package com.sun.identity.saml2.meta;

import com.sun.identity.cot.COTException;
import com.sun.identity.cot.CircleOfTrustManager;
import com.sun.identity.plugin.configuration.ConfigurationException;
import com.sun.identity.plugin.configuration.ConfigurationInstance;
import com.sun.identity.plugin.configuration.ConfigurationManager;
import com.sun.identity.saml2.common.SAML2Constants;
import com.sun.identity.saml2.jaxb.entityconfig.AffiliationConfigElement;
import com.sun.identity.saml2.jaxb.entityconfig.AttributeAuthorityConfigElement;
import com.sun.identity.saml2.jaxb.entityconfig.AttributeQueryConfigElement;
import com.sun.identity.saml2.jaxb.entityconfig.AuthnAuthorityConfigElement;
import com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType;
import com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement;
import com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement;
import com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement;
import com.sun.identity.saml2.jaxb.entityconfig.XACMLAuthzDecisionQueryConfigElement;
import com.sun.identity.saml2.jaxb.entityconfig.XACMLPDPConfigElement;
import com.sun.identity.saml2.jaxb.metadata.AffiliationDescriptorType;
import com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement;
import com.sun.identity.saml2.jaxb.metadata.AuthnAuthorityDescriptorElement;
import com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement;
import com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement;
import com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement;
import com.sun.identity.saml2.jaxb.metadata.XACMLAuthzDecisionQueryDescriptorElement;
import com.sun.identity.saml2.jaxb.metadata.XACMLPDPDescriptorElement;
import com.sun.identity.saml2.jaxb.metadataextquery.AttributeQueryDescriptorElement;
import com.sun.identity.saml2.logging.LogUtil;
import com.sun.identity.shared.debug.Debug;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import javax.xml.bind.JAXBException;
import org.forgerock.openam.utils.CollectionUtils;
import org.forgerock.openam.utils.StringUtils;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.2.jar:com/sun/identity/saml2/meta/SAML2MetaManager.class */
public class SAML2MetaManager {
    private static final String ATTR_METADATA = "sun-fm-saml2-metadata";
    private static final String ATTR_ENTITY_CONFIG = "sun-fm-saml2-entityconfig";
    private static final String SUBCONFIG_ID = "EntityDescriptor";
    private static final int SUBCONFIG_PRIORITY = 0;
    private static Debug debug = SAML2MetaUtils.debug;
    private static CircleOfTrustManager cotmStatic;
    private static ConfigurationInstance configInstStatic;
    private static final String SAML2 = "SAML2";
    private CircleOfTrustManager cotm;
    private ConfigurationInstance configInst;
    private Object callerSession;
    public static final String NAME_META_ALIAS_IN_URI = "metaAlias";

    public SAML2MetaManager() throws SAML2MetaException {
        this.callerSession = null;
        this.configInst = configInstStatic;
        if (this.configInst == null) {
            throw new SAML2MetaException("null_config", null);
        }
        this.cotm = cotmStatic;
    }

    public SAML2MetaManager(Object obj) throws SAML2MetaException {
        this.callerSession = null;
        try {
            this.configInst = ConfigurationManager.getConfigurationInstance(SAML2, obj);
            this.cotm = new CircleOfTrustManager(obj);
            this.callerSession = obj;
        } catch (COTException e) {
            throw new SAML2MetaException("null_config", null);
        } catch (ConfigurationException e2) {
            throw new SAML2MetaException("null_config", null);
        }
    }

    public EntityDescriptorElement getEntityDescriptor(String str, String str2) throws SAML2MetaException {
        Set set;
        EntityDescriptorElement entityDescriptor;
        if (str2 == null) {
            return null;
        }
        if (str == null) {
            str = "/";
        }
        String[] strArr = {str2, str};
        if (this.callerSession == null && (entityDescriptor = SAML2MetaCache.getEntityDescriptor(str, str2)) != null) {
            if (debug.messageEnabled()) {
                debug.message("SAML2MetaManager.getEntityDescriptor: got descriptor from SAML2MetaCache " + str2);
            }
            LogUtil.access(Level.FINE, LogUtil.GOT_ENTITY_DESCRIPTOR, strArr, null);
            return entityDescriptor;
        }
        try {
            Map configuration = this.configInst.getConfiguration(str, str2);
            if (configuration == null || (set = (Set) configuration.get(ATTR_METADATA)) == null || set.isEmpty()) {
                return null;
            }
            Object convertStringToJAXB = SAML2MetaUtils.convertStringToJAXB((String) set.iterator().next());
            if (!(convertStringToJAXB instanceof EntityDescriptorElement)) {
                debug.error("SAML2MetaManager.getEntityDescriptor: invalid descriptor");
                LogUtil.error(Level.INFO, LogUtil.GOT_INVALID_ENTITY_DESCRIPTOR, strArr, null);
                throw new SAML2MetaException("invalid_descriptor", strArr);
            }
            EntityDescriptorElement entityDescriptorElement = (EntityDescriptorElement) convertStringToJAXB;
            SAML2MetaCache.putEntityDescriptor(str, str2, entityDescriptorElement);
            if (debug.messageEnabled()) {
                debug.message("SAML2MetaManager.getEntityDescriptor: got descriptor from SMS " + str2);
            }
            LogUtil.access(Level.FINE, LogUtil.GOT_ENTITY_DESCRIPTOR, strArr, null);
            return entityDescriptorElement;
        } catch (ConfigurationException e) {
            debug.error("SAML2MetaManager.getEntityDescriptor", e);
            LogUtil.error(Level.INFO, LogUtil.CONFIG_ERROR_GET_ENTITY_DESCRIPTOR, new String[]{e.getMessage(), str2, str}, null);
            throw new SAML2MetaException(e);
        } catch (JAXBException e2) {
            debug.error("SAML2MetaManager.getEntityDescriptor", e2);
            LogUtil.error(Level.INFO, LogUtil.GOT_INVALID_ENTITY_DESCRIPTOR, strArr, null);
            throw new SAML2MetaException("invalid_descriptor", strArr);
        }
    }

