package org.wso2.carbon.identity.sso.saml.util;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.lang.reflect.InvocationTargetException;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.zip.DataFormatException;
import java.util.zip.Deflater;
import java.util.zip.DeflaterOutputStream;
import java.util.zip.Inflater;
import java.util.zip.InflaterInputStream;
import javax.xml.parsers.DocumentBuilder;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.joda.time.DateTime;
import org.opensaml.Configuration;
import org.opensaml.DefaultBootstrap;
import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.AuthnRequest;
import org.opensaml.saml2.core.EncryptedAssertion;
import org.opensaml.saml2.core.Issuer;
import org.opensaml.saml2.core.LogoutRequest;
import org.opensaml.saml2.core.LogoutResponse;
import org.opensaml.saml2.core.RequestAbstractType;
import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.core.impl.IssuerBuilder;
import org.opensaml.xml.ConfigurationException;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.x509.X509Credential;
import org.opensaml.xml.signature.SignableXMLObject;
import org.opensaml.xml.util.Base64;
import org.osgi.framework.BundleContext;
import org.osgi.service.http.HttpService;
import org.w3c.dom.Element;
import org.w3c.dom.bootstrap.DOMImplementationRegistry;
import org.w3c.dom.ls.DOMImplementationLS;
import org.w3c.dom.ls.LSOutput;
import org.w3c.dom.ls.LSSerializer;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.context.RegistryType;
import org.wso2.carbon.core.util.KeyStoreManager;
import org.wso2.carbon.identity.application.common.model.ClaimMapping;
import org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig;
import org.wso2.carbon.identity.application.common.model.SAML2SSOFederatedAuthenticatorConfig;
import org.wso2.carbon.identity.application.common.util.IdentityApplicationManagementUtil;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.core.model.SAMLSSOServiceProviderDO;
import org.wso2.carbon.identity.core.persistence.IdentityPersistenceManager;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.sso.saml.SAMLSSOConstants;
import org.wso2.carbon.identity.sso.saml.SSOServiceProviderConfigManager;
import org.wso2.carbon.identity.sso.saml.builders.DefaultResponseBuilder;
import org.wso2.carbon.identity.sso.saml.builders.ErrorResponseBuilder;
import org.wso2.carbon.identity.sso.saml.builders.ResponseBuilder;
import org.wso2.carbon.identity.sso.saml.builders.X509CredentialImpl;
import org.wso2.carbon.identity.sso.saml.builders.assertion.SAMLAssertionBuilder;
import org.wso2.carbon.identity.sso.saml.builders.encryption.SSOEncrypter;
import org.wso2.carbon.identity.sso.saml.builders.signature.SSOSigner;
import org.wso2.carbon.identity.sso.saml.dto.QueryParamDTO;
import org.wso2.carbon.identity.sso.saml.dto.SAMLSSOAuthnReqDTO;
import org.wso2.carbon.identity.sso.saml.exception.IdentitySAML2SSOException;
import org.wso2.carbon.identity.sso.saml.processors.IdPInitLogoutRequestProcessor;
import org.wso2.carbon.identity.sso.saml.processors.IdPInitSSOAuthnRequestProcessor;
import org.wso2.carbon.identity.sso.saml.processors.SPInitLogoutRequestProcessor;
import org.wso2.carbon.identity.sso.saml.processors.SPInitSSOAuthnRequestProcessor;
import org.wso2.carbon.identity.sso.saml.session.SSOSessionPersistenceManager;
import org.wso2.carbon.identity.sso.saml.validators.IdPInitSSOAuthnRequestValidator;
import org.wso2.carbon.identity.sso.saml.validators.SAML2HTTPRedirectSignatureValidator;
import org.wso2.carbon.identity.sso.saml.validators.SPInitSSOAuthnRequestValidator;
import org.wso2.carbon.identity.sso.saml.validators.SSOAuthnRequestValidator;
import org.wso2.carbon.idp.mgt.IdentityProviderManagementException;
import org.wso2.carbon.idp.mgt.IdentityProviderManager;
import org.wso2.carbon.registry.core.service.RegistryService;
import org.wso2.carbon.registry.core.service.TenantRegistryLoader;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.utils.ConfigurationContextService;

/* loaded from: input_file:org/wso2/carbon/identity/sso/saml/util/SAMLSSOUtil.class */
public class SAMLSSOUtil {
    private static final char[] charMapping = {'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p'};
    private static final Set<Character> UNRESERVED_CHARACTERS = new HashSet();
    private static final ThreadLocal<Boolean> isSaaSApplication = new ThreadLocal<>();
    private static final ThreadLocal<String> userTenantDomainThreadLocal = new ThreadLocal<>();
    private static final String DefaultAssertionBuilder = "org.wso2.carbon.identity.sso.saml.builders.assertion.DefaultSAMLAssertionBuilder";
    private static final String SECURITY_MANAGER_PROPERTY = "http://apache.org/xml/properties/security-manager";
    private static final int ENTITY_EXPANSION_LIMIT = 0;
    private static Log log;
    private static RegistryService registryService;
    private static TenantRegistryLoader tenantRegistryLoader;
    private static BundleContext bundleContext;
    private static RealmService realmService;
    private static ConfigurationContextService configCtxService;
    private static HttpService httpService;
    private static boolean isBootStrapped;
    private static int singleLogoutRetryCount;
    private static long singleLogoutRetryInterval;
    private static String responseBuilderClassName;
    private static SAMLAssertionBuilder samlAssertionBuilder;
    private static SSOEncrypter ssoEncrypter;
    private static SSOSigner ssoSigner;
    private static SAML2HTTPRedirectSignatureValidator samlHTTPRedirectSignatureValidator;
    private static String sPInitSSOAuthnRequestValidatorClassName;
    private static String iDPInitSSOAuthnRequestValidatorClassName;
    private static ThreadLocal tenantDomainInThreadLocal;
    private static String idPInitLogoutRequestProcessorClassName;
    private static String idPInitSSOAuthnRequestProcessorClassName;
    private static String sPInitSSOAuthnRequestProcessorClassName;
    private static String sPInitLogoutRequestProcessorClassName;

