package org.wso2.carbon.identity.sso.saml.util;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.net.URLDecoder;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Random;
import java.util.Set;
import java.util.zip.DataFormatException;
import java.util.zip.Inflater;
import java.util.zip.InflaterInputStream;
import javax.xml.namespace.QName;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.opensaml.Configuration;
import org.opensaml.DefaultBootstrap;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.EncryptedAssertion;
import org.opensaml.saml2.core.Issuer;
import org.opensaml.saml2.core.LogoutRequest;
import org.opensaml.saml2.core.LogoutResponse;
import org.opensaml.saml2.core.RequestAbstractType;
import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.core.StatusResponseType;
import org.opensaml.saml2.core.impl.AuthnRequestImpl;
import org.opensaml.saml2.core.impl.IssuerBuilder;
import org.opensaml.xml.ConfigurationException;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.XMLObjectBuilder;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.x509.X509Credential;
import org.opensaml.xml.util.Base64;
import org.osgi.framework.BundleContext;
import org.osgi.service.http.HttpService;
import org.w3c.dom.Element;
import org.w3c.dom.bootstrap.DOMImplementationRegistry;
import org.w3c.dom.ls.DOMImplementationLS;
import org.w3c.dom.ls.LSOutput;
import org.w3c.dom.ls.LSSerializer;
import org.wso2.carbon.context.PrivilegedCarbonContext;
import org.wso2.carbon.context.RegistryType;
import org.wso2.carbon.core.util.KeyStoreManager;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
import org.wso2.carbon.identity.application.common.model.ClaimMapping;
import org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig;
import org.wso2.carbon.identity.application.common.model.SAML2SSOFederatedAuthenticatorConfig;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.core.model.SAMLSSOServiceProviderDO;
import org.wso2.carbon.identity.core.persistence.IdentityPersistenceManager;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.sso.saml.SSOServiceProviderConfigManager;
import org.wso2.carbon.identity.sso.saml.builders.DefaultResponseBuilder;
import org.wso2.carbon.identity.sso.saml.builders.ErrorResponseBuilder;
import org.wso2.carbon.identity.sso.saml.builders.ResponseBuilder;
import org.wso2.carbon.identity.sso.saml.builders.X509CredentialImpl;
import org.wso2.carbon.identity.sso.saml.builders.encryption.SSOEncrypter;
import org.wso2.carbon.identity.sso.saml.builders.signature.SSOSigner;
import org.wso2.carbon.identity.sso.saml.dto.SAMLSSOAuthnReqDTO;
import org.wso2.carbon.identity.sso.saml.exception.IdentitySAML2SSOException;
import org.wso2.carbon.identity.sso.saml.session.SSOSessionPersistenceManager;
import org.wso2.carbon.identity.sso.saml.validators.SAML2HTTPRedirectSignatureValidator;
import org.wso2.carbon.idp.mgt.IdentityProviderManager;
import org.wso2.carbon.registry.core.service.RegistryService;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.service.RealmService;
import org.wso2.carbon.utils.ConfigurationContextService;

/* loaded from: input_file:org/wso2/carbon/identity/sso/saml/util/SAMLSSOUtil.class */
public class SAMLSSOUtil {
    private static RegistryService registryService;
    private static BundleContext bundleContext;
    private static RealmService realmService;
    private static ConfigurationContextService configCtxService;
    private static HttpService httpService;
    private static Log log = LogFactory.getLog(SAMLSSOUtil.class);
    private static boolean isBootStrapped = false;
    private static Random random = new Random();
    private static final char[] charMapping = {'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p'};
    private static int singleLogoutRetryCount = 5;
    private static long singleLogoutRetryInterval = 60000;
    private static final Set<Character> UNRESERVED_CHARACTERS = new HashSet();
    private static String responseBuilderClassName = null;
    private static SSOEncrypter ssoEncrypter = null;
    private static SSOSigner ssoSigner = null;
    private static SAML2HTTPRedirectSignatureValidator samlHTTPRedirectSignatureValidator = null;
    private static ThreadLocal tenantDomainInThreadLocal = new ThreadLocal();
    private static ThreadLocal<Boolean> isSaaSApplication = null;

