package org.picketlink.identity.federation.bindings.wildfly.sp;

import io.undertow.connector.PooledByteBuffer;
import io.undertow.io.Receiver;
import io.undertow.security.api.AuthenticationMechanism;
import io.undertow.security.api.SecurityContext;
import io.undertow.security.idm.Account;
import io.undertow.security.idm.IdentityManager;
import io.undertow.server.Connectors;
import io.undertow.server.HttpServerExchange;
import io.undertow.server.handlers.form.FormData;
import io.undertow.server.handlers.form.FormDataParser;
import io.undertow.server.handlers.form.FormParserFactory;
import io.undertow.servlet.handlers.ServletRequestContext;
import io.undertow.servlet.handlers.security.ServletFormAuthenticationMechanism;
import io.undertow.servlet.spec.ServletContextImpl;
import io.undertow.servlet.util.SavedRequest;
import io.undertow.util.ImmediatePooledByteBuffer;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.nio.ByteBuffer;
import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.Timer;
import java.util.TimerTask;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import javax.servlet.ReadListener;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletInputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.picketlink.common.PicketLinkLogger;
import org.picketlink.common.PicketLinkLoggerFactory;
import org.picketlink.common.constants.JBossSAMLConstants;
import org.picketlink.common.exceptions.ConfigurationException;
import org.picketlink.common.exceptions.ParsingException;
import org.picketlink.common.exceptions.ProcessingException;
import org.picketlink.common.exceptions.fed.AssertionExpiredException;
import org.picketlink.common.util.DocumentUtil;
import org.picketlink.common.util.StringUtil;
import org.picketlink.common.util.SystemPropertiesUtil;
import org.picketlink.config.federation.AuthPropertyType;
import org.picketlink.config.federation.KeyProviderType;
import org.picketlink.config.federation.PicketLinkType;
import org.picketlink.config.federation.SPType;
import org.picketlink.config.federation.handler.Handlers;
import org.picketlink.identity.federation.api.saml.v2.metadata.MetaDataExtractor;
import org.picketlink.identity.federation.bindings.wildfly.ServiceProviderSAMLContext;
import org.picketlink.identity.federation.core.SerializablePrincipal;
import org.picketlink.identity.federation.core.audit.PicketLinkAuditEvent;
import org.picketlink.identity.federation.core.audit.PicketLinkAuditEventType;
import org.picketlink.identity.federation.core.audit.PicketLinkAuditHelper;
import org.picketlink.identity.federation.core.interfaces.TrustKeyManager;
import org.picketlink.identity.federation.core.parsers.saml.SAMLParser;
import org.picketlink.identity.federation.core.saml.v2.factories.SAML2HandlerChainFactory;
import org.picketlink.identity.federation.core.saml.v2.impl.DefaultSAML2HandlerChainConfig;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2Handler;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerChain;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
import org.picketlink.identity.federation.core.saml.v2.util.AssertionUtil;
import org.picketlink.identity.federation.core.saml.v2.util.HandlerUtil;
import org.picketlink.identity.federation.core.saml.workflow.ServiceProviderSAMLWorkflow;
import org.picketlink.identity.federation.core.util.CoreConfigUtil;
import org.picketlink.identity.federation.core.util.XMLSignatureUtil;
import org.picketlink.identity.federation.saml.v1.assertion.SAML11AssertionType;
import org.picketlink.identity.federation.saml.v1.assertion.SAML11AuthenticationStatementType;
import org.picketlink.identity.federation.saml.v1.protocol.SAML11ResponseType;
import org.picketlink.identity.federation.saml.v2.metadata.EndpointType;
import org.picketlink.identity.federation.saml.v2.metadata.EntitiesDescriptorType;
import org.picketlink.identity.federation.saml.v2.metadata.EntityDescriptorType;
import org.picketlink.identity.federation.saml.v2.metadata.IDPSSODescriptorType;
import org.picketlink.identity.federation.saml.v2.metadata.KeyDescriptorType;
import org.picketlink.identity.federation.web.core.HTTPContext;
import org.picketlink.identity.federation.web.process.ServiceProviderBaseProcessor;
import org.picketlink.identity.federation.web.process.ServiceProviderSAMLRequestProcessor;
import org.picketlink.identity.federation.web.process.ServiceProviderSAMLResponseProcessor;
import org.picketlink.identity.federation.web.util.ConfigurationUtil;
import org.picketlink.identity.federation.web.util.PostBindingUtil;
import org.picketlink.identity.federation.web.util.RedirectBindingUtil;
import org.picketlink.identity.federation.web.util.SAMLConfigurationProvider;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.wildfly.extension.undertow.security.AccountImpl;

/* loaded from: input_file:org/picketlink/identity/federation/bindings/wildfly/sp/SPFormAuthenticationMechanism.class */
public class SPFormAuthenticationMechanism extends ServletFormAuthenticationMechanism {
    private static final PicketLinkLogger logger = PicketLinkLoggerFactory.getLogger();
    public static final String INITIAL_LOCATION_STORED = "org.picketlink.federation.saml.initial_location";
    protected transient String samlHandlerChainClass;
    protected final ServletContext servletContext;
    protected Map<String, Object> chainConfigOptions;
    protected SAMLConfigurationProvider configProvider;
    protected transient X509Certificate idpCertificate;
    protected int timerInterval;
    protected Timer timer;
    public static final String EMPTY_PASSWORD = "EMPTY_STR";
    protected boolean enableAudit;
    public static final String FORM_ACCOUNT_NOTE = "picketlink.form.account";
    public static final String FORM_REQUEST_NOTE = "picketlink.REQUEST";
    protected transient SAML2HandlerChain chain;
    protected SPType spConfiguration;
    protected PicketLinkType configuration;
    protected String serviceURL;
    protected String identityURL;
    protected String issuerID;
    protected String configFile;
    protected boolean saveRestoreRequest;
    protected Lock chainLock;
    protected String canonicalizationMethod;
    protected PicketLinkAuditHelper auditHelper;
    protected TrustKeyManager keyManager;
    protected IDPSSODescriptorType idpMetadata;
    protected FormParserFactory formParserFactory;