    public SPSSODescriptorElement getSPSSODescriptor(String str, String str2) throws SAML2MetaException {
        return SAML2MetaUtils.getSPSSODescriptor(getEntityDescriptor(str, str2));
    }

    public AttributeAuthorityDescriptorElement getAttributeAuthorityDescriptor(String str, String str2) throws SAML2MetaException {
        return SAML2MetaUtils.getAttributeAuthorityDescriptor(getEntityDescriptor(str, str2));
    }

    public AttributeQueryDescriptorElement getAttributeQueryDescriptor(String str, String str2) throws SAML2MetaException {
        return SAML2MetaUtils.getAttributeQueryDescriptor(getEntityDescriptor(str, str2));
    }

    public AuthnAuthorityDescriptorElement getAuthnAuthorityDescriptor(String str, String str2) throws SAML2MetaException {
        return SAML2MetaUtils.getAuthnAuthorityDescriptor(getEntityDescriptor(str, str2));
    }

    public XACMLPDPDescriptorElement getPolicyDecisionPointDescriptor(String str, String str2) throws SAML2MetaException {
        return SAML2MetaUtils.getPolicyDecisionPointDescriptor(getEntityDescriptor(str, str2));
    }

    public XACMLAuthzDecisionQueryDescriptorElement getPolicyEnforcementPointDescriptor(String str, String str2) throws SAML2MetaException {
        return SAML2MetaUtils.getPolicyEnforcementPointDescriptor(getEntityDescriptor(str, str2));
    }

    public IDPSSODescriptorElement getIDPSSODescriptor(String str, String str2) throws SAML2MetaException {
        return SAML2MetaUtils.getIDPSSODescriptor(getEntityDescriptor(str, str2));
    }

    public AffiliationDescriptorType getAffiliationDescriptor(String str, String str2) throws SAML2MetaException {
        EntityDescriptorElement entityDescriptor = getEntityDescriptor(str, str2);
        if (entityDescriptor == null) {
            return null;
        }
        return entityDescriptor.getAffiliationDescriptor();
    }

    public void setEntityDescriptor(String str, EntityDescriptorElement entityDescriptorElement) throws SAML2MetaException {
        String entityID = entityDescriptorElement.getEntityID();
        if (entityID == null) {
            debug.error("SAML2MetaManager.setEntityDescriptor: entity ID is null");
            LogUtil.error(Level.INFO, LogUtil.NO_ENTITY_ID_SET_ENTITY_DESCRIPTOR, new String[]{str}, null);
            throw new SAML2MetaException("empty_entityid", null);
        }
        if (str == null) {
            str = "/";
        }
        String[] strArr = {entityID, str};
        try {
            Map convertJAXBToAttrMap = SAML2MetaUtils.convertJAXBToAttrMap(ATTR_METADATA, entityDescriptorElement);
            Map configuration = this.configInst.getConfiguration(str, entityID);
            configuration.put(ATTR_METADATA, convertJAXBToAttrMap.get(ATTR_METADATA));
            this.configInst.setConfiguration(str, entityID, configuration);
            SAML2MetaCache.putEntityDescriptor(str, entityID, entityDescriptorElement);
            if (debug.messageEnabled()) {
                debug.message("SAML2MetaManager.setEntityDescriptor: saved entity descriptor for " + entityID);
            }
            LogUtil.access(Level.INFO, LogUtil.SET_ENTITY_DESCRIPTOR, strArr, null);
        } catch (ConfigurationException e) {
            debug.error("SAML2MetaManager.setEntityDescriptor:", e);
            LogUtil.error(Level.INFO, LogUtil.CONFIG_ERROR_SET_ENTITY_DESCRIPTOR, new String[]{e.getMessage(), entityID, str}, null);
            throw new SAML2MetaException(e);
        } catch (JAXBException e2) {
            debug.error("SAML2MetaManager.setEntityDescriptor:", e2);
            LogUtil.error(Level.INFO, LogUtil.SET_INVALID_ENTITY_DESCRIPTOR, strArr, null);
            throw new SAML2MetaException("invalid_descriptor", strArr);
        }
    }

    public void createEntityDescriptor(String str, EntityDescriptorElement entityDescriptorElement) throws SAML2MetaException {
        debug.message("SAML2MetaManager.createEntityDescriptor: called.");
        createEntity(str, entityDescriptorElement, null);
    }

