package com.alfaariss.oa.profile.aselect.processor.handler;

import com.alfaariss.oa.OAException;
import com.alfaariss.oa.RequestorEvent;
import com.alfaariss.oa.UserEvent;
import com.alfaariss.oa.api.attribute.IAttributes;
import com.alfaariss.oa.api.configuration.IConfigurationManager;
import com.alfaariss.oa.api.logging.IAuthority;
import com.alfaariss.oa.api.requestor.IRequestor;
import com.alfaariss.oa.api.session.SessionState;
import com.alfaariss.oa.api.tgt.ITGT;
import com.alfaariss.oa.api.tgt.TGTEventError;
import com.alfaariss.oa.api.tgt.TGTListenerException;
import com.alfaariss.oa.api.user.IUser;
import com.alfaariss.oa.authentication.remote.aselect.idp.storage.ASelectIDP;
import com.alfaariss.oa.engine.core.Engine;
import com.alfaariss.oa.engine.core.authentication.AuthenticationException;
import com.alfaariss.oa.engine.core.authentication.factory.IAuthenticationProfileFactory;
import com.alfaariss.oa.engine.core.crypto.CryptoException;
import com.alfaariss.oa.engine.core.crypto.CryptoManager;
import com.alfaariss.oa.engine.core.idp.IDPStorageManager;
import com.alfaariss.oa.engine.core.requestor.RequestorPool;
import com.alfaariss.oa.engine.core.requestor.factory.IRequestorPoolFactory;
import com.alfaariss.oa.engine.core.server.Server;
import com.alfaariss.oa.engine.core.session.factory.ISessionFactory;
import com.alfaariss.oa.engine.core.tgt.factory.ITGTAliasStore;
import com.alfaariss.oa.engine.core.tgt.factory.ITGTFactory;
import com.alfaariss.oa.profile.aselect.ASelectErrors;
import com.alfaariss.oa.profile.aselect.ASelectException;
import com.alfaariss.oa.profile.aselect.binding.IBinding;
import com.alfaariss.oa.profile.aselect.binding.IRequest;
import com.alfaariss.oa.profile.aselect.binding.IResponse;
import com.alfaariss.oa.profile.aselect.processor.ASelectProcessor;
import com.alfaariss.oa.util.logging.RequestorEventLogItem;
import java.net.URLEncoder;
import java.security.MessageDigest;
import java.security.Signature;
import java.security.cert.Certificate;
import java.util.Enumeration;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.TreeSet;
import java.util.Vector;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.w3c.dom.Element;

/* loaded from: input_file:com/alfaariss/oa/profile/aselect/processor/handler/AbstractAPIHandler.class */
public class AbstractAPIHandler implements IAuthority {
    protected Log _logger;
    protected Log _eventLogger;
    protected Server _OAServer;
    protected ISessionFactory _sessionFactory;
    protected IRequestorPoolFactory _requestorPoolFactory;
    protected IAuthenticationProfileFactory _authnProfileFactory;
    protected ITGTFactory _tgtFactory;
    protected String _sRedirectURL;
    protected boolean _bEnabled;
    protected Hashtable<String, Integer> _htAuthSPLevels;
    protected int _iDefaultAuthSPLevel;
    protected Hashtable<String, ASelectRequestorPool> _htASelectRequestorPools;
    protected int _iDefaultAppLevel;
    protected ITGTAliasStore _aliasStoreSPRole;
    protected ITGTAliasStore _aliasStoreIDPRole;
    protected IDPStorageManager _idpStorageManager;
    private static final String PROPERTY_SIGN_REQUESTS = ".sign.requests";
    private static final String PROPERTY_APP_LEVEL = ".app_level";
    private static final String PROPERTY_UID_ATTRIBUTE = ".uid.attribute";
    private static final String PROPERTY_UID_OPAQUE_ENABLED = ".uid.opaque.enabled";
    private static final String PROPERTY_UID_OPAQUE_SALT = ".uid.opaque.salt";
    private static final String PROPERTY_AUTHSP_LEVEL = ".authsp_level";
    private String _sProfileID;
    private CryptoManager _cryptoManager;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.alfaariss.oa.profile.aselect.processor.handler.AbstractAPIHandler$1, reason: invalid class name */
    /* loaded from: input_file:com/alfaariss/oa/profile/aselect/processor/handler/AbstractAPIHandler$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$alfaariss$oa$RequestorEvent;
        static final /* synthetic */ int[] $SwitchMap$com$alfaariss$oa$UserEvent = new int[UserEvent.values().length];

        static {
            try {
                $SwitchMap$com$alfaariss$oa$UserEvent[UserEvent.USER_LOGOUT_PARTIALLY.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$alfaariss$oa$UserEvent[UserEvent.USER_LOGOUT_IN_PROGRESS.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$com$alfaariss$oa$UserEvent[UserEvent.USER_LOGOUT_FAILED.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            $SwitchMap$com$alfaariss$oa$RequestorEvent = new int[RequestorEvent.values().length];
            try {
                $SwitchMap$com$alfaariss$oa$RequestorEvent[RequestorEvent.LOGOUT_PARTIALLY.ordinal()] = 1;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$com$alfaariss$oa$RequestorEvent[RequestorEvent.LOGOUT_FAILED.ordinal()] = 2;
            } catch (NoSuchFieldError e5) {
            }
        }
    }

    public AbstractAPIHandler(IConfigurationManager iConfigurationManager, Element element, String str, Hashtable<String, Integer> hashtable, int i, String str2) throws OAException {
        try {
            this._logger = LogFactory.getLog(AbstractAPIHandler.class);
            this._eventLogger = LogFactory.getLog("com.alfaariss.oa.EventLogger");
            this._htAuthSPLevels = hashtable;
            this._iDefaultAuthSPLevel = i;
