package org.overlord.commons.auth.filters;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.Principal;
import java.security.PublicKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.Timer;
import java.util.TimerTask;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.http.HttpHeaders;
import org.jboss.security.audit.AuditLevel;
import org.overlord.commons.auth.util.SamlIDPWebRequestUtil;
import org.picketbox.util.StringUtil;
import org.picketlink.common.PicketLinkLogger;
import org.picketlink.common.PicketLinkLoggerFactory;
import org.picketlink.common.constants.GeneralConstants;
import org.picketlink.common.constants.JBossSAMLConstants;
import org.picketlink.common.constants.JBossSAMLURIConstants;
import org.picketlink.common.constants.LDAPConstants;
import org.picketlink.common.exceptions.ConfigurationException;
import org.picketlink.common.exceptions.ParsingException;
import org.picketlink.common.exceptions.ProcessingException;
import org.picketlink.common.exceptions.fed.IssuerNotTrustedException;
import org.picketlink.common.util.StaxUtil;
import org.picketlink.common.util.SystemPropertiesUtil;
import org.picketlink.config.federation.IDPType;
import org.picketlink.config.federation.KeyProviderType;
import org.picketlink.config.federation.PicketLinkType;
import org.picketlink.config.federation.handler.Handlers;
import org.picketlink.identity.federation.core.audit.PicketLinkAuditEvent;
import org.picketlink.identity.federation.core.audit.PicketLinkAuditEventType;
import org.picketlink.identity.federation.core.audit.PicketLinkAuditHelper;
import org.picketlink.identity.federation.core.constants.AttributeConstants;
import org.picketlink.identity.federation.core.impl.DelegatedAttributeManager;
import org.picketlink.identity.federation.core.interfaces.AttributeManager;
import org.picketlink.identity.federation.core.interfaces.RoleGenerator;
import org.picketlink.identity.federation.core.interfaces.TrustKeyManager;
import org.picketlink.identity.federation.core.saml.v1.SAML11ProtocolContext;
import org.picketlink.identity.federation.core.saml.v1.writers.SAML11ResponseWriter;
import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
import org.picketlink.identity.federation.core.saml.v2.common.SAMLDocumentHolder;
import org.picketlink.identity.federation.core.saml.v2.factories.SAML2HandlerChainFactory;
import org.picketlink.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
import org.picketlink.identity.federation.core.saml.v2.impl.DefaultSAML2HandlerChainConfig;
import org.picketlink.identity.federation.core.saml.v2.impl.DefaultSAML2HandlerRequest;
import org.picketlink.identity.federation.core.saml.v2.impl.DefaultSAML2HandlerResponse;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2Handler;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerChain;
import org.picketlink.identity.federation.core.saml.v2.util.AssertionUtil;
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
import org.picketlink.identity.federation.core.saml.v2.util.HandlerUtil;
import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
import org.picketlink.identity.federation.core.sts.PicketLinkCoreSTS;
import org.picketlink.identity.federation.core.util.CoreConfigUtil;
import org.picketlink.identity.federation.core.util.XMLSignatureUtil;
import org.picketlink.identity.federation.core.wstrust.PicketLinkSTSConfiguration;
import org.picketlink.identity.federation.saml.v1.assertion.SAML11AssertionType;
import org.picketlink.identity.federation.saml.v1.assertion.SAML11AttributeStatementType;
import org.picketlink.identity.federation.saml.v1.assertion.SAML11AttributeType;
import org.picketlink.identity.federation.saml.v1.assertion.SAML11NameIdentifierType;
import org.picketlink.identity.federation.saml.v1.assertion.SAML11SubjectType;
import org.picketlink.identity.federation.saml.v1.protocol.SAML11ResponseType;
import org.picketlink.identity.federation.saml.v1.protocol.SAML11StatusType;
import org.picketlink.identity.federation.saml.v2.SAML2Object;
import org.picketlink.identity.federation.saml.v2.metadata.EntityDescriptorType;
import org.picketlink.identity.federation.saml.v2.metadata.SPSSODescriptorType;
import org.picketlink.identity.federation.saml.v2.protocol.AuthnRequestType;
import org.picketlink.identity.federation.saml.v2.protocol.RequestAbstractType;
import org.picketlink.identity.federation.saml.v2.protocol.StatusResponseType;
import org.picketlink.identity.federation.web.config.AbstractSAMLConfigurationProvider;
import org.picketlink.identity.federation.web.core.HTTPContext;
import org.picketlink.identity.federation.web.core.IdentityParticipantStack;
import org.picketlink.identity.federation.web.core.IdentityServer;
import org.picketlink.identity.federation.web.util.ConfigurationUtil;
import org.picketlink.identity.federation.web.util.SAMLConfigurationProvider;
import org.w3c.dom.Document;

/* loaded from: input_file:WEB-INF/lib/overlord-commons-auth-2.0.12-20141111.165533-6.jar:org/overlord/commons/auth/filters/SamlIDPFilter.class */
public class SamlIDPFilter implements Filter {
    private static final PicketLinkLogger logger = PicketLinkLoggerFactory.getLogger();
    protected ServletContext servletContext;
    private TrustKeyManager keyManager;
    private String configFile;
    private Handlers handlers;
    protected boolean enableAudit = false;
    protected PicketLinkAuditHelper auditHelper = null;
    protected IDPType idpConfiguration = null;
    protected PicketLinkType picketLinkConfiguration = null;
    private RoleGenerator roleGenerator = null;
    private transient DelegatedAttributeManager attribManager = new DelegatedAttributeManager();
    private final List<String> attributeKeys = new ArrayList();
    private transient SAML2HandlerChain chain = null;
    protected SAMLConfigurationProvider configProvider = null;
    protected int timerInterval = -1;
    protected Timer timer = null;
    protected String authMethod = "PASSWORD";
    private final Lock chainLock = new ReentrantLock();
    private Map<String, SPSSODescriptorType> spSSOMetadataMap = new HashMap();

    public void init(FilterConfig filterConfig) throws ServletException {
        this.servletContext = filterConfig.getServletContext();
        configureConfigurationProvider();
        configureAuditHelper();
        startPicketLink();
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (isUnauthorized(httpServletResponse)) {
            handleUnauthorizedResponse(httpServletRequest, httpServletResponse);
        } else if (getUserPrincipal(httpServletRequest, httpServletResponse) != null) {
            handleSAMLMessage(httpServletRequest, httpServletResponse, filterChain);
        } else {
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }

