package com.bea.common.security.saml.registry;

import com.bea.common.logger.spi.LoggerSpi;
import com.bea.common.security.ProvidersLogger;
import com.bea.common.security.SecurityLogger;
import com.bea.common.security.legacy.spi.LegacyEncryptorSpi;
import com.bea.common.security.service.JAXPFactoryService;
import com.bea.common.store.bootstrap.BootStrapService;
import com.bea.common.store.bootstrap.Entry;
import com.bea.common.store.service.StoreService;
import com.bea.xml_.impl.jam.xml.JamXmlElements;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Properties;
import java.util.Set;
import java.util.StringTokenizer;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerConfigurationException;
import javax.xml.transform.TransformerException;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import javax.xml.transform.stream.StreamSource;
import javax.xml.validation.SchemaFactory;
import javax.xml.validation.Validator;
import org.eclipse.persistence.jpa.rs.MatrixParameters;
import org.w3c.dom.DOMException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import org.xml.sax.ErrorHandler;
import org.xml.sax.SAXException;
import org.xml.sax.SAXParseException;
import weblogic.management.utils.CreateException;
import weblogic.management.utils.ErrorCollectionException;
import weblogic.management.utils.InvalidCursorException;
import weblogic.management.utils.InvalidParameterException;
import weblogic.management.utils.NotFoundException;
import weblogic.security.providers.utils.BusinessObjectListerManager;
import weblogic.security.providers.utils.GenericEntryConverter;
import weblogic.security.providers.utils.ListerManager;
import weblogic.security.providers.utils.Utils;
import weblogic.security.providers.utils.UtilsJAXP;
import weblogic.security.spi.SecurityServices;

/* loaded from: input_file:com/bea/common/security/saml/registry/SAMLPartnerRegHelper.class */
public class SAMLPartnerRegHelper {
    private static final String FORMAT_XML_REGISTRY = "XML Partner Registry";
    private static final String FORMAT_KEYSTORE = "JKS KeyStore";
    private static final String FORMAT_LDIFTEMPLATE = "LDIF Template";
    private static final String PASSWORDS_CONSTRAINT = "passwords";
    private static final String CLEAR_PASSWORDS = "cleartext";
    private static final String DSIG_SCHEMA_PATH = "opensaml/schemas/xmldsig-core-schema.xsd";
    private static final String SAML_PARTNER_RIGISTRY_SCHEMA_PATH = "saml-partner-registry.xsd";
    private LoggerSpi log;
    private String registryName;
    private SecurityServices securityServices;
    private StoreService storeService;
    private BootStrapService bootStrapService;
    private LegacyEncryptorSpi legacyEncryptor;
    private JAXPFactoryService jaxpFactoryService;
    private BusinessObjectListerManager listerManager = new BusinessObjectListerManager();
    private Validator xmlSchemaValidator;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/bea/common/security/saml/registry/SAMLPartnerRegHelper$ImportExportConstraints.class */
    public class ImportExportConstraints {
        private static final String PARTNERS = "Partners";
        private static final String CERTIFICATES = "Certificates";
        private static final String IMPORT_MODE = "ImportMode";
        private static final String PASSWORDS_CONSTRAINT = "Passwords";
        private static final String CONSTRAINT_VALUE_ALL = "all";
        private static final String CONSTRAINT_VALUE_NONE = "none";
        private static final String CONSTRAINT_VALUE_ENABLED = "enabled";
        private static final String CONSTRAINT_VALUE_DISABLED = "disabled";
        private static final String CONSTRAINT_VALUE_REFERENCED = "referenced";
        public static final int PARTNER_CONSTRAINT_TYPE_ALL = 0;
        public static final int PARTNER_CONSTRAINT_TYPE_NONE = 1;
        public static final int PARTNER_CONSTRAINT_TYPE_ENABLED = 2;
        public static final int PARTNER_CONSTRAINT_TYPE_DISABLED = 3;
        public static final int PARTNER_CONSTRAINT_TYPE_LIST = 4;
        public static final int CERTIFICATE_CONSTRAINT_TYPE_ALL = 0;
        public static final int CERTIFICATE_CONSTRAINT_TYPE_NONE = 1;
        public static final int CERTIFICATE_CONSTRAINT_TYPE_REFERENCED = 2;
        public static final int CERTIFICATE_CONSTRAINT_TYPE_LIST = 3;
        private static final String IMPORT_MODE_VALUE_RENAME = "rename";
        private static final String IMPORT_MODE_VALUE_UPDATE = "replace";
        private static final String IMPORT_MODE_VALUE_FAIL = "fail";
        private static final int IMPORT_MODE_TYPE_RENAME = 0;
        private static final int IMPORT_MODE_TYPE_UPDATE = 1;
        private static final int IMPORT_MODE_TYPE_FAIL = 2;
        private static final String PASSWORDS_CLEARTEXT = "cleartext";
        public static final String DELIMITER = ",";
        private Properties constraints;
        private int partnerConstraintType = 0;
        private int certificateConstraintType = 0;
        private int importModeType = 2;
        private HashSet partnerIds = null;
        private HashSet certificateAliases = null;
        private String passwordsConstraint = null;

        public ImportExportConstraints(Properties properties) {
            this.constraints = properties;
            parseConstraints();
        }

        private void parseConstraints() {
            SAMLPartnerRegHelper.this.debug("Registry Constraints parsing", "Parsing import/export Constraints");
            if (this.constraints == null) {
                SAMLPartnerRegHelper.this.debug("Registry Constraints parsing", "No constraints specified, using default constaint value");
                return;
            }
            String property = this.constraints.getProperty(PARTNERS, "all");
            if (property.equalsIgnoreCase("all")) {
                this.partnerConstraintType = 0;
            } else if (property.equalsIgnoreCase("none")) {
                this.partnerConstraintType = 1;
            } else if (property.equalsIgnoreCase("enabled")) {
                this.partnerConstraintType = 2;
            } else if (property.equalsIgnoreCase("disabled")) {
                this.partnerConstraintType = 3;
            } else {
                this.partnerConstraintType = 4;
                this.partnerIds = parsingList(property);
            }
            String property2 = this.constraints.getProperty(CERTIFICATES, "all");
            if (property2.equalsIgnoreCase("all")) {
                this.certificateConstraintType = 0;
            } else if (property2.equalsIgnoreCase("none")) {
                this.certificateConstraintType = 1;
            } else if (property2.equalsIgnoreCase(CONSTRAINT_VALUE_REFERENCED)) {
                this.certificateConstraintType = 2;
            } else {
                this.certificateConstraintType = 3;
                this.certificateAliases = parsingList(property2);
            }
            String property3 = this.constraints.getProperty(IMPORT_MODE, "fail");
            if (property3.equalsIgnoreCase(IMPORT_MODE_VALUE_RENAME)) {
                this.importModeType = 0;
            } else if (property3.equalsIgnoreCase("replace")) {
                this.importModeType = 1;
            } else if (property3.equalsIgnoreCase("fail")) {
                this.importModeType = 2;
            }
            this.passwordsConstraint = this.constraints.getProperty("Passwords");
            if (this.passwordsConstraint != null) {
                this.passwordsConstraint = this.passwordsConstraint.trim();
            }
            SAMLPartnerRegHelper.this.debug("Registry Constraints parsing", "Partner Constraint type is " + this.partnerConstraintType);
            SAMLPartnerRegHelper.this.debug("Registry Constraints parsing", "Certificate Constraint type is " + this.certificateConstraintType);
            SAMLPartnerRegHelper.this.debug("Registry Constraints parsing", "Import Mode type is " + this.importModeType);
            SAMLPartnerRegHelper.this.debug("Registry Constraints parsing", "Passwords Constraint is " + this.passwordsConstraint);
        }

