package org.wso2.carbon.identity.sso.saml.servlet;

import java.io.IOException;
import java.io.PrintWriter;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.Enumeration;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationRequestCacheEntry;
import org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationResultCache;
import org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationResultCacheEntry;
import org.wso2.carbon.identity.application.authentication.framework.cache.AuthenticationResultCacheKey;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationRequest;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticationResult;
import org.wso2.carbon.identity.application.authentication.framework.util.FrameworkUtils;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.sso.saml.SAMLSSOConstants;
import org.wso2.carbon.identity.sso.saml.SAMLSSOService;
import org.wso2.carbon.identity.sso.saml.cache.CacheEntry;
import org.wso2.carbon.identity.sso.saml.cache.CacheKey;
import org.wso2.carbon.identity.sso.saml.cache.SessionDataCache;
import org.wso2.carbon.identity.sso.saml.cache.SessionDataCacheEntry;
import org.wso2.carbon.identity.sso.saml.cache.SessionDataCacheKey;
import org.wso2.carbon.identity.sso.saml.dto.SAMLSSOAuthnReqDTO;
import org.wso2.carbon.identity.sso.saml.dto.SAMLSSOReqValidationResponseDTO;
import org.wso2.carbon.identity.sso.saml.dto.SAMLSSORespDTO;
import org.wso2.carbon.identity.sso.saml.dto.SAMLSSOSessionDTO;
import org.wso2.carbon.identity.sso.saml.internal.IdentitySAMLSSOServiceComponent;
import org.wso2.carbon.identity.sso.saml.logout.LogoutRequestSender;
import org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil;
import org.wso2.carbon.registry.core.utils.UUIDGenerator;
import org.wso2.carbon.ui.CarbonUIUtil;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

/* loaded from: input_file:org/wso2/carbon/identity/sso/saml/servlet/SAMLSSOProviderServlet.class */
public class SAMLSSOProviderServlet extends HttpServlet {
    private static final long serialVersionUID = -5182312441482721905L;
    private static Log log = LogFactory.getLog(SAMLSSOProviderServlet.class);
    private SAMLSSOService samlSsoService = new SAMLSSOService();

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        try {
            handleRequest(httpServletRequest, httpServletResponse, false);
        } finally {
            SAMLSSOUtil.removeSaaSApplicationThreaLocal();
        }
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        try {
            handleRequest(httpServletRequest, httpServletResponse, true);
        } finally {
            SAMLSSOUtil.removeSaaSApplicationThreaLocal();
        }
    }