    public void destroy() {
    }

    private void handleSAMLMessage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (hasSAML11Target(httpServletRequest)) {
            handleSAML11(httpServletRequest, httpServletResponse);
            return;
        }
        httpServletRequest.getSession();
        String parameter = httpServletRequest.getParameter(GeneralConstants.SAML_REQUEST_KEY);
        String parameter2 = httpServletRequest.getParameter(GeneralConstants.SAML_RESPONSE_KEY);
        String parameter3 = httpServletRequest.getParameter("RelayState");
        String parameter4 = httpServletRequest.getParameter("Signature");
        String parameter5 = httpServletRequest.getParameter(GeneralConstants.SAML_SIG_ALG_REQUEST_KEY);
        if (logger.isTraceEnabled()) {
            StringBuilder sb = new StringBuilder();
            sb.append("Retrieved saml messages and relay state from session");
            sb.append("saml Request message=").append(parameter);
            sb.append(StringUtil.PROPERTY_DEFAULT_SEPARATOR).append("SAMLResponseMessage=");
            sb.append(parameter2).append(":").append("relay state=").append(parameter3);
            sb.append("Signature=").append(parameter4).append("::sigAlg=").append(parameter5);
            logger.trace(sb.toString());
        }
        if (org.picketlink.common.util.StringUtil.isNotNull(parameter)) {
            processSAMLRequestMessage(httpServletRequest, httpServletResponse);
            return;
        }
        if (org.picketlink.common.util.StringUtil.isNotNull(parameter2)) {
            processSAMLResponseMessage(httpServletRequest, httpServletResponse);
        } else if (httpServletRequest.getRequestURI().equals(httpServletRequest.getContextPath() + "/")) {
            forwardHosted(httpServletRequest, httpServletResponse);
        } else {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        }
    }

    private boolean hasSAML11Target(HttpServletRequest httpServletRequest) {
        return org.picketlink.common.util.StringUtil.isNotNull(httpServletRequest.getParameter(JBossSAMLConstants.UNSOLICITED_RESPONSE_TARGET.get()));
    }

    private void forwardHosted(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        logger.trace("SAML 1.1::Proceeding to IDP index page");
        RequestDispatcher requestDispatcher = this.servletContext.getRequestDispatcher(this.idpConfiguration.getHostedURI());
        recycle(httpServletResponse);
        try {
            includeResource(httpServletRequest, httpServletResponse, requestDispatcher);
        } catch (ClassCastException e) {
            throw new IOException(e);
        }
    }

    private void includeResource(ServletRequest servletRequest, HttpServletResponse httpServletResponse, RequestDispatcher requestDispatcher) throws ServletException, IOException {
        requestDispatcher.include(servletRequest, httpServletResponse);
    }

    private void handleUnauthorizedResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        SamlIDPWebRequestUtil samlIDPWebRequestUtil = new SamlIDPWebRequestUtil(httpServletRequest, this.idpConfiguration, this.keyManager);
        String header = httpServletRequest.getHeader("Referer");
        String parameter = httpServletRequest.getParameter("RelayState");
        try {
            Document errorResponse = samlIDPWebRequestUtil.getErrorResponse(header, JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(), getIdentityURL(), this.idpConfiguration.isSupportsSignature());
            SamlIDPWebRequestUtil.WebRequestUtilHolder holder = samlIDPWebRequestUtil.getHolder();
            holder.setResponseDoc(errorResponse).setDestination(header).setRelayState(parameter).setAreWeSendingRequest(false).setPrivateKey(null).setSupportSignature(false).setServletResponse(httpServletResponse).setErrorResponse(true);
            holder.setPostBindingRequested(samlIDPWebRequestUtil.hasSAMLRequestInPostProfile());
            if (this.idpConfiguration.isSupportsSignature()) {
                holder.setSupportSignature(true).setPrivateKey(this.keyManager.getSigningKey());
            }
            holder.setStrictPostBinding(this.idpConfiguration.isStrictPostBinding());
            samlIDPWebRequestUtil.send(holder);
        } catch (GeneralSecurityException e) {
            throw new ServletException(e);
        }
    }

    private boolean isUnauthorized(HttpServletResponse httpServletResponse) {
        return httpServletResponse.getStatus() == 403;
    }

    private Principal getUserPrincipal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        Principal userPrincipal = httpServletRequest.getUserPrincipal();
        if (userPrincipal == null) {
            userPrincipal = httpServletRequest.getUserPrincipal();
        }
        return userPrincipal;
    }

    protected void handleSAML11(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        try {
            SamlIDPWebRequestUtil samlIDPWebRequestUtil = new SamlIDPWebRequestUtil(httpServletRequest, this.idpConfiguration, this.keyManager);
            Principal userPrincipal = httpServletRequest.getUserPrincipal();
            String contextPath = this.servletContext.getContextPath();
            String parameter = httpServletRequest.getParameter(JBossSAMLConstants.UNSOLICITED_RESPONSE_TARGET.get());
            HttpSession session = httpServletRequest.getSession();
            SAML11AssertionType sAML11AssertionType = (SAML11AssertionType) session.getAttribute("SAML11");
            if (sAML11AssertionType == null) {
                SAML11ProtocolContext sAML11ProtocolContext = new SAML11ProtocolContext();
                sAML11ProtocolContext.setIssuerID(getIdentityURL());
                SAML11SubjectType sAML11SubjectType = new SAML11SubjectType();
                sAML11SubjectType.setChoice(new SAML11SubjectType.SAML11SubjectTypeChoice(new SAML11NameIdentifierType(userPrincipal.getName())));
                sAML11ProtocolContext.setSubjectType(sAML11SubjectType);
                PicketLinkCoreSTS.instance().issueToken(sAML11ProtocolContext);
                sAML11AssertionType = sAML11ProtocolContext.getIssuedAssertion();
                session.setAttribute("SAML11", sAML11AssertionType);
                if (AssertionUtil.hasExpired(sAML11AssertionType)) {
                    sAML11ProtocolContext.setIssuedAssertion(sAML11AssertionType);
                    PicketLinkCoreSTS.instance().renewToken(sAML11ProtocolContext);
                    sAML11AssertionType = sAML11ProtocolContext.getIssuedAssertion();
                    session.setAttribute("SAML11", sAML11AssertionType);
                }
            }
            SAML11AttributeStatementType createAttributeStatement = createAttributeStatement(this.roleGenerator.generateRoles(userPrincipal));
            if (createAttributeStatement != null) {
                sAML11AssertionType.add(createAttributeStatement);
            }
            SAML11ResponseType sAML11ResponseType = new SAML11ResponseType(IDGenerator.create("ID_"), XMLTimeUtil.getIssueInstant());
            sAML11ResponseType.add(sAML11AssertionType);
            sAML11ResponseType.setStatus(SAML11StatusType.successType());
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            new SAML11ResponseWriter(StaxUtil.getXMLStreamWriter(byteArrayOutputStream)).write(sAML11ResponseType);
            Document document = DocumentUtil.getDocument(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()));
            SamlIDPWebRequestUtil.WebRequestUtilHolder holder = samlIDPWebRequestUtil.getHolder();
            holder.setResponseDoc(document).setDestination(parameter).setRelayState("").setAreWeSendingRequest(false).setPrivateKey(null).setSupportSignature(false).setServletResponse(httpServletResponse);
            if (this.enableAudit) {
                PicketLinkAuditEvent picketLinkAuditEvent = new PicketLinkAuditEvent(AuditLevel.INFO);
                picketLinkAuditEvent.setType(PicketLinkAuditEventType.RESPONSE_TO_SP);
                picketLinkAuditEvent.setDestination(parameter);
                picketLinkAuditEvent.setWhoIsAuditing(contextPath);
                this.auditHelper.audit(picketLinkAuditEvent);
            }
            recycle(httpServletResponse);
            samlIDPWebRequestUtil.send(holder);
        } catch (GeneralSecurityException e) {
            logger.samlIDPHandlingSAML11Error(e);
            throw new ServletException();
        }
    }

