package org.jasig.portal.security.provider.saml;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.TimeZone;
import java.util.UUID;
import javax.xml.soap.MessageFactory;
import javax.xml.soap.MimeHeaders;
import javax.xml.soap.SOAPBody;
import javax.xml.soap.SOAPEnvelope;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPFault;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathExpressionException;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.HttpVersion;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.params.HttpClientParams;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.params.BasicHttpParams;
import org.apache.http.params.HttpParams;
import org.apache.http.params.HttpProtocolParams;
import org.apache.xerces.parsers.DOMParser;
import org.opensaml.ws.soap.client.http.HttpSOAPRequestParameters;
import org.opensaml.ws.soap.soap11.ActorBearing;
import org.opensaml.ws.wssecurity.WSSecurityConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.DOMException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.w3c.dom.bootstrap.DOMImplementationRegistry;
import org.w3c.dom.ls.DOMImplementationLS;
import org.w3c.dom.ls.LSSerializer;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
import org.xml.sax.SAXNotRecognizedException;
import org.xml.sax.SAXNotSupportedException;

/* loaded from: input_file:WEB-INF/lib/delegated-saml-authentication-1.1.2.jar:org/jasig/portal/security/provider/saml/SAMLDelegatedAuthenticationService.class */
public class SAMLDelegatedAuthenticationService {
    private static final SAMLNamespaceContext NAMESPACE_CONTEXT = new SAMLNamespaceContext();
    private static final XPathExpressionExecutor EXPRESSION_POOL = new XPathExpressionPool(NAMESPACE_CONTEXT);
    protected final Logger logger = LoggerFactory.getLogger(getClass());
    private DOMImplementationLS domLoadSaveImpl;
    private static final String SOAP_PREFIX = "soap";

    public SAMLDelegatedAuthenticationService() {
        this.domLoadSaveImpl = null;
        try {
            this.domLoadSaveImpl = (DOMImplementationLS) DOMImplementationRegistry.newInstance().getDOMImplementation("LS");
        } catch (ClassCastException e) {
            this.logger.error("Unable to initialize XML serializer implementation.  Make sure that the correct jar files are present.", (Throwable) e);
        } catch (ClassNotFoundException e2) {
            this.logger.error("Unable to initialize XML serializer implementation.  Make sure that the correct jar files are present.", (Throwable) e2);
        } catch (IllegalAccessException e3) {
            this.logger.error("Unable to initialize XML serializer implementation.  Make sure that the correct jar files are present.", (Throwable) e3);
        } catch (InstantiationException e4) {
            this.logger.error("Unable to initialize XML serializer implementation.  Make sure that the correct jar files are present.", (Throwable) e4);
        }
    }

    public HttpResponse authenticate(SAMLSession sAMLSession, Resource resource) {
        if (sAMLSession.getSamlAssertion() == null) {
            this.logger.error("SAML assertion not present.");
            throw new DelegatedAuthenticationRuntimeException("SAML assertion not present.");
        }
        if (sAMLSession.getPortalEntityID() == null) {
            this.logger.error("Portal entity ID not present.");
            throw new DelegatedAuthenticationRuntimeException("Portal entity ID not present.");
        }
        DelegatedSAMLAuthenticationState delegatedSAMLAuthenticationState = new DelegatedSAMLAuthenticationState();
        if (getSOAPRequest(sAMLSession, resource, delegatedSAMLAuthenticationState)) {
            return authenticate(sAMLSession, delegatedSAMLAuthenticationState);
        }
        return null;
    }

    public HttpResponse authenticate(SAMLSession sAMLSession, byte[] bArr) {
        if (sAMLSession.getSamlAssertion() == null) {
            this.logger.error("SAML assertion not present.");
            throw new DelegatedAuthenticationRuntimeException("SAML assertion not present.");
        }
        if (sAMLSession.getPortalEntityID() == null) {
            this.logger.error("Portal entity ID not present.");
            throw new DelegatedAuthenticationRuntimeException("Portal entity ID not present.");
        }
        DelegatedSAMLAuthenticationState delegatedSAMLAuthenticationState = new DelegatedSAMLAuthenticationState();
        delegatedSAMLAuthenticationState.setSoapRequest(bArr);
        return authenticate(sAMLSession, delegatedSAMLAuthenticationState);
    }

