package org.picketlink.identity.federation.web.handlers.saml2;

import java.net.URI;
import java.security.Principal;
import java.security.PrivateKey;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpSession;
import javax.xml.namespace.QName;
import org.picketlink.common.constants.JBossSAMLConstants;
import org.picketlink.common.constants.JBossSAMLURIConstants;
import org.picketlink.common.constants.SAMLAuthenticationContextClass;
import org.picketlink.common.exceptions.ConfigurationException;
import org.picketlink.common.exceptions.ProcessingException;
import org.picketlink.common.exceptions.fed.AssertionExpiredException;
import org.picketlink.common.util.DocumentUtil;
import org.picketlink.common.util.StaxParserUtil;
import org.picketlink.common.util.StringUtil;
import org.picketlink.config.federation.SPType;
import org.picketlink.identity.federation.api.saml.v2.request.SAML2Request;
import org.picketlink.identity.federation.api.saml.v2.response.SAML2Response;
import org.picketlink.identity.federation.core.SerializablePrincipal;
import org.picketlink.identity.federation.core.audit.PicketLinkAuditEvent;
import org.picketlink.identity.federation.core.audit.PicketLinkAuditEventType;
import org.picketlink.identity.federation.core.audit.PicketLinkAuditHelper;
import org.picketlink.identity.federation.core.parsers.saml.SAMLParser;
import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
import org.picketlink.identity.federation.core.saml.v2.holders.IDPInfoHolder;
import org.picketlink.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
import org.picketlink.identity.federation.core.saml.v2.holders.SPInfoHolder;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2Handler;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
import org.picketlink.identity.federation.core.saml.v2.util.AssertionUtil;
import org.picketlink.identity.federation.core.saml.v2.util.StatementUtil;
import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
import org.picketlink.identity.federation.core.util.JAXPValidationUtil;
import org.picketlink.identity.federation.core.util.XMLEncryptionUtil;
import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType;
import org.picketlink.identity.federation.saml.v2.assertion.AttributeType;
import org.picketlink.identity.federation.saml.v2.assertion.AuthnStatementType;
import org.picketlink.identity.federation.saml.v2.assertion.EncryptedAssertionType;
import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;
import org.picketlink.identity.federation.saml.v2.assertion.StatementAbstractType;
import org.picketlink.identity.federation.saml.v2.assertion.SubjectType;
import org.picketlink.identity.federation.saml.v2.metadata.EndpointType;
import org.picketlink.identity.federation.saml.v2.metadata.SPSSODescriptorType;
import org.picketlink.identity.federation.saml.v2.protocol.AuthnContextComparisonType;
import org.picketlink.identity.federation.saml.v2.protocol.AuthnRequestType;
import org.picketlink.identity.federation.saml.v2.protocol.RequestedAuthnContextType;
import org.picketlink.identity.federation.saml.v2.protocol.ResponseType;
import org.picketlink.identity.federation.saml.v2.protocol.StatusType;
import org.picketlink.identity.federation.web.core.HTTPContext;
import org.picketlink.identity.federation.web.core.IdentityServer;
import org.picketlink.identity.federation.web.interfaces.IRoleValidator;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

/* loaded from: input_file:org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.class */
public class SAML2AuthenticationHandler extends BaseSAML2Handler {
    public static final String SINGLE_ATTRIBUTE_STATEMENT = "SINGLE_ATTRIBUTE_STATEMENT";
    private final IDPAuthenticationHandler idp = new IDPAuthenticationHandler();
    private final SPAuthenticationHandler sp = new SPAuthenticationHandler();

    /* loaded from: input_file:org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler$IDPAuthenticationHandler.class */
    private class IDPAuthenticationHandler {
        private IDPAuthenticationHandler() {
        }

        public void generateSAMLRequest(SAML2HandlerRequest sAML2HandlerRequest, SAML2HandlerResponse sAML2HandlerResponse) throws ProcessingException {
        }

        public void handleStatusResponseType(SAML2HandlerRequest sAML2HandlerRequest, SAML2HandlerResponse sAML2HandlerResponse) throws ProcessingException {
        }