    public static boolean isSaaSApplication() {
        if (isSaaSApplication == null) {
            return true;
        }
        Boolean bool = isSaaSApplication.get();
        if (bool != null) {
            return bool.booleanValue();
        }
        return false;
    }

    public static void setIsSaaSApplication(boolean z) {
        isSaaSApplication = new ThreadLocal<>();
        isSaaSApplication.set(Boolean.valueOf(z));
    }

    public static void removeSaaSApplicationThreaLocal() {
        if (isSaaSApplication != null) {
            isSaaSApplication.remove();
            isSaaSApplication = null;
        }
    }

    public static void setRegistryService(RegistryService registryService2) {
        registryService = registryService2;
    }

    public static void setRealmService(RealmService realmService2) {
        realmService = realmService2;
    }

    public static BundleContext getBundleContext() {
        return bundleContext;
    }

    public static void setBundleContext(BundleContext bundleContext2) {
        bundleContext = bundleContext2;
    }

    public static RegistryService getRegistryService() {
        return registryService;
    }

    public static RealmService getRealmService() {
        return realmService;
    }

    public static ConfigurationContextService getConfigCtxService() {
        return configCtxService;
    }

    public static void setConfigCtxService(ConfigurationContextService configurationContextService) {
        configCtxService = configurationContextService;
    }

    public static HttpService getHttpService() {
        return httpService;
    }

    public static void setHttpService(HttpService httpService2) {
        httpService = httpService2;
    }

    public static XMLObject unmarshall(String str) throws IdentityException {
        ByteArrayInputStream byteArrayInputStream = null;
        try {
            try {
                doBootstrap();
                DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
                newInstance.setExpandEntityReferences(false);
                newInstance.setNamespaceAware(true);
                DocumentBuilder newDocumentBuilder = newInstance.newDocumentBuilder();
                newDocumentBuilder.setEntityResolver(new CarbonEntityResolver());
                byteArrayInputStream = new ByteArrayInputStream(str.trim().getBytes());
                Element documentElement = newDocumentBuilder.parse(byteArrayInputStream).getDocumentElement();
                XMLObject unmarshall = Configuration.getUnmarshallerFactory().getUnmarshaller(documentElement).unmarshall(documentElement);
                if (byteArrayInputStream != null) {
                    try {
                        byteArrayInputStream.close();
                    } catch (IOException e) {
                        log.error("Error while closing the stream");
                    }
                }
                return unmarshall;
            } catch (Exception e2) {
                log.error("Error in constructing AuthRequest from the encoded String", e2);
                throw new IdentityException("Error in constructing AuthRequest from the encoded String ", e2);
            }
        } catch (Throwable th) {
            if (byteArrayInputStream != null) {
                try {
                    byteArrayInputStream.close();
                } catch (IOException e3) {
                    log.error("Error while closing the stream");
                }
            }
            throw th;
        }
    }

    public static String marshall(XMLObject xMLObject) throws IdentityException {
        ByteArrayOutputStream byteArrayOutputStream = null;
        try {
            try {
                doBootstrap();
                System.setProperty("javax.xml.parsers.DocumentBuilderFactory", "org.apache.xerces.jaxp.DocumentBuilderFactoryImpl");
                Element marshall = org.opensaml.xml.Configuration.getMarshallerFactory().getMarshaller(xMLObject).marshall(xMLObject);
                byteArrayOutputStream = new ByteArrayOutputStream();
                DOMImplementationLS dOMImplementationLS = (DOMImplementationLS) DOMImplementationRegistry.newInstance().getDOMImplementation("LS");
                LSSerializer createLSSerializer = dOMImplementationLS.createLSSerializer();
                LSOutput createLSOutput = dOMImplementationLS.createLSOutput();
                createLSOutput.setByteStream(byteArrayOutputStream);
                createLSSerializer.write(marshall, createLSOutput);
                String byteArrayOutputStream2 = byteArrayOutputStream.toString();
                if (byteArrayOutputStream != null) {
                    try {
                        byteArrayOutputStream.close();
                    } catch (IOException e) {
                        log.error("Error while closing the stream");
                    }
                }
                return byteArrayOutputStream2;
            } catch (Exception e2) {
                log.error("Error Serializing the SAML Response");
                throw new IdentityException("Error Serializing the SAML Response", e2);
            }
        } catch (Throwable th) {
            if (byteArrayOutputStream != null) {
                try {
                    byteArrayOutputStream.close();
                } catch (IOException e3) {
                    log.error("Error while closing the stream");
                }
            }
            throw th;
        }
    }