    private void handleRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, boolean z) throws ServletException, IOException {
        String str = null;
        Cookie tokenIdCookie = getTokenIdCookie(httpServletRequest);
        String parameter = httpServletRequest.getParameter("tenantDomain");
        if (parameter != null) {
            SAMLSSOUtil.setTenantDomainInThreadLocal(parameter);
        }
        if (tokenIdCookie != null) {
            str = tokenIdCookie.getValue();
        }
        Cookie rememberMeCookie = getRememberMeCookie(httpServletRequest);
        if (rememberMeCookie != null) {
            str = rememberMeCookie.getValue();
        }
        String queryString = httpServletRequest.getQueryString();
        if (log.isDebugEnabled()) {
            log.debug("Query string : " + queryString);
        }
        String parameter2 = httpServletRequest.getParameter("authMode");
        if (!SAMLSSOConstants.AuthnModes.OPENID.equals(parameter2)) {
            parameter2 = SAMLSSOConstants.AuthnModes.USERNAME_PASSWORD;
        }
        String parameter3 = httpServletRequest.getParameter(SAMLSSOConstants.RELAY_STATE);
        String parameter4 = httpServletRequest.getParameter("spEntityID");
        String parameter5 = httpServletRequest.getParameter(SAMLSSOConstants.AUTH_REQ_SAML_ASSRTN);
        String parameter6 = httpServletRequest.getParameter(SAMLSSOConstants.SESSION_DATA_KEY);
        try {
            if (parameter6 != null) {
                SAMLSSOSessionDTO sessionDataFromCache = getSessionDataFromCache(parameter6);
                if (sessionDataFromCache == null) {
                    log.error("Failed to retrieve sessionDTO from the cache.");
                    sendNotification(SAMLSSOConstants.Notification.EXCEPTION_STATUS, SAMLSSOConstants.Notification.EXCEPTION_MESSAGE, httpServletRequest, httpServletResponse);
                    return;
                }
                if (sessionDataFromCache.getTenantDomain() != null) {
                    SAMLSSOUtil.setTenantDomainInThreadLocal(sessionDataFromCache.getTenantDomain());
                }
                if (sessionDataFromCache.isInvalidLogout()) {
                    sendNotification(SAMLSSOConstants.Notification.INVALID_MESSAGE_STATUS, SAMLSSOConstants.Notification.INVALID_MESSAGE_MESSAGE, httpServletRequest, httpServletResponse);
                    return;
                }
                if (sessionDataFromCache.isLogoutReq()) {
                    handleLogoutReponseFromFramework(httpServletRequest, httpServletResponse, sessionDataFromCache);
                } else {
                    handleAuthenticationReponseFromFramework(httpServletRequest, httpServletResponse, str, sessionDataFromCache);
                }
                removeAuthenticationResultFromCache(parameter6);
            } else if (parameter4 != null) {
                handleIdPInitSSO(httpServletRequest, httpServletResponse, parameter4, parameter3, queryString, parameter2, str);
            } else if (parameter5 != null) {
                handleSPInitSSO(httpServletRequest, httpServletResponse, queryString, parameter3, parameter2, parameter5, str, z);
            } else {
                log.debug("Invalid request message or single logout message ");
                if (str == null) {
                    sendNotification(SAMLSSOConstants.Notification.INVALID_MESSAGE_STATUS, SAMLSSOConstants.Notification.INVALID_MESSAGE_MESSAGE, httpServletRequest, httpServletResponse);
                } else {
                    sendToFrameworkForLogout(httpServletRequest, httpServletResponse, null, null, str, true);
                }
            }
        } catch (IdentityException e) {
            log.error(SAMLSSOConstants.Notification.EXCEPTION_STATUS, e);
            sendNotification(SAMLSSOConstants.Notification.EXCEPTION_STATUS, SAMLSSOConstants.Notification.EXCEPTION_MESSAGE, httpServletRequest, httpServletResponse);
        }
    }

    private void sendNotification(String str, String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        httpServletResponse.sendRedirect(CarbonUIUtil.getAdminConsoleURL(httpServletRequest).replace("samlsso/carbon/", "authenticationendpoint/samlsso_notification.do") + ("?status=" + str + "&" + SAMLSSOConstants.STATUS_MSG + "=" + str2));
    }

    private void handleIdPInitSSO(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, String str3, String str4, String str5) throws IdentityException, IOException, ServletException {
        SAMLSSOReqValidationResponseDTO validateIdPInitSSORequest = new SAMLSSOService().validateIdPInitSSORequest(httpServletRequest, httpServletResponse, str, str2, str3, str5, httpServletRequest.getParameter("SSOAuthSessionID"), str4);
        if (validateIdPInitSSORequest.isValid()) {
            sendToFrameworkForAuthentication(httpServletRequest, httpServletResponse, validateIdPInitSSORequest, str2);
        } else {
            log.debug("Invalid SAML SSO Request");
            throw new IdentityException("Invalid SAML SSO Request");
        }
    }

    private void handleSPInitSSO(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, String str3, String str4, String str5, boolean z) throws IdentityException, IOException, ServletException {
        SAMLSSOReqValidationResponseDTO validateSPInitSSORequest = new SAMLSSOService().validateSPInitSSORequest(str4, str, str5, httpServletRequest.getParameter("SSOAuthSessionID"), str3, z);
        if (validateSPInitSSORequest.isLogOutReq()) {
            sendToFrameworkForLogout(httpServletRequest, httpServletResponse, validateSPInitSSORequest, str2, str5, false);
        } else if (validateSPInitSSORequest.isValid()) {
            sendToFrameworkForAuthentication(httpServletRequest, httpServletResponse, validateSPInitSSORequest, str2);
        } else {
            log.debug("Invalid SAML SSO Request");
            throw new IdentityException("Invalid SAML SSO Request");
        }
    }