            this._sProfileID = str2;
            this._bEnabled = false;
            if (element != null) {
                String param = iConfigurationManager.getParam(element, "enabled");
                if (param == null) {
                    this._logger.info("No optional 'enabled' parameter found in handler section in configuration");
                    this._bEnabled = true;
                } else if (param.equalsIgnoreCase("true")) {
                    this._logger.info("Request handler is enabled");
                    this._bEnabled = true;
                } else {
                    if (!param.equalsIgnoreCase("false")) {
                        this._logger.error("Wrong 'enabled' parameter found in handler section in configuration: " + param);
                        throw new OAException(17);
                    }
                    this._logger.info("Request handler is disabled");
                    this._bEnabled = false;
                }
            }
            if (this._bEnabled) {
                Engine engine = Engine.getInstance();
                this._OAServer = engine.getServer();
                this._sessionFactory = engine.getSessionFactory();
                this._requestorPoolFactory = engine.getRequestorPoolFactory();
                this._tgtFactory = engine.getTGTFactory();
                this._aliasStoreSPRole = this._tgtFactory.getAliasStoreSP();
                this._aliasStoreIDPRole = this._tgtFactory.getAliasStoreIDP();
                this._idpStorageManager = engine.getIDPStorageManager();
                this._authnProfileFactory = engine.getAuthenticationProfileFactory();
                this._cryptoManager = engine.getCryptoManager();
                if (this._cryptoManager == null) {
                    this._logger.error("No crypto manager available");
                    throw new OAException(2);
                }
                this._sRedirectURL = str;
                String param2 = iConfigurationManager.getParam(element, ASelectProcessor.PARAM_APP_LEVEL);
                if (param2 == null) {
                    this._logger.error("No default 'app_level' item in handler section found in configuration");
                    throw new OAException(17);
                }
                try {
                    this._iDefaultAppLevel = Integer.valueOf(param2).intValue();
                    this._logger.info("Configured default 'app_level': " + param2);
                    this._htASelectRequestorPools = new Hashtable<>();
                    Element section = iConfigurationManager.getSection(element, "requestorpool");
                    while (section != null) {
                        ASelectRequestorPool aSelectRequestorPool = new ASelectRequestorPool(iConfigurationManager, section);
                        String id = aSelectRequestorPool.getID();
                        if (this._htASelectRequestorPools.containsKey(id)) {
                            this._logger.warn("The configured 'requestorpool' doesn't have a unique id: " + id);
                            throw new OAException(2);
                        }
                        if (!this._requestorPoolFactory.isPool(id)) {
                            this._logger.warn("The configured 'requestorpool' doesn't exist as a requestor pool: " + id);
                            throw new OAException(2);
                        }
                        this._htASelectRequestorPools.put(id, aSelectRequestorPool);
                        this._logger.info("Configured: " + aSelectRequestorPool);
                        section = iConfigurationManager.getNextSection(section);
                    }
                } catch (NumberFormatException e) {
                    this._logger.error("The configured default 'app_level' parameter isn't a number: " + param2, e);
                    throw new OAException(2);
                }
            }
        } catch (OAException e2) {
            throw e2;
        } catch (Exception e3) {
            this._logger.fatal("Internal error during object creation", e3);
            throw new OAException(1);
        }
    }

    public boolean isEnabled() {
        return this._bEnabled;
    }

    public String getAuthority() {
        return ASelectProcessor.AUTHORITY_NAME;
    }

    public void doRequestorSynchronousLogout(HttpServletRequest httpServletRequest, IBinding iBinding, String str, String str2, String str3) throws ASelectException {
        String message;
        RequestorEventLogItem requestorEventLogItem;
        RequestorEvent requestorEvent;
        ITGT retrieve;
        try {
            if (str == null && str2 == null) {
                this._logger.debug("No 'requestor' or 'app_id' found in request");
                throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
            }
            if (str3 == null) {
                StringBuffer stringBuffer = new StringBuffer("No '");
                stringBuffer.append("aselect_credentials");
                stringBuffer.append("' found in request");
                this._logger.debug(stringBuffer.toString());
                throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
            }
            IRequest request = iBinding.getRequest();
            if (str == null) {
                str = str2;
            }
            IRequestor requestor = this._requestorPoolFactory.getRequestor(str);