    /* JADX WARN: Finally extract failed */
    protected void processSAMLRequestMessage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        Principal userPrincipal = httpServletRequest.getUserPrincipal();
        HttpSession session = httpServletRequest.getSession();
        Object obj = null;
        String str = null;
        Boolean bool = null;
        String parameter = httpServletRequest.getParameter(GeneralConstants.SAML_REQUEST_KEY);
        String parameter2 = httpServletRequest.getParameter("RelayState");
        String contextPath = this.servletContext.getContextPath();
        boolean z = false;
        String header = httpServletRequest.getHeader("Referer");
        String determineLoginType = determineLoginType(httpServletRequest.isSecure());
        SamlIDPWebRequestUtil samlIDPWebRequestUtil = new SamlIDPWebRequestUtil(httpServletRequest, this.idpConfiguration, this.keyManager);
        try {
            try {
                SAMLDocumentHolder sAMLDocumentHolder = samlIDPWebRequestUtil.getSAMLDocumentHolder(parameter);
                SAML2Object samlObject = sAMLDocumentHolder.getSamlObject();
                if (!(samlObject instanceof RequestAbstractType)) {
                    throw logger.wrongTypeError(samlObject.getClass().getName());
                }
                RequestAbstractType requestAbstractType = (RequestAbstractType) samlObject;
                String value = requestAbstractType.getIssuer().getValue();
                if (parameter == null) {
                    throw logger.samlIDPValidationCheckFailed();
                }
                DefaultSAML2HandlerRequest defaultSAML2HandlerRequest = new DefaultSAML2HandlerRequest(new HTTPContext(httpServletRequest, httpServletResponse, this.servletContext), new IssuerInfoHolder(getIdentityURL()).getIssuer(), sAMLDocumentHolder, SAML2Handler.HANDLER_TYPE.IDP);
                defaultSAML2HandlerRequest.setRelayState(parameter2);
                if (org.picketlink.common.util.StringUtil.isNotNull(determineLoginType)) {
                    defaultSAML2HandlerRequest.addOption(GeneralConstants.LOGIN_TYPE, determineLoginType);
                }
                String str2 = (String) session.getAttribute(GeneralConstants.ASSERTION_ID);
                HashMap hashMap = new HashMap();
                hashMap.put(GeneralConstants.IGNORE_SIGNATURES, willIgnoreSignatureOfCurrentRequest(value));
                hashMap.put(GeneralConstants.SP_SSO_METADATA_DESCRIPTOR, this.spSSOMetadataMap.get(value));
                hashMap.put(GeneralConstants.ROLE_GENERATOR, this.roleGenerator);
                hashMap.put(GeneralConstants.CONFIGURATION, this.idpConfiguration);
                hashMap.put(GeneralConstants.SAML_IDP_STRICT_POST_BINDING, Boolean.valueOf(this.idpConfiguration.isStrictPostBinding()));
                hashMap.put(GeneralConstants.SUPPORTS_SIGNATURES, Boolean.valueOf(this.idpConfiguration.isSupportsSignature()));
                if (str2 != null) {
                    hashMap.put(GeneralConstants.ASSERTION_ID, str2);
                }
                if (this.keyManager != null) {
                    hashMap.put(GeneralConstants.SENDER_PUBLIC_KEY, getIssuerPublicKey(httpServletRequest, value));
                    hashMap.put(GeneralConstants.DECRYPTING_KEY, this.keyManager.getSigningKey());
                }
                if (requestAbstractType instanceof AuthnRequestType) {
                    session.setAttribute(GeneralConstants.ROLES_ID, this.roleGenerator.generateRoles(userPrincipal));
                    hashMap.put(GeneralConstants.ATTRIBUTES, this.attribManager.getAttributes(userPrincipal, this.attributeKeys));
                }
                if (this.auditHelper != null) {
                    hashMap.put(GeneralConstants.AUDIT_HELPER, this.auditHelper);
                    hashMap.put(GeneralConstants.CONTEXT_PATH, contextPath);
                }
                defaultSAML2HandlerRequest.setOptions(hashMap);
                DefaultSAML2HandlerResponse defaultSAML2HandlerResponse = new DefaultSAML2HandlerResponse();
                Set<SAML2Handler> handlers = this.chain.handlers();
                logger.trace("Handlers are=" + handlers);
                if (handlers != null) {
                    try {
                        if (getConfiguration().getHandlers().isLocking()) {
                            this.chainLock.lock();
                        }
                        Iterator<SAML2Handler> it = handlers.iterator();
                        while (it.hasNext()) {
                            it.next().handleRequestType(defaultSAML2HandlerRequest, defaultSAML2HandlerResponse);
                            z = defaultSAML2HandlerResponse.getSendRequest();
                        }
                        if (getConfiguration().getHandlers().isLocking()) {
                            this.chainLock.unlock();
                        }
                    } catch (Throwable th) {
                        if (getConfiguration().getHandlers().isLocking()) {
                            this.chainLock.unlock();
                        }
                        throw th;
                    }
                }
                Document resultingDocument = defaultSAML2HandlerResponse.getResultingDocument();
                String relayState = defaultSAML2HandlerResponse.getRelayState();
                String destination = defaultSAML2HandlerResponse.getDestination();
                Boolean valueOf = Boolean.valueOf(defaultSAML2HandlerResponse.isPostBindingForResponse());
                String destinationQueryStringWithSignature = defaultSAML2HandlerResponse.getDestinationQueryStringWithSignature();
                if (destination == null) {
                    try {
                        if (samlObject instanceof AuthnRequestType) {
                            destination = ((AuthnRequestType) samlObject).getAssertionConsumerServiceURL().toASCIIString();
                        }
                    } catch (ParsingException e) {
                        logger.samlAssertionPasingFailed(e);
                        return;
                    } catch (GeneralSecurityException e2) {
                        logger.trace("Security Exception:", e2);
                        return;
                    } catch (Exception e3) {
                        logger.error(e3);
                        return;
                    }
                }
                if (destination == null) {
                    httpServletResponse.sendRedirect(getIdentityURL());
                } else {
                    SamlIDPWebRequestUtil.WebRequestUtilHolder holder = samlIDPWebRequestUtil.getHolder();
                    holder.setResponseDoc(resultingDocument).setDestination(destination).setRelayState(relayState).setAreWeSendingRequest(z).setPrivateKey(null).setSupportSignature(false).setErrorResponse(false).setServletResponse(httpServletResponse).setDestinationQueryStringWithSignature(destinationQueryStringWithSignature);
