package weblogic.security.internal;

import com.bea.common.security.SecurityLogger;
import com.bea.common.security.internal.service.ServiceLogger;
import com.bea.common.security.legacy.spi.SAMLSingleSignOnServiceConfigInfoSpi;
import com.bea.common.security.saml.manager.SAMLKeyManager;
import com.bea.common.security.saml.utils.SAMLSourceId;
import com.bea.common.security.saml.utils.SAMLUtil;
import java.security.AccessController;
import java.util.Properties;
import weblogic.descriptor.BeanUpdateEvent;
import weblogic.descriptor.BeanUpdateFailedException;
import weblogic.descriptor.BeanUpdateRejectedException;
import weblogic.descriptor.DescriptorBean;
import weblogic.management.configuration.FederationServicesMBean;
import weblogic.management.provider.ManagementService;
import weblogic.management.security.RealmMBean;
import weblogic.management.security.authentication.AuthenticationProviderMBean;
import weblogic.management.security.credentials.CredentialMapperMBean;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.providers.saml.SAMLAssertionStore;
import weblogic.security.providers.saml.SAMLBeanUpdateListener;
import weblogic.security.providers.saml.SAMLCredentialMapperMBean;
import weblogic.security.providers.saml.SAMLCredentialMapperV2MBean;
import weblogic.security.providers.saml.SAMLIdentityAsserterMBean;
import weblogic.security.providers.saml.SAMLIdentityAsserterV2MBean;
import weblogic.security.providers.saml.SAMLUsedAssertionCache;
import weblogic.security.service.PrivilegedActions;
import weblogic.security.shared.LoggerWrapper;
import weblogic.security.spi.ProviderInitializationException;

/* loaded from: input_file:weblogic/security/internal/SAMLSingleSignOnServiceConfigInfoImpl.class */
public class SAMLSingleSignOnServiceConfigInfoImpl implements SAMLSingleSignOnServiceConfigInfoSpi, SAMLBeanUpdateListener.UpdateListener {
    private FederationServicesMBean fsMBean;
    private SAMLCredentialMapperMBean cmMBean;
    private SAMLIdentityAsserterMBean iaMBean;
    private boolean sourceSiteDisabled;
    private boolean sourceSiteInitted;
    private boolean destinationSiteDisabled;
    private boolean destinationSiteInitted;
    private boolean isInitted;
    private boolean listenForUpdates;
    private static final int CONFIG_NONE = 0;
    private static final int CONFIG_V1 = 1;
    private static final int CONFIG_V2 = 2;
    private int configVersion;
    private String[] itsURIs;
    private String[] arsURIs;
    private String sourceSiteURL;
    private String sourceIdHex;
    private byte[] sourceIdBytes;
    private String assertionStoreClassName;
    private Properties assertionStoreProperties;
    private String[] acsURIs;
    private String usedAssertionCacheClassName;
    private Properties usedAssertionCacheProperties;
    private static final AuthenticatedSubject kernelId = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());
    private static LoggerWrapper LOGGER = LoggerWrapper.getInstance("SecuritySAMLService");

    /* JADX INFO: Access modifiers changed from: protected */
    public static void logDebug(String str, String str2, String str3) {
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug(str + "." + str2 + "(): " + str3);
        }
    }

    private static void logDebug(String str, String str2) {
        logDebug("SAMLSingleSignOnServiceConfigInfoImpl", str, str2);
    }

    public SAMLSingleSignOnServiceConfigInfoImpl() {
        this(true);
    }

    public SAMLSingleSignOnServiceConfigInfoImpl(boolean z) {
        this.fsMBean = null;
        this.cmMBean = null;
        this.iaMBean = null;
        this.sourceSiteDisabled = false;
        this.sourceSiteInitted = false;
        this.destinationSiteDisabled = false;
        this.destinationSiteInitted = false;
        this.isInitted = false;
        this.listenForUpdates = false;
        this.configVersion = 0;
        this.itsURIs = null;
        this.arsURIs = null;
        this.sourceSiteURL = null;
        this.sourceIdHex = null;
        this.sourceIdBytes = null;
        this.assertionStoreClassName = null;
        this.assertionStoreProperties = null;
        this.acsURIs = null;
        this.usedAssertionCacheClassName = null;
        this.usedAssertionCacheProperties = null;
        this.listenForUpdates = z;
        initialize();
    }