    private HttpResponse authenticate(SAMLSession sAMLSession, DelegatedSAMLAuthenticationState delegatedSAMLAuthenticationState) {
        if (getIDP(sAMLSession, delegatedSAMLAuthenticationState) && validateIDP(sAMLSession, delegatedSAMLAuthenticationState) && processSOAPRequest(sAMLSession, delegatedSAMLAuthenticationState) && getSOAPResponse(sAMLSession, delegatedSAMLAuthenticationState) && processSOAPResponse(sAMLSession, delegatedSAMLAuthenticationState)) {
            return sendSOAPResponse(sAMLSession, delegatedSAMLAuthenticationState);
        }
        return null;
    }

    private boolean getSOAPRequest(SAMLSession sAMLSession, Resource resource, DelegatedSAMLAuthenticationState delegatedSAMLAuthenticationState) {
        this.logger.debug("getSOAPRequest from {}", resource.getResourceUrl());
        HttpGet httpGet = new HttpGet(resource.getResourceUrl());
        try {
            resource.setupWSPClientConnection(sAMLSession);
            HttpEntity entity = sAMLSession.getHttpClient().execute(httpGet).getEntity();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream((int) entity.getContentLength());
            entity.writeTo(byteArrayOutputStream);
            byteArrayOutputStream.close();
            delegatedSAMLAuthenticationState.setSoapRequest(byteArrayOutputStream.toByteArray());
            return true;
        } catch (Exception e) {
            this.logger.error("Exception caught when trying to retrieve the resource.", (Throwable) e);
            throw new DelegatedAuthenticationRuntimeException("Exception caught when trying to retrieve the resource.", e);
        }
    }

    private boolean validateIDP(SAMLSession sAMLSession, DelegatedSAMLAuthenticationState delegatedSAMLAuthenticationState) {
        this.logger.debug("Step 2 of 5: Validate against SOAP request");
        InputStream inputStream = null;
        try {
            try {
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(delegatedSAMLAuthenticationState.getSoapRequest());
                InputSource inputSource = new InputSource(byteArrayInputStream);
                DOMParser dOMParser = new DOMParser();
                dOMParser.setFeature("http://xml.org/sax/features/namespaces", true);
                dOMParser.parse(inputSource);
                Document document = dOMParser.getDocument();
                if (sAMLSession.isSkipValidateIdp()) {
                    this.logger.debug("skipValidateIdp is set to true, setting soap request DOM");
                    delegatedSAMLAuthenticationState.setSoapRequestDom(document);
                    if (byteArrayInputStream != null) {
                        try {
                            byteArrayInputStream.close();
                        } catch (IOException e) {
                        }
                    }
                    return true;
                }
                String str = "/S:Envelope/S:Header/ecp:Request/samlp:IDPList/samlp:IDPEntry[@ProviderID='" + delegatedSAMLAuthenticationState.getIdp() + "']";
                if (((NodeList) EXPRESSION_POOL.evaluate(str, document, XPathConstants.NODESET)).getLength() > 0) {
                    this.logger.debug("Found matching IDP using expression {}", str);
                    delegatedSAMLAuthenticationState.setSoapRequestDom(document);
                    if (byteArrayInputStream != null) {
                        try {
                            byteArrayInputStream.close();
                        } catch (IOException e2) {
                        }
                    }
                    return true;
                }
                this.logger.debug("No matching IDP found using expression {}", str);
                if (byteArrayInputStream == null) {
                    return false;
                }
                try {
                    byteArrayInputStream.close();
                    return false;
                } catch (IOException e3) {
                    return false;
                }
            } catch (IOException e4) {
                this.logger.error("Unexpected error.  This method performs no I/O!", (Throwable) e4);
                throw new DelegatedAuthenticationRuntimeException("Unexpected error.  This method performs no I/O!", e4);
            } catch (XPathExpressionException e5) {
                this.logger.error("Programming error.  Invalid XPath expression.", (Throwable) e5);
                throw new DelegatedAuthenticationRuntimeException("Programming error.  Invalid XPath expression.", e5);
            } catch (SAXException e6) {
                this.logger.error("XML error.", (Throwable) e6);
                throw new DelegatedAuthenticationRuntimeException("XML error.", e6);
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    inputStream.close();
                } catch (IOException e7) {
                }
            }
            throw th;
        }
    }