                    holder.setStrictPostBinding(this.idpConfiguration.isStrictPostBinding());
                    if (valueOf != null) {
                        holder.setPostBindingRequested(valueOf.booleanValue());
                    } else {
                        holder.setPostBindingRequested(samlIDPWebRequestUtil.hasSAMLRequestInPostProfile());
                    }
                    if (this.idpConfiguration.isSupportsSignature()) {
                        holder.setPrivateKey(this.keyManager.getSigningKey()).setSupportSignature(true);
                    }
                    if (holder.isPostBinding()) {
                        recycle(httpServletResponse);
                    }
                    if (this.enableAudit) {
                        PicketLinkAuditEvent picketLinkAuditEvent = new PicketLinkAuditEvent(AuditLevel.INFO);
                        picketLinkAuditEvent.setType(PicketLinkAuditEventType.RESPONSE_TO_SP);
                        picketLinkAuditEvent.setDestination(destination);
                        picketLinkAuditEvent.setWhoIsAuditing(contextPath);
                        this.auditHelper.audit(picketLinkAuditEvent);
                    }
                    samlIDPWebRequestUtil.send(holder);
                }
            } catch (Exception e4) {
                String str3 = JBossSAMLURIConstants.STATUS_AUTHNFAILED.get();
                if ((e4 instanceof IssuerNotTrustedException) || (e4.getCause() instanceof IssuerNotTrustedException)) {
                    str3 = JBossSAMLURIConstants.STATUS_REQUEST_DENIED.get();
                }
                logger.samlIDPRequestProcessingError(e4);
                Document errorResponse = samlIDPWebRequestUtil.getErrorResponse(header, str3, getIdentityURL(), this.idpConfiguration.isSupportsSignature());
                if (0 == 0) {
                    try {
                        if (obj instanceof AuthnRequestType) {
                            str = ((AuthnRequestType) null).getAssertionConsumerServiceURL().toASCIIString();
                        }
                    } catch (ParsingException e5) {
                        logger.samlAssertionPasingFailed(e5);
                        return;
                    } catch (GeneralSecurityException e6) {
                        logger.trace("Security Exception:", e6);
                        return;
                    } catch (Exception e7) {
                        logger.error(e7);
                        return;
                    }
                }
                if (str == null) {
                    httpServletResponse.sendRedirect(getIdentityURL());
                } else {
                    SamlIDPWebRequestUtil.WebRequestUtilHolder holder2 = samlIDPWebRequestUtil.getHolder();
                    holder2.setResponseDoc(errorResponse).setDestination(str).setRelayState(parameter2).setAreWeSendingRequest(false).setPrivateKey(null).setSupportSignature(false).setErrorResponse(true).setServletResponse(httpServletResponse).setDestinationQueryStringWithSignature(null);
                    holder2.setStrictPostBinding(this.idpConfiguration.isStrictPostBinding());
                    if (0 != 0) {
                        holder2.setPostBindingRequested(bool.booleanValue());
                    } else {
                        holder2.setPostBindingRequested(samlIDPWebRequestUtil.hasSAMLRequestInPostProfile());
                    }
                    if (this.idpConfiguration.isSupportsSignature()) {
                        holder2.setPrivateKey(this.keyManager.getSigningKey()).setSupportSignature(true);
                    }
                    if (holder2.isPostBinding()) {
                        recycle(httpServletResponse);
                    }
                    if (this.enableAudit) {
                        PicketLinkAuditEvent picketLinkAuditEvent2 = new PicketLinkAuditEvent(AuditLevel.INFO);
                        picketLinkAuditEvent2.setType(PicketLinkAuditEventType.RESPONSE_TO_SP);
                        picketLinkAuditEvent2.setDestination(str);
                        picketLinkAuditEvent2.setWhoIsAuditing(contextPath);
                        this.auditHelper.audit(picketLinkAuditEvent2);
                    }
                    samlIDPWebRequestUtil.send(holder2);
                }
            }
        } catch (Throwable th2) {
            if (0 == 0) {
                try {
                    if (obj instanceof AuthnRequestType) {
                        str = ((AuthnRequestType) null).getAssertionConsumerServiceURL().toASCIIString();
                    }
                } catch (ParsingException e8) {
                    logger.samlAssertionPasingFailed(e8);
                    throw th2;
                } catch (GeneralSecurityException e9) {
                    logger.trace("Security Exception:", e9);
                    throw th2;
                } catch (Exception e10) {
                    logger.error(e10);
                    throw th2;
                }
            }
            if (str == null) {
                httpServletResponse.sendRedirect(getIdentityURL());
            } else {
                SamlIDPWebRequestUtil.WebRequestUtilHolder holder3 = samlIDPWebRequestUtil.getHolder();
                holder3.setResponseDoc(null).setDestination(str).setRelayState(parameter2).setAreWeSendingRequest(false).setPrivateKey(null).setSupportSignature(false).setErrorResponse(false).setServletResponse(httpServletResponse).setDestinationQueryStringWithSignature(null);
                holder3.setStrictPostBinding(this.idpConfiguration.isStrictPostBinding());
                if (0 != 0) {
                    holder3.setPostBindingRequested(bool.booleanValue());
                } else {
                    holder3.setPostBindingRequested(samlIDPWebRequestUtil.hasSAMLRequestInPostProfile());
                }
                if (this.idpConfiguration.isSupportsSignature()) {
                    holder3.setPrivateKey(this.keyManager.getSigningKey()).setSupportSignature(true);
                }
                if (holder3.isPostBinding()) {
                    recycle(httpServletResponse);
                }
                if (this.enableAudit) {
                    PicketLinkAuditEvent picketLinkAuditEvent3 = new PicketLinkAuditEvent(AuditLevel.INFO);
                    picketLinkAuditEvent3.setType(PicketLinkAuditEventType.RESPONSE_TO_SP);
                    picketLinkAuditEvent3.setDestination(str);
                    picketLinkAuditEvent3.setWhoIsAuditing(contextPath);
                    this.auditHelper.audit(picketLinkAuditEvent3);
                }
                samlIDPWebRequestUtil.send(holder3);
            }
            throw th2;
        }
    }