            if (requestor == null) {
                this._logger.debug("Unknown 'requestor' or 'app_id' found in request: " + str);
                throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_UNKNOWN_APP);
            }
            String str4 = (String) request.getParameter(ASelectProcessor.PARAM_REASON);
            if (str4 != null) {
                StringBuffer stringBuffer2 = new StringBuffer("Received optional '");
                stringBuffer2.append(ASelectProcessor.PARAM_REASON);
                stringBuffer2.append("' in request from requestor: ");
                stringBuffer2.append(requestor.getID());
                this._logger.debug(stringBuffer2.toString());
            }
            IResponse response = iBinding.getResponse();
            if (response == null) {
                this._logger.error("No response for request");
                throw new ASelectException(ASelectErrors.ERROR_ASELECT_INTERNAL_ERROR);
            }
            try {
            } catch (ASelectException e) {
                message = e.getMessage();
                if (message.equals(ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST)) {
                    throw e;
                }
                requestorEventLogItem = new RequestorEventLogItem((String) null, (String) null, (SessionState) null, RequestorEvent.REQUEST_INVALID, (String) null, httpServletRequest.getRemoteAddr(), requestor.getID(), this, "slogout SP role: " + message);
            }
            if (!requestor.isEnabled()) {
                StringBuffer stringBuffer3 = new StringBuffer("Disabled '");
                stringBuffer3.append(ASelectProcessor.PARAM_LOCAL_IDP);
                stringBuffer3.append("' found in request: ");
                stringBuffer3.append(requestor.getID());
                this._logger.debug(stringBuffer3.toString());
                throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_UNKNOWN_APP);
            }
            RequestorPool requestorPool = this._requestorPoolFactory.getRequestorPool(requestor.getID());
            if (requestorPool == null) {
                this._logger.warn("Requestor not available in a pool: " + requestor.getID());
                throw new ASelectException(ASelectErrors.ERROR_ASELECT_INTERNAL_ERROR);
            }
            if (!requestorPool.isEnabled()) {
                StringBuffer stringBuffer4 = new StringBuffer("Requestor '");
                stringBuffer4.append(requestor.getID());
                stringBuffer4.append("' is found in a disabled requestor pool: ");
                stringBuffer4.append(requestorPool.getID());
                this._logger.warn(stringBuffer4.toString());
                throw new ASelectException(ASelectErrors.ERROR_ASELECT_INTERNAL_ERROR);
            }
            if (doSigning(requestorPool, this._htASelectRequestorPools.get(requestorPool.getID()), requestor)) {
                String str5 = (String) request.getParameter(ASelectProcessor.PARAM_SIGNATURE);
                if (str5 == null) {
                    StringBuffer stringBuffer5 = new StringBuffer("No '");
                    stringBuffer5.append(ASelectProcessor.PARAM_SIGNATURE);
                    stringBuffer5.append("' found in request");
                    this._logger.debug(stringBuffer5.toString());
                    throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
                }
                Hashtable hashtable = new Hashtable();
                hashtable.put("aselect_credentials", str3);
                if (str != null) {
                    hashtable.put(ASelectProcessor.PARAM_REQUESTORID, str);
                }
                if (str2 != null) {
                    hashtable.put(ASelectProcessor.PARAM_APPID, str2);
                }
                if (str4 != null) {
                    hashtable.put(ASelectProcessor.PARAM_REASON, str4);
                }
                if (!verifySignature(str5, requestor.getID(), hashtable)) {
                    this._logger.error("Invalid signature for request from requestor with id: " + requestor.getID());
                    throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
                }
            }
            if (str4 != null && !ASelectProcessor.VALUE_REASON_TIMEOUT.equalsIgnoreCase(str4)) {
                this._logger.debug("Invalid reason in request from SP with id: " + requestor.getID());
                throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
            }
            RequestorEvent requestorEvent2 = RequestorEvent.LOGOUT_FAILED;
            if (this._aliasStoreSPRole == null) {
                this._logger.debug("TGT Factory has no alias support");
                message = ASelectErrors.ERROR_LOGOUT_FAILED;
                requestorEvent = RequestorEvent.LOGOUT_FAILED;
            } else {
                message = ASelectErrors.ERROR_ASELECT_SUCCESS;
                requestorEvent = RequestorEvent.LOGOUT_SUCCESS;
                String tgtid = this._aliasStoreSPRole.getTGTID("aselect_credentials", requestor.getID(), str3);
                if (tgtid != null && (retrieve = this._tgtFactory.retrieve(tgtid)) != null && !retrieve.isExpired()) {
                    this._aliasStoreSPRole.removeAlias("aselect_credentials", requestor.getID(), str3);