        public void handleRequestType(SAML2HandlerRequest sAML2HandlerRequest, SAML2HandlerResponse sAML2HandlerResponse) throws ProcessingException {
            HTTPContext hTTPContext = (HTTPContext) sAML2HandlerRequest.getContext();
            ServletContext servletContext = hTTPContext.getServletContext();
            AuthnRequestType authnRequestType = (AuthnRequestType) sAML2HandlerRequest.getSAML2Object();
            if (authnRequestType == null) {
                throw BaseSAML2Handler.logger.samlHandlerAuthnRequestIsNull();
            }
            SAML2AuthenticationHandler.this.checkDestination(authnRequestType.getDestination(), SAML2AuthenticationHandler.this.getProviderconfig().getIdentityURL());
            String aSCIIString = authnRequestType.getSenderURL().toASCIIString();
            BaseSAML2Handler.logger.trace("Destination = " + aSCIIString);
            sAML2HandlerResponse.setDestination(aSCIIString);
            HttpSession httpSession = BaseSAML2Handler.getHttpSession(sAML2HandlerRequest);
            if (((Principal) httpSession.getAttribute("picketlink.principal")) == null) {
                hTTPContext.getRequest().getUserPrincipal();
            }
            try {
                Document response = getResponse(sAML2HandlerRequest);
                boolean equalsIgnoreCase = hTTPContext.getRequest().getMethod().equalsIgnoreCase("POST");
                IdentityServer identityServer = (IdentityServer) servletContext.getAttribute("IDENTITY_SERVER");
                String participantURL = getParticipantURL(aSCIIString, sAML2HandlerRequest);
                BaseSAML2Handler.logger.trace("Participant " + aSCIIString + " will be registered to IdentityServer with logout URL " + participantURL);
                if (participantURL != null) {
                    identityServer.stack().register(httpSession.getId(), participantURL, equalsIgnoreCase);
                }
                boolean z = equalsIgnoreCase || (sAML2HandlerRequest.getOptions().get("SAML_IDP_STRICT_POST_BINDING") != null && ((Boolean) sAML2HandlerRequest.getOptions().get("SAML_IDP_STRICT_POST_BINDING")).booleanValue());
                sAML2HandlerResponse.setResultingDocument(response);
                sAML2HandlerResponse.setRelayState(sAML2HandlerRequest.getRelayState());
                sAML2HandlerResponse.setPostBindingForResponse(z);
            } catch (Exception e) {
                BaseSAML2Handler.logger.samlHandlerAuthenticationError(e);
                throw BaseSAML2Handler.logger.processingError(e);
            }
        }