        private HashSet parsingList(String str) {
            HashSet hashSet = new HashSet();
            StringTokenizer stringTokenizer = new StringTokenizer(str, ",");
            while (stringTokenizer.hasMoreTokens()) {
                hashSet.add(stringTokenizer.nextToken().trim());
            }
            return hashSet;
        }

        public int getPartnerConstraintType() {
            return this.partnerConstraintType;
        }

        public int getCertificateConstraintType() {
            return this.certificateConstraintType;
        }

        public boolean isRenameMode() {
            return this.importModeType == 0;
        }

        public boolean isUpdateMode() {
            return this.importModeType == 1;
        }

        public boolean isFailMode() {
            return this.importModeType == 2;
        }

        public Set getPartnerIds() {
            return (Set) this.partnerIds.clone();
        }

        public Set getCertificateAliases() {
            return (Set) this.certificateAliases.clone();
        }

        public boolean isPasswordsCleartext() {
            return this.passwordsConstraint != null && this.passwordsConstraint.equalsIgnoreCase("cleartext");
        }
    }

    /* loaded from: input_file:com/bea/common/security/saml/registry/SAMLPartnerRegHelper$myBackupErrorHandler.class */
    public class myBackupErrorHandler implements ErrorHandler {
        private LoggerSpi log;
        private String method;
        private String registryName;

        public myBackupErrorHandler(LoggerSpi loggerSpi, String str, String str2) {
            this.log = loggerSpi;
            this.registryName = str;
            this.method = str2;
        }

        @Override // org.xml.sax.ErrorHandler
        public void error(SAXParseException sAXParseException) throws SAXException {
            if (this.log == null || !this.log.isDebugEnabled()) {
                return;
            }
            this.log.debug(this.registryName + "." + this.method + ": Error loading alternate SAML partner registry schema");
        }

        @Override // org.xml.sax.ErrorHandler
        public void fatalError(SAXParseException sAXParseException) throws SAXException {
            if (this.log == null || !this.log.isDebugEnabled()) {
                return;
            }
            this.log.debug(this.registryName + "." + this.method + ": Fatal error loading alternate SAML partner registry schema");
        }

        @Override // org.xml.sax.ErrorHandler
        public void warning(SAXParseException sAXParseException) throws SAXException {
            if (this.log == null || !this.log.isDebugEnabled()) {
                return;
            }
            this.log.debug(this.registryName + "." + this.method + ": Warning received while loading alternate SAML partner registry schema");
        }
    }

    /* loaded from: input_file:com/bea/common/security/saml/registry/SAMLPartnerRegHelper$myErrorHandler.class */
    public class myErrorHandler implements ErrorHandler {
        private LoggerSpi log;
        private String method;
        private String registryName;

        public myErrorHandler(LoggerSpi loggerSpi, String str, String str2) {
            this.log = loggerSpi;
            this.method = str2;
            this.registryName = str;
        }

        @Override // org.xml.sax.ErrorHandler
        public void error(SAXParseException sAXParseException) throws SAXException {
            if (this.log != null && this.log.isDebugEnabled()) {
                this.log.debug(this.registryName + "." + this.method + ": Error loading SAML partner registry schema, using alternate");
            }
            throw sAXParseException;
        }

        @Override // org.xml.sax.ErrorHandler
        public void fatalError(SAXParseException sAXParseException) throws SAXException {
            if (this.log == null || !this.log.isDebugEnabled()) {
                return;
            }
            this.log.debug(this.registryName + "." + this.method + ": Fatal error loading SAML partner registry schema");
        }

        @Override // org.xml.sax.ErrorHandler
        public void warning(SAXParseException sAXParseException) throws SAXException {
            if (this.log == null || !this.log.isDebugEnabled()) {
                return;
            }
            this.log.debug(this.registryName + "." + this.method + ": Warning received while loading SAML partner registry schema");
        }
    }

    protected boolean isDebug() {
        if (this.log == null) {
            return false;
        }
        return this.log.isDebugEnabled();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void debug(String str, String str2) {
        if (this.log == null) {
            return;
        }
        String str3 = this.registryName + "." + str + ": " + str2;
        if (this.log.isDebugEnabled()) {
            this.log.debug(str3);
        }
    }

    public SAMLPartnerRegHelper(LoggerSpi loggerSpi, String str, SecurityServices securityServices) {
        this.log = null;
        this.registryName = null;
        this.securityServices = null;
        this.storeService = null;
        this.bootStrapService = null;
        this.legacyEncryptor = null;
        this.jaxpFactoryService = null;
        this.log = loggerSpi;
        this.registryName = str;
        this.securityServices = securityServices;
        this.storeService = Utils.getStoreService(securityServices);
        this.bootStrapService = Utils.getBootStrapService(securityServices);
        this.legacyEncryptor = Utils.getLegacyEncryptorSpi(securityServices);
        this.jaxpFactoryService = UtilsJAXP.getJAXPFactoryService(securityServices);
        if (isDebug()) {
            debug(JamXmlElements.CONSTRUCTOR, "succeeded.");
        }
    }

    private Validator getXMLSchemaValidator() {
        if (this.xmlSchemaValidator == null) {
            SchemaFactory newInstance = SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema");
            try {
                newInstance.setErrorHandler(new myErrorHandler(this.log, this.registryName, "getXMLSchemaValidator"));
                InputStream resourceAsStream = getClass().getClassLoader().getResourceAsStream(SAML_PARTNER_RIGISTRY_SCHEMA_PATH);
                if (resourceAsStream == null) {
                    throw new RuntimeException(ProvidersLogger.getSAMLCouldNotLoadPartnerRegistryFile(SAML_PARTNER_RIGISTRY_SCHEMA_PATH));
                }
                this.xmlSchemaValidator = newInstance.newSchema(new StreamSource(resourceAsStream)).newValidator();
            } catch (SAXParseException e) {
                return getLocalXMLSchemaValidator();
            } catch (SAXException e2) {
                throw new RuntimeException(ProvidersLogger.getSAMLCouldNotGeneratePartnerRegistryFile(e2.getMessage()));
            }
        }
        return this.xmlSchemaValidator;
    }