    public void createEntity(String str, EntityDescriptorElement entityDescriptorElement, EntityConfigElement entityConfigElement) throws SAML2MetaException {
        debug.message("SAML2MetaManager.createEntity: called.");
        if (entityDescriptorElement == null && entityConfigElement == null) {
            debug.error("SAML2metaManager.createEntity: no meta to import.");
            return;
        }
        String entityID = entityDescriptorElement != null ? entityDescriptorElement.getEntityID() : entityConfigElement.getEntityID();
        if (str == null) {
            str = "/";
        }
        if (entityID == null) {
            debug.error("SAML2MetaManager.createEntity: entity ID is null");
            LogUtil.error(Level.INFO, LogUtil.NO_ENTITY_ID_CREATE_ENTITY_DESCRIPTOR, new String[]{str}, null);
            throw new SAML2MetaException("empty_entityid", null);
        }
        if (debug.messageEnabled()) {
            debug.message("SAML2MetaManager.createEntity: realm=" + str + ", entityId=" + entityID);
        }
        String[] strArr = {entityID, str};
        try {
            EntityDescriptorElement entityDescriptorElement2 = null;
            EntityConfigElement entityConfigElement2 = null;
            boolean z = true;
            Map map = null;
            Map configuration = this.configInst.getConfiguration(str, entityID);
            if (configuration != null) {
                Set set = (Set) configuration.get(ATTR_METADATA);
                if (set != null && !set.isEmpty()) {
                    Object convertStringToJAXB = SAML2MetaUtils.convertStringToJAXB((String) set.iterator().next());
                    if (convertStringToJAXB instanceof EntityDescriptorElement) {
                        entityDescriptorElement2 = (EntityDescriptorElement) convertStringToJAXB;
                        if (debug.messageEnabled()) {
                            debug.message("SAML2MetaManager.createEntity: got descriptor from SMS " + entityID);
                        }
                    }
                }
                Set set2 = (Set) configuration.get(ATTR_ENTITY_CONFIG);
                if (set2 != null && !set2.isEmpty()) {
                    Object convertStringToJAXB2 = SAML2MetaUtils.convertStringToJAXB((String) set2.iterator().next());
                    if (convertStringToJAXB2 instanceof EntityConfigElement) {
                        entityConfigElement2 = (EntityConfigElement) convertStringToJAXB2;
                        if (debug.messageEnabled()) {
                            debug.message("SAML2MetaManager.createEntity: got entity config from SMS " + entityID);
                        }
                    }
                }
            }
            if (entityDescriptorElement2 != null) {
                if (entityDescriptorElement != null) {
                    List roleDescriptorOrIDPSSODescriptorOrSPSSODescriptor = entityDescriptorElement2.getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor();
                    Set entityRolesTypes = getEntityRolesTypes(roleDescriptorOrIDPSSODescriptorOrSPSSODescriptor);
                    for (Object obj : entityDescriptorElement.getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor()) {
                        if (entityRolesTypes.contains(obj.getClass().getName())) {
                            debug.error("SAML2MetaManager.createEntity: current descriptor contains role " + obj.getClass().getName() + " already");
                            LogUtil.error(Level.INFO, LogUtil.SET_ENTITY_DESCRIPTOR, new String[]{entityID, str}, null);
                            throw new SAML2MetaException("role_already_exists", new String[]{entityID});
                        }
                        roleDescriptorOrIDPSSODescriptorOrSPSSODescriptor.add(obj);
                    }
                    configuration.put(ATTR_METADATA, SAML2MetaUtils.convertJAXBToAttrMap(ATTR_METADATA, entityDescriptorElement2).get(ATTR_METADATA));
                    z = false;
                }
            } else if (entityDescriptorElement != null) {
                map = SAML2MetaUtils.convertJAXBToAttrMap(ATTR_METADATA, entityDescriptorElement);
            }
            if (entityConfigElement != null) {
                if (entityDescriptorElement2 == null && entityDescriptorElement == null) {
                    debug.error("SAML2MetaManager.createEntity: entity descriptor is null: " + entityID);
                    LogUtil.error(Level.INFO, LogUtil.NO_ENTITY_DESCRIPTOR_CREATE_ENTITY_CONFIG, strArr, null);
                    throw new SAML2MetaException("entity_descriptor_not_exist", strArr);
                }
                if (entityConfigElement2 != null) {
                    List iDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig = entityConfigElement2.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
                    Set entityRolesTypes2 = getEntityRolesTypes(iDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig);
                    for (Object obj2 : entityConfigElement.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig()) {
                        if (entityRolesTypes2.contains(obj2.getClass().getName())) {
                            debug.error("SAML2MetaManager.createEntity: current entity config contains role " + obj2.getClass().getName() + " already");
                            LogUtil.error(Level.INFO, LogUtil.SET_ENTITY_CONFIG, new String[]{entityID, str}, null);
                            throw new SAML2MetaException("role_already_exists", new String[]{entityID});
                        }
                        iDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig.add(obj2);
                    }
                    configuration.put(ATTR_ENTITY_CONFIG, SAML2MetaUtils.convertJAXBToAttrMap(ATTR_ENTITY_CONFIG, entityConfigElement2).get(ATTR_ENTITY_CONFIG));
                    z = false;
                } else {
                    Map convertJAXBToAttrMap = SAML2MetaUtils.convertJAXBToAttrMap(ATTR_ENTITY_CONFIG, entityConfigElement);
                    if (configuration != null) {
                        configuration.put(ATTR_ENTITY_CONFIG, convertJAXBToAttrMap.get(ATTR_ENTITY_CONFIG));
                        z = false;
                    } else if (map != null) {
                        map.put(ATTR_ENTITY_CONFIG, convertJAXBToAttrMap.get(ATTR_ENTITY_CONFIG));
                    }
                }
            }
            if (z) {
                this.configInst.createConfiguration(str, entityID, map);
                if (entityDescriptorElement != null) {
                    SAML2MetaCache.putEntityDescriptor(str, entityID, entityDescriptorElement);
                    LogUtil.access(Level.INFO, LogUtil.ENTITY_DESCRIPTOR_CREATED, strArr, null);
                } else if (entityConfigElement != null) {
                    LogUtil.access(Level.INFO, LogUtil.ENTITY_CONFIG_CREATED, strArr, null);
                }
                if (entityConfigElement != null) {
                    SAML2MetaCache.putEntityConfig(str, entityID, entityConfigElement);
                    addToCircleOfTrust(str, entityID, entityConfigElement);
                }
            } else {
                this.configInst.setConfiguration(str, entityID, configuration);
                if (entityDescriptorElement != null) {
                    LogUtil.access(Level.INFO, LogUtil.SET_ENTITY_DESCRIPTOR, strArr, null);
                    SAML2MetaCache.putEntityDescriptor(str, entityID, entityDescriptorElement2);
                } else if (entityConfigElement != null) {
                    LogUtil.access(Level.INFO, LogUtil.SET_ENTITY_CONFIG, strArr, null);
                }
                if (entityConfigElement2 != null) {
                    SAML2MetaCache.putEntityConfig(str, entityID, entityConfigElement2);
                } else if (entityConfigElement != null) {
                    SAML2MetaCache.putEntityConfig(str, entityID, entityConfigElement);
                    addToCircleOfTrust(str, entityID, entityConfigElement);
                }
            }
        } catch (ConfigurationException e) {
            debug.error("SAML2MetaManager.createEntity:", e);
            LogUtil.error(Level.INFO, LogUtil.CONFIG_ERROR_CREATE_ENTITY_DESCRIPTOR, new String[]{e.getMessage(), entityID, str}, null);
            throw new SAML2MetaException(e);
        } catch (JAXBException e2) {
            debug.error("SAML2MetaManager.createEntity:", e2);
            LogUtil.error(Level.INFO, LogUtil.CREATE_INVALID_ENTITY_DESCRIPTOR, strArr, null);
            throw new SAML2MetaException("invalid_descriptor", strArr);
        }
    }

