.message("constructLoginURL: Returning login url for forwarded request: " + ((Object) sb));
            }
            return sb.toString();
        }
        Enumeration parameterNames = httpServletRequest.getParameterNames();
        while (parameterNames.hasMoreElements()) {
            String str2 = (String) parameterNames.nextElement();
            if (utilDebug.messageEnabled()) {
                utilDebug.message("constructLoginURL:parameter: " + str2);
            }
            if (!ignoreParameter(str2)) {
                if (str2.equalsIgnoreCase("SunQueryParamsString")) {
                    String parameter = httpServletRequest.getParameter(str2);
                    if (parameter != null && parameter.length() > 0) {
                        String decodeAsUTF8String = Base64.decodeAsUTF8String(parameter);
                        if (decodeAsUTF8String == null && utilDebug.warningEnabled()) {
                            utilDebug.warning("Parameter ['{}']='{}' should be base64 encoded", str2, parameter);
                        }
                        parameter = decodeAsUTF8String;
                    }
                    if (parameter != null && parameter.length() > 0) {
                        if (utilDebug.messageEnabled()) {
                            utilDebug.message("constructLoginURL: value: " + parameter);
                        }
                        parameter = URLencodedSunQueryParamsString(parameter, str);
                    }
                    sb2.append(parameter);
                } else {
                    String parameter2 = httpServletRequest.getParameter(str2);
                    if (StringUtils.isNotEmpty(parameter2)) {
                        if (("goto".equals(str2) || RedirectUrlValidator.GOTO_ON_FAIL.equals(str2)) && parseBoolean) {
                            String decodeAsUTF8String2 = Base64.decodeAsUTF8String(parameter2);
                            if (decodeAsUTF8String2 == null && utilDebug.warningEnabled()) {
                                utilDebug.warning("As parameter 'encoded' is true, parameter ['{}']='{}' should be base64 encoded", str2, parameter2);
                            }
                            parameter2 = decodeAsUTF8String2;
                            if (utilDebug.messageEnabled()) {
                                utilDebug.message("constructLoginURL: Base64 decoded " + str2 + "='{}'", parameter2);
                            }
                        }
                        sb2.append(URLEncDec.encode(str2)).append("=").append(URLEncDec.encode(getCharDecodedField(parameter2, str)));
                    }
                }
                if (parameterNames.hasMoreElements()) {
                    sb2.append("&");
                }
            }
        }
        if (sb2.length() > 0) {
            sb.append("?").append((CharSequence) sb2);
        }
        if (utilDebug.messageEnabled()) {
            utilDebug.message("AuthClientUtils.constructLoginURL()returning URLEncoded login url : " + ((Object) sb));
        }
        return sb.toString();
    }

    private static String URLencodedCompositeAdvice(String str) {
        StringBuilder sb = new StringBuilder(400);
        StringTokenizer stringTokenizer = new StringTokenizer(str, "&");
        String str2 = null;
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            if (nextToken.indexOf("sunamcompositeadvice") != -1) {
                str2 = nextToken;
            } else {
                sb.append(nextToken).append("&");
            }
        }
        String substring = str2.substring(str2.indexOf("=") + 1);
        sb.append("sunamcompositeadvice").append("=");
        sb.append(URLEncDec.encode(substring));
        return sb.toString();
    }

    protected static String URLencodedSunQueryParamsString(String str, String str2) {
        StringBuilder sb = new StringBuilder(400);
        StringTokenizer stringTokenizer = new StringTokenizer(str, "&");
        while (stringTokenizer.hasMoreTokens()) {
            String nextToken = stringTokenizer.nextToken();
            if (nextToken.indexOf("=") != -1) {
                int indexOf = nextToken.indexOf("=");
                String substring = nextToken.substring(0, indexOf);
                String substring2 = nextToken.substring(indexOf + 1);
                if (substring.equalsIgnoreCase("realm") || substring.equalsIgnoreCase("org") || substring.equalsIgnoreCase(ISAuthConstants.MODULE_PARAM)) {
                    substring2 = getCharDecodedField(substring2, str2);
                }
                sb.append(URLEncDec.encode(substring));
                sb.append("=");
                sb.append(URLEncDec.encode(substring2));
                if (stringTokenizer.hasMoreTokens()) {
                    sb.append("&");
                }
            }
        }
        return sb.toString();
    }

    public static SSOToken getExistingValidSSOToken(SessionID sessionID) {
        SSOToken sSOToken = null;
        if (sessionID != null) {
            try {
                String sessionID2 = sessionID.toString();
                SSOTokenManager sSOTokenManager = SSOTokenManager.getInstance();
                SSOToken createSSOToken = sSOTokenManager.createSSOToken(sessionID2);
                if (sSOTokenManager.isValidToken(createSSOToken)) {
                    sSOToken = createSSOToken;
                }
            } catch (Exception e) {
                if (utilDebug.messageEnabled()) {
                    utilDebug.message("Error in getExistingValidSSOToken {} {}", sessionID, e.toString());
                }
                return null;
            }
        }
        return sSOToken;
    }

    public static boolean isTimedOut(SessionID sessionID) {
        boolean z = false;
        if (sessionID != null) {
            try {
                String sessionID2 = sessionID.toString();
                SSOTokenManager sSOTokenManager = SSOTokenManager.getInstance();
                if (sSOTokenManager.isValidToken(sSOTokenManager.createSSOToken(sessionID2))) {
                    z = false;
                }
            } catch (Exception e) {
                if (e.getMessage().indexOf("Session timed out") != -1) {
                    z = true;
                }
            }
        }
        if (utilDebug.messageEnabled()) {
            utilDebug.message("Session Timed Out :" + z);
        }
        return z;
    }

    public static String getErrorVal(String str, String str2) {
        if (com.sun.identity.shared.locale.Locale.getDefaultLocale() != bundle.getLocale()) {
            bundle = com.sun.identity.shared.locale.Locale.getInstallResourceBundle("amAuth");
        }
        return getErrorVal(str, str2, bundle);
    }