    private void sendToFrameworkForAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SAMLSSOReqValidationResponseDTO sAMLSSOReqValidationResponseDTO, String str) throws ServletException, IOException {
        SAMLSSOSessionDTO sAMLSSOSessionDTO = new SAMLSSOSessionDTO();
        sAMLSSOSessionDTO.setHttpQueryString(httpServletRequest.getQueryString());
        sAMLSSOSessionDTO.setDestination(sAMLSSOReqValidationResponseDTO.getDestination());
        sAMLSSOSessionDTO.setRelayState(str);
        sAMLSSOSessionDTO.setRequestMessageString(sAMLSSOReqValidationResponseDTO.getRequestMessageString());
        sAMLSSOSessionDTO.setIssuer(sAMLSSOReqValidationResponseDTO.getIssuer());
        sAMLSSOSessionDTO.setRequestID(sAMLSSOReqValidationResponseDTO.getId());
        sAMLSSOSessionDTO.setSubject(sAMLSSOReqValidationResponseDTO.getSubject());
        sAMLSSOSessionDTO.setRelyingPartySessionId(sAMLSSOReqValidationResponseDTO.getRpSessionId());
        sAMLSSOSessionDTO.setAssertionConsumerURL(sAMLSSOReqValidationResponseDTO.getAssertionConsumerURL());
        sAMLSSOSessionDTO.setTenantDomain(httpServletRequest.getParameter("tenantDomain"));
        if (sAMLSSOSessionDTO.getTenantDomain() == null || "null".equalsIgnoreCase(sAMLSSOSessionDTO.getTenantDomain()) || "".equals(sAMLSSOSessionDTO.getTenantDomain())) {
            String[] split = sAMLSSOSessionDTO.getIssuer().split("@");
            if (split.length != 2 || "".equals(split[0]) || "".equals(split[1])) {
                sAMLSSOSessionDTO.setTenantDomain("carbon.super");
            } else {
                sAMLSSOSessionDTO.setTenantDomain(split[1]);
            }
        }
        sAMLSSOSessionDTO.setForceAuth(sAMLSSOReqValidationResponseDTO.isForceAuthn());
        sAMLSSOSessionDTO.setPassiveAuth(sAMLSSOReqValidationResponseDTO.isPassive());
        sAMLSSOSessionDTO.setValidationRespDTO(sAMLSSOReqValidationResponseDTO);
        SAMLSSOUtil.setTenantDomainInThreadLocal(sAMLSSOSessionDTO.getTenantDomain());
        sAMLSSOSessionDTO.setIdPInitSSO(sAMLSSOReqValidationResponseDTO.isIdPInitSSO());
        String generateUUID = UUIDGenerator.generateUUID();
        addSessionDataToCache(generateUUID, sAMLSSOSessionDTO, httpServletRequest.getSession().getMaxInactiveInterval());
        String replace = CarbonUIUtil.getAdminConsoleURL(httpServletRequest).replace("samlsso/carbon/", "commonauth");
        String encode = URLEncoder.encode(IdentitySAMLSSOServiceComponent.SAMLSSO_URL, "UTF-8");
        AuthenticationRequest authenticationRequest = new AuthenticationRequest();
        authenticationRequest.setRelyingParty(sAMLSSOReqValidationResponseDTO.getIssuer());
        authenticationRequest.setCommonAuthCallerPath(encode);
        authenticationRequest.setForceAuth(sAMLSSOReqValidationResponseDTO.isForceAuthn());
        authenticationRequest.setPassiveAuth(sAMLSSOReqValidationResponseDTO.isPassive());
        authenticationRequest.setTenantDomain(sAMLSSOSessionDTO.getTenantDomain());
        authenticationRequest.appendRequestQueryParams(httpServletRequest.getParameterMap());
        Enumeration headerNames = httpServletRequest.getHeaderNames();
        while (headerNames.hasMoreElements()) {
            String obj = headerNames.nextElement().toString();
            authenticationRequest.addHeader(obj, httpServletRequest.getHeader(obj));
        }
        FrameworkUtils.addAuthenticationRequestToCache(generateUUID, new AuthenticationRequestCacheEntry(authenticationRequest), httpServletRequest.getSession().getMaxInactiveInterval());
        StringBuilder sb = new StringBuilder();
        sb.append(replace).append("?").append(SAMLSSOConstants.SESSION_DATA_KEY).append("=").append(generateUUID).append("&").append("type").append("=").append("samlsso");
        FrameworkUtils.setRequestPathCredentials(httpServletRequest);
        httpServletResponse.sendRedirect(sb.toString());
    }