    private boolean getIDP(SAMLSession sAMLSession, DelegatedSAMLAuthenticationState delegatedSAMLAuthenticationState) {
        this.logger.debug("Step 1 of 5: get IDP from SAML Assertion");
        ByteArrayInputStream byteArrayInputStream = null;
        try {
            try {
                try {
                    if (sAMLSession.getSamlAssertionDom() == null) {
                        byteArrayInputStream = new ByteArrayInputStream(sAMLSession.getSamlAssertion().getBytes());
                        InputSource inputSource = new InputSource(byteArrayInputStream);
                        DOMParser dOMParser = new DOMParser();
                        dOMParser.setFeature("http://xml.org/sax/features/namespaces", true);
                        dOMParser.parse(inputSource);
                        sAMLSession.setSamlAssertionDom(dOMParser.getDocument());
                    }
                    Node node = (Node) EXPRESSION_POOL.evaluate("/saml2:Assertion/saml2:Issuer", sAMLSession.getSamlAssertionDom(), XPathConstants.NODE);
                    if (node == null) {
                        this.logger.debug("No IDP found using expression {}", "/saml2:Assertion/saml2:Issuer");
                        if (byteArrayInputStream == null) {
                            return false;
                        }
                        try {
                            byteArrayInputStream.close();
                            return false;
                        } catch (IOException e) {
                            return false;
                        }
                    }
                    String textContent = node.getTextContent();
                    this.logger.debug("Found IDP {} using expression {}", textContent, "/saml2:Assertion/saml2:Issuer");
                    delegatedSAMLAuthenticationState.setIdp(textContent);
                    if (sAMLSession.getIdpResolver() == null) {
                        sAMLSession.setIdpResolver(new AssertionIdpResolverImpl(EXPRESSION_POOL));
                    }
                    sAMLSession.getIdpResolver().resolve(sAMLSession, delegatedSAMLAuthenticationState);
                    if (byteArrayInputStream != null) {
                        try {
                            byteArrayInputStream.close();
                        } catch (IOException e2) {
                        }
                    }
                    return true;
                } catch (Throwable th) {
                    if (0 != 0) {
                        try {
                            byteArrayInputStream.close();
                        } catch (IOException e3) {
                        }
                    }
                    throw th;
                }
            } catch (XPathExpressionException e4) {
                this.logger.error("Programming error.  Invalid XPath expression.", (Throwable) e4);
                throw new DelegatedAuthenticationRuntimeException("Programming error.  Invalid XPath expression.", e4);
            }
        } catch (IOException e5) {
            this.logger.error("Unexpected error.  This method performs no I/O!", (Throwable) e5);
            throw new DelegatedAuthenticationRuntimeException("Unexpected error.  This method performs no I/O!", e5);
        } catch (SAXException e6) {
            this.logger.error("XML error.", (Throwable) e6);
            this.logger.trace("XML parsing error when parsing the SAML assertion.  The assertion was: [" + sAMLSession.getSamlAssertion() + "].");
            throw new DelegatedAuthenticationRuntimeException("XML error.", e6);
        }
    }