    private Validator getLocalXMLSchemaValidator() {
        if (this.xmlSchemaValidator == null) {
            SchemaFactory newInstance = SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema");
            try {
                newInstance.setErrorHandler(new myBackupErrorHandler(this.log, this.registryName, "getLocalXMLSchemaValidator"));
                InputStream resourceAsStream = getClass().getClassLoader().getResourceAsStream(DSIG_SCHEMA_PATH);
                if (resourceAsStream == null) {
                    throw new RuntimeException("Can not load dsig core schema file");
                }
                InputStream resourceAsStream2 = getClass().getClassLoader().getResourceAsStream(SAML_PARTNER_RIGISTRY_SCHEMA_PATH);
                if (resourceAsStream2 == null) {
                    throw new RuntimeException("Can not load SAML partner registry schema file");
                }
                this.xmlSchemaValidator = newInstance.newSchema(new StreamSource[]{new StreamSource(resourceAsStream), new StreamSource(resourceAsStream2)}).newValidator();
            } catch (SAXException e) {
                if (isDebug()) {
                    debug("getLocalXMLSchemaValidator", " Can not load SAML partner registry schema file and/or dsig core schema file: " + e.getMessage());
                }
                throw new RuntimeException(" Can not load SAML partner registry schema file and/or dsig core schema file: " + e.getMessage());
            }
        }
        return this.xmlSchemaValidator;
    }

    public String listBegin(Object obj, String str, int i) throws InvalidParameterException, InvalidCursorException {
        String listPartners;
        if (obj instanceof SAMLCertRegLDAPDelegate) {
            SAMLCertRegLDAPDelegate sAMLCertRegLDAPDelegate = (SAMLCertRegLDAPDelegate) obj;
            if (isDebug()) {
                debug("listBegin", "listing certificates: wildcard=" + str + ", maxToReturn=" + i);
            }
            listPartners = sAMLCertRegLDAPDelegate.listCertificates(this.listerManager, str, i);
        } else {
            if (!(obj instanceof SAMLPartnerRegistry)) {
                throw new InvalidParameterException(SecurityLogger.getEmptyOrNullCertificateAliasWildcard());
            }
            SAMLPartnerRegistry sAMLPartnerRegistry = (SAMLPartnerRegistry) obj;
            if (isDebug()) {
                debug("listBegin", "listing partners: wildcard=" + str + ", maxToReturn=" + i);
            }
            listPartners = sAMLPartnerRegistry.listPartners(this.listerManager, str, i);
        }
        if (isDebug()) {
            debug("listBegin", "returning " + listPartners);
        }
        return listPartners;
    }

    public boolean listHaveCurrent(String str) throws InvalidCursorException {
        if (isDebug()) {
            debug("listHaveCurrent", "cursor=" + str);
        }
        boolean haveCurrent = ListerManager.haveCurrent(str);
        if (isDebug()) {
            debug("listHaveCurrent", "returning " + haveCurrent);
        }
        return haveCurrent;
    }

    public String listGetCurrentName(String str) throws InvalidCursorException {
        if (isDebug()) {
            debug("listGetCurrentName", "cursor=" + str);
        }
        String str2 = (String) this.listerManager.getCurrentBusinessObject(str);
        if (isDebug()) {
            debug("listGetCurrentName", "returning " + str2);
        }
        return str2;
    }

    public void listAdvance(String str) throws InvalidCursorException {
        if (isDebug()) {
            debug("listAdvance", "cursor=" + str);
        }
        ListerManager.advance(str);
    }

    public void listClose(String str) throws InvalidCursorException {
        if (isDebug()) {
            debug("listClose", "cursor=" + str);
        }
        ListerManager.close(str);
    }

    private static void validateParams(String str, String str2, Properties properties) throws InvalidParameterException {
        validateFormat(str);
        validateFilename(str2);
        validateConstraints(properties);
    }

    private static void validateFormat(String str) throws InvalidParameterException {
        if (str == null || !(str.equals(FORMAT_XML_REGISTRY) || str.equals("JKS KeyStore") || str.equals("LDIF Template"))) {
            throw new InvalidParameterException(ProvidersLogger.getSAMLInvalidImpExpFormat());
        }
    }

    private static void validateFilename(String str) throws InvalidParameterException {
        if (str == null || str.length() < 1) {
            throw new InvalidParameterException(SecurityLogger.getEmptyOrNullFileName());
        }
    }

    private static void validateConstraints(Properties properties) throws InvalidParameterException {
    }

    public void importData(SAMLCertRegLDAPDelegate sAMLCertRegLDAPDelegate, SAMLPartnerRegistry sAMLPartnerRegistry, String str, String str2, Properties properties) throws InvalidParameterException, ErrorCollectionException {
        validateParams(str, str2, properties);
        if (str.equals("JKS KeyStore")) {
            sAMLCertRegLDAPDelegate.importData(str, str2, null);
        } else {
            if (!str.equals(FORMAT_XML_REGISTRY)) {
                throw new InvalidParameterException(SecurityLogger.getInvalidFormat(str));
            }
            importDataXMLRegistry(sAMLPartnerRegistry, sAMLCertRegLDAPDelegate, str2, properties);
        }
    }

    public void exportData(SAMLCertRegLDAPDelegate sAMLCertRegLDAPDelegate, SAMLPartnerRegistry sAMLPartnerRegistry, String str, String str2, Properties properties) throws InvalidParameterException, ErrorCollectionException {
        validateParams(str, str2, properties);
        if (str.equalsIgnoreCase("LDIF Template")) {
            exportPartnerRegistryDataLDIF(sAMLPartnerRegistry, sAMLCertRegLDAPDelegate, str2, properties);
        } else if (str.equals("JKS KeyStore")) {
            sAMLCertRegLDAPDelegate.exportData(str, str2, null);
        } else if (str.equals(FORMAT_XML_REGISTRY)) {
            exportDataXMLRegistry(sAMLPartnerRegistry, sAMLCertRegLDAPDelegate, str2, properties);
        }
    }

    private void importCertificate(SAMLCertRegLDAPDelegate sAMLCertRegLDAPDelegate, SAMLPartnerCertificate sAMLPartnerCertificate, ImportExportConstraints importExportConstraints) throws InvalidParameterException, ErrorCollectionException {
        String alias = sAMLPartnerCertificate.getAlias();
        X509Certificate cert = sAMLPartnerCertificate.getCert();
        if (importExportConstraints.isUpdateMode() && sAMLCertRegLDAPDelegate.aliasExists(alias)) {
            debug("importCertificate", "update certificate with alias: " + alias);
            try {
                sAMLCertRegLDAPDelegate.unregisterCertificate(alias);
            } catch (NotFoundException e) {
            }
        }
        debug("importCertificate", "register certificate with alias: " + alias);
        sAMLCertRegLDAPDelegate.registerCertificate(alias, cert);
    }

    private void validateCertificateAlias(SAMLCertRegLDAPDelegate sAMLCertRegLDAPDelegate, String str) throws InvalidParameterException {
        if (str != null && str.length() > 0 && !sAMLCertRegLDAPDelegate.aliasExists(str)) {
            throw new InvalidParameterException(ProvidersLogger.getSAMLNoCertForAlias(str));
        }
    }