    private PublicKey getIssuerPublicKey(HttpServletRequest httpServletRequest, String str) throws ConfigurationException, ProcessingException {
        String str2;
        PublicKey publicKey = null;
        try {
            str2 = new URL(str).getHost();
        } catch (MalformedURLException e) {
            logger.trace("Token issuer is not a valid URL: " + str, e);
            str2 = str;
        }
        logger.trace("Trying to find a PK for issuer: " + str2);
        try {
            publicKey = CoreConfigUtil.getValidatingKey(this.keyManager, str2);
        } catch (IllegalStateException e2) {
            logger.trace("Token issuer is not found for: " + str, e2);
        }
        if (publicKey == null) {
            str2 = httpServletRequest.getRemoteAddr();
            logger.trace("Trying to find a PK for issuer " + str2);
            publicKey = CoreConfigUtil.getValidatingKey(this.keyManager, str2);
        }
        logger.trace("Using Validating Alias=" + str2 + " to check signatures.");
        return publicKey;
    }

    /* JADX WARN: Finally extract failed */
    protected void processSAMLResponseMessage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        SamlIDPWebRequestUtil.WebRequestUtilHolder holder;
        httpServletRequest.getSession();
        String contextPath = this.servletContext.getContextPath();
        String parameter = httpServletRequest.getParameter(GeneralConstants.SAML_RESPONSE_KEY);
        String parameter2 = httpServletRequest.getParameter("RelayState");
        boolean z = false;
        String header = httpServletRequest.getHeader("Referer");
        SamlIDPWebRequestUtil samlIDPWebRequestUtil = new SamlIDPWebRequestUtil(httpServletRequest, this.idpConfiguration, this.keyManager);
        try {
            try {
                SAMLDocumentHolder sAMLDocumentHolder = samlIDPWebRequestUtil.getSAMLDocumentHolder(parameter);
                SAML2Object samlObject = sAMLDocumentHolder.getSamlObject();
                if (!(samlObject instanceof StatusResponseType)) {
                    throw logger.wrongTypeError(samlObject.getClass().getName());
                }
                String value = ((StatusResponseType) samlObject).getIssuer().getValue();
                if (!(parameter != null)) {
                    throw logger.samlIDPValidationCheckFailed();
                }
                DefaultSAML2HandlerRequest defaultSAML2HandlerRequest = new DefaultSAML2HandlerRequest(new HTTPContext(httpServletRequest, httpServletResponse, this.servletContext), new IssuerInfoHolder(getIdentityURL()).getIssuer(), sAMLDocumentHolder, SAML2Handler.HANDLER_TYPE.IDP);
                HashMap hashMap = new HashMap();
                if (this.idpConfiguration.isSupportsSignature() || this.idpConfiguration.isEncrypt()) {
                    hashMap.put(GeneralConstants.SENDER_PUBLIC_KEY, getIssuerPublicKey(httpServletRequest, value));
                }
                hashMap.put(GeneralConstants.SAML_IDP_STRICT_POST_BINDING, Boolean.valueOf(this.idpConfiguration.isStrictPostBinding()));
                hashMap.put(GeneralConstants.SUPPORTS_SIGNATURES, Boolean.valueOf(this.idpConfiguration.isSupportsSignature()));
                if (this.auditHelper != null) {
                    hashMap.put(GeneralConstants.AUDIT_HELPER, this.auditHelper);
                    hashMap.put(GeneralConstants.CONTEXT_PATH, contextPath);
                }
                defaultSAML2HandlerRequest.setOptions(hashMap);
                defaultSAML2HandlerRequest.setRelayState(parameter2);
                DefaultSAML2HandlerResponse defaultSAML2HandlerResponse = new DefaultSAML2HandlerResponse();
                Set<SAML2Handler> handlers = this.chain.handlers();
                if (handlers != null) {
                    try {
                        this.chainLock.lock();
                        for (SAML2Handler sAML2Handler : handlers) {
                            sAML2Handler.reset();
                            sAML2Handler.handleStatusResponseType(defaultSAML2HandlerRequest, defaultSAML2HandlerResponse);
                            z = defaultSAML2HandlerResponse.getSendRequest();
                        }
                        this.chainLock.unlock();
                    } catch (Throwable th) {
                        this.chainLock.unlock();
                        throw th;
                    }
                }
                Document resultingDocument = defaultSAML2HandlerResponse.getResultingDocument();
                String relayState = defaultSAML2HandlerResponse.getRelayState();
                String destination = defaultSAML2HandlerResponse.getDestination();
                boolean isPostBindingForResponse = defaultSAML2HandlerResponse.isPostBindingForResponse();
                String destinationQueryStringWithSignature = defaultSAML2HandlerResponse.getDestinationQueryStringWithSignature();
                try {
                    SamlIDPWebRequestUtil.WebRequestUtilHolder holder2 = samlIDPWebRequestUtil.getHolder();
                    if (destination == null) {
                        throw new ServletException(logger.nullValueError(HttpHeaders.DESTINATION));
                    }
                    holder2.setResponseDoc(resultingDocument).setDestination(destination).setRelayState(relayState).setAreWeSendingRequest(z).setPrivateKey(null).setSupportSignature(false).setErrorResponse(false).setServletResponse(httpServletResponse).setPostBindingRequested(isPostBindingForResponse).setDestinationQueryStringWithSignature(destinationQueryStringWithSignature);
                    if (this.idpConfiguration.isSupportsSignature()) {
                        holder2.setPrivateKey(this.keyManager.getSigningKey()).setSupportSignature(true);
                    }
                    holder2.setStrictPostBinding(this.idpConfiguration.isStrictPostBinding());
                    if (holder2.isPostBinding()) {
                        recycle(httpServletResponse);
                    }
                    if (this.enableAudit) {
                        PicketLinkAuditEvent picketLinkAuditEvent = new PicketLinkAuditEvent(AuditLevel.INFO);
                        picketLinkAuditEvent.setType(PicketLinkAuditEventType.RESPONSE_TO_SP);
                        picketLinkAuditEvent.setWhoIsAuditing(contextPath);
                        picketLinkAuditEvent.setDestination(destination);
                        this.auditHelper.audit(picketLinkAuditEvent);
                    }
                    samlIDPWebRequestUtil.send(holder2);
                } catch (ParsingException e) {
                    logger.samlAssertionPasingFailed(e);
                } catch (GeneralSecurityException e2) {
                    logger.trace("Security Exception:", e2);
                }
            } catch (Exception e3) {
                String str = JBossSAMLURIConstants.STATUS_AUTHNFAILED.get();
                if (e3 instanceof IssuerNotTrustedException) {
                    str = JBossSAMLURIConstants.STATUS_REQUEST_DENIED.get();
                }
                logger.samlIDPRequestProcessingError(e3);
                Document errorResponse = samlIDPWebRequestUtil.getErrorResponse(header, str, getIdentityURL(), this.idpConfiguration.isSupportsSignature());
                try {
                    SamlIDPWebRequestUtil.WebRequestUtilHolder holder3 = samlIDPWebRequestUtil.getHolder();
                    if (0 == 0) {
                        throw new ServletException(logger.nullValueError(HttpHeaders.DESTINATION));
                    }
                    holder3.setResponseDoc(errorResponse).setDestination(null).setRelayState(parameter2).setAreWeSendingRequest(false).setPrivateKey(null).setSupportSignature(false).setErrorResponse(true).setServletResponse(httpServletResponse).setPostBindingRequested(false).setDestinationQueryStringWithSignature(null);
                    if (this.idpConfiguration.isSupportsSignature()) {
                        holder3.setPrivateKey(this.keyManager.getSigningKey()).setSupportSignature(true);
                    }
                    holder3.setStrictPostBinding(this.idpConfiguration.isStrictPostBinding());
                    if (holder3.isPostBinding()) {
                        recycle(httpServletResponse);
                    }
                    if (this.enableAudit) {
                        PicketLinkAuditEvent picketLinkAuditEvent2 = new PicketLinkAuditEvent(AuditLevel.INFO);
                        picketLinkAuditEvent2.setType(PicketLinkAuditEventType.RESPONSE_TO_SP);
                        picketLinkAuditEvent2.setWhoIsAuditing(contextPath);
                        picketLinkAuditEvent2.setDestination(null);
                        this.auditHelper.audit(picketLinkAuditEvent2);
                    }
                    samlIDPWebRequestUtil.send(holder3);
                } catch (ParsingException e4) {
                    logger.samlAssertionPasingFailed(e4);
                } catch (GeneralSecurityException e5) {
                    logger.trace("Security Exception:", e5);
                }
            }
        } catch (Throwable th2) {
            try {
                holder = samlIDPWebRequestUtil.getHolder();
            } catch (ParsingException e6) {
                logger.samlAssertionPasingFailed(e6);
            } catch (GeneralSecurityException e7) {
                logger.trace("Security Exception:", e7);
            }
            if (0 == 0) {
                throw new ServletException(logger.nullValueError(HttpHeaders.DESTINATION));
            }
            holder.setResponseDoc(null).setDestination(null).setRelayState(parameter2).setAreWeSendingRequest(false).setPrivateKey(null).setSupportSignature(false).setErrorResponse(false).setServletResponse(httpServletResponse).setPostBindingRequested(false).setDestinationQueryStringWithSignature(null);
            if (this.idpConfiguration.isSupportsSignature()) {
                holder.setPrivateKey(this.keyManager.getSigningKey()).setSupportSignature(true);
            }
            holder.setStrictPostBinding(this.idpConfiguration.isStrictPostBinding());
            if (holder.isPostBinding()) {
                recycle(httpServletResponse);
            }
            if (this.enableAudit) {
                PicketLinkAuditEvent picketLinkAuditEvent3 = new PicketLinkAuditEvent(AuditLevel.INFO);
                picketLinkAuditEvent3.setType(PicketLinkAuditEventType.RESPONSE_TO_SP);
                picketLinkAuditEvent3.setWhoIsAuditing(contextPath);
                picketLinkAuditEvent3.setDestination(null);
                this.auditHelper.audit(picketLinkAuditEvent3);
            }
            samlIDPWebRequestUtil.send(holder);
            throw th2;
        }
    }

