package com.alfaariss.oa.profile.aselect.business.requestor;

import com.alfaariss.oa.OAException;
import com.alfaariss.oa.RequestorEvent;
import com.alfaariss.oa.UserEvent;
import com.alfaariss.oa.api.attribute.IAttributes;
import com.alfaariss.oa.api.attribute.ISessionAttributes;
import com.alfaariss.oa.api.authentication.IAuthenticationProfile;
import com.alfaariss.oa.api.configuration.IConfigurationManager;
import com.alfaariss.oa.api.requestor.IRequestor;
import com.alfaariss.oa.api.session.ISession;
import com.alfaariss.oa.api.session.SessionState;
import com.alfaariss.oa.api.tgt.ITGT;
import com.alfaariss.oa.api.tgt.TGTEventError;
import com.alfaariss.oa.api.tgt.TGTListenerException;
import com.alfaariss.oa.api.user.IUser;
import com.alfaariss.oa.engine.core.Engine;
import com.alfaariss.oa.engine.core.authentication.AuthenticationException;
import com.alfaariss.oa.engine.core.authentication.factory.IAuthenticationProfileFactory;
import com.alfaariss.oa.engine.core.requestor.RequestorPool;
import com.alfaariss.oa.engine.core.user.UserException;
import com.alfaariss.oa.profile.aselect.ASelectErrors;
import com.alfaariss.oa.profile.aselect.business.AbstractOAService;
import com.alfaariss.oa.profile.aselect.business.AuthNException;
import com.alfaariss.oa.profile.aselect.business.BusinessRuleException;
import com.alfaariss.oa.profile.aselect.business.beans.TGTInfo;
import com.alfaariss.oa.profile.aselect.processor.ASelectProcessor;
import com.alfaariss.oa.profile.aselect.processor.handler.ASelectRequestorPool;
import com.alfaariss.oa.util.logging.RequestorEventLogItem;
import com.alfaariss.oa.util.session.ProxyAttributes;
import com.alfaariss.oa.util.validation.LocaleValidator;
import com.alfaariss.oa.util.validation.SessionValidator;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLEncoder;
import java.security.MessageDigest;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Vector;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.binary.Hex;
import org.w3c.dom.Element;

/* loaded from: input_file:com/alfaariss/oa/profile/aselect/business/requestor/RequestorService.class */
public class RequestorService extends AbstractOAService implements IRequestorService {
    public static final String AUTHORITY_NAME = "A-Select WS Profile";
    private static final String PROPERTY_APP_LEVEL = "aselect.app_level";
    private static final String PROPERTY_UID_ATTRIBUTE = "aselect.uid.attribute";
    private static final String PROPERTY_UID_OPAQUE_ENABLED = "aselect.uid.opaque.enabled";
    private static final String PROPERTY_UID_OPAQUE_SALT = "aselect.uid.opaque.salt";
    private static final String PROPERTY_AUTHSP_LEVEL = "aselect.authsp_level";
    private boolean _initialized = false;
    private boolean _forceRequestorID = false;
    private Hashtable<String, Integer> _htAuthSPLevels;
    private int _iDefaultAuthSPLevel;
    private Hashtable<String, ASelectRequestorPool> _htASelectRequestorPools;
    private int _iDefaultAppLevel;
    private String _sRedirectURL;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.alfaariss.oa.profile.aselect.business.requestor.RequestorService$1, reason: invalid class name */
    /* loaded from: input_file:com/alfaariss/oa/profile/aselect/business/requestor/RequestorService$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$alfaariss$oa$api$session$SessionState;
        static final /* synthetic */ int[] $SwitchMap$com$alfaariss$oa$RequestorEvent;
        static final /* synthetic */ int[] $SwitchMap$com$alfaariss$oa$UserEvent = new int[UserEvent.values().length];

        static {
            try {
                $SwitchMap$com$alfaariss$oa$UserEvent[UserEvent.USER_LOGOUT_PARTIALLY.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$alfaariss$oa$UserEvent[UserEvent.USER_LOGOUT_IN_PROGRESS.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$com$alfaariss$oa$UserEvent[UserEvent.USER_LOGOUT_FAILED.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            $SwitchMap$com$alfaariss$oa$RequestorEvent = new int[RequestorEvent.values().length];
            try {
                $SwitchMap$com$alfaariss$oa$RequestorEvent[RequestorEvent.LOGOUT_SUCCESS.ordinal()] = 1;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$com$alfaariss$oa$RequestorEvent[RequestorEvent.LOGOUT_PARTIALLY.ordinal()] = 2;
            } catch (NoSuchFieldError e5) {
            }
            $SwitchMap$com$alfaariss$oa$api$session$SessionState = new int[SessionState.values().length];
            try {
                $SwitchMap$com$alfaariss$oa$api$session$SessionState[SessionState.AUTHN_OK.ordinal()] = 1;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$com$alfaariss$oa$api$session$SessionState[SessionState.USER_CANCELLED.ordinal()] = 2;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$com$alfaariss$oa$api$session$SessionState[SessionState.AUTHN_FAILED.ordinal()] = 3;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$com$alfaariss$oa$api$session$SessionState[SessionState.PRE_AUTHZ_FAILED.ordinal()] = 4;
            } catch (NoSuchFieldError e9) {
            }
            try {
                $SwitchMap$com$alfaariss$oa$api$session$SessionState[SessionState.POST_AUTHZ_FAILED.ordinal()] = 5;
            } catch (NoSuchFieldError e10) {
            }
            try {
                $SwitchMap$com$alfaariss$oa$api$session$SessionState[SessionState.AUTHN_SELECTION_FAILED.ordinal()] = 6;
            } catch (NoSuchFieldError e11) {
            }
            try {
                $SwitchMap$com$alfaariss$oa$api$session$SessionState[SessionState.USER_BLOCKED.ordinal()] = 7;
            } catch (NoSuchFieldError e12) {
            }
            try {
                $SwitchMap$com$alfaariss$oa$api$session$SessionState[SessionState.USER_UNKNOWN.ordinal()] = 8;
            } catch (NoSuchFieldError e13) {
            }
            try {
                $SwitchMap$com$alfaariss$oa$api$session$SessionState[SessionState.PASSIVE_FAILED.ordinal()] = 9;
            } catch (NoSuchFieldError e14) {
            }
        }
    }

