package com.bea.common.security.saml.service;

import com.bea.common.logger.spi.LoggerSpi;
import com.bea.common.security.internal.utils.Delegator;
import com.bea.common.security.legacy.spi.SAMLSingleSignOnServiceConfigInfoSpi;
import com.bea.common.security.saml.manager.SAMLAPConfigManager;
import com.bea.common.security.saml.manager.SAMLKeyManager;
import com.bea.common.security.saml.manager.SAMLTrustManager;
import com.bea.common.security.saml.registry.SAMLAssertingPartyConfig;
import com.bea.common.security.saml.utils.SAMLContextHandler;
import com.bea.common.security.saml.utils.SAMLSourceId;
import com.bea.common.security.saml.utils.SAMLUtil;
import com.bea.common.security.saml.utils.ServletIdentityHelper;
import com.bea.common.security.saml.utils.ServletIdentityHelperImpl;
import com.bea.common.security.service.Identity;
import com.bea.common.security.service.IdentityAssertionService;
import com.bea.common.security.service.SAMLKeyService;
import com.bea.common.security.service.SessionService;
import com.ctc.wstx.cfg.XmlConsts;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import javax.security.auth.login.LoginException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.persistence.jpa.jpql.parser.Expression;
import org.opensaml.SAMLAssertion;
import org.opensaml.SAMLException;
import org.opensaml.SAMLRequest;
import org.opensaml.SAMLResponse;
import org.opensaml.SAMLSOAPBinding;
import weblogic.security.providers.saml.SAMLUsedAssertionCache;
import weblogic.security.service.ContextElement;
import weblogic.utils.http.HttpConstants;

/* loaded from: input_file:com/bea/common/security/saml/service/SAMLDestinationSiteHelper.class */
public class SAMLDestinationSiteHelper {
    private static boolean QUERY_PARAMS_WITH_TARGET = Boolean.getBoolean("weblogic.security.saml.filter.enableQueryParamsWithTarget");
    private static final String DEFAULT_ASSERTION_CACHE = "com.bea.common.security.saml.utils.SAMLUsedAssertionCacheMemImpl";
    private SAMLSingleSignOnServiceConfigInfoSpi ssoServiceConfig;
    private Set consumerURIs;
    private SAMLKeyManager keyManager;
    private SAMLTrustManager trustManager;
    private SAMLAPConfigManager partnerManager;
    private SAMLUsedAssertionCache assertionCache;
    private IdentityAssertionService identityAsserter;
    private SessionService sessionService;
    private LoggerSpi log;
    private ServletIdentityHelper idHelper = (ServletIdentityHelper) Delegator.getProxy(ServletIdentityHelper.class, new ServletIdentityHelperImpl());

    private final void logDebug(String str) {
        if (this.log.isDebugEnabled()) {
            this.log.debug("SAMLDestinationSiteHelper: " + str);
        }
    }

    private final void handleError(String str) throws ServletException {
        String str2 = "SAMLDestinationSiteHelper: " + str;
        if (this.log.isDebugEnabled()) {
            this.log.debug(str2);
        }
        throw new ServletException(str);
    }

