package com.sun.identity.federation.plugins;

import com.iplanet.am.console.base.model.AMQueryParameters;
import com.iplanet.am.util.AMURLEncDec;
import com.iplanet.dpro.session.share.SessionEncodeURL;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.common.Constants;
import com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey;
import com.sun.identity.federation.accountmgmt.FSAccountManager;
import com.sun.identity.federation.accountmgmt.FSAccountMgmtException;
import com.sun.identity.federation.common.FSUtils;
import com.sun.identity.federation.common.FederationException;
import com.sun.identity.federation.common.IFSConstants;
import com.sun.identity.federation.message.FSAssertion;
import com.sun.identity.federation.message.FSAuthenticationStatement;
import com.sun.identity.federation.message.FSAuthnRequest;
import com.sun.identity.federation.message.FSAuthnResponse;
import com.sun.identity.federation.message.FSResponse;
import com.sun.identity.federation.message.FSSubject;
import com.sun.identity.federation.message.common.IDPProvidedNameIdentifier;
import com.sun.identity.federation.services.util.FSServiceUtils;
import com.sun.identity.idm.AMIdentity;
import com.sun.identity.idm.AMIdentityRepository;
import com.sun.identity.idm.IdRepoException;
import com.sun.identity.idm.IdSearchControl;
import com.sun.identity.idm.IdSearchOpModifier;
import com.sun.identity.idm.IdType;
import com.sun.identity.idm.IdUtils;
import com.sun.identity.saml.assertion.Statement;
import com.sun.identity.saml.protocol.StatusCode;
import com.sun.identity.security.AdminTokenAction;
import java.io.IOException;
import java.security.AccessController;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:120954-03/SUNWamsdk/reloc/SUNWam/lib/am_services.jar:com/sun/identity/federation/plugins/FSDefaultSPAdapter.class */
public class FSDefaultSPAdapter implements FederationSPAdapter {
    private static SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());

    @Override // com.sun.identity.federation.plugins.FederationSPAdapter
    public boolean postSSOFederationSuccess(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SSOToken sSOToken, FSAuthnRequest fSAuthnRequest, FSAuthnResponse fSAuthnResponse, FSResponse fSResponse) throws FederationException {
        List assertion;
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message(new StringBuffer().append("FSDefaultSPAdapter.postFedSuccess, process ").append(str).toString());
        }
        String entityID = FSUtils.getEntityID(str);
        boolean z = false;
        if (fSAuthnRequest == null) {
            FSUtils.debug.error("FSDefaultSPAdapter.postFedSuccess null");
        } else {
            String nameIDPolicy = fSAuthnRequest.getNameIDPolicy();
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message(new StringBuffer().append("FSDefaultSPAdapter.postSuccess ").append(nameIDPolicy).toString());
            }
            if (nameIDPolicy.equals(IFSConstants.NAME_ID_POLICY_FEDERATED)) {
                z = true;
            }
        }
        if (!z || adminToken == null) {
            return false;
        }
        try {
            FSAccountManager.getInstance();
            String str2 = null;
            if (fSAuthnResponse != null) {
                assertion = fSAuthnResponse.getAssertion();
                str2 = fSAuthnResponse.getProviderId();
            } else {
                assertion = fSResponse.getAssertion();
            }
            FSAssertion fSAssertion = (FSAssertion) assertion.iterator().next();
            if (str2 == null) {
                str2 = fSAssertion.getIssuer();
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message(new StringBuffer().append("FSAdapter.postSuccess: idp=").append(str2).toString());
            }
            Iterator it = fSAssertion.getStatement().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Statement statement = (Statement) it.next();
                if (statement.getStatementType() == 1) {
                    FSSubject fSSubject = (FSSubject) ((FSAuthenticationStatement) statement).getSubject();
                    IDPProvidedNameIdentifier iDPProvidedNameIdentifier = fSSubject.getIDPProvidedNameIdentifier();
                    if (iDPProvidedNameIdentifier == null) {
                        iDPProvidedNameIdentifier = fSSubject.getNameIdentifier();
                    }
                    r17 = iDPProvidedNameIdentifier != null ? iDPProvidedNameIdentifier.getName() : null;
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message(new StringBuffer().append("FSAdapter.postSuccess: found name id =").append(r17).toString());
                    }
                }
            }
            if (r17 == null) {
                FSUtils.debug.warning("FSAdapter.postSuc : null nameID");
                return false;
            }
            HashMap hashMap = new HashMap();
            HashSet hashSet = new HashSet();
            hashSet.add(new StringBuffer().append("|").append(entityID).append("|").append(r17).append("|").toString());
            hashMap.put("iplanet-am-user-federation-info-key", hashSet);
            AMIdentityRepository aMIdentityRepository = new AMIdentityRepository(adminToken, sSOToken.getProperty("Organization"));
            IdSearchControl idSearchControl = new IdSearchControl();
            idSearchControl.setRecursive(true);
            idSearchControl.setTimeOut(0);
            idSearchControl.setMaxResults(0);
            idSearchControl.setAllReturnAttributes(false);
            idSearchControl.setSearchModifiers(IdSearchOpModifier.AND, hashMap);
            Set<AMIdentity> searchResults = aMIdentityRepository.searchIdentities(IdType.USER, "*", idSearchControl).getSearchResults();
            if (searchResults.size() > 1) {
                String property = sSOToken.getProperty(Constants.UNIVERSAL_IDENTIFIER);
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message(new StringBuffer().append("FSAdapter.postSuccess: found ").append(searchResults.size()).append(" federation with same ID as ").append(property).toString());
                }
                FSAccountManager fSAccountManager = FSAccountManager.getInstance();
                FSAccountFedInfoKey fSAccountFedInfoKey = new FSAccountFedInfoKey(entityID, r17);
                for (AMIdentity aMIdentity : searchResults) {
                    String universalId = IdUtils.getUniversalId(aMIdentity);
                    if (!property.equalsIgnoreCase(universalId)) {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message(new StringBuffer().append("FSAdapter.postSucces, remove fed info for user ").append(universalId).toString());
                        }
                        fSAccountManager.removeAccountFedInfo(aMIdentity, fSAccountFedInfoKey, str2);
                    }
                }
            }
            return false;
        } catch (SSOException e) {
            FSUtils.debug.warning("FSDefaultSPAdapter.postSSOSuccess", e);
            return false;
        } catch (FSAccountMgmtException e2) {
            FSUtils.debug.warning("FSDefaultSPAdapter.postSSOSuccess", e2);
            return false;
        } catch (IdRepoException e3) {
            FSUtils.debug.warning("FSDefaultSPAdapter.postSSOSuccess", e3);
            return false;
        }
    }

