package com.alfaariss.oa.profile.aselect.processor.handler.idp;

import com.alfaariss.oa.OAException;
import com.alfaariss.oa.RequestorEvent;
import com.alfaariss.oa.api.attribute.IAttributes;
import com.alfaariss.oa.api.attribute.ISessionAttributes;
import com.alfaariss.oa.api.authentication.IAuthenticationProfile;
import com.alfaariss.oa.api.configuration.IConfigurationManager;
import com.alfaariss.oa.api.requestor.IRequestor;
import com.alfaariss.oa.api.session.ISession;
import com.alfaariss.oa.api.session.SessionState;
import com.alfaariss.oa.api.tgt.ITGT;
import com.alfaariss.oa.api.user.IUser;
import com.alfaariss.oa.engine.core.requestor.RequestorPool;
import com.alfaariss.oa.profile.aselect.ASelectErrors;
import com.alfaariss.oa.profile.aselect.ASelectException;
import com.alfaariss.oa.profile.aselect.binding.IBinding;
import com.alfaariss.oa.profile.aselect.binding.IRequest;
import com.alfaariss.oa.profile.aselect.binding.IResponse;
import com.alfaariss.oa.profile.aselect.processor.ASelectProcessor;
import com.alfaariss.oa.profile.aselect.processor.handler.ASelectRequestorPool;
import com.alfaariss.oa.profile.aselect.processor.handler.AbstractAPIHandler;
import com.alfaariss.oa.util.logging.RequestorEventLogItem;
import com.alfaariss.oa.util.session.ProxyAttributes;
import com.alfaariss.oa.util.validation.LocaleValidator;
import com.alfaariss.oa.util.validation.SessionValidator;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Hashtable;
import java.util.Locale;
import java.util.Vector;
import javax.servlet.http.HttpServletRequest;
import org.w3c.dom.Element;

/* loaded from: input_file:com/alfaariss/oa/profile/aselect/processor/handler/idp/IDPHandler.class */
public class IDPHandler extends AbstractAPIHandler {
    private static final String SESSION_PROXY_ARP_TARGET = "arp_target";
    private static final String PARAM_ARP_TARGET = "arp_target";

    /* renamed from: com.alfaariss.oa.profile.aselect.processor.handler.idp.IDPHandler$1, reason: invalid class name */
    /* loaded from: input_file:com/alfaariss/oa/profile/aselect/processor/handler/idp/IDPHandler$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$alfaariss$oa$api$session$SessionState = new int[SessionState.values().length];

        static {
            try {
                $SwitchMap$com$alfaariss$oa$api$session$SessionState[SessionState.AUTHN_OK.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$alfaariss$oa$api$session$SessionState[SessionState.USER_CANCELLED.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$com$alfaariss$oa$api$session$SessionState[SessionState.AUTHN_FAILED.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$com$alfaariss$oa$api$session$SessionState[SessionState.PRE_AUTHZ_FAILED.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$com$alfaariss$oa$api$session$SessionState[SessionState.AUTHN_SELECTION_FAILED.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$com$alfaariss$oa$api$session$SessionState[SessionState.USER_BLOCKED.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$com$alfaariss$oa$api$session$SessionState[SessionState.USER_UNKNOWN.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$com$alfaariss$oa$api$session$SessionState[SessionState.PASSIVE_FAILED.ordinal()] = 8;
            } catch (NoSuchFieldError e8) {
            }
        }
    }

    public IDPHandler(IConfigurationManager iConfigurationManager, Element element, String str, Hashtable<String, Integer> hashtable, int i, String str2) throws OAException {
        super(iConfigurationManager, element, str, hashtable, i, str2);
        try {
            if (this._bEnabled) {
                this._logger.info("Started: IDP Handler");
            } else {
                this._logger.info("IDP handler: disabled");
            }
        } catch (Exception e) {
            this._logger.fatal("Internal error during object creation", e);
            throw new OAException(1);
        }
    }

    public void authenticate(HttpServletRequest httpServletRequest, IBinding iBinding) throws ASelectException {
        String message;
        int appLevel;
        ISession iSession = null;
        RequestorEventLogItem requestorEventLogItem = null;
        try {
            IRequest request = iBinding.getRequest();
            String str = (String) request.getParameter(ASelectProcessor.PARAM_ASELECTSERVER);
            if (str == null) {
                StringBuffer stringBuffer = new StringBuffer("No '");
                stringBuffer.append(ASelectProcessor.PARAM_ASELECTSERVER);
                stringBuffer.append("' found in request");
                this._logger.debug(stringBuffer.toString());
                throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
            }
            String str2 = (String) request.getParameter(ASelectProcessor.PARAM_LOCAL_IDP);
            if (str2 == null) {
                StringBuffer stringBuffer2 = new StringBuffer("No '");
                stringBuffer2.append(ASelectProcessor.PARAM_LOCAL_IDP);
                stringBuffer2.append("' found in request");
                this._logger.debug(stringBuffer2.toString());
                throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
            }
            String str3 = (String) request.getParameter(ASelectProcessor.PARAM_LOCAL_IDP_URL);
            if (str3 == null) {
                StringBuffer stringBuffer3 = new StringBuffer("No '");
                stringBuffer3.append(ASelectProcessor.PARAM_LOCAL_IDP_URL);
                stringBuffer3.append("' found in request");
                this._logger.debug(stringBuffer3.toString());
                throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
            }
            String str4 = (String) request.getParameter("required_level");
            if (str4 == null) {
                StringBuffer stringBuffer4 = new StringBuffer("No '");
                stringBuffer4.append("required_level");
                stringBuffer4.append("' found in request");
                this._logger.debug(stringBuffer4.toString());
                throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
            }
            try {