        public Document getResponse(SAML2HandlerRequest sAML2HandlerRequest) throws ConfigurationException, ProcessingException {
            AssertionType assertionType;
            HTTPContext hTTPContext = (HTTPContext) sAML2HandlerRequest.getContext();
            AuthnRequestType authnRequestType = (AuthnRequestType) sAML2HandlerRequest.getSAML2Object();
            HttpSession httpSession = BaseSAML2Handler.getHttpSession(sAML2HandlerRequest);
            Principal principal = (Principal) httpSession.getAttribute("picketlink.principal");
            if (principal == null) {
                principal = hTTPContext.getRequest().getUserPrincipal();
            }
            String aSCIIString = authnRequestType.getSenderURL().toASCIIString();
            String value = sAML2HandlerRequest.getIssuer().getValue();
            String id = authnRequestType.getID();
            String str = (String) sAML2HandlerRequest.getOptions().get("LOGIN_TYPE");
            BaseSAML2Handler.logger.trace("AssertionConsumerURL=" + aSCIIString);
            SAML2Response sAML2Response = new SAML2Response();
            String create = IDGenerator.create("ID_");
            IssuerInfoHolder issuerInfoHolder = new IssuerInfoHolder(value);
            issuerInfoHolder.setStatusCode(JBossSAMLURIConstants.STATUS_SUCCESS.get());
            IDPInfoHolder iDPInfoHolder = new IDPInfoHolder();
            iDPInfoHolder.setNameIDFormatValue(principal.getName());
            iDPInfoHolder.setNameIDFormat(JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get());
            if (((String) httpSession.getAttribute("ASSERTION_ID")) != null && (assertionType = (AssertionType) httpSession.getAttribute("ASSERTION")) != null) {
                iDPInfoHolder.setAssertion(assertionType);
            }
            SPInfoHolder sPInfoHolder = new SPInfoHolder();
            sPInfoHolder.setResponseDestinationURI(aSCIIString);
            sPInfoHolder.setRequestID(id);
            sPInfoHolder.setIssuer(authnRequestType.getIssuer().getValue());
            ResponseType createResponseType = sAML2Response.createResponseType(create, sPInfoHolder, iDPInfoHolder, issuerInfoHolder);
            AssertionType assertion = createResponseType.getAssertions().get(0).getAssertion();
            if (SAML2AuthenticationHandler.this.handlerConfig.getParameter(SAML2Handler.DISABLE_AUTHN_STATEMENT) == null) {
                String str2 = JBossSAMLURIConstants.AC_PASSWORD.get();
                if (StringUtil.isNotNull(str)) {
                    str2 = str;
                }
                AuthnStatementType createAuthnStatement = StatementUtil.createAuthnStatement(XMLTimeUtil.getIssueInstant(), str2);
                createAuthnStatement.setSessionIndex(assertion.getID());
                assertion.addStatement(createAuthnStatement);
            }
            List<AttributeStatementType> attributeStatements = SAML2AuthenticationHandler.this.getAttributeStatements(sAML2HandlerRequest);
            if (attributeStatements != null) {
                if (isSingleAttributeStatement()) {
                    AttributeStatementType attributeStatementType = new AttributeStatementType();
                    Iterator<AttributeStatementType> it = attributeStatements.iterator();
                    while (it.hasNext()) {
                        attributeStatementType.addAttributes(it.next().getAttributes());
                    }
                    assertion.addStatement(attributeStatementType);
                } else {
                    Iterator<AttributeStatementType> it2 = attributeStatements.iterator();
                    while (it2.hasNext()) {
                        assertion.addStatement(it2.next());
                    }
                }
            }
            httpSession.setAttribute("ASSERTION", assertion);
            Map<String, Object> options = sAML2HandlerRequest.getOptions();
            PicketLinkAuditHelper picketLinkAuditHelper = (PicketLinkAuditHelper) options.get("AUDIT_HELPER");
            if (picketLinkAuditHelper != null) {
                PicketLinkAuditEvent picketLinkAuditEvent = new PicketLinkAuditEvent("Info");
                picketLinkAuditEvent.setWhoIsAuditing((String) options.get("CONTEXT_PATH"));
                picketLinkAuditEvent.setType(PicketLinkAuditEventType.CREATED_ASSERTION);
                picketLinkAuditEvent.setAssertionID(create);
                picketLinkAuditHelper.audit(picketLinkAuditEvent);
            }
            try {
                Document convert = sAML2Response.convert(createResponseType);
                if (BaseSAML2Handler.logger.isTraceEnabled()) {
                    BaseSAML2Handler.logger.trace("SAML Response Document: " + DocumentUtil.asString(convert));
                }
                return convert;
            } catch (Exception e) {
                throw BaseSAML2Handler.logger.samlAssertionMarshallError(e);
            }
        }

        private String getParticipantURL(String str, SAML2HandlerRequest sAML2HandlerRequest) {
            SPSSODescriptorType sPSSODescriptorType = (SPSSODescriptorType) sAML2HandlerRequest.getOptions().get("SP_SSO_METADATA_DESCRIPTOR");
            if (sPSSODescriptorType == null) {
                return str;
            }
            List<EndpointType> singleLogoutService = sPSSODescriptorType.getSingleLogoutService();
            if (singleLogoutService == null || singleLogoutService.size() == 0) {
                return null;
            }
            return singleLogoutService.get(0).getLocation().toASCIIString();
        }

        private boolean isSingleAttributeStatement() {
            if (SAML2AuthenticationHandler.this.handlerConfig.getParameter(SAML2AuthenticationHandler.SINGLE_ATTRIBUTE_STATEMENT) != null) {
                return Boolean.valueOf(SAML2AuthenticationHandler.this.handlerConfig.getParameter(SAML2AuthenticationHandler.SINGLE_ATTRIBUTE_STATEMENT).toString()).booleanValue();
            }
            return false;
        }
    }