    protected void cleanUpSessionNote(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession();
        String str = (String) session.getAttribute(GeneralConstants.SAML_REQUEST_KEY);
        String str2 = (String) session.getAttribute(GeneralConstants.SAML_RESPONSE_KEY);
        String str3 = (String) session.getAttribute("RelayState");
        String str4 = (String) session.getAttribute("Signature");
        String str5 = (String) session.getAttribute(GeneralConstants.SAML_SIG_ALG_REQUEST_KEY);
        if (logger.isTraceEnabled()) {
            StringBuilder sb = new StringBuilder();
            sb.append("Retrieved saml messages and relay state from session");
            sb.append("saml Request message=").append(str);
            sb.append(StringUtil.PROPERTY_DEFAULT_SEPARATOR).append("SAMLResponseMessage=");
            sb.append(str2).append(":").append("relay state=").append(str3);
            sb.append("Signature=").append(str4).append("::sigAlg=").append(str5);
            logger.trace(sb.toString());
        }
        if (org.picketlink.common.util.StringUtil.isNotNull(str)) {
            session.removeAttribute(GeneralConstants.SAML_REQUEST_KEY);
        }
        if (org.picketlink.common.util.StringUtil.isNotNull(str2)) {
            session.removeAttribute(GeneralConstants.SAML_RESPONSE_KEY);
        }
        if (org.picketlink.common.util.StringUtil.isNotNull(str3)) {
            session.removeAttribute("RelayState");
        }
        if (org.picketlink.common.util.StringUtil.isNotNull(str4)) {
            session.removeAttribute("Signature");
        }
        if (org.picketlink.common.util.StringUtil.isNotNull(str5)) {
            session.removeAttribute(GeneralConstants.SAML_SIG_ALG_REQUEST_KEY);
        }
    }

    protected void sendErrorResponseToSP(String str, HttpServletResponse httpServletResponse, String str2, SamlIDPWebRequestUtil samlIDPWebRequestUtil) throws ServletException, IOException, ConfigurationException {
        logger.trace("About to send error response to SP:" + str);
        String contextPath = this.servletContext.getContextPath();
        Document errorResponse = samlIDPWebRequestUtil.getErrorResponse(str, JBossSAMLURIConstants.STATUS_RESPONDER.get(), getIdentityURL(), this.idpConfiguration.isSupportsSignature());
        try {
            SamlIDPWebRequestUtil.WebRequestUtilHolder holder = samlIDPWebRequestUtil.getHolder();
            holder.setResponseDoc(errorResponse).setDestination(str).setRelayState(str2).setAreWeSendingRequest(false).setPrivateKey(null).setSupportSignature(false).setServletResponse(httpServletResponse);
            holder.setPostBindingRequested(samlIDPWebRequestUtil.hasSAMLRequestInPostProfile());
            if (this.idpConfiguration.isSupportsSignature()) {
                holder.setPrivateKey(this.keyManager.getSigningKey()).setSupportSignature(true);
            }
            holder.setStrictPostBinding(this.idpConfiguration.isStrictPostBinding());
            if (holder.isPostBinding()) {
                recycle(httpServletResponse);
            }
            if (this.enableAudit) {
                PicketLinkAuditEvent picketLinkAuditEvent = new PicketLinkAuditEvent(AuditLevel.INFO);
                picketLinkAuditEvent.setType(PicketLinkAuditEventType.ERROR_RESPONSE_TO_SP);
                picketLinkAuditEvent.setWhoIsAuditing(contextPath);
                picketLinkAuditEvent.setDestination(str);
                this.auditHelper.audit(picketLinkAuditEvent);
            }
            samlIDPWebRequestUtil.send(holder);
        } catch (ParsingException e) {
            throw new ServletException(e);
        } catch (GeneralSecurityException e2) {
            throw new ServletException(e2);
        }
    }

    protected void initIdentityServer() {
        if (((IdentityServer) this.servletContext.getAttribute(GeneralConstants.IDENTITY_SERVER)) == null) {
            IdentityServer identityServer = new IdentityServer();
            this.servletContext.setAttribute(GeneralConstants.IDENTITY_SERVER, identityServer);
            if (org.picketlink.common.util.StringUtil.isNotNull(this.idpConfiguration.getIdentityParticipantStack())) {
                try {
                    Class<?> loadClass = SecurityActions.loadClass(getClass(), this.idpConfiguration.getIdentityParticipantStack());
                    if (loadClass == null) {
                        throw logger.classNotLoadedError(this.idpConfiguration.getIdentityParticipantStack());
                    }
                    identityServer.setStack((IdentityParticipantStack) loadClass.newInstance());
                } catch (Exception e) {
                    logger.samlIDPUnableToSetParticipantStackUsingDefault(e);
                }
            }
        }
    }