                    if (str4 == null || retrieve.getRequestorIDs().size() <= 1) {
                        try {
                            if (str4 != null) {
                                retrieve.clean();
                            } else {
                                retrieve.expire();
                                retrieve.persist();
                            }
                        } catch (TGTListenerException e2) {
                            requestorEvent = getLogoutResult(e2.getErrors());
                            switch (AnonymousClass1.$SwitchMap$com$alfaariss$oa$RequestorEvent[requestorEvent.ordinal()]) {
                                case 1:
                                    message = ASelectErrors.ERROR_LOGOUT_PARTIALLY;
                                    break;
                                case 2:
                                default:
                                    message = ASelectErrors.ERROR_LOGOUT_FAILED;
                                    break;
                            }
                        }
                    } else {
                        retrieve.removeRequestorID(requestor.getID());
                        retrieve.persist();
                        message = ASelectErrors.ERROR_LOGOUT_PARTIALLY;
                        requestorEvent = RequestorEvent.LOGOUT_PARTIALLY;
                    }
                }
            }
            requestorEventLogItem = new RequestorEventLogItem((String) null, (String) null, (SessionState) null, requestorEvent, (String) null, httpServletRequest.getRemoteAddr(), (String) null, this, "slogout SP role");
            response.setParameter(ASelectProcessor.PARAM_RESULT_CODE, message);
            this._eventLogger.info(requestorEventLogItem);
            response.send();
        } catch (ASelectException e3) {
            throw e3;
        } catch (Exception e4) {
            this._eventLogger.info(new RequestorEventLogItem((String) null, (String) null, (SessionState) null, RequestorEvent.INTERNAL_ERROR, (String) null, httpServletRequest.getRemoteAddr(), (String) null, this, "request=logout"));
            this._logger.fatal("Internal error during 'logout' process", e4);
            throw new ASelectException(ASelectErrors.ERROR_ASELECT_INTERNAL_ERROR);
        } catch (OAException e5) {
            this._eventLogger.info(new RequestorEventLogItem((String) null, (String) null, (SessionState) null, RequestorEvent.REQUEST_INVALID, (String) null, httpServletRequest.getRemoteAddr(), (String) null, this, "request=logout: " + e5.getMessage()));
            throw new ASelectException(e5.getMessage());
        }
    }

    public void doOrganizationSynchronousLogout(HttpServletRequest httpServletRequest, IBinding iBinding, String str, String str2) throws ASelectException {
        String message;
        RequestorEventLogItem requestorEventLogItem;
        RequestorEvent requestorEvent;
        ITGT retrieve;
        try {
            if (str == null) {
                StringBuffer stringBuffer = new StringBuffer("No '");
                stringBuffer.append(ASelectProcessor.PARAM_LOCAL_IDP);
                stringBuffer.append("' found in request");
                this._logger.debug(stringBuffer.toString());
                throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
            }
            if (str2 == null) {
                StringBuffer stringBuffer2 = new StringBuffer("No '");
                stringBuffer2.append("aselect_credentials");
                stringBuffer2.append("' found in request");
                this._logger.debug(stringBuffer2.toString());
                throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
            }
            IRequest request = iBinding.getRequest();
            ASelectIDP idp = this._idpStorageManager.getIDP(str);
            if (idp == null) {
                this._logger.debug("Unknown 'local_organization' found in request: " + str);
                throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_UNKNOWN_APP);
            }
            String str3 = (String) request.getParameter(ASelectProcessor.PARAM_REASON);
            if (str3 != null) {
                StringBuffer stringBuffer3 = new StringBuffer("Received optional '");
                stringBuffer3.append(ASelectProcessor.PARAM_REASON);
                stringBuffer3.append("' in request from idp: ");
                stringBuffer3.append(idp.getID());
                this._logger.debug(stringBuffer3.toString());
            }
            if (!(idp instanceof ASelectIDP)) {
                this._logger.debug("Supplied 'local_organization' is not of type ASelectIDP: " + idp.getID());
                throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_UNKNOWN_APP);
            }
            ASelectIDP aSelectIDP = idp;
            IResponse response = iBinding.getResponse();
            if (response == null) {
                this._logger.error("No response for request");
                throw new ASelectException(ASelectErrors.ERROR_ASELECT_INTERNAL_ERROR);
            }
            try {
                if (aSelectIDP.doSigning()) {
                    String str4 = (String) request.getParameter(ASelectProcessor.PARAM_SIGNATURE);
                    if (str4 == null) {
                        StringBuffer stringBuffer4 = new StringBuffer("No '");