    public static String encode(String str) {
        return Base64.encodeBytes(str.getBytes(), 8).trim();
    }

    public static String decode(String str) throws IdentityException {
        try {
            byte[] decode = new org.apache.commons.codec.binary.Base64().decode(str.getBytes("UTF-8"));
            try {
                Inflater inflater = new Inflater(true);
                inflater.setInput(decode);
                byte[] bArr = new byte[5000];
                int inflate = inflater.inflate(bArr);
                if (inflater.getRemaining() > 0) {
                    throw new RuntimeException("didn't allocate enough space to hold decompressed data");
                }
                inflater.end();
                String str2 = new String(bArr, 0, inflate, "UTF-8");
                if (log.isDebugEnabled()) {
                    log.debug("Request message " + str2);
                }
                return str2;
            } catch (DataFormatException e) {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(decode);
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                InflaterInputStream inflaterInputStream = new InflaterInputStream(byteArrayInputStream);
                byte[] bArr2 = new byte[1024];
                for (int read = inflaterInputStream.read(bArr2); read != -1; read = inflaterInputStream.read(bArr2)) {
                    byteArrayOutputStream.write(bArr2, 0, read);
                }
                inflaterInputStream.close();
                String str3 = new String(byteArrayOutputStream.toByteArray());
                if (log.isDebugEnabled()) {
                    log.debug("Request message " + str3);
                }
                return str3;
            }
        } catch (IOException e2) {
            throw new IdentityException("Error when decoding the SAML Request.", e2);
        }
    }

    public static String decodeForPost(String str) throws IdentityException {
        try {
            String str2 = new String(new org.apache.commons.codec.binary.Base64().decode(str.getBytes("UTF-8")), "UTF-8");
            if (log.isDebugEnabled()) {
                log.debug("Request message " + str2);
            }
            return str2;
        } catch (IOException e) {
            throw new IdentityException("Error when decoding the SAML Request.", e);
        }
    }

    public static Issuer getIssuer() throws IdentityException {
        Issuer buildObject = new IssuerBuilder().buildObject();
        String str = null;
        String str2 = null;
        try {
            str2 = getTenantDomainFromThreadLocal();
            if (str2 == null || str2.equals("null")) {
                str2 = "carbon.super";
            }
            for (FederatedAuthenticatorConfig federatedAuthenticatorConfig : IdentityProviderManager.getInstance().getResidentIdP(str2).getFederatedAuthenticatorConfigs()) {
                if ("samlsso".equals(federatedAuthenticatorConfig.getName())) {
                    str = new SAML2SSOFederatedAuthenticatorConfig(federatedAuthenticatorConfig).getIdpEntityId();
                }
            }
            if (str == null) {
                str = IdentityUtil.getProperty("SSOService.EntityID");
            }
            buildObject.setValue(str);
            buildObject.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:entity");
            return buildObject;
        } catch (IdentityApplicationManagementException e) {
            throw new IdentityException("Error occurred while retrieving Resident Identity Provider information for tenant " + str2);
        }
    }