    /* loaded from: input_file:org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler$SPAuthenticationHandler.class */
    private class SPAuthenticationHandler {
        private SPAuthenticationHandler() {
        }

        public void generateSAMLRequest(SAML2HandlerRequest sAML2HandlerRequest, SAML2HandlerResponse sAML2HandlerResponse) throws ProcessingException {
            String value = sAML2HandlerRequest.getIssuer().getValue();
            SAML2Request sAML2Request = new SAML2Request();
            String create = IDGenerator.create("ID_");
            String str = (String) SAML2AuthenticationHandler.this.handlerConfig.getParameter(SAML2Handler.ASSERTION_CONSUMER_URL);
            if (StringUtil.isNullOrEmpty(str)) {
                str = value;
            }
            String str2 = (String) SAML2AuthenticationHandler.this.handlerConfig.getParameter("NAMEID_FORMAT");
            if (StringUtil.isNotNull(str2)) {
                sAML2Request.setNameIDFormat(str2);
            }
            try {
                AuthnRequestType createAuthnRequestType = sAML2Request.createAuthnRequestType(create, str, sAML2HandlerResponse.getDestination(), value);
                SAML2AuthenticationHandler.this.createRequestedAuthnContext(createAuthnRequestType);
                String bindingType = getSPConfiguration().getBindingType();
                boolean isIdpUsesPostBinding = getSPConfiguration().isIdpUsesPostBinding();
                if (bindingType != null) {
                    if (bindingType.equals("POST") || isIdpUsesPostBinding) {
                        createAuthnRequestType.setProtocolBinding(URI.create(JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get()));
                    } else {
                        if (!bindingType.equals("REDIRECT")) {
                            throw BaseSAML2Handler.logger.samlInvalidProtocolBinding();
                        }
                        createAuthnRequestType.setProtocolBinding(URI.create(JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.get()));
                    }
                }
                sAML2HandlerResponse.setResultingDocument(sAML2Request.convert(createAuthnRequestType));
                sAML2HandlerResponse.setSendRequest(true);
                Map<String, Object> options = sAML2HandlerRequest.getOptions();
                PicketLinkAuditHelper picketLinkAuditHelper = (PicketLinkAuditHelper) options.get("AUDIT_HELPER");
                if (picketLinkAuditHelper != null) {
                    PicketLinkAuditEvent picketLinkAuditEvent = new PicketLinkAuditEvent("Info");
                    picketLinkAuditEvent.setWhoIsAuditing((String) options.get("CONTEXT_PATH"));
                    picketLinkAuditEvent.setType(PicketLinkAuditEventType.CREATED_ASSERTION);
                    picketLinkAuditEvent.setAssertionID(create);
                    picketLinkAuditHelper.audit(picketLinkAuditEvent);
                }
                sAML2HandlerRequest.addOption("AUTH_REQUEST_ID", create);
            } catch (Exception e) {
                throw BaseSAML2Handler.logger.processingError(e);
            }
        }

        public void handleStatusResponseType(SAML2HandlerRequest sAML2HandlerRequest, SAML2HandlerResponse sAML2HandlerResponse) throws ProcessingException {
            HTTPContext hTTPContext = (HTTPContext) sAML2HandlerRequest.getContext();
            ResponseType responseType = (ResponseType) sAML2HandlerRequest.getSAML2Object();
            SAML2AuthenticationHandler.this.checkDestination(responseType.getDestination(), getSPConfiguration().getServiceURL());
            List<ResponseType.RTChoiceType> assertions = responseType.getAssertions();
            if (assertions.size() == 0) {
                throw BaseSAML2Handler.logger.samlHandlerNoAssertionFromIDP();
            }
            PrivateKey privateKey = (PrivateKey) sAML2HandlerRequest.getOptions().get("DECRYPTING_KEY");
            Object encryptedAssertion = assertions.get(0).getEncryptedAssertion();
            if (encryptedAssertion instanceof EncryptedAssertionType) {
                responseType = decryptAssertion(responseType, privateKey);
                encryptedAssertion = responseType.getAssertions().get(0).getAssertion();
            }
            if (encryptedAssertion == null) {
                encryptedAssertion = assertions.get(0).getAssertion();
            }
            sAML2HandlerRequest.addOption("ASSERTION", encryptedAssertion);
            Principal handleSAMLResponse = handleSAMLResponse(responseType, sAML2HandlerResponse);
            if (handleSAMLResponse == null) {
                sAML2HandlerResponse.setError(403, "User Principal not determined: Forbidden");
                return;
            }
            HttpSession session = hTTPContext.getRequest().getSession(false);
            session.setAttribute("picketlink.principal", handleSAMLResponse);
            Element childElement = DocumentUtil.getChildElement(sAML2HandlerRequest.getRequestDocument().getDocumentElement(), new QName(JBossSAMLConstants.ASSERTION.get()));
            if (childElement != null) {
                try {
                    Document createDocument = DocumentUtil.createDocument();
                    Node cloneNode = childElement.cloneNode(true);
                    createDocument.adoptNode(cloneNode);
                    createDocument.appendChild(cloneNode);
                    String str = (String) SAML2AuthenticationHandler.this.handlerConfig.getParameter("ASSERTION_SESSION_ATTRIBUTE_NAME");
                    if (str != null) {
                        session.setAttribute(str, createDocument);
                    }
                    session.setAttribute("ASSERTION_SESSION_ATTRIBUTE_NAME", createDocument);
                } catch (ConfigurationException e) {
                    throw new ProcessingException("Could not store assertion document into session.", e);
                }
            }
        }