    private static Set getEntityRolesTypes(Collection collection) {
        HashSet hashSet = new HashSet();
        Iterator it = collection.iterator();
        while (it.hasNext()) {
            hashSet.add(it.next().getClass().getName());
        }
        return hashSet;
    }

    public void deleteEntityDescriptor(String str, String str2) throws SAML2MetaException {
        if (str2 == null) {
            return;
        }
        if (str == null) {
            str = "/";
        }
        String[] strArr = {str2, str};
        try {
            removeFromCircleOfTrust(str, str2);
            this.configInst.deleteConfiguration(str, str2, null);
            LogUtil.access(Level.INFO, LogUtil.ENTITY_DESCRIPTOR_DELETED, strArr, null);
            SAML2MetaCache.putEntityDescriptor(str, str2, null);
        } catch (ConfigurationException e) {
            debug.error("SAML2MetaManager.deleteEntityDescriptor:", e);
            LogUtil.error(Level.INFO, LogUtil.CONFIG_ERROR_DELETE_ENTITY_DESCRIPTOR, new String[]{e.getMessage(), str2, str}, null);
            throw new SAML2MetaException(e);
        }
    }

    public EntityConfigElement getEntityConfig(String str, String str2) throws SAML2MetaException {
        Set set;
        EntityConfigElement entityConfig;
        if (str2 == null) {
            return null;
        }
        if (str == null) {
            str = "/";
        }
        String[] strArr = {str2, str};
        if (this.callerSession == null && (entityConfig = SAML2MetaCache.getEntityConfig(str, str2)) != null) {
            if (debug.messageEnabled()) {
                debug.message("SAML2MetaManager.getEntityConfig: got entity config from SAML2MetaCache: " + str2);
            }
            LogUtil.access(Level.FINE, LogUtil.GOT_ENTITY_CONFIG, strArr, null);
            return entityConfig;
        }
        try {
            Map configuration = this.configInst.getConfiguration(str, str2);
            if (configuration == null || (set = (Set) configuration.get(ATTR_ENTITY_CONFIG)) == null || set.isEmpty()) {
                return null;
            }
            Object convertStringToJAXB = SAML2MetaUtils.convertStringToJAXB((String) set.iterator().next());
            if (!(convertStringToJAXB instanceof EntityConfigElement)) {
                debug.error("SAML2MetaManager.getEntityConfig: invalid config");
                LogUtil.error(Level.INFO, LogUtil.GOT_INVALID_ENTITY_CONFIG, strArr, null);
                throw new SAML2MetaException("invalid_config", strArr);
            }
            EntityConfigElement entityConfigElement = (EntityConfigElement) convertStringToJAXB;
            if (debug.messageEnabled()) {
                debug.message("SAML2MetaManager.getEntityConfig: got entity config from SMS: " + str2);
            }
            SAML2MetaCache.putEntityConfig(str, str2, entityConfigElement);
            LogUtil.access(Level.FINE, LogUtil.GOT_ENTITY_CONFIG, strArr, null);
            return entityConfigElement;
        } catch (ConfigurationException e) {
            debug.error("SAML2MetaManager.getEntityConfig:", e);
            LogUtil.error(Level.INFO, LogUtil.CONFIG_ERROR_GET_ENTITY_CONFIG, new String[]{e.getMessage(), str2, str}, null);
            throw new SAML2MetaException(e);
        } catch (JAXBException e2) {
            debug.error("SAML2MetaManager.getEntityConfig:", e2);
            LogUtil.error(Level.INFO, LogUtil.GOT_INVALID_ENTITY_CONFIG, strArr, null);
            throw new SAML2MetaException("invalid_config", strArr);
        }
    }

    public SPSSOConfigElement getSPSSOConfig(String str, String str2) throws SAML2MetaException {
        EntityConfigElement entityConfig = getEntityConfig(str, str2);
        if (entityConfig == null) {
            return null;
        }
        for (Object obj : entityConfig.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig()) {
            if (obj instanceof SPSSOConfigElement) {
                return (SPSSOConfigElement) obj;
            }
        }
        return null;
    }

    public XACMLPDPConfigElement getPolicyDecisionPointConfig(String str, String str2) throws SAML2MetaException {
        XACMLPDPConfigElement xACMLPDPConfigElement = null;
        EntityConfigElement entityConfig = getEntityConfig(str, str2);
        if (entityConfig != null) {
            Iterator it = entityConfig.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig().iterator();
            while (it.hasNext() && xACMLPDPConfigElement == null) {
                Object next = it.next();
                if (next instanceof XACMLPDPConfigElement) {
                    xACMLPDPConfigElement = (XACMLPDPConfigElement) next;
                }
            }
        }
        return xACMLPDPConfigElement;
    }

    public XACMLAuthzDecisionQueryConfigElement getPolicyEnforcementPointConfig(String str, String str2) throws SAML2MetaException {
        XACMLAuthzDecisionQueryConfigElement xACMLAuthzDecisionQueryConfigElement = null;
        EntityConfigElement entityConfig = getEntityConfig(str, str2);
        if (entityConfig != null) {
            Iterator it = entityConfig.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig().iterator();
            while (it.hasNext() && xACMLAuthzDecisionQueryConfigElement == null) {
                Object next = it.next();
                if (next instanceof XACMLAuthzDecisionQueryConfigElement) {
                    xACMLAuthzDecisionQueryConfigElement = (XACMLAuthzDecisionQueryConfigElement) next;
                }
            }
        }
        return xACMLAuthzDecisionQueryConfigElement;
    }