    private SAMLSSOUtil() {
    }

    public static boolean isSaaSApplication() {
        if (isSaaSApplication == null) {
            return true;
        }
        Boolean bool = isSaaSApplication.get();
        if (bool != null) {
            return bool.booleanValue();
        }
        return false;
    }

    public static void setIsSaaSApplication(boolean z) {
        isSaaSApplication.set(Boolean.valueOf(z));
    }

    public static void removeSaaSApplicationThreaLocal() {
        isSaaSApplication.remove();
    }

    public static String getUserTenantDomain() {
        if (userTenantDomainThreadLocal == null) {
            return null;
        }
        return userTenantDomainThreadLocal.get();
    }

    public static void setUserTenantDomain(String str) throws UserStoreException, IdentityException {
        String validateTenantDomain = validateTenantDomain(str);
        if (validateTenantDomain != null) {
            userTenantDomainThreadLocal.set(validateTenantDomain);
        }
    }

    public static void removeUserTenantDomainThreaLocal() {
        userTenantDomainThreadLocal.remove();
    }

    public static BundleContext getBundleContext() {
        return bundleContext;
    }

    public static void setBundleContext(BundleContext bundleContext2) {
        bundleContext = bundleContext2;
    }

    public static RegistryService getRegistryService() {
        return registryService;
    }

    public static void setRegistryService(RegistryService registryService2) {
        registryService = registryService2;
    }

    public static TenantRegistryLoader getTenantRegistryLoader() {
        return tenantRegistryLoader;
    }

    public static void setTenantRegistryLoader(TenantRegistryLoader tenantRegistryLoader2) {
        tenantRegistryLoader = tenantRegistryLoader2;
    }

    public static RealmService getRealmService() {
        return realmService;
    }

    public static void setRealmService(RealmService realmService2) {
        realmService = realmService2;
    }

    public static ConfigurationContextService getConfigCtxService() {
        return configCtxService;
    }

    public static void setConfigCtxService(ConfigurationContextService configurationContextService) {
        configCtxService = configurationContextService;
    }

    public static HttpService getHttpService() {
        return httpService;
    }

    public static void setHttpService(HttpService httpService2) {
        httpService = httpService2;
    }

    public static XMLObject unmarshall(String str) throws IdentityException {
        ByteArrayInputStream byteArrayInputStream = ENTITY_EXPANSION_LIMIT;
        try {
            try {
                doBootstrap();
                DocumentBuilder newDocumentBuilder = IdentityUtil.getSecuredDocumentBuilderFactory().newDocumentBuilder();
                byteArrayInputStream = new ByteArrayInputStream(str.trim().getBytes(StandardCharsets.UTF_8));
                Element documentElement = newDocumentBuilder.parse(byteArrayInputStream).getDocumentElement();
                XMLObject unmarshall = Configuration.getUnmarshallerFactory().getUnmarshaller(documentElement).unmarshall(documentElement);
                if (byteArrayInputStream != null) {
                    try {
                        byteArrayInputStream.close();
                    } catch (IOException e) {
                        log.error("Error while closing the stream", e);
                    }
                }
                return unmarshall;
            } catch (Exception e2) {
                log.error("Error in constructing AuthRequest from the encoded String", e2);
                throw IdentityException.error("Error in constructing AuthRequest from the encoded String ", e2);
            }
        } catch (Throwable th) {
            if (byteArrayInputStream != null) {
                try {
                    byteArrayInputStream.close();
                } catch (IOException e3) {
                    log.error("Error while closing the stream", e3);
                }
            }
            throw th;
        }
    }

    public static String marshall(XMLObject xMLObject) throws IdentityException {
        ByteArrayOutputStream byteArrayOutputStream = ENTITY_EXPANSION_LIMIT;
        try {
            try {
                doBootstrap();
                System.setProperty("javax.xml.parsers.DocumentBuilderFactory", "org.apache.xerces.jaxp.DocumentBuilderFactoryImpl");
                Element marshall = org.opensaml.xml.Configuration.getMarshallerFactory().getMarshaller(xMLObject).marshall(xMLObject);
                byteArrayOutputStream = new ByteArrayOutputStream();
                DOMImplementationLS dOMImplementationLS = (DOMImplementationLS) DOMImplementationRegistry.newInstance().getDOMImplementation("LS");
                LSSerializer createLSSerializer = dOMImplementationLS.createLSSerializer();
                LSOutput createLSOutput = dOMImplementationLS.createLSOutput();
                createLSOutput.setByteStream(byteArrayOutputStream);
                createLSSerializer.write(marshall, createLSOutput);
                String byteArrayOutputStream2 = byteArrayOutputStream.toString(SAMLSSOConstants.ENCODING_FORMAT);
                if (byteArrayOutputStream != null) {
                    try {
                        byteArrayOutputStream.close();
                    } catch (IOException e) {
                        log.error("Error while closing the stream", e);
                    }
                }
                return byteArrayOutputStream2;
            } catch (Throwable th) {
                if (byteArrayOutputStream != null) {
                    try {
                        byteArrayOutputStream.close();
                    } catch (IOException e2) {
                        log.error("Error while closing the stream", e2);
                    }
                }
                throw th;
            }
        } catch (Exception e3) {
            log.error("Error Serializing the SAML Response");
            throw IdentityException.error("Error Serializing the SAML Response", e3);
        }
    }

    public static String encode(String str) {
        return Base64.encodeBytes(str.getBytes(StandardCharsets.UTF_8), 8).trim();
    }

    public static String decode(String str) throws IdentityException {
        try {
            byte[] decode = new org.apache.commons.codec.binary.Base64().decode(str.getBytes(SAMLSSOConstants.ENCODING_FORMAT));
            try {
                Inflater inflater = new Inflater(true);
                inflater.setInput(decode);
                byte[] bArr = new byte[5000];
                int inflate = inflater.inflate(bArr);
                if (!inflater.finished()) {
                    throw new RuntimeException("End of the compressed data stream has NOT been reached");
                }
                inflater.end();
                String str2 = new String(bArr, ENTITY_EXPANSION_LIMIT, inflate, SAMLSSOConstants.ENCODING_FORMAT);
                if (log.isDebugEnabled()) {
                    log.debug("Request message " + str2);
                }
                return str2;
            } catch (DataFormatException e) {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(decode);
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                InflaterInputStream inflaterInputStream = new InflaterInputStream(byteArrayInputStream);
                byte[] bArr2 = new byte[1024];
                for (int read = inflaterInputStream.read(bArr2); read != -1; read = inflaterInputStream.read(bArr2)) {
                    byteArrayOutputStream.write(bArr2, ENTITY_EXPANSION_LIMIT, read);
                }
                inflaterInputStream.close();
                String str3 = new String(byteArrayOutputStream.toByteArray(), StandardCharsets.UTF_8);
                if (log.isDebugEnabled()) {
                    log.debug("Request message " + str3, e);
                }
                return str3;
            }
        } catch (IOException e2) {
            throw IdentityException.error("Error when decoding the SAML Request.", e2);
        }
    }