    public static void doBootstrap() {
        if (isBootStrapped) {
            return;
        }
        try {
            DefaultBootstrap.bootstrap();
            isBootStrapped = true;
        } catch (ConfigurationException e) {
            log.error("Error in bootstrapping the OpenSAML2 library", e);
        }
    }

    public static Response setSignature(Response response, String str, X509Credential x509Credential) throws IdentityException {
        return signResponse(response, str, x509Credential);
    }

    public static LogoutResponse setSignature(LogoutResponse logoutResponse, String str, X509Credential x509Credential) throws IdentityException {
        return signResponse(logoutResponse, str, x509Credential);
    }

    private static StatusResponseType signResponse(StatusResponseType statusResponseType, String str, X509Credential x509Credential) throws IdentityException {
        doBootstrap();
        try {
            synchronized (Runtime.getRuntime().getClass()) {
                ssoSigner = (SSOSigner) Class.forName(IdentityUtil.getProperty("SSOService.SAMLSSOSigner").trim()).newInstance();
                ssoSigner.init();
            }
            return ssoSigner.doSignResponse(statusResponseType, str, x509Credential);
        } catch (ClassNotFoundException e) {
            throw new IdentityException("Class not found: " + IdentityUtil.getProperty("SSOService.SAMLSSOSigner"), e);
        } catch (IllegalAccessException e2) {
            throw new IdentityException("Illegal access to class: " + IdentityUtil.getProperty("SSOService.SAMLSSOSigner"), e2);
        } catch (InstantiationException e3) {
            throw new IdentityException("Error while instantiating class: " + IdentityUtil.getProperty("SSOService.SAMLSSOSigner"), e3);
        } catch (Exception e4) {
            throw new IdentityException("Error while signing the SAML Response message.", e4);
        }
    }

    public static Assertion setSignature(Assertion assertion, String str, X509Credential x509Credential) throws IdentityException {
        doBootstrap();
        try {
            synchronized (Runtime.getRuntime().getClass()) {
                ssoSigner = (SSOSigner) Class.forName(IdentityUtil.getProperty("SSOService.SAMLSSOSigner").trim()).newInstance();
                ssoSigner.init();
            }
            return ssoSigner.doSetSignature(assertion, str, x509Credential);
        } catch (ClassNotFoundException e) {
            throw new IdentityException("Class not found: " + IdentityUtil.getProperty("SSOService.SAMLSSOSigner"), e);
        } catch (IllegalAccessException e2) {
            throw new IdentityException("Illegal access to class: " + IdentityUtil.getProperty("SSOService.SAMLSSOSigner"), e2);
        } catch (InstantiationException e3) {
            throw new IdentityException("Error while instantiating class: " + IdentityUtil.getProperty("SSOService.SAMLSSOSigner"), e3);
        } catch (Exception e4) {
            throw new IdentityException("Error while signing the SAML Response message.", e4);
        }
    }

    public static EncryptedAssertion setEncryptedAssertion(Assertion assertion, String str, String str2, String str3) throws IdentityException {
        doBootstrap();
        try {
            X509CredentialImpl x509CredentialImplForTenant = getX509CredentialImplForTenant(str3, str2);
            synchronized (Runtime.getRuntime().getClass()) {
                ssoEncrypter = (SSOEncrypter) Class.forName(IdentityUtil.getProperty("SSOService.SAMLSSOEncrypter").trim()).newInstance();
                ssoEncrypter.init();
            }
            return ssoEncrypter.doEncryptedAssertion(assertion, x509CredentialImplForTenant, str2, str);
        } catch (ClassNotFoundException e) {
            throw new IdentityException("Class not found: " + IdentityUtil.getProperty("SSOService.SAMLSSOEncrypter"), e);
        } catch (IllegalAccessException e2) {
            throw new IdentityException("Illegal access to class: " + IdentityUtil.getProperty("SSOService.SAMLSSOEncrypter"), e2);
        } catch (InstantiationException e3) {
            throw new IdentityException("Error while instantiating class: " + IdentityUtil.getProperty("SSOService.SAMLSSOEncrypter"), e3);
        } catch (Exception e4) {
            throw new IdentityException("Error while signing the SAML Response message.", e4);
        }
    }