    public IDPSSOConfigElement getIDPSSOConfig(String str, String str2) throws SAML2MetaException {
        EntityConfigElement entityConfig = getEntityConfig(str, str2);
        if (entityConfig == null) {
            return null;
        }
        for (Object obj : entityConfig.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig()) {
            if (obj instanceof IDPSSOConfigElement) {
                return (IDPSSOConfigElement) obj;
            }
        }
        return null;
    }

    public AttributeAuthorityConfigElement getAttributeAuthorityConfig(String str, String str2) throws SAML2MetaException {
        EntityConfigElement entityConfig = getEntityConfig(str, str2);
        if (entityConfig == null) {
            return null;
        }
        for (Object obj : entityConfig.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig()) {
            if (obj instanceof AttributeAuthorityConfigElement) {
                return (AttributeAuthorityConfigElement) obj;
            }
        }
        return null;
    }

    public AttributeQueryConfigElement getAttributeQueryConfig(String str, String str2) throws SAML2MetaException {
        EntityConfigElement entityConfig = getEntityConfig(str, str2);
        if (entityConfig == null) {
            return null;
        }
        for (Object obj : entityConfig.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig()) {
            if (obj instanceof AttributeQueryConfigElement) {
                return (AttributeQueryConfigElement) obj;
            }
        }
        return null;
    }

    public AuthnAuthorityConfigElement getAuthnAuthorityConfig(String str, String str2) throws SAML2MetaException {
        EntityConfigElement entityConfig = getEntityConfig(str, str2);
        if (entityConfig == null) {
            return null;
        }
        for (Object obj : entityConfig.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig()) {
            if (obj instanceof AuthnAuthorityConfigElement) {
                return (AuthnAuthorityConfigElement) obj;
            }
        }
        return null;
    }

    public AffiliationConfigElement getAffiliationConfig(String str, String str2) throws SAML2MetaException {
        EntityConfigElement entityConfig = getEntityConfig(str, str2);
        if (entityConfig == null) {
            return null;
        }
        return (AffiliationConfigElement) entityConfig.getAffiliationConfig();
    }

    public void setEntityConfig(String str, EntityConfigElement entityConfigElement) throws SAML2MetaException {
        String entityID = entityConfigElement.getEntityID();
        if (entityID == null) {
            debug.error("SAML2MetaManager.setEntityConfig: entity ID is null");
            LogUtil.error(Level.INFO, LogUtil.NO_ENTITY_ID_SET_ENTITY_CONFIG, new String[]{str}, null);
            throw new SAML2MetaException("empty_entityid", null);
        }
        if (str == null) {
            str = "/";
        }
        String[] strArr = {entityID, str};
        try {
            Map convertJAXBToAttrMap = SAML2MetaUtils.convertJAXBToAttrMap(ATTR_ENTITY_CONFIG, entityConfigElement);
            Map configuration = this.configInst.getConfiguration(str, entityID);
            configuration.put(ATTR_ENTITY_CONFIG, convertJAXBToAttrMap.get(ATTR_ENTITY_CONFIG));
            this.configInst.setConfiguration(str, entityID, configuration);
            SAML2MetaCache.putEntityConfig(str, entityID, entityConfigElement);
            if (debug.messageEnabled()) {
                debug.message("SAML2MetaManager.setEntityConfig: saved entity config for " + entityID);
            }
            LogUtil.access(Level.INFO, LogUtil.SET_ENTITY_CONFIG, strArr, null);
        } catch (ConfigurationException e) {
            debug.error("SAML2MetaManager.setEntityConfig:", e);
            LogUtil.error(Level.INFO, LogUtil.CONFIG_ERROR_SET_ENTITY_CONFIG, new String[]{e.getMessage(), entityID, str}, null);
            throw new SAML2MetaException(e);
        } catch (JAXBException e2) {
            debug.error("SAML2MetaManager.setEntityConfig:", e2);
            LogUtil.error(Level.INFO, LogUtil.SET_INVALID_ENTITY_CONFIG, strArr, null);
            throw new SAML2MetaException("invalid_config", strArr);
        }
    }

    public void createEntityConfig(String str, EntityConfigElement entityConfigElement) throws SAML2MetaException {
        if (debug.messageEnabled()) {
            debug.message("SAML2MetaManager.creatEntityConfig: called.");
        }
        createEntity(str, null, entityConfigElement);
    }

    private void addToCircleOfTrust(String str, String str2, EntityConfigElement entityConfigElement) {
        if (entityConfigElement != null) {
            try {
                List<String> list = SAML2MetaUtils.getAttributes((BaseConfigType) entityConfigElement.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig().iterator().next()).get("cotlist");
                if (CollectionUtils.isNotEmpty(list)) {
                    Iterator<String> it = list.iterator();
                    while (it.hasNext()) {
                        String trim = it.next().trim();
                        if (StringUtils.isNotEmpty(trim)) {
                            this.cotm.addCircleOfTrustMember(str, trim, "saml2", str2, false);
                        }
                    }
                }
            } catch (Exception e) {
                debug.error("SAML2MetaManager.addToCircleOfTrust: Error while adding entity " + str2 + " to COT.", e);
            }
        }
    }

    public void deleteEntityConfig(String str, String str2) throws SAML2MetaException {
        if (str2 == null) {
            return;
        }
        if (str == null) {
            str = "/";
        }
        String[] strArr = {str2, str};
        try {
            Set set = (Set) this.configInst.getConfiguration(str, str2).get(ATTR_ENTITY_CONFIG);
            if (set == null || set.isEmpty()) {
                LogUtil.error(Level.INFO, LogUtil.NO_ENTITY_DESCRIPTOR_DELETE_ENTITY_CONFIG, strArr, null);
                throw new SAML2MetaException("entity_config_not_exist", strArr);
            }
            removeFromCircleOfTrust(str, str2);
            HashSet hashSet = new HashSet();
            hashSet.add(ATTR_ENTITY_CONFIG);
            this.configInst.deleteConfiguration(str, str2, hashSet);
            LogUtil.access(Level.INFO, LogUtil.ENTITY_CONFIG_DELETED, strArr, null);
            SAML2MetaCache.putEntityConfig(str, str2, null);
        } catch (ConfigurationException e) {
            debug.error("SAML2MetaManager.deleteEntityConfig:", e);
            LogUtil.error(Level.INFO, LogUtil.CONFIG_ERROR_DELETE_ENTITY_CONFIG, new String[]{e.getMessage(), str2, str}, null);
            throw new SAML2MetaException(e);
        }
    }