                int parseInt = Integer.parseInt(str4);
                String str5 = (String) request.getParameter(ASelectProcessor.PARAM_UID);
                if (str5 != null) {
                    StringBuffer stringBuffer5 = new StringBuffer("Optional '");
                    stringBuffer5.append(ASelectProcessor.PARAM_UID);
                    stringBuffer5.append("' found in request: ");
                    stringBuffer5.append(str5);
                    this._logger.debug(stringBuffer5.toString());
                }
                String str6 = (String) request.getParameter(ASelectProcessor.PARAM_COUNTRY);
                if (str6 == null) {
                    StringBuffer stringBuffer6 = new StringBuffer("No optional '");
                    stringBuffer6.append(ASelectProcessor.PARAM_COUNTRY);
                    stringBuffer6.append("' found in request");
                    this._logger.debug(stringBuffer6.toString());
                } else {
                    if (!LocaleValidator.validateCountry(str6)) {
                        StringBuffer stringBuffer7 = new StringBuffer("Invalid '");
                        stringBuffer7.append(ASelectProcessor.PARAM_COUNTRY);
                        stringBuffer7.append("' found in request: ");
                        stringBuffer7.append(str6);
                        this._logger.debug(stringBuffer7.toString());
                        throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
                    }
                    StringBuffer stringBuffer8 = new StringBuffer("Optional '");
                    stringBuffer8.append(ASelectProcessor.PARAM_COUNTRY);
                    stringBuffer8.append("' found in request: ");
                    stringBuffer8.append(str6);
                    this._logger.debug(stringBuffer8.toString());
                }
                String str7 = (String) request.getParameter(ASelectProcessor.PARAM_LANGUAGE);
                if (str7 == null) {
                    StringBuffer stringBuffer9 = new StringBuffer("No optional '");
                    stringBuffer9.append(ASelectProcessor.PARAM_LANGUAGE);
                    stringBuffer9.append("' found in request");
                    this._logger.debug(stringBuffer9.toString());
                } else {
                    if (!LocaleValidator.validateLanguage(str7)) {
                        StringBuffer stringBuffer10 = new StringBuffer("Invalid '");
                        stringBuffer10.append(ASelectProcessor.PARAM_LANGUAGE);
                        stringBuffer10.append("' found in request: ");
                        stringBuffer10.append(str7);
                        this._logger.debug(stringBuffer10.toString());
                        throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
                    }
                    StringBuffer stringBuffer11 = new StringBuffer("Optional '");
                    stringBuffer11.append(ASelectProcessor.PARAM_LANGUAGE);
                    stringBuffer11.append("' found in request: ");
                    stringBuffer11.append(str7);
                    this._logger.debug(stringBuffer11.toString());
                }
                boolean z = false;
                String str8 = (String) request.getParameter(ASelectProcessor.PARAM_FORCED_LOGON);
                if (str8 == null) {
                    StringBuffer stringBuffer12 = new StringBuffer("No optional '");
                    stringBuffer12.append(ASelectProcessor.PARAM_FORCED_LOGON);
                    stringBuffer12.append("' found in request");
                    this._logger.debug(stringBuffer12.toString());
                } else if (str8.equalsIgnoreCase("true")) {
                    z = true;
                } else {
                    if (!str8.equalsIgnoreCase("false")) {
                        StringBuffer stringBuffer13 = new StringBuffer("Invalid '");
                        stringBuffer13.append(ASelectProcessor.PARAM_FORCED_LOGON);
                        stringBuffer13.append("' found in request; the value must be TRUE or FALSE, but is: ");
                        stringBuffer13.append(str8);
                        this._logger.debug(stringBuffer13.toString());
                        throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
                    }
                    StringBuffer stringBuffer14 = new StringBuffer("Optional '");
                    stringBuffer14.append(ASelectProcessor.PARAM_FORCED_LOGON);
                    stringBuffer14.append("' found in request: ");
                    stringBuffer14.append(str8);
                    this._logger.debug(stringBuffer14.toString());
                }
                boolean z2 = false;
                String str9 = (String) request.getParameter(ASelectProcessor.PARAM_PASSIVE);
                if (str9 == null) {
                    StringBuffer stringBuffer15 = new StringBuffer("No optional '");
                    stringBuffer15.append(ASelectProcessor.PARAM_PASSIVE);
                    stringBuffer15.append("' found in request");
                    this._logger.debug(stringBuffer15.toString());
                } else if (str9.equalsIgnoreCase("true")) {
                    z2 = true;
                } else {
                    if (!str9.equalsIgnoreCase("false")) {
                        StringBuffer stringBuffer16 = new StringBuffer("Invalid '");
                        stringBuffer16.append(ASelectProcessor.PARAM_PASSIVE);
                        stringBuffer16.append("' found in request; the value must be TRUE or FALSE, but is: ");
                        stringBuffer16.append(str9);
                        this._logger.debug(stringBuffer16.toString());
                        throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
                    }
                    StringBuffer stringBuffer17 = new StringBuffer("Optional '");
                    stringBuffer17.append(ASelectProcessor.PARAM_PASSIVE);
                    stringBuffer17.append("' found in request: ");
                    stringBuffer17.append(str9);
                    this._logger.debug(stringBuffer17.toString());