    @Override // com.sun.identity.federation.plugins.FederationSPAdapter
    public boolean postSSOFederationFailure(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FSAuthnRequest fSAuthnRequest, FSAuthnResponse fSAuthnResponse, FSResponse fSResponse, int i) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message(new StringBuffer().append("FSDefaultSPAdapter.postFedFailure, process ").append(str).toString());
        }
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message(new StringBuffer().append("FSDefaultSPAdapter.postSSOFailure: failureCode=").append(i).toString());
        }
        String baseURL = FSServiceUtils.getBaseURL(httpServletRequest);
        String str2 = null;
        if (fSAuthnRequest != null) {
            str2 = fSAuthnRequest.getRelayState();
        }
        String commonLoginPageURL = FSServiceUtils.getCommonLoginPageURL(FSServiceUtils.getMetaAlias(httpServletRequest), str2, null, httpServletRequest, baseURL);
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(commonLoginPageURL).append(SessionEncodeURL.AMPERSAND).append(IFSConstants.FAILURE_CODE).append("=").append(i);
        if (i == 1 || i == 2) {
            StatusCode statusCode = (i == 1 ? fSAuthnResponse.getStatus() : fSResponse.getStatus()).getStatusCode();
            if (statusCode == null) {
                if (!FSUtils.debug.messageEnabled()) {
                    return false;
                }
                FSUtils.debug.message("FSDefaultSPAdapter.postSSOFederationFailure: Status is null");
                return false;
            }
            StatusCode statusCode2 = statusCode.getStatusCode();
            if (statusCode2 == null) {
                if (!FSUtils.debug.messageEnabled()) {
                    return false;
                }
                FSUtils.debug.message("FSDefaultSPAdapter.postSSOFederationFailure: Second level status is empty");
                return false;
            }
            stringBuffer.append(SessionEncodeURL.AMPERSAND).append(IFSConstants.STATUS_CODE).append("=").append(AMURLEncDec.encode(statusCode2.getValue()));
        }
        String stringBuffer2 = stringBuffer.toString();
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message(new StringBuffer().append("FSDefaultSPAdapter.postSSOFederationFailure. URL to be redirected: ").append(stringBuffer2).toString());
        }
        try {
            httpServletResponse.setHeader(AMQueryParameters.QUERY_PARAM_LOCATION, stringBuffer2);
            httpServletResponse.sendRedirect(stringBuffer2);
            return true;
        } catch (IOException e) {
            FSUtils.debug.error("FSDefaultSPAdapter.postSSOFedFailure", e);
            return false;
        }
    }
}