    public SAMLDestinationSiteHelper(SAMLSingleSignOnServiceConfigInfoSpi sAMLSingleSignOnServiceConfigInfoSpi, IdentityAssertionService identityAssertionService, SessionService sessionService, LoggerSpi loggerSpi, SAMLKeyService sAMLKeyService) throws Exception {
        this.consumerURIs = null;
        this.keyManager = null;
        this.trustManager = null;
        this.partnerManager = null;
        this.assertionCache = null;
        this.identityAsserter = null;
        this.sessionService = null;
        this.log = null;
        this.ssoServiceConfig = sAMLSingleSignOnServiceConfigInfoSpi;
        this.identityAsserter = identityAssertionService;
        this.sessionService = sessionService;
        this.log = loggerSpi;
        this.keyManager = SAMLKeyManager.getManager(sAMLKeyService);
        this.trustManager = SAMLTrustManager.getManager();
        this.partnerManager = SAMLAPConfigManager.getManager();
        String usedAssertionCacheClassName = sAMLSingleSignOnServiceConfigInfoSpi.getUsedAssertionCacheClassName();
        Properties usedAssertionCacheProperties = sAMLSingleSignOnServiceConfigInfoSpi.getUsedAssertionCacheProperties();
        if (usedAssertionCacheClassName == null || usedAssertionCacheClassName.equals("")) {
            usedAssertionCacheClassName = DEFAULT_ASSERTION_CACHE;
            usedAssertionCacheProperties = null;
        }
        this.assertionCache = (SAMLUsedAssertionCache) SAMLUtil.instantiatePlugin(usedAssertionCacheClassName, SAMLUsedAssertionCache.class.getName());
        this.assertionCache.initCache(usedAssertionCacheProperties);
        String[] assertionConsumerURIs = sAMLSingleSignOnServiceConfigInfoSpi.getAssertionConsumerURIs();
        this.consumerURIs = new HashSet();
        logDebug("init(): building consumer URI map, there are " + ((assertionConsumerURIs == null || assertionConsumerURIs.length == 0) ? XmlConsts.XML_SA_NO : Integer.toString(assertionConsumerURIs.length)) + " URIs");
        for (int i = 0; assertionConsumerURIs != null && i < assertionConsumerURIs.length; i++) {
            logDebug("init(): found ACS URI '" + assertionConsumerURIs[i] + Expression.QUOTE);
            if (assertionConsumerURIs[i] != null && assertionConsumerURIs[i].length() > 0) {
                this.consumerURIs.add(assertionConsumerURIs[i]);
            }
        }
        String sSLClientIdentityAlias = sAMLSingleSignOnServiceConfigInfoSpi.getSSLClientIdentityAlias();
        String sSLClientIdentityPassPhrase = sAMLSingleSignOnServiceConfigInfoSpi.getSSLClientIdentityPassPhrase();
        if (sSLClientIdentityAlias == null || sSLClientIdentityAlias.equals("")) {
            return;
        }
        logDebug("init(): Setting SSLClientKey: " + sSLClientIdentityAlias);
        this.keyManager.setSSLClientKeyAliasInfo(sSLClientIdentityAlias, sSLClientIdentityPassPhrase == null ? "" : sSLClientIdentityPassPhrase);
    }

    public boolean isConsumerURI(String str) {
        boolean contains = this.consumerURIs.contains(str);
        logDebug("isConsumerURI(): URI '" + str + "' is " + (contains ? "a" : "not a") + " consumer URI");
        return contains;
    }

    public boolean doSourceSiteRedirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String str;
        if (!this.ssoServiceConfig.isDestinationSiteEnabled()) {
            logDebug("doSourceSiteRedirect(): destination site not enabled");
            return false;
        }
        Map redirectMap = this.partnerManager.getRedirectMap();
        if (redirectMap == null) {
            logDebug("doSourceSiteRedirect(): redirect map is null");
            return false;
        }
        String requestURI = httpServletRequest.getRequestURI();
        String str2 = (String) redirectMap.get(requestURI);
        if (str2 == null) {
            logDebug("doSourceSiteRedirect(): no redirect configured for URI '" + requestURI + Expression.QUOTE);
            return false;
        }
        logDebug("doSourceSiteRedirect(): Processing source site redirect, redirect URI is '" + requestURI + Expression.QUOTE);
        logDebug("doSourceSiteRedirect(): Processing source site redirect, ITS URL is '" + str2 + Expression.QUOTE);
        String queryString = httpServletRequest.getQueryString();
        logDebug("doSourceSiteRedirect(): Request query string is: '" + queryString + Expression.QUOTE);
        if (queryString != null) {
            str = (!QUERY_PARAMS_WITH_TARGET ? "&" : "?") + SAMLUtil.queryStringStripParam(queryString, "TARGET");
            logDebug("doSourceSiteRedirect(): Prepped query string is: '" + str + Expression.QUOTE);
        } else {
            str = "";
        }
        String str3 = "TARGET=" + URLEncoder.encode(((Object) httpServletRequest.getRequestURL()) + (!QUERY_PARAMS_WITH_TARGET ? "" : str), "UTF-8");
        logDebug("doSourceSiteRedirect(): TARGET param is '" + str3 + Expression.QUOTE);
        String str4 = str2 + str3 + (!QUERY_PARAMS_WITH_TARGET ? str : "");
        logDebug("doSourceSiteRedirect(): Assembled redirect URL: '" + str4 + Expression.QUOTE);
        String encodeRedirectURL = SAMLUtil.ENABLE_URL_REWRITING ? httpServletResponse.encodeRedirectURL(str4) : str4;
        if (encodeRedirectURL == null || encodeRedirectURL.length() == 0) {
            handleError("doSourceSiteRedirect(): null or zero length redirect URL");
        }
        logDebug("doSourceSiteRedirect(): Redirect URL: '" + encodeRedirectURL + Expression.QUOTE);
        httpServletResponse.sendRedirect(encodeRedirectURL);
        return true;
    }