    private static XMLObject buildXMLObject(QName qName) throws IdentityException {
        XMLObjectBuilder builder = org.opensaml.xml.Configuration.getBuilderFactory().getBuilder(qName);
        if (builder == null) {
            throw new IdentityException("Unable to retrieve builder for object QName " + qName);
        }
        return builder.buildObject(qName.getNamespaceURI(), qName.getLocalPart(), qName.getPrefix());
    }

    public static String createID() {
        byte[] bArr = new byte[20];
        random.nextBytes(bArr);
        char[] cArr = new char[40];
        for (int i = 0; i < bArr.length; i++) {
            int i2 = (bArr[i] >> 4) & 15;
            int i3 = bArr[i] & 15;
            cArr[i * 2] = charMapping[i2];
            cArr[(i * 2) + 1] = charMapping[i3];
        }
        return String.valueOf(cArr);
    }

    public static String generateKSNameFromDomainName(String str) {
        return str.trim().replace(".", "-") + ".jks";
    }

    public static X509CredentialImpl getX509CredentialImplForTenant(String str, String str2) throws IdentitySAML2SSOException {
        int i = -1234;
        RealmService realmService2 = getRealmService();
        if (str != null) {
            try {
                i = realmService2.getTenantManager().getTenantId(str);
            } catch (UserStoreException e) {
                log.error("Error getting the TenantID for the domain name", e);
                throw new IdentitySAML2SSOException("Error getting the TenantID for the domain name", e);
            }
        }
        KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(i);
        try {
            return new X509CredentialImpl((X509Certificate) (i != -1234 ? keyStoreManager.getKeyStore(generateKSNameFromDomainName(str)) : keyStoreManager.getPrimaryKeyStore()).getCertificate(str2));
        } catch (Exception e2) {
            log.error("Error instantiating an X509CredentialImpl object for the public cert.", e2);
            throw new IdentitySAML2SSOException("Error instantiating an X509CredentialImpl object for the public cert.", e2);
        }
    }

    public static boolean validateAuthnRequestSignature(SAMLSSOAuthnReqDTO sAMLSSOAuthnReqDTO) {
        log.debug("Validating SAML Request signature");
        String tenantDomain = sAMLSSOAuthnReqDTO.getTenantDomain();
        if (sAMLSSOAuthnReqDTO.isStratosDeployment()) {
            tenantDomain = "carbon.super";
        }
        String certAlias = sAMLSSOAuthnReqDTO.getCertAlias();
        RequestAbstractType requestAbstractType = null;
        try {
            requestAbstractType = (RequestAbstractType) unmarshall(sAMLSSOAuthnReqDTO.getQueryString() != null ? decode(sAMLSSOAuthnReqDTO.getRequestMessageString()) : decodeForPost(sAMLSSOAuthnReqDTO.getRequestMessageString()));
        } catch (IdentityException e) {
            log.warn("Signature Validation failed for the SAMLRequest : Failed to unmarshall the SAML Assertion");
            log.debug(e);
        }
        try {
            return sAMLSSOAuthnReqDTO.getQueryString() != null ? validateDeflateSignature(sAMLSSOAuthnReqDTO.getQueryString(), sAMLSSOAuthnReqDTO.getIssuer(), certAlias, tenantDomain) : validateXMLSignature(requestAbstractType, certAlias, tenantDomain);
        } catch (IdentityException e2) {
            log.warn("Signature Validation failed for the SAMLRequest : Failed to validate the SAML Assertion");
            log.debug(e2);
            return false;
        }
    }