    public static String decodeForPost(String str) throws IdentityException {
        try {
            String str2 = new String(new org.apache.commons.codec.binary.Base64().decode(str.getBytes(SAMLSSOConstants.ENCODING_FORMAT)), SAMLSSOConstants.ENCODING_FORMAT);
            if (log.isDebugEnabled()) {
                log.debug("Request message " + str2);
            }
            return str2;
        } catch (IOException e) {
            throw IdentityException.error("Error when decoding the SAML Request.", e);
        }
    }

    public static Issuer getIssuer() throws IdentityException {
        return getIssuerFromTenantDomain(getTenantDomainFromThreadLocal());
    }

    public static Issuer getIssuerFromTenantDomain(String str) throws IdentityException {
        int i;
        Issuer buildObject = new IssuerBuilder().buildObject();
        String str2 = ENTITY_EXPANSION_LIMIT;
        if (StringUtils.isEmpty(str) || "null".equals(str)) {
            str = "carbon.super";
            i = -1234;
        } else {
            try {
                i = getRealmService().getTenantManager().getTenantId(str);
                if (-1 == i) {
                    throw IdentityException.error("Invalid tenant domain - '" + str + "'");
                }
            } catch (UserStoreException e) {
                throw IdentityException.error(SAMLSSOConstants.Notification.ERROR_RETRIEVE_TENANT_ID, e);
            }
        }
        IdentityTenantUtil.initializeRegistry(i, str);
        try {
            FederatedAuthenticatorConfig[] federatedAuthenticatorConfigs = IdentityProviderManager.getInstance().getResidentIdP(str).getFederatedAuthenticatorConfigs();
            int length = federatedAuthenticatorConfigs.length;
            for (int i2 = ENTITY_EXPANSION_LIMIT; i2 < length; i2++) {
                FederatedAuthenticatorConfig federatedAuthenticatorConfig = federatedAuthenticatorConfigs[i2];
                if ("samlsso".equals(federatedAuthenticatorConfig.getName())) {
                    str2 = new SAML2SSOFederatedAuthenticatorConfig(federatedAuthenticatorConfig).getIdpEntityId();
                }
            }
            if (str2 == null) {
                str2 = IdentityUtil.getProperty("SSOService.EntityID");
            }
            buildObject.setValue(str2);
            buildObject.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:entity");
            return buildObject;
        } catch (IdentityProviderManagementException e2) {
            throw IdentityException.error("Error occurred while retrieving Resident Identity Provider information for tenant " + str, e2);
        }
    }

    public static List<String> getDestinationFromTenantDomain(String str) throws IdentityException {
        ArrayList arrayList = new ArrayList();
        try {
            arrayList.addAll(IdentityApplicationManagementUtil.getPropertyValuesForNameStartsWith(IdentityProviderManager.getInstance().getResidentIdP(str).getFederatedAuthenticatorConfigs(), "samlsso", "DestinationURI"));
            if (arrayList.size() == 0) {
                String property = IdentityUtil.getProperty("SSOService.IdentityProviderURL");
                if (StringUtils.isBlank(property)) {
                    property = IdentityUtil.getServerURL(SAMLSSOConstants.SAMLSSO_URL, true, true);
                }
                arrayList.add(property);
            }
            return arrayList;
        } catch (IdentityProviderManagementException e) {
            throw IdentityException.error("Error occurred while retrieving Resident Identity Provider information for tenant " + str, e);
        }
    }

    public static void doBootstrap() {
        if (isBootStrapped) {
            return;
        }
        try {
            DefaultBootstrap.bootstrap();
            isBootStrapped = true;
        } catch (ConfigurationException e) {
            log.error("Error in bootstrapping the OpenSAML2 library", e);
        }
    }

    public static Assertion setSignature(Assertion assertion, String str, String str2, X509Credential x509Credential) throws IdentityException {
        return doSetSignature(assertion, str, str2, x509Credential);
    }

    public static Response setSignature(Response response, String str, String str2, X509Credential x509Credential) throws IdentityException {
        return doSetSignature(response, str, str2, x509Credential);
    }

    public static LogoutResponse setSignature(LogoutResponse logoutResponse, String str, String str2, X509Credential x509Credential) throws IdentityException {
        return doSetSignature(logoutResponse, str, str2, x509Credential);
    }

    public static LogoutRequest setSignature(LogoutRequest logoutRequest, String str, String str2, X509Credential x509Credential) throws IdentityException {
        return doSetSignature(logoutRequest, str, str2, x509Credential);
    }

    private static SignableXMLObject doSetSignature(SignableXMLObject signableXMLObject, String str, String str2, X509Credential x509Credential) throws IdentityException {
        doBootstrap();
        try {
            synchronized (Runtime.getRuntime().getClass()) {
                ssoSigner = (SSOSigner) Class.forName(IdentityUtil.getProperty("SSOService.SAMLSSOSigner").trim()).newInstance();
                ssoSigner.init();
            }
            return ssoSigner.setSignature(signableXMLObject, str, str2, x509Credential);
        } catch (ClassNotFoundException e) {
            throw IdentityException.error("Class not found: " + IdentityUtil.getProperty("SSOService.SAMLSSOSigner"), e);
        } catch (IllegalAccessException e2) {
            throw IdentityException.error("Illegal access to class: " + IdentityUtil.getProperty("SSOService.SAMLSSOSigner"), e2);
        } catch (InstantiationException e3) {
            throw IdentityException.error("Error while instantiating class: " + IdentityUtil.getProperty("SSOService.SAMLSSOSigner"), e3);
        } catch (Exception e4) {
            throw IdentityException.error("Error while signing the XML object.", e4);
        }
    }