        public void handleRequestType(SAML2HandlerRequest sAML2HandlerRequest, SAML2HandlerResponse sAML2HandlerResponse) throws ProcessingException {
        }

        private ResponseType decryptAssertion(ResponseType responseType, PrivateKey privateKey) throws ProcessingException {
            if (privateKey == null) {
                throw BaseSAML2Handler.logger.nullArgumentError("privateKey");
            }
            try {
                Element element = DocumentUtil.getElement(new SAML2Response().convert(responseType), new QName(JBossSAMLConstants.ENCRYPTED_ASSERTION.get()));
                if (element == null) {
                    throw BaseSAML2Handler.logger.samlHandlerNullEncryptedAssertion();
                }
                String attribute = element.getAttribute(JBossSAMLConstants.ID.get());
                Document createDocument = DocumentUtil.createDocument();
                createDocument.appendChild(createDocument.importNode(element, true));
                Element decryptElementInDocument = XMLEncryptionUtil.decryptElementInDocument(createDocument, privateKey);
                SAMLParser sAMLParser = new SAMLParser();
                JAXPValidationUtil.checkSchemaValidation(decryptElementInDocument);
                responseType.replaceAssertion(attribute, new ResponseType.RTChoiceType((AssertionType) sAMLParser.parse(StaxParserUtil.getXMLEventReader(DocumentUtil.getNodeAsStream(decryptElementInDocument)))));
                return responseType;
            } catch (Exception e) {
                throw BaseSAML2Handler.logger.processingError(e);
            }
        }

