package com.sun.identity.saml.common;

import com.sun.identity.authentication.util.ISAuthConstants;
import com.sun.identity.common.PeriodicGroupRunnable;
import com.sun.identity.common.ScheduleableGroupAction;
import com.sun.identity.common.SystemConfigurationException;
import com.sun.identity.common.SystemConfigurationUtil;
import com.sun.identity.common.SystemTimerPool;
import com.sun.identity.common.TaskRunnable;
import com.sun.identity.common.TimerPool;
import com.sun.identity.federation.common.FSUtils;
import com.sun.identity.plugin.session.SessionException;
import com.sun.identity.plugin.session.SessionManager;
import com.sun.identity.plugin.session.SessionProvider;
import com.sun.identity.policy.PolicyManager;
import com.sun.identity.saml.SAMLClient;
import com.sun.identity.saml.assertion.Assertion;
import com.sun.identity.saml.assertion.Attribute;
import com.sun.identity.saml.assertion.AttributeStatement;
import com.sun.identity.saml.assertion.AudienceRestrictionCondition;
import com.sun.identity.saml.assertion.AuthenticationStatement;
import com.sun.identity.saml.assertion.Condition;
import com.sun.identity.saml.assertion.Conditions;
import com.sun.identity.saml.assertion.Statement;
import com.sun.identity.saml.assertion.Subject;
import com.sun.identity.saml.assertion.SubjectConfirmation;
import com.sun.identity.saml.assertion.SubjectStatement;
import com.sun.identity.saml.common.SAMLServiceManager;
import com.sun.identity.saml.plugins.PartnerAccountMapper;
import com.sun.identity.saml.protocol.AssertionArtifact;
import com.sun.identity.saml.protocol.Response;
import com.sun.identity.saml.servlet.POSTCleanUpRunnable;
import com.sun.identity.saml.xmlsig.XMLSignatureManager;
import com.sun.identity.shared.encode.Base64;
import com.sun.identity.shared.encode.URLEncDec;
import com.sun.identity.shared.xml.XMLUtils;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.PrintWriter;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.MessageDigest;
import java.text.StringCharacterIterator;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.soap.MimeHeader;
import javax.xml.soap.MimeHeaders;
import org.apache.batik.constants.XMLConstants;
import org.forgerock.openam.sdk.com.sun.jdmk.comm.HtmlDef;
import org.forgerock.openam.sdk.org.apache.xml.security.Init;
import org.forgerock.openam.sdk.org.apache.xml.security.c14n.Canonicalizer;
import org.forgerock.openam.utils.Time;
import org.w3c.dom.Attr;
import org.w3c.dom.Element;
import org.w3c.dom.NamedNodeMap;
import org.w3c.dom.Node;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.3.jar:com/sun/identity/saml/common/SAMLUtils.class */
public class SAMLUtils extends SAMLUtilsCommon {
    public static final String HTTP_MAX_CONTENT_LENGTH = "com.sun.identity.saml.request.maxContentLength";
    public static final int defaultMaxLength = 16384;
    private static final String ERROR_JSP = "/saml2/jsp/autosubmittingerror.jsp";
    private static int maxContentLength;
    private static TaskRunnable cGoThrough;
    private static TaskRunnable cPeriodic;
    private static Object ssoToken;
    public static final String DEFAULT_CONTENT_LENGTH = String.valueOf(16384);
    private static Map idTimeMap = Collections.synchronizedMap(new HashMap());

    private SAMLUtils() {
    }

    public static String generateAssertionID() {
        String generateID = generateID();
        if (generateID == null) {
            return null;
        }
        String str = null;
        try {
            str = SystemConfigurationUtil.getServerID(SAMLServiceManager.getServerProtocol(), SAMLServiceManager.getServerHost(), Integer.parseInt(SAMLServiceManager.getServerPort()), SAMLServiceManager.getServerURI());
        } catch (Exception e) {
            if (debug.messageEnabled()) {
                debug.message("SAMLUtil:generateAssertionID: exception obtain serverID:", e);
            }
        }
        return str == null ? generateID : generateID + str;
    }

    public static boolean checkQuery(Element element, String str) {
        String localName = element.getLocalName();
        if (localName == null) {
            return false;
        }
        if (!localName.equals("Query") && !localName.equals("SubjectQuery")) {
            return localName.equals(str);
        }
        NamedNodeMap attributes = element.getAttributes();
        int length = attributes.getLength();
        boolean z = false;
        int i = 0;
        while (true) {
            if (i < length) {
                Attr attr = (Attr) attributes.item(i);
                String localName2 = attr.getLocalName();
                if (localName2 != null && localName2.equals("type") && attr.getNodeValue().equals(str + "Type")) {
                    z = true;
                    break;
                }
                i++;
            } else {
                break;
            }
        }
        return z;
    }

    public static String generateSourceID(String str) {
        if (str == null || str.length() == 0) {
            debug.error("SAMLUtils.genrateSourceID: empty siteURL.");
            return null;
        }
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA");
            messageDigest.update(stringToByteArray(str));
            String str2 = null;
            try {
                str2 = Base64.encode(messageDigest.digest()).trim();
            } catch (Exception e) {
                debug.error("SAMLUtils.generateSourceID: Exception:", e);
            }
            return str2;
        } catch (Exception e2) {
            debug.error("SAMLUtils.generateSourceID: Exception when generating digest:", e2);
            return null;
        }
    }