    public boolean doLogin(SAMLAssertingPartyConfig sAMLAssertingPartyConfig, String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String parameter = httpServletRequest.getParameter("TARGET");
        if (parameter == null || parameter.length() == 0) {
            logDebug("doLogin: No TARGET, sending SC_INTERNAL_SERVER_ERROR");
            httpServletResponse.sendError(500);
            return false;
        }
        SAMLContextHandler sAMLContextHandler = new SAMLContextHandler();
        if (sAMLAssertingPartyConfig != null) {
            sAMLContextHandler.addElement(new ContextElement("com.bea.contextelement.saml.PartnerId", sAMLAssertingPartyConfig.getPartnerId()));
        }
        sAMLContextHandler.addElement(new ContextElement("com.bea.contextelement.saml.TargetResource", parameter));
        try {
            logDebug("doLogin: Calling identity asserter");
            Identity assertIdentity = this.identityAsserter.assertIdentity("SAML.Assertion", str, sAMLContextHandler);
            logDebug("doLogin: Logged in subject: " + assertIdentity.toString());
            if (assertIdentity == null || assertIdentity.isAnonymous()) {
                logDebug("doLogin: subject is null or anonymous, returning SC_FORBIDDEN");
                httpServletResponse.sendError(403);
                return false;
            }
            logDebug("doLogin: calling runAs()");
            if (this.idHelper.runAs(assertIdentity.getSubject(), httpServletRequest)) {
                logDebug("doLogin runAs success, good to go");
                return true;
            }
            logDebug("doLogin runAs failed, try session service");
            this.sessionService.setIdentity(httpServletRequest.getSession(), assertIdentity);
            return true;
        } catch (LoginException e) {
            logDebug("doLogin: LoginException while asserting identity, returning SC_FORBIDDEN: " + e.toString());
            httpServletResponse.sendError(403);
            return false;
        }
    }

    public void doTargetRedirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String parameter = httpServletRequest.getParameter("TARGET");
        if (parameter == null || parameter.length() == 0) {
            logDebug("doLogin: No TARGET, sending SC_INTERNAL_SERVER_ERROR");
            httpServletResponse.sendError(500);
            return;
        }
        logDebug("doTargetRedirect: TARGET URL is '" + parameter + Expression.QUOTE);
        String str = null;
        Map<String, String[]> parameterMap = httpServletRequest.getParameterMap();
        if (parameterMap != null && parameterMap.size() > 0) {
            for (Map.Entry<String, String[]> entry : parameterMap.entrySet()) {
                String decode = URLDecoder.decode(entry.getKey(), "UTF-8");
                if (decode != null && decode.length() > 0 && !decode.equals("TARGET") && !decode.equals("SAMLart") && !decode.equals("SAMLResponse") && !decode.equals(SAMLUtil.APID_PARAMETER_NAME)) {
                    str = (str == null ? "" : str + "&") + (URLEncoder.encode(decode, "UTF-8") + "=" + URLEncoder.encode(URLDecoder.decode(entry.getValue()[0], "UTF-8"), "UTF-8"));
                }
            }
        }
        logDebug("doTargetRedirect: Query string is '" + str + Expression.QUOTE);
        String str2 = str == null ? parameter : parameter + (parameter.indexOf(63) != -1 ? "&" : "?") + str;
        String encodeRedirectURL = SAMLUtil.ENABLE_URL_REWRITING ? httpServletResponse.encodeRedirectURL(str2) : str2;
        if (encodeRedirectURL == null || encodeRedirectURL.length() <= 0) {
            logDebug("doTargetRedirect: Empty redirect URL, returning BAD_REQUEST");
            httpServletResponse.sendError(400);
        } else {
            logDebug("doTargetRedirect: Redirecting to TARGET, URL is '" + encodeRedirectURL + Expression.QUOTE);
            httpServletResponse.sendRedirect(encodeRedirectURL);
        }
    }