    public static String getErrorVal(String str, String str2, ResourceBundle resourceBundle) {
        ResourceBundle resourceBundle2 = resourceBundle;
        if (resourceBundle2 == null) {
            resourceBundle2 = com.sun.identity.shared.locale.Locale.getInstallResourceBundle("amAuth");
        }
        String str3 = null;
        String str4 = null;
        String string = resourceBundle2.getString(str);
        if (utilDebug.messageEnabled()) {
            utilDebug.message("errorCod='{}', resProperty='{}'", str, string);
        }
        if (string != null && string.length() != 0) {
            int indexOf = string.indexOf("|");
            if (indexOf != -1) {
                str4 = string.substring(indexOf + 1, string.length());
                str3 = string.substring(0, indexOf);
            } else {
                str3 = string;
            }
        }
        if (ERROR_MESSAGE.equals(str2)) {
            return str3;
        }
        if (ERROR_TEMPLATE.equals(str2)) {
            return str4;
        }
        return null;
    }

    public static boolean isCookieSupported(HttpServletRequest httpServletRequest) {
        boolean z = true;
        String cookieSupport = getCookieSupport(getClientType(httpServletRequest));
        if (cookieSupport != null && "false".equals(cookieSupport)) {
            z = false;
        }
        return z;
    }

    public static boolean isCookieSet(HttpServletRequest httpServletRequest) {
        boolean z = false;
        boolean cookieDetect = getCookieDetect(getCookieSupport(getClientType(httpServletRequest)));
        if (isClientDetectionEnabled() && cookieDetect) {
            z = true;
        }
        return z;
    }

    public static Cookie createCookie(String str, String str2, int i, String str3) {
        Cookie newCookie = CookieUtils.newCookie(str, str2, "/", str3);
        if (i >= 0) {
            newCookie.setMaxAge(i);
        }
        if (utilDebug.messageEnabled()) {
            utilDebug.message("pCookie='{}'", newCookie);
        }
        return newCookie;
    }

    public static Cookie createlbCookie(String str) throws AuthException {
        try {
            if (utilDebug.messageEnabled()) {
                utilDebug.message("cookieDomain : " + str);
            }
            return createCookie(getlbCookieName(), getlbCookieValue(), -1, str);
        } catch (Exception e) {
            utilDebug.message("Unable to create Load Balance Cookie");
            throw new AuthException("102", null);
        }
    }

    public static Cookie getCookieString(AuthContext authContext, String str) {
        Cookie cookie = null;
        String authCookieName2 = getAuthCookieName();
        String str2 = serverURL + serviceURI;
        try {
            if (authContext.getStatus() == AuthContext.Status.SUCCESS) {
                authCookieName2 = getCookieName();
                str2 = authContext.getAuthIdentifier();
                utilDebug.message("Create AM cookie");
            }
            cookie = createCookie(authCookieName2, str2, str);
            if (CookieUtils.isCookieSecure()) {
                cookie.setSecure(true);
            }
        } catch (Exception e) {
            if (utilDebug.messageEnabled()) {
                utilDebug.message("Error getCookieString : ", e);
            }
        }
        if (utilDebug.messageEnabled()) {
            utilDebug.message("Cookie is : " + cookie);
        }
        return cookie;
    }

    public static String encodeURL(String str, HttpServletRequest httpServletRequest, AuthContext authContext) {
        if (isCookieSupported(httpServletRequest)) {
            return str;
        }
        String authCookieName2 = getAuthCookieName();
        if (authContext.getStatus() == AuthContext.Status.SUCCESS) {
            authCookieName2 = getCookieName();
        }
        String encodeURL = urlRewriteInPath ? encodeURL(str, (short) 2, false, authCookieName2, authContext.getAuthIdentifier()) : encodeURL(str, (short) 0, true, authCookieName2, authContext.getAuthIdentifier());
        if (utilDebug.messageEnabled()) {
            utilDebug.message("encodeURL : URL='{}', \nRewritten URL='{}'", str, encodeURL);
        }
        return encodeURL;
    }

    private static String encodeURL(String str, short s, boolean z, String str2, String str3) {
        return SessionEncodeURL.encodeURL(SessionEncodeURL.createCookieString(str2, str3), str, s, z);
    }

    public static String getDefaultFileName(HttpServletRequest httpServletRequest, String str, Locale locale, ServletContext servletContext) {
        String organizationDN;
        String str2;
        String locale2 = locale != null ? locale.toString() : "";
        String filePath = getFilePath(getClientType(httpServletRequest));
        String fileRoot = getFileRoot();
        try {
            organizationDN = getDomainNameByRequest(httpServletRequest, parseRequestParameters(httpServletRequest));
        } catch (Exception e) {
            organizationDN = getOrganizationDN("/", false, httpServletRequest);
        }
        try {
            str2 = ResourceLookup.getFirstExisting(servletContext, fileRoot, locale2, getOrgFilePath(organizationDN), filePath, str, templatePath);
        } catch (Exception e2) {
            str2 = templatePath + fileRoot + "/" + str;
        }
        if (utilDebug.messageEnabled()) {
            utilDebug.message("getDefaultFileName:templateFile is :" + str2);
        }
        return str2;
    }

    public static String getRootSuffix() {
        return rootSuffix;
    }

    protected static String getFileRoot() {
        String DNtoName = DNUtils.DNtoName(rootSuffix);
        if (utilDebug.messageEnabled()) {
            utilDebug.message("rootOrgName is : " + DNtoName);
        }
        return DNtoName != null ? DNtoName : "default";
    }

    private static String getCharsetFileName(String str) {
        String mIMECharset = new ISLocaleContext().getMIMECharset();
        if (str == null) {
            return null;
        }
        int indexOf = str.indexOf(DefaultExpressionEngine.DEFAULT_PROPERTY_DELIMITER);
        String str2 = indexOf != -1 ? str.substring(0, indexOf) + SwaggerApiProducer.VersionTransformer.PATH_FRAGMENT_COMPONENT_SEPARATOR + mIMECharset + str.substring(indexOf) : str + SwaggerApiProducer.VersionTransformer.PATH_FRAGMENT_COMPONENT_SEPARATOR + mIMECharset;
        if (utilDebug.messageEnabled()) {
            utilDebug.message("charsetFilename is : " + str2);
        }
        return str2;
    }