    public static String generateAssertionHandle() {
        if (random == null) {
            return null;
        }
        byte[] bArr = new byte[20];
        random.nextBytes(bArr);
        String str = null;
        try {
            str = SystemConfigurationUtil.getServerID(SAMLServiceManager.getServerProtocol(), SAMLServiceManager.getServerHost(), Integer.parseInt(SAMLServiceManager.getServerPort()), SAMLServiceManager.getServerURI());
        } catch (Exception e) {
            if (debug.messageEnabled()) {
                debug.message("SAMLUtil:generateAssertionHandle: exception obtain serverID:", e);
            }
        }
        if (str != null) {
            byte[] stringToByteArray = stringToByteArray(str);
            if (stringToByteArray.length < bArr.length) {
                for (int i = 1; i <= stringToByteArray.length; i++) {
                    bArr[bArr.length - i] = stringToByteArray[stringToByteArray.length - i];
                }
            }
        }
        return byteArrayToString(bArr);
    }

    public static byte[] hexStringToByteArray(String str) {
        int length = str.length();
        byte[] bArr = new byte[length / 2];
        int i = 0;
        int i2 = 0;
        while (i < length) {
            bArr[i2] = new Short(Integer.toString(Integer.parseInt(str.substring(i, i + 2), 16))).byteValue();
            i = i + 1 + 1;
            i2++;
        }
        return bArr;
    }

    public static String hexStringToBase64(String str) {
        int length = str.length();
        byte[] bArr = new byte[length / 2];
        int i = 0;
        int i2 = 0;
        while (i < length) {
            bArr[i2] = new Short(Integer.toString(Integer.parseInt(str.substring(i, i + 2), 16))).byteValue();
            i = i + 1 + 1;
            i2++;
        }
        String str2 = null;
        try {
            str2 = Base64.encode(bArr).trim();
        } catch (Exception e) {
            if (debug.messageEnabled()) {
                debug.message("SAMLUtil:hexStringToBase64: exception encode input:", e);
            }
        }
        if (debug.messageEnabled()) {
            debug.message("base 64 source id is :" + str2);
        }
        return str2;
    }

    public static SAMLServiceManager.SOAPEntry getSourceSite(String str) {
        String issuer;
        if (str == null) {
            return null;
        }
        Map map = (Map) SAMLServiceManager.getAttribute(SAMLConstants.PARTNER_URLS);
        if (map == null) {
            debug.error("SAMLUtils.isOnPartnerURLList: PartnerURL list is null.");
            return null;
        }
        Iterator it = map.values().iterator();
        boolean z = false;
        SAMLServiceManager.SOAPEntry sOAPEntry = null;
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            sOAPEntry = (SAMLServiceManager.SOAPEntry) it.next();
            if (sOAPEntry != null && (issuer = sOAPEntry.getIssuer()) != null && issuer.equals(str)) {
                z = true;
                break;
            }
        }
        if (z) {
            return sOAPEntry;
        }
        return null;
    }

    public static void main(String[] strArr) {
        if (strArr.length != 1) {
            System.out.println("usage : java SAMLUtils <host_name>");
        } else {
            System.out.println(generateSourceID(strArr[0]));
        }
    }

    public static boolean isCorrectConfirmationMethod(SubjectConfirmation subjectConfirmation) {
        if (subjectConfirmation == null) {
            return false;
        }
        Set confirmationMethod = subjectConfirmation.getConfirmationMethod();
        if (confirmationMethod == null || confirmationMethod.size() != 1) {
            if (!debug.messageEnabled()) {
                return false;
            }
            debug.message("SAMLUtils.isCorrectConfirmationMethod: missing ConfirmationMethod in the Subject.");
            return false;
        }
        String str = (String) confirmationMethod.iterator().next();
        if (str != null && str.equals(SAMLConstants.CONFIRMATION_METHOD_IS)) {
            return true;
        }
        if (!debug.messageEnabled()) {
            return false;
        }
        debug.message("SAMLUtils.isCorrectConfirmationMethod: wrong ConfirmationMethod value.");
        return false;
    }

    public static boolean isAuthNAssertion(Assertion assertion) {
        if (assertion == null || !assertion.isTimeValid() || !assertion.isSignatureValid()) {
            return false;
        }
        Iterator it = assertion.getStatement().iterator();
        while (it.hasNext()) {
            if (((Statement) it.next()).getStatementType() == 1) {
                return true;
            }
        }
        return false;
    }

    public static byte[] stringToByteArray(String str) {
        char[] charArray = str.toCharArray();
        byte[] bArr = new byte[charArray.length];
        for (int i = 0; i < charArray.length; i++) {
            bArr[i] = (byte) charArray[i];
        }
        return bArr;
    }

    public static String getServerID(String str) {
        int length;
        if (str != null && (length = str.length()) >= 2) {
            return str.substring(length - 2, length);
        }
        return null;
    }

    public static String getServerURL(String str) {
        String serverID = getServerID(str);
        if (serverID == null) {
            return null;
        }
        if (debug.messageEnabled()) {
            debug.message("SAMLUtils.getServerURL: id=" + serverID);
        }
        try {
            String serverFromID = SystemConfigurationUtil.getServerFromID(serverID);
            String serverURL = SAMLServiceManager.getServerURL();
            if (debug.messageEnabled()) {
                debug.message("SAMLUtils.getServerURL: remoteUrl=" + serverFromID + ", thisUrl=" + serverURL);
            }
            if (serverFromID == null || serverURL == null || serverFromID.equalsIgnoreCase(serverURL)) {
                return null;
            }
            return serverFromID;
        } catch (SystemConfigurationException e) {
            if (!debug.messageEnabled()) {
                return null;
            }
            debug.message("SAMLUtils.getServerURL: ServerEntryNotFoundException for " + serverID);
            return null;
        }
    }