    private void sendToFrameworkForLogout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SAMLSSOReqValidationResponseDTO sAMLSSOReqValidationResponseDTO, String str, String str2, boolean z) throws ServletException, IOException {
        if (str2 != null) {
            SAMLSSOSessionDTO sAMLSSOSessionDTO = new SAMLSSOSessionDTO();
            sAMLSSOSessionDTO.setHttpQueryString(httpServletRequest.getQueryString());
            sAMLSSOSessionDTO.setRelayState(str);
            sAMLSSOSessionDTO.setSessionId(str2);
            sAMLSSOSessionDTO.setLogoutReq(true);
            sAMLSSOSessionDTO.setInvalidLogout(z);
            if (sAMLSSOReqValidationResponseDTO != null) {
                sAMLSSOSessionDTO.setDestination(sAMLSSOReqValidationResponseDTO.getDestination());
                sAMLSSOSessionDTO.setRequestMessageString(sAMLSSOReqValidationResponseDTO.getRequestMessageString());
                sAMLSSOSessionDTO.setIssuer(sAMLSSOReqValidationResponseDTO.getIssuer());
                sAMLSSOSessionDTO.setRequestID(sAMLSSOReqValidationResponseDTO.getId());
                sAMLSSOSessionDTO.setSubject(sAMLSSOReqValidationResponseDTO.getSubject());
                sAMLSSOSessionDTO.setRelyingPartySessionId(sAMLSSOReqValidationResponseDTO.getRpSessionId());
                sAMLSSOSessionDTO.setAssertionConsumerURL(sAMLSSOReqValidationResponseDTO.getAssertionConsumerURL());
                sAMLSSOSessionDTO.setValidationRespDTO(sAMLSSOReqValidationResponseDTO);
            }
            String generateUUID = UUIDGenerator.generateUUID();
            addSessionDataToCache(generateUUID, sAMLSSOSessionDTO, httpServletRequest.getSession().getMaxInactiveInterval());
            String replace = CarbonUIUtil.getAdminConsoleURL(httpServletRequest).replace("samlsso/carbon/", "commonauth");
            String encode = URLEncoder.encode(IdentitySAMLSSOServiceComponent.SAMLSSO_URL, "UTF-8");
            AuthenticationRequest authenticationRequest = new AuthenticationRequest();
            authenticationRequest.addRequestQueryParam("commonAuthLogout", new String[]{"true"});
            authenticationRequest.setRequestQueryParams(httpServletRequest.getParameterMap());
            authenticationRequest.setCommonAuthCallerPath(encode);
            if (sAMLSSOReqValidationResponseDTO != null) {
                authenticationRequest.setRelyingParty(sAMLSSOReqValidationResponseDTO.getIssuer());
            }
            authenticationRequest.appendRequestQueryParams(httpServletRequest.getParameterMap());
            Enumeration headerNames = httpServletRequest.getHeaderNames();
            while (headerNames.hasMoreElements()) {
                String obj = headerNames.nextElement().toString();
                authenticationRequest.addHeader(obj, httpServletRequest.getHeader(obj));
            }
            FrameworkUtils.addAuthenticationRequestToCache(generateUUID, new AuthenticationRequestCacheEntry(authenticationRequest), httpServletRequest.getSession().getMaxInactiveInterval());
            httpServletResponse.sendRedirect(replace + ("?sessionDataKey=" + generateUUID + "&type=samlsso"));
        }
    }