    protected void initHandlersChain() {
        try {
            if (this.picketLinkConfiguration != null) {
                this.handlers = this.picketLinkConfiguration.getHandlers();
            } else {
                this.handlers = ConfigurationUtil.getHandlers(this.servletContext.getResourceAsStream(GeneralConstants.HANDLER_CONFIG_FILE_LOCATION));
            }
            String handlerChainClass = this.handlers.getHandlerChainClass();
            if (org.picketlink.common.util.StringUtil.isNullOrEmpty(handlerChainClass)) {
                this.chain = SAML2HandlerChainFactory.createChain();
            } else {
                try {
                    this.chain = SAML2HandlerChainFactory.createChain(handlerChainClass);
                } catch (ProcessingException e) {
                    throw new RuntimeException(e);
                }
            }
            this.chain.addAll(HandlerUtil.getHandlers(this.handlers));
            HashMap hashMap = new HashMap();
            hashMap.put(GeneralConstants.ROLE_GENERATOR, this.roleGenerator);
            hashMap.put(GeneralConstants.CONFIGURATION, this.idpConfiguration);
            if (this.keyManager != null) {
                hashMap.put(GeneralConstants.KEYPAIR, this.keyManager.getSigningKeyPair());
            }
            DefaultSAML2HandlerChainConfig defaultSAML2HandlerChainConfig = new DefaultSAML2HandlerChainConfig(hashMap);
            Iterator<SAML2Handler> it = this.chain.handlers().iterator();
            while (it.hasNext()) {
                it.next().initChainConfig(defaultSAML2HandlerChainConfig);
            }
        } catch (Exception e2) {
            logger.samlHandlerConfigurationError(e2);
            throw new RuntimeException(e2.getLocalizedMessage());
        }
    }

    protected void initKeyManager() {
        if (this.idpConfiguration.isSupportsSignature() || this.idpConfiguration.isEncrypt()) {
            KeyProviderType keyProvider = this.idpConfiguration.getKeyProvider();
            if (keyProvider == null) {
                throw new RuntimeException(logger.nullValueError("Key Provider is null for context=" + this.servletContext.getContextPath()));
            }
            try {
                this.keyManager = CoreConfigUtil.getTrustKeyManager(keyProvider);
                this.keyManager.setAuthProperties(CoreConfigUtil.getKeyProviderProperties(keyProvider));
                this.keyManager.setValidatingAlias(keyProvider.getValidatingAlias());
                logger.samlIDPSettingCanonicalizationMethod(this.idpConfiguration.getCanonicalizationMethod());
                XMLSignatureUtil.setCanonicalizationMethodType(this.idpConfiguration.getCanonicalizationMethod());
                logger.trace("Key Provider=" + keyProvider.getClassName());
            } catch (Exception e) {
                logger.trustKeyManagerCreationError(e);
                throw new RuntimeException(e.getLocalizedMessage());
            }
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v110, types: [java.io.InputStream] */
    /* JADX WARN: Type inference failed for: r0v120, types: [java.io.InputStream] */
    protected void initIDPConfiguration() {
        FileInputStream fileInputStream;
        if (org.picketlink.common.util.StringUtil.isNullOrEmpty(this.configFile)) {
            fileInputStream = this.servletContext.getResourceAsStream(GeneralConstants.CONFIG_FILE_LOCATION);
        } else {
            try {
                fileInputStream = new FileInputStream(this.configFile);
            } catch (FileNotFoundException e) {
                throw logger.samlIDPConfigurationError(e);
            }
        }
        if (this.configProvider != null) {
            try {
                if (fileInputStream == null) {
                    fileInputStream = this.servletContext.getResourceAsStream(GeneralConstants.DEPRECATED_CONFIG_FILE_LOCATION);
                    if (fileInputStream != null && (this.configProvider instanceof AbstractSAMLConfigurationProvider)) {
                        ((AbstractSAMLConfigurationProvider) this.configProvider).setConfigFile(fileInputStream);
                    }
                } else if (fileInputStream != null && (this.configProvider instanceof AbstractSAMLConfigurationProvider)) {
                    ((AbstractSAMLConfigurationProvider) this.configProvider).setConsolidatedConfigFile(fileInputStream);
                }
                this.picketLinkConfiguration = this.configProvider.getPicketLinkConfiguration();
                this.idpConfiguration = this.configProvider.getIDPConfiguration();
            } catch (ParsingException e2) {
                throw logger.samlIDPConfigurationError(e2);
            } catch (ProcessingException e3) {
                throw logger.samlIDPConfigurationError(e3);
            }
        }
        if (this.idpConfiguration == null) {
            if (fileInputStream != null) {
                try {
                    this.picketLinkConfiguration = ConfigurationUtil.getConfiguration(fileInputStream);
                    this.idpConfiguration = (IDPType) this.picketLinkConfiguration.getIdpOrSP();
                } catch (ParsingException e4) {
                    logger.trace(e4);
                    logger.samlIDPConfigurationError(e4);
                }
            }
            if (fileInputStream == null) {
                InputStream resourceAsStream = this.servletContext.getResourceAsStream(GeneralConstants.DEPRECATED_CONFIG_FILE_LOCATION);
                if (resourceAsStream == null) {
                    throw logger.configurationFileMissing(GeneralConstants.DEPRECATED_CONFIG_FILE_LOCATION);
                }
                try {
                    this.idpConfiguration = ConfigurationUtil.getIDPConfiguration(resourceAsStream);
                } catch (ParsingException e5) {
                    logger.samlIDPConfigurationError(e5);
                }
            }
        }
        try {
            if (this.picketLinkConfiguration != null) {
                this.enableAudit = this.picketLinkConfiguration.isEnableAudit();
                if (!this.enableAudit) {
                    String systemProperty = SecurityActions.getSystemProperty(GeneralConstants.AUDIT_ENABLE, "NULL");
                    if (!"NULL".equals(systemProperty)) {
                        this.enableAudit = Boolean.parseBoolean(systemProperty);
                    }
                }
                if (this.enableAudit && this.auditHelper == null) {
                    this.auditHelper = new PicketLinkAuditHelper(PicketLinkAuditHelper.getSecurityDomainName(this.servletContext));
                }
            }
            logger.trace("Identity Provider URL=" + getIdentityURL());
            String attributeManager = this.idpConfiguration.getAttributeManager();
            if (attributeManager != null && !"".equals(attributeManager)) {
                Class<?> loadClass = SecurityActions.loadClass(getClass(), attributeManager);
                if (loadClass == null) {
                    throw new RuntimeException(logger.classNotLoadedError(attributeManager));
                }
                this.attribManager.setDelegate((AttributeManager) loadClass.newInstance());
            }
            String roleGenerator = this.idpConfiguration.getRoleGenerator();
            if (roleGenerator != null && !"".equals(roleGenerator)) {
                Class<?> loadClass2 = SecurityActions.loadClass(getClass(), roleGenerator);
                if (loadClass2 == null) {
                    throw new RuntimeException(logger.classNotLoadedError(roleGenerator));
                }
                this.roleGenerator = (RoleGenerator) loadClass2.newInstance();
            }
            List<EntityDescriptorType> metadataConfiguration = CoreConfigUtil.getMetadataConfiguration(this.idpConfiguration, this.servletContext);
            if (metadataConfiguration != null) {
                for (EntityDescriptorType entityDescriptorType : metadataConfiguration) {
                    SPSSODescriptorType sPDescriptor = CoreConfigUtil.getSPDescriptor(entityDescriptorType);
                    if (sPDescriptor != null) {
                        this.spSSOMetadataMap.put(entityDescriptorType.getEntityID(), sPDescriptor);
                    }
                }
            }
            initHostedURI();
        } catch (Exception e6) {
            throw logger.samlIDPConfigurationError(e6);
        }
    }