                        stringBuffer4.append(ASelectProcessor.PARAM_SIGNATURE);
                        stringBuffer4.append("' found in request");
                        this._logger.debug(stringBuffer4.toString());
                        throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
                    }
                    Hashtable hashtable = new Hashtable();
                    hashtable.put("aselect_credentials", str2);
                    if (str != null) {
                        hashtable.put(ASelectProcessor.PARAM_LOCAL_IDP, str);
                    }
                    if (str3 != null) {
                        hashtable.put(ASelectProcessor.PARAM_REASON, str3);
                    }
                    if (!verifySignature(str4, idp.getID(), hashtable)) {
                        this._logger.error("Invalid signature for request from IDP with id: " + idp.getID());
                        throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
                    }
                }
            } catch (ASelectException e) {
                message = e.getMessage();
                if (message.equals(ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST)) {
                    throw e;
                }
                requestorEventLogItem = new RequestorEventLogItem((String) null, (String) null, (SessionState) null, RequestorEvent.REQUEST_INVALID, (String) null, httpServletRequest.getRemoteAddr(), aSelectIDP.getID(), this, "slogout IDP role: " + message);
            }
            if (str3 != null && !ASelectProcessor.VALUE_REASON_TIMEOUT.equalsIgnoreCase(str3)) {
                this._logger.debug("Invalid reason in request from IDP with id: " + aSelectIDP.getID());
                throw new ASelectException(ASelectErrors.ERROR_ASELECT_SERVER_INVALID_REQUEST);
            }
            RequestorEvent requestorEvent2 = RequestorEvent.LOGOUT_FAILED;
            if (this._aliasStoreIDPRole != null) {
                message = ASelectErrors.ERROR_ASELECT_SUCCESS;
                requestorEvent = RequestorEvent.LOGOUT_SUCCESS;
                String tgtid = this._aliasStoreIDPRole.getTGTID("aselect_credentials", aSelectIDP.getID(), str2);
                if (tgtid != null && (retrieve = this._tgtFactory.retrieve(tgtid)) != null && !retrieve.isExpired()) {
                    this._aliasStoreIDPRole.removeAlias("aselect_credentials", aSelectIDP.getID(), str2);
                    if (str3 == null) {
                        retrieve.expire();
                        try {
                            retrieve.persist();
                        } catch (TGTListenerException e2) {
                            requestorEvent = getLogoutResult(e2.getErrors());
                            switch (AnonymousClass1.$SwitchMap$com$alfaariss$oa$RequestorEvent[requestorEvent.ordinal()]) {
                                case 1:
                                    message = ASelectErrors.ERROR_LOGOUT_PARTIALLY;
                                    break;
                                case 2:
                                default:
                                    message = ASelectErrors.ERROR_LOGOUT_FAILED;
                                    break;
                            }
                        }
                    } else {
                        message = ASelectErrors.ERROR_LOGOUT_PARTIALLY;
                        requestorEvent = RequestorEvent.LOGOUT_PARTIALLY;
                    }
                }
            } else {
                this._logger.debug("TGT Factory has no alias support");
                message = ASelectErrors.ERROR_LOGOUT_FAILED;
                requestorEvent = RequestorEvent.LOGOUT_FAILED;
            }
            requestorEventLogItem = new RequestorEventLogItem((String) null, (String) null, (SessionState) null, requestorEvent, (String) null, httpServletRequest.getRemoteAddr(), (String) null, this, "slogout IDP role");
            response.setParameter(ASelectProcessor.PARAM_RESULT_CODE, message);
            this._eventLogger.info(requestorEventLogItem);
            response.send();
        } catch (ASelectException e3) {
            throw e3;
        } catch (Exception e4) {
            this._eventLogger.info(new RequestorEventLogItem((String) null, (String) null, (SessionState) null, RequestorEvent.INTERNAL_ERROR, (String) null, httpServletRequest.getRemoteAddr(), (String) null, this, "request=logout"));
            this._logger.fatal("Internal error during 'logout' process", e4);
            throw new ASelectException(ASelectErrors.ERROR_ASELECT_INTERNAL_ERROR);
        } catch (OAException e5) {
            this._eventLogger.info(new RequestorEventLogItem((String) null, (String) null, (SessionState) null, RequestorEvent.REQUEST_INVALID, (String) null, httpServletRequest.getRemoteAddr(), (String) null, this, "request=logout: " + e5.getMessage()));
            throw new ASelectException(e5.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String serializeAttributes(IAttributes iAttributes) throws ASelectException {
        String str = null;
        try {
            StringBuffer stringBuffer = new StringBuffer();
            Enumeration names = iAttributes.getNames();
            while (names.hasMoreElements()) {
                StringBuffer stringBuffer2 = new StringBuffer();
                String str2 = (String) names.nextElement();