    private boolean processSOAPRequest(SAMLSession sAMLSession, DelegatedSAMLAuthenticationState delegatedSAMLAuthenticationState) {
        this.logger.debug("Step 3 of 5: Process SOAP Request");
        try {
            Document soapRequestDom = delegatedSAMLAuthenticationState.getSoapRequestDom();
            Node node = (Node) EXPRESSION_POOL.evaluate("/S:Envelope/S:Header/paos:Request", soapRequestDom, XPathConstants.NODE);
            if (node == null) {
                this.logger.debug("Failed to process SOAP request using expression {}", "/S:Envelope/S:Header/paos:Request");
                return false;
            }
            String textContent = node.getAttributes().getNamedItem("responseConsumerURL").getTextContent();
            this.logger.debug("Loaded response consumer URL {}", textContent);
            delegatedSAMLAuthenticationState.setResponseConsumerURL(textContent);
            Node namedItem = node.getAttributes().getNamedItem("messageID");
            if (namedItem != null) {
                delegatedSAMLAuthenticationState.setPaosMessageID(namedItem.getTextContent());
            } else {
                delegatedSAMLAuthenticationState.setPaosMessageID(null);
            }
            node.getParentNode().removeChild(node);
            Node node2 = (Node) EXPRESSION_POOL.evaluate("/S:Envelope/S:Header/ecp:RelayState", soapRequestDom, XPathConstants.NODE);
            delegatedSAMLAuthenticationState.setRelayStateElement((Element) node2);
            node2.getParentNode().removeChild(node2);
            Node node3 = (Node) EXPRESSION_POOL.evaluate("/S:Envelope/S:Header/ecp:Request", soapRequestDom, XPathConstants.NODE);
            node3.getParentNode().removeChild(node3);
            Element element = (Element) EXPRESSION_POOL.evaluate("/S:Envelope/S:Header", soapRequestDom, XPathConstants.NODE);
            Element createElementNS = soapRequestDom.createElementNS(NAMESPACE_CONTEXT.getNamespaceURI("sbf"), "sbf:Framework");
            createElementNS.setAttribute("version", "2.0");
            element.appendChild(createElementNS);
            Element createElementNS2 = soapRequestDom.createElementNS(NAMESPACE_CONTEXT.getNamespaceURI("sb"), "sb:Sender");
            createElementNS2.setAttribute("providerID", sAMLSession.getPortalEntityID());
            element.appendChild(createElementNS2);
            Element createElementNS3 = soapRequestDom.createElementNS(NAMESPACE_CONTEXT.getNamespaceURI("wsa"), "wsa:MessageID");
            createElementNS3.setTextContent(generateMessageID());
            element.appendChild(createElementNS3);
            Element createElementNS4 = soapRequestDom.createElementNS(NAMESPACE_CONTEXT.getNamespaceURI("wsa"), "wsa:Action");
            createElementNS4.setTextContent("urn:liberty:ssos:2006-08:AuthnRequest");
            element.appendChild(createElementNS4);
            Element createElementNS5 = soapRequestDom.createElementNS(WSSecurityConstants.WSSE_NS, "wsse:Security");
            createElementNS5.setAttribute("S:mustUnderstand", "1");
            Element createElement = soapRequestDom.createElement("wsu:Created");
            TimeZone timeZone = TimeZone.getTimeZone("Zulu");
            SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SS'Z'");
            simpleDateFormat.setTimeZone(timeZone);
            createElement.setTextContent(simpleDateFormat.format(new Date()));
            Element createElementNS6 = soapRequestDom.createElementNS("http://www.docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "wsu:Timestamp");
            createElementNS6.appendChild(createElement);
            createElementNS5.appendChild(createElementNS6);
            createElementNS5.appendChild(soapRequestDom.importNode(sAMLSession.getSamlAssertionDom().getDocumentElement(), true));
            element.appendChild(createElementNS5);
            delegatedSAMLAuthenticationState.setModifiedSOAPRequest(writeDomToString(soapRequestDom));
            this.logger.debug("Completed processing of SOAP request");
            return true;
        } catch (XPathExpressionException e) {
            this.logger.error("Programming error.  Invalid XPath expression.", (Throwable) e);
            throw new DelegatedAuthenticationRuntimeException("Programming error.  Invalid XPath expression.", e);
        }
    }

    private String generateMessageID() {
        return "urn:uuid:" + UUID.randomUUID().toString();
    }