    public String getAssertion(SAMLAssertingPartyConfig sAMLAssertingPartyConfig, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String dereferenceArtifact;
        String parameter = httpServletRequest.getParameter("TARGET");
        if (parameter == null || parameter.length() == 0) {
            logDebug("Missing TARGET parameter -- returning SC_BAD_REQUEST");
            httpServletResponse.sendError(400);
            return null;
        }
        if (httpServletRequest.getMethod().compareToIgnoreCase("POST") == 0) {
            if (!this.ssoServiceConfig.isACSPostEnabled()) {
                logDebug("POST request while POST profile not enabled -- returning SC_FORBIDDEN");
                httpServletResponse.sendError(403);
                return null;
            }
            String parameter2 = httpServletRequest.getParameter("SAMLResponse");
            if (parameter2 == null || parameter2.length() == 0) {
                logDebug("Missing SAMLResponse parameter -- returning SC_BAD_REQUEST");
                httpServletResponse.sendError(400);
                return null;
            }
            SAMLAssertion validateResponse = validateResponse(sAMLAssertingPartyConfig, parameter2, this.ssoServiceConfig.isPOSTRecipientCheckEnabled() ? httpServletRequest.getRequestURL().toString() : null);
            if (validateResponse == null) {
                logDebug("Unable to validate response -- returning SC_FORBIDDEN");
                httpServletResponse.sendError(403);
                return null;
            }
            if (this.ssoServiceConfig.isPOSTOneUseCheckEnabled()) {
                if (!this.assertionCache.cacheAssertion(validateResponse.getId(), validateResponse.getIssuer(), validateResponse.getNotOnOrAfter().getTime())) {
                    logDebug("Assertion (id: " + validateResponse.getId() + ", issuer: " + validateResponse.getIssuer() + ") already in cache -- returning SC_FORBIDDEN");
                    httpServletResponse.sendError(403);
                    return null;
                }
                logDebug("Cached used assertion (id: " + validateResponse.getId() + ", issuer: " + validateResponse.getIssuer() + ")");
            }
            dereferenceArtifact = validateResponse.toString();
        } else {
            if (httpServletRequest.getMethod().compareToIgnoreCase(HttpConstants.GET_METHOD) != 0) {
                logDebug("Got request with method '" + httpServletRequest.getMethod() + "' -- returning SC_FORBIDDEN");
                httpServletResponse.sendError(403);
                return null;
            }
            if (!this.ssoServiceConfig.isACSArtifactEnabled()) {
                logDebug("GET request while Artifact profile not enabled -- returning SC_FORBIDDEN");
                httpServletResponse.sendError(403);
                return null;
            }
            String parameter3 = httpServletRequest.getParameter("SAMLart");
            if (parameter3 == null || parameter3.length() == 0) {
                logDebug("Missing SAMLart parameter -- returning SC_BAD_REQUEST");
                httpServletResponse.sendError(400);
                return null;
            }
            dereferenceArtifact = dereferenceArtifact(sAMLAssertingPartyConfig, parameter3);
            if (dereferenceArtifact == null) {
                logDebug("Unable to dereference artifact -- returning SC_FORBIDDEN");
                httpServletResponse.sendError(403);
                return null;
            }
        }
        if (dereferenceArtifact == null) {
            handleError("Processing error -- assertion unexpectedly null");
        }
        return dereferenceArtifact;
    }