                Object obj = iAttributes.get(str2);
                if (obj instanceof Vector) {
                    Enumeration elements = ((Vector) obj).elements();
                    while (elements.hasMoreElements()) {
                        String str3 = (String) elements.nextElement();
                        stringBuffer2.append(URLEncoder.encode(str2 + "[]", ASelectProcessor.CHARSET));
                        stringBuffer2.append("=");
                        stringBuffer2.append(URLEncoder.encode(str3, ASelectProcessor.CHARSET));
                        if (elements.hasMoreElements()) {
                            stringBuffer2.append("&");
                        }
                    }
                } else if (obj instanceof String) {
                    stringBuffer2.append(URLEncoder.encode(str2, ASelectProcessor.CHARSET));
                    stringBuffer2.append("=");
                    stringBuffer2.append(URLEncoder.encode((String) obj, ASelectProcessor.CHARSET));
                } else {
                    StringBuffer stringBuffer3 = new StringBuffer("Attribute '");
                    stringBuffer3.append(str2);
                    stringBuffer3.append("' has an unsupported value; is not a String: ");
                    stringBuffer3.append(obj);
                    this._logger.debug(stringBuffer3.toString());
                }
                if (stringBuffer2.length() > 0 && stringBuffer.length() > 0) {
                    stringBuffer.append("&");
                }
                stringBuffer.append(stringBuffer2);
            }
            if (stringBuffer.length() > 0) {
                str = new String(Base64.encodeBase64(stringBuffer.toString().getBytes(ASelectProcessor.CHARSET)), ASelectProcessor.CHARSET);
            }
            return str;
        } catch (Exception e) {
            this._logger.fatal("Could not serialize attributes: " + iAttributes.toString(), e);
            throw new ASelectException(ASelectErrors.ERROR_ASELECT_INTERNAL_ERROR);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean verifySignature(String str, String str2, Map<String, String> map) throws ASelectException {
        StringBuffer stringBuffer = new StringBuffer();
        Iterator it = new TreeSet(map.keySet()).iterator();
        while (it.hasNext()) {
            stringBuffer.append(map.get((String) it.next()));
        }
        return verifySignature(str, str2, stringBuffer.toString());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean verifySignature(String str, String str2, String str3) throws ASelectException {
        try {
            Certificate certificate = this._cryptoManager.getCertificate(str2);
            if (certificate == null) {
                this._logger.warn("No certificate object found with alias: " + str2);
                throw new ASelectException(ASelectErrors.ERROR_ASELECT_INTERNAL_ERROR);
            }
            Signature signature = this._cryptoManager.getSignature();
            if (signature == null) {
                this._logger.warn("No signature object found");
                throw new ASelectException(ASelectErrors.ERROR_ASELECT_INTERNAL_ERROR);
            }
            signature.initVerify(certificate);
            signature.update(str3.getBytes(ASelectProcessor.CHARSET));
            boolean verify = signature.verify(Base64.decodeBase64(str.getBytes(ASelectProcessor.CHARSET)));
            if (!verify) {
                StringBuffer stringBuffer = new StringBuffer("Could not verify signature '");
                stringBuffer.append(str);
                stringBuffer.append("' for key with alias '");
                stringBuffer.append(str2);
                stringBuffer.append("' with data: ");
                stringBuffer.append(str3);
                this._logger.debug(stringBuffer.toString());
            }
            return verify;
        } catch (CryptoException e) {
            this._logger.warn("A crypto exception occurred", e);
            throw new ASelectException(e.getMessage());
        } catch (ASelectException e2) {
            throw e2;
        } catch (Exception e3) {
            StringBuffer stringBuffer2 = new StringBuffer("Could not verify signature '");
            stringBuffer2.append(str);
            stringBuffer2.append("' for key with alias: ");
            stringBuffer2.append(str2);
            this._logger.fatal(stringBuffer2.toString(), e3);
            throw new ASelectException(ASelectErrors.ERROR_ASELECT_INTERNAL_ERROR);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getHighestAuthNProfile(List<String> list) throws OAException {
        String str = null;
        int i = -1;
        for (String str2 : list) {
            if (this._htAuthSPLevels.containsKey(str2)) {
                int intValue = this._htAuthSPLevels.get(str2).intValue();
                if (intValue > i) {
                    i = intValue;
                    str = str2;
                }
            } else {
                try {
                    String str3 = (String) this._authnProfileFactory.getProfile(str2).getProperty(this._sProfileID + PROPERTY_AUTHSP_LEVEL);
                    if (str3 != null) {
                        try {
                            int intValue2 = Integer.valueOf(str3).intValue();
                            if (intValue2 > i) {