    @Override // com.alfaariss.oa.profile.aselect.business.AbstractOAService
    public void start(IConfigurationManager iConfigurationManager, Element element) throws OAException {
        Element element2 = null;
        boolean z = false;
        try {
            super.start(iConfigurationManager, element);
            if (this._eOASection != null) {
                element2 = iConfigurationManager.getSection(this._eOASection, "ws");
                if (element2 != null) {
                    String param = this._configurationManager.getParam(element2, "enabled");
                    if (param == null) {
                        z = true;
                    } else if (param.equalsIgnoreCase("TRUE")) {
                        z = true;
                    } else if (!param.equalsIgnoreCase("FALSE")) {
                        this._logger.error("Unknown value in 'enabled' configuration item: " + param);
                        throw new UserException(17);
                    }
                }
            }
            if (z) {
                this._sRedirectURL = iConfigurationManager.getParam(this._eOASection, "redirect_url");
                if (this._sRedirectURL == null) {
                    this._logger.warn("No 'redirect_url' parameter found in 'profile' section with id='aselect' in configuration");
                    throw new OAException(17);
                }
                try {
                    new URL(this._sRedirectURL);
                    this._logger.info("Using configured 'redirect_url' parameter: " + this._sRedirectURL);
                    String param2 = iConfigurationManager.getParam(element2, "force_requestor_id");
                    if (param2 != null) {
                        if (param2.equalsIgnoreCase("true")) {
                            this._logger.info("Force requestor ID is enabled");
                            this._forceRequestorID = true;
                        } else if (!param2.equalsIgnoreCase("false")) {
                            this._logger.warn("Wrong 'force_requestor_id' parameter found in 'ws' section; must be TRUE or FALSE: " + param2);
                            throw new OAException(17);
                        }
                    }
                    if (!this._forceRequestorID) {
                        this._logger.info("Force requestor ID is disabled");
                    }
                    Element section = iConfigurationManager.getSection(this._eOASection, "authentication");
                    if (section == null) {
                        this._logger.error("No 'authentication' section found in 'profile' section with id='aselect' in configuration");
                        throw new OAException(17);
                    }
                    Element section2 = this._configurationManager.getSection(this._eOASection, "requesthandlers");
                    if (section2 == null) {
                        this._logger.error("No 'requesthandlers' section found in 'profile' section with id='aselect' in configuration");
                        throw new OAException(17);
                    }
                    Element section3 = this._configurationManager.getSection(section2, "sp");
                    if (section3 == null) {
                        this._logger.error("No 'sp' section found in 'requesthandlers' section in configuration");
                        throw new OAException(17);
                    }
                    String param3 = iConfigurationManager.getParam(section3, ASelectProcessor.PARAM_APP_LEVEL);
                    if (param3 == null) {
                        this._logger.error("No default 'app_level' item in handler section found in configuration");
                        throw new OAException(17);
                    }
                    try {
                        this._iDefaultAppLevel = Integer.valueOf(param3).intValue();
                        this._logger.info("Configured default 'app_level': " + param3);
                        this._htASelectRequestorPools = new Hashtable<>();
                        Element section4 = iConfigurationManager.getSection(section3, "requestorpool");
                        while (section4 != null) {
                            ASelectRequestorPool aSelectRequestorPool = new ASelectRequestorPool(iConfigurationManager, section4);
                            String id = aSelectRequestorPool.getID();
                            if (this._htASelectRequestorPools.containsKey(id)) {
                                this._logger.warn("The configured 'requestorpool' doesn't have a unique id: " + id);
                                throw new OAException(2);
                            }
                            if (!this._requestorPoolFactory.isPool(id)) {
                                this._logger.warn("The configured 'requestorpool' doesn't exist as a requestor pool: " + id);
                                throw new OAException(2);
                            }
                            this._htASelectRequestorPools.put(id, aSelectRequestorPool);
                            this._logger.info("Configured: " + aSelectRequestorPool);
                            section4 = iConfigurationManager.getNextSection(section4);
                        }
                        String param4 = iConfigurationManager.getParam(section, ASelectProcessor.PARAM_AUTHSP_LEVEL);
                        if (param4 == null) {
                            this._logger.error("No default 'authsp_level' item found in 'profile' section with id='aselect' in configuration");
                            throw new OAException(17);
                        }
                        this._iDefaultAuthSPLevel = -1;
                        try {
                            this._iDefaultAuthSPLevel = Integer.parseInt(param4);
                            this._logger.info("Configured default 'authsp_level': " + this._iDefaultAuthSPLevel);
                            IAuthenticationProfileFactory authenticationProfileFactory = Engine.getInstance().getAuthenticationProfileFactory();
                            this._htAuthSPLevels = new Hashtable<>();
                            Element section5 = iConfigurationManager.getSection(section, "profile");
                            while (section5 != null) {
                                String param5 = iConfigurationManager.getParam(section5, "id");
                                if (param5 == null) {
                                    this._logger.error("No 'id' item in 'profile' section found in configuration");
                                    throw new OAException(17);
                                }
                                if (authenticationProfileFactory.getProfile(param5) == null) {
                                    this._logger.error("The configured 'id' doesn't exist as an authentication profile: " + param5);
                                    throw new OAException(2);
                                }
                                String param6 = iConfigurationManager.getParam(section5, ASelectProcessor.PARAM_AUTHSP_LEVEL);
                                if (param6 == null) {
                                    this._logger.error("No 'authsp_level' item in 'profile' section found in configuration for profile id: " + param5);
                                    throw new OAException(17);
                                }
                                try {
                                    Integer valueOf = Integer.valueOf(Integer.parseInt(param6));
                                    if (this._htAuthSPLevels.containsKey(param5)) {
                                        this._logger.warn("The configured authentication profile doesn't have a unique id: " + param5);
                                        throw new OAException(2);
                                    }
                                    this._htAuthSPLevels.put(param5, valueOf);
                                    StringBuffer stringBuffer = new StringBuffer("Configured: authsp_level=");
                                    stringBuffer.append(param6);
                                    stringBuffer.append(" for authentication profile with id: ");
                                    stringBuffer.append(param5);
                                    this._logger.info(stringBuffer.toString());
                                    section5 = iConfigurationManager.getNextSection(section5);
                                } catch (NumberFormatException e) {
                                    StringBuffer stringBuffer2 = new StringBuffer("Invalid 'authsp_level' item in 'profile' section found in configuration for profile id '");
                                    stringBuffer2.append(param5);
                                    stringBuffer2.append("' level isn't a number: ");
                                    stringBuffer2.append(param6);
                                    this._logger.error(stringBuffer2.toString(), e);
                                    throw new OAException(2);
                                }
                            }
                            this._initialized = true;
                        } catch (NumberFormatException e2) {
                            this._logger.error("Invalid default 'authsp_level' item found in configuration: " + param4);
                            throw new OAException(2);
                        }
                    } catch (NumberFormatException e3) {
                        this._logger.error("The configured default 'app_level' parameter isn't a number: " + param3, e3);
                        throw new OAException(2);
                    }
                } catch (MalformedURLException e4) {
                    this._logger.error("The supplied 'redirect_url' parameter isn't a URL: " + this._sRedirectURL);
                    throw new OAException(17);
                }
            }
        } catch (OAException e5) {
            this._logger.error("Could not start A-Select WS service", e5);
            throw e5;
        } catch (Exception e6) {
            this._logger.fatal("Could not start A-Select WS service due to internal error", e6);
            throw new OAException(1);
        }
    }