    public static EncryptedAssertion setEncryptedAssertion(Assertion assertion, String str, String str2, String str3) throws IdentityException {
        doBootstrap();
        try {
            X509CredentialImpl x509CredentialImplForTenant = getX509CredentialImplForTenant(str3, str2);
            synchronized (Runtime.getRuntime().getClass()) {
                ssoEncrypter = (SSOEncrypter) Class.forName(IdentityUtil.getProperty("SSOService.SAMLSSOEncrypter").trim()).newInstance();
                ssoEncrypter.init();
            }
            return ssoEncrypter.doEncryptedAssertion(assertion, x509CredentialImplForTenant, str2, str);
        } catch (ClassNotFoundException e) {
            throw IdentityException.error("Class not found: " + IdentityUtil.getProperty("SSOService.SAMLSSOEncrypter"), e);
        } catch (IllegalAccessException e2) {
            throw IdentityException.error("Illegal access to class: " + IdentityUtil.getProperty("SSOService.SAMLSSOEncrypter"), e2);
        } catch (InstantiationException e3) {
            throw IdentityException.error("Error while instantiating class: " + IdentityUtil.getProperty("SSOService.SAMLSSOEncrypter"), e3);
        } catch (Exception e4) {
            throw IdentityException.error("Error while signing the SAML Response message.", e4);
        }
    }

    public static Assertion buildSAMLAssertion(SAMLSSOAuthnReqDTO sAMLSSOAuthnReqDTO, DateTime dateTime, String str) throws IdentityException {
        String str2;
        doBootstrap();
        try {
            str2 = IdentityUtil.getProperty("SSOService.SAMLSSOAssertionBuilder").trim();
            if (StringUtils.isBlank(str2)) {
                str2 = DefaultAssertionBuilder;
            }
        } catch (Exception e) {
            if (log.isDebugEnabled()) {
                log.debug("SAMLSSOAssertionBuilder configuration is set to default builder ", e);
            }
            str2 = DefaultAssertionBuilder;
        }
        try {
            synchronized (Runtime.getRuntime().getClass()) {
                samlAssertionBuilder = (SAMLAssertionBuilder) Class.forName(str2).newInstance();
                samlAssertionBuilder.init();
            }
            return samlAssertionBuilder.buildAssertion(sAMLSSOAuthnReqDTO, dateTime, str);
        } catch (ClassNotFoundException e2) {
            throw IdentityException.error("Class not found: " + str2, e2);
        } catch (IllegalAccessException e3) {
            throw IdentityException.error("Illegal access to class: " + str2, e3);
        } catch (InstantiationException e4) {
            throw IdentityException.error("Error while instantiating class: " + str2, e4);
        } catch (Exception e5) {
            throw IdentityException.error("Error while building the saml assertion", e5);
        }
    }

    public static String createID() {
        try {
            return new SecureRandomIdentifierGenerator().generateIdentifier();
        } catch (NoSuchAlgorithmException e) {
            log.error("Error while building Secure Random ID", e);
            return null;
        }
    }

    public static String generateKSNameFromDomainName(String str) {
        return str.trim().replace(".", "-") + ".jks";
    }

    public static X509CredentialImpl getX509CredentialImplForTenant(String str, String str2) throws IdentitySAML2SSOException {
        if (str == null || str.trim().isEmpty() || str2 == null || str2.trim().isEmpty()) {
            throw new IllegalArgumentException("Invalid parameters; domain name : " + str + ", alias : " + str2);
        }
        try {
            int tenantId = realmService.getTenantManager().getTenantId(str);
            KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(tenantId);
            try {
                return new X509CredentialImpl((X509Certificate) (tenantId != -1234 ? keyStoreManager.getKeyStore(generateKSNameFromDomainName(str)) : keyStoreManager.getPrimaryKeyStore()).getCertificate(str2));
            } catch (Exception e) {
                throw new IdentitySAML2SSOException("Error instantiating an X509CredentialImpl object for the public certificate of " + str, e);
            }
        } catch (UserStoreException e2) {
            throw new IdentitySAML2SSOException("Error getting the tenant ID for the tenant domain : " + str, e2);
        }
    }

    public static boolean validateAuthnRequestSignature(SAMLSSOAuthnReqDTO sAMLSSOAuthnReqDTO) {
        if (log.isDebugEnabled()) {
            log.debug("Validating SAML Request signature");
        }
        String tenantDomain = sAMLSSOAuthnReqDTO.getTenantDomain();
        if (sAMLSSOAuthnReqDTO.isStratosDeployment()) {
            tenantDomain = "carbon.super";
        }
        String certAlias = sAMLSSOAuthnReqDTO.getCertAlias();
        RequestAbstractType requestAbstractType = ENTITY_EXPANSION_LIMIT;
        try {
            requestAbstractType = (RequestAbstractType) unmarshall(sAMLSSOAuthnReqDTO.getQueryString() != null ? decode(sAMLSSOAuthnReqDTO.getRequestMessageString()) : decodeForPost(sAMLSSOAuthnReqDTO.getRequestMessageString()));
        } catch (IdentityException e) {
            if (log.isDebugEnabled()) {
                log.debug("Signature Validation failed for the SAMLRequest : Failed to unmarshall the SAML Assertion", e);
            }
        }
        try {
            return sAMLSSOAuthnReqDTO.getQueryString() != null ? validateDeflateSignature(sAMLSSOAuthnReqDTO.getQueryString(), sAMLSSOAuthnReqDTO.getIssuer(), certAlias, tenantDomain) : validateXMLSignature(requestAbstractType, certAlias, tenantDomain);
        } catch (IdentityException e2) {
            if (!log.isDebugEnabled()) {
                return false;
            }
            log.debug("Signature Validation failed for the SAMLRequest : Failed to validate the SAML Assertion", e2);
            return false;
        }
    }