    public static String getFullServiceURL(String str) {
        String str2 = null;
        try {
            URL url = new URL(str);
            str2 = SystemConfigurationUtil.getServiceURL(SAMLConstants.SAML_AM_NAMING, url.getProtocol(), url.getHost(), url.getPort(), url.getPath()).toString();
            if (debug.messageEnabled()) {
                debug.message("SAMLUtils.getFullServiceURL:full remote URL is: " + str2);
            }
        } catch (Exception e) {
            if (debug.warningEnabled()) {
                debug.warning("SAMLUtils.getFullServiceURL:Exception:", e);
            }
        }
        return str2;
    }

    public static void addEnvParamsFromAssertion(Map map, Assertion assertion, Subject subject) {
        Set<Statement> statement = assertion.getStatement();
        if (statement == null || statement.isEmpty()) {
            return;
        }
        for (Statement statement2 : statement) {
            if (statement2.getStatementType() == 3 && subject.equals(((AttributeStatement) statement2).getSubject())) {
                for (Attribute attribute : ((AttributeStatement) statement2).getAttribute()) {
                    try {
                        List<Element> attributeValue = attribute.getAttributeValue();
                        String attributeName = attribute.getAttributeName();
                        ArrayList arrayList = null;
                        for (Element element : attributeValue) {
                            if (!XMLUtils.hasElementChild(element)) {
                                String elementValue = XMLUtils.getElementValue(element);
                                if (arrayList == null) {
                                    arrayList = new ArrayList();
                                }
                                arrayList.add(elementValue);
                            }
                        }
                        if (arrayList != null) {
                            if (debug.messageEnabled()) {
                                debug.message("SAMLUtils.addEnvParamsFromAssertion: attrName = " + attributeName + " attrValue = " + arrayList);
                            }
                            try {
                                map.put(attributeName, (String[]) arrayList.toArray(new String[arrayList.size()]));
                            } catch (Exception e) {
                                if (debug.messageEnabled()) {
                                    debug.message("SAMLUtils.addEnvParamsFromAssertion:", e);
                                }
                            }
                        } else if (debug.messageEnabled() && debug.messageEnabled()) {
                            debug.message("SAMLUtils.addEnvParamsFromAssertion: attrName = " + attributeName + " has no value");
                        }
                    } catch (Exception e2) {
                        debug.error("SAMLUtils.addEnvParamsFromAssertion: cannot obtain attribute value:", e2);
                    }
                }
            }
        }
    }

    public static int getMaxContentLength() {
        return maxContentLength;
    }

    public static void checkHTTPContentLength(HttpServletRequest httpServletRequest) throws ServletException {
        if (maxContentLength != 0) {
            int contentLength = httpServletRequest.getContentLength();
            if (debug.messageEnabled()) {
                debug.message("HttpRequest content length= " + contentLength);
            }
            if (contentLength > maxContentLength) {
                if (debug.messageEnabled()) {
                    debug.message("content length too large" + contentLength);
                }
                throw new ServletException(bundle.getString("largeContentLength"));
            }
        }
    }

    public static void postToTarget(HttpServletResponse httpServletResponse, PrintWriter printWriter, List list, String str, Map map) throws IOException {
        printWriter.println("<HTML>");
        printWriter.println("<HEAD>\n");
        printWriter.println("<TITLE>Access rights validated</TITLE>\n");
        printWriter.println("</HEAD>\n");
        printWriter.println("<BODY Onload=\"document.forms[0].submit()\">");
        if (debug.messageEnabled()) {
            printWriter.println("<H1>Access rights validated</H1>\n");
            printWriter.println("<meta http-equiv=\"refresh\" content=\"20\">\n");
            printWriter.println("<P>We have verified your access rights <STRONG></STRONG> according to the assertion shown below. \n");
            printWriter.println("You are being redirected to the resource.\n");
            printWriter.println("Please wait ......\n");
            printWriter.println("</P>\n");
            printWriter.println("<HR><P>\n");
            if (list != null) {
                Iterator it = list.iterator();
                while (it.hasNext()) {
                    printWriter.println(displayXML((String) it.next()));
                }
            }
            printWriter.println("</P>\n");
        }
        printWriter.println("<FORM METHOD=\"POST\" ACTION=\"" + str + "\">");
        if (list != null) {
            Iterator it2 = list.iterator();
            while (it2.hasNext()) {
                printWriter.println("<INPUT TYPE=\"HIDDEN\" NAME=\"ASSERTION\"");
                printWriter.println("VALUE=\"" + URLEncDec.encode((String) it2.next()) + "\">");
            }
        }
        if (map != null && !map.isEmpty()) {
            StringBuffer stringBuffer = new StringBuffer();
            for (Map.Entry entry : map.entrySet()) {
                String HTMLEncode = HTMLEncode((String) entry.getKey(), '\"');
                printWriter.println("<INPUT TYPE=\"HIDDEN\" NAME=\"" + HTMLEncode + "\" VALUE=\"" + HTMLEncode((String) entry.getValue(), '\"') + "\">");
                if (stringBuffer.length() > 0) {
                    stringBuffer.append(":");
                }
                stringBuffer.append(HTMLEncode);
            }
            printWriter.println("<INPUT TYPE=\"HIDDEN\" NAME=\"ATTRIBUTENAMES\" VALUE=\"" + ((Object) stringBuffer) + "\">");
        }
        printWriter.println("</FORM>");
        printWriter.println(HtmlDef.endPage);
        printWriter.close();
    }