    private void sendResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, String str3, String str4, String str5) throws ServletException, IOException {
        String replace = str != null ? URLDecoder.decode(str, "UTF-8").replaceAll("&", "&amp;").replaceAll("\"", "&quot;").replaceAll("'", "&apos;").replaceAll("<", "&lt;").replaceAll(">", "&gt;").replace("\n", "") : "null";
        String aCSUrlWithTenantPartitioning = getACSUrlWithTenantPartitioning(str3, str4);
        if (IdentitySAMLSSOServiceComponent.getSsoRedirectHtml() != null) {
            String replace2 = IdentitySAMLSSOServiceComponent.getSsoRedirectHtml().replace("$acUrl", aCSUrlWithTenantPartitioning).replace("$response", str2);
            String replace3 = replace != null ? replace2.replace("$relayState", replace) : replace2.replace("$relayState", "");
            String replace4 = (str5 == null || str5.isEmpty()) ? replace3 : replace3.replace("<!--$additionalParams-->", "<input type='hidden' name='AuthenticatedIdPs' value='" + URLEncoder.encode(str5, "UTF-8") + "'>");
            httpServletResponse.getWriter().print(replace4);
            if (log.isDebugEnabled()) {
                log.debug("sso_redirect.html " + replace4);
                return;
            }
            return;
        }
        PrintWriter writer = httpServletResponse.getWriter();
        writer.println("<html>");
        writer.println("<body>");
        writer.println("<p>You are now redirected back to " + aCSUrlWithTenantPartitioning);
        writer.println(" If the redirection fails, please click the post button.</p>");
        writer.println("<form method='post' action='" + aCSUrlWithTenantPartitioning + "'>");
        writer.println("<p>");
        writer.println("<input type='hidden' name='SAMLResponse' value='" + str2 + "'>");
        writer.println("<input type='hidden' name='RelayState' value='" + replace + "'>");
        if (str5 != null && !str5.isEmpty()) {
            writer.println("<input type='hidden' name='AuthenticatedIdPs' value='" + str5 + "'>");
        }
        writer.println("<button type='submit'>POST</button>");
        writer.println("</p>");
        writer.println("</form>");
        writer.println("<script type='text/javascript'>");
        writer.println("document.forms[0].submit();");
        writer.println("</script>");
        writer.println("</body>");
        writer.println("</html>");
    }