    public SPFormAuthenticationMechanism(FormParserFactory formParserFactory, String str, String str2, String str3, ServletContext servletContext, PicketLinkType picketLinkType, PicketLinkAuditHelper picketLinkAuditHelper) {
        super(formParserFactory, str, str2, str3);
        this.samlHandlerChainClass = null;
        this.chainConfigOptions = new HashMap();
        this.idpCertificate = null;
        this.timerInterval = -1;
        this.timer = null;
        this.enableAudit = false;
        this.chain = null;
        this.spConfiguration = null;
        this.configuration = null;
        this.serviceURL = null;
        this.identityURL = null;
        this.issuerID = null;
        this.saveRestoreRequest = true;
        this.chainLock = new ReentrantLock();
        this.canonicalizationMethod = "http://www.w3.org/2001/10/xml-exc-c14n#WithComments";
        this.servletContext = servletContext;
        this.configuration = picketLinkType;
        this.spConfiguration = picketLinkType.getIdpOrSP();
        this.auditHelper = picketLinkAuditHelper;
        FormParserFactory.Builder builder = FormParserFactory.builder(true);
        String defaultEncoding = getDefaultEncoding(servletContext);
        if (defaultEncoding != null) {
            builder.setDefaultCharset(defaultEncoding);
        }
        this.formParserFactory = builder.build();
        startPicketLink();
    }

    protected String getDefaultEncoding(ServletContext servletContext) {
        String str = null;
        if (servletContext instanceof ServletContextImpl) {
            if (servletContext.getEffectiveMajorVersion() < 4) {
                str = ((ServletContextImpl) servletContext).getDeployment().getDeploymentInfo().getDefaultEncoding();
            } else {
                str = ((ServletContextImpl) servletContext).getDeployment().getDeploymentInfo().getDefaultRequestEncoding();
                if (str == null) {
                    str = ((ServletContextImpl) servletContext).getDeployment().getDeploymentInfo().getDefaultEncoding();
                }
            }
        }
        return str;
    }

    public SPFormAuthenticationMechanism(FormParserFactory formParserFactory, String str, String str2, String str3, ServletContext servletContext, SAMLConfigurationProvider sAMLConfigurationProvider, PicketLinkAuditHelper picketLinkAuditHelper) throws ProcessingException {
        this(formParserFactory, str, str2, str3, servletContext, sAMLConfigurationProvider.getPicketLinkConfiguration(), picketLinkAuditHelper);
    }

    public AuthenticationMechanism.ChallengeResult sendChallenge(HttpServerExchange httpServerExchange, SecurityContext securityContext) {
        ServletRequestContext servletRequestContext = (ServletRequestContext) httpServerExchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequestContext.getServletRequest();
        HttpServletResponse servletResponse = servletRequestContext.getServletResponse();
        String parameter = httpServletRequest.getParameter("SAMLRequest");
        HttpSession session = httpServletRequest.getSession(true);
        Principal userPrincipal = httpServletRequest.getUserPrincipal();
        try {
            if (isAjaxRequest(httpServletRequest) && userPrincipal == null) {
                return new AuthenticationMechanism.ChallengeResult(false, 403);
            }
            if (StringUtil.isNotNull(parameter) || servletResponse.isCommitted()) {
                return servletResponse.isCommitted() ? new AuthenticationMechanism.ChallengeResult(true) : new AuthenticationMechanism.ChallengeResult(false);
            }
            session.setAttribute(INITIAL_LOCATION_STORED, true);
            byte[] storedBuffer = SPFormAuthrenticationRequestUtil.getStoredBuffer(httpServerExchange);
            int storedBufferLength = SPFormAuthrenticationRequestUtil.getStoredBufferLength(httpServerExchange);
            if (storedBuffer != null) {
                storeInitialLocation(httpServerExchange, storedBuffer, storedBufferLength);
            } else {
                storeInitialLocation(httpServerExchange);
            }
            return generalUserRequest(httpServerExchange, securityContext);
        } catch (Exception e) {
            throw new RuntimeException("Could not send authn request to identity provider.", e);
        }
    }