    public static boolean postYN(String str) {
        Set set;
        debug.message("Inside postYN()");
        if (str == null || str.length() == 0 || (set = (Set) SAMLServiceManager.getAttribute(SAMLConstants.POST_TO_TARGET_URLS)) == null || set.size() == 0) {
            return false;
        }
        try {
            URL url = new URL(str);
            return set.contains(new StringBuffer(url.getHost().toLowerCase()).append(":").append(String.valueOf(url.getPort())).append("/").append(url.getPath()).toString());
        } catch (MalformedURLException e) {
            debug.error("SAMLUtils:postYN(): Malformed URL passed");
            return false;
        }
    }

    public static String HTMLEncode(String str, char c) {
        if (str == null) {
            return null;
        }
        int i = 0;
        StringBuffer stringBuffer = new StringBuffer();
        while (true) {
            int indexOf = str.indexOf(c, i);
            if (indexOf == -1) {
                stringBuffer.append(str.substring(i));
                return stringBuffer.toString();
            }
            stringBuffer.append(str.substring(i, indexOf)).append("&#" + ((int) c) + ";");
            i = indexOf + 1;
        }
    }

    public static String displayXML(String str) {
        debug.message("In displayXML ");
        StringCharacterIterator stringCharacterIterator = new StringCharacterIterator(str);
        StringBuffer stringBuffer = new StringBuffer();
        char first = stringCharacterIterator.first();
        while (true) {
            char c = first;
            if (c == 65535) {
                return stringBuffer.toString();
            }
            if (c == '>') {
                stringBuffer.append(XMLConstants.XML_ENTITY_GT);
            } else if (c == '<') {
                stringBuffer.append(XMLConstants.XML_ENTITY_LT);
            } else if (c == '\n') {
                stringBuffer.append("<BR>\n");
            } else {
                stringBuffer.append(c);
            }
            first = stringCharacterIterator.next();
        }
    }

    public static List getListOfAssertions(List list) {
        ArrayList arrayList = new ArrayList();
        if (list != null) {
            try {
                Iterator it = list.iterator();
                while (it.hasNext()) {
                    Element documentElement = XMLUtils.toDOMDocument((String) it.next(), debug).getDocumentElement();
                    if (documentElement != null) {
                        arrayList.add(new Assertion(documentElement));
                    }
                }
            } catch (Exception e) {
                if (debug.messageEnabled()) {
                    debug.message("SAMLUtils.getListOfAssertions : Exception : ", e);
                }
            }
        }
        return arrayList;
    }

    public static byte[] getResponseBytes(Response response) throws SAMLException {
        try {
            return response.toString(true, true, true).getBytes("UTF-8");
        } catch (UnsupportedEncodingException e) {
            if (debug.messageEnabled()) {
                debug.message("getResponseBytes : ", e);
            }
            throw new SAMLException(e.getMessage());
        }
    }

    public static Response getResponse(byte[] bArr) {
        Response response = null;
        if (bArr == null) {
            return null;
        }
        try {
            response = Response.parseXML(new ByteArrayInputStream(bArr));
        } catch (SAMLException e) {
            debug.error("getResponse : ", e);
        }
        return response;
    }

    public static boolean verifyResponse(Response response, String str, HttpServletRequest httpServletRequest) {
        if (!response.isSigned()) {
            debug.message("verifyResponse: Response is not signed");
            return false;
        }
        if (!response.isSignatureValid()) {
            debug.message("verifyResponse: Response's signature is invalid.");
            return false;
        }
        String recipient = response.getRecipient();
        if (recipient == null || recipient.length() == 0 || !(equalURL(recipient, str) || equalURL(recipient, getLBURL(str, httpServletRequest)))) {
            debug.error("verifyResponse : Incorrect Recipient.");
            return false;
        }
        if (response.getStatus().getStatusCode().getValue().endsWith(":Success")) {
            return true;
        }
        debug.error("verifyResponse : Incorrect StatusCode value.");
        return false;
    }

    private static String getLBURL(String str, HttpServletRequest httpServletRequest) {
        int indexOf;
        String header = httpServletRequest.getHeader("host");
        if (header != null && (indexOf = str.indexOf("//")) != -1) {
            StringBuffer stringBuffer = new StringBuffer(200);
            stringBuffer.append(str.substring(0, indexOf + 2)).append(header);
            String substring = str.substring(indexOf + 2, str.length());
            int indexOf2 = substring.indexOf("/");
            if (indexOf2 != -1) {
                stringBuffer.append(substring.substring(indexOf2, substring.length()));
            }
            if (debug.messageEnabled()) {
                debug.message("getLBURL: LBURL = " + stringBuffer.toString());
            }
            return stringBuffer.toString().trim();
        }
        return str;
    }

    public static List getStrAssertions(List list) {
        ArrayList arrayList = new ArrayList();
        if (list != null) {
            Iterator it = list.iterator();
            while (it.hasNext()) {
                arrayList.add(((Assertion) it.next()).toString(true, true));
            }
        }
        return arrayList;
    }