    private void validateCertificateAliasReferences(SAMLCertRegLDAPDelegate sAMLCertRegLDAPDelegate, SAMLPartnerEntry sAMLPartnerEntry) throws InvalidParameterException {
        if (sAMLPartnerEntry instanceof SAMLAssertingPartyEntry) {
            SAMLAssertingPartyEntry sAMLAssertingPartyEntry = (SAMLAssertingPartyEntry) sAMLPartnerEntry;
            validateCertificateAlias(sAMLCertRegLDAPDelegate, sAMLAssertingPartyEntry.getAssertionSigningCertAlias());
            validateCertificateAlias(sAMLCertRegLDAPDelegate, sAMLAssertingPartyEntry.getProtocolSigningCertAlias());
        } else if (sAMLPartnerEntry instanceof SAMLRelyingPartyEntry) {
            validateCertificateAlias(sAMLCertRegLDAPDelegate, ((SAMLRelyingPartyEntry) sAMLPartnerEntry).getSSLClientCertAlias());
        }
    }

    private void savePartnerEntry(SAMLPartnerRegistry sAMLPartnerRegistry, SAMLPartnerEntry sAMLPartnerEntry, SAMLCertRegLDAPDelegate sAMLCertRegLDAPDelegate, boolean z, boolean z2) throws InvalidParameterException, CreateException, NotFoundException {
        if (sAMLPartnerEntry.isEnabled()) {
            try {
                validateCertificateAliasReferences(sAMLCertRegLDAPDelegate, sAMLPartnerEntry);
                debug("savePartnerEntry", "Certificate alias reference validation passed");
                if (z) {
                    sAMLPartnerRegistry.addPartner(sAMLPartnerEntry, z2);
                } else {
                    sAMLPartnerRegistry.updatePartner(sAMLPartnerEntry);
                }
                debug("savePartnerEntry", "Save partner " + sAMLPartnerEntry.getPartnerId() + " success");
                return;
            } catch (InvalidParameterException e) {
                debug("savePartnerEntry", "Save enabled partner failed, InvalidParameterException: " + e.getMessage());
                debug("savePartnerEntry", "Disable the partner and try to save it");
                sAMLPartnerEntry.setEnabled(false);
            }
        }
        if (z) {
            sAMLPartnerRegistry.addPartner(sAMLPartnerEntry, z2);
        } else {
            sAMLPartnerRegistry.updatePartner(sAMLPartnerEntry);
        }
        debug("savePartnerEntry", "Save partner " + sAMLPartnerEntry.getPartnerId() + " success");
    }

    private void importPartnerEntry(SAMLPartnerRegistry sAMLPartnerRegistry, SAMLPartnerEntry sAMLPartnerEntry, ImportExportConstraints importExportConstraints, SAMLCertRegLDAPDelegate sAMLCertRegLDAPDelegate) throws InvalidParameterException, ErrorCollectionException {
        String partnerId = sAMLPartnerEntry.getPartnerId();
        try {
            if (!sAMLPartnerRegistry.partnerExists(partnerId)) {
                debug("importPartnerEntry", "add partner with partnerId: " + partnerId);
                savePartnerEntry(sAMLPartnerRegistry, sAMLPartnerEntry, sAMLCertRegLDAPDelegate, true, false);
            } else {
                if (importExportConstraints.isFailMode()) {
                    String sAMLImportTerminateInFailMode = ProvidersLogger.getSAMLImportTerminateInFailMode(partnerId);
                    debug("importPartnerEntry", sAMLImportTerminateInFailMode);
                    throw new ErrorCollectionException(sAMLImportTerminateInFailMode);
                }
                if (importExportConstraints.isRenameMode()) {
                    debug("importPartnerEntry", "Renaming the partner before added to the registry");
                    savePartnerEntry(sAMLPartnerRegistry, sAMLPartnerEntry, sAMLCertRegLDAPDelegate, true, true);
                } else if (importExportConstraints.isUpdateMode()) {
                    debug("importPartnerEntry", "Update the partner entry with the same Id: " + partnerId);
                    savePartnerEntry(sAMLPartnerRegistry, sAMLPartnerEntry, sAMLCertRegLDAPDelegate, false, true);
                }
            }
        } catch (CreateException e) {
            debug("importPartnerEntry", "CreationException: " + e.getMessage());
            throw new ErrorCollectionException(e);
        } catch (InvalidParameterException e2) {
            debug("importPartnerEntry", "InvalidParameterException: " + e2.getMessage());
            throw e2;
        } catch (NotFoundException e3) {
            debug("importPartnerEntry", "CreationException: " + e3.getMessage());
            throw new ErrorCollectionException(e3);
        }
    }

    private void importDataXMLRegistry(SAMLPartnerRegistry sAMLPartnerRegistry, SAMLCertRegLDAPDelegate sAMLCertRegLDAPDelegate, String str, Properties properties) throws InvalidParameterException, ErrorCollectionException {
        if (str == null || str.length() == 0) {
            throw new InvalidParameterException(SecurityLogger.getEmptyOrNullFileName());
        }
        File file = new File(str);
        if (file.isDirectory() || !file.canRead() || file.length() == 0) {
            throw new InvalidParameterException(SecurityLogger.getUnableToReadFile(file.getAbsolutePath()));
        }
        DocumentBuilderFactory newDocumentBuilderFactory = this.jaxpFactoryService.newDocumentBuilderFactory();
        newDocumentBuilderFactory.setNamespaceAware(true);
        try {
            Document parse = newDocumentBuilderFactory.newDocumentBuilder().parse(file);
            debug("importDataXMLRegistry", "XML docuement parse success");
            getXMLSchemaValidator().validate(new DOMSource(parse));
            debug("importDataXMLRegistry", "XML document validation success");
            ImportExportConstraints importExportConstraints = new ImportExportConstraints(properties);
            SAMLPartnerEntry[] resolveImportPartners = resolveImportPartners(sAMLPartnerRegistry, parse.getElementsByTagNameNS(SAMLXMLUtil.SPR_NAME_SPACE_URI, sAMLPartnerRegistry instanceof SAMLAssertingPartyRegistry ? SAMLXMLUtil.ASSERTING_PARTY : SAMLXMLUtil.RELYING_PARTY), importExportConstraints);
            SAMLPartnerCertificate[] resolveImportPartnerCertificates = resolveImportPartnerCertificates(getPartnerCertificates(parse.getElementsByTagNameNS(SAMLXMLUtil.SPR_NAME_SPACE_URI, SAMLXMLUtil.PARTNER_CERTIFICATE)), importExportConstraints, sAMLCertRegLDAPDelegate, resolveImportPartners);
            SAMLPartnerCertificate[] resolveImportNameConflicts = resolveImportNameConflicts(sAMLPartnerRegistry, resolveImportPartners, sAMLCertRegLDAPDelegate, resolveImportPartnerCertificates, importExportConstraints);
            if (resolveImportNameConflicts != null) {
                debug("importDataXMLRegistry", "Import partner certificates, total " + resolveImportPartnerCertificates.length);
                for (SAMLPartnerCertificate sAMLPartnerCertificate : resolveImportNameConflicts) {
                    importCertificate(sAMLCertRegLDAPDelegate, sAMLPartnerCertificate, importExportConstraints);
                }
            }
            if (resolveImportPartners != null) {
                debug("importDataXMLRegistry", "Import partner entries, total " + resolveImportPartners.length);
                for (SAMLPartnerEntry sAMLPartnerEntry : resolveImportPartners) {
                    importPartnerEntry(sAMLPartnerRegistry, sAMLPartnerEntry, importExportConstraints, sAMLCertRegLDAPDelegate);
                }
            }
        } catch (IOException e) {
            debug("importDataXMLRegistry", "IOException: " + e.getMessage());
            throw new ErrorCollectionException(e);
        } catch (ParserConfigurationException e2) {
            debug("importDataXMLRegistry", "ParseConfigurationException: " + e2.getMessage());
            throw new ErrorCollectionException(e2);
        } catch (SAXException e3) {
            debug("importDataXMLRegistry", "SAXException: " + e3.getMessage());
            throw new ErrorCollectionException(e3);
        }
    }