    public AuthenticationMechanism.AuthenticationMechanismOutcome authenticate(HttpServerExchange httpServerExchange, SecurityContext securityContext) {
        Account account;
        ServletRequestContext servletRequestContext = (ServletRequestContext) httpServerExchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
        ServletContextImpl currentServletContext = servletRequestContext.getCurrentServletContext();
        HttpServletRequest servletRequest = servletRequestContext.getServletRequest();
        HttpServletResponse servletResponse = servletRequestContext.getServletResponse();
        HttpSession session = servletRequest.getSession(true);
        if (this.saveRestoreRequest && (account = (Account) session.getAttribute(FORM_ACCOUNT_NOTE)) != null) {
            register(securityContext, account);
        }
        CompletableFuture completableFuture = new CompletableFuture();
        Receiver.FullBytesCallback fullBytesCallback = (httpServerExchange2, bArr) -> {
            FormData parseBlocking;
            boolean isLocalLogoutRequest;
            boolean isGlobalLogout;
            AuthenticationMechanism.AuthenticationMechanismOutcome authenticationMechanismOutcome = AuthenticationMechanism.AuthenticationMechanismOutcome.NOT_AUTHENTICATED;
            try {
                if (bArr != null) {
                    try {
                        if (bArr.length > 0 && httpServerExchange.getRequestContentLength() > 0) {
                            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequestContext.getServletRequest();
                            try {
                                Connectors.ungetRequestBytes(httpServerExchange, new PooledByteBuffer[]{new ImmediatePooledByteBuffer(ByteBuffer.wrap(bArr, 0, (int) httpServerExchange.getRequestContentLength()))});
                                Connectors.resetRequestChannel(httpServerExchange);
                                servletRequestContext.setServletRequest(bufferServletRequestInputStream(httpServletRequest, bArr));
                                FormDataParser createParser = this.formParserFactory.createParser(httpServerExchange);
                                if (createParser != null && (parseBlocking = createParser.parseBlocking()) != null) {
                                    SPFormAuthrenticationRequestUtil.store(bArr, parseBlocking, httpServerExchange, (int) httpServerExchange.getRequestContentLength());
                                }
                                servletRequestContext.setServletRequest(httpServletRequest);
                            } catch (Throwable th) {
                                servletRequestContext.setServletRequest(httpServletRequest);
                                throw th;
                            }
                        }
                    } catch (RuntimeException e) {
                        logger.samlLogoutError(e);
                        throw e;
                    } catch (Exception e2) {
                        logger.samlLogoutError(e2);
                        throw new RuntimeException(e2);
                    }
                }
                HttpServletRequest wrapRequest = SPFormAuthrenticationRequestUtil.wrapRequest(httpServerExchange);
                servletRequestContext.setServletRequest(wrapRequest);
                ServiceProviderSAMLWorkflow serviceProviderSAMLWorkflow = new ServiceProviderSAMLWorkflow();
                if (!isMultiPart(wrapRequest) || httpServerExchange.getRequestContentLength() <= SavedRequest.getMaxBufferSizeToSave(httpServerExchange)) {
                    isLocalLogoutRequest = serviceProviderSAMLWorkflow.isLocalLogoutRequest(wrapRequest);
                    isGlobalLogout = isGlobalLogout(wrapRequest);
                } else {
                    isLocalLogoutRequest = isLocalLogoutInUrl(wrapRequest);
                    isGlobalLogout = isGlobalLogoutInUrl(wrapRequest);
                }
                if (isLocalLogoutRequest) {
                    try {
                        serviceProviderSAMLWorkflow.sendToLogoutPage(wrapRequest, servletResponse, session, currentServletContext, this.spConfiguration.getLogOutPage());
                        return;
                    } catch (ServletException e3) {
                        logger.samlLogoutError(e3);
                        throw new RuntimeException((Throwable) e3);
                    } catch (IOException e4) {
                        logger.samlLogoutError(e4);
                        throw new RuntimeException(e4);
                    }
                }
                String str = null;
                String str2 = null;
                if (!isMultiPart(wrapRequest) || httpServerExchange.getRequestContentLength() <= SavedRequest.getMaxBufferSizeToSave(httpServerExchange)) {
                    str = wrapRequest.getParameter("SAMLRequest");
                    str2 = wrapRequest.getParameter("SAMLResponse");
                }
                Account authenticatedAccount = securityContext.getAuthenticatedAccount();
                if (authenticatedAccount != null && !isLocalLogoutRequest && !isGlobalLogout) {
                    try {
                        if (!StringUtil.isNotNull(str) && !StringUtil.isNotNull(str2)) {
                            IdentityManager identityManager = securityContext.getIdentityManager();
                            ServiceProviderSAMLContext.push(authenticatedAccount.getPrincipal().getName(), new ArrayList(authenticatedAccount.getRoles()));
                            try {
                                identityManager.verify(authenticatedAccount);
                                ServiceProviderSAMLContext.clear();
                                completableFuture.complete(AuthenticationMechanism.AuthenticationMechanismOutcome.AUTHENTICATED);
                                return;
                            } catch (Throwable th2) {
                                ServiceProviderSAMLContext.clear();
                                throw th2;
                            }
                        }
                    } catch (IOException e5) {
                        if (!StringUtil.isNotNull(this.spConfiguration.getErrorPage())) {
                            throw new RuntimeException(e5);
                        }
                        try {
                            wrapRequest.getRequestDispatcher(this.spConfiguration.getErrorPage()).forward(wrapRequest, servletResponse);
                        } catch (ServletException e6) {
                            logger.samlErrorPageForwardError(this.spConfiguration.getErrorPage(), e6);
                        } catch (IOException e7) {
                            logger.samlErrorPageForwardError(this.spConfiguration.getErrorPage(), e7);
                        }
                    }
                }
                if (StringUtil.isNotNull(str2)) {
                    completableFuture.complete(handleSAMLResponse(httpServerExchange, securityContext));
                    return;
                } else if (StringUtil.isNotNull(str)) {
                    completableFuture.complete(handleSAMLRequest(httpServerExchange, securityContext));
                    return;
                } else {
                    authenticationMechanismOutcome = super.authenticate(httpServerExchange, securityContext);
                    completableFuture.complete(authenticationMechanismOutcome);
                    return;
                }
            } finally {
            }
            completableFuture.complete(authenticationMechanismOutcome);
        };
        Receiver.ErrorCallback errorCallback = (httpServerExchange3, iOException) -> {
            completableFuture.complete(AuthenticationMechanism.AuthenticationMechanismOutcome.NOT_AUTHENTICATED);
            logger.samlSPHandleRequestError(iOException);
            throw new RuntimeException(iOException);
        };
        if (httpServerExchange.getRequestContentLength() > SavedRequest.getMaxBufferSizeToSave(httpServerExchange) || this.formParserFactory.createParser(httpServerExchange) == null) {
            fullBytesCallback.handle(httpServerExchange, (byte[]) null);
        } else {
            httpServerExchange.getRequestReceiver().receiveFullBytes(fullBytesCallback, errorCallback);
        }
        try {
            return (AuthenticationMechanism.AuthenticationMechanismOutcome) completableFuture.get();
        } catch (InterruptedException | ExecutionException e) {
            throw new RuntimeException(e);
        }
    }

    private boolean isLocalLogoutInUrl(HttpServletRequest httpServletRequest) {
        return checkParameterInUri(httpServletRequest, "LLO", "true");
    }

    private boolean checkParameterInUri(HttpServletRequest httpServletRequest, String str, String str2) {
        String queryString = httpServletRequest.getQueryString();
        if (queryString == null) {
            return false;
        }
        for (String str3 : queryString.split("&")) {
            String[] split = str3.split("=");
            if (str.equals(split[0]) && str2.equals(split[1])) {
                return true;
            }
        }
        return false;
    }

    private boolean isGlobalLogoutInUrl(HttpServletRequest httpServletRequest) {
        return checkParameterInUri(httpServletRequest, "GLO", "true");
    }

    private boolean isMultiPart(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("Content-Type");
        return header != null && header.startsWith("multipart/form-data");
    }