    public static boolean verifySignature(Response response) {
        if (response != null) {
            return response.isSigned() && response.isSignatureValid();
        }
        return true;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v33, types: [java.util.Map] */
    public static Map getAttributeMap(SAMLServiceManager.SOAPEntry sOAPEntry, List list, Subject subject, String str) throws Exception {
        String sourceID = sOAPEntry.getSourceID();
        String str2 = null;
        String str3 = null;
        HashMap hashMap = new HashMap();
        PartnerAccountMapper partnerAccountMapper = sOAPEntry.getPartnerAccountMapper();
        if (partnerAccountMapper != null) {
            Map user = partnerAccountMapper.getUser(list, sourceID, str);
            str2 = (String) user.get("name");
            str3 = (String) user.get("org");
            hashMap = (Map) user.get(PartnerAccountMapper.ATTRIBUTE);
        }
        if (hashMap == null) {
            hashMap = new HashMap();
        }
        hashMap.put(SAMLConstants.USER_NAME, str2);
        if (str3 == null || str3.length() == 0) {
            hashMap.put("realm", "/");
        } else {
            hashMap.put("realm", str3);
        }
        if (debug.messageEnabled()) {
            debug.message("getAttributeMap : name = " + str2 + ", realm=" + str3 + ", attrMap = " + hashMap);
        }
        return hashMap;
    }

    public static Map verifyAssertionAndGetSSMap(Response response) {
        Date notOnorAfter;
        Set confirmationMethod;
        Subject subject = null;
        SAMLServiceManager.SOAPEntry sOAPEntry = null;
        List<Assertion> assertion = response.getAssertion();
        for (Assertion assertion2 : assertion) {
            String assertionID = assertion2.getAssertionID();
            if (idTimeMap.containsKey(assertionID)) {
                debug.error("verifyAssertion AndGetSSMap: Assertion: " + assertionID + " is used.");
                return null;
            }
            SAMLServiceManager.SOAPEntry sourceSite = getSourceSite(assertion2.getIssuer());
            sOAPEntry = sourceSite;
            if (sourceSite == null) {
                debug.error("verifyAsserti onAndGetSSMap: issuer is not on the Partner list.");
                return null;
            }
            if (!assertion2.isSignatureValid()) {
                debug.error("verifyAssertion AndGetSSMap: assertion's signature is not valid.");
                return null;
            }
            if (!assertion2.isTimeValid()) {
                debug.error("verifyAssertion AndGetSSMap: assertion's time is not valid.");
                return null;
            }
            for (Statement statement : assertion2.getStatement()) {
                int statementType = statement.getStatementType();
                if (statementType == 1 || statementType == 3 || statementType == 2) {
                    Subject subject2 = ((SubjectStatement) statement).getSubject();
                    SubjectConfirmation subjectConfirmation = subject2.getSubjectConfirmation();
                    if (subjectConfirmation == null || (confirmationMethod = subjectConfirmation.getConfirmationMethod()) == null || confirmationMethod.size() != 1) {
                        debug.error("verify AssertionAndGetSSMap: missing or extra ConfirmationMethod.");
                        return null;
                    }
                    String str = (String) confirmationMethod.iterator().next();
                    if (str == null || !str.equals("urn:oasis:names:tc:SAML:1.0:cm:bearer")) {
                        debug.error("verify AssertionAndGetSSMap:wrong ConfirmationMethod.");
                        return null;
                    }
                    if (statementType == 1 && subject == null) {
                        subject = subject2;
                    }
                }
            }
            if (debug.messageEnabled()) {
                debug.message("Adding " + assertionID + " to idTimeMap.");
            }
            Conditions conditions = assertion2.getConditions();
            if (conditions == null || (notOnorAfter = conditions.getNotOnorAfter()) == null) {
                cPeriodic.addElement(assertionID);
                idTimeMap.put(assertionID, assertionID);
            } else {
                cGoThrough.addElement(assertionID);
                idTimeMap.put(assertionID, new Long(notOnorAfter.getTime()));
            }
        }
        if (subject == null || sOAPEntry == null) {
            debug.error("verifyAssertion AndGetSSMap: couldn't find Subject.");
            return null;
        }
        HashMap hashMap = new HashMap();
        hashMap.put("subject", subject);
        hashMap.put("sourceSite", sOAPEntry);
        hashMap.put("assertion", assertion);
        return hashMap;
    }

    private static boolean checkCondition(Assertion assertion) throws IOException {
        if (assertion == null) {
            return false;
        }
        if (!assertion.isSignatureValid()) {
            debug.error(bundle.getString("assertionSignatureNotValid"));
            return false;
        }
        if (!assertion.isTimeValid()) {
            debug.error(bundle.getString("assertionTimeNotValid"));
            return false;
        }
        Conditions conditions = assertion.getConditions();
        new HashSet();
        Set audienceRestrictionCondition = conditions.getAudienceRestrictionCondition();
        if (audienceRestrictionCondition == null || audienceRestrictionCondition.isEmpty()) {
            return true;
        }
        Iterator it = audienceRestrictionCondition.iterator();
        while (it.hasNext()) {
            if (((AudienceRestrictionCondition) it.next()).evaluate() != Condition.INDETERMINATE) {
                debug.error("Failed AudienceRestrictionCondition");
                return false;
            }
            if (debug.messageEnabled()) {
                debug.message("Audience RestrictionConditions is indeterminate.");
            }
        }
        return true;
    }