        private Principal handleSAMLResponse(ResponseType responseType, SAML2HandlerResponse sAML2HandlerResponse) throws ProcessingException {
            if (responseType == null) {
                throw BaseSAML2Handler.logger.nullArgumentError("response type");
            }
            StatusType status = responseType.getStatus();
            if (status == null) {
                throw BaseSAML2Handler.logger.nullArgumentError("Status Type from the IDP");
            }
            if (!JBossSAMLURIConstants.STATUS_SUCCESS.get().equals(status.getStatusCode().getValue().toASCIIString())) {
                throw BaseSAML2Handler.logger.samlHandlerIDPAuthenticationFailedError();
            }
            List<ResponseType.RTChoiceType> assertions = responseType.getAssertions();
            if (assertions.size() == 0) {
                throw BaseSAML2Handler.logger.samlHandlerNoAssertionFromIDP();
            }
            AssertionType assertion = assertions.get(0).getAssertion();
            try {
                String str = (String) SAML2AuthenticationHandler.this.handlerConfig.getParameter(SAML2Handler.CLOCK_SKEW_MILIS);
                if (StringUtil.isNotNull(str) ? AssertionUtil.hasExpired(assertion, Long.parseLong(str)) : AssertionUtil.hasExpired(assertion)) {
                    AssertionExpiredException assertionExpiredException = new AssertionExpiredException();
                    assertionExpiredException.setId(assertion.getID());
                    throw BaseSAML2Handler.logger.assertionExpiredError(assertionExpiredException);
                }
                if (!AssertionUtil.isAudience(assertion, getSPConfiguration())) {
                    throw BaseSAML2Handler.logger.samlAssertionWrongAudience(getSPConfiguration().getServiceURL());
                }
                SubjectType subject = assertion.getSubject();
                if (subject == null) {
                    throw BaseSAML2Handler.logger.nullValueError("Subject in the assertion");
                }
                SubjectType.STSubType subType = subject.getSubType();
                if (subType == null) {
                    throw BaseSAML2Handler.logger.nullValueError("Unable to find subtype via subject");
                }
                NameIDType nameIDType = (NameIDType) subType.getBaseID();
                if (nameIDType == null) {
                    throw BaseSAML2Handler.logger.nullValueError("Unable to find username via subject");
                }
                String value = nameIDType.getValue();
                ArrayList arrayList = new ArrayList();
                for (StatementAbstractType statementAbstractType : assertion.getStatements()) {
                    if (statementAbstractType instanceof AttributeStatementType) {
                        arrayList.addAll(getRoles((AttributeStatementType) statementAbstractType));
                    }
                }
                sAML2HandlerResponse.setRoles(arrayList);
                SerializablePrincipal serializablePrincipal = new SerializablePrincipal(value);
                if (SAML2AuthenticationHandler.this.handlerChainConfig.getParameter("ROLE_VALIDATOR_IGNORE") == null) {
                    IRoleValidator iRoleValidator = (IRoleValidator) SAML2AuthenticationHandler.this.handlerChainConfig.getParameter("ROLE_VALIDATOR");
                    if (iRoleValidator == null) {
                        throw BaseSAML2Handler.logger.nullValueError("Role Validator");
                    }
                    if (!iRoleValidator.userInRole(serializablePrincipal, arrayList)) {
                        BaseSAML2Handler.logger.trace("Invalid role: " + arrayList);
                        serializablePrincipal = null;
                    }
                }
                return serializablePrincipal;
            } catch (ConfigurationException e) {
                throw new ProcessingException(e);
            }
        }

        private List<String> getRoles(AttributeStatementType attributeStatementType) {
            ArrayList arrayList = new ArrayList();
            if (SAML2AuthenticationHandler.this.handlerConfig.containsKey(SAML2Handler.DISABLE_ROLE_PICKING)) {
                String str = (String) SAML2AuthenticationHandler.this.handlerConfig.getParameter(SAML2Handler.DISABLE_ROLE_PICKING);
                if (StringUtil.isNotNull(str) && "true".equalsIgnoreCase(str)) {
                    return arrayList;
                }
            }
            ArrayList arrayList2 = new ArrayList();
            if (SAML2AuthenticationHandler.this.handlerConfig.containsKey(SAML2Handler.ROLE_KEY)) {
                String str2 = (String) SAML2AuthenticationHandler.this.handlerConfig.getParameter(SAML2Handler.ROLE_KEY);
                if (StringUtil.isNotNull(str2)) {
                    arrayList2.addAll(StringUtil.tokenize(str2));
                }
            }
            Iterator<AttributeStatementType.ASTChoiceType> it = attributeStatementType.getAttributes().iterator();
            while (it.hasNext()) {
                AttributeType attribute = it.next().getAttribute();
                if (arrayList2.size() <= 0 || arrayList2.contains(attribute.getName())) {
                    List<Object> attributeValue = attribute.getAttributeValue();
                    if (attributeValue != null) {
                        for (Object obj : attributeValue) {
                            if (obj instanceof String) {
                                arrayList.add((String) obj);
                            } else {
                                if (!(obj instanceof Node)) {
                                    throw BaseSAML2Handler.logger.unsupportedRoleType(obj);
                                }
                                arrayList.add(((Node) obj).getFirstChild().getNodeValue());
                            }
                        }
                    } else {
                        continue;
                    }
                }
            }
            return arrayList;
        }

        private SPType getSPConfiguration() {
            SPType sPType = (SPType) SAML2AuthenticationHandler.this.handlerChainConfig.getParameter("CONFIGURATION");
            if (sPType == null) {
                throw BaseSAML2Handler.logger.samlHandlerServiceProviderConfigNotFound();
            }
            return sPType;
        }
    }