    protected HttpServletRequestWrapper bufferServletRequestInputStream(HttpServletRequest httpServletRequest, byte[] bArr) {
        final ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        return new HttpServletRequestWrapper(httpServletRequest) { // from class: org.picketlink.identity.federation.bindings.wildfly.sp.SPFormAuthenticationMechanism.1
            public ServletInputStream getInputStream() throws IOException {
                return new ServletInputStream() { // from class: org.picketlink.identity.federation.bindings.wildfly.sp.SPFormAuthenticationMechanism.1.1
                    public int read() throws IOException {
                        return byteArrayInputStream.read();
                    }

                    public boolean isFinished() {
                        return byteArrayInputStream.available() <= 0;
                    }

                    public boolean isReady() {
                        return !isFinished();
                    }

                    public void setReadListener(ReadListener readListener) {
                        throw new IllegalStateException("Cannot set ReadListener: not an async request.");
                    }
                };
            }
        };
    }

    protected AuthenticationMechanism.AuthenticationMechanismOutcome handleSAMLResponse(HttpServerExchange httpServerExchange, SecurityContext securityContext) throws IOException {
        ServletRequestContext servletRequestContext = (ServletRequestContext) httpServerExchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequestContext.getServletRequest();
        return !JBossSAMLConstants.VERSION_2_0.get().equals(getSAMLVersion(httpServletRequest)) ? handleSAML11UnsolicitedResponse(httpServletRequest, (HttpServletResponse) servletRequestContext.getServletResponse(), securityContext) : handleSAML2Response(httpServerExchange, securityContext);
    }

    protected AuthenticationMechanism.ChallengeResult generalUserRequest(HttpServerExchange httpServerExchange, SecurityContext securityContext) throws IOException {
        ServiceProviderSAMLWorkflow serviceProviderSAMLWorkflow = new ServiceProviderSAMLWorkflow();
        serviceProviderSAMLWorkflow.setRedirectionHandler(new UndertowRedirectionHandler(httpServerExchange));
        ServletRequestContext servletRequestContext = (ServletRequestContext) httpServerExchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
        ServletContextImpl currentServletContext = servletRequestContext.getCurrentServletContext();
        HttpServletRequest servletRequest = servletRequestContext.getServletRequest();
        HttpServletResponse servletResponse = servletRequestContext.getServletResponse();
        servletRequest.getSession(true);
        HTTPContext hTTPContext = new HTTPContext(servletRequest, servletResponse, currentServletContext);
        Set handlers = this.chain.handlers();
        try {
            ServiceProviderBaseProcessor serviceProviderBaseProcessor = new ServiceProviderBaseProcessor(this.spConfiguration.getBindingType().equals("POST"), this.serviceURL, this.configuration, this.idpMetadata);
            if (this.issuerID != null) {
                serviceProviderBaseProcessor.setIssuer(this.issuerID);
            }
            String str = (String) servletRequest.getAttribute("picketlink.desired.idp");
            if (StringUtil.isNotNull(str)) {
                serviceProviderBaseProcessor.setIdentityURL(str);
            } else {
                serviceProviderBaseProcessor.setIdentityURL(getIdentityURL());
            }
            serviceProviderBaseProcessor.setAuditHelper(this.auditHelper);
            SAML2HandlerResponse process = serviceProviderBaseProcessor.process(hTTPContext, handlers, this.chainLock);
            boolean sendRequest = process.getSendRequest();
            Document resultingDocument = process.getResultingDocument();
            String relayState = process.getRelayState();
            String destination = process.getDestination();
            String destinationQueryStringWithSignature = process.getDestinationQueryStringWithSignature();
            if (destination == null || resultingDocument == null) {
                return super.sendChallenge(httpServerExchange, securityContext);
            }
            try {
                if (this.saveRestoreRequest) {
                    byte[] storedBuffer = SPFormAuthrenticationRequestUtil.getStoredBuffer(httpServerExchange);
                    int storedBufferLength = SPFormAuthrenticationRequestUtil.getStoredBufferLength(httpServerExchange);
                    if (storedBuffer != null) {
                        storeInitialLocation(httpServerExchange, storedBuffer, storedBufferLength);
                    } else {
                        storeInitialLocation(httpServerExchange);
                    }
                }
                PicketLinkAuditEvent picketLinkAuditEvent = new PicketLinkAuditEvent("Info");
                picketLinkAuditEvent.setType(PicketLinkAuditEventType.REQUEST_TO_IDP);
                picketLinkAuditEvent.setWhoIsAuditing(currentServletContext.getContextPath());
                audit(picketLinkAuditEvent);
                serviceProviderSAMLWorkflow.sendRequestToIDP(destination, resultingDocument, relayState, servletResponse, sendRequest, destinationQueryStringWithSignature, isHttpPostBinding());
                return new AuthenticationMechanism.ChallengeResult(false);
            } catch (Exception e) {
                logger.samlSPHandleRequestError(e);
                throw logger.samlSPProcessingExceptionError(e);
            }
        } catch (ParsingException e2) {
            logger.samlSPHandleRequestError(e2);
            throw new RuntimeException((Throwable) e2);
        } catch (ProcessingException e3) {
            logger.samlSPHandleRequestError(e3);
            throw new RuntimeException((Throwable) e3);
        } catch (ConfigurationException e4) {
            logger.samlSPHandleRequestError(e4);
            throw new RuntimeException((Throwable) e4);
        }
    }

    protected boolean matchRequest(HttpServletRequest httpServletRequest) {
        return false;
    }

    protected void register(SecurityContext securityContext, Account account) {
        securityContext.authenticationComplete(account, "FORM", false);
    }

    protected AuthenticationMechanism.AuthenticationMechanismOutcome localAuthentication(HttpServerExchange httpServerExchange, SecurityContext securityContext) throws IOException {
        ServletRequestContext servletRequestContext = (ServletRequestContext) httpServerExchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
        servletRequestContext.getCurrentServletContext();
        HttpServletRequest servletRequest = servletRequestContext.getServletRequest();
        servletRequestContext.getServletResponse();
        if (servletRequest.getUserPrincipal() != null) {
            return AuthenticationMechanism.AuthenticationMechanismOutcome.AUTHENTICATED;
        }
        logger.samlSPFallingBackToLocalFormAuthentication();
        try {
            return super.authenticate(httpServerExchange, securityContext);
        } catch (NoSuchMethodError e) {
            return AuthenticationMechanism.AuthenticationMechanismOutcome.NOT_AUTHENTICATED;
        }
    }