    public static Subject examAssertions(List list) throws IOException {
        if (list == null) {
            return null;
        }
        boolean z = false;
        Subject subject = null;
        Iterator it = list.iterator();
        while (it.hasNext()) {
            Assertion assertion = (Assertion) it.next();
            if (!checkCondition(assertion)) {
                return null;
            }
            debug.message("Passed checking Conditions!");
            new HashSet();
            Set<Statement> statement = assertion.getStatement();
            if (statement == null || statement.isEmpty()) {
                debug.error(bundle.getString("noStatement"));
                return null;
            }
            for (Statement statement2 : statement) {
                subject = ((SubjectStatement) statement2).getSubject();
                SubjectConfirmation subjectConfirmation = subject.getSubjectConfirmation();
                new HashSet();
                Set confirmationMethod = subjectConfirmation.getConfirmationMethod();
                if (confirmationMethod == null || confirmationMethod.isEmpty()) {
                    debug.error("Subject confirmation method is null");
                    return null;
                }
                String str = (String) confirmationMethod.iterator().next();
                if (str == null || assertion.getMajorVersion() != 1 || ((assertion.getMinorVersion() != 1 || !str.equals(SAMLConstants.CONFIRMATION_METHOD_ARTIFACT)) && (assertion.getMinorVersion() != 0 || !str.equals("urn:oasis:names:tc:SAML:1.0:cm:artifact-01")))) {
                    debug.error("Wrong Confirmation Method.");
                    return null;
                }
                if (debug.messageEnabled()) {
                    debug.message("Correct Confirmation method");
                }
                if (statement2 instanceof AuthenticationStatement) {
                    z = true;
                }
            }
        }
        if (z) {
            return subject;
        }
        debug.error(bundle.getString("noSSOAssertion"));
        return null;
    }

    public static boolean checkSignatureValid(String str, String str2, String str3) {
        boolean z;
        SAMLServiceManager.SOAPEntry sOAPEntry;
        String str4 = null;
        Map map = (Map) SAMLServiceManager.getAttribute(SAMLConstants.PARTNER_URLS);
        if (map != null && (sOAPEntry = (SAMLServiceManager.SOAPEntry) map.get(str3)) != null) {
            str4 = sOAPEntry.getCertAlias();
        }
        try {
            debug.message("SAMLUtils.checkSignatureValid for certAlias {}", str4);
            z = XMLSignatureManager.getInstance().verifyXMLSignature(str, str2, str4);
        } catch (Exception e) {
            debug.warning("SAMLUtils.checkSignatureValid: signature validation exception", e);
            z = false;
        }
        if (!z && debug.messageEnabled()) {
            debug.message("SAMLUtils.checkSignatureValid: Couldn't verify signature.");
        }
        return z;
    }

    public static void setMimeHeaders(MimeHeaders mimeHeaders, HttpServletResponse httpServletResponse) {
        if (mimeHeaders == null || httpServletResponse == null) {
            debug.message("SAMLUtils.setMimeHeaders : null input");
            return;
        }
        Iterator allHeaders = mimeHeaders.getAllHeaders();
        while (allHeaders.hasNext()) {
            MimeHeader mimeHeader = (MimeHeader) allHeaders.next();
            String[] header = mimeHeaders.getHeader(mimeHeader.getName());
            if (header.length == 1) {
                httpServletResponse.setHeader(mimeHeader.getName(), mimeHeader.getValue());
            } else {
                StringBuffer stringBuffer = new StringBuffer();
                int i = 0;
                while (i < header.length) {
                    if (i != 0) {
                        stringBuffer.append(',');
                    }
                    int i2 = i;
                    i++;
                    stringBuffer.append(header[i2]);
                }
                httpServletResponse.setHeader(mimeHeader.getName(), stringBuffer.toString());
            }
        }
    }

    public static MimeHeaders getMimeHeaders(HttpServletRequest httpServletRequest) {
        MimeHeaders mimeHeaders = new MimeHeaders();
        if (httpServletRequest == null) {
            debug.message("SAMLUtils.getMimeHeaders: null input");
            return mimeHeaders;
        }
        Enumeration headerNames = httpServletRequest.getHeaderNames();
        while (headerNames.hasMoreElements()) {
            String str = (String) headerNames.nextElement();
            StringTokenizer stringTokenizer = new StringTokenizer(httpServletRequest.getHeader(str), ",");
            while (stringTokenizer.hasMoreTokens()) {
                mimeHeaders.addHeader(str, stringTokenizer.nextToken().trim());
            }
        }
        return mimeHeaders;
    }

    public static String getLoginRedirectURL(HttpServletRequest httpServletRequest) {
        String queryString = httpServletRequest.getQueryString();
        String stringBuffer = httpServletRequest.getRequestURL().toString();
        String str = null;
        if (queryString != null && queryString.length() > 0) {
            stringBuffer = stringBuffer + "?" + queryString;
            StringBuffer stringBuffer2 = new StringBuffer();
            int indexOf = queryString.indexOf((String) SAMLServiceManager.getAttribute(SAMLConstants.TARGET_SPECIFIER));
            if (indexOf > 0) {
                stringBuffer2.append(queryString.substring(0, indexOf - 1));
            }
            int indexOf2 = queryString.indexOf("&", indexOf);
            if (indexOf2 != -1) {
                if (indexOf == 0) {
                    stringBuffer2.append(queryString.substring(indexOf2 + 1));
                } else {
                    stringBuffer2.append(queryString.substring(indexOf2));
                }
            }
            str = stringBuffer2.toString();
        }
        String str2 = httpServletRequest.getScheme() + ISAuthConstants.URL_SEPARATOR + httpServletRequest.getServerName() + ":" + httpServletRequest.getServerPort() + httpServletRequest.getContextPath();
        String str3 = (str == null || str.equals("")) ? str2 + "/UI/Login?goto=" + URLEncDec.encode(stringBuffer) : str2 + "/UI/Login?" + str + "&goto=" + URLEncDec.encode(stringBuffer);
        if (debug.messageEnabled()) {
            debug.message("Redirect to auth login via:" + str3);
        }
        return str3;
    }