    private SAMLPartnerCertificate[] getPartnerCertificates(NodeList nodeList) throws InvalidParameterException, ErrorCollectionException {
        if (nodeList == null || nodeList.getLength() == 0) {
            debug("getPartnerCertificates", "Partner Certificate node list is empty.");
            return new SAMLPartnerCertificate[0];
        }
        int length = nodeList.getLength();
        SAMLPartnerCertificate[] sAMLPartnerCertificateArr = new SAMLPartnerCertificate[length];
        for (int i = 0; i < length; i++) {
            sAMLPartnerCertificateArr[i] = new SAMLPartnerCertificate(this.log, (Element) nodeList.item(i));
        }
        return sAMLPartnerCertificateArr;
    }

    private SAMLPartnerCertificate[] resolveImportPartnerCertificates(SAMLPartnerCertificate[] sAMLPartnerCertificateArr, ImportExportConstraints importExportConstraints, SAMLCertRegLDAPDelegate sAMLCertRegLDAPDelegate, SAMLPartnerEntry[] sAMLPartnerEntryArr) throws InvalidParameterException, ErrorCollectionException {
        SAMLPartnerCertificate[] sAMLPartnerCertificateArr2;
        int certificateConstraintType = importExportConstraints.getCertificateConstraintType();
        if (certificateConstraintType == 1) {
            sAMLPartnerCertificateArr2 = new SAMLPartnerCertificate[0];
        } else if (certificateConstraintType == 0) {
            sAMLPartnerCertificateArr2 = sAMLPartnerCertificateArr;
        } else {
            Set set = null;
            if (certificateConstraintType == 3) {
                set = importExportConstraints.getCertificateAliases();
            } else if (certificateConstraintType == 2) {
                set = referencedCertificateAliases(sAMLPartnerEntryArr);
            }
            int length = sAMLPartnerCertificateArr.length;
            ArrayList arrayList = new ArrayList();
            for (int i = 0; i < length; i++) {
                String alias = sAMLPartnerCertificateArr[i].getAlias();
                if (set.contains(alias)) {
                    arrayList.add(sAMLPartnerCertificateArr[i]);
                    set.remove(alias);
                }
            }
            if (!set.isEmpty()) {
                String sAMLImportFailForCouldNotLocateFromFile = ProvidersLogger.getSAMLImportFailForCouldNotLocateFromFile("certificate", set.toString());
                debug("resolveImportPartnerCertificates", sAMLImportFailForCouldNotLocateFromFile);
                throw new ErrorCollectionException(sAMLImportFailForCouldNotLocateFromFile);
            }
            sAMLPartnerCertificateArr2 = (SAMLPartnerCertificate[]) arrayList.toArray(new SAMLPartnerCertificate[arrayList.size()]);
        }
        debug("resolveImportPartnerCertificates", "SAML Partner Certificates, total: " + sAMLPartnerCertificateArr2.length);
        return sAMLPartnerCertificateArr2;
    }

    private SAMLPartnerCertificate[] resolveImportNameConflicts(SAMLPartnerRegistry sAMLPartnerRegistry, SAMLPartnerEntry[] sAMLPartnerEntryArr, SAMLCertRegLDAPDelegate sAMLCertRegLDAPDelegate, SAMLPartnerCertificate[] sAMLPartnerCertificateArr, ImportExportConstraints importExportConstraints) throws InvalidParameterException, ErrorCollectionException {
        boolean z;
        if (importExportConstraints.isFailMode()) {
            for (int i = 0; i < sAMLPartnerEntryArr.length; i++) {
                if (sAMLPartnerRegistry.partnerExists(sAMLPartnerEntryArr[i].getPartnerId())) {
                    debug("resolveImportNameConflicts", "Partner " + sAMLPartnerEntryArr[i].getPartnerId() + " already exists, Import operation fail.");
                    throw new ErrorCollectionException(ProvidersLogger.getSAMLImportFailForAlreadyExists(MatrixParameters.JPARS_RELATIONSHIP_PARTNER, sAMLPartnerEntryArr[i].getPartnerId()));
                }
            }
            ArrayList arrayList = new ArrayList();
            for (int i2 = 0; i2 < sAMLPartnerCertificateArr.length; i2++) {
                if (sAMLCertRegLDAPDelegate.aliasExists(sAMLPartnerCertificateArr[i2].getAlias())) {
                    try {
                        if (!sAMLCertRegLDAPDelegate.getCertificateFromAlias(sAMLPartnerCertificateArr[i2].getAlias()).equals(sAMLPartnerCertificateArr[i2].getCert())) {
                            debug("resolveImportNameConflicts", "Partner Certificate " + sAMLPartnerCertificateArr[i2].getAlias() + " already exists, Import operation fail.");
                            throw new ErrorCollectionException(ProvidersLogger.getSAMLImportFailForAlreadyExists("certificate", sAMLPartnerCertificateArr[i2].getAlias()));
                        }
                        SecurityLogger.logWarningCertificateAlreadyExists(this.log, sAMLPartnerCertificateArr[i2].getAlias());
                    } catch (NotFoundException e) {
                        debug("resolveImportNameConflicts", "Error getting certificate from registry " + sAMLPartnerCertificateArr[i2].getAlias() + ", Import operation fail.");
                        throw new ErrorCollectionException(ProvidersLogger.getSAMLImportFailForCouldNotLocateFromRegistry("certificate", sAMLPartnerCertificateArr[i2].getAlias()));
                    }
                } else {
                    arrayList.add(sAMLPartnerCertificateArr[i2]);
                }
            }
            return (SAMLPartnerCertificate[]) arrayList.toArray(new SAMLPartnerCertificate[arrayList.size()]);
        }
        if (importExportConstraints.isUpdateMode()) {
            return sAMLPartnerCertificateArr;
        }
        HashMap hashMap = new HashMap();
        do {
            z = false;
            HashSet hashSet = new HashSet();
            for (SAMLPartnerCertificate sAMLPartnerCertificate : sAMLPartnerCertificateArr) {
                hashSet.add(sAMLPartnerCertificate.getAlias());
            }
            hashSet.addAll(referencedCertificateAliases(sAMLPartnerEntryArr));
            for (int i3 = 0; i3 < sAMLPartnerCertificateArr.length; i3++) {
                String alias = sAMLPartnerCertificateArr[i3].getAlias();
                hashSet.remove(alias);
                String resolveCertificateAliasConflict = sAMLCertRegLDAPDelegate.resolveCertificateAliasConflict(alias, hashSet);
                if (resolveCertificateAliasConflict.equals(alias)) {
                    hashSet.add(resolveCertificateAliasConflict);
                } else {
                    z = true;
                    debug("resolveImportNameConflicts", "Certificate Alias " + alias + " is changed to " + resolveCertificateAliasConflict);
                    hashSet.add(resolveCertificateAliasConflict);
                    hashMap.put(alias, resolveCertificateAliasConflict);
                    sAMLPartnerCertificateArr[i3].setAlias(resolveCertificateAliasConflict);
                }
            }
        } while (z);
        updateCertificateReferences(sAMLPartnerRegistry, sAMLPartnerEntryArr, hashMap);
        return sAMLPartnerCertificateArr;
    }