    private void removeFromCircleOfTrust(String str, String str2) {
        List iDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig;
        try {
            EntityConfigElement entityConfig = getEntityConfig(str, str2);
            boolean z = false;
            if (getAffiliationDescriptor(str, str2) != null) {
                z = true;
            }
            if (debug.messageEnabled()) {
                debug.message("SAML2MetaManager.removeFromCircleOfTrust is " + str2 + " in realm " + str + " an affiliation? " + z);
            }
            if (entityConfig != null) {
                if (z) {
                    AffiliationConfigElement affiliationConfig = getAffiliationConfig(str, str2);
                    iDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig = new ArrayList();
                    iDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig.add(affiliationConfig);
                } else {
                    iDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig = entityConfig.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
                }
                ArrayList arrayList = new ArrayList(SAML2MetaUtils.getAttributes((BaseConfigType) iDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig.iterator().next()).get("cotlist"));
                if (arrayList != null && !arrayList.isEmpty()) {
                    Iterator it = arrayList.iterator();
                    while (it.hasNext()) {
                        String trim = ((String) it.next()).trim();
                        if (trim != null && !trim.equals("")) {
                            this.cotm.removeCircleOfTrustMember(str, trim, "saml2", str2, false);
                        }
                    }
                }
            }
        } catch (Exception e) {
            debug.error("SAML2MetaManager.removeFromCircleOfTrust:Error while removing entity" + str2 + "from COT.", e);
        }
    }

    public List getAllHostedEntities(String str) throws SAML2MetaException {
        ArrayList arrayList = new ArrayList();
        try {
            Set<String> allConfigurationNames = this.configInst.getAllConfigurationNames(str);
            if (allConfigurationNames != null && !allConfigurationNames.isEmpty()) {
                for (String str2 : allConfigurationNames) {
                    EntityConfigElement entityConfig = getEntityConfig(str, str2);
                    if (entityConfig != null && entityConfig.isHosted()) {
                        arrayList.add(str2);
                    }
                }
            }
            LogUtil.access(Level.FINE, LogUtil.GOT_ALL_HOSTED_ENTITIES, new String[]{str}, null);
            return arrayList;
        } catch (ConfigurationException e) {
            debug.error("SAML2MetaManager.getAllHostedEntities:", e);
            LogUtil.error(Level.INFO, LogUtil.CONFIG_ERROR_GET_ALL_HOSTED_ENTITIES, new String[]{e.getMessage(), str}, null);
            throw new SAML2MetaException(e);
        }
    }

    public List getAllHostedServiceProviderEntities(String str) throws SAML2MetaException {
        ArrayList arrayList = new ArrayList();
        for (String str2 : getAllHostedEntities(str)) {
            if (getSPSSODescriptor(str, str2) != null) {
                arrayList.add(str2);
            }
        }
        return arrayList;
    }

    public List getAllHostedPolicyDecisionPointEntities(String str) throws SAML2MetaException {
        return getHostedPolicyDecisionPointEntities(str, true);
    }

    public List getAllRemotePolicyDecisionPointEntities(String str) throws SAML2MetaException {
        return getHostedPolicyDecisionPointEntities(str, false);
    }

    private List getHostedPolicyDecisionPointEntities(String str, boolean z) throws SAML2MetaException {
        ArrayList arrayList = new ArrayList();
        for (String str2 : z ? getAllHostedEntities(str) : getAllRemoteEntities(str)) {
            if (getPolicyDecisionPointDescriptor(str, str2) != null) {
                arrayList.add(str2);
            }
        }
        return arrayList;
    }

    public List getAllHostedPolicyEnforcementPointEntities(String str) throws SAML2MetaException {
        return getAllPolicyEnforcementPointEntities(str, true);
    }

    public List getAllRemotePolicyEnforcementPointEntities(String str) throws SAML2MetaException {
        return getAllPolicyEnforcementPointEntities(str, false);
    }

    private List getAllPolicyEnforcementPointEntities(String str, boolean z) throws SAML2MetaException {
        ArrayList arrayList = new ArrayList();
        for (String str2 : z ? getAllHostedEntities(str) : getAllRemoteEntities(str)) {
            if (getPolicyEnforcementPointDescriptor(str, str2) != null) {
                arrayList.add(str2);
            }
        }
        return arrayList;
    }

    public List getAllHostedIdentityProviderEntities(String str) throws SAML2MetaException {
        ArrayList arrayList = new ArrayList();
        for (String str2 : getAllHostedEntities(str)) {
            if (getIDPSSODescriptor(str, str2) != null) {
                arrayList.add(str2);
            }
        }
        return arrayList;
    }

    public List getAllRemoteEntities(String str) throws SAML2MetaException {
        ArrayList arrayList = new ArrayList();
        String[] strArr = {str};
        try {
            Set<String> allConfigurationNames = this.configInst.getAllConfigurationNames(str);
            if (allConfigurationNames != null && !allConfigurationNames.isEmpty()) {
                for (String str2 : allConfigurationNames) {
                    EntityConfigElement entityConfig = getEntityConfig(str, str2);
                    if (entityConfig == null || !entityConfig.isHosted()) {
                        arrayList.add(str2);
                    }
                }
            }
            LogUtil.access(Level.FINE, LogUtil.GOT_ALL_REMOTE_ENTITIES, strArr, null);
            return arrayList;
        } catch (ConfigurationException e) {
            debug.error("SAML2MetaManager.getAllRemoteEntities:", e);
            LogUtil.error(Level.INFO, LogUtil.CONFIG_ERROR_GET_ALL_REMOTE_ENTITIES, new String[]{e.getMessage(), str}, null);
            throw new SAML2MetaException(e);
        }
    }