                }
                String str10 = (String) request.getParameter(ASelectProcessor.PARAM_REMOTE_ORGANIZATION);
                if (str10 != null) {
                    StringBuffer stringBuffer18 = new StringBuffer("Optional '");
                    stringBuffer18.append(ASelectProcessor.PARAM_REMOTE_ORGANIZATION);
                    stringBuffer18.append("' found in request: ");
                    stringBuffer18.append(str10);
                    this._logger.debug(stringBuffer18.toString());
                }
                String str11 = (String) request.getParameter("arp_target");
                if (str11 != null) {
                    StringBuffer stringBuffer19 = new StringBuffer("Optional '");
                    stringBuffer19.append("arp_target");
                    stringBuffer19.append("' found in request: ");
                    stringBuffer19.append(str11);
                    this._logger.debug(stringBuffer19.toString());
                }
                IResponse response = iBinding.getResponse();
                if (response == null) {
                    this._logger.error("No response for request");
                    throw new ASelectException(ASelectErrors.ERROR_ASELECT_INTERNAL_ERROR);
                }
                try {
                } catch (ASelectException e) {
                    message = e.getMessage();
                    if (message.equals(ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST)) {
                        throw e;
                    }
                    requestorEventLogItem = new RequestorEventLogItem((String) null, (String) null, (SessionState) null, RequestorEvent.REQUEST_INVALID, (String) null, httpServletRequest.getRemoteAddr(), str2, this, "request=authenticate: " + message);
                }
                if (!this._OAServer.getID().equals(str)) {
                    StringBuffer stringBuffer20 = new StringBuffer("The server ID doesn't correspond to the supplied '");
                    stringBuffer20.append(ASelectProcessor.PARAM_ASELECTSERVER);
                    stringBuffer20.append("' parameter: ");
                    stringBuffer20.append(str);
                    this._logger.debug(stringBuffer20.toString());
                    throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
                }
                IRequestor requestor = this._requestorPoolFactory.getRequestor(str2);
                if (requestor == null) {
                    StringBuffer stringBuffer21 = new StringBuffer("Unknown '");
                    stringBuffer21.append(ASelectProcessor.PARAM_LOCAL_IDP);
                    stringBuffer21.append("' found in request: ");
                    stringBuffer21.append(str2);
                    this._logger.debug(stringBuffer21.toString());
                    throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_UNKNOWN_APP);
                }
                if (!requestor.isEnabled()) {
                    StringBuffer stringBuffer22 = new StringBuffer("Disabled '");
                    stringBuffer22.append(ASelectProcessor.PARAM_LOCAL_IDP);
                    stringBuffer22.append("' found in request: ");
                    stringBuffer22.append(str2);
                    this._logger.debug(stringBuffer22.toString());
                    throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_UNKNOWN_APP);
                }
                RequestorPool requestorPool = this._requestorPoolFactory.getRequestorPool(requestor.getID());
                if (requestorPool == null) {
                    this._logger.warn("Requestor not available in a pool: " + requestor.getID());
                    throw new ASelectException(ASelectErrors.ERROR_ASELECT_INTERNAL_ERROR);
                }
                if (!requestorPool.isEnabled()) {
                    StringBuffer stringBuffer23 = new StringBuffer("Requestor '");
                    stringBuffer23.append(str2);
                    stringBuffer23.append("' is found in a disabled requestor pool: ");
                    stringBuffer23.append(requestorPool.getID());
                    this._logger.warn(stringBuffer23.toString());
                    throw new ASelectException(ASelectErrors.ERROR_ASELECT_INTERNAL_ERROR);
                }
                ASelectRequestorPool aSelectRequestorPool = this._htASelectRequestorPools.get(requestorPool.getID());
                if (doSigning(requestorPool, aSelectRequestorPool, requestor)) {
                    String str12 = (String) request.getParameter(ASelectProcessor.PARAM_SIGNATURE);
                    if (str12 == null) {
                        StringBuffer stringBuffer24 = new StringBuffer("No '");
                        stringBuffer24.append(ASelectProcessor.PARAM_SIGNATURE);
                        stringBuffer24.append("' found in request");
                        this._logger.debug(stringBuffer24.toString());
                        throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
                    }
                    StringBuffer stringBuffer25 = new StringBuffer(str);
                    if (str11 != null) {
                        stringBuffer25.append(str11);
                    }
                    if (str6 != null) {
                        stringBuffer25.append(str6);
                    }
                    if (str8 != null) {
                        stringBuffer25.append(str8);
                    }
                    if (str7 != null) {
                        stringBuffer25.append(str7);
                    }
                    stringBuffer25.append(str3).append(str2);
                    if (str9 != null) {
                        stringBuffer25.append(str9);
                    }
                    if (str10 != null) {
                        stringBuffer25.append(str10);
                    }
                    stringBuffer25.append(str4);
                    if (str5 != null) {
                        stringBuffer25.append(str5);
                    }
                    if (!verifySignature(str12, requestor.getID(), stringBuffer25.toString())) {