                                i = intValue2;
                                str = str2;
                            }
                        } catch (NumberFormatException e) {
                            StringBuffer stringBuffer = new StringBuffer("Invalid value of the '");
                            stringBuffer.append(this._sProfileID);
                            stringBuffer.append(PROPERTY_AUTHSP_LEVEL);
                            stringBuffer.append("' property available: ");
                            stringBuffer.append(str3);
                            this._logger.error(stringBuffer.toString());
                            throw new OAException(1);
                        }
                    } else {
                        continue;
                    }
                } catch (AuthenticationException e2) {
                    this._logger.error("Authentication profile not available: " + str2);
                    throw new OAException(1);
                }
            }
        }
        return str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Integer getAuthSPLevel(String str) throws OAException {
        Integer valueOf = Integer.valueOf(this._iDefaultAuthSPLevel);
        if (this._htAuthSPLevels.containsKey(str)) {
            valueOf = this._htAuthSPLevels.get(str);
        } else {
            try {
                String str2 = (String) this._authnProfileFactory.getProfile(str).getProperty(this._sProfileID + PROPERTY_AUTHSP_LEVEL);
                if (str2 != null) {
                    try {
                        valueOf = new Integer(str2);
                    } catch (NumberFormatException e) {
                        StringBuffer stringBuffer = new StringBuffer("Invalid value of the '");
                        stringBuffer.append(this._sProfileID);
                        stringBuffer.append(PROPERTY_AUTHSP_LEVEL);
                        stringBuffer.append("' property available: ");
                        stringBuffer.append(str2);
                        this._logger.error(stringBuffer.toString());
                        throw new OAException(1);
                    }
                }
            } catch (AuthenticationException e2) {
                this._logger.error("Authentication profile not available: " + str);
                throw new OAException(1);
            }
        }
        return valueOf;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getUid(IUser iUser, ASelectRequestorPool aSelectRequestorPool, RequestorPool requestorPool, IRequestor iRequestor) throws ASelectException, OAException {
        String str;
        String id = iUser.getID();
        String str2 = (String) iRequestor.getProperty(this._sProfileID + PROPERTY_UID_ATTRIBUTE);
        if (str2 == null) {
            if (aSelectRequestorPool != null) {
                str2 = aSelectRequestorPool.getUidAttribute();
            }
            if (str2 == null) {
                str2 = (String) requestorPool.getProperty(this._sProfileID + PROPERTY_UID_ATTRIBUTE);
            }
        }
        if (str2 != null) {
            IAttributes attributes = iUser.getAttributes();
            id = (String) attributes.get(str2);
            if (id == null) {
                StringBuffer stringBuffer = new StringBuffer("Missing required attribute (");
                stringBuffer.append(str2);
                stringBuffer.append(") to resolve uid for user with ID: ");
                stringBuffer.append(iUser.getID());
                this._logger.warn(stringBuffer.toString());
                throw new ASelectException(ASelectErrors.ERROR_MISSING_REQUIRED_ATTRIBUTE);
            }
            attributes.remove(str2);
        }
        boolean z = false;
        String str3 = (String) iRequestor.getProperty(this._sProfileID + PROPERTY_UID_OPAQUE_ENABLED);
        if (str3 == null) {
            if (aSelectRequestorPool != null) {
                z = aSelectRequestorPool.isUidOpaque();
            }
            if (!z && (str = (String) requestorPool.getProperty(this._sProfileID + PROPERTY_UID_OPAQUE_ENABLED)) != null) {
                if ("TRUE".equalsIgnoreCase(str)) {
                    z = true;
                } else if (!"FALSE".equalsIgnoreCase(str)) {
                    StringBuffer stringBuffer2 = new StringBuffer("Invalid value for requestorpool property '");
                    stringBuffer2.append(this._sProfileID);
                    stringBuffer2.append(PROPERTY_UID_OPAQUE_ENABLED);
                    stringBuffer2.append("': ");
                    stringBuffer2.append(str);
                    this._logger.error(stringBuffer2.toString());
                    throw new OAException(1);
                }
            }
        } else if ("TRUE".equalsIgnoreCase(str3)) {
            z = true;
        } else if (!"FALSE".equalsIgnoreCase(str3)) {
            StringBuffer stringBuffer3 = new StringBuffer("Invalid value for requestor property '");
            stringBuffer3.append(this._sProfileID);
            stringBuffer3.append(PROPERTY_UID_OPAQUE_ENABLED);
            stringBuffer3.append("': ");
            stringBuffer3.append(str3);
            this._logger.error(stringBuffer3.toString());
            throw new OAException(1);
        }
        if (z) {
            String str4 = (String) iRequestor.getProperty(this._sProfileID + PROPERTY_UID_OPAQUE_SALT);