    @Override // com.alfaariss.oa.profile.aselect.business.requestor.IRequestorService
    public boolean isInitialized() {
        return this._initialized;
    }

    public String getAuthority() {
        return AUTHORITY_NAME;
    }

    @Override // com.alfaariss.oa.profile.aselect.business.requestor.IRequestorService
    public ISession initiateAuthentication(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8, String str9, boolean z, String str10) throws BusinessRuleException, OAException {
        try {
            if (!isInitialized()) {
                this._logger.warn("OA Requestor Service not initialized");
                throw new OAException(3);
            }
            if (str == null) {
                this._logger.debug("No oa server ID found in request");
                throw new BusinessRuleException(RequestorEvent.REQUEST_INVALID, ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
            }
            if (str2 == null) {
                this._logger.debug("No requestor ID found in request");
                throw new BusinessRuleException(RequestorEvent.REQUEST_INVALID, ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
            }
            if (str3 == null) {
                this._logger.debug("No requestor URL found in request");
                throw new BusinessRuleException(RequestorEvent.REQUEST_INVALID, ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
            }
            try {
                new URL(str3);
                boolean z2 = false;
                if (str5 != null) {
                    if (str5.equalsIgnoreCase("true")) {
                        z2 = true;
                    } else if (!str5.equalsIgnoreCase("false")) {
                        this._logger.debug("Invalid forced logon parameter found: " + str5);
                        throw new BusinessRuleException(RequestorEvent.REQUEST_INVALID, ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
                    }
                }
                boolean z3 = false;
                if (str10 != null) {
                    if (str10.equalsIgnoreCase("true")) {
                        z3 = true;
                    } else if (!str10.equalsIgnoreCase("false")) {
                        this._logger.debug("Invalid forced logon parameter found: " + str10);
                        throw new BusinessRuleException(RequestorEvent.REQUEST_INVALID, ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
                    }
                }
                if (!this._OAServer.getID().equals(str)) {
                    this._logger.debug("Supplied OA Server ID doesn't correspond: " + str);
                    throw new BusinessRuleException(RequestorEvent.REQUEST_INVALID, ASelectErrors.ERROR_ASELECT_SERVER_ID_MISMATCH);
                }
                IRequestor requestor = this._requestorPoolFactory.getRequestor(str2);
                if (requestor == null) {
                    StringBuffer stringBuffer = new StringBuffer("Unknown requestor found in request: ");
                    stringBuffer.append(str2);
                    this._logger.debug(stringBuffer.toString());
                    throw new BusinessRuleException(RequestorEvent.REQUEST_INVALID, ASelectErrors.ERROR_ASELECT_SERVER_UNKNOWN_APP);
                }
                if (!requestor.isEnabled()) {
                    this._logger.debug("Disabled requestor found in request: " + str2);
                    throw new BusinessRuleException(RequestorEvent.REQUEST_INVALID, ASelectErrors.ERROR_ASELECT_SERVER_UNKNOWN_APP);
                }
                RequestorPool requestorPool = this._requestorPoolFactory.getRequestorPool(requestor.getID());
                if (requestorPool == null) {
                    this._logger.warn("Requestor not available in a pool: " + requestor.getID());
                    throw new OAException(1);
                }
                if (!requestorPool.isEnabled()) {
                    StringBuffer stringBuffer2 = new StringBuffer("Requestor '");
                    stringBuffer2.append(requestor.getID());
                    stringBuffer2.append("' is found in a disabled requestor pool: ");
                    stringBuffer2.append(requestorPool.getID());
                    this._logger.warn(stringBuffer2.toString());
                    throw new OAException(1);
                }
                ASelectRequestorPool aSelectRequestorPool = this._htASelectRequestorPools.get(requestorPool.getID());
                if (!z && doSigning(requestorPool, aSelectRequestorPool, requestor)) {
                    StringBuffer stringBuffer3 = new StringBuffer("Requestor '");
                    stringBuffer3.append(requestor.getID());
                    stringBuffer3.append("' requires signing and the message is not signed");
                    this._logger.debug(stringBuffer3.toString());
                    throw new BusinessRuleException(RequestorEvent.REQUEST_INVALID, ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
                }
                ISession createSession = this._SessionFactory.createSession(str2);
                createSession.setForcedAuthentication(z2);
                createSession.setPassive(z3);
                ISessionAttributes attributes = createSession.getAttributes();
                attributes.put(ASelectProcessor.class, ASelectProcessor.SESSION_REQUESTOR_URL, str3);
                if (str6 == null) {
                    this._logger.debug("No optional user ID found in request");
                } else {
                    if (str6.length() <= 0) {
                        this._logger.debug("Invalid uid found in request");
                        throw new BusinessRuleException(RequestorEvent.REQUEST_INVALID, ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
                    }
                    createSession.setForcedUserID(str6);
                }
                if (str4 != null) {
                    Vector vector = new Vector();
                    vector.add(str4);
                    attributes.put(ProxyAttributes.class, "forced_organizations", vector);
                } else {
                    this._logger.debug("No optional remote organization found in request");
                }
                Locale locale = null;
                if (str8 == null) {
                    this._logger.debug("No optional country found in request");
                } else if (!LocaleValidator.validateCountry(str8)) {
                    StringBuffer stringBuffer4 = new StringBuffer("Invalid country found in request: ");
                    stringBuffer4.append(str8);
                    this._logger.debug(stringBuffer4.toString());
                    throw new BusinessRuleException(RequestorEvent.REQUEST_INVALID, ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
                }
                if (str9 == null) {
                    this._logger.debug("No optional language found in request");
                    if (str8 != null) {
                        locale = new Locale(Locale.getDefault().getLanguage(), str8);
                    }
                } else {
                    if (!LocaleValidator.validateLanguage(str9)) {
                        StringBuffer stringBuffer5 = new StringBuffer("Invalid language found in request: ");
                        stringBuffer5.append(str9);
                        this._logger.debug(stringBuffer5.toString());
                        throw new BusinessRuleException(RequestorEvent.REQUEST_INVALID, ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
                    }
                    locale = str8 != null ? new Locale(str9, str8) : new Locale(str9);
                }
                createSession.setLocale(locale);
                createSession.persist();
                this._eventLogger.info(new RequestorEventLogItem(createSession, str7, RequestorEvent.AUTHN_INITIATION_SUCCESSFUL, this, (String) null));
                return createSession;
            } catch (MalformedURLException e) {
                this._logger.debug("Invalid requestor URL found in request");
                throw new BusinessRuleException(RequestorEvent.REQUEST_INVALID, ASelectErrors.ERROR_ASELECT_SERVER_INVALID_APP_URL);
            }
        } catch (BusinessRuleException e2) {
            this._eventLogger.info(new RequestorEventLogItem((String) null, (String) null, (SessionState) null, e2.getEvent(), (String) null, str7, (String) null, this, e2.getMessage()));
            throw e2;
        } catch (OAException e3) {
            this._logger.warn("Internal error during initiation of the authentication process", e3);
            if (0 != 0) {
                this._eventLogger.info(new RequestorEventLogItem((ISession) null, str7, RequestorEvent.INTERNAL_ERROR, this, (String) null));
            } else {
                this._eventLogger.info(new RequestorEventLogItem((String) null, (String) null, (SessionState) null, RequestorEvent.INTERNAL_ERROR, (String) null, str7, (String) null, this, (String) null));
            }
            throw e3;
        } catch (Exception e4) {
            this._logger.error("Internal error during initiation of the authentication process", e4);
            if (0 != 0) {
                this._eventLogger.info(new RequestorEventLogItem((ISession) null, str7, RequestorEvent.INTERNAL_ERROR, this, (String) null));
            } else {
                this._eventLogger.info(new RequestorEventLogItem((String) null, (String) null, (SessionState) null, RequestorEvent.INTERNAL_ERROR, (String) null, str7, (String) null, this, (String) null));
            }
            throw new OAException(1, e4);
        }
    }