    public static boolean validateLogoutRequestSignature(LogoutRequest logoutRequest, String str, String str2, String str3) throws IdentityException {
        String tenantDomainFromThreadLocal = getTenantDomainFromThreadLocal();
        return str3 != null ? validateDeflateSignature(str3, logoutRequest.getIssuer().getValue(), str, tenantDomainFromThreadLocal) : validateXMLSignature(logoutRequest, str, tenantDomainFromThreadLocal);
    }

    public static boolean validateDeflateSignature(String str, String str2, String str3, String str4) throws IdentityException {
        try {
            synchronized (Runtime.getRuntime().getClass()) {
                samlHTTPRedirectSignatureValidator = (SAML2HTTPRedirectSignatureValidator) Class.forName(IdentityUtil.getProperty("SSOService.SAML2HTTPRedirectSignatureValidator").trim()).newInstance();
                samlHTTPRedirectSignatureValidator.init();
            }
            return samlHTTPRedirectSignatureValidator.validateSignature(str, str2, str3, str4);
        } catch (InstantiationException e) {
            throw IdentityException.error("Error while instantiating class: " + IdentityUtil.getProperty("SSOService.SAML2HTTPRedirectSignatureValidator"), e);
        } catch (IdentitySAML2SSOException e2) {
            log.warn("Signature validation failed for the SAML Message : Failed to construct the X509CredentialImpl for the alias " + str3, e2);
            return false;
        } catch (SecurityException e3) {
            log.error("Error validating deflate signature", e3);
            return false;
        } catch (ClassNotFoundException e4) {
            throw IdentityException.error("Class not found: " + IdentityUtil.getProperty("SSOService.SAML2HTTPRedirectSignatureValidator"), e4);
        } catch (IllegalAccessException e5) {
            throw IdentityException.error("Illegal access to class: " + IdentityUtil.getProperty("SSOService.SAML2HTTPRedirectSignatureValidator"), e5);
        }
    }

    public static boolean validateXMLSignature(RequestAbstractType requestAbstractType, String str, String str2) throws IdentityException {
        if (requestAbstractType.getSignature() != null) {
            try {
                X509CredentialImpl x509CredentialImplForTenant = getX509CredentialImplForTenant(str2, str);
                synchronized (Runtime.getRuntime().getClass()) {
                    ssoSigner = (SSOSigner) Class.forName(IdentityUtil.getProperty("SSOService.SAMLSSOSigner").trim()).newInstance();
                    ssoSigner.init();
                }
                return ssoSigner.validateXMLSignature(requestAbstractType, x509CredentialImplForTenant, str);
            } catch (ClassNotFoundException e) {
                throw IdentityException.error("Class not found: " + IdentityUtil.getProperty("SSOService.SAMLSSOSigner"), e);
            } catch (IllegalAccessException e2) {
                throw IdentityException.error("Illegal access to class: " + IdentityUtil.getProperty("SSOService.SAMLSSOSigner"), e2);
            } catch (InstantiationException e3) {
                throw IdentityException.error("Error while instantiating class: " + IdentityUtil.getProperty("SSOService.SAMLSSOSigner"), e3);
            } catch (Exception e4) {
                if (log.isDebugEnabled()) {
                    log.debug("Error while validating XML signature.", e4);
                }
            } catch (IdentitySAML2SSOException e5) {
                if (log.isDebugEnabled()) {
                    log.debug("Signature validation failed for the SAML Message : Failed to construct the X509CredentialImpl for the alias " + str, e5);
                }
            } catch (IdentityException e6) {
                if (log.isDebugEnabled()) {
                    log.debug("Signature Validation Failed for the SAML Assertion : Signature is invalid.", e6);
                }
            }
        }
        return false;
    }

    public static Map<String, String> getAttributes(SAMLSSOAuthnReqDTO sAMLSSOAuthnReqDTO) throws IdentityException {
        int parseInt;
        SAMLSSOServiceProviderDO serviceProvider = SSOServiceProviderConfigManager.getInstance().getServiceProvider(sAMLSSOAuthnReqDTO.getIssuer());
        if (serviceProvider == null) {
            serviceProvider = IdentityPersistenceManager.getPersistanceManager().getServiceProvider(PrivilegedCarbonContext.getThreadLocalCarbonContext().getRegistry(RegistryType.SYSTEM_CONFIGURATION), sAMLSSOAuthnReqDTO.getIssuer());
        }
        if (sAMLSSOAuthnReqDTO.isIdPInitSSOEnabled()) {
            if (!StringUtils.isNotBlank(serviceProvider.getAttributeConsumingServiceIndex()) || !serviceProvider.isEnableAttributesByDefault()) {
                return null;
            }
            parseInt = Integer.parseInt(serviceProvider.getAttributeConsumingServiceIndex());
        } else if (sAMLSSOAuthnReqDTO.getAttributeConsumingServiceIndex() != 0) {
            parseInt = sAMLSSOAuthnReqDTO.getAttributeConsumingServiceIndex();
        } else {
            if (!StringUtils.isNotBlank(serviceProvider.getAttributeConsumingServiceIndex()) || !serviceProvider.isEnableAttributesByDefault()) {
                return null;
            }
            parseInt = Integer.parseInt(serviceProvider.getAttributeConsumingServiceIndex());
        }
        if (serviceProvider.getAttributeConsumingServiceIndex() == null || "".equals(serviceProvider.getAttributeConsumingServiceIndex()) || parseInt != Integer.parseInt(serviceProvider.getAttributeConsumingServiceIndex())) {
            if (log.isDebugEnabled()) {
                log.debug("Invalid AttributeConsumingServiceIndex in AuthnRequest");
            }
            return Collections.emptyMap();
        }
        HashMap hashMap = new HashMap();
        if (sAMLSSOAuthnReqDTO.getUser().getUserAttributes() != null) {
            for (Map.Entry entry : sAMLSSOAuthnReqDTO.getUser().getUserAttributes().entrySet()) {
                hashMap.put(((ClaimMapping) entry.getKey()).getRemoteClaim().getClaimUri(), entry.getValue());
            }
        }
        return hashMap;
    }

    public static String buildErrorResponse(String str, List<String> list, String str2, String str3) throws IdentityException {
        return encode(marshall(new ErrorResponseBuilder().buildResponse(str, list, str2, str3)));
    }