    public List getAllRemoteServiceProviderEntities(String str) throws SAML2MetaException {
        ArrayList arrayList = new ArrayList();
        for (String str2 : getAllRemoteEntities(str)) {
            if (getSPSSODescriptor(str, str2) != null) {
                arrayList.add(str2);
            }
        }
        return arrayList;
    }

    public List getAllRemoteIdentityProviderEntities(String str) throws SAML2MetaException {
        ArrayList arrayList = new ArrayList();
        for (String str2 : getAllRemoteEntities(str)) {
            if (getIDPSSODescriptor(str, str2) != null) {
                arrayList.add(str2);
            }
        }
        return arrayList;
    }

    public String getEntityByMetaAlias(String str) throws SAML2MetaException {
        String realmByMetaAlias = SAML2MetaUtils.getRealmByMetaAlias(str);
        try {
            Set<String> allConfigurationNames = this.configInst.getAllConfigurationNames(realmByMetaAlias);
            if (allConfigurationNames == null || allConfigurationNames.isEmpty()) {
                return null;
            }
            for (String str2 : allConfigurationNames) {
                EntityConfigElement entityConfig = getEntityConfig(realmByMetaAlias, str2);
                if (entityConfig != null && entityConfig.isHosted()) {
                    Iterator it = entityConfig.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig().iterator();
                    while (it.hasNext()) {
                        String metaAlias = ((BaseConfigType) it.next()).getMetaAlias();
                        if (metaAlias != null && metaAlias.equals(str)) {
                            return str2;
                        }
                    }
                }
            }
            return null;
        } catch (ConfigurationException e) {
            debug.error("SAML2MetaManager.getEntityByMetaAlias:", e);
            throw new SAML2MetaException(e);
        }
    }

    public List<String> getAllHostedMetaAliasesByRealm(String str) throws SAML2MetaException {
        ArrayList arrayList = new ArrayList();
        try {
            Set allConfigurationNames = this.configInst.getAllConfigurationNames(str);
            if (allConfigurationNames == null || allConfigurationNames.isEmpty()) {
                return arrayList;
            }
            Iterator it = allConfigurationNames.iterator();
            while (it.hasNext()) {
                EntityConfigElement entityConfig = getEntityConfig(str, (String) it.next());
                if (entityConfig != null && entityConfig.isHosted()) {
                    Iterator it2 = entityConfig.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig().iterator();
                    while (it2.hasNext()) {
                        String metaAlias = ((BaseConfigType) it2.next()).getMetaAlias();
                        if (metaAlias != null && !metaAlias.isEmpty()) {
                            arrayList.add(metaAlias);
                        }
                    }
                }
            }
            return arrayList;
        } catch (ConfigurationException e) {
            debug.error("SAML2MetaManager.getAllHostedMetaAliasesByRealm:", e);
            throw new SAML2MetaException(e);
        }
    }

    public String getRoleByMetaAlias(String str) throws SAML2MetaException {
        String metaAlias;
        String str2 = SAML2Constants.UNKNOWN_ROLE;
        String entityByMetaAlias = getEntityByMetaAlias(str);
        if (entityByMetaAlias != null) {
            String realmByMetaAlias = SAML2MetaUtils.getRealmByMetaAlias(str);
            IDPSSOConfigElement iDPSSOConfig = getIDPSSOConfig(realmByMetaAlias, entityByMetaAlias);
            SPSSOConfigElement sPSSOConfig = getSPSSOConfig(realmByMetaAlias, entityByMetaAlias);
            XACMLPDPConfigElement policyDecisionPointConfig = getPolicyDecisionPointConfig(realmByMetaAlias, entityByMetaAlias);
            XACMLAuthzDecisionQueryConfigElement policyEnforcementPointConfig = getPolicyEnforcementPointConfig(realmByMetaAlias, entityByMetaAlias);
            if (iDPSSOConfig != null) {
                String metaAlias2 = iDPSSOConfig.getMetaAlias();
                if (metaAlias2 != null && metaAlias2.equals(str)) {
                    str2 = SAML2Constants.IDP_ROLE;
                }
            } else if (sPSSOConfig != null) {
                String metaAlias3 = sPSSOConfig.getMetaAlias();
                if (metaAlias3 != null && metaAlias3.equals(str)) {
                    str2 = SAML2Constants.SP_ROLE;
                }
            } else if (policyDecisionPointConfig != null) {
                String metaAlias4 = policyDecisionPointConfig.getMetaAlias();
                if (metaAlias4 != null && metaAlias4.equals(str)) {
                    str2 = SAML2Constants.PDP_ROLE;
                }
            } else if (policyEnforcementPointConfig != null && (metaAlias = policyEnforcementPointConfig.getMetaAlias()) != null && metaAlias.equals(str)) {
                str2 = SAML2Constants.PEP_ROLE;
            }
        }
        return str2;
    }

    public List getAllHostedIdentityProviderMetaAliases(String str) throws SAML2MetaException {
        ArrayList arrayList = new ArrayList();
        Iterator it = getAllHostedIdentityProviderEntities(str).iterator();
        while (it.hasNext()) {
            IDPSSOConfigElement iDPSSOConfig = getIDPSSOConfig(str, (String) it.next());
            if (iDPSSOConfig != null) {
                arrayList.add(iDPSSOConfig.getMetaAlias());
            }
        }
        return arrayList;
    }

    public List getAllHostedServiceProviderMetaAliases(String str) throws SAML2MetaException {
        ArrayList arrayList = new ArrayList();
        Iterator it = getAllHostedServiceProviderEntities(str).iterator();
        while (it.hasNext()) {
            SPSSOConfigElement sPSSOConfig = getSPSSOConfig(str, (String) it.next());
            if (sPSSOConfig != null) {
                arrayList.add(sPSSOConfig.getMetaAlias());
            }
        }
        return arrayList;
    }