    @Override // com.alfaariss.oa.profile.aselect.business.requestor.IRequestorService
    public TGTInfo verifyAuthentication(String str, String str2, String str3, String str4, String str5, boolean z) throws BusinessRuleException, OAException, AuthNException {
        TGTInfo tGTInfo;
        String id;
        IAuthenticationProfile selectedAuthNProfile;
        ISession iSession = null;
        try {
        } catch (OAException e) {
            this._logger.warn("Internal error during verification of the authentication process", e);
            if (0 != 0) {
                this._eventLogger.info(new RequestorEventLogItem((ISession) null, str5, RequestorEvent.INTERNAL_ERROR, this, (String) null));
            } else {
                this._eventLogger.info(new RequestorEventLogItem((String) null, (String) null, (SessionState) null, RequestorEvent.INTERNAL_ERROR, (String) null, str5, (String) null, this, (String) null));
            }
            throw e;
        } catch (AuthNException e2) {
            if (0 != 0) {
                this._eventLogger.info(new RequestorEventLogItem((ISession) null, str5, e2.getEvent(), this, e2.getMessage()));
                tGTInfo = new TGTInfo(e2.getMessage());
                iSession.expire();
                iSession.persist();
            } else {
                this._eventLogger.info(new RequestorEventLogItem((String) null, (String) null, (SessionState) null, e2.getEvent(), (String) null, str5, (String) null, this, e2.getMessage()));
                tGTInfo = new TGTInfo(e2.getMessage());
            }
        } catch (BusinessRuleException e3) {
            if (0 != 0) {
                this._eventLogger.info(new RequestorEventLogItem((ISession) null, str5, e3.getEvent(), this, e3.getMessage()));
            } else {
                this._eventLogger.info(new RequestorEventLogItem((String) null, (String) null, (SessionState) null, e3.getEvent(), (String) null, str5, (String) null, this, e3.getMessage()));
            }
            throw e3;
        } catch (Exception e4) {
            this._logger.fatal("Internal error during verification of the authentication process", e4);
            if (0 != 0) {
                this._eventLogger.info(new RequestorEventLogItem((ISession) null, str5, RequestorEvent.INTERNAL_ERROR, this, (String) null));
            } else {
                this._eventLogger.info(new RequestorEventLogItem((String) null, (String) null, (SessionState) null, RequestorEvent.INTERNAL_ERROR, (String) null, str5, (String) null, this, (String) null));
            }
            throw new OAException(1, e4);
        }
        if (!isInitialized()) {
            this._logger.warn("A-Select WS Requestor Service not initialized");
            throw new OAException(3);
        }
        if (str3 == null) {
            this._logger.debug("No rid found in request");
            throw new BusinessRuleException(RequestorEvent.REQUEST_INVALID, ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
        }
        if (str == null) {
            this._logger.debug("No oa server ID found in request");
            throw new BusinessRuleException(RequestorEvent.REQUEST_INVALID, ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
        }
        if (this._forceRequestorID && str2 == null) {
            this._logger.debug("No requestor ID found in request");
            throw new BusinessRuleException(RequestorEvent.REQUEST_INVALID, ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
        }
        if (!SessionValidator.validateDefaultSessionId(str3)) {
            this._logger.debug("Invalid rid found in request");
            throw new BusinessRuleException(RequestorEvent.REQUEST_INVALID, ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
        }
        if (str4 == null) {
            this._logger.debug("No credentials found in request");
            throw new BusinessRuleException(RequestorEvent.REQUEST_INVALID, ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
        }
        if (!this._OAServer.getID().equals(str)) {
            StringBuffer stringBuffer = new StringBuffer("The OA Server ID doesn't correspond to the supplied oa ID: ");
            stringBuffer.append(str);
            this._logger.debug(stringBuffer.toString());
            throw new BusinessRuleException(RequestorEvent.REQUEST_INVALID, ASelectErrors.ERROR_ASELECT_SERVER_ID_MISMATCH);
        }
        ISession retrieve = this._SessionFactory.retrieve(str3);
        if (retrieve == null) {
            this._logger.debug("No session found with id: " + str3);
            throw new BusinessRuleException(RequestorEvent.SESSION_INVALID, ASelectErrors.ERROR_ASELECT_SERVER_SESSION_EXPIRED);
        }
        if (retrieve.isExpired()) {
            this._logger.debug("Session expired with id: " + str3);
            throw new BusinessRuleException(RequestorEvent.SESSION_EXPIRED, ASelectErrors.ERROR_ASELECT_SERVER_SESSION_EXPIRED);
        }
        String requestorId = retrieve.getRequestorId();
        if (str2 != null && !requestorId.equals(str2)) {
            this._logger.debug("Supplied requestor ID does not match original requestor");
            throw new BusinessRuleException(RequestorEvent.REQUEST_INVALID, ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
        }
        ISessionAttributes attributes = retrieve.getAttributes();
        if (((String) attributes.get(ASelectProcessor.class, ASelectProcessor.SESSION_REQUESTOR_URL)) == null) {
            this._logger.warn("No session attribute found with with name: requestor_url");
            throw new OAException(1);
        }
        String str6 = (String) attributes.get(ASelectProcessor.class, ASelectProcessor.SESSION_CREDENTIALS);
        if (str6 == null) {
            this._logger.debug("No valid credentials in session");
            throw new BusinessRuleException(RequestorEvent.REQUEST_INVALID, ASelectErrors.ERROR_ASELECT_SERVER_UNKNOWN_TGT);
        }
        if (!str6.equals(str4)) {
            StringBuffer stringBuffer2 = new StringBuffer("Credentials in session (");
            stringBuffer2.append(str6);
            stringBuffer2.append(") doesn't correspond to credentials in request: ");
            stringBuffer2.append(str4);
            this._logger.debug(stringBuffer2.toString());
            throw new BusinessRuleException(RequestorEvent.REQUEST_INVALID, ASelectErrors.ERROR_ASELECT_SERVER_UNKNOWN_TGT);
        }
        switch (AnonymousClass1.$SwitchMap$com$alfaariss$oa$api$session$SessionState[retrieve.getState().ordinal()]) {
            case 1:
                IUser user = retrieve.getUser();
                if (user == null) {
                    this._logger.warn("No User found in session");
                    throw new OAException(1);
                }
                IRequestor requestor = this._requestorPoolFactory.getRequestor(requestorId);
                if (requestor == null) {
                    this._logger.warn("No Requestor found with id: " + requestorId);
                    throw new OAException(1);
                }
                RequestorPool requestorPool = this._requestorPoolFactory.getRequestorPool(requestorId);
                if (requestorPool == null) {
                    this._logger.warn("No Requestor Pool found for requestor id: " + requestorId);
                    throw new OAException(1);
                }
                ASelectRequestorPool aSelectRequestorPool = this._htASelectRequestorPools.get(requestorPool.getID());
                if (!z && doSigning(requestorPool, aSelectRequestorPool, requestor)) {
                    StringBuffer stringBuffer3 = new StringBuffer("Requestor '");
                    stringBuffer3.append(requestor.getID());
                    stringBuffer3.append("' requires signing and the message is not signed");
                    this._logger.debug(stringBuffer3.toString());
                    throw new BusinessRuleException(RequestorEvent.REQUEST_INVALID, ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
                }
                int intValue = Integer.valueOf(getAppLevel(requestorPool, aSelectRequestorPool, requestor)).intValue();
                long j = 0;
                ITGT itgt = null;
                String tGTId = retrieve.getTGTId();
                if (tGTId != null) {
                    itgt = this._tgtFactory.retrieve(tGTId);
                    if (itgt == null) {
                        this._logger.warn("No TGT ID found in session");
                        throw new OAException(1);
                    }
                    j = itgt.getTgtExpTime().getTime();
                    id = getHighestAuthNProfile(itgt.getAuthNProfileIDs());
                    if (id == null && (selectedAuthNProfile = retrieve.getSelectedAuthNProfile()) != null) {
                        id = selectedAuthNProfile.getID();
                    }
                    if (id == null) {
                        id = (String) itgt.getAuthNProfileIDs().get(0);
                    }
                } else {
                    IAuthenticationProfile selectedAuthNProfile2 = retrieve.getSelectedAuthNProfile();
                    if (selectedAuthNProfile2 == null) {
                        this._logger.warn("No authentication profile found in Session");
                        throw new OAException(1);
                    }
                    id = selectedAuthNProfile2.getID();
                }
                int intValue2 = getAuthSPLevel(id).intValue();
                try {
                    String uid = getUid(user, aSelectRequestorPool, requestorPool, requestor);
                    String str7 = null;
                    IAttributes attributes2 = user.getAttributes();
                    if (attributes2 != null && attributes2.size() > 0) {
                        str7 = serializeAttributes(attributes2);
                    }
                    tGTInfo = new TGTInfo(this._OAServer.getID(), user.getOrganization(), intValue, intValue2, id, uid, j);
                    tGTInfo.setAttributes(str7);
                    this._eventLogger.info(new RequestorEventLogItem(retrieve, str5, RequestorEvent.TOKEN_DEREFERENCE_SUCCESSFUL, this, (String) null));
                    retrieve.expire();
                    retrieve.persist();
                    break;
                } catch (AuthNException e5) {
                    if (itgt != null) {
                        itgt.removeRequestorID(requestor.getID());
                        this._aliasStoreSP.removeAlias("aselect_credentials", requestor.getID(), str4);
                        if (itgt.getRequestorIDs().size() == 0) {
                            itgt.expire();
                            itgt.persist();
                        }
                    }
                    throw e5;
                }
                break;
            case 2:
                this._logger.debug("Authentication failed: " + retrieve.getState().name());
                throw new AuthNException(ASelectErrors.ERROR_ASELECT_SERVER_CANCEL);
            case 3:
                this._logger.debug("Authentication failed: " + retrieve.getState().name());
                throw new AuthNException(ASelectErrors.ERROR_ASELECT_AUTHSP_COULD_NOT_AUTHENTICATE_USER);
            case 4:
                this._logger.debug("Authentication failed: " + retrieve.getState().name());
                throw new AuthNException(ASelectErrors.ERROR_ASELECT_AUTHSP_COULD_NOT_AUTHENTICATE_USER);
            case 5:
                this._logger.debug("Authentication failed: " + retrieve.getState().name());
                throw new AuthNException(ASelectErrors.ERROR_ASELECT_AUTHSP_COULD_NOT_AUTHENTICATE_USER);
            case 6:
                this._logger.debug("Authentication failed: " + retrieve.getState().name());
                throw new AuthNException(ASelectErrors.ERROR_ASELECT_AUTHSP_COULD_NOT_AUTHENTICATE_USER);
            case 7:
                this._logger.debug("Authentication failed: " + retrieve.getState().name());
                throw new AuthNException(ASelectErrors.ERROR_USER_BLOCKED);
            case 8:
                this._logger.debug("Authentication failed: " + retrieve.getState().name());
                throw new AuthNException(ASelectErrors.ERROR_ASELECT_UDB_UNKNOWN_USER);
            case 9:
                this._logger.debug("Authentication failed: " + retrieve.getState().name());
                throw new AuthNException(ASelectErrors.ERROR_PASSIVE_FAILED);
            default:
                this._logger.warn("Authentication failed, due to invalid session state: " + retrieve.getState().name());
                throw new AuthNException(ASelectErrors.ERROR_ASELECT_INTERNAL_ERROR);
        }
        return tGTInfo;
    }