    public static String getResourceLocation(String str, String str2, String str3, String str4, String str5, String str6, ServletContext servletContext, HttpServletRequest httpServletRequest) {
        String str7 = null;
        String clientType = getClientType(httpServletRequest);
        if (clientType != null && !clientType.equals(getDefaultClientType())) {
            str7 = ResourceLookup.getFirstExisting(servletContext, str, str2, str3, str4, getCharsetFileName(str5), str6);
        }
        if (str7 == null) {
            str7 = ResourceLookup.getFirstExisting(servletContext, str, str2, str3, str4, str5, str6);
        }
        if (utilDebug.messageEnabled()) {
            utilDebug.message("resourceName='{}'", str7);
        }
        return str7;
    }

    public static String getFilePath(HttpServletRequest httpServletRequest, AuthContext.IndexType indexType, String str) {
        String filePath = getFilePath(getClientType(httpServletRequest));
        String str2 = null;
        StringBuilder sb = new StringBuilder();
        if (AuthContext.IndexType.SERVICE.equals(indexType)) {
            str2 = str;
        }
        if (filePath == null && str2 == null) {
            return null;
        }
        if (filePath != null && !filePath.isEmpty()) {
            sb.append("/").append(filePath);
        }
        if (str2 != null && !str2.isEmpty()) {
            sb.append("/").append(str2.toLowerCase());
        }
        String sb2 = sb.toString();
        if (utilDebug.messageEnabled()) {
            utilDebug.message("FilePath='{}'", sb2);
        }
        return sb2;
    }

    public static String getOrgFilePath(String str) {
        if (utilDebug.messageEnabled()) {
            utilDebug.message("getOrgFilePath : orgDN is: " + str);
        }
        String normalizeDN = DNUtils.normalizeDN(str);
        String str2 = null;
        if (normalizeDN != null) {
            StringBuilder sb = new StringBuilder();
            String str3 = normalizeDN;
            while (str3 != null && str3.length() != 0 && !str3.equals(getRootSuffix())) {
                sb = sb.insert(0, "/" + DNUtils.DNtoName(str3));
                int indexOf = str3.indexOf(",");
                if (indexOf == -1) {
                    break;
                }
                str3 = str3.substring(indexOf + 1);
                if (utilDebug.messageEnabled()) {
                    utilDebug.message("remOrgDN is : " + str3);
                }
            }
            str2 = sb.toString();
        }
        if (utilDebug.messageEnabled()) {
            utilDebug.message("getOrgFilePath: orgPath is : " + str2);
        }
        return str2;
    }

    public static String getFileName(String str, String str2, String str3, HttpServletRequest httpServletRequest, ServletContext servletContext, AuthContext.IndexType indexType, String str4) {
        String str5;
        String fileRoot = getFileRoot();
        try {
            String filePath = getFilePath(httpServletRequest, indexType, str4);
            String orgFilePath = getOrgFilePath(str3);
            if (utilDebug.messageEnabled()) {
                utilDebug.message("Calling ResourceLookup: filename='{}', defaultOrg='{}', locale='{}', filePath='{}', orgPath='{}'", str, fileRoot, str2, filePath, orgFilePath);
            }
            str5 = getResourceLocation(fileRoot, str2, orgFilePath, filePath, str, templatePath, servletContext, httpServletRequest);
        } catch (Exception e) {
            utilDebug.message("Error getting File : ", e);
            str5 = templatePath + "/default/" + str;
        }
        if (utilDebug.messageEnabled()) {
            utilDebug.message("File/Resource is : " + str5);
        }
        return str5;
    }

    public static String getAuthCookieValue(HttpServletRequest httpServletRequest) {
        String str = (String) httpServletRequest.getAttribute("forwardrequest");
        if (utilDebug.messageEnabled()) {
            utilDebug.message("AuthClientUtils.getAuthCookieValue: is forward = " + str);
        }
        String str2 = null;
        if ("yes".equals(str)) {
            str2 = SessionEncodeURL.getSidFromURL(httpServletRequest, getAuthCookieName());
        }
        return str2 == null ? CookieUtils.getCookieValueFromReq(httpServletRequest, getAuthCookieName()) : str2;
    }

    public static String getDomainNameByRequest(Map<String, String> map) {
        String realmFromPolicyAdvice = getRealmFromPolicyAdvice(map);
        String orgParam = getOrgParam(map);
        if (realmFromPolicyAdvice != null) {
            orgParam = realmFromPolicyAdvice;
        }
        if (utilDebug.messageEnabled()) {
            utilDebug.message("orgParam='{}'", orgParam);
        }
        if (orgParam == null || orgParam.length() == 0) {
            orgParam = "/";
            if (utilDebug.messageEnabled()) {
                utilDebug.message("defaultOrg : " + orgParam);
            }
        }
        String organizationDN = getOrganizationDN(orgParam, false, null);
        if (utilDebug.messageEnabled()) {
            utilDebug.message("orgDN is " + organizationDN);
        }
        return organizationDN;
    }

    private static String getRealmFromPolicyAdvice(Map<String, String> map) {
        String str;
        if (map == null || (str = map.get("sunamcompositeadvice")) == null) {
            return null;
        }
        try {
            return getRealmFromPolicyAdvice(URLDecoder.decode(str, "UTF-8"));
        } catch (UnsupportedEncodingException e) {
            utilDebug.error("Unable to URLdecode condition advice using UTF-8");
            return null;
        }
    }

    public static String getRealmFromPolicyAdvice(String str) {
        String str2 = null;
        try {
            Map parseAdvicesXML = PolicyUtils.parseAdvicesXML(str);
            if (parseAdvicesXML != null) {
                for (Map.Entry entry : parseAdvicesXML.entrySet()) {
                    String str3 = (String) entry.getKey();
                    for (String str4 : (Set) entry.getValue()) {
                        String str5 = null;
                        if (str3.equals("AuthenticateToRealmConditionAdvice")) {
                            str5 = str4;
                        } else {
                            int indexOf = str4.indexOf(58);
                            if (indexOf != -1) {
                                str5 = str4.substring(0, indexOf);
                            }
                        }
                        if (str2 == null) {
                            str2 = str5;
                        } else if (str5 != null && !str2.equalsIgnoreCase(str5)) {
                            throw new IllegalArgumentException("More than one realm defined in the Policy Advice");
                        }
                    }
                }
            }
        } catch (PolicyException e) {
            utilDebug.error("Unable to parse policy condition advices", e);
        }
        return str2;
    }