    public static String buildCompressedErrorResponse(String str, List<String> list, String str2, String str3) throws IdentityException, IOException {
        return compressResponse(marshall(new ErrorResponseBuilder().buildResponse(str, list, str2, str3)));
    }

    public static int getSAMLResponseValidityPeriod() {
        if (StringUtils.isNotBlank(IdentityUtil.getProperty("SSOService.SAMLResponseValidityPeriod"))) {
            return Integer.parseInt(IdentityUtil.getProperty("SSOService.SAMLResponseValidityPeriod").trim());
        }
        return 5;
    }

    public static int getSingleLogoutRetryCount() {
        return singleLogoutRetryCount;
    }

    public static void setSingleLogoutRetryCount(int i) {
        singleLogoutRetryCount = i;
    }

    public static long getSingleLogoutRetryInterval() {
        return singleLogoutRetryInterval;
    }

    public static void setSingleLogoutRetryInterval(long j) {
        singleLogoutRetryInterval = j;
    }

    public static ResponseBuilder getResponseBuilder() {
        if (responseBuilderClassName == null || "".equals(responseBuilderClassName)) {
            return new DefaultResponseBuilder();
        }
        try {
            return (ResponseBuilder) Thread.currentThread().getContextClassLoader().loadClass(responseBuilderClassName).newInstance();
        } catch (ClassNotFoundException e) {
            log.error("Error while instantiating the SAMLResponseBuilder ", e);
            return null;
        } catch (IllegalAccessException e2) {
            log.error("Error while instantiating the SAMLResponseBuilder ", e2);
            return null;
        } catch (InstantiationException e3) {
            log.error("Error while instantiating the SAMLResponseBuilder ", e3);
            return null;
        }
    }

    public static void setResponseBuilder(String str) {
        responseBuilderClassName = str;
    }

    public static boolean isHttpSuccessStatusCode(int i) {
        return i >= 200 && i < 300;
    }

    public static boolean isHttpRedirectStatusCode(int i) {
        return i == 302 || i == 303;
    }

    public static String getUserNameFromOpenID(String str) throws IdentityException {
        try {
            String path = new URI(str).getPath();
            return path.substring(path.indexOf("/openid/") + "/openid/".length(), path.length());
        } catch (URISyntaxException e) {
            throw IdentityException.error("Invalid OpenID", e);
        }
    }

    public static String getOpenID(String str) throws IdentityException {
        return generateOpenID(str);
    }

    public static String generateOpenID(String str) throws IdentityException {
        String str2 = IdentityUtil.getProperty("OpenID.OpenIDUserPattern") + normalizeUrlEncoding(str);
        try {
            try {
                URL url = new URI(str2).normalize().toURL();
                if (url.getQuery() == null && url.getRef() == null) {
                    return url.toString();
                }
                throw IdentityException.error("Invalid user name for OpenID :" + str2);
            } catch (MalformedURLException e) {
                throw IdentityException.error("Malformed OpenID URL :" + str2, e);
            }
        } catch (URISyntaxException e2) {
            throw IdentityException.error("Invalid OpenID URL :" + str2, e2);
        }
    }

    private static String normalizeUrlEncoding(String str) {
        if (str == null) {
            return null;
        }
        int length = str.length();
        StringBuilder sb = new StringBuilder(length);
        int i = ENTITY_EXPANSION_LIMIT;
        while (i < length) {
            char charAt = str.charAt(i);
            if (charAt != '%' || i >= length - 2) {
                sb.append(charAt);
            } else {
                String upperCase = str.substring(i, i + 3).toUpperCase();
                try {
                    char charAt2 = URLDecoder.decode(upperCase, "ISO-8859-1").charAt(ENTITY_EXPANSION_LIMIT);
                    if (UNRESERVED_CHARACTERS.contains(Character.valueOf(charAt2))) {
                        sb.append(charAt2);
                    } else {
                        sb.append(upperCase);
                    }
                } catch (UnsupportedEncodingException e) {
                    sb.append(upperCase);
                    if (log.isDebugEnabled()) {
                        log.debug("Unsupported Encoding exception while decoding percent code.", e);
                    }
                }
                i += 2;
            }
            i++;
        }
        return sb.toString();
    }

    public static void removeSession(String str, String str2) {
        SSOSessionPersistenceManager.getPersistenceManager();
        SSOSessionPersistenceManager.removeSession(str, str2);
    }

    public static void setTenantDomainInThreadLocal(String str) throws UserStoreException, IdentityException {
        String validateTenantDomain = validateTenantDomain(str);
        if (validateTenantDomain != null) {
            tenantDomainInThreadLocal.set(validateTenantDomain);
        }
    }

    public static String getTenantDomainFromThreadLocal() {
        if (tenantDomainInThreadLocal == null) {
            return null;
        }
        return (String) tenantDomainInThreadLocal.get();
    }

    public static void removeTenantDomainFromThreadLocal() {
        tenantDomainInThreadLocal.remove();
    }

    public static String validateTenantDomain(String str) throws UserStoreException, IdentityException {
        if (str == null || str.trim().isEmpty() || "null".equalsIgnoreCase(str.trim())) {
            return null;
        }
        if (getRealmService().getTenantManager().getTenantId(str) != -1) {
            return str;
        }
        String str2 = "Invalid tenant domain : " + str;
        if (log.isDebugEnabled()) {
            log.debug(str2);
        }
        throw IdentityException.error(str2);
    }

    public static String buildErrorResponse(String str, String str2, String str3) throws IdentityException, IOException {
        ErrorResponseBuilder errorResponseBuilder = new ErrorResponseBuilder();
        ArrayList arrayList = new ArrayList();
        arrayList.add(str);
        return compressResponse(marshall(errorResponseBuilder.buildResponse(null, arrayList, str2, str3)));
    }

    public static String compressResponse(String str) throws IOException {
        Deflater deflater = new Deflater(8, true);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        DeflaterOutputStream deflaterOutputStream = new DeflaterOutputStream(byteArrayOutputStream, deflater);
        try {
            deflaterOutputStream.write(str.getBytes(StandardCharsets.UTF_8));
            deflaterOutputStream.close();
            return Base64.encodeBytes(byteArrayOutputStream.toByteArray(), 8);
        } catch (Throwable th) {
            deflaterOutputStream.close();
            throw th;
        }
    }