    private void handleAuthenticationReponseFromFramework(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, SAMLSSOSessionDTO sAMLSSOSessionDTO) throws IdentityException, IOException, ServletException {
        AuthenticationResult authenticationResultFromCache = getAuthenticationResultFromCache(httpServletRequest.getParameter(SAMLSSOConstants.SESSION_DATA_KEY));
        SAMLSSOReqValidationResponseDTO validationRespDTO = sAMLSSOSessionDTO.getValidationRespDTO();
        SAMLSSOAuthnReqDTO sAMLSSOAuthnReqDTO = new SAMLSSOAuthnReqDTO();
        if (authenticationResultFromCache == null || !authenticationResultFromCache.isAuthenticated()) {
            if (log.isDebugEnabled() && authenticationResultFromCache != null) {
                log.debug("Unauthenticated User");
            }
            if (!validationRespDTO.isPassive()) {
                sendNotification(SAMLSSOConstants.Notification.EXCEPTION_STATUS, SAMLSSOConstants.Notification.EXCEPTION_MESSAGE, httpServletRequest, httpServletResponse);
                return;
            }
            ArrayList arrayList = new ArrayList();
            arrayList.add(SAMLSSOConstants.StatusCodes.NO_PASSIVE);
            arrayList.add(SAMLSSOConstants.StatusCodes.IDENTITY_PROVIDER_ERROR);
            validationRespDTO.setResponse(SAMLSSOUtil.buildErrorResponse(validationRespDTO.getId(), arrayList, "Cannot authenticate Subject in Passive Mode"));
            sendResponse(httpServletRequest, httpServletResponse, sAMLSSOSessionDTO.getRelayState(), validationRespDTO.getResponse(), validationRespDTO.getAssertionConsumerURL(), validationRespDTO.getSubject(), null);
            return;
        }
        populateAuthnReqDTO(httpServletRequest, sAMLSSOAuthnReqDTO, sAMLSSOSessionDTO, authenticationResultFromCache);
        httpServletRequest.setAttribute(SAMLSSOConstants.AUTHENTICATION_RESULT, authenticationResultFromCache);
        String parameter = httpServletRequest.getParameter(SAMLSSOConstants.RELAY_STATE) != null ? httpServletRequest.getParameter(SAMLSSOConstants.RELAY_STATE) : sAMLSSOSessionDTO.getRelayState();
        startTenantFlow(sAMLSSOAuthnReqDTO.getTenantDomain());
        if (sAMLSSOAuthnReqDTO.getTenantDomain() == null || sAMLSSOAuthnReqDTO.getTenantDomain().isEmpty() || sAMLSSOAuthnReqDTO.getTenantDomain().equalsIgnoreCase("null")) {
            sAMLSSOAuthnReqDTO.setTenantDomain(CarbonContext.getThreadLocalCarbonContext().getTenantDomain());
        }
        if (str == null && !sAMLSSOSessionDTO.isPassiveAuth()) {
            str = UUIDGenerator.generateUUID();
        }
        SAMLSSORespDTO authenticate = new SAMLSSOService().authenticate(sAMLSSOAuthnReqDTO, str, authenticationResultFromCache.isAuthenticated(), authenticationResultFromCache.getAuthenticatedAuthenticators(), SAMLSSOConstants.AuthnModes.USERNAME_PASSWORD);
        if (!authenticate.isSessionEstablished()) {
            sendNotification(SAMLSSOConstants.Notification.EXCEPTION_STATUS, SAMLSSOConstants.Notification.EXCEPTION_MESSAGE, httpServletRequest, httpServletResponse);
            return;
        }
        if (httpServletRequest.getParameter("chkRemember") != null && httpServletRequest.getParameter("chkRemember").equals("on")) {
            storeRememberMeCookie(str, httpServletRequest, httpServletResponse, SAMLSSOService.getSSOSessionTimeout());
        }
        storeTokenIdCookie(str, httpServletRequest, httpServletResponse);
        removeSessionDataFromCache(httpServletRequest.getParameter(SAMLSSOConstants.SESSION_DATA_KEY));
        sendResponse(httpServletRequest, httpServletResponse, parameter, authenticate.getRespString(), authenticate.getAssertionConsumerURL(), authenticate.getSubject(), authenticationResultFromCache.getAuthenticatedIdPs());
    }

    private void handleLogoutReponseFromFramework(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SAMLSSOSessionDTO sAMLSSOSessionDTO) throws ServletException, IOException {
        SAMLSSOReqValidationResponseDTO validationRespDTO = sAMLSSOSessionDTO.getValidationRespDTO();
        if (validationRespDTO != null) {
            LogoutRequestSender.getInstance().sendLogoutRequests(validationRespDTO.getLogoutRespDTO());
            SAMLSSOUtil.removeSession(sAMLSSOSessionDTO.getSessionId(), validationRespDTO.getIssuer());
            removeSessionDataFromCache(httpServletRequest.getParameter(SAMLSSOConstants.SESSION_DATA_KEY));
            sendResponse(httpServletRequest, httpServletResponse, sAMLSSOSessionDTO.getRelayState(), validationRespDTO.getLogoutResponse(), validationRespDTO.getAssertionConsumerURL(), validationRespDTO.getSubject(), null);
            return;
        }
        try {
            this.samlSsoService.doSingleLogout(httpServletRequest.getSession().getId());
            sendNotification(SAMLSSOConstants.Notification.INVALID_MESSAGE_STATUS, SAMLSSOConstants.Notification.INVALID_MESSAGE_MESSAGE, httpServletRequest, httpServletResponse);
        } catch (IdentityException e) {
            log.error("Error when processing the logout request!", e);
            sendNotification(SAMLSSOConstants.Notification.EXCEPTION_STATUS, SAMLSSOConstants.Notification.EXCEPTION_MESSAGE, httpServletRequest, httpServletResponse);
        }
    }