    public static boolean isLocalServer(String str, boolean z) {
        boolean z2 = false;
        try {
            String str2 = serverURL + serviceURI;
            if (utilDebug.messageEnabled()) {
                utilDebug.message("This server URL='{}', Server URL from cookie='{}'", str2, str);
            }
            if (str2 != null && str != null && str.equalsIgnoreCase(str2)) {
                z2 = true;
            }
            if (!z2 && z && str != null) {
                int indexOf = str.indexOf(serviceURI);
                String str3 = str;
                if (indexOf != -1) {
                    str3 = str.substring(0, indexOf) + SystemProperties.get("com.iplanet.am.services.deploymentDescriptor");
                }
                Set<String> platformServerList = WebtopNaming.getPlatformServerList();
                if (utilDebug.messageEnabled()) {
                    utilDebug.message("search CookieURL='{}', platform server List='{}' ", str3, platformServerList);
                }
                if (!platformServerList.contains(str3)) {
                    z2 = true;
                }
            }
        } catch (Exception e) {
            if (utilDebug.messageEnabled()) {
                utilDebug.message("Error isLocalServer : " + e.getMessage());
            }
        }
        return z2;
    }

    public static boolean isLocalServer(String str, String str2) {
        int indexOf = str.indexOf(str2);
        String str3 = str;
        if (indexOf != -1) {
            str3 = str.substring(0, indexOf);
        }
        return isLocalServer(str3 + serviceURI, true);
    }

    public static boolean isServerMemberOfLocalSite(String str) {
        boolean z = false;
        try {
            if (distAuthSitesMap.isEmpty()) {
                z = true;
            } else {
                String siteID = WebtopNaming.getSiteID(WebtopNaming.getAMServerID());
                if (siteID == null) {
                    if (!utilDebug.warningEnabled()) {
                        return false;
                    }
                    utilDebug.warning("AuthClientUtils::isServerMemberOfLocalSite:unable to determine local site id: " + WebtopNaming.getAMServerID());
                    return false;
                }
                String siteNameById = WebtopNaming.getSiteNameById(siteID);
                if (siteNameById != null) {
                    Set<String> set = distAuthSitesMap.get(siteNameById);
                    if (set == null) {
                        if (!utilDebug.warningEnabled()) {
                            return false;
                        }
                        utilDebug.warning("AuthClientUtils::isServerMemberOfLocalSite:unable to determine distAuthForSite: " + siteNameById);
                        return false;
                    }
                    if (set.contains(str)) {
                        z = true;
                        if (utilDebug.messageEnabled()) {
                            utilDebug.message("AuthClientUtils::isServerMemberOfLocalSite:local URL " + str + " found in local site " + set);
                        }
                    }
                } else {
                    z = true;
                }
            }
        } catch (Exception e) {
            utilDebug.error("AuthClientUtils::isServerMemberOfLocalSite: ", e);
        }
        return z;
    }