    public static String getNotificationEndpoint() {
        String property = IdentityUtil.getProperty("SSOService.NotificationEndpoint");
        if (StringUtils.isBlank(property)) {
            property = IdentityUtil.getServerURL(SAMLSSOConstants.NOTIFICATION_ENDPOINT, false, false);
        }
        return property;
    }

    public static String getDefaultLogoutEndpoint() {
        String property = IdentityUtil.getProperty("SSOService.DefaultLogoutEndpoint");
        if (StringUtils.isBlank(property)) {
            property = IdentityUtil.getServerURL(SAMLSSOConstants.DEFAULT_LOGOUT_ENDPOINT, false, false);
        }
        return property;
    }

    public static boolean isSAMLIssuerExists(String str, String str2) throws IdentitySAML2SSOException {
        int tenantId;
        if (SSOServiceProviderConfigManager.getInstance().getServiceProvider(str) != null) {
            return true;
        }
        if (StringUtils.isBlank(str2)) {
            str2 = "carbon.super";
            tenantId = -1234;
        } else {
            try {
                tenantId = realmService.getTenantManager().getTenantId(str2);
            } catch (UserStoreException e) {
                throw new IdentitySAML2SSOException("Error occurred while retrieving tenant id for the domain : " + str2, e);
            }
        }
        try {
            try {
                PrivilegedCarbonContext.startTenantFlow();
                PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
                threadLocalCarbonContext.setTenantId(tenantId);
                threadLocalCarbonContext.setTenantDomain(str2);
                IdentityTenantUtil.initializeRegistry(tenantId, str2);
                boolean isServiceProviderExists = IdentityPersistenceManager.getPersistanceManager().isServiceProviderExists(PrivilegedCarbonContext.getThreadLocalCarbonContext().getRegistry(RegistryType.SYSTEM_CONFIGURATION), str);
                PrivilegedCarbonContext.endTenantFlow();
                return isServiceProviderExists;
            } catch (IdentityException e2) {
                throw new IdentitySAML2SSOException("Error occurred while validating existence of SAML service provider '" + str + "' in the tenant domain '" + str2 + "'");
            }
        } catch (Throwable th) {
            PrivilegedCarbonContext.endTenantFlow();
            throw th;
        }
    }

    public static boolean validateACS(String str, String str2, String str3) throws IdentityException {
        int tenantId;
        if (SSOServiceProviderConfigManager.getInstance().getServiceProvider(str2) != null) {
            return true;
        }
        if (StringUtils.isBlank(str)) {
            str = "carbon.super";
            tenantId = -1234;
        } else {
            try {
                tenantId = realmService.getTenantManager().getTenantId(str);
            } catch (UserStoreException e) {
                throw new IdentitySAML2SSOException("Error occurred while retrieving tenant id for the domain : " + str, e);
            }
        }
        try {
            try {
                PrivilegedCarbonContext.startTenantFlow();
                PrivilegedCarbonContext threadLocalCarbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
                threadLocalCarbonContext.setTenantId(tenantId);
                threadLocalCarbonContext.setTenantDomain(str);
                SAMLSSOServiceProviderDO serviceProvider = IdentityPersistenceManager.getPersistanceManager().getServiceProvider(PrivilegedCarbonContext.getThreadLocalCarbonContext().getRegistry(RegistryType.SYSTEM_CONFIGURATION), str2);
                if (!StringUtils.isBlank(str3) && serviceProvider.getAssertionConsumerUrlList().contains(str3)) {
                    PrivilegedCarbonContext.endTenantFlow();
                    return true;
                }
                log.error("ALERT: Invalid Assertion Consumer URL value '" + str3 + "' in the AuthnRequest message from  the issuer '" + serviceProvider.getIssuer() + "'. Possibly an attempt for a spoofing attack");
                PrivilegedCarbonContext.endTenantFlow();
                return false;
            } catch (IdentityException e2) {
                throw new IdentitySAML2SSOException("Error occurred while validating existence of SAML service provider '" + str2 + "' in the tenant domain '" + str + "'");
            }
        } catch (Throwable th) {
            PrivilegedCarbonContext.endTenantFlow();
            throw th;
        }
    }

    public static SSOAuthnRequestValidator getSPInitSSOAuthnRequestValidator(AuthnRequest authnRequest) {
        if (sPInitSSOAuthnRequestValidatorClassName == null || "".equals(sPInitSSOAuthnRequestValidatorClassName)) {
            try {
                return new SPInitSSOAuthnRequestValidator(authnRequest);
            } catch (IdentityException e) {
                log.error("Error while instantiating the SPInitSSOAuthnRequestValidator ", e);
                return null;
            }
        }
        try {
            return (SSOAuthnRequestValidator) Thread.currentThread().getContextClassLoader().loadClass(sPInitSSOAuthnRequestValidatorClassName).getDeclaredConstructor(AuthnRequest.class).newInstance(authnRequest);
        } catch (ClassNotFoundException | IllegalAccessException | InstantiationException e2) {
            log.error("Error while instantiating the SPInitSSOAuthnRequestValidator ", e2);
            return null;
        } catch (NoSuchMethodException e3) {
            log.error("SP initiated authentication request validation class in run time does not have properconstructors defined.");
            return null;
        } catch (InvocationTargetException e4) {
            log.error("Error in creating an instance of the class: " + sPInitSSOAuthnRequestValidatorClassName);
            return null;
        }
    }

    public static void setSPInitSSOAuthnRequestValidator(String str) {
        sPInitSSOAuthnRequestValidatorClassName = str;
    }