    protected void initSTSConfiguration() {
        if (this.picketLinkConfiguration != null && this.picketLinkConfiguration.getStsType() != null) {
            PicketLinkCoreSTS.instance().initialize(new PicketLinkSTSConfiguration(this.picketLinkConfiguration.getStsType()));
            return;
        }
        PicketLinkCoreSTS instance = PicketLinkCoreSTS.instance();
        String realPath = this.servletContext.getRealPath("/WEB-INF/picketlink-sts.xml");
        File file = realPath != null ? new File(realPath) : null;
        if (file != null && file.exists()) {
            instance.installDefaultConfiguration(file.toURI().toString());
        } else {
            logger.samlIDPInstallingDefaultSTSConfig();
            instance.installDefaultConfiguration(new String[0]);
        }
    }

    protected String getIdentityURL() {
        return this.idpConfiguration.getIdentityURL();
    }

    protected String determineLoginType(boolean z) {
        String str = JBossSAMLURIConstants.AC_PASSWORD.get();
        if (this.authMethod != null && org.picketlink.common.util.StringUtil.isNotNull(this.authMethod)) {
            if ("CLIENT-CERT".equals(this.authMethod)) {
                str = JBossSAMLURIConstants.AC_TLS_CLIENT.get();
            } else if (z) {
                str = JBossSAMLURIConstants.AC_PASSWORD_PROTECTED_TRANSPORT.get();
            }
        }
        return str;
    }

    protected void startPicketLink() {
        SystemPropertiesUtil.ensure();
        if (this.timerInterval > 0) {
            if (this.timer == null) {
                this.timer = new Timer();
            }
            this.timer.scheduleAtFixedRate(new TimerTask() { // from class: org.overlord.commons.auth.filters.SamlIDPFilter.1
                @Override // java.util.TimerTask, java.lang.Runnable
                public void run() {
                    SamlIDPFilter.this.picketLinkConfiguration = null;
                    SamlIDPFilter.this.idpConfiguration = null;
                    SamlIDPFilter.this.initIDPConfiguration();
                    SamlIDPFilter.this.initKeyManager();
                    SamlIDPFilter.this.initHandlersChain();
                }
            }, this.timerInterval, this.timerInterval);
        }
        initIDPConfiguration();
        initSTSConfiguration();
        initKeyManager();
        initHandlersChain();
        initIdentityServer();
        this.attributeKeys.addAll(Arrays.asList(LDAPConstants.EMAIL, LDAPConstants.CN, "commonname", LDAPConstants.GIVENNAME, "surname", "employeeType", "employeeNumber", "facsimileTelephoneNumber"));
        if (this.picketLinkConfiguration == null) {
            this.picketLinkConfiguration = new PicketLinkType();
            this.picketLinkConfiguration.setIdpOrSP(this.idpConfiguration);
            this.picketLinkConfiguration.setHandlers(this.handlers);
        }
    }

    private SAML11AttributeStatementType createAttributeStatement(List<String> list) {
        SAML11AttributeStatementType sAML11AttributeStatementType = null;
        for (String str : list) {
            if (sAML11AttributeStatementType == null) {
                sAML11AttributeStatementType = new SAML11AttributeStatementType();
            }
            SAML11AttributeType sAML11AttributeType = new SAML11AttributeType(AttributeConstants.ROLE_IDENTIFIER_ASSERTION, URI.create("urn:picketlink:role"));
            sAML11AttributeType.add(str);
            sAML11AttributeStatementType.add(sAML11AttributeType);
        }
        return sAML11AttributeStatementType;
    }

    private Boolean willIgnoreSignatureOfCurrentRequest(String str) {
        SPSSODescriptorType sPSSODescriptorType = this.spSSOMetadataMap.get(str);
        if (sPSSODescriptorType == null) {
            return false;
        }
        Boolean isAuthnRequestsSigned = sPSSODescriptorType.isAuthnRequestsSigned();
        if (isAuthnRequestsSigned == null) {
            isAuthnRequestsSigned = Boolean.FALSE;
        }
        logger.trace("Issuer: " + str + ", isRequestSigned: " + isAuthnRequestsSigned);
        return Boolean.valueOf(!isAuthnRequestsSigned.booleanValue());
    }

    private void initHostedURI() {
        String hostedURI = this.idpConfiguration.getHostedURI();
        if (org.picketlink.common.util.StringUtil.isNullOrEmpty(hostedURI)) {
            hostedURI = "/hosted/";
        } else if (!hostedURI.contains(".") && !hostedURI.endsWith("/")) {
            hostedURI = hostedURI + "/";
        }
        this.idpConfiguration.setHostedURI(hostedURI);
    }

    protected void recycle(HttpServletResponse httpServletResponse) {
        httpServletResponse.reset();
    }

    protected PicketLinkType getConfiguration() {
        return this.picketLinkConfiguration;
    }

    private void configureAuditHelper() throws ServletException {
        String initParameter;
        this.auditHelper = (PicketLinkAuditHelper) this.servletContext.getAttribute(GeneralConstants.AUDIT_HELPER);
        if (this.auditHelper != null || (initParameter = this.servletContext.getInitParameter(GeneralConstants.AUDIT_HELPER)) == null) {
            return;
        }
        try {
            this.auditHelper = (PicketLinkAuditHelper) SecurityActions.loadClass(Thread.currentThread().getContextClassLoader(), initParameter).newInstance();
        } catch (Exception e) {
            throw new ServletException("Could not create audit helper [" + initParameter + "].", e);
        }
    }

    private void configureConfigurationProvider() throws ServletException {
        String initParameter;
        this.configProvider = (SAMLConfigurationProvider) this.servletContext.getAttribute(GeneralConstants.CONFIG_PROVIDER);
        if (this.configProvider != null || (initParameter = this.servletContext.getInitParameter(GeneralConstants.CONFIG_PROVIDER)) == null) {
            return;
        }
        try {
            this.configProvider = (SAMLConfigurationProvider) SecurityActions.loadClass(Thread.currentThread().getContextClassLoader(), initParameter).newInstance();
        } catch (Exception e) {
            throw new ServletException("Could not create config provider [" + initParameter + "].", e);
        }
    }

    public SAMLConfigurationProvider getConfigProvider() {
        return this.configProvider;
    }
}