    public static Map<String, Object> sendAuthRequestToOrigServer(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        HashMap hashMap = new HashMap();
        if (utilDebug.messageEnabled()) {
            StringBuilder sb = new StringBuilder();
            Enumeration headerNames = httpServletRequest.getHeaderNames();
            while (headerNames.hasMoreElements()) {
                String str2 = (String) headerNames.nextElement();
                sb.append("Header name='").append(str2).append("', Value='").append(httpServletRequest.getHeaders(str2)).append("'\n");
            }
            utilDebug.message(sb.toString());
        }
        OutputStream outputStream = null;
        try {
            try {
                try {
                    String queryString = httpServletRequest.getQueryString();
                    URL url = queryString != null ? new URL(str + "?" + queryString) : new URL(str);
                    if (utilDebug.messageEnabled()) {
                        utilDebug.message("Connecting to : " + url);
                    }
                    HttpURLConnection connection = HttpURLConnectionManager.getConnection(url);
                    connection.setUseCaches(useCache);
                    HttpURLConnection.setFollowRedirects(false);
                    connection.setInstanceFollowRedirects(false);
                    connection.setRequestProperty("Accept-Language", httpServletRequest.getHeader("Accept-Language"));
                    connection.setRequestProperty("Host", httpServletRequest.getHeader("host"));
                    String cookiesString = getCookiesString(removeLocalLoadBalancingCookie(Arrays.asList(httpServletRequest.getCookies())));
                    if (cookiesString != null) {
                        if (utilDebug.messageEnabled()) {
                            utilDebug.message("Sending cookies : " + cookiesString);
                        }
                        connection.setRequestProperty("Cookie", cookiesString);
                    }
                    utilDebug.message("SENDING DATA ... ");
                    copyRequestHeaders(httpServletRequest, connection);
                    if (httpServletRequest.getMethod().equals("GET")) {
                        connection.connect();
                    } else {
                        HashMap hashMap2 = new HashMap();
                        if (queryString != null) {
                            for (String str3 : queryString.split("&")) {
                                int indexOf = str3.indexOf(61);
                                if (indexOf != -1) {
                                    String substring = str3.substring(0, indexOf);
                                    String substring2 = str3.substring(indexOf + 1);
                                    Set set = (Set) hashMap2.get(substring);
                                    if (set == null) {
                                        set = new HashSet();
                                        hashMap2.put(substring, set);
                                    }
                                    set.add(substring2);
                                }
                            }
                        }
                        connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
                        Map parameterMap = httpServletRequest.getParameterMap();
                        HashMap hashMap3 = new HashMap();
                        for (Map.Entry entry : parameterMap.entrySet()) {
                            if (!hashMap2.containsKey(entry.getKey())) {
                                HashSet hashSet = new HashSet();
                                for (String str4 : (String[]) entry.getValue()) {
                                    hashSet.add(getCharDecodedField(str4, "UTF-8"));
                                }
                                hashMap3.put(entry.getKey(), hashSet);
                            }
                        }
                        String formData = getFormData(hashMap3);
                        if (utilDebug.messageEnabled()) {
                            utilDebug.message("Request data : " + formData);
                        }
                        if (formData.trim().length() > 0) {
                            connection.setDoOutput(true);
                            connection.setRequestMethod("POST");
                            outputStream = connection.getOutputStream();
                            PrintWriter printWriter = new PrintWriter(outputStream);
                            printWriter.print(formData);
                            printWriter.flush();
                            printWriter.close();
                        }
                    }
                    utilDebug.message("RECEIVING DATA ... ");
                    if (utilDebug.messageEnabled()) {
                        utilDebug.message("Response Code='{}', Response Message='{}' ", Integer.valueOf(connection.getResponseCode()), connection.getResponseMessage());
                    }
                    if (connection.getResponseCode() == 200) {
                        StringBuilder sb2 = new StringBuilder();
                        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(connection.getInputStream(), "UTF-8"));
                        char[] cArr = new char[1024];
                        while (true) {
                            int read = bufferedReader.read(cArr, 0, cArr.length);
                            if (read == -1) {
                                break;
                            }
                            sb2.append(cArr, 0, read);
                        }
                        String sb3 = sb2.toString();
                        if (utilDebug.messageEnabled()) {
                            utilDebug.message("Received response data : " + sb3);
                        }
                        hashMap.put(SAML2Constants.OUTPUT_DATA, sb3);
                    } else {
                        utilDebug.warning("Response code for proxied auth is NOT OK");
                    }
                    String headerField = connection.getHeaderField("AM_CLIENT_TYPE");
                    if (headerField != null) {
                        hashMap.put("AM_CLIENT_TYPE", headerField);
                    }
                    String headerField2 = connection.getHeaderField("Location");
                    if (headerField2 != null) {
                        try {
                            URL url2 = new URL(headerField2);
                            if (isSameServer(url, url2)) {
                                if (utilDebug.messageEnabled()) {
                                    utilDebug.message("Relative redirect detected");
                                }
                                String path = url2.getPath();
                                headerField2 = (path != null ? path : "") + (url2.getQuery() != null ? "?" + url2.getQuery() : "");
                            }
                            if (utilDebug.messageEnabled()) {
                                utilDebug.message("sendAuthRequestToOrigServer(): Setting redirect URL to: " + headerField2);
                            }
                            hashMap.put(SAML2Constants.AM_REDIRECT_URL, headerField2);
                        } catch (MalformedURLException e) {
                            hashMap.put(SAML2Constants.AM_REDIRECT_URL, headerField2);
                        }
                    }
                    String headerField3 = connection.getHeaderField("Content-Type");
                    if (headerField3 != null) {
                        hashMap.put("CONTENT_TYPE", headerField3);
                    }
                    hashMap.put(SAML2Constants.RESPONSE_CODE, Integer.valueOf(connection.getResponseCode()));
                    copyResponseHeaders(connection.getHeaderFields(), httpServletResponse);
                    if (outputStream != null) {
                        try {
                            outputStream.close();
                        } catch (IOException e2) {
                            if (utilDebug.messageEnabled()) {
                                utilDebug.message("send IOException : ", e2);
                            }
                        }
                    }
                } catch (Throwable th) {
                    if (outputStream != null) {
                        try {
                            outputStream.close();
                        } catch (IOException e3) {
                            if (utilDebug.messageEnabled()) {
                                utilDebug.message("send IOException : ", e3);
                            }
                        }
                    }
                    throw th;
                }
            } catch (IOException e4) {
                hashMap.put("EXCEPTION", e4);
                if (outputStream != null) {
                    try {
                        outputStream.close();
                    } catch (IOException e5) {
                        if (utilDebug.messageEnabled()) {
                            utilDebug.message("send IOException : ", e5);
                        }
                    }
                }
            }
        } catch (Exception e6) {
            if (utilDebug.warningEnabled()) {
                utilDebug.warning("send exception : ", e6);
            }
            if (outputStream != null) {
                try {
                    outputStream.close();
                } catch (IOException e7) {
                    if (utilDebug.messageEnabled()) {
                        utilDebug.message("send IOException : ", e7);
                    }
                }
            }
        }
        return hashMap;
    }

    private static List<Cookie> removeLocalLoadBalancingCookie(List<Cookie> list) {
        String str = getlbCookieName();
        String str2 = getlbCookieValue();
        ArrayList arrayList = new ArrayList();
        for (Cookie cookie : list) {
            if (!Objects.equals(cookie.getName(), str) && !Objects.equals(cookie.getValue(), str2)) {
                arrayList.add(cookie);
            }
        }
        return arrayList;
    }

    private static boolean isSameServer(URL url, URL url2) {
        return url.getProtocol().equals(url2.getProtocol()) && url.getHost().equalsIgnoreCase(url2.getHost()) && (url.getPort() != -1 ? url.getPort() : url.getDefaultPort()) == (url2.getPort() != -1 ? url2.getPort() : url2.getDefaultPort());
    }

    private static void copyRequestHeaders(HttpServletRequest httpServletRequest, HttpURLConnection httpURLConnection) {
        utilDebug.message("AuthClientUtils.copyRequestHeaders: starting to copy request headers");
        Enumeration headerNames = httpServletRequest.getHeaderNames();
        while (headerNames.hasMoreElements()) {
            String str = (String) headerNames.nextElement();
            if (str != null && RETAINED_HTTP_REQUEST_HEADERS.contains(str.toLowerCase())) {
                Enumeration headers = httpServletRequest.getHeaders(str);
                while (headers.hasMoreElements()) {
                    String str2 = (String) headers.nextElement();
                    if (utilDebug.messageEnabled()) {
                        utilDebug.message("Copying header for proxied request: " + str + ": " + str2);
                    }
                    httpURLConnection.addRequestProperty(str, str2);
                }
            }
        }
    }