    private boolean getSOAPResponse(SAMLSession sAMLSession, DelegatedSAMLAuthenticationState delegatedSAMLAuthenticationState) {
        this.logger.debug("Step 4 of 5: Get SOAP response from IDP");
        BasicHttpParams basicHttpParams = new BasicHttpParams();
        HttpProtocolParams.setVersion(basicHttpParams, HttpVersion.HTTP_1_1);
        HttpProtocolParams.setContentCharset(basicHttpParams, "UTF-8");
        basicHttpParams.setParameter(HttpSOAPRequestParameters.SOAP_ACTION_HEADER, "urn:liberty:ssos:2006-08:AuthnRequest");
        HttpClient defaultHttpClient = new DefaultHttpClient(basicHttpParams);
        try {
            try {
                this.logger.debug("Getting SOAP response from {} with POST body:\n{}", delegatedSAMLAuthenticationState.getIdpEndpoint(), delegatedSAMLAuthenticationState.getModifiedSOAPRequest());
                setupIdPClientConnection(defaultHttpClient, sAMLSession, delegatedSAMLAuthenticationState);
                HttpPost httpPost = new HttpPost(delegatedSAMLAuthenticationState.getIdpEndpoint());
                httpPost.setEntity(new StringEntity(delegatedSAMLAuthenticationState.getModifiedSOAPRequest(), "UTF-8"));
                HttpResponse execute = defaultHttpClient.execute(httpPost);
                int statusCode = execute.getStatusLine().getStatusCode();
                if (statusCode < 200 || statusCode >= 300) {
                    this.logger.error("Unsupported HTTP result code when retrieving the resource: " + statusCode + ".");
                    throw new DelegatedAuthenticationRuntimeException("Unsupported HTTP result code when retrieving the resource: " + statusCode + ".");
                }
                HttpEntity entity = execute.getEntity();
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                entity.writeTo(byteArrayOutputStream);
                String byteArrayOutputStream2 = byteArrayOutputStream.toString();
                this.logger.debug("Got SOAP response:\n{}", byteArrayOutputStream2);
                delegatedSAMLAuthenticationState.setSoapResponse(byteArrayOutputStream2);
                defaultHttpClient.getConnectionManager().shutdown();
                return true;
            } catch (Exception e) {
                this.logger.error("Exception caught when trying to retrieve the resource.", (Throwable) e);
                throw new DelegatedAuthenticationRuntimeException("Exception caught when trying to retrieve the resource.", e);
            }
        } catch (Throwable th) {
            defaultHttpClient.getConnectionManager().shutdown();
            throw th;
        }
    }