    public static boolean validateLogoutRequestSignature(LogoutRequest logoutRequest, String str, String str2, String str3) {
        String tenantDomainFromThreadLocal = getTenantDomainFromThreadLocal();
        try {
            return str3 != null ? validateDeflateSignature(str3, logoutRequest.getIssuer().getValue(), str, tenantDomainFromThreadLocal) : validateXMLSignature(logoutRequest, str, tenantDomainFromThreadLocal);
        } catch (IdentityException e) {
            log.warn("Failed to validate login request signature ");
            if (!log.isDebugEnabled()) {
                return false;
            }
            log.debug(e);
            return false;
        }
    }

    public static boolean validateDeflateSignature(String str, String str2, String str3, String str4) throws IdentityException {
        try {
            synchronized (Runtime.getRuntime().getClass()) {
                samlHTTPRedirectSignatureValidator = (SAML2HTTPRedirectSignatureValidator) Class.forName(IdentityUtil.getProperty("SSOService.SAML2HTTPRedirectSignatureValidator").trim()).newInstance();
                samlHTTPRedirectSignatureValidator.init();
            }
            return samlHTTPRedirectSignatureValidator.validateSignature(str, str2, str3, str4);
        } catch (ClassNotFoundException e) {
            throw new IdentityException("Class not found: " + IdentityUtil.getProperty("SSOService.SAML2HTTPRedirectSignatureValidator"), e);
        } catch (IdentitySAML2SSOException e2) {
            log.warn("Signature validation failed for the SAML Message : Failed to construct the X509CredentialImpl for the alias " + str3);
            return false;
        } catch (SecurityException e3) {
            log.error("Error validating deflate signature", e3);
            return false;
        } catch (IllegalAccessException e4) {
            throw new IdentityException("Illegal access to class: " + IdentityUtil.getProperty("SSOService.SAML2HTTPRedirectSignatureValidator"), e4);
        } catch (InstantiationException e5) {
            throw new IdentityException("Error while instantiating class: " + IdentityUtil.getProperty("SSOService.SAML2HTTPRedirectSignatureValidator"), e5);
        }
    }

    public static boolean validateXMLSignature(RequestAbstractType requestAbstractType, String str, String str2) throws IdentityException {
        if (requestAbstractType.getSignature() != null) {
            try {
                X509CredentialImpl x509CredentialImplForTenant = getX509CredentialImplForTenant(str2, str);
                synchronized (Runtime.getRuntime().getClass()) {
                    ssoSigner = (SSOSigner) Class.forName(IdentityUtil.getProperty("SSOService.SAMLSSOSigner").trim()).newInstance();
                    ssoSigner.init();
                }
                return ssoSigner.doValidateXMLSignature(requestAbstractType, x509CredentialImplForTenant, str);
            } catch (ClassNotFoundException e) {
                throw new IdentityException("Class not found: " + IdentityUtil.getProperty("SSOService.SAMLSSOSigner"), e);
            } catch (IllegalAccessException e2) {
                throw new IdentityException("Illegal access to class: " + IdentityUtil.getProperty("SSOService.SAMLSSOSigner"), e2);
            } catch (InstantiationException e3) {
                throw new IdentityException("Error while instantiating class: " + IdentityUtil.getProperty("SSOService.SAMLSSOSigner"), e3);
            } catch (IdentitySAML2SSOException e4) {
                log.warn("Signature validation failed for the SAML Message : Failed to construct the X509CredentialImpl for the alias " + str);
                log.debug(e4);
            } catch (Exception e5) {
            } catch (IdentityException e6) {
                log.warn("Signature Validation Failed for the SAML Assertion : Signature is invalid.");
                log.debug(e6);
            }
        }
        return false;
    }