                        this._logger.error("Invalid signature for request from requestor with id: " + requestor.getID());
                        throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
                    }
                }
                try {
                    new URL(str3);
                    iSession = this._sessionFactory.createSession(str2);
                    iSession.setForcedAuthentication(z);
                    iSession.setPassive(z2);
                    ISessionAttributes attributes = iSession.getAttributes();
                    attributes.put(ASelectProcessor.class, ASelectProcessor.SESSION_REQUESTOR_URL, str3);
                    int i = this._iDefaultAppLevel;
                    if (aSelectRequestorPool != null && (appLevel = aSelectRequestorPool.getAppLevel()) > 0) {
                        i = appLevel;
                    }
                    if (parseInt > i) {
                        StringBuffer stringBuffer26 = new StringBuffer("Not supported required level (");
                        stringBuffer26.append(parseInt);
                        stringBuffer26.append(") from requestor with id: ");
                        stringBuffer26.append(requestor.getID());
                        this._logger.warn(stringBuffer26.toString());
                        throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_INVALID_APP_LEVEL);
                    }
                    attributes.put(ProxyAttributes.class, "required_level", str4);
                    if (str5 != null) {
                        iSession.setForcedUserID(str5);
                    }
                    if (str11 != null) {
                        attributes.put(ProxyAttributes.class, "arp_target", str11);
                    }
                    if (str10 != null) {
                        Vector vector = new Vector();
                        vector.add(str10);
                        attributes.put(ProxyAttributes.class, "forced_organizations", vector);
                    }
                    Locale locale = null;
                    if (str7 != null) {
                        locale = str6 != null ? new Locale(str7, str6) : new Locale(str7);
                    } else if (str6 != null) {
                        locale = new Locale(Locale.getDefault().getLanguage(), str6);
                    }
                    iSession.setLocale(locale);
                    String str13 = this._sRedirectURL;
                    if (str13 == null) {
                        str13 = request.getRequestedURL();
                    }
                    StringBuffer stringBuffer27 = new StringBuffer(str13);
                    stringBuffer27.append("?request=login1");
                    iSession.persist();
                    response.setParameter(ASelectProcessor.PARAM_ASELECT_URL, stringBuffer27.toString());
                    response.setParameter(ASelectProcessor.PARAM_RID, iSession.getId());
                    message = ASelectErrors.ERROR_ASELECT_SUCCESS;
                    response.setParameter(ASelectProcessor.PARAM_RESULT_CODE, message);
                    response.setParameter(ASelectProcessor.PARAM_ASELECTSERVER, this._OAServer.getID());
                    if (requestorEventLogItem == null) {
                        requestorEventLogItem = new RequestorEventLogItem(iSession, httpServletRequest.getRemoteAddr(), RequestorEvent.AUTHN_INITIATION_SUCCESSFUL, this, "request=authenticate: IDP");
                    }
                    this._eventLogger.info(requestorEventLogItem);
                    response.send();
                } catch (MalformedURLException e2) {
                    StringBuffer stringBuffer28 = new StringBuffer("The supplied '");
                    stringBuffer28.append(ASelectProcessor.PARAM_LOCAL_IDP_URL);
                    stringBuffer28.append("' parameter isn't a URL: ");
                    stringBuffer28.append(str3);
                    this._logger.debug(stringBuffer28.toString(), e2);
                    throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_INVALID_APP_URL);
                }
            } catch (NumberFormatException e3) {
                StringBuffer stringBuffer29 = new StringBuffer("Invalid '");
                stringBuffer29.append("required_level");
                stringBuffer29.append("' found in request: ");
                stringBuffer29.append(str4);
                this._logger.debug(stringBuffer29.toString(), e3);
                throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
            }
        } catch (OAException e4) {
            this._eventLogger.info(0 != 0 ? new RequestorEventLogItem((ISession) null, httpServletRequest.getRemoteAddr(), RequestorEvent.REQUEST_INVALID, this, "request=authenticate: " + e4.getMessage()) : new RequestorEventLogItem((String) null, (String) null, (SessionState) null, RequestorEvent.REQUEST_INVALID, (String) null, httpServletRequest.getRemoteAddr(), (String) null, this, "request=authenticate: " + e4.getMessage()));
            throw new ASelectException(e4.getMessage());
        } catch (ASelectException e5) {
            this._eventLogger.info(new RequestorEventLogItem((String) null, (String) null, (SessionState) null, RequestorEvent.REQUEST_INVALID, (String) null, httpServletRequest.getRemoteAddr(), (String) null, this, "request=authenticate: " + e5.getMessage()));
            throw e5;
        } catch (Exception e6) {
            this._eventLogger.info(0 != 0 ? new RequestorEventLogItem((ISession) null, httpServletRequest.getRemoteAddr(), RequestorEvent.INTERNAL_ERROR, this, "request=authenticate") : new RequestorEventLogItem((String) null, (String) null, (SessionState) null, RequestorEvent.INTERNAL_ERROR, (String) null, httpServletRequest.getRemoteAddr(), (String) null, this, "request=authenticate"));
            this._logger.fatal("Internal error during 'authenticate' process", e6);
            throw new ASelectException(ASelectErrors.ERROR_ASELECT_INTERNAL_ERROR);
        }
    }

    public void verifyCredentials(HttpServletRequest httpServletRequest, IBinding iBinding) throws ASelectException {
        String message;
        String id;
        IAuthenticationProfile selectedAuthNProfile;