    private static void copyResponseHeaders(Map<String, List<String>> map, HttpServletResponse httpServletResponse) {
        List<String> value;
        for (Map.Entry<String, List<String>> entry : map.entrySet()) {
            String key = entry.getKey();
            if (key != null && RETAINED_HTTP_HEADERS.contains(key.toLowerCase()) && (value = entry.getValue()) != null) {
                Iterator<String> it = value.iterator();
                while (it.hasNext()) {
                    httpServletResponse.addHeader(key, it.next());
                }
            }
        }
    }

    private static String getFormData(Map<String, Set<String>> map) {
        StringBuilder sb = new StringBuilder();
        for (Map.Entry<String, Set<String>> entry : map.entrySet()) {
            String key = entry.getKey();
            for (String str : entry.getValue()) {
                sb.append(URLEncDec.encode(key));
                sb.append('=');
                sb.append(URLEncDec.encode(str));
                sb.append('&');
            }
        }
        sb.deleteCharAt(sb.length() - 1);
        return sb.toString();
    }

    private static String getCookiesString(List<Cookie> list) {
        StringBuilder sb = null;
        if (list != null) {
            for (Cookie cookie : list) {
                if (utilDebug.messageEnabled()) {
                    utilDebug.message("Cookie name='{}', value='{}'", cookie.getName(), cookie.getValue());
                }
                if (sb == null) {
                    sb = new StringBuilder();
                } else {
                    sb.append(";");
                }
                sb.append(cookie.getName()).append("=").append(cookie.getValue());
            }
        }
        return sb != null ? sb.toString() : null;
    }

    public static void setServerCookie(Cookie cookie, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthException {
        String name = cookie.getName();
        String value = cookie.getValue();
        if (name == null || name.length() == 0) {
            return;
        }
        Set<String> cookieDomainsForRequest = getCookieDomainsForRequest(httpServletRequest);
        if (cookieDomainsForRequest.isEmpty()) {
            CookieUtils.addCookieToResponse(httpServletResponse, createCookie(name, value, null));
            return;
        }
        Iterator<String> it = cookieDomainsForRequest.iterator();
        while (it.hasNext()) {
            CookieUtils.addCookieToResponse(httpServletResponse, createCookie(name, value, it.next()));
        }
    }

    public static void setRedirectBackServerCookie(String str, String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthException {
        if (str == null || str.length() == 0) {
            return;
        }
        Set<String> cookieDomainsForRequest = getCookieDomainsForRequest(httpServletRequest);
        if (cookieDomainsForRequest.isEmpty()) {
            CookieUtils.addCookieToResponse(httpServletResponse, createCookie(str, str2, null));
            return;
        }
        Iterator<String> it = cookieDomainsForRequest.iterator();
        while (it.hasNext()) {
            CookieUtils.addCookieToResponse(httpServletResponse, createCookie(str, str2, it.next()));
        }
    }

    public static void clearServerCookie(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (utilDebug.messageEnabled()) {
            utilDebug.message("In clear server Cookie = " + str);
        }
        if (str == null || str.length() == 0) {
            return;
        }
        Set<String> cookieDomainsForRequest = getCookieDomainsForRequest(httpServletRequest);
        if (cookieDomainsForRequest.isEmpty()) {
            httpServletResponse.addCookie(createCookie(str, "LOGOUT", 0, null));
            utilDebug.message("In clear server added cookie no domain");
        } else {
            Iterator<String> it = cookieDomainsForRequest.iterator();
            while (it.hasNext()) {
                httpServletResponse.addCookie(createCookie(str, "LOGOUT", 0, it.next()));
                utilDebug.message("In clear server Cookie added cookie");
            }
        }
    }

    public static String getQueryStrFromParameters(Map map) {
        StringBuilder sb = new StringBuilder();
        boolean z = true;
        if (map != null && !map.isEmpty()) {
            for (Map.Entry entry : map.entrySet()) {
                String str = (String) entry.getKey();
                String str2 = (String) entry.getValue();
                if (z) {
                    sb.append("?");
                    z = false;
                } else {
                    sb.append("&");
                }
                sb.append(str).append("=").append(str2);
            }
        }
        return sb.toString();
    }

    public static boolean persistAMCookie(Hashtable hashtable) {
        if (Boolean.valueOf(SystemProperties.get(Constants.PERSIST_AM_COOKIE)).booleanValue()) {
            if (!utilDebug.messageEnabled()) {
                return true;
            }
            utilDebug.message("AuthUtils.persistAMCookie(): Set globally ");
            return true;
        }
        boolean z = false;
        String str = (String) hashtable.get(Constants.PERSIST_AM_COOKIE);
        if (Boolean.valueOf(SystemProperties.get(Constants.ALLOW_PERSIST_AM_COOKIE)).booleanValue() && str != null) {
            z = Boolean.valueOf(str).booleanValue();
        }
        if (utilDebug.messageEnabled()) {
            utilDebug.message("AuthUtils.persistAMCookie(): " + z);
        }
        return z;
    }

    public static boolean forceAuthFlagExists(Hashtable hashtable) {
        boolean booleanValue = Boolean.valueOf((String) hashtable.get(AuthSchemeCondition.FORCE_AUTH_ADVICE)).booleanValue();
        if (utilDebug.messageEnabled()) {
            utilDebug.message("AuthUtils.forceFlagExists : " + booleanValue);
        }
        if (!booleanValue && hashtable.get("sunamcompositeadvice") != null) {
            booleanValue = checkForForcedAuth((String) hashtable.get("sunamcompositeadvice"));
        }
        return booleanValue;
    }

    public static boolean checkForForcedAuth(String str) {
        boolean z = false;
        try {
            String decode = URLDecoder.decode(str);
            Map parseAdvicesXML = PolicyUtils.parseAdvicesXML(decode);
            if (utilDebug.messageEnabled()) {
                utilDebug.message("AuthUtils.checkForForcedAuth : decoded XML = " + decode);
                utilDebug.message("AuthUtils.checkForForcedAuth : result Map = " + parseAdvicesXML);
            }
            if (parseAdvicesXML != null) {
                if (parseAdvicesXML.containsKey(AuthSchemeCondition.FORCE_AUTH_ADVICE)) {
                    z = true;
                }
            }
        } catch (PolicyException e) {
            utilDebug.error("AuthUtils.checkForForcedAuth : Error in Policy  XML parsing ", e);
        }
        if (utilDebug.messageEnabled()) {
            utilDebug.message("AuthUtils.checkForForcedAuth: returnForcedAuth= " + z);
        }
        return z;
    }