    @Override // com.alfaariss.oa.profile.aselect.business.requestor.IRequestorService
    public ISession slo(String str, String str2, String str3, String str4, String str5, boolean z) throws BusinessRuleException, OAException {
        try {
            if (!isInitialized()) {
                this._logger.warn("OA Requestor Service not initialized");
                throw new OAException(3);
            }
            if (str == null) {
                this._logger.debug("No oa server ID found in request");
                throw new BusinessRuleException(RequestorEvent.REQUEST_INVALID, ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
            }
            if (str2 == null) {
                this._logger.debug("No requestor ID found in request");
                throw new BusinessRuleException(RequestorEvent.REQUEST_INVALID, ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
            }
            if (str3 == null) {
                this._logger.debug("No cerdentials found in request");
                throw new BusinessRuleException(RequestorEvent.REQUEST_INVALID, ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
            }
            if (str4 != null) {
                StringBuffer stringBuffer = new StringBuffer("Optional '");
                stringBuffer.append(ASelectProcessor.PARAM_APPURL);
                stringBuffer.append("' found in request: ");
                stringBuffer.append(str4);
                this._logger.debug(stringBuffer.toString());
                try {
                    new URL(str4);
                } catch (MalformedURLException e) {
                    this._logger.debug("Invalid requestor URL found in request");
                    throw new BusinessRuleException(RequestorEvent.REQUEST_INVALID, ASelectErrors.ERROR_ASELECT_SERVER_INVALID_APP_URL);
                }
            } else {
                str4 = this._sRedirectURL;
            }
            if (!this._OAServer.getID().equals(str)) {
                this._logger.debug("The oa ID doesn't correspond.");
                throw new BusinessRuleException(RequestorEvent.REQUEST_INVALID, ASelectErrors.ERROR_ASELECT_SERVER_ID_MISMATCH);
            }
            IRequestor requestor = this._requestorPoolFactory.getRequestor(str2);
            if (requestor == null) {
                StringBuffer stringBuffer2 = new StringBuffer("Unknown requestor found in request: ");
                stringBuffer2.append(str2);
                this._logger.debug(stringBuffer2.toString());
                throw new BusinessRuleException(RequestorEvent.REQUEST_INVALID, ASelectErrors.ERROR_ASELECT_SERVER_UNKNOWN_APP);
            }
            if (!requestor.isEnabled()) {
                this._logger.debug("Disabled requestor found in request: " + str2);
                throw new BusinessRuleException(RequestorEvent.REQUEST_INVALID, ASelectErrors.ERROR_ASELECT_SERVER_UNKNOWN_APP);
            }
            RequestorPool requestorPool = this._requestorPoolFactory.getRequestorPool(requestor.getID());
            if (requestorPool == null) {
                this._logger.warn("Requestor not available in a pool: " + requestor.getID());
                throw new OAException(1);
            }
            if (!requestorPool.isEnabled()) {
                StringBuffer stringBuffer3 = new StringBuffer("Requestor '");
                stringBuffer3.append(requestor.getID());
                stringBuffer3.append("' is found in a disabled requestor pool: ");
                stringBuffer3.append(requestorPool.getID());
                this._logger.warn(stringBuffer3.toString());
                throw new OAException(1);
            }
            ASelectRequestorPool aSelectRequestorPool = this._htASelectRequestorPools.get(requestorPool.getID());
            if (!z && doSigning(requestorPool, aSelectRequestorPool, requestor)) {
                StringBuffer stringBuffer4 = new StringBuffer("Requestor '");
                stringBuffer4.append(requestor.getID());
                stringBuffer4.append("' requires signing and the message is not signed");
                this._logger.debug(stringBuffer4.toString());
                throw new BusinessRuleException(RequestorEvent.REQUEST_INVALID, ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
            }
            if (!this._aliasStoreSP.isAlias("aselect_credentials", str2, str3)) {
                this._logger.debug("Unknown credentials supplied in request: " + str3);
                throw new BusinessRuleException(RequestorEvent.REQUEST_INVALID, ASelectErrors.ERROR_ASELECT_SERVER_UNKNOWN_TGT);
            }
            ISession createSession = this._SessionFactory.createSession(str2);
            createSession.getAttributes().put(ASelectProcessor.class, ASelectProcessor.SESSION_REQUESTOR_URL, str4);
            createSession.persist();
            this._eventLogger.info(new RequestorEventLogItem(createSession, str5, RequestorEvent.LOGOUT_INITIATION_SUCCESSFUL, this, (String) null));
            return createSession;
        } catch (BusinessRuleException e2) {
            this._eventLogger.info(new RequestorEventLogItem((String) null, (String) null, (SessionState) null, e2.getEvent(), (String) null, str5, (String) null, this, e2.getMessage()));
            throw e2;
        } catch (OAException e3) {
            this._logger.warn("Internal error during initiation of the logout process", e3);
            if (0 != 0) {
                this._eventLogger.info(new RequestorEventLogItem((ISession) null, str5, RequestorEvent.INTERNAL_ERROR, this, (String) null));
            } else {
                this._eventLogger.info(new RequestorEventLogItem((String) null, (String) null, (SessionState) null, RequestorEvent.INTERNAL_ERROR, (String) null, str5, (String) null, this, (String) null));
            }
            throw e3;
        } catch (Exception e4) {
            this._logger.error("Internal error during initiation of the logout process", e4);
            if (0 != 0) {
                this._eventLogger.info(new RequestorEventLogItem((ISession) null, str5, RequestorEvent.INTERNAL_ERROR, this, (String) null));
            } else {
                this._eventLogger.info(new RequestorEventLogItem((String) null, (String) null, (SessionState) null, RequestorEvent.INTERNAL_ERROR, (String) null, str5, (String) null, this, (String) null));
            }
            throw new OAException(1, e4);
        }
    }