    @Override // org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2Handler
    public void handleRequestType(SAML2HandlerRequest sAML2HandlerRequest, SAML2HandlerResponse sAML2HandlerResponse) throws ProcessingException {
        if (sAML2HandlerRequest.getSAML2Object() instanceof AuthnRequestType) {
            if (getType() == SAML2Handler.HANDLER_TYPE.IDP) {
                this.idp.handleRequestType(sAML2HandlerRequest, sAML2HandlerResponse);
            } else {
                this.sp.handleRequestType(sAML2HandlerRequest, sAML2HandlerResponse);
            }
        }
    }

    @Override // org.picketlink.identity.federation.web.handlers.saml2.BaseSAML2Handler, org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2Handler
    public void handleStatusResponseType(SAML2HandlerRequest sAML2HandlerRequest, SAML2HandlerResponse sAML2HandlerResponse) throws ProcessingException {
        if (sAML2HandlerRequest.getSAML2Object() instanceof ResponseType) {
            if (getType() == SAML2Handler.HANDLER_TYPE.IDP) {
                this.idp.handleStatusResponseType(sAML2HandlerRequest, sAML2HandlerResponse);
            } else {
                this.sp.handleStatusResponseType(sAML2HandlerRequest, sAML2HandlerResponse);
            }
        }
    }

    @Override // org.picketlink.identity.federation.web.handlers.saml2.BaseSAML2Handler, org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2Handler
    public void generateSAMLRequest(SAML2HandlerRequest sAML2HandlerRequest, SAML2HandlerResponse sAML2HandlerResponse) throws ProcessingException {
        if (SAML2HandlerRequest.GENERATE_REQUEST_TYPE.AUTH != sAML2HandlerRequest.getTypeOfRequestToBeGenerated()) {
            return;
        }
        if (getType() == SAML2Handler.HANDLER_TYPE.IDP) {
            this.idp.generateSAMLRequest(sAML2HandlerRequest, sAML2HandlerResponse);
            sAML2HandlerResponse.setSendRequest(true);
        } else {
            this.sp.generateSAMLRequest(sAML2HandlerRequest, sAML2HandlerResponse);
            sAML2HandlerResponse.setSendRequest(true);
        }
    }

    protected List<AttributeStatementType> getAttributeStatements(SAML2HandlerRequest sAML2HandlerRequest) {
        ArrayList arrayList = new ArrayList();
        List list = (List) BaseSAML2Handler.getHttpSession(sAML2HandlerRequest).getAttribute("picketlink.roles");
        if (this.handlerConfig.getParameter(SAML2Handler.DISABLE_SENDING_ROLES) == null && list != null && !list.isEmpty()) {
            AttributeStatementType createAttributeStatementForRoles = this.handlerConfig.getParameter(SAML2Handler.USE_MULTI_VALUED_ROLES) != null ? StatementUtil.createAttributeStatementForRoles(list, true) : StatementUtil.createAttributeStatement((List<String>) list);
            if (createAttributeStatementForRoles != null) {
                arrayList.add(createAttributeStatementForRoles);
            }
        }
        Map map = (Map) sAML2HandlerRequest.getOptions().get("ATTRIBUTES");
        if (map != null && map.size() > 0) {
            arrayList.add(StatementUtil.createAttributeStatement((Map<String, Object>) map));
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void createRequestedAuthnContext(AuthnRequestType authnRequestType) {
        String str = (String) this.handlerConfig.getParameter("AUTHN_CONTEXT_CLASSES");
        if (StringUtil.isNotNull(str)) {
            RequestedAuthnContextType requestedAuthnContextType = new RequestedAuthnContextType();
            for (String str2 : str.split(",")) {
                SAMLAuthenticationContextClass forAlias = SAMLAuthenticationContextClass.forAlias(str2);
                if (forAlias != null) {
                    str2 = forAlias.getFqn();
                }
                requestedAuthnContextType.addAuthnContextClassRef(str2);
            }
            if (requestedAuthnContextType.getAuthnContextClassRef().isEmpty()) {
                logger.debug("RequestedAuthnContext not set for AuthnRequest. No class was provided.");
                return;
            }
            String str3 = (String) this.handlerConfig.getParameter("REQUESTED_AUTHN_CONTEXT_COMPARISON");
            if (StringUtil.isNotNull(str3)) {
                requestedAuthnContextType.setComparison(AuthnContextComparisonType.fromValue(str3));
            }
            authnRequestType.setRequestedAuthnContext(requestedAuthnContextType);
        }
    }
}