    public static String getServiceURI() {
        return SystemProperties.isServerMode() ? SystemProperties.get("com.iplanet.am.services.deploymentDescriptor") : SystemProperties.get(Constants.AM_DISTAUTH_DEPLOYMENT_DESCRIPTOR);
    }

    public static void setHostUrlCookie(HttpServletResponse httpServletResponse) {
        if (isSessionHijackingEnabled) {
            String str = null;
            try {
                String serverFromID = WebtopNaming.getServerFromID(WebtopNaming.getSiteID(WebtopNaming.getAMServerID()));
                str = serverFromID.substring(0, serverFromID.length() - SystemProperties.get("com.iplanet.am.services.deploymentDescriptor").length());
            } catch (ServerEntryNotFoundException e) {
                utilDebug.message("AuthClientUtils.setHostUrlCookie:", e);
            }
            if (str == null || str.length() == 0) {
                str = SystemProperties.get("com.iplanet.am.server.protocol") + ISAuthConstants.URL_SEPARATOR + SystemProperties.get("com.iplanet.am.server.host") + ":" + SystemProperties.get("com.iplanet.am.server.port");
            }
            if (utilDebug.messageEnabled()) {
                utilDebug.message("AuthClientUtils.setHostUrlCookie: hostUrlCookieName = " + hostUrlCookieName + ", hostUrlCookieDomain = " + hostUrlCookieDomain + ", hostUrlCookieValue = " + str);
            }
            try {
                CookieUtils.addCookieToResponse(httpServletResponse, createCookie(hostUrlCookieName, str, hostUrlCookieDomain));
            } catch (Exception e2) {
                utilDebug.message("AuthClientUtils.setHostUrlCookie:", e2);
            }
        }
    }

    public static void clearHostUrlCookie(HttpServletResponse httpServletResponse) {
        if (isSessionHijackingEnabled) {
            try {
                Cookie createCookie = createCookie(hostUrlCookieName, "LOGOUT", hostUrlCookieDomain);
                createCookie.setMaxAge(0);
                httpServletResponse.addCookie(createCookie);
            } catch (Exception e) {
                utilDebug.message("AuthClientUtils.clearHostUrlCookie:", e);
            }
        }
    }

    public static boolean isDistAuthServerTrusted(String str) {
        return distAuthClusterList.contains(str);
    }

    public static String getResourceURL(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter(ISAuthConstants.RESOURCE_URL_PARAM);
        if (parameter == null) {
            parameter = httpServletRequest.getParameter("goto");
        }
        return parameter;
    }

    public static Map getEnvMap(HttpServletRequest httpServletRequest) {
        HashMap hashMap = new HashMap();
        String clientIPAddress = ClientUtils.getClientIPAddress(httpServletRequest);
        if (clientIPAddress != null) {
            HashSet hashSet = new HashSet(1);
            hashSet.add(clientIPAddress);
            hashMap.put("requestIp", hashSet);
        }
        Enumeration parameterNames = httpServletRequest.getParameterNames();
        while (parameterNames.hasMoreElements()) {
            String str = (String) parameterNames.nextElement();
            String[] parameterValues = httpServletRequest.getParameterValues(str);
            if (parameterValues != null) {
                HashSet hashSet2 = new HashSet();
                for (String str2 : parameterValues) {
                    hashSet2.add(str2);
                }
                if (!hashSet2.isEmpty()) {
                    hashMap.put(str, hashSet2);
                }
            }
        }
        Enumeration headerNames = httpServletRequest.getHeaderNames();
        if (headerNames != null) {
            while (headerNames.hasMoreElements()) {
                String str3 = (String) headerNames.nextElement();
                Enumeration headers = httpServletRequest.getHeaders(str3);
                HashSet hashSet3 = new HashSet();
                while (headers.hasMoreElements()) {
                    hashSet3.add(headers.nextElement());
                }
                if (!hashSet3.isEmpty()) {
                    hashMap.put(str3, hashSet3);
                }
            }
        }
        return hashMap;
    }

    public static String unescapePipe(String str) {
        return str.replaceAll("&#124;", "|");
    }

    public static String escapePipe(String str) {
        int indexOf = str.indexOf("|");
        if (indexOf != -1) {
            StringBuilder sb = new StringBuilder();
            int i = 0;
            if (str != null) {
                i = str.length();
            }
            sb.append(str.substring(0, indexOf));
            while (indexOf < i) {
                if (str.charAt(indexOf) == '|') {
                    sb.append("&#124;");
                } else {
                    sb.append(str.charAt(indexOf));
                }
                indexOf++;
            }
            str = sb.toString();
        }
        return str;
    }

    public static String getDataFromRealmQualifiedData(String str) {
        String str2 = null;
        if (str != null && str.length() != 0) {
            int indexOf = str.indexOf(":");
            str2 = indexOf != -1 ? str.substring(indexOf + 1).trim() : str;
        }
        if (utilDebug.messageEnabled()) {
            utilDebug.message("realmQualifedData : " + str);
            utilDebug.message("DataFromRealmQualifiedData : " + str2);
        }
        return str2;
    }

    public static boolean isZeroPageLoginAllowed(ZeroPageLoginConfig zeroPageLoginConfig, HttpServletRequest httpServletRequest) {
        if (!"POST".equalsIgnoreCase(httpServletRequest.getMethod()) && !zeroPageLoginConfig.isEnabled()) {
            return false;
        }
        String header = httpServletRequest.getHeader("Referer");
        Set<String> refererWhitelist = zeroPageLoginConfig.getRefererWhitelist();
        return header == null ? zeroPageLoginConfig.isAllowedWithoutReferer() : refererWhitelist.isEmpty() || refererWhitelist.contains(header);
    }