    @Override // com.alfaariss.oa.profile.aselect.business.requestor.IRequestorService
    public String logout(String str, String str2, String str3, boolean z, String str4) throws BusinessRuleException, OAException {
        String str5;
        ITGT retrieve;
        try {
            if (!isInitialized()) {
                this._logger.warn("OA Requestor Service not initialized");
                throw new OAException(3);
            }
            if (str == null) {
                this._logger.debug("No requestor ID found in request");
                throw new BusinessRuleException(RequestorEvent.REQUEST_INVALID, ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
            }
            if (str2 == null) {
                this._logger.debug("No credentials found in request");
                throw new BusinessRuleException(RequestorEvent.REQUEST_INVALID, ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
            }
            if (str4 != null && !ASelectProcessor.VALUE_REASON_TIMEOUT.equalsIgnoreCase(str4)) {
                this._logger.debug("Invalid reason in request from SP with id: " + str);
                throw new BusinessRuleException(RequestorEvent.REQUEST_INVALID, ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
            }
            IRequestor requestor = this._requestorPoolFactory.getRequestor(str);
            if (requestor == null) {
                StringBuffer stringBuffer = new StringBuffer("Unknown requestor found in request: ");
                stringBuffer.append(str);
                this._logger.debug(stringBuffer.toString());
                throw new BusinessRuleException(RequestorEvent.REQUEST_INVALID, ASelectErrors.ERROR_ASELECT_SERVER_UNKNOWN_APP);
            }
            if (!requestor.isEnabled()) {
                this._logger.debug("Disabled requestor found in request: " + str);
                throw new BusinessRuleException(RequestorEvent.REQUEST_INVALID, ASelectErrors.ERROR_ASELECT_SERVER_UNKNOWN_APP);
            }
            RequestorPool requestorPool = this._requestorPoolFactory.getRequestorPool(requestor.getID());
            if (requestorPool == null) {
                this._logger.warn("Requestor not available in a pool: " + requestor.getID());
                throw new OAException(1);
            }
            if (!requestorPool.isEnabled()) {
                StringBuffer stringBuffer2 = new StringBuffer("Requestor '");
                stringBuffer2.append(requestor.getID());
                stringBuffer2.append("' is found in a disabled requestor pool: ");
                stringBuffer2.append(requestorPool.getID());
                this._logger.warn(stringBuffer2.toString());
                throw new OAException(1);
            }
            ASelectRequestorPool aSelectRequestorPool = this._htASelectRequestorPools.get(requestorPool.getID());
            if (!z && doSigning(requestorPool, aSelectRequestorPool, requestor)) {
                StringBuffer stringBuffer3 = new StringBuffer("Requestor '");
                stringBuffer3.append(requestor.getID());
                stringBuffer3.append("' requires signing and the message is not signed");
                this._logger.debug(stringBuffer3.toString());
                throw new BusinessRuleException(RequestorEvent.REQUEST_INVALID, ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
            }
            if (this._aliasStoreSP == null) {
                this._logger.debug("TGT Factory has no SP alias support");
                throw new BusinessRuleException(RequestorEvent.REQUEST_INVALID, ASelectErrors.ERROR_LOGOUT_FAILED);
            }
            String tgtid = this._aliasStoreSP.getTGTID("aselect_credentials", requestor.getID(), str2);
            RequestorEvent requestorEvent = RequestorEvent.LOGOUT_SUCCESS;
            if (tgtid != null && (retrieve = this._tgtFactory.retrieve(tgtid)) != null && !retrieve.isExpired()) {
                this._aliasStoreSP.removeAlias("aselect_credentials", requestor.getID(), str2);
                if (str4 == null || retrieve.getRequestorIDs().size() <= 1) {
                    try {
                        if (str4 != null) {
                            retrieve.clean();
                        } else {
                            retrieve.expire();
                            retrieve.persist();
                        }
                    } catch (TGTListenerException e) {
                        requestorEvent = getLogoutError(e.getErrors());
                    }
                } else {
                    retrieve.removeRequestorID(requestor.getID());
                    retrieve.persist();
                    requestorEvent = RequestorEvent.LOGOUT_PARTIALLY;
                }
            }
            switch (AnonymousClass1.$SwitchMap$com$alfaariss$oa$RequestorEvent[requestorEvent.ordinal()]) {
                case 1:
                    str5 = ASelectErrors.ERROR_ASELECT_SUCCESS;
                    break;
                case 2:
                    str5 = ASelectErrors.ERROR_LOGOUT_PARTIALLY;
                    break;
                default:
                    str5 = ASelectErrors.ERROR_LOGOUT_FAILED;
                    break;
            }
            this._eventLogger.info(new RequestorEventLogItem((String) null, (String) null, (SessionState) null, requestorEvent, (String) null, str3, (String) null, this, str5));
            return str5;
        } catch (BusinessRuleException e2) {
            this._eventLogger.info(new RequestorEventLogItem((String) null, (String) null, (SessionState) null, e2.getEvent(), (String) null, str3, (String) null, this, e2.getMessage()));
            throw e2;
        } catch (OAException e3) {
            this._logger.warn("Internal error during the logout process", e3);
            this._eventLogger.info(new RequestorEventLogItem((String) null, (String) null, (SessionState) null, RequestorEvent.INTERNAL_ERROR, (String) null, str3, (String) null, this, (String) null));
            throw e3;
        } catch (Exception e4) {
            this._logger.error("Internal error during the logout process", e4);
            this._eventLogger.info(new RequestorEventLogItem((String) null, (String) null, (SessionState) null, RequestorEvent.INTERNAL_ERROR, (String) null, str3, (String) null, this, (String) null));
            throw new OAException(1, e4);
        }
    }