    public static SSOAuthnRequestValidator getIdPInitSSOAuthnRequestValidator(QueryParamDTO[] queryParamDTOArr, String str) {
        if (iDPInitSSOAuthnRequestValidatorClassName == null || "".equals(iDPInitSSOAuthnRequestValidatorClassName)) {
            try {
                return new IdPInitSSOAuthnRequestValidator(queryParamDTOArr, str);
            } catch (IdentityException e) {
                log.error("Error while instantiating the IdPInitSSOAuthnRequestValidator ", e);
                return null;
            }
        }
        try {
            return (SSOAuthnRequestValidator) Thread.currentThread().getContextClassLoader().loadClass(iDPInitSSOAuthnRequestValidatorClassName).getDeclaredConstructor(QueryParamDTO[].class, String.class).newInstance(queryParamDTOArr, str);
        } catch (ClassNotFoundException | IllegalAccessException | InstantiationException e2) {
            log.error("Error while instantiating the IdPInitSSOAuthnRequestValidator ", e2);
            return null;
        } catch (NoSuchMethodException e3) {
            log.error("SP initiated authentication request validation class in run time does not have properconstructors defined.");
            return null;
        } catch (InvocationTargetException e4) {
            log.error("Error in creating an instance of the class: " + sPInitSSOAuthnRequestValidatorClassName);
            return null;
        }
    }

    public static void setIdPInitSSOAuthnRequestValidator(String str) {
        iDPInitSSOAuthnRequestValidatorClassName = str;
    }

    public static void setIdPInitSSOAuthnRequestProcessor(String str) {
        idPInitSSOAuthnRequestProcessorClassName = str;
    }

    public static IdPInitSSOAuthnRequestProcessor getIdPInitSSOAuthnRequestProcessor() {
        if (iDPInitSSOAuthnRequestValidatorClassName == null || "".equals(iDPInitSSOAuthnRequestValidatorClassName)) {
            return new IdPInitSSOAuthnRequestProcessor();
        }
        try {
            return (IdPInitSSOAuthnRequestProcessor) Thread.currentThread().getContextClassLoader().loadClass(iDPInitSSOAuthnRequestValidatorClassName).newInstance();
        } catch (ClassNotFoundException | IllegalAccessException | InstantiationException e) {
            log.error("Error while instantiating the IdPInitSSOAuthnRequestProcessor ", e);
            return null;
        }
    }

    public static void setSPInitSSOAuthnRequestProcessor(String str) {
        sPInitSSOAuthnRequestProcessorClassName = str;
    }

    public static SPInitSSOAuthnRequestProcessor getSPInitSSOAuthnRequestProcessor() {
        if (sPInitSSOAuthnRequestProcessorClassName == null || "".equals(sPInitSSOAuthnRequestProcessorClassName)) {
            return new SPInitSSOAuthnRequestProcessor();
        }
        try {
            return (SPInitSSOAuthnRequestProcessor) Thread.currentThread().getContextClassLoader().loadClass(sPInitSSOAuthnRequestProcessorClassName).newInstance();
        } catch (ClassNotFoundException | IllegalAccessException | InstantiationException e) {
            log.error("Error while instantiating the SPInitSSOAuthnRequestProcessor ", e);
            return null;
        }
    }

    public static void setSPInitLogoutRequestProcessor(String str) {
        sPInitLogoutRequestProcessorClassName = str;
    }

    public static SPInitLogoutRequestProcessor getSPInitLogoutRequestProcessor() {
        if (sPInitLogoutRequestProcessorClassName == null || "".equals(sPInitLogoutRequestProcessorClassName)) {
            return new SPInitLogoutRequestProcessor();
        }
        try {
            return (SPInitLogoutRequestProcessor) Thread.currentThread().getContextClassLoader().loadClass(sPInitLogoutRequestProcessorClassName).newInstance();
        } catch (ClassNotFoundException | IllegalAccessException | InstantiationException e) {
            log.error("Error while instantiating the SPInitLogoutRequestProcessor ", e);
            return null;
        }
    }

    public static void setIdPInitLogoutRequestProcessor(String str) {
        idPInitLogoutRequestProcessorClassName = str;
    }

    public static IdPInitLogoutRequestProcessor getIdPInitLogoutRequestProcessor() {
        if (idPInitLogoutRequestProcessorClassName == null || "".equals(idPInitLogoutRequestProcessorClassName)) {
            return new IdPInitLogoutRequestProcessor();
        }
        try {
            return (IdPInitLogoutRequestProcessor) Thread.currentThread().getContextClassLoader().loadClass(idPInitLogoutRequestProcessorClassName).newInstance();
        } catch (ClassNotFoundException | IllegalAccessException | InstantiationException e) {
            log.error("Error while instantiating the SPInitLogoutRequestProcessor ", e);
            return null;
        }
    }

    public static String splitAppendedTenantDomain(String str) {
        if (str.contains("@")) {
            str = str.substring(ENTITY_EXPANSION_LIMIT, str.lastIndexOf("@"));
        }
        return str;
    }

    static {
        char c = 'a';
        while (true) {
            char c2 = c;
            if (c2 > 'z') {
                break;
            }
            UNRESERVED_CHARACTERS.add(Character.valueOf(c2));
            c = (char) (c2 + 1);
        }
        char c3 = 'A';
        while (true) {
            char c4 = c3;
            if (c4 > 'A') {
                break;
            }
            UNRESERVED_CHARACTERS.add(Character.valueOf(c4));
            c3 = (char) (c4 + 1);
        }
        char c5 = '0';
        while (true) {
            char c6 = c5;
            if (c6 > '9') {
                UNRESERVED_CHARACTERS.add('-');
                UNRESERVED_CHARACTERS.add('.');
                UNRESERVED_CHARACTERS.add('_');
                UNRESERVED_CHARACTERS.add('~');
                log = LogFactory.getLog(SAMLSSOUtil.class);
                isBootStrapped = false;
                singleLogoutRetryCount = 5;
                singleLogoutRetryInterval = 60000L;
                responseBuilderClassName = null;
                samlAssertionBuilder = null;
                ssoEncrypter = null;
                ssoSigner = null;
                samlHTTPRedirectSignatureValidator = null;
                sPInitSSOAuthnRequestValidatorClassName = null;
                iDPInitSSOAuthnRequestValidatorClassName = null;
                tenantDomainInThreadLocal = new ThreadLocal();
                idPInitLogoutRequestProcessorClassName = null;
                idPInitSSOAuthnRequestProcessorClassName = null;
                sPInitSSOAuthnRequestProcessorClassName = null;
                sPInitLogoutRequestProcessorClassName = null;
                return;
            }
            UNRESERVED_CHARACTERS.add(Character.valueOf(c6));
            c5 = (char) (c6 + 1);
        }
    }
}