    public static Map<String, String> getAttributes(SAMLSSOAuthnReqDTO sAMLSSOAuthnReqDTO) throws IdentityException {
        int attributeConsumingServiceIndex;
        AuthnRequestImpl unmarshall;
        SAMLSSOServiceProviderDO serviceProvider = SSOServiceProviderConfigManager.getInstance().getServiceProvider(sAMLSSOAuthnReqDTO.getIssuer());
        if (serviceProvider == null) {
            serviceProvider = IdentityPersistenceManager.getPersistanceManager().getServiceProvider(PrivilegedCarbonContext.getThreadLocalCarbonContext().getRegistry(RegistryType.SYSTEM_CONFIGURATION), sAMLSSOAuthnReqDTO.getIssuer());
        }
        if (sAMLSSOAuthnReqDTO.isIdPInitSSO()) {
            attributeConsumingServiceIndex = sAMLSSOAuthnReqDTO.getAttributeConsumingServiceIndex();
            if (attributeConsumingServiceIndex != 0) {
                serviceProvider.setAttributeConsumingServiceIndex(String.valueOf(attributeConsumingServiceIndex));
            }
        } else {
            try {
                unmarshall = (AuthnRequestImpl) unmarshall(decode(sAMLSSOAuthnReqDTO.getRequestMessageString()));
            } catch (IdentityException e) {
                unmarshall = unmarshall(decodeForPost(sAMLSSOAuthnReqDTO.getRequestMessageString()));
            }
            if (unmarshall.getAttributeConsumingServiceIndex() != null) {
                attributeConsumingServiceIndex = unmarshall.getAttributeConsumingServiceIndex().intValue();
            } else {
                if (sAMLSSOAuthnReqDTO.getAttributeConsumingServiceIndex() == 0) {
                    return null;
                }
                attributeConsumingServiceIndex = sAMLSSOAuthnReqDTO.getAttributeConsumingServiceIndex();
                serviceProvider.setAttributeConsumingServiceIndex(String.valueOf(attributeConsumingServiceIndex));
            }
        }
        if (serviceProvider.getAttributeConsumingServiceIndex() == null || "".equals(serviceProvider.getAttributeConsumingServiceIndex()) || attributeConsumingServiceIndex != Integer.parseInt(serviceProvider.getAttributeConsumingServiceIndex())) {
            log.debug("Invalid AttributeConsumingServiceIndex in AuthnRequest");
            return null;
        }
        HashMap hashMap = new HashMap();
        if (sAMLSSOAuthnReqDTO.getUserAttributes() != null) {
            for (Map.Entry<ClaimMapping, String> entry : sAMLSSOAuthnReqDTO.getUserAttributes().entrySet()) {
                hashMap.put(entry.getKey().getRemoteClaim().getClaimUri(), entry.getValue());
            }
        }
        return hashMap;
    }

    public static String buildErrorResponse(String str, List<String> list, String str2) throws IdentityException {
        return encode(marshall(new ErrorResponseBuilder().buildResponse(str, list, str2)));
    }

    public static int getSAMLResponseValidityPeriod() {
        if (IdentityUtil.getProperty("SSOService.SAMLResponseValidityPeriod") == null || IdentityUtil.getProperty("SSOService.SAMLResponseValidityPeriod").trim().equals("")) {
            return 5;
        }
        return Integer.parseInt(IdentityUtil.getProperty("SSOService.SAMLResponseValidityPeriod").trim());
    }

    public static int getSingleLogoutRetryCount() {
        return singleLogoutRetryCount;
    }

    public static void setSingleLogoutRetryCount(int i) {
        singleLogoutRetryCount = i;
    }

    public static long getSingleLogoutRetryInterval() {
        return singleLogoutRetryInterval;
    }

    public static void setSingleLogoutRetryInterval(long j) {
        singleLogoutRetryInterval = j;
    }

    public static ResponseBuilder getResponseBuilder() {
        if (responseBuilderClassName == null || "".equals(responseBuilderClassName)) {
            return new DefaultResponseBuilder();
        }
        try {
            return (ResponseBuilder) Thread.currentThread().getContextClassLoader().loadClass(responseBuilderClassName).newInstance();
        } catch (ClassNotFoundException e) {
            log.error("Error while instantiating the SAMLResponseBuilder ", e);
            return null;
        } catch (IllegalAccessException e2) {
            log.error("Error while instantiating the SAMLResponseBuilder ", e2);
            return null;
        } catch (InstantiationException e3) {
            log.error("Error while instantiating the SAMLResponseBuilder ", e3);
            return null;
        }
    }