    private void populateAuthnReqDTO(HttpServletRequest httpServletRequest, SAMLSSOAuthnReqDTO sAMLSSOAuthnReqDTO, SAMLSSOSessionDTO sAMLSSOSessionDTO, AuthenticationResult authenticationResult) {
        sAMLSSOAuthnReqDTO.setAssertionConsumerURL(sAMLSSOSessionDTO.getAssertionConsumerURL());
        sAMLSSOAuthnReqDTO.setId(sAMLSSOSessionDTO.getRequestID());
        sAMLSSOAuthnReqDTO.setIssuer(sAMLSSOSessionDTO.getIssuer());
        sAMLSSOAuthnReqDTO.setSubject(sAMLSSOSessionDTO.getSubject());
        sAMLSSOAuthnReqDTO.setRpSessionId(sAMLSSOSessionDTO.getRelyingPartySessionId());
        sAMLSSOAuthnReqDTO.setRequestMessageString(sAMLSSOSessionDTO.getRequestMessageString());
        sAMLSSOAuthnReqDTO.setQueryString(sAMLSSOSessionDTO.getHttpQueryString());
        sAMLSSOAuthnReqDTO.setDestination(sAMLSSOSessionDTO.getDestination());
        sAMLSSOAuthnReqDTO.setUsername(authenticationResult.getSubject());
        sAMLSSOAuthnReqDTO.setIdPInitSSO(sAMLSSOSessionDTO.isIdPInitSSO());
        sAMLSSOAuthnReqDTO.setUserAttributes(authenticationResult.getUserAttributes());
        sAMLSSOAuthnReqDTO.setClaimMapping(authenticationResult.getClaimMapping());
        sAMLSSOAuthnReqDTO.setTenantDomain(sAMLSSOSessionDTO.getTenantDomain());
        SAMLSSOUtil.setIsSaaSApplication(authenticationResult.isSaaSApp());
    }

    private Cookie getRememberMeCookie(HttpServletRequest httpServletRequest) {
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies == null) {
            return null;
        }
        for (Cookie cookie : cookies) {
            if (cookie.getName().equals("samlssoRememberMe")) {
                return cookie;
            }
        }
        return null;
    }

    private void storeRememberMeCookie(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, int i) {
        Cookie rememberMeCookie = getRememberMeCookie(httpServletRequest);
        if (rememberMeCookie == null) {
            rememberMeCookie = new Cookie("samlssoRememberMe", str);
        }
        rememberMeCookie.setMaxAge(i);
        rememberMeCookie.setSecure(true);
        rememberMeCookie.setHttpOnly(true);
        httpServletResponse.addCookie(rememberMeCookie);
    }

    public void removeRememberMeCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies != null) {
            for (Cookie cookie : cookies) {
                if (cookie.getName().equals("samlssoRememberMe")) {
                    cookie.setMaxAge(0);
                    httpServletResponse.addCookie(cookie);
                    return;
                }
            }
        }
    }

    private Cookie getTokenIdCookie(HttpServletRequest httpServletRequest) {
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies == null) {
            return null;
        }
        for (Cookie cookie : cookies) {
            if (cookie.getName().equals("samlssoTokenId")) {
                return cookie;
            }
        }
        return null;
    }