    protected AuthenticationMechanism.AuthenticationMechanismOutcome handleSAMLRequest(HttpServerExchange httpServerExchange, SecurityContext securityContext) throws IOException {
        ServletRequestContext servletRequestContext = (ServletRequestContext) httpServerExchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
        ServletContextImpl currentServletContext = servletRequestContext.getCurrentServletContext();
        HttpServletRequest servletRequest = servletRequestContext.getServletRequest();
        HttpServletResponse servletResponse = servletRequestContext.getServletResponse();
        String parameter = servletRequest.getParameter("SAMLRequest");
        HTTPContext hTTPContext = new HTTPContext(servletRequest, servletResponse, currentServletContext);
        Set handlers = this.chain.handlers();
        try {
            ServiceProviderSAMLRequestProcessor serviceProviderSAMLRequestProcessor = new ServiceProviderSAMLRequestProcessor(servletRequest.getMethod().equals("POST"), this.serviceURL, this.configuration, this.idpMetadata);
            serviceProviderSAMLRequestProcessor.setTrustKeyManager(this.keyManager);
            boolean process = serviceProviderSAMLRequestProcessor.process(parameter, hTTPContext, handlers, this.chainLock);
            PicketLinkAuditEvent picketLinkAuditEvent = new PicketLinkAuditEvent("Info");
            picketLinkAuditEvent.setType(PicketLinkAuditEventType.REQUEST_FROM_IDP);
            picketLinkAuditEvent.setWhoIsAuditing(currentServletContext.getContextPath());
            audit(picketLinkAuditEvent);
            return servletResponse.isCommitted() ? AuthenticationMechanism.AuthenticationMechanismOutcome.NOT_AUTHENTICATED : process ? AuthenticationMechanism.AuthenticationMechanismOutcome.AUTHENTICATED : localAuthentication(httpServerExchange, securityContext);
        } catch (Exception e) {
            logger.samlSPHandleRequestError(e);
            throw logger.samlSPProcessingExceptionError(e);
        }
    }

    protected AuthenticationMechanism.AuthenticationMechanismOutcome handleSAML2Response(HttpServerExchange httpServerExchange, SecurityContext securityContext) throws IOException {
        ServiceProviderSAMLWorkflow serviceProviderSAMLWorkflow = new ServiceProviderSAMLWorkflow();
        ServletRequestContext servletRequestContext = (ServletRequestContext) httpServerExchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY);
        ServletContextImpl currentServletContext = servletRequestContext.getCurrentServletContext();
        HttpServletRequest servletRequest = servletRequestContext.getServletRequest();
        HttpServletResponse servletResponse = servletRequestContext.getServletResponse();
        HttpSession session = servletRequest.getSession(true);
        String parameter = servletRequest.getParameter("SAMLResponse");
        HTTPContext hTTPContext = new HTTPContext(servletRequest, servletResponse, currentServletContext);
        Set handlers = this.chain.handlers();
        Principal userPrincipal = servletRequest.getUserPrincipal();
        try {
            if (!serviceProviderSAMLWorkflow.validate(servletRequest)) {
                throw new IOException("PL00019: Validation check failed");
            }
            try {
                try {
                    ServiceProviderSAMLResponseProcessor serviceProviderSAMLResponseProcessor = new ServiceProviderSAMLResponseProcessor(servletRequest.getMethod().equals("POST"), this.serviceURL, this.configuration, this.idpMetadata);
                    if (this.auditHelper != null) {
                        serviceProviderSAMLResponseProcessor.setAuditHelper(this.auditHelper);
                    }
                    serviceProviderSAMLResponseProcessor.setTrustKeyManager(this.keyManager);
                    SAML2HandlerResponse process = serviceProviderSAMLResponseProcessor.process(parameter, hTTPContext, handlers, this.chainLock);
                    Document resultingDocument = process.getResultingDocument();
                    String relayState = process.getRelayState();
                    String destination = process.getDestination();
                    boolean sendRequest = process.getSendRequest();
                    String destinationQueryStringWithSignature = process.getDestinationQueryStringWithSignature();
                    if (destination != null && resultingDocument != null) {
                        serviceProviderSAMLWorkflow.sendRequestToIDP(destination, resultingDocument, relayState, servletResponse, sendRequest, destinationQueryStringWithSignature, this.spConfiguration.getBindingType().equalsIgnoreCase("POST"));
                        ServiceProviderSAMLContext.clear();
                        return localAuthentication(httpServerExchange, securityContext);
                    }
                    if (!sessionIsValid(session)) {
                        serviceProviderSAMLWorkflow.sendToLogoutPage(servletRequest, servletResponse, session, currentServletContext, this.spConfiguration.getLogOutPage());
                        AuthenticationMechanism.AuthenticationMechanismOutcome authenticationMechanismOutcome = AuthenticationMechanism.AuthenticationMechanismOutcome.NOT_AUTHENTICATED;
                        ServiceProviderSAMLContext.clear();
                        return authenticationMechanismOutcome;
                    }
                    List<String> roles = process.getRoles();
                    if (userPrincipal == null) {
                        userPrincipal = (Principal) session.getAttribute("picketlink.principal");
                    }
                    String name = userPrincipal.getName();
                    if (logger.isTraceEnabled()) {
                        logger.trace("Roles determined for username=" + name + "=" + Arrays.toString(roles.toArray()));
                    }
                    ServiceProviderSAMLContext.push(name, roles);
                    Account verify = securityContext.getIdentityManager().verify(createAccountInstance(userPrincipal, roles, "EMPTY_STR", parameter, process));
                    if (verify == null) {
                        throw new ProcessingException("PL00102: Processing Exception: Account verification failed.");
                    }
                    register(securityContext, verify);
                    PicketLinkAuditEvent picketLinkAuditEvent = new PicketLinkAuditEvent("Info");
                    picketLinkAuditEvent.setType(PicketLinkAuditEventType.RESPONSE_FROM_IDP);
                    picketLinkAuditEvent.setSubjectName(name);
                    picketLinkAuditEvent.setWhoIsAuditing(currentServletContext.getContextPath());
                    audit(picketLinkAuditEvent);
                    if (this.saveRestoreRequest) {
                        session.setAttribute(FORM_ACCOUNT_NOTE, verify);
                        if (session.getAttribute(INITIAL_LOCATION_STORED) != null) {
                            handleRedirectBack(httpServerExchange);
                            httpServerExchange.endExchange();
                        }
                    }
                    AuthenticationMechanism.AuthenticationMechanismOutcome authenticationMechanismOutcome2 = AuthenticationMechanism.AuthenticationMechanismOutcome.AUTHENTICATED;
                    ServiceProviderSAMLContext.clear();
                    return authenticationMechanismOutcome2;
                } catch (ProcessingException e) {
                    AssertionExpiredException cause = e.getCause();
                    if (cause == null || !(cause instanceof AssertionExpiredException)) {
                        logger.samlSPHandleRequestError(e);
                        throw logger.samlSPProcessingExceptionError(e);
                    }
                    logger.error("Assertion has expired. Asking IDP for reissue");
                    PicketLinkAuditEvent picketLinkAuditEvent2 = new PicketLinkAuditEvent("Info");
                    picketLinkAuditEvent2.setType(PicketLinkAuditEventType.EXPIRED_ASSERTION);
                    picketLinkAuditEvent2.setAssertionID(cause.getId());
                    audit(picketLinkAuditEvent2);
                    generalUserRequest(httpServerExchange, securityContext);
                    AuthenticationMechanism.AuthenticationMechanismOutcome authenticationMechanismOutcome3 = AuthenticationMechanism.AuthenticationMechanismOutcome.NOT_AUTHENTICATED;
                    ServiceProviderSAMLContext.clear();
                    return authenticationMechanismOutcome3;
                }
            } catch (Exception e2) {
                logger.samlSPHandleRequestError(e2);
                throw logger.samlSPProcessingExceptionError(e2);
            }
        } catch (Throwable th) {
            ServiceProviderSAMLContext.clear();
            throw th;
        }
    }