    public static void setResponseBuilder(String str) {
        responseBuilderClassName = str;
    }

    public static boolean isHttpSuccessStatusCode(int i) {
        return i >= 200 && i < 300;
    }

    public static String getUserNameFromOpenID(String str) throws IdentityException {
        try {
            String path = new URI(str).getPath();
            return path.substring(path.indexOf("/openid/") + "/openid/".length(), path.length());
        } catch (URISyntaxException e) {
            throw new IdentityException("Invalid OpenID", e);
        }
    }

    public static String getOpenID(String str) throws IdentityException {
        return generateOpenID(str);
    }

    public static String generateOpenID(String str) throws IdentityException {
        String str2 = IdentityUtil.getProperty("OpenID.OpenIDUserPattern") + normalizeUrlEncoding(str);
        try {
            try {
                URL url = new URI(str2).normalize().toURL();
                if (url.getQuery() == null && url.getRef() == null) {
                    return url.toString();
                }
                throw new IdentityException("Invalid user name for OpenID :" + str2);
            } catch (MalformedURLException e) {
                throw new IdentityException("Malformed OpenID URL :" + str2, e);
            }
        } catch (URISyntaxException e2) {
            throw new IdentityException("Invalid OpenID URL :" + str2, e2);
        }
    }

    private static String normalizeUrlEncoding(String str) {
        if (str == null) {
            return null;
        }
        int length = str.length();
        StringBuffer stringBuffer = new StringBuffer(length);
        int i = 0;
        while (i < length) {
            char charAt = str.charAt(i);
            if (charAt != '%' || i >= length - 2) {
                stringBuffer.append(charAt);
            } else {
                String upperCase = str.substring(i, i + 3).toUpperCase();
                try {
                    char charAt2 = URLDecoder.decode(upperCase, "ISO-8859-1").charAt(0);
                    if (UNRESERVED_CHARACTERS.contains(Character.valueOf(charAt2))) {
                        stringBuffer.append(charAt2);
                    } else {
                        stringBuffer.append(upperCase);
                    }
                } catch (UnsupportedEncodingException e) {
                    stringBuffer.append(upperCase);
                }
                i += 2;
            }
            i++;
        }
        return stringBuffer.toString();
    }

    public static void removeSession(String str, String str2) {
        SSOSessionPersistenceManager.removeSessionInfoDataFromCache(SSOSessionPersistenceManager.getPersistenceManager().getSessionIndexFromTokenId(str));
        SSOSessionPersistenceManager.removeSessionIndexFromCache(str);
    }

    public static void setTenantDomainInThreadLocal(String str) {
        tenantDomainInThreadLocal.set(str);
    }

    public static String getTenantDomainFromThreadLocal() {
        return (String) tenantDomainInThreadLocal.get();
    }

    static {
        char c = 'a';
        while (true) {
            char c2 = c;
            if (c2 > 'z') {
                break;
            }
            UNRESERVED_CHARACTERS.add(Character.valueOf(c2));
            c = (char) (c2 + 1);
        }
        char c3 = 'A';
        while (true) {
            char c4 = c3;
            if (c4 > 'A') {
                break;
            }
            UNRESERVED_CHARACTERS.add(Character.valueOf(c4));
            c3 = (char) (c4 + 1);
        }
        char c5 = '0';
        while (true) {
            char c6 = c5;
            if (c6 > '9') {
                UNRESERVED_CHARACTERS.add('-');
                UNRESERVED_CHARACTERS.add('.');
                UNRESERVED_CHARACTERS.add('_');
                UNRESERVED_CHARACTERS.add('~');
                return;
            }
            UNRESERVED_CHARACTERS.add(Character.valueOf(c6));
            c5 = (char) (c6 + 1);
        }
    }
}