    public static Map processArtifact(String[] strArr, String str) throws SAMLException {
        try {
            List artifactQueryHandler = SAMLClient.artifactQueryHandler(strArr, (String) null);
            Subject examAssertions = examAssertions(artifactQueryHandler);
            if (examAssertions == null) {
                return null;
            }
            String sourceID = new AssertionArtifact(strArr[0]).getSourceID();
            Map map = (Map) SAMLServiceManager.getAttribute(SAMLConstants.PARTNER_URLS);
            if (map == null) {
                throw new SAMLException(bundle.getString("nullPartnerUrl"));
            }
            SAMLServiceManager.SOAPEntry sOAPEntry = (SAMLServiceManager.SOAPEntry) map.get(sourceID);
            if (sOAPEntry == null) {
                throw new SAMLException(bundle.getString("failedAccountMapping"));
            }
            return getAttributeMap(sOAPEntry, artifactQueryHandler, examAssertions, str);
        } catch (Exception e) {
            debug.error("SAMLUtils.processArtifact :", e);
            throw new SAMLException(bundle.getString("failProcessArtifact"));
        }
    }

    public static Object generateSession(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Map map) throws SAMLException {
        HashMap hashMap = new HashMap();
        String str = (String) map.get("realm");
        if (str == null || str.length() == 0) {
            str = "/";
        }
        hashMap.put("realm", str);
        String str2 = (String) map.get(SessionProvider.PRINCIPAL_NAME);
        if (str2 == null) {
            str2 = (String) map.get(SAMLConstants.USER_NAME);
        }
        hashMap.put(SessionProvider.PRINCIPAL_NAME, str2);
        try {
            SessionProvider provider = SessionManager.getProvider();
            Object createSession = provider.createSession(hashMap, httpServletRequest, httpServletResponse, null);
            setAttrMapInSession(provider, map, createSession);
            return createSession;
        } catch (SessionException e) {
            if (debug.messageEnabled()) {
                debug.message("SAMLUtils.generateSession:", e);
            }
            throw new SAMLException(e);
        }
    }

    public static Map processResponse(Response response, String str) throws SAMLException {
        if (!verifySignature(response)) {
            throw new SAMLException(bundle.getString("invalidResponse"));
        }
        Map verifyAssertionAndGetSSMap = verifyAssertionAndGetSSMap(response);
        if (debug.messageEnabled()) {
            debug.message("processResponse: ssMap = " + verifyAssertionAndGetSSMap);
        }
        if (verifyAssertionAndGetSSMap == null) {
            throw new SAMLException(bundle.getString("invalidAssertion"));
        }
        Subject subject = (Subject) verifyAssertionAndGetSSMap.get("subject");
        if (subject == null) {
            throw new SAMLException(bundle.getString("nullSubject"));
        }
        SAMLServiceManager.SOAPEntry sOAPEntry = (SAMLServiceManager.SOAPEntry) verifyAssertionAndGetSSMap.get("sourceSite");
        if (sOAPEntry == null) {
            throw new SAMLException(bundle.getString("failedAccountMapping"));
        }
        try {
            return getAttributeMap(sOAPEntry, (List) verifyAssertionAndGetSSMap.get("assertion"), subject, str);
        } catch (Exception e) {
            debug.error("SAMLUtils.processResponse :", e);
            throw new SAMLException(bundle.getString("failProcessResponse"));
        }
    }

    private static void setAttrMapInSession(SessionProvider sessionProvider, Map map, Object obj) throws SessionException {
        String[] strArr;
        if (map == null || map.isEmpty()) {
            return;
        }
        for (Map.Entry entry : map.entrySet()) {
            String str = (String) entry.getKey();
            if (str.equals(SAMLConstants.USER_NAME) || str.equals(SessionProvider.PRINCIPAL_NAME)) {
                strArr = new String[]{(String) entry.getValue()};
            } else if (!str.equals("realm") && !str.equals("AuthLevel")) {
                strArr = (String[]) entry.getValue();
            }
            sessionProvider.setProperty(obj, str, strArr);
            if (debug.messageEnabled()) {
                debug.message("SAMLUtils.setAttrMapInSessioin: attrName =" + str);
            }
        }
    }

    private static boolean equalURL(String str, String str2) {
        try {
            URL url = new URL(str);
            URL url2 = new URL(str2);
            int port = url.getPort();
            if (port == -1) {
                port = url.getDefaultPort();
            }
            int port2 = url2.getPort();
            if (port2 == -1) {
                port2 = url2.getDefaultPort();
            }
            if (url.getProtocol().equalsIgnoreCase(url2.getProtocol()) && url.getHost().equalsIgnoreCase(url2.getHost()) && port == port2) {
                return url.getPath().equalsIgnoreCase(url2.getPath());
            }
            return false;
        } catch (MalformedURLException e) {
            debug.message("Error in SAMLUtils.equalURL", e);
            return false;
        }
    }