    private boolean processSOAPResponse(SAMLSession sAMLSession, DelegatedSAMLAuthenticationState delegatedSAMLAuthenticationState) {
        this.logger.debug("Step 5 of 5: Processing SOAP response");
        try {
            InputStream byteArrayInputStream = new ByteArrayInputStream(delegatedSAMLAuthenticationState.getSoapResponse().getBytes());
            InputSource inputSource = new InputSource(byteArrayInputStream);
            DOMParser dOMParser = new DOMParser();
            dOMParser.setFeature("http://xml.org/sax/features/namespaces", true);
            dOMParser.parse(inputSource);
            Document document = dOMParser.getDocument();
            Node node = (Node) EXPRESSION_POOL.evaluate("/soap:Envelope/soap:Header/ecp:Response", document, XPathConstants.NODE);
            if (node == null) {
                String sOAPFaultAsString = getSOAPFaultAsString(byteArrayInputStream);
                this.logger.warn("No {} node found in SOAP response. Error: {}", "/soap:Envelope/soap:Header/ecp:Response", sOAPFaultAsString);
                if (sOAPFaultAsString != null) {
                    throw new DelegatedAuthenticationRuntimeException(sOAPFaultAsString);
                }
                return false;
            }
            String textContent = node.getAttributes().getNamedItem("AssertionConsumerServiceURL").getTextContent();
            this.logger.debug("Found {} node found in SOAP response.", "/soap:Envelope/soap:Header/ecp:Response");
            if (textContent == null || !textContent.equals(delegatedSAMLAuthenticationState.getResponseConsumerURL())) {
                this.logger.debug("responseConsumerURL {} does not match {}", textContent, delegatedSAMLAuthenticationState.getResponseConsumerURL());
                Document createSOAPFaultDocument = createSOAPFaultDocument("AssertionConsumerServiceURL attribute missing or not matching the expected value.");
                Element element = (Element) createSOAPFaultDocument.getFirstChild().getFirstChild();
                Element createElementNS = createSOAPFaultDocument.createElementNS(org.opensaml.common.xml.SAMLConstants.PAOS_NS, "paos:Response");
                createElementNS.setAttribute("soap:mustUnderstand", "1");
                createElementNS.setAttribute("soap:actor", ActorBearing.SOAP11_ACTOR_NEXT);
                if (delegatedSAMLAuthenticationState.getPaosMessageID() != null) {
                    createElementNS.setAttribute("refToMessageID", delegatedSAMLAuthenticationState.getPaosMessageID());
                }
                element.appendChild(createElementNS);
                if (delegatedSAMLAuthenticationState.getRelayStateElement() != null) {
                    element.appendChild(createSOAPFaultDocument.importNode(delegatedSAMLAuthenticationState.getRelayStateElement(), true));
                }
                delegatedSAMLAuthenticationState.setModifiedSOAPResponse(writeDomToString(createSOAPFaultDocument));
                sendSOAPFault(sAMLSession, delegatedSAMLAuthenticationState);
                return false;
            }
            this.logger.debug("responseConsumerURL {} matches {}", textContent, delegatedSAMLAuthenticationState.getResponseConsumerURL());
            String prefix = node.getParentNode().getPrefix();
            Element element2 = (Element) ((Element) node).getParentNode();
            removeAllChildren(element2);
            Element createElementNS2 = document.createElementNS(org.opensaml.common.xml.SAMLConstants.PAOS_NS, "paos:Response");
            createElementNS2.setAttribute(prefix + ":mustUnderstand", "1");
            createElementNS2.setAttribute(prefix + ":actor", ActorBearing.SOAP11_ACTOR_NEXT);
            if (delegatedSAMLAuthenticationState.getPaosMessageID() != null) {
                createElementNS2.setAttribute("refToMessageID", delegatedSAMLAuthenticationState.getPaosMessageID());
            }
            element2.appendChild(createElementNS2);
            if (delegatedSAMLAuthenticationState.getRelayStateElement() != null) {
                element2.appendChild(document.importNode(delegatedSAMLAuthenticationState.getRelayStateElement(), true));
            }
            delegatedSAMLAuthenticationState.setModifiedSOAPResponse(writeDomToString(document));
            return true;
        } catch (IOException e) {
            this.logger.error("This exception should not ever really occur, as the only I/O this method performs is on a ByteArrayInputStream.", (Throwable) e);
            throw new DelegatedAuthenticationRuntimeException("This exception should not ever really occur, as the only I/O this method performs is on a ByteArrayInputStream.", e);
        } catch (XPathExpressionException e2) {
            this.logger.error("XPath programming error.", (Throwable) e2);
            throw new DelegatedAuthenticationRuntimeException("XPath programming error.", e2);
        } catch (DOMException e3) {
            this.logger.error("Exception caught when trying to process the SOAP esponse from the IdP.", (Throwable) e3);
            throw new DelegatedAuthenticationRuntimeException("Exception caught when trying to process the SOAP esponse from the IdP.", e3);
        } catch (SAXNotRecognizedException e4) {
            this.logger.error("Exception caught when trying to process the SOAP esponse from the IdP.", (Throwable) e4);
            throw new DelegatedAuthenticationRuntimeException("XPath programming error.", e4);
        } catch (SAXNotSupportedException e5) {
            this.logger.error("Exception caught when trying to process the SOAP esponse from the IdP.", (Throwable) e5);
            throw new DelegatedAuthenticationRuntimeException("Exception caught when trying to process the SOAP esponse from the IdP.", e5);
        } catch (SAXException e6) {
            this.logger.error("Exception caught when trying to process the SOAP esponse from the IdP.", (Throwable) e6);
            throw new DelegatedAuthenticationRuntimeException("Exception caught when trying to process the SOAP esponse from the IdP.", e6);
        } catch (SOAPException e7) {
            this.logger.error("Error processing a SOAP message.", e7);
            throw new DelegatedAuthenticationRuntimeException("Error processing a SOAP message.", e7);
        }
    }

    private String writeDomToString(Document document) {
        LSSerializer createLSSerializer = this.domLoadSaveImpl.createLSSerializer();
        createLSSerializer.getDomConfig().setParameter("xml-declaration", false);
        return createLSSerializer.writeToString(document);
    }