        ISession iSession = null;
        RequestorEventLogItem requestorEventLogItem = null;
        try {
            IRequest request = iBinding.getRequest();
            String str = (String) request.getParameter(ASelectProcessor.PARAM_ASELECTSERVER);
            if (str == null) {
                StringBuffer stringBuffer = new StringBuffer("No '");
                stringBuffer.append(ASelectProcessor.PARAM_ASELECTSERVER);
                stringBuffer.append("' found in request");
                this._logger.debug(stringBuffer.toString());
                throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
            }
            String str2 = (String) request.getParameter(ASelectProcessor.PARAM_RID);
            if (str2 == null) {
                StringBuffer stringBuffer2 = new StringBuffer("No '");
                stringBuffer2.append(ASelectProcessor.PARAM_RID);
                stringBuffer2.append("' found in request");
                this._logger.debug(stringBuffer2.toString());
                throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
            }
            if (!SessionValidator.validateDefaultSessionId(str2)) {
                StringBuffer stringBuffer3 = new StringBuffer("Invalid '");
                stringBuffer3.append(ASelectProcessor.PARAM_RID);
                stringBuffer3.append("' in request: ");
                stringBuffer3.append(str2);
                this._logger.warn(stringBuffer3.toString());
                throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
            }
            String str3 = (String) request.getParameter("aselect_credentials");
            if (str3 == null) {
                StringBuffer stringBuffer4 = new StringBuffer("No '");
                stringBuffer4.append("aselect_credentials");
                stringBuffer4.append("' found in request");
                this._logger.debug(stringBuffer4.toString());
                throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
            }
            if (!this._OAServer.getID().equals(str)) {
                StringBuffer stringBuffer5 = new StringBuffer("The server ID doesn't correspond to the supplied '");
                stringBuffer5.append(ASelectProcessor.PARAM_ASELECTSERVER);
                stringBuffer5.append("' parameter: ");
                stringBuffer5.append(str);
                this._logger.debug(stringBuffer5.toString());
                throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_ID_MISMATCH);
            }
            iSession = this._sessionFactory.retrieve(str2);
            if (iSession == null) {
                this._logger.debug("No session found with id: " + str2);
                throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
            }
            if (iSession.isExpired()) {
                StringBuffer stringBuffer6 = new StringBuffer("Expired session with id '");
                stringBuffer6.append(str2);
                stringBuffer6.append("' found in request sent from IP: ");
                stringBuffer6.append(httpServletRequest.getRemoteAddr());
                this._logger.warn(stringBuffer6.toString());
                throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_SESSION_EXPIRED);
            }
            String str4 = (String) iSession.getAttributes().get(ASelectProcessor.class, ASelectProcessor.SESSION_CREDENTIALS);
            if (str4 == null) {
                this._logger.debug("No session attribute found with with name: credentials");
                throw new ASelectException(ASelectErrors.ERROR_ASELECT_INTERNAL_ERROR);
            }
            if (!str4.equals(str3)) {
                StringBuffer stringBuffer7 = new StringBuffer("Credentials in session (");
                stringBuffer7.append(str4);
                stringBuffer7.append(") doesn't correspond to credentials in request: ");
                stringBuffer7.append(str3);
                this._logger.debug(stringBuffer7.toString());
                throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_UNKNOWN_TGT);
            }
            IResponse response = iBinding.getResponse();
            try {
                switch (AnonymousClass1.$SwitchMap$com$alfaariss$oa$api$session$SessionState[iSession.getState().ordinal()]) {
                    case 1:
                        IUser user = iSession.getUser();
                        if (user == null) {
                            this._logger.debug("No User found in session");
                            throw new ASelectException(ASelectErrors.ERROR_ASELECT_INTERNAL_ERROR);
                        }
                        RequestorPool requestorPool = this._requestorPoolFactory.getRequestorPool(iSession.getRequestorId());
                        if (requestorPool == null) {
                            this._logger.debug("No Requestor Pool found for requestor id: " + iSession.getRequestorId());
                            throw new ASelectException(ASelectErrors.ERROR_ASELECT_INTERNAL_ERROR);
                        }
                        IRequestor requestor = this._requestorPoolFactory.getRequestor(iSession.getRequestorId());
                        if (requestor == null) {
                            this._logger.debug("No Requestor found with id: " + iSession.getRequestorId());
                            throw new ASelectException(ASelectErrors.ERROR_ASELECT_INTERNAL_ERROR);
                        }
                        ASelectRequestorPool aSelectRequestorPool = this._htASelectRequestorPools.get(requestorPool.getID());
                        String appLevel = getAppLevel(requestorPool, aSelectRequestorPool, requestor);
                        if (doSigning(requestorPool, aSelectRequestorPool, requestor)) {
                            String str5 = (String) request.getParameter(ASelectProcessor.PARAM_SIGNATURE);
                            String id2 = requestor.getID();
                            if (str5 == null) {
                                StringBuffer stringBuffer8 = new StringBuffer("No '");
                                stringBuffer8.append(ASelectProcessor.PARAM_SIGNATURE);