    public static Element getCanonicalElement(Node node) {
        try {
            Canonicalizer canonicalizer = Canonicalizer.getInstance("http://www.w3.org/TR/2001/REC-xml-c14n-20010315");
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            canonicalizer.canonicalizeSubtree(node, byteArrayOutputStream);
            return XMLUtils.getSafeDocumentBuilder(false).parse(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())).getDocumentElement();
        } catch (Exception e) {
            debug.error("Response:getCanonicalElement: Error while performing canonicalization on the input Node.");
            return null;
        }
    }

    public static void sendError(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, int i, String str, String str2) {
        String property = SystemConfigurationUtil.getProperty(SAMLConstants.ERROR_PAGE_URL, SAMLConstants.DEFAULT_ERROR_PAGE_URL);
        if (debug.messageEnabled()) {
            debug.message("SAMLUtils.sendError: error page" + property);
        }
        String lowerCase = property.toLowerCase();
        if (!lowerCase.startsWith(PolicyManager.ORG_ALIAS_URL_HTTP_PREFIX) && !lowerCase.startsWith("https://")) {
            forwardRequest(property.trim() + (property.indexOf("?") != -1 ? "&" : "?") + SAMLConstants.ERROR_CODE + "=" + str + "&" + SAMLConstants.HTTP_STATUS_CODE + "=" + i + "&" + SAMLConstants.ERROR_MESSAGE + "=" + URLEncDec.encode(str2), httpServletRequest, httpServletResponse);
            return;
        }
        if (SAMLConstants.HTTP_REDIRECT.equals(SystemConfigurationUtil.getProperty(SAMLConstants.ERROR_PAGE_HTTP_BINDING, SAMLConstants.HTTP_POST))) {
            FSUtils.forwardRequest(httpServletRequest, httpServletResponse, property.trim() + (property.indexOf("?") != -1 ? "&" : "?") + SAMLConstants.ERROR_CODE + "=" + str + "&" + SAMLConstants.HTTP_STATUS_CODE + "=" + i + "&" + SAMLConstants.ERROR_MESSAGE + "=" + URLEncDec.encode(str2));
            return;
        }
        httpServletRequest.setAttribute("ERROR_URL", property);
        httpServletRequest.setAttribute("ERROR_CODE_NAME", SAMLConstants.ERROR_CODE);
        httpServletRequest.setAttribute("ERROR_CODE", str);
        httpServletRequest.setAttribute("ERROR_MESSAGE_NAME", SAMLConstants.ERROR_MESSAGE);
        httpServletRequest.setAttribute("ERROR_MESSAGE", URLEncDec.encode(str2));
        httpServletRequest.setAttribute("HTTP_STATUS_CODE_NAME", SAMLConstants.HTTP_STATUS_CODE);
        httpServletRequest.setAttribute("HTTP_STATUS_CODE", Integer.valueOf(i));
        httpServletRequest.setAttribute("SAML_ERROR_KEY", bundle.getString("samlErrorKey"));
        forwardRequest(ERROR_JSP, httpServletRequest, httpServletResponse);
    }

    private static void forwardRequest(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            httpServletRequest.getRequestDispatcher(str).forward(httpServletRequest, httpServletResponse);
        } catch (ServletException e) {
            handleForwardError(str, e, httpServletResponse);
        } catch (IOException e2) {
            handleForwardError(str, e2, httpServletResponse);
        }
    }

    private static void handleForwardError(String str, Exception exc, HttpServletResponse httpServletResponse) {
        debug.error("SAMLUtils.sendError: Exception occurred while trying to forward to resource: " + str, exc);
        try {
            httpServletResponse.sendError(500, exc.getMessage());
        } catch (IOException e) {
            debug.error("Failed to inform the response of caught exception", e);
        }
    }

    static {
        maxContentLength = 0;
        cGoThrough = null;
        cPeriodic = null;
        Init.init();
        if (SystemConfigurationUtil.isServerMode()) {
            long intValue = ((Integer) SAMLServiceManager.getAttribute("iplanet-am-saml-cleanup-interval")).intValue() * 1000;
            cGoThrough = new POSTCleanUpRunnable(intValue, idTimeMap);
            TimerPool timerPool = SystemTimerPool.getTimerPool();
            timerPool.schedule(cGoThrough, new Date(((Time.currentTimeMillis() + intValue) / 1000) * 1000));
            cPeriodic = new PeriodicGroupRunnable(new ScheduleableGroupAction() { // from class: com.sun.identity.saml.common.SAMLUtils.1
                @Override // com.sun.identity.common.ScheduleableGroupAction
                public void doGroupAction(Object obj) {
                    SAMLUtils.idTimeMap.remove(obj);
                }
            }, intValue, 180000L, true);
            timerPool.schedule(cPeriodic, new Date(((Time.currentTimeMillis() + intValue) / 1000) * 1000));
        }
        try {
            maxContentLength = Integer.parseInt(SystemConfigurationUtil.getProperty(HTTP_MAX_CONTENT_LENGTH, DEFAULT_CONTENT_LENGTH));
        } catch (NumberFormatException e) {
            debug.error("Wrong format of SAML request max content length. Take default value.");
            maxContentLength = 16384;
        }
    }
}