    protected boolean isHttpPostBinding() {
        return this.spConfiguration.getBindingType().equalsIgnoreCase("POST");
    }

    protected boolean sessionIsValid(HttpSession httpSession) {
        try {
            httpSession.getCreationTime();
            return true;
        } catch (IllegalStateException e) {
            return false;
        }
    }

    protected String savedRequestURL(HttpSession httpSession) {
        StringBuilder sb = new StringBuilder();
        HttpServletRequest httpServletRequest = (HttpServletRequest) httpSession.getAttribute(FORM_REQUEST_NOTE);
        if (httpServletRequest != null) {
            sb.append(httpServletRequest.getRequestURI());
            if (httpServletRequest.getQueryString() != null) {
                sb.append("?").append(httpServletRequest.getQueryString());
            }
        }
        return sb.toString();
    }

    protected void startPicketLink() {
        SystemPropertiesUtil.ensure();
        String initParameter = this.servletContext.getInitParameter("org.picketlink.federation.saml.REFRESH_CONFIG_TIMER_INTERVAL");
        if (initParameter != null) {
            this.timerInterval = Integer.valueOf(initParameter).intValue();
        }
        if (this.timerInterval > 0) {
            if (this.timer == null) {
                this.timer = new Timer();
            }
            this.timer.scheduleAtFixedRate(new TimerTask() { // from class: org.picketlink.identity.federation.bindings.wildfly.sp.SPFormAuthenticationMechanism.2
                @Override // java.util.TimerTask, java.lang.Runnable
                public void run() {
                    SPFormAuthenticationMechanism.this.reloadConfiguration();
                    SPFormAuthenticationMechanism.this.processConfiguration();
                    SPFormAuthenticationMechanism.this.initKeyProvider(SPFormAuthenticationMechanism.this.servletContext);
                }
            }, this.timerInterval, this.timerInterval);
        }
        if (StringUtil.isNullOrEmpty(this.samlHandlerChainClass)) {
            this.chain = SAML2HandlerChainFactory.createChain();
        } else {
            try {
                this.chain = SAML2HandlerChainFactory.createChain(this.samlHandlerChainClass);
            } catch (ProcessingException e) {
                throw new RuntimeException((Throwable) e);
            }
        }
        processConfiguration();
        try {
            Handlers handlers = this.configuration != null ? this.configuration.getHandlers() : ConfigurationUtil.getHandlers(this.servletContext.getResourceAsStream("/WEB-INF/picketlink-handlers.xml"));
            this.chain.addAll(HandlerUtil.getHandlers(handlers));
            initKeyProvider(this.servletContext);
            populateChainConfig();
            initializeHandlerChain();
            if (this.configuration == null) {
                this.configuration = new PicketLinkType();
                this.configuration.setIdpOrSP(this.spConfiguration);
                this.configuration.setHandlers(handlers);
            }
        } catch (Exception e2) {
            throw new RuntimeException(e2);
        }
    }