    private SAMLAssertion validateResponse(SAMLAssertingPartyConfig sAMLAssertingPartyConfig, String str, String str2) throws ServletException {
        try {
            byte[] base64Decode = SAMLUtil.base64Decode(str);
            if (this.log.isDebugEnabled()) {
                logDebug("Decoded response is: '" + new String(base64Decode) + Expression.QUOTE);
            }
            SAMLResponse sAMLResponse = new SAMLResponse(new ByteArrayInputStream(base64Decode));
            if (sAMLResponse == null) {
                handleError("Unexpected error while parsing SAMLResponse");
            }
            try {
                sAMLResponse.checkValidity();
                logDebug("Response passed basic validity check");
                if (!sAMLResponse.isSigned()) {
                    logDebug("Invalid response -- not signed");
                    return null;
                }
                logDebug("Verifying response signature");
                X509Certificate x509Certificate = null;
                if (sAMLAssertingPartyConfig != null) {
                    String protocolSigningCertAlias = sAMLAssertingPartyConfig.getProtocolSigningCertAlias();
                    if (protocolSigningCertAlias == null || protocolSigningCertAlias.trim().length() == 0) {
                        logDebug("No signing cert alias configured for partner '" + sAMLAssertingPartyConfig.getPartnerId() + "', failing response validation");
                        return null;
                    }
                    x509Certificate = this.trustManager.getCertificate(protocolSigningCertAlias);
                    if (x509Certificate == null) {
                        logDebug("Signing cert for partner '" + sAMLAssertingPartyConfig.getPartnerId() + "' not found, failing response validation");
                        return null;
                    }
                }
                try {
                    if (x509Certificate != null) {
                        sAMLResponse.verify(x509Certificate);
                    } else {
                        sAMLResponse.verify();
                    }
                    logDebug("Signature verification SUCCESS");
                    X509Certificate endCertFromSignedObject = SAMLUtil.getEndCertFromSignedObject(this.log, sAMLResponse);
                    if (endCertFromSignedObject == null) {
                        logDebug("Invalid response -- no keyinfo found");
                        return null;
                    }
                    logDebug("Got keyinfo cert from response: " + endCertFromSignedObject.getSubjectDN().getName());
                    if (x509Certificate != null && !x509Certificate.equals(endCertFromSignedObject)) {
                        logDebug("Keyinfo certificate does not match configured signing certificate, rejecting response");
                        return null;
                    }
                    if (x509Certificate == null && !this.trustManager.isCertificateTrusted(endCertFromSignedObject)) {
                        logDebug("Signing certificate is not trusted, rejecting response");
                        return null;
                    }
                    logDebug("Signing certificate is trusted");
                    String recipient = sAMLResponse.getRecipient();
                    if (recipient == null || recipient.length() == 0) {
                        logDebug("Invalid response -- no recipient attribute");
                        return null;
                    }
                    if (str2 != null) {
                        if (!recipient.equals(str2)) {
                            logDebug("Invalid response -- recipient does not match request URL");
                            return null;
                        }
                        logDebug("Response recipient matches request URL");
                    }
                    SAMLAssertion sAMLAssertion = null;
                    Iterator assertions = sAMLResponse.getAssertions();
                    while (true) {
                        if (!assertions.hasNext()) {
                            break;
                        }
                        SAMLAssertion sAMLAssertion2 = (SAMLAssertion) assertions.next();
                        String confirmationMethod = SAMLUtil.getConfirmationMethod(this.log, sAMLAssertion2);
                        if (confirmationMethod != null && confirmationMethod.equals("urn:oasis:names:tc:SAML:1.0:cm:bearer")) {
                            sAMLAssertion = sAMLAssertion2;
                            logDebug("Found assertion with 'bearer' AuthenticationStatement");
                            break;
                        }
                    }
                    return sAMLAssertion;
                } catch (SAMLException e) {
                    logDebug("Signature verification failed with exception: " + e.toString());
                    return null;
                }
            } catch (Exception e2) {
                logDebug("Response validity check failed with exception: " + e2.toString());
                return null;
            }
        } catch (SAMLException e3) {
            logDebug("Could not parse SAML response: " + e3.toString());
            return null;
        } catch (IOException e4) {
            logDebug("Could not decode SAML response: " + e4.toString());
            return null;
        }
    }