    private void storeTokenIdCookie(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Cookie rememberMeCookie = getRememberMeCookie(httpServletRequest);
        if (rememberMeCookie == null) {
            rememberMeCookie = new Cookie("samlssoTokenId", str);
            rememberMeCookie.setMaxAge(SAMLSSOService.getSSOSessionTimeout());
            rememberMeCookie.setSecure(true);
            rememberMeCookie.setHttpOnly(true);
        }
        httpServletResponse.addCookie(rememberMeCookie);
    }

    public void removeTokenIdCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies != null) {
            for (Cookie cookie : cookies) {
                if (cookie.getName().equals("samlssoTokenId")) {
                    cookie.setMaxAge(0);
                    httpServletResponse.addCookie(cookie);
                    return;
                }
            }
        }
    }

    private String getACSUrlWithTenantPartitioning(String str, String str2) {
        String str3 = null;
        String str4 = str;
        if (str2 != null && MultitenantUtils.getTenantDomain(str2) != null) {
            str3 = MultitenantUtils.getTenantDomain(str2);
        }
        if (str3 != null && "true".equals(IdentityUtil.getProperty("SSOService.TenantPartitioningEnabled"))) {
            str4 = str4 + "?tenantDomain=" + str3;
        }
        return str4;
    }

    private void addSessionDataToCache(String str, SAMLSSOSessionDTO sAMLSSOSessionDTO, int i) {
        SessionDataCacheKey sessionDataCacheKey = new SessionDataCacheKey(str);
        SessionDataCacheEntry sessionDataCacheEntry = new SessionDataCacheEntry();
        sessionDataCacheEntry.setSessionDTO(sAMLSSOSessionDTO);
        SessionDataCache.getInstance(i).addToCache((CacheKey) sessionDataCacheKey, (CacheEntry) sessionDataCacheEntry);
    }

    private SAMLSSOSessionDTO getSessionDataFromCache(String str) {
        SAMLSSOSessionDTO sAMLSSOSessionDTO = null;
        CacheEntry valueFromCache = SessionDataCache.getInstance(0).getValueFromCache((CacheKey) new SessionDataCacheKey(str));
        if (valueFromCache != null) {
            sAMLSSOSessionDTO = ((SessionDataCacheEntry) valueFromCache).getSessionDTO();
        }
        return sAMLSSOSessionDTO;
    }

    private void removeSessionDataFromCache(String str) {
        if (str != null) {
            SessionDataCache.getInstance(0).clearCacheEntry((CacheKey) new SessionDataCacheKey(str));
        }
    }

    private AuthenticationResult getAuthenticationResultFromCache(String str) {
        AuthenticationResultCacheEntry valueFromCache = AuthenticationResultCache.getInstance(0).getValueFromCache(new AuthenticationResultCacheKey(str));
        AuthenticationResult authenticationResult = null;
        if (valueFromCache != null) {
            authenticationResult = valueFromCache.getResult();
        } else {
            log.error("Cannot find AuthenticationResult from the cache");
        }
        return authenticationResult;
    }

    private void removeAuthenticationResultFromCache(String str) {
        if (str != null) {
            AuthenticationResultCache.getInstance(0).clearCacheEntry(new AuthenticationResultCacheKey(str));
        }
    }

    private void startTenantFlow(String str) throws IdentityException {
        String str2 = str;
        int i = -1234;
        if (str2 == null || str2.trim().length() <= 0 || "null".equalsIgnoreCase(str2)) {
            str2 = "carbon.super";
        } else {
            try {
                i = SAMLSSOUtil.getRealmService().getTenantManager().getTenantId(str2);
                if (i == -1) {
                    throw new IdentityException("Invalid tenant id. Please specify valid tenant domain in request parameters");
                }
            } catch (UserStoreException e) {
                log.error("while getting tenantId from tenantDomain query param", e);
            }
        }
        PrivilegedCarbonContext.startTenantFlow();
        PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
        threadLocalCarbonContext.setTenantId(i);
        threadLocalCarbonContext.setTenantDomain(str2);
    }
}