            if (str4 == null) {
                if (aSelectRequestorPool != null) {
                    str4 = aSelectRequestorPool.getUidOpaqueSalt();
                }
                if (str4 == null) {
                    str4 = (String) requestorPool.getProperty(this._sProfileID + PROPERTY_UID_OPAQUE_SALT);
                }
            }
            if (str4 != null) {
                id = id + str4;
            }
            MessageDigest messageDigest = this._cryptoManager.getMessageDigest();
            try {
                messageDigest.update(id.getBytes(ASelectProcessor.CHARSET));
                id = toHexString(messageDigest.digest());
            } catch (Exception e) {
                this._logger.warn("Unable to generate '" + messageDigest.getAlgorithm() + "' hash from user ID: " + id, e);
                throw new OAException(1);
            }
        }
        return id;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getAppLevel(RequestorPool requestorPool, ASelectRequestorPool aSelectRequestorPool, IRequestor iRequestor) throws OAException {
        String str;
        String valueOf = String.valueOf(this._iDefaultAppLevel);
        int i = -1;
        String str2 = (String) iRequestor.getProperty(this._sProfileID + PROPERTY_APP_LEVEL);
        if (str2 != null) {
            try {
                i = Integer.valueOf(str2).intValue();
            } catch (NumberFormatException e) {
                StringBuffer stringBuffer = new StringBuffer("The configured requestor property (");
                stringBuffer.append(this._sProfileID);
                stringBuffer.append(PROPERTY_APP_LEVEL);
                stringBuffer.append(") value isn't a number: ");
                stringBuffer.append(str2);
                this._logger.error(stringBuffer.toString(), e);
                throw new OAException(1);
            }
        } else {
            if (aSelectRequestorPool != null) {
                i = aSelectRequestorPool.getAppLevel();
            }
            if (i == -1 && (str = (String) requestorPool.getProperty(this._sProfileID + PROPERTY_APP_LEVEL)) != null) {
                try {
                    i = Integer.valueOf(str).intValue();
                } catch (NumberFormatException e2) {
                    StringBuffer stringBuffer2 = new StringBuffer("The configured requestorpool property (");
                    stringBuffer2.append(this._sProfileID);
                    stringBuffer2.append(PROPERTY_APP_LEVEL);
                    stringBuffer2.append(") value isn't a number: ");
                    stringBuffer2.append(str);
                    this._logger.error(stringBuffer2.toString(), e2);
                    throw new OAException(1);
                }
            }
        }
        if (i > 0) {
            valueOf = String.valueOf(i);
        }
        return valueOf;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean doSigning(RequestorPool requestorPool, ASelectRequestorPool aSelectRequestorPool, IRequestor iRequestor) throws OAException {
        String str = (String) iRequestor.getProperty(this._sProfileID + PROPERTY_SIGN_REQUESTS);
        if (str != null) {
            if ("TRUE".equalsIgnoreCase(str)) {
                return true;
            }
            if (!"FALSE".equalsIgnoreCase(str)) {
                StringBuffer stringBuffer = new StringBuffer("The configured requestor property (");
                stringBuffer.append(this._sProfileID);
                stringBuffer.append(PROPERTY_SIGN_REQUESTS);
                stringBuffer.append(") value isn't a boolean: ");
                stringBuffer.append(str);
                this._logger.error(stringBuffer.toString());
                throw new OAException(1);
            }
        }
        if (aSelectRequestorPool != null && aSelectRequestorPool.doSigning()) {
            return true;
        }
        String str2 = (String) requestorPool.getProperty(this._sProfileID + PROPERTY_SIGN_REQUESTS);
        if (str2 == null) {
            return false;
        }
        if ("TRUE".equalsIgnoreCase(str2)) {
            return true;
        }
        if ("FALSE".equalsIgnoreCase(str2)) {
            return false;
        }
        StringBuffer stringBuffer2 = new StringBuffer("The configured requestorpool property (");
        stringBuffer2.append(this._sProfileID);
        stringBuffer2.append(PROPERTY_SIGN_REQUESTS);
        stringBuffer2.append(") value isn't a boolean: ");
        stringBuffer2.append(str2);
        this._logger.error(stringBuffer2.toString());
        throw new OAException(1);
    }

    private RequestorEvent getLogoutResult(List<TGTEventError> list) {
        RequestorEvent requestorEvent = RequestorEvent.LOGOUT_FAILED;
        Iterator<TGTEventError> it = list.iterator();
        while (it.hasNext()) {
            switch (AnonymousClass1.$SwitchMap$com$alfaariss$oa$UserEvent[it.next().getCode().ordinal()]) {
                case 1:
                    requestorEvent = RequestorEvent.LOGOUT_PARTIALLY;
                case 2:
                case 3:
                default:
                    return RequestorEvent.LOGOUT_FAILED;
            }
        }
        return requestorEvent;
    }

    private static String toHexString(byte[] bArr) {
        return new String(Hex.encodeHex(bArr)).toUpperCase();
    }
}