    protected void initKeyProvider(ServletContext servletContext) {
        if (doSupportSignature()) {
            KeyProviderType keyProvider = this.spConfiguration.getKeyProvider();
            if (keyProvider == null && doSupportSignature()) {
                throw new RuntimeException("PL00092: Null Value:KeyProvider is null for context=" + servletContext.getContextPath());
            }
            try {
                String className = keyProvider.getClassName();
                if (className == null) {
                    throw new RuntimeException("PL00092: Null Value:KeyManager class name");
                }
                Class<?> loadClass = SecurityActions.loadClass(getClass(), className);
                if (loadClass == null) {
                    throw new ClassNotFoundException("PL00085: Class Not Loaded:" + className);
                }
                this.keyManager = (TrustKeyManager) loadClass.newInstance();
                List keyProviderProperties = CoreConfigUtil.getKeyProviderProperties(keyProvider);
                this.keyManager.setAuthProperties(keyProviderProperties);
                this.keyManager.setValidatingAlias(keyProvider.getValidatingAlias());
                String identityURL = this.spConfiguration.getIdentityURL();
                if (keyProviderProperties != null) {
                    Iterator it = keyProviderProperties.iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        AuthPropertyType authPropertyType = (AuthPropertyType) it.next();
                        if ("X509CERTIFICATE".equals(authPropertyType.getKey())) {
                            this.keyManager.addAdditionalOption("X509CERTIFICATE", authPropertyType.getValue());
                            break;
                        }
                    }
                }
                this.keyManager.addAdditionalOption("idp.key", new URL(identityURL).getHost());
                logger.trace("Key Provider=" + keyProvider.getClassName());
            } catch (Exception e) {
                logger.trustKeyManagerCreationError(e);
                throw new RuntimeException(e.getLocalizedMessage());
            }
        }
    }

    protected boolean doSupportSignature() {
        if (this.spConfiguration != null) {
            return this.spConfiguration.isSupportsSignature();
        }
        return false;
    }

    protected void processConfiguration() {
        this.enableAudit = this.configuration.isEnableAudit();
        if (!this.enableAudit) {
            String systemProperty = SecurityActions.getSystemProperty("picketlink.audit.enable", "NULL");
            if (!"NULL".equals(systemProperty)) {
                this.enableAudit = Boolean.parseBoolean(systemProperty);
            }
        }
        if (this.enableAudit && this.auditHelper == null) {
            try {
                this.auditHelper = ConfigurationUtil.getAuditHelper(this.servletContext);
            } catch (Exception e) {
                throw new RuntimeException("Could not create audit helper.", e);
            }
        }
        processIdPMetadata(this.spConfiguration);
        this.identityURL = this.spConfiguration.getIdentityURL();
        this.serviceURL = this.spConfiguration.getServiceURL();
        this.canonicalizationMethod = this.spConfiguration.getCanonicalizationMethod();
        logger.samlSPSettingCanonicalizationMethod(this.canonicalizationMethod);
        XMLSignatureUtil.setCanonicalizationMethodType(this.canonicalizationMethod);
        logger.trace("Identity Provider URL=" + this.identityURL);
    }

    protected void reloadConfiguration() {
        try {
            if (this.configProvider != null) {
                this.configuration = this.configProvider.getPicketLinkConfiguration();
            } else {
                this.configuration = ConfigurationUtil.getConfiguration(this.servletContext);
            }
            this.spConfiguration = this.configuration.getIdpOrSP();
        } catch (Exception e) {
            throw new RuntimeException("Error while reloading configuration.", e);
        }
    }

    protected void processIdPMetadata(SPType sPType) {
        IDPSSODescriptorType idpMetadataFromFile = StringUtil.isNotNull(sPType.getIdpMetadataFile()) ? getIdpMetadataFromFile(sPType) : getIdpMetadataFromProvider(sPType);
        if (idpMetadataFromFile != null) {
            Iterator it = idpMetadataFromFile.getSingleSignOnService().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                EndpointType endpointType = (EndpointType) it.next();
                String uri = endpointType.getBinding().toString();
                if (uri.contains("HTTP-POST")) {
                    uri = "POST";
                } else if (uri.contains("HTTP-Redirect")) {
                    uri = "REDIRECT";
                }
                if (sPType.getBindingType().equals(uri)) {
                    sPType.setIdentityURL(endpointType.getLocation().toString());
                    break;
                }
            }
            List keyDescriptor = idpMetadataFromFile.getKeyDescriptor();
            if (keyDescriptor.size() > 0) {
                this.idpCertificate = MetaDataExtractor.getCertificate((KeyDescriptorType) keyDescriptor.get(0));
            }
            this.idpMetadata = idpMetadataFromFile;
        }
    }

    protected IDPSSODescriptorType getIdpMetadataFromProvider(SPType sPType) {
        List metadataConfiguration = CoreConfigUtil.getMetadataConfiguration(sPType, this.servletContext);
        if (metadataConfiguration == null) {
            return null;
        }
        Iterator it = metadataConfiguration.iterator();
        while (it.hasNext()) {
            IDPSSODescriptorType handleMetadata = handleMetadata((EntityDescriptorType) it.next());
            if (handleMetadata != null) {
                return handleMetadata;
            }
        }
        return null;
    }

    protected IDPSSODescriptorType getIdpMetadataFromFile(SPType sPType) {
        InputStream resourceAsStream = this.servletContext.getResourceAsStream(sPType.getIdpMetadataFile());
        if (resourceAsStream == null) {
            return null;
        }
        try {
            Object parse = new SAMLParser().parse(DocumentUtil.getNodeAsStream(DocumentUtil.getDocument(resourceAsStream)));
            IDPSSODescriptorType handleMetadata = parse instanceof EntitiesDescriptorType ? handleMetadata((EntitiesDescriptorType) parse) : handleMetadata((EntityDescriptorType) parse);
            if (handleMetadata != null) {
                return handleMetadata;
            }
            logger.samlSPUnableToGetIDPDescriptorFromMetadata();
            return handleMetadata;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    protected IDPSSODescriptorType handleMetadata(EntitiesDescriptorType entitiesDescriptorType) {
        IDPSSODescriptorType iDPSSODescriptorType = null;
        for (Object obj : entitiesDescriptorType.getEntityDescriptor()) {
            iDPSSODescriptorType = obj instanceof EntitiesDescriptorType ? getIDPSSODescriptor(entitiesDescriptorType) : handleMetadata((EntityDescriptorType) obj);
            if (iDPSSODescriptorType != null) {
                break;
            }
        }
        return iDPSSODescriptorType;
    }

    protected IDPSSODescriptorType getIDPSSODescriptor(EntitiesDescriptorType entitiesDescriptorType) {
        Iterator it = entitiesDescriptorType.getEntityDescriptor().iterator();
        if (!it.hasNext()) {
            return null;
        }
        Object next = it.next();
        return next instanceof EntitiesDescriptorType ? getIDPSSODescriptor((EntitiesDescriptorType) next) : CoreConfigUtil.getIDPDescriptor((EntityDescriptorType) next);
    }