                                stringBuffer8.append("' found in request");
                                this._logger.debug(stringBuffer8.toString());
                                throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
                            }
                            StringBuffer stringBuffer9 = new StringBuffer(str);
                            stringBuffer9.append(str3);
                            stringBuffer9.append(id2);
                            stringBuffer9.append(str2);
                            if (!verifySignature(str5, id2, stringBuffer9.toString())) {
                                this._logger.error("Invalid signature for request from requestor with id: " + requestor.getID());
                                throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
                            }
                        }
                        long j = 0;
                        ITGT itgt = null;
                        String tGTId = iSession.getTGTId();
                        if (tGTId != null) {
                            itgt = this._tgtFactory.retrieve(tGTId);
                            if (itgt == null) {
                                this._logger.warn("No TGT ID found in session");
                                throw new ASelectException(ASelectErrors.ERROR_ASELECT_INTERNAL_ERROR);
                            }
                            j = itgt.getTgtExpTime().getTime();
                            id = getHighestAuthNProfile(itgt.getAuthNProfileIDs());
                            if (id == null && (selectedAuthNProfile = iSession.getSelectedAuthNProfile()) != null) {
                                id = selectedAuthNProfile.getID();
                            }
                            if (id == null) {
                                id = (String) itgt.getAuthNProfileIDs().get(0);
                            }
                        } else {
                            IAuthenticationProfile selectedAuthNProfile2 = iSession.getSelectedAuthNProfile();
                            if (selectedAuthNProfile2 == null) {
                                this._logger.warn("No authentication profile found in Session");
                                throw new ASelectException(ASelectErrors.ERROR_ASELECT_INTERNAL_ERROR);
                            }
                            id = selectedAuthNProfile2.getID();
                        }
                        Integer authSPLevel = getAuthSPLevel(id);
                        try {
                            String uid = getUid(user, aSelectRequestorPool, requestorPool, requestor);
                            String str6 = null;
                            IAttributes attributes = user.getAttributes();
                            if (attributes != null && attributes.size() > 0) {
                                str6 = serializeAttributes(attributes);
                            }
                            response = iBinding.getResponse();
                            response.setParameter(ASelectProcessor.PARAM_ORGANIZATION, user.getOrganization());
                            response.setParameter(ASelectProcessor.PARAM_UID, uid);
                            response.setParameter(ASelectProcessor.PARAM_TGT_EXP_TIME, String.valueOf(j));
                            response.setParameter(ASelectProcessor.PARAM_APP_LEVEL, appLevel);
                            response.setParameter(ASelectProcessor.PARAM_AUTHSP, id);
                            response.setParameter(ASelectProcessor.PARAM_ASP, id);
                            response.setParameter(ASelectProcessor.PARAM_AUTHSP_LEVEL, String.valueOf(authSPLevel));
                            response.setParameter(ASelectProcessor.PARAM_ASP_LEVEL, String.valueOf(authSPLevel));
                            if (str6 != null) {
                                response.setParameter(ASelectProcessor.PARAM_ATTRIBUTES, str6);
                            }
                            message = ASelectErrors.ERROR_ASELECT_SUCCESS;
                            break;
                        } catch (ASelectException e) {
                            if (itgt != null) {
                                itgt.removeRequestorID(requestor.getID());
                                this._aliasStoreSPRole.removeAlias("aselect_credentials", requestor.getID(), str3);
                                if (itgt.getRequestorIDs().size() == 0) {
                                    itgt.expire();
                                    itgt.persist();
                                }
                            }
                            throw e;
                        }
                        break;
                    case 2:
                        message = ASelectErrors.ERROR_ASELECT_SERVER_CANCEL;
                        break;
                    case 3:
                        message = ASelectErrors.ERROR_ASELECT_AUTHSP_COULD_NOT_AUTHENTICATE_USER;
                        break;
                    case 4:
                        message = ASelectErrors.ERROR_ASELECT_AUTHSP_COULD_NOT_AUTHENTICATE_USER;
                        break;
                    case 5:
                        message = ASelectErrors.ERROR_ASELECT_AUTHSP_COULD_NOT_AUTHENTICATE_USER;
                        break;
                    case 6:
                        message = ASelectErrors.ERROR_USER_BLOCKED;
                        break;
                    case 7:
                        message = ASelectErrors.ERROR_ASELECT_UDB_UNKNOWN_USER;
                        break;
                    case 8:
                        message = ASelectErrors.ERROR_PASSIVE_FAILED;
                        break;
                    default:
                        message = ASelectErrors.ERROR_ASELECT_INTERNAL_ERROR;
                        break;
                }
            } catch (ASelectException e2) {
                message = e2.getMessage();
                if (message.equals(ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST)) {
                    throw e2;
                }