    public String getRedirectURLBase() {
        return this._sRedirectURL;
    }

    @Override // com.alfaariss.oa.profile.aselect.business.AbstractOAService
    public void stop() {
        this._initialized = false;
        this._sRedirectURL = null;
        super.stop();
    }

    private String getHighestAuthNProfile(List<String> list) throws OAException {
        String str = null;
        int i = -1;
        for (String str2 : list) {
            if (this._htAuthSPLevels.containsKey(str2)) {
                int intValue = this._htAuthSPLevels.get(str2).intValue();
                if (intValue > i) {
                    i = intValue;
                    str = str2;
                }
            } else {
                try {
                    String str3 = (String) this._authenticationProfileFactory.getProfile(str2).getProperty(PROPERTY_AUTHSP_LEVEL);
                    if (str3 != null) {
                        try {
                            int intValue2 = Integer.valueOf(str3).intValue();
                            if (intValue2 > i) {
                                i = intValue2;
                                str = str2;
                            }
                        } catch (NumberFormatException e) {
                            StringBuffer stringBuffer = new StringBuffer("Invalid value of the '");
                            stringBuffer.append(PROPERTY_AUTHSP_LEVEL);
                            stringBuffer.append("' property available: ");
                            stringBuffer.append(str3);
                            this._logger.error(stringBuffer.toString());
                            throw new OAException(1);
                        }
                    } else {
                        continue;
                    }
                } catch (AuthenticationException e2) {
                    this._logger.error("Authentication profile not available: " + str2);
                    throw new OAException(1);
                }
            }
        }
        return str;
    }

    private Integer getAuthSPLevel(String str) throws OAException {
        Integer valueOf = Integer.valueOf(this._iDefaultAuthSPLevel);
        if (this._htAuthSPLevels.containsKey(str)) {
            valueOf = this._htAuthSPLevels.get(str);
        } else {
            try {
                String str2 = (String) this._authenticationProfileFactory.getProfile(str).getProperty(PROPERTY_AUTHSP_LEVEL);
                if (str2 != null) {
                    try {
                        valueOf = new Integer(str2);
                    } catch (NumberFormatException e) {
                        StringBuffer stringBuffer = new StringBuffer("Invalid value of the '");
                        stringBuffer.append(PROPERTY_AUTHSP_LEVEL);
                        stringBuffer.append("' property available: ");
                        stringBuffer.append(str2);
                        this._logger.error(stringBuffer.toString());
                        throw new OAException(1);
                    }
                }
            } catch (AuthenticationException e2) {
                this._logger.error("Authentication profile not available: " + str);
                throw new OAException(1);
            }
        }
        return valueOf;
    }