    protected IDPSSODescriptorType handleMetadata(EntityDescriptorType entityDescriptorType) {
        return CoreConfigUtil.getIDPDescriptor(entityDescriptorType);
    }

    protected void initializeHandlerChain() throws ConfigurationException, ProcessingException {
        populateChainConfig();
        DefaultSAML2HandlerChainConfig defaultSAML2HandlerChainConfig = new DefaultSAML2HandlerChainConfig(this.chainConfigOptions);
        Iterator it = this.chain.handlers().iterator();
        while (it.hasNext()) {
            ((SAML2Handler) it.next()).initChainConfig(defaultSAML2HandlerChainConfig);
        }
    }

    protected void populateChainConfig() throws ConfigurationException, ProcessingException {
        this.chainConfigOptions.put("CONFIGURATION", this.spConfiguration);
        this.chainConfigOptions.put("ROLE_VALIDATOR_IGNORE", "false");
        if (doSupportSignature()) {
            this.chainConfigOptions.put("KEYPAIR", this.keyManager.getSigningKeyPair());
            String str = (String) this.keyManager.getAdditionalOption("X509CERTIFICATE");
            if (str != null) {
                this.chainConfigOptions.put("X509CERTIFICATE", this.keyManager.getCertificate(str));
            }
        }
    }

    protected boolean isGlobalLogout(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("GLO");
        return StringUtil.isNotNull(parameter) && "true".equalsIgnoreCase(parameter);
    }

    protected String getSAMLVersion(HttpServletRequest httpServletRequest) {
        try {
            Element documentElement = toSAMLResponseDocument(httpServletRequest.getParameter("SAMLResponse"), "POST".equalsIgnoreCase(httpServletRequest.getMethod())).getDocumentElement();
            String attribute = documentElement.getAttribute("Version");
            if (StringUtil.isNullOrEmpty(attribute)) {
                attribute = documentElement.getAttribute("MinorVersion") + "." + documentElement.getAttribute("MajorVersion");
            }
            return attribute;
        } catch (Exception e) {
            throw new RuntimeException("Could not extract version from SAML Response.", e);
        }
    }

    protected Document toSAMLResponseDocument(String str, boolean z) throws ParsingException {
        try {
            return DocumentUtil.getDocument(z ? PostBindingUtil.base64DecodeAsStream(str) : RedirectBindingUtil.base64DeflateDecode(str));
        } catch (Exception e) {
            logger.samlResponseFromIDPParsingFailed();
            throw new ParsingException("", e);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v53, types: [java.util.List] */
    /* JADX WARN: Type inference failed for: r7v0, types: [org.picketlink.identity.federation.bindings.wildfly.sp.SPFormAuthenticationMechanism] */
    public AuthenticationMechanism.AuthenticationMechanismOutcome handleSAML11UnsolicitedResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SecurityContext securityContext) {
        String parameter = httpServletRequest.getParameter("SAMLResponse");
        SerializablePrincipal userPrincipal = httpServletRequest.getUserPrincipal();
        if (StringUtil.isNotNull(parameter)) {
            try {
                SAML11ResponseType sAML11ResponseType = (SAML11ResponseType) new SAMLParser().parse("GET".equalsIgnoreCase(httpServletRequest.getMethod()) ? RedirectBindingUtil.base64DeflateDecode(parameter) : PostBindingUtil.base64DecodeAsStream(parameter));
                List list = sAML11ResponseType.get();
                if (list.size() > 1) {
                    logger.trace("More than one assertion from IDP. Considering the first one.");
                }
                ArrayList arrayList = new ArrayList();
                SAML11AssertionType sAML11AssertionType = (SAML11AssertionType) list.get(0);
                if (sAML11AssertionType != null) {
                    for (SAML11AuthenticationStatementType sAML11AuthenticationStatementType : sAML11AssertionType.getStatements()) {
                        if (sAML11AuthenticationStatementType instanceof SAML11AuthenticationStatementType) {
                            userPrincipal = new SerializablePrincipal(sAML11AuthenticationStatementType.getSubject().getChoice().getNameID().getValue());
                        }
                    }
                    arrayList = AssertionUtil.getRoles(sAML11AssertionType, (List) null);
                }
                String name = userPrincipal.getName();
                if (logger.isTraceEnabled()) {
                    logger.trace("Roles determined for username=" + name + "=" + Arrays.toString(arrayList.toArray()));
                }
                ServiceProviderSAMLContext.push(name, arrayList);
                register(securityContext, securityContext.getIdentityManager().verify(createAccountInstance(userPrincipal, arrayList, "EMPTY_STR", parameter, sAML11ResponseType)));
                PicketLinkAuditEvent picketLinkAuditEvent = new PicketLinkAuditEvent("Info");
                picketLinkAuditEvent.setType(PicketLinkAuditEventType.RESPONSE_FROM_IDP);
                picketLinkAuditEvent.setSubjectName(name);
                picketLinkAuditEvent.setWhoIsAuditing(this.servletContext.getContextPath());
                audit(picketLinkAuditEvent);
                return AuthenticationMechanism.AuthenticationMechanismOutcome.AUTHENTICATED;
            } catch (Exception e) {
                logger.samlSPHandleRequestError(e);
            }
        }
        return AuthenticationMechanism.AuthenticationMechanismOutcome.NOT_AUTHENTICATED;
    }

    public void audit(PicketLinkAuditEvent picketLinkAuditEvent) {
        if (this.enableAudit) {
            this.auditHelper.audit(picketLinkAuditEvent);
        }
    }

    protected boolean isAjaxRequest(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("X-Requested-With");
        return header != null && "XMLHttpRequest".equalsIgnoreCase(header);
    }

    public String getIdentityURL() {
        return this.spConfiguration.getIdentityURL();
    }

    protected Account createAccountInstance(Principal principal, List<String> list, String str, String str2, Object obj) {
        return new AccountImpl(principal, new HashSet(list), str);
    }
}