    private String trackAliasChange(String str, HashMap hashMap) {
        Object obj = hashMap.get(str);
        while (true) {
            String str2 = (String) obj;
            if (str2 == null) {
                return str;
            }
            str = str2;
            obj = hashMap.get(str);
        }
    }

    private void updateCertificateReferences(SAMLPartnerRegistry sAMLPartnerRegistry, SAMLPartnerEntry[] sAMLPartnerEntryArr, HashMap hashMap) {
        SAMLRelyingPartyEntry sAMLRelyingPartyEntry;
        String sSLClientCertAlias;
        for (int i = 0; i < sAMLPartnerEntryArr.length; i++) {
            if (sAMLPartnerEntryArr[i] instanceof SAMLAssertingPartyEntry) {
                SAMLAssertingPartyEntry sAMLAssertingPartyEntry = (SAMLAssertingPartyEntry) sAMLPartnerEntryArr[i];
                String assertionSigningCertAlias = sAMLAssertingPartyEntry.getAssertionSigningCertAlias();
                if (assertionSigningCertAlias != null && assertionSigningCertAlias.length() > 0) {
                    String trackAliasChange = trackAliasChange(assertionSigningCertAlias, hashMap);
                    if (!trackAliasChange.equals(assertionSigningCertAlias)) {
                        debug("updateCertificateReferences", "change partner referenced certificate alias from " + assertionSigningCertAlias + " to " + trackAliasChange);
                        sAMLAssertingPartyEntry.setAssertionSigningCertAlias(trackAliasChange);
                    }
                }
                String protocolSigningCertAlias = sAMLAssertingPartyEntry.getProtocolSigningCertAlias();
                if (protocolSigningCertAlias != null && protocolSigningCertAlias.length() > 0) {
                    String trackAliasChange2 = trackAliasChange(protocolSigningCertAlias, hashMap);
                    if (!trackAliasChange2.equals(protocolSigningCertAlias)) {
                        debug("updateCertificateReferences", "change partner referenced certificate alias from " + protocolSigningCertAlias + " to " + trackAliasChange2);
                        sAMLAssertingPartyEntry.setProtocolSigningCertAlias(trackAliasChange2);
                    }
                }
            } else if ((sAMLPartnerEntryArr[i] instanceof SAMLRelyingPartyEntry) && (sSLClientCertAlias = (sAMLRelyingPartyEntry = (SAMLRelyingPartyEntry) sAMLPartnerEntryArr[i]).getSSLClientCertAlias()) != null && sSLClientCertAlias.length() > 0) {
                String trackAliasChange3 = trackAliasChange(sSLClientCertAlias, hashMap);
                if (!trackAliasChange3.equals(sSLClientCertAlias)) {
                    debug("updateCertificateReferences", "change partner referenced certificate alias from " + sSLClientCertAlias + " to " + trackAliasChange3);
                    sAMLRelyingPartyEntry.setSSLClientCertAlias(trackAliasChange3);
                }
            }
        }
    }

    private SAMLPartnerEntry[] resolveImportPartners(SAMLPartnerRegistry sAMLPartnerRegistry, NodeList nodeList, ImportExportConstraints importExportConstraints) throws InvalidParameterException, ErrorCollectionException {
        String partnerId;
        if (nodeList == null || nodeList.getLength() == 0) {
            debug("resolveImportPartners", "No partner elements in the XML document");
            return new SAMLPartnerEntry[0];
        }
        int partnerConstraintType = importExportConstraints.getPartnerConstraintType();
        if (partnerConstraintType == 1) {
            debug("resolveImportPartners", "Partner Constriants is none");
            return new SAMLPartnerEntry[0];
        }
        int length = nodeList.getLength();
        SAMLPartnerEntry[] sAMLPartnerEntryArr = new SAMLPartnerEntry[length];
        String[] entryAttributes = sAMLPartnerRegistry.getEntryAttributes();
        for (int i = 0; i < length; i++) {
            sAMLPartnerEntryArr[i] = sAMLPartnerRegistry.makeNewEntryInstance();
            sAMLPartnerEntryArr[i].setAttributesFromDOMElement((Element) nodeList.item(i), entryAttributes);
        }
        Set partnerIds = partnerConstraintType == 4 ? importExportConstraints.getPartnerIds() : null;
        ArrayList arrayList = new ArrayList();
        for (int i2 = 0; i2 < length; i2++) {
            if (partnerConstraintType == 0) {
                arrayList.add(sAMLPartnerEntryArr[i2]);
            } else if (partnerConstraintType == 2) {
                if (sAMLPartnerEntryArr[i2].isEnabled()) {
                    arrayList.add(sAMLPartnerEntryArr[i2]);
                }
            } else if (partnerConstraintType == 3) {
                if (!sAMLPartnerEntryArr[i2].isEnabled()) {
                    arrayList.add(sAMLPartnerEntryArr[i2]);
                }
            } else if (partnerConstraintType == 4 && (partnerId = sAMLPartnerEntryArr[i2].getPartnerId()) != null && partnerIds.contains(partnerId)) {
                arrayList.add(sAMLPartnerEntryArr[i2]);
                partnerIds.remove(partnerId);
            }
        }
        if (partnerConstraintType == 4 && !partnerIds.isEmpty()) {
            debug("resolveImportPartners", "Can not locate SAML partners " + partnerIds + " in the import xml document, import operation abort!");
            throw new ErrorCollectionException(ProvidersLogger.getSAMLImportFailForCouldNotLocateFromFile(MatrixParameters.JPARS_RELATIONSHIP_PARTNER, partnerIds.toString()));
        }
        SAMLPartnerEntry[] sAMLPartnerEntryArr2 = (SAMLPartnerEntry[]) arrayList.toArray(new SAMLPartnerEntry[arrayList.size()]);
        debug("resolveImportPartners", "resolved  SAML Partner Entries, total: " + sAMLPartnerEntryArr2.length);
        return sAMLPartnerEntryArr2;
    }