    private String serializeAttributes(IAttributes iAttributes) throws OAException {
        String str = null;
        try {
            StringBuffer stringBuffer = new StringBuffer();
            Enumeration names = iAttributes.getNames();
            while (names.hasMoreElements()) {
                StringBuffer stringBuffer2 = new StringBuffer();
                String str2 = (String) names.nextElement();
                Object obj = iAttributes.get(str2);
                if (obj instanceof Vector) {
                    Enumeration elements = ((Vector) obj).elements();
                    while (elements.hasMoreElements()) {
                        String str3 = (String) elements.nextElement();
                        stringBuffer2.append(URLEncoder.encode(str2 + "[]", ASelectProcessor.CHARSET));
                        stringBuffer2.append("=");
                        stringBuffer2.append(URLEncoder.encode(str3, ASelectProcessor.CHARSET));
                        if (elements.hasMoreElements()) {
                            stringBuffer2.append("&");
                        }
                    }
                } else if (obj instanceof String) {
                    stringBuffer2.append(URLEncoder.encode(str2, ASelectProcessor.CHARSET));
                    stringBuffer2.append("=");
                    stringBuffer2.append(URLEncoder.encode((String) obj, ASelectProcessor.CHARSET));
                } else {
                    StringBuffer stringBuffer3 = new StringBuffer("Attribute '");
                    stringBuffer3.append(str2);
                    stringBuffer3.append("' has an unsupported value; is not a String: ");
                    stringBuffer3.append(obj);
                    this._logger.debug(stringBuffer3.toString());
                }
                if (stringBuffer2.length() > 0 && stringBuffer.length() > 0) {
                    stringBuffer.append("&");
                }
                stringBuffer.append(stringBuffer2);
            }
            if (stringBuffer.length() > 0) {
                str = new String(Base64.encodeBase64(stringBuffer.toString().getBytes(ASelectProcessor.CHARSET)), ASelectProcessor.CHARSET);
            }
            return str;
        } catch (Exception e) {
            this._logger.fatal("Could not serialize attributes: " + iAttributes.toString(), e);
            throw new OAException(1);
        }
    }

    private String getUid(IUser iUser, ASelectRequestorPool aSelectRequestorPool, RequestorPool requestorPool, IRequestor iRequestor) throws OAException, AuthNException {
        String str;
        String id = iUser.getID();
        String str2 = (String) iRequestor.getProperty(PROPERTY_UID_ATTRIBUTE);
        if (str2 == null) {
            if (aSelectRequestorPool != null) {
                str2 = aSelectRequestorPool.getUidAttribute();
            }
            if (str2 == null) {
                str2 = (String) requestorPool.getProperty(PROPERTY_UID_ATTRIBUTE);
            }
        }
        if (str2 != null) {
            IAttributes attributes = iUser.getAttributes();
            id = (String) attributes.get(str2);
            if (id == null) {
                StringBuffer stringBuffer = new StringBuffer("Missing required attribute (");
                stringBuffer.append(str2);
                stringBuffer.append(") to resolve uid for user with ID: ");
                stringBuffer.append(iUser.getID());
                this._logger.warn(stringBuffer.toString());
                throw new AuthNException(ASelectErrors.ERROR_MISSING_REQUIRED_ATTRIBUTE);
            }
            attributes.remove(str2);
        }
        boolean z = false;
        String str3 = (String) iRequestor.getProperty(PROPERTY_UID_OPAQUE_ENABLED);
        if (str3 == null) {
            if (aSelectRequestorPool != null) {
                z = aSelectRequestorPool.isUidOpaque();
            }
            if (!z && (str = (String) requestorPool.getProperty(PROPERTY_UID_OPAQUE_ENABLED)) != null) {
                if ("TRUE".equalsIgnoreCase(str)) {
                    z = true;
                } else if (!"FALSE".equalsIgnoreCase(str)) {
                    StringBuffer stringBuffer2 = new StringBuffer("Invalid value for '");
                    stringBuffer2.append(PROPERTY_UID_OPAQUE_ENABLED);
                    stringBuffer2.append("' requestor pool attribute: ");
                    stringBuffer2.append(str);
                    this._logger.error(stringBuffer2.toString());
                    throw new OAException(1);
                }
            }
        } else if ("TRUE".equalsIgnoreCase(str3)) {
            z = true;
        } else if (!"FALSE".equalsIgnoreCase(str3)) {
            StringBuffer stringBuffer3 = new StringBuffer("Invalid value for requestor property '");
            stringBuffer3.append(PROPERTY_UID_OPAQUE_ENABLED);
            stringBuffer3.append("': ");
            stringBuffer3.append(str3);
            this._logger.error(stringBuffer3.toString());
            throw new OAException(1);
        }
        if (z) {
            String str4 = (String) iRequestor.getProperty(PROPERTY_UID_OPAQUE_SALT);
            if (str4 == null) {
                if (aSelectRequestorPool != null) {
                    str4 = aSelectRequestorPool.getUidOpaqueSalt();
                }
                if (str4 == null) {
                    str4 = (String) requestorPool.getProperty(PROPERTY_UID_OPAQUE_SALT);
                }
            }
            if (str4 != null) {
                id = id + str4;
            }
            MessageDigest messageDigest = this._cryptoManager.getMessageDigest();
            try {
                messageDigest.update(id.getBytes(ASelectProcessor.CHARSET));
                id = toHexString(messageDigest.digest());
            } catch (Exception e) {
                this._logger.warn("Unable to generate SHA1 hash from user ID: " + id);
                throw new OAException(1);
            }
        }
        return id;
    }

    private String getAppLevel(RequestorPool requestorPool, ASelectRequestorPool aSelectRequestorPool, IRequestor iRequestor) throws OAException {
        String str;
        String valueOf = String.valueOf(this._iDefaultAppLevel);
        int i = -1;
        String str2 = (String) iRequestor.getProperty(PROPERTY_APP_LEVEL);
        if (str2 != null) {
            try {
                i = Integer.valueOf(str2).intValue();
            } catch (NumberFormatException e) {
                StringBuffer stringBuffer = new StringBuffer("The configured requestor property (");
                stringBuffer.append(PROPERTY_APP_LEVEL);
                stringBuffer.append(") value isn't a number: ");
                stringBuffer.append(str2);
                this._logger.error(stringBuffer.toString(), e);
                throw new OAException(1);
            }
        } else {
            if (aSelectRequestorPool != null) {
                i = aSelectRequestorPool.getAppLevel();
            }
            if (i == -1 && (str = (String) requestorPool.getProperty(PROPERTY_APP_LEVEL)) != null) {
                try {
                    i = Integer.valueOf(str).intValue();
                } catch (NumberFormatException e2) {
                    StringBuffer stringBuffer2 = new StringBuffer("The configured requestorpool property (");
                    stringBuffer2.append(PROPERTY_APP_LEVEL);
                    stringBuffer2.append(") value isn't a number: ");
                    stringBuffer2.append(str);
                    this._logger.error(stringBuffer2.toString(), e2);
                    throw new OAException(1);
                }
            }
        }
        if (i > 0) {
            valueOf = String.valueOf(i);
        }
        return valueOf;
    }

    private RequestorEvent getLogoutError(List<TGTEventError> list) {
        RequestorEvent requestorEvent = RequestorEvent.LOGOUT_FAILED;
        Iterator<TGTEventError> it = list.iterator();
        while (it.hasNext()) {
            switch (AnonymousClass1.$SwitchMap$com$alfaariss$oa$UserEvent[it.next().getCode().ordinal()]) {
                case 1:
                    requestorEvent = RequestorEvent.LOGOUT_PARTIALLY;
                case 2:
                case 3:
                default:
                    return RequestorEvent.LOGOUT_FAILED;
            }
        }
        return requestorEvent;
    }

    private static String toHexString(byte[] bArr) {
        return new String(Hex.encodeHex(bArr)).toUpperCase();
    }
}