                requestorEventLogItem = new RequestorEventLogItem(iSession, httpServletRequest.getRemoteAddr(), RequestorEvent.TOKEN_DEREFERENCE_SUCCESSFUL, this, "request=verify_credentials: IDP");
            }
            response.setParameter(ASelectProcessor.PARAM_RESULT_CODE, message);
            response.setParameter(ASelectProcessor.PARAM_ASELECTSERVER, this._OAServer.getID());
            if (requestorEventLogItem == null) {
                requestorEventLogItem = new RequestorEventLogItem(iSession, httpServletRequest.getRemoteAddr(), RequestorEvent.TOKEN_DEREFERENCE_SUCCESSFUL, this, "request=verify_credentials: IDP");
            }
            this._eventLogger.info(requestorEventLogItem);
            this._logger.debug("Remove session id: " + str2);
            iSession.expire();
            iSession.persist();
            response.send();
            StringBuffer stringBuffer10 = new StringBuffer("Send verify_credentials response with '");
            stringBuffer10.append(ASelectProcessor.PARAM_RESULT_CODE);
            stringBuffer10.append("': ");
            stringBuffer10.append(message);
            this._logger.debug(stringBuffer10.toString());
        } catch (ASelectException e3) {
            this._eventLogger.info(iSession != null ? new RequestorEventLogItem(iSession, httpServletRequest.getRemoteAddr(), RequestorEvent.REQUEST_INVALID, this, "request=verify_credentials: " + e3.getMessage()) : new RequestorEventLogItem((String) null, (String) null, (SessionState) null, RequestorEvent.REQUEST_INVALID, (String) null, httpServletRequest.getRemoteAddr(), (String) null, this, "request=verify_credentials: " + e3.getMessage()));
            throw e3;
        } catch (Exception e4) {
            this._eventLogger.info(iSession != null ? new RequestorEventLogItem(iSession, httpServletRequest.getRemoteAddr(), RequestorEvent.INTERNAL_ERROR, this, "request=verify_credentials") : new RequestorEventLogItem((String) null, (String) null, (SessionState) null, RequestorEvent.INTERNAL_ERROR, (String) null, httpServletRequest.getRemoteAddr(), (String) null, this, "request=verify_credentials"));
            this._logger.fatal("Internal error during 'verify_crendentials' process", e4);
            throw new ASelectException(ASelectErrors.ERROR_ASELECT_INTERNAL_ERROR);
        }
    }

    public void slo(HttpServletRequest httpServletRequest, IBinding iBinding) throws ASelectException {
        String message;
        ISession iSession = null;
        RequestorEventLogItem requestorEventLogItem = null;
        try {
            IRequest request = iBinding.getRequest();
            String str = (String) request.getParameter(ASelectProcessor.PARAM_ASELECTSERVER);
            if (str == null) {
                StringBuffer stringBuffer = new StringBuffer("No '");
                stringBuffer.append(ASelectProcessor.PARAM_ASELECTSERVER);
                stringBuffer.append("' found in request");
                this._logger.debug(stringBuffer.toString());
                throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
            }
            String str2 = (String) request.getParameter(ASelectProcessor.PARAM_LOCAL_IDP);
            if (str2 == null) {
                StringBuffer stringBuffer2 = new StringBuffer("No '");
                stringBuffer2.append(ASelectProcessor.PARAM_LOCAL_IDP);
                stringBuffer2.append("' found in request");
                this._logger.debug(stringBuffer2.toString());
                throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
            }
            String str3 = (String) request.getParameter(ASelectProcessor.PARAM_LOCAL_IDP_URL);
            if (str3 == null) {
                StringBuffer stringBuffer3 = new StringBuffer("No '");
                stringBuffer3.append(ASelectProcessor.PARAM_LOCAL_IDP_URL);
                stringBuffer3.append("' found in request");
                this._logger.debug(stringBuffer3.toString());
                throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
            }
            String str4 = (String) request.getParameter("aselect_credentials");
            if (str4 == null) {
                StringBuffer stringBuffer4 = new StringBuffer("No '");
                stringBuffer4.append("aselect_credentials");
                stringBuffer4.append("' found in request");
                this._logger.debug(stringBuffer4.toString());
                throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
            }
            IResponse response = iBinding.getResponse();
            if (response == null) {
                this._logger.error("No response for request");
                throw new ASelectException(ASelectErrors.ERROR_ASELECT_INTERNAL_ERROR);
            }
            try {
            } catch (ASelectException e) {
                message = e.getMessage();
                if (message.equals(ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST)) {
                    throw e;
                }
                requestorEventLogItem = new RequestorEventLogItem((String) null, (String) null, (SessionState) null, RequestorEvent.REQUEST_INVALID, (String) null, httpServletRequest.getRemoteAddr(), str2, this, "request=slo: " + message);
            }
            if (!this._OAServer.getID().equals(str)) {
                StringBuffer stringBuffer5 = new StringBuffer("The server ID doesn't correspond to the supplied '");
                stringBuffer5.append(ASelectProcessor.PARAM_ASELECTSERVER);
                stringBuffer5.append("' parameter: ");
                stringBuffer5.append(str);
                this._logger.debug(stringBuffer5.toString());
                throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_ID_MISMATCH);
            }
            IRequestor requestor = this._requestorPoolFactory.getRequestor(str2);
            if (requestor == null) {
                StringBuffer stringBuffer6 = new StringBuffer("Unknown '");
                stringBuffer6.append(ASelectProcessor.PARAM_LOCAL_IDP);
                stringBuffer6.append("' found in request: ");
                stringBuffer6.append(str2);
                this._logger.debug(stringBuffer6.toString());
                throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_UNKNOWN_APP);
            }
            if (!requestor.isEnabled()) {
                StringBuffer stringBuffer7 = new StringBuffer("Disabled '");
                stringBuffer7.append(ASelectProcessor.PARAM_LOCAL_IDP);
                stringBuffer7.append("' found in request: ");
                stringBuffer7.append(str2);
                this._logger.debug(stringBuffer7.toString());
                throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_UNKNOWN_APP);
            }
            RequestorPool requestorPool = this._requestorPoolFactory.getRequestorPool(requestor.getID());
            if (requestorPool == null) {
                this._logger.warn("Requestor not available in a pool: " + requestor.getID());
                throw new ASelectException(ASelectErrors.ERROR_ASELECT_INTERNAL_ERROR);
            }
            if (!requestorPool.isEnabled()) {
                StringBuffer stringBuffer8 = new StringBuffer("Requestor '");
                stringBuffer8.append(str2);
                stringBuffer8.append("' is found in a disabled requestor pool: ");
                stringBuffer8.append(requestorPool.getID());
                this._logger.warn(stringBuffer8.toString());
                throw new ASelectException(ASelectErrors.ERROR_ASELECT_INTERNAL_ERROR);
            }
            if (doSigning(requestorPool, this._htASelectRequestorPools.get(requestorPool.getID()), requestor)) {
                String str5 = (String) request.getParameter(ASelectProcessor.PARAM_SIGNATURE);
                if (str5 == null) {
                    StringBuffer stringBuffer9 = new StringBuffer("No '");
                    stringBuffer9.append(ASelectProcessor.PARAM_SIGNATURE);
                    stringBuffer9.append("' found in request");
                    this._logger.debug(stringBuffer9.toString());
                    throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
                }
                Hashtable hashtable = new Hashtable();
                hashtable.put(ASelectProcessor.PARAM_ASELECTSERVER, str);
                hashtable.put("aselect_credentials", str4);
                hashtable.put(ASelectProcessor.PARAM_LOCAL_IDP_URL, str3);
                hashtable.put(ASelectProcessor.PARAM_LOCAL_IDP, str2);
                if (!verifySignature(str5, requestor.getID(), hashtable)) {
                    this._logger.error("Invalid signature for request from requestor with id: " + requestor.getID());
                    throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
                }
            }
            if (!this._aliasStoreSPRole.isAlias("aselect_credentials", str2, str4)) {
                this._logger.debug("Unknown credentials supplied in request: " + str4);
                throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_UNKNOWN_TGT);
            }
            try {
                new URL(str3);
                String str6 = this._sRedirectURL;
                if (str6 == null) {
                    str6 = request.getRequestedURL();
                }
                iSession = this._sessionFactory.createSession(str2);
                iSession.getAttributes().put(ASelectProcessor.class, ASelectProcessor.SESSION_REQUESTOR_URL, str3);
                iSession.persist();
                StringBuffer stringBuffer10 = new StringBuffer(str6);
                stringBuffer10.append("?request=logout");
                response.setParameter(ASelectProcessor.PARAM_ASELECT_URL, stringBuffer10.toString());
                response.setParameter(ASelectProcessor.PARAM_RID, iSession.getId());
                message = ASelectErrors.ERROR_ASELECT_SUCCESS;
                response.setParameter(ASelectProcessor.PARAM_RESULT_CODE, message);
                response.setParameter(ASelectProcessor.PARAM_ASELECTSERVER, this._OAServer.getID());
                if (requestorEventLogItem == null) {
                    requestorEventLogItem = new RequestorEventLogItem(iSession, httpServletRequest.getRemoteAddr(), RequestorEvent.LOGOUT_INITIATION_SUCCESSFUL, this, "request=slo: IDP");
                }
                this._eventLogger.info(requestorEventLogItem);
                response.send();
            } catch (MalformedURLException e2) {
                StringBuffer stringBuffer11 = new StringBuffer("The supplied '");
                stringBuffer11.append(ASelectProcessor.PARAM_LOCAL_IDP_URL);
                stringBuffer11.append("' parameter isn't an URL: ");
                stringBuffer11.append(str3);
                this._logger.debug(stringBuffer11.toString(), e2);
                throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_INVALID_APP_URL);
            }
        } catch (ASelectException e3) {
            this._eventLogger.info(new RequestorEventLogItem((String) null, (String) null, (SessionState) null, RequestorEvent.REQUEST_INVALID, (String) null, httpServletRequest.getRemoteAddr(), (String) null, this, "request=slo: " + e3.getMessage()));
            throw e3;
        } catch (Exception e4) {
            this._eventLogger.info(0 != 0 ? new RequestorEventLogItem((ISession) null, httpServletRequest.getRemoteAddr(), RequestorEvent.INTERNAL_ERROR, this, "request=slo") : new RequestorEventLogItem((String) null, (String) null, (SessionState) null, RequestorEvent.INTERNAL_ERROR, (String) null, httpServletRequest.getRemoteAddr(), (String) null, this, "request=slo"));
            this._logger.fatal("Internal error during 'slo' process", e4);
            throw new ASelectException(ASelectErrors.ERROR_ASELECT_INTERNAL_ERROR);
        } catch (OAException e5) {
            this._eventLogger.info(0 != 0 ? new RequestorEventLogItem((ISession) null, httpServletRequest.getRemoteAddr(), RequestorEvent.REQUEST_INVALID, this, "request=slo: " + e5.getMessage()) : new RequestorEventLogItem((String) null, (String) null, (SessionState) null, RequestorEvent.REQUEST_INVALID, (String) null, httpServletRequest.getRemoteAddr(), (String) null, this, "request=slo: " + e5.getMessage()));
            throw new ASelectException(e5.getMessage());
        }
    }
}