    private static String getCharDecodedField(String str, String str2) {
        if (str == null) {
            return "";
        }
        if (str2 == null || str2.isEmpty()) {
            str2 = "UTF-8";
        }
        try {
            int length = str.length();
            byte[] bArr = new byte[length];
            int i = 0;
            int i2 = 0;
            char[] charArray = str.toCharArray();
            while (i < length) {
                int i3 = i2;
                i2++;
                int i4 = i;
                i++;
                bArr[i3] = (byte) charArray[i4];
            }
            return new String(bArr, 0, i2, str2);
        } catch (Exception e) {
            utilDebug.error("AuthClientUtils.getCharDecodedField():", e);
            return str;
        }
    }

    private static void putDecodedValue(Map<String, String> map, String str, String str2, String str3) {
        if (str2 == null || str2.isEmpty()) {
            if (utilDebug.messageEnabled()) {
                utilDebug.message("AuthUtils::putDecodedValue the '" + str + "' value is null or empty'");
                return;
            }
            return;
        }
        String charDecodedField = getCharDecodedField(str2, str3);
        if (!charDecodedField.isEmpty()) {
            map.put(str, charDecodedField);
        } else if (utilDebug.messageEnabled()) {
            utilDebug.message("AuthUtils::putDecodedValue decoding with encoding '" + str3 + "' is empty");
        }
    }

    static {
        String str;
        String str2;
        serverURL = null;
        if (SystemProperties.get(AdminTokenAction.AMADMIN_MODE, "false").equalsIgnoreCase("false")) {
            clientDetector = new AMClientDetector();
            if (isClientDetectionEnabled()) {
                defaultClient = ClientsManager.getDefaultInstance();
            }
        }
        bundle = com.sun.identity.shared.locale.Locale.getInstallResourceBundle("amAuth");
        String str3 = SystemProperties.get(Constants.DISTAUTH_SERVER_PROTOCOL);
        if (str3 == null || str3.length() == 0) {
            str3 = SystemProperties.get("com.iplanet.am.server.protocol");
            str = SystemProperties.get("com.iplanet.am.server.host");
            str2 = SystemProperties.get("com.iplanet.am.server.port");
        } else {
            str = SystemProperties.get(Constants.DISTAUTH_SERVER_HOST);
            str2 = SystemProperties.get(Constants.DISTAUTH_SERVER_PORT);
        }
        serverURL = str3 + ISAuthConstants.URL_SEPARATOR + str + ":" + str2;
        if (distAuthCluster.length() != 0) {
            try {
                if (utilDebug.messageEnabled()) {
                    utilDebug.message("AuthClientUtils.static(): Cluster List is: " + distAuthCluster);
                }
                if (distAuthCluster.indexOf(",") != -1) {
                    StringTokenizer stringTokenizer = new StringTokenizer(distAuthCluster, ",");
                    while (stringTokenizer.hasMoreTokens()) {
                        distAuthClusterList.add(stringTokenizer.nextToken().trim());
                    }
                } else {
                    distAuthClusterList.add(distAuthCluster.trim());
                }
            } catch (Exception e) {
                utilDebug.error("AuthClientUtils.static(): " + e.toString());
            }
        }
        if (distAuthSites.length() != 0) {
            try {
                if (utilDebug.messageEnabled()) {
                    utilDebug.message("AuthClientUtils.static(): Dist Auth Site list is: " + distAuthSites);
                }
                if (distAuthSites.indexOf(",") != -1) {
                    StringTokenizer stringTokenizer2 = new StringTokenizer(distAuthSites, ",");
                    while (stringTokenizer2.hasMoreTokens()) {
                        String trim = stringTokenizer2.nextToken().trim();
                        if (trim.indexOf("=") != -1) {
                            String substring = trim.substring(0, trim.indexOf("="));
                            String substring2 = trim.substring(trim.indexOf("=") + 1);
                            Set<String> set = distAuthSitesMap.get(substring2);
                            if (set == null) {
                                set = new HashSet();
                            }
                            set.add(substring);
                            distAuthSitesMap.put(substring2, set);
                        } else if (utilDebug.messageEnabled()) {
                            utilDebug.message("AuthClientUtils.static(): invalid dist auth server entry: " + trim);
                        }
                    }
                } else if (distAuthSites.indexOf("=") != -1) {
                    String substring3 = distAuthSites.substring(0, distAuthSites.indexOf("="));
                    String substring4 = distAuthSites.substring(distAuthSites.indexOf("=") + 1);
                    HashSet hashSet = new HashSet();
                    hashSet.add(substring3);
                    distAuthSitesMap.put(substring4, hashSet);
                } else if (utilDebug.messageEnabled()) {
                    utilDebug.message("AuthClientUtils.static(): invalid dist auth server entry: " + distAuthSites);
                }
            } catch (Exception e2) {
                utilDebug.error("AuthClientUtils.static(): " + e2.toString());
            }
            if (utilDebug.messageEnabled()) {
                utilDebug.message("AuthClientUtils.static(): dist auth server to site: " + distAuthSitesMap);
            }
        }
        RETAINED_HTTP_REQUEST_HEADERS.addAll(getHeaderNameListForProperty(Constants.RETAINED_HTTP_REQUEST_HEADERS_LIST));
        RETAINED_HTTP_REQUEST_HEADERS.removeAll(getHeaderNameListForProperty(Constants.FORBIDDEN_TO_COPY_REQUEST_HEADERS));
        RETAINED_HTTP_HEADERS.addAll(getHeaderNameListForProperty(Constants.RETAINED_HTTP_HEADERS_LIST));
        RETAINED_HTTP_HEADERS.removeAll(getHeaderNameListForProperty(Constants.FORBIDDEN_TO_COPY_HEADERS));
        RETAINED_HTTP_HEADERS.add("set-cookie");
        if (utilDebug.messageEnabled()) {
            utilDebug.message("Retained request headers: " + RETAINED_HTTP_REQUEST_HEADERS);
            utilDebug.message("Retained response headers: " + RETAINED_HTTP_HEADERS);
        }
    }
}