    private void exportDataXMLRegistry(SAMLPartnerRegistry sAMLPartnerRegistry, SAMLCertRegLDAPDelegate sAMLCertRegLDAPDelegate, String str, Properties properties) throws InvalidParameterException, ErrorCollectionException {
        ImportExportConstraints importExportConstraints = new ImportExportConstraints(properties);
        SAMLPartnerEntry[] resolveExportPartners = resolveExportPartners(sAMLPartnerRegistry, importExportConstraints);
        debug("exportDataXMLRegistry", "Export SAML Partners, total: " + resolveExportPartners.length);
        String[] resolveExportCertificateAliases = resolveExportCertificateAliases(sAMLCertRegLDAPDelegate, importExportConstraints, resolveExportPartners);
        debug("exportDataXMLRegistry", "Export Partner Certificates, total: " + resolveExportCertificateAliases.length);
        exportDataToXML(str, sAMLPartnerRegistry, resolveExportPartners, sAMLCertRegLDAPDelegate, resolveExportCertificateAliases, importExportConstraints);
    }

    private void exportDataToXML(String str, SAMLPartnerRegistry sAMLPartnerRegistry, SAMLPartnerEntry[] sAMLPartnerEntryArr, SAMLCertRegLDAPDelegate sAMLCertRegLDAPDelegate, String[] strArr, ImportExportConstraints importExportConstraints) throws InvalidParameterException, ErrorCollectionException {
        String str2;
        String str3;
        ErrorCollectionException errorCollectionException = new ErrorCollectionException("SAML Export DATA");
        DocumentBuilderFactory newDocumentBuilderFactory = this.jaxpFactoryService.newDocumentBuilderFactory();
        newDocumentBuilderFactory.setNamespaceAware(true);
        try {
            Document newDocument = newDocumentBuilderFactory.newDocumentBuilder().newDocument();
            if (sAMLPartnerRegistry instanceof SAMLAssertingPartyRegistry) {
                str2 = "spr:AssertingPartyRegistry";
                str3 = "spr:AssertingParty";
            } else {
                str2 = "spr:RelyingPartyRegistry";
                str3 = "spr:RelyingParty";
            }
            try {
                Element createElement = newDocument.createElement(str2);
                newDocument.appendChild(createElement);
                createElement.setAttribute(SAMLXMLUtil.XMLNS_SPR, SAMLXMLUtil.SPR_NAME_SPACE_URI);
                createElement.setAttribute(SAMLXMLUtil.XMLNS_DS, SAMLXMLUtil.DS_NAME_SPACE_URI);
                for (String str4 : strArr) {
                    debug("exportDataToXML", "Exporting certificate: " + str4);
                    Element generatePartnerCertificateElement = generatePartnerCertificateElement(newDocument, sAMLCertRegLDAPDelegate, str4);
                    if (generatePartnerCertificateElement != null) {
                        createElement.appendChild(generatePartnerCertificateElement);
                    }
                }
                for (int i = 0; i < sAMLPartnerEntryArr.length; i++) {
                    debug("exportDataToXML", "Exporting partner entry: " + sAMLPartnerEntryArr[i].getPartnerId());
                    createElement.appendChild(sAMLPartnerEntryArr[i].getAttributesAsDOMElement(newDocument, str3, sAMLPartnerRegistry.getEntryAttributes(), importExportConstraints.isPasswordsCleartext()));
                }
                try {
                    try {
                        Transformer newTransformer = this.jaxpFactoryService.newTransformerFactory().newTransformer();
                        DOMSource dOMSource = new DOMSource(newDocument);
                        FileOutputStream fileOutputStream = new FileOutputStream(new File(str));
                        try {
                            newTransformer.transform(dOMSource, new StreamResult(fileOutputStream));
                            fileOutputStream.close();
                        } catch (TransformerException e) {
                            debug("exportDataToXML", "Export data to xml, TransformerException: " + e.getMessage());
                            errorCollectionException.add(e);
                            throw errorCollectionException;
                        }
                    } catch (TransformerConfigurationException e2) {
                        debug("exportDataToXML", "Export data to xml, TransformerConfigurationException: " + e2.getMessage());
                        errorCollectionException.add(e2);
                        throw errorCollectionException;
                    }
                } catch (IOException e3) {
                    debug("exportDataToXML", "Export data to xml, IOException: " + e3.getMessage());
                    errorCollectionException.add(e3);
                    throw errorCollectionException;
                }
            } catch (DOMException e4) {
                debug("exportDataToXML", "Export data to xml, DOMException: " + e4.getMessage());
                errorCollectionException.add(e4);
                throw errorCollectionException;
            }
        } catch (ParserConfigurationException e5) {
            debug("exportDataToXML", "Export data to xml, ParseConfigurationException: " + e5.getMessage());
            errorCollectionException.add(e5);
            throw errorCollectionException;
        }
    }

    private Element generatePartnerCertificateElement(Document document, SAMLCertRegLDAPDelegate sAMLCertRegLDAPDelegate, String str) throws InvalidParameterException, DOMException {
        try {
            X509Certificate certificateFromAlias = sAMLCertRegLDAPDelegate.getCertificateFromAlias(str);
            if (certificateFromAlias == null) {
                return null;
            }
            debug("generatePartnerCertificateElement", "Certificate alias: " + str);
            return new SAMLPartnerCertificate(this.log, str, certificateFromAlias).toDOMElement(document);
        } catch (InvalidParameterException e) {
            debug("generatePartnerCertificateElement", "InvalidParameterException: " + e.getMessage());
            throw e;
        } catch (NotFoundException e2) {
            debug("generatePartnerCertificateElement", "NotFoundException: " + e2.getMessage());
            throw new InvalidParameterException(ProvidersLogger.getSAMLImportFailForCouldNotLocateFromRegistry("certificate", str));
        }
    }

    private String[] getAllCertificateAliasesFromRegistry(SAMLCertRegLDAPDelegate sAMLCertRegLDAPDelegate) throws InvalidParameterException, ErrorCollectionException {
        ArrayList arrayList = new ArrayList();
        try {
            String listBegin = listBegin(sAMLCertRegLDAPDelegate, "*", 0);
            while (listHaveCurrent(listBegin)) {
                arrayList.add(listGetCurrentName(listBegin));
                listAdvance(listBegin);
            }
            listClose(listBegin);
            return (String[]) arrayList.toArray(new String[arrayList.size()]);
        } catch (InvalidCursorException e) {
            ErrorCollectionException errorCollectionException = new ErrorCollectionException("GetAllCertificateAliasFromRegistry");
            errorCollectionException.add(e);
            throw errorCollectionException;
        }
    }

    private String[] resolveExportCertificateAliases(SAMLCertRegLDAPDelegate sAMLCertRegLDAPDelegate, ImportExportConstraints importExportConstraints, SAMLPartnerEntry[] sAMLPartnerEntryArr) throws InvalidParameterException, ErrorCollectionException {
        int certificateConstraintType = importExportConstraints.getCertificateConstraintType();
        if (certificateConstraintType == 0) {
            return getAllCertificateAliasesFromRegistry(sAMLCertRegLDAPDelegate);
        }
        if (certificateConstraintType == 1) {
            return new String[0];
        }
        if (certificateConstraintType == 3) {
            return (String[]) importExportConstraints.getCertificateAliases().toArray(new String[0]);
        }
        if (certificateConstraintType != 2) {
            return new String[0];
        }
        Set referencedCertificateAliases = referencedCertificateAliases(sAMLPartnerEntryArr);
        return (String[]) referencedCertificateAliases.toArray(new String[referencedCertificateAliases.size()]);
    }