    private HttpResponse sendSOAPResponse(SAMLSession sAMLSession, DelegatedSAMLAuthenticationState delegatedSAMLAuthenticationState) {
        HttpPost httpPost = new HttpPost(delegatedSAMLAuthenticationState.getResponseConsumerURL());
        httpPost.setHeader("Content-Type", SAMLConstants.HTTP_HEADER_PAOS_CONTENT_TYPE);
        try {
            httpPost.setEntity(new StringEntity(delegatedSAMLAuthenticationState.getModifiedSOAPResponse(), "UTF-8"));
            HttpParams params = httpPost.getParams();
            boolean isRedirecting = HttpClientParams.isRedirecting(params);
            if (isRedirecting) {
                HttpClientParams.setRedirecting(params, false);
                httpPost.setParams(params);
            }
            HttpResponse execute = sAMLSession.getHttpClient().execute(httpPost);
            if (isRedirecting) {
                HttpClientParams.setRedirecting(params, true);
                httpPost.setParams(params);
            }
            return execute;
        } catch (Exception e) {
            this.logger.error("Exception caught when trying to retrieve the resource.", (Throwable) e);
            throw new DelegatedAuthenticationRuntimeException("Exception caught while sending the delegated authentication assertion to the service provider.", e);
        }
    }

    private boolean sendSOAPFault(SAMLSession sAMLSession, DelegatedSAMLAuthenticationState delegatedSAMLAuthenticationState) {
        HttpPost httpPost = new HttpPost(delegatedSAMLAuthenticationState.getResponseConsumerURL());
        httpPost.setHeader("Content-Type", SAMLConstants.HTTP_HEADER_PAOS_CONTENT_TYPE);
        try {
            httpPost.setEntity(new StringEntity(delegatedSAMLAuthenticationState.getModifiedSOAPResponse(), "UTF-8"));
            sAMLSession.getHttpClient().execute(httpPost).getStatusLine().getStatusCode();
            return true;
        } catch (Exception e) {
            this.logger.error("Exception caught when trying to retrieve the resource.", (Throwable) e);
            throw new DelegatedAuthenticationRuntimeException("Exception caught while sending the delegated authentication assertion to the service provider.", e);
        }
    }

    private void removeAllChildren(Element element) {
        Node firstChild = element.getFirstChild();
        while (true) {
            Node node = firstChild;
            if (node == null) {
                return;
            }
            Node nextSibling = node.getNextSibling();
            element.removeChild(node);
            firstChild = nextSibling;
        }
    }

    private String getSOAPFaultAsString(InputStream inputStream) throws IOException, SOAPException {
        String str;
        inputStream.reset();
        SOAPBody sOAPBody = MessageFactory.newInstance().createMessage((MimeHeaders) null, inputStream).getSOAPBody();
        if (!sOAPBody.hasFault()) {
            return null;
        }
        SOAPFault fault = sOAPBody.getFault();
        String faultCode = fault.getFaultCode();
        String faultString = fault.getFaultString();
        String faultActor = fault.getFaultActor();
        str = "SOAP transaction resulted in a SOAP fault.";
        str = faultCode != null ? str + "  Code=\"" + faultCode + ".\"" : "SOAP transaction resulted in a SOAP fault.";
        if (faultString != null) {
            str = str + "  String=\"" + faultString + ".\"";
        }
        if (faultActor != null) {
            str = str + "  Actor=\"" + faultActor + ".\"";
        }
        return str;
    }

    private Document createSOAPFaultDocument(String str) throws SOAPException {
        SOAPEnvelope envelope = MessageFactory.newInstance().createMessage().getSOAPPart().getEnvelope();
        envelope.setPrefix(SOAP_PREFIX);
        envelope.getHeader().detachNode();
        envelope.addHeader();
        envelope.getBody().detachNode();
        SOAPFault addFault = envelope.addBody().addFault();
        addFault.setFaultCode(envelope.createName("Client", (String) null, "http://schemas.xmlsoap.org/soap/envelope/"));
        addFault.setFaultString(str);
        return envelope.getOwnerDocument();
    }

    private void setupIdPClientConnection(HttpClient httpClient, SAMLSession sAMLSession, DelegatedSAMLAuthenticationState delegatedSAMLAuthenticationState) throws MalformedURLException {
        URL url = new URL(delegatedSAMLAuthenticationState.getIdpEndpoint());
        String protocol = url.getProtocol();
        int port = url.getPort();
        if (protocol.equalsIgnoreCase("https")) {
            SSLSocketFactory idPSocketFactory = sAMLSession.getIdPSocketFactory();
            if (port == -1) {
                port = 443;
            }
            Scheme scheme = new Scheme(protocol, idPSocketFactory, port);
            httpClient.getConnectionManager().getSchemeRegistry().unregister(protocol);
            httpClient.getConnectionManager().getSchemeRegistry().register(scheme);
        }
    }
}