    public List getAllHostedPolicyDecisionPointMetaAliases(String str) throws SAML2MetaException {
        ArrayList arrayList = new ArrayList();
        Iterator it = getAllHostedPolicyDecisionPointEntities(str).iterator();
        while (it.hasNext()) {
            XACMLPDPConfigElement policyDecisionPointConfig = getPolicyDecisionPointConfig(str, (String) it.next());
            if (policyDecisionPointConfig != null) {
                arrayList.add(policyDecisionPointConfig.getMetaAlias());
            }
        }
        return arrayList;
    }

    public List getAllHostedPolicyEnforcementPointMetaAliases(String str) throws SAML2MetaException {
        ArrayList arrayList = new ArrayList();
        Iterator it = getAllHostedPolicyEnforcementPointEntities(str).iterator();
        while (it.hasNext()) {
            XACMLAuthzDecisionQueryConfigElement policyEnforcementPointConfig = getPolicyEnforcementPointConfig(str, (String) it.next());
            if (policyEnforcementPointConfig != null) {
                arrayList.add(policyEnforcementPointConfig.getMetaAlias());
            }
        }
        return arrayList;
    }

    public boolean isTrustedProvider(String str, String str2, String str3) throws SAML2MetaException {
        boolean z = false;
        SPSSOConfigElement sPSSOConfig = getSPSSOConfig(str, str2);
        if (sPSSOConfig != null) {
            z = isSameCircleOfTrust(sPSSOConfig, str, str3);
        }
        if (z) {
            return true;
        }
        IDPSSOConfigElement iDPSSOConfig = getIDPSSOConfig(str, str2);
        if (iDPSSOConfig != null) {
            return isSameCircleOfTrust(iDPSSOConfig, str, str3);
        }
        return false;
    }

    public boolean isTrustedXACMLProvider(String str, String str2, String str3, String str4) throws SAML2MetaException {
        boolean z = false;
        if (str4 != null) {
            if (str4.equals(SAML2Constants.PDP_ROLE)) {
                XACMLPDPConfigElement policyDecisionPointConfig = getPolicyDecisionPointConfig(str, str2);
                if (policyDecisionPointConfig != null) {
                    z = isSameCircleOfTrust(policyDecisionPointConfig, str, str3);
                }
            } else if (str4.equals(SAML2Constants.PEP_ROLE)) {
                z = isSameCircleOfTrust(getPolicyEnforcementPointConfig(str, str2), str, str3);
            }
        }
        return z;
    }

    private boolean isSameCircleOfTrust(BaseConfigType baseConfigType, String str, String str2) {
        if (baseConfigType == null) {
            return false;
        }
        try {
            List<String> list = SAML2MetaUtils.getAttributes(baseConfigType).get("cotlist");
            if (list == null || list.isEmpty()) {
                return false;
            }
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                if (this.cotm.isInCircleOfTrust(str, it.next(), "saml2", str2)) {
                    return true;
                }
            }
            return false;
        } catch (Exception e) {
            debug.error("SAML2MetaManager.isSameCircleOfTrust: Error while determining two entities are in the same COT.");
            return false;
        }
    }

    public Set getAllEntities(String str) throws SAML2MetaException {
        HashSet hashSet = new HashSet();
        String[] strArr = {str};
        try {
            Set allConfigurationNames = this.configInst.getAllConfigurationNames(str);
            if (allConfigurationNames != null && !allConfigurationNames.isEmpty()) {
                hashSet.addAll(allConfigurationNames);
            }
            LogUtil.access(Level.FINE, LogUtil.GOT_ALL_ENTITIES, strArr, null);
            return hashSet;
        } catch (ConfigurationException e) {
            debug.error("SAML2MetaManager.getAllEntities:", e);
            LogUtil.error(Level.INFO, LogUtil.CONFIG_ERROR_GET_ALL_ENTITIES, new String[]{e.getMessage(), str}, null);
            throw new SAML2MetaException(e);
        }
    }

    public void validateMetaAliasForNewEntity(String str, List<String> list) throws SAML2MetaException {
        if (null == list || list.isEmpty()) {
            return;
        }
        if (list.size() > 1 && new HashSet(list).size() < list.size()) {
            debug.error("SAML2MetaManager.validateMetaAliasForNewEntity:Duplicate metaAlias values provided in list:\n" + list);
            throw new SAML2MetaException("meta_alias_duplicate", new String[]{list.toString()});
        }
        List<String> allHostedMetaAliasesByRealm = getAllHostedMetaAliasesByRealm(str);
        if (allHostedMetaAliasesByRealm.isEmpty()) {
            return;
        }
        ArrayList arrayList = new ArrayList();
        for (String str2 : list) {
            if (allHostedMetaAliasesByRealm.contains(str2)) {
                arrayList.add(str2);
            }
        }
        if (arrayList.isEmpty()) {
            return;
        }
        StringBuilder sb = new StringBuilder();
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            sb.append((String) it.next());
            sb.append("\t");
        }
        debug.error("SAML2MetaManager.validateMetaAliasForNewEntity: metaAliases " + sb.toString() + " already exists in the realm: " + str);
        throw new SAML2MetaException("meta_alias_exists", new String[]{sb.toString(), str});
    }

    static {
        try {
            configInstStatic = ConfigurationManager.getConfigurationInstance(SAML2);
        } catch (ConfigurationException e) {
            debug.error("SAML2MetaManager constructor:", e);
        }
        if (configInstStatic != null) {
            try {
                configInstStatic.addListener(new SAML2MetaServiceListener());
            } catch (ConfigurationException e2) {
                debug.error("SAML2MetaManager.static: Unable to add ConfigurationListener for SAML2COT service.", e2);
            }
        }
        try {
            cotmStatic = new CircleOfTrustManager();
        } catch (COTException e3) {
            debug.error("SAML2MetaManager constructor:", e3);
        }
    }
}