    private SAMLPartnerEntry[] resolveExportPartners(SAMLPartnerRegistry sAMLPartnerRegistry, ImportExportConstraints importExportConstraints) throws InvalidParameterException {
        int partnerConstraintType = importExportConstraints.getPartnerConstraintType();
        if (partnerConstraintType == 1) {
            return new SAMLPartnerEntry[0];
        }
        HashSet hashSet = new HashSet();
        String[] strArr = (String[]) (partnerConstraintType == 4 ? importExportConstraints.getPartnerIds() : sAMLPartnerRegistry.getAllPartnerIds()).toArray(new String[0]);
        for (int i = 0; i < strArr.length; i++) {
            try {
                SAMLPartnerEntry partner = sAMLPartnerRegistry.getPartner(strArr[i]);
                if (partner != null) {
                    if (partnerConstraintType == 4 || partnerConstraintType == 0) {
                        debug("resolveExportPartners", "Include partner: " + partner.getPartnerId());
                        hashSet.add(partner);
                    } else if (partnerConstraintType == 2) {
                        if (partner.isEnabled()) {
                            debug("resolveExportPartners", "Include partner: " + partner.getPartnerId());
                            hashSet.add(partner);
                        }
                    } else if (partnerConstraintType == 3 && !partner.isEnabled()) {
                        debug("resolveExportPartners", "Include partner: " + partner.getPartnerId());
                        hashSet.add(partner);
                    }
                }
            } catch (InvalidParameterException e) {
                debug("resolveExportPartners", "InvalidParameterException: " + e.getMessage());
                throw e;
            } catch (NotFoundException e2) {
                debug("resolveExportPartners", "NotFoundException: " + e2.getMessage());
                throw new InvalidParameterException(ProvidersLogger.getSAMLCouldNotLocateFromRegistry(MatrixParameters.JPARS_RELATIONSHIP_PARTNER, strArr[i]));
            }
        }
        SAMLPartnerEntry[] sAMLPartnerEntryArr = (SAMLPartnerEntry[]) hashSet.toArray(new SAMLPartnerEntry[0]);
        debug("resolveExportPartners", "return SAMLPartnerEntry[" + sAMLPartnerEntryArr.length + "]");
        return sAMLPartnerEntryArr;
    }

    private void exportPartnerRegistryDataLDIF(SAMLPartnerRegistry sAMLPartnerRegistry, SAMLCertRegLDAPDelegate sAMLCertRegLDAPDelegate, String str, Properties properties) throws InvalidParameterException, ErrorCollectionException {
        List<Entry> convertToLDIFEntries;
        List<Entry> convertToLDIFEntries2;
        GenericEntryConverter createEntryConverter = createEntryConverter(sAMLPartnerRegistry);
        createEntryConverter.setClearTextExport(hasClearPasswordConstraint(properties));
        String str2 = sAMLPartnerRegistry instanceof SAMLAssertingPartyRegistry ? "IdentityAsserter" : "SAMLCredentialMapper";
        ArrayList arrayList = new ArrayList();
        try {
            List searchPartnerByWildcard = sAMLPartnerRegistry.searchPartnerByWildcard("*");
            if (searchPartnerByWildcard != null && (convertToLDIFEntries2 = createEntryConverter.convertToLDIFEntries(searchPartnerByWildcard)) != null) {
                arrayList.addAll(convertToLDIFEntries2);
            }
            List searchCertificatesByAliasFilter = sAMLCertRegLDAPDelegate.searchCertificatesByAliasFilter("*");
            if (searchCertificatesByAliasFilter != null && (convertToLDIFEntries = createEntryConverter.convertToLDIFEntries(searchCertificatesByAliasFilter)) != null) {
                arrayList.addAll(convertToLDIFEntries);
            }
            this.bootStrapService.exportSAMLDataToLDIFT(this.log, str2, str, sAMLPartnerRegistry.getDomainName(), sAMLPartnerRegistry.getRealmName(), arrayList);
        } catch (Throwable th) {
            if (isDebug()) {
                debug("exportPartnerRegistryDataLDIF", "failed." + th.getMessage());
            }
            throw new ErrorCollectionException(ProvidersLogger.getSAMLCouldNotExportPartner(th.getMessage()));
        }
    }

    private GenericEntryConverter createEntryConverter(SAMLPartnerRegistry sAMLPartnerRegistry) {
        return sAMLPartnerRegistry instanceof SAMLAssertingPartyRegistry ? new SAMLAssertingPartyEntryConverter(this.log, this.legacyEncryptor) : new SAMLRelyingPartyEntryConverter(this.log, this.legacyEncryptor);
    }

    private boolean hasClearPasswordConstraint(Properties properties) {
        String property;
        return (properties == null || properties.size() == 0 || (property = properties.getProperty(PASSWORDS_CONSTRAINT)) == null || !property.equalsIgnoreCase("cleartext")) ? false : true;
    }

    public void loadInitialLDIFData(String str, SAMLPartnerRegistry sAMLPartnerRegistry, SAMLCertRegLDAPDelegate sAMLCertRegLDAPDelegate) {
        try {
            this.bootStrapService.importSAMLDataLDIFT(this.log, this.storeService, createEntryConverter(sAMLPartnerRegistry), str, sAMLPartnerRegistry.getDomainName(), sAMLPartnerRegistry.getRealmName());
        } catch (Exception e) {
            if (isDebug()) {
                debug("loadInitialLDIFData", "failed." + e.getMessage());
            }
        }
    }

    private static Set referencedCertificateAliases(SAMLPartnerEntry[] sAMLPartnerEntryArr) {
        String sSLClientCertAlias;
        HashSet hashSet = new HashSet();
        for (int i = 0; i < sAMLPartnerEntryArr.length; i++) {
            if (sAMLPartnerEntryArr[i] instanceof SAMLAssertingPartyEntry) {
                SAMLAssertingPartyEntry sAMLAssertingPartyEntry = (SAMLAssertingPartyEntry) sAMLPartnerEntryArr[i];
                String assertionSigningCertAlias = sAMLAssertingPartyEntry.getAssertionSigningCertAlias();
                if (assertionSigningCertAlias != null && assertionSigningCertAlias.length() > 0) {
                    hashSet.add(assertionSigningCertAlias);
                }
                String protocolSigningCertAlias = sAMLAssertingPartyEntry.getProtocolSigningCertAlias();
                if (protocolSigningCertAlias != null && protocolSigningCertAlias.length() > 0) {
                    hashSet.add(protocolSigningCertAlias);
                }
            } else if ((sAMLPartnerEntryArr[i] instanceof SAMLRelyingPartyEntry) && (sSLClientCertAlias = ((SAMLRelyingPartyEntry) sAMLPartnerEntryArr[i]).getSSLClientCertAlias()) != null && sSLClientCertAlias.length() > 0) {
                hashSet.add(sSLClientCertAlias);
            }
        }
        return hashSet;
    }
}