    private String dereferenceArtifact(SAMLAssertingPartyConfig sAMLAssertingPartyConfig, String str) {
        SAMLKeyManager sAMLKeyManager = this.keyManager;
        PrivateKey privateKey = null;
        Certificate[] certificateArr = null;
        if (sAMLKeyManager != null) {
            SAMLKeyManager.KeyInfo sSLClientIdentityKeyInfo = sAMLKeyManager.getSSLClientIdentityKeyInfo();
            if (sSLClientIdentityKeyInfo != null) {
                privateKey = sSLClientIdentityKeyInfo.getKey();
                certificateArr = sSLClientIdentityKeyInfo.getChain();
            } else {
                logDebug("Unable to get SSL Client Identity Key Info");
            }
        }
        String sourceIdFromArtifact = getSourceIdFromArtifact(str);
        if (sourceIdFromArtifact == null) {
            logDebug("Unable to decode artifact");
            return null;
        }
        if (sAMLAssertingPartyConfig == null) {
            sAMLAssertingPartyConfig = this.partnerManager.findAssertingPartyBySourceId(sourceIdFromArtifact);
            if (sAMLAssertingPartyConfig == null) {
                logDebug("Can't find partner for source ID '" + sourceIdFromArtifact + Expression.QUOTE);
                return null;
            }
        } else if (!sourceIdFromArtifact.equals(sAMLAssertingPartyConfig.getSourceIdHex())) {
            logDebug("Source ID from artifact does not match source ID configured for partner '" + sAMLAssertingPartyConfig.getPartnerId() + Expression.QUOTE);
            return null;
        }
        String assertionRetrievalURL = sAMLAssertingPartyConfig.getAssertionRetrievalURL();
        if (assertionRetrievalURL == null) {
            logDebug("Partner '" + sAMLAssertingPartyConfig.getPartnerId() + "' does not have an assertion retrieval URL configured");
            return null;
        }
        String basicAuthCredentials = getBasicAuthCredentials(sAMLAssertingPartyConfig);
        logDebug("dereferenceArtifact(): artifact is '" + str + Expression.QUOTE);
        logDebug("dereferenceArtifact(): sourceID is '" + sourceIdFromArtifact + Expression.QUOTE);
        logDebug("dereferenceArtifact(): retrieval URL is '" + assertionRetrievalURL + Expression.QUOTE);
        logDebug("dereferenceArtifact(): basic auth credentials " + (basicAuthCredentials != null ? "are" : "are not") + " configured");
        SAMLRequest sAMLRequest = new SAMLRequest();
        sAMLRequest.addArtifact(str);
        logDebug("Created SAMLRequest");
        try {
            logDebug("Sending request to source site");
            SAMLResponse send = new SAMLSOAPBinding().send(sAMLRequest, assertionRetrievalURL, privateKey, certificateArr, basicAuthCredentials);
            logDebug("Got response from source site");
            Iterator assertions = send.getAssertions();
            if (!assertions.hasNext()) {
                logDebug("Response has no assertions");
                return null;
            }
            SAMLAssertion sAMLAssertion = (SAMLAssertion) assertions.next();
            logDebug("Got assertion from response");
            return sAMLAssertion.toString();
        } catch (SAMLException e) {
            logDebug("Exception while sending/receiving request/response: " + e.toString());
            return null;
        }
    }

    private String getSourceIdFromArtifact(String str) {
        if (str == null || str.length() == 0) {
            return null;
        }
        try {
            byte[] base64Decode = SAMLUtil.base64Decode(str);
            if (base64Decode == null || base64Decode.length != 42) {
                return null;
            }
            byte[] bArr = new byte[20];
            for (int i = 0; i < 20; i++) {
                bArr[i] = base64Decode[i + 2];
            }
            return new SAMLSourceId(bArr).getSourceIdHex();
        } catch (IOException e) {
            return null;
        }
    }

    private String getBasicAuthCredentials(SAMLAssertingPartyConfig sAMLAssertingPartyConfig) {
        String aRSUsername = sAMLAssertingPartyConfig.getARSUsername();
        String aRSPassword = sAMLAssertingPartyConfig.getARSPassword();
        if ((aRSUsername == null || aRSUsername.length() <= 0) && (aRSPassword == null || aRSPassword.length() <= 0)) {
            return null;
        }
        return SAMLUtil.base64Encode((aRSUsername + ":" + aRSPassword).getBytes());
    }

    public SAMLAssertingPartyConfig lookupPartner(String str) {
        return this.partnerManager.findAssertingParty(str);
    }
}