    private void initialize() {
        this.fsMBean = ManagementService.getRuntimeAccess(kernelId).getServer().getFederationServices();
        RealmMBean defaultRealm = ManagementService.getRuntimeAccess(kernelId).getDomain().getSecurityConfiguration().getDefaultRealm();
        AuthenticationProviderMBean authenticationProviderMBean = null;
        AuthenticationProviderMBean authenticationProviderMBean2 = null;
        AuthenticationProviderMBean[] authenticationProviders = defaultRealm.getAuthenticationProviders();
        for (int i = 0; authenticationProviders != null && i < authenticationProviders.length; i++) {
            if (authenticationProviders[i] instanceof SAMLIdentityAsserterMBean) {
                authenticationProviderMBean = authenticationProviders[i];
            } else if (authenticationProviders[i] instanceof SAMLIdentityAsserterV2MBean) {
                authenticationProviderMBean2 = authenticationProviders[i];
            }
        }
        CredentialMapperMBean credentialMapperMBean = null;
        CredentialMapperMBean credentialMapperMBean2 = null;
        CredentialMapperMBean[] credentialMappers = defaultRealm.getCredentialMappers();
        for (int i2 = 0; credentialMappers != null && i2 < credentialMappers.length; i2++) {
            if (credentialMappers[i2] instanceof SAMLCredentialMapperMBean) {
                credentialMapperMBean = credentialMappers[i2];
            } else if (credentialMappers[i2] instanceof SAMLCredentialMapperV2MBean) {
                credentialMapperMBean2 = credentialMappers[i2];
            }
        }
        if ((authenticationProviderMBean != null || credentialMapperMBean != null) && (authenticationProviderMBean2 != null || credentialMapperMBean2 != null)) {
            throw new IllegalStateException(ServiceLogger.getSAMLV1AndV2BothConfigured());
        }
        if (authenticationProviderMBean != null || credentialMapperMBean != null) {
            this.configVersion = 1;
            this.iaMBean = (SAMLIdentityAsserterMBean) authenticationProviderMBean;
            this.cmMBean = (SAMLCredentialMapperMBean) credentialMapperMBean;
        } else if (authenticationProviderMBean2 != null || credentialMapperMBean2 != null) {
            this.configVersion = 2;
        }
        if (authenticationProviderMBean2 == null && authenticationProviderMBean == null) {
            this.destinationSiteDisabled = true;
        }
        if (credentialMapperMBean2 == null && credentialMapperMBean == null) {
            this.sourceSiteDisabled = true;
        }
        validateConfiguration();
        updateConfiguration();
        if (this.listenForUpdates) {
            setupListeners();
        }
        this.isInitted = true;
    }

    private void setupListeners() {
        if (this.cmMBean == null && this.iaMBean == null) {
            SAMLBeanUpdateListener.registerListener(this.fsMBean, this, "SAMLSingleSignOnServiceConfigInfoImpl", null);
        }
        if (this.cmMBean != null) {
            SAMLBeanUpdateListener.registerListener(this.cmMBean, this, "SAMLSingleSignOnServiceConfigInfoImpl", null);
        }
        if (this.iaMBean != null) {
            SAMLBeanUpdateListener.registerListener(this.iaMBean, this, "SAMLSingleSignOnServiceConfigInfoImpl", null);
        }
    }

    private void validateConfiguration() {
        if (this.configVersion == 2) {
            validateFederationServices(this.fsMBean);
        }
        if (this.configVersion == 1) {
            if (this.cmMBean != null) {
                validateCredentialMapper(this.cmMBean);
            }
            if (this.iaMBean != null) {
                validateIdentityAsserter(this.iaMBean);
            }
        }
    }

    private void updateConfiguration() {
        if (this.configVersion == 2 && this.fsMBean != null) {
            updateFederationServices(this.fsMBean);
        }
        if (this.configVersion == 1) {
            if (this.cmMBean != null) {
                updateCredentialMapper(this.cmMBean);
            }
            if (this.iaMBean != null) {
                updateIdentityAsserter(this.iaMBean);
            }
        }
    }

    @Override // weblogic.security.providers.saml.SAMLBeanUpdateListener.UpdateListener
    public void prepareBeanUpdate(BeanUpdateEvent beanUpdateEvent) throws BeanUpdateRejectedException {
        DescriptorBean proposedBean = beanUpdateEvent.getProposedBean();
        logDebug("listener", "prepareBeanUpdate() called");
        try {
            if (proposedBean instanceof FederationServicesMBean) {
                validateFederationServices((FederationServicesMBean) proposedBean);
            }
            if (proposedBean instanceof SAMLCredentialMapperMBean) {
                validateCredentialMapper((SAMLCredentialMapperMBean) proposedBean);
            }
            if (proposedBean instanceof SAMLIdentityAsserterMBean) {
                validateIdentityAsserter((SAMLIdentityAsserterMBean) proposedBean);
            }
            logDebug("listener", "prepareBeanUpdate() succeeded");
        } catch (Exception e) {
            logDebug("listener", "prepareBeanUpdate() failed: " + e.getMessage());
            throw new BeanUpdateRejectedException(e.toString());
        }
    }

    @Override // weblogic.security.providers.saml.SAMLBeanUpdateListener.UpdateListener
    public void handleBeanUpdate(BeanUpdateEvent beanUpdateEvent) throws BeanUpdateFailedException {
        DescriptorBean sourceBean = beanUpdateEvent.getSourceBean();
        logDebug("listener", "handleBeanUpdate() called");
        try {
            if (sourceBean instanceof FederationServicesMBean) {
                updateFederationServices((FederationServicesMBean) sourceBean);
            }
            if (sourceBean instanceof SAMLCredentialMapperMBean) {
                updateCredentialMapper((SAMLCredentialMapperMBean) sourceBean);
            }
            if (sourceBean instanceof SAMLIdentityAsserterMBean) {
                updateIdentityAsserter((SAMLIdentityAsserterMBean) sourceBean);
            }
            logDebug("listener", "Update succeeded");
        } catch (Exception e) {
            logDebug("listener", "Update failed");
            throw new BeanUpdateFailedException(e.toString());
        }
    }

    @Override // weblogic.security.providers.saml.SAMLBeanUpdateListener.UpdateListener
    public void rollbackBeanUpdate(BeanUpdateEvent beanUpdateEvent) {
        logDebug("listener", "rollbackBeanUpdate() called, nothing to do");
    }

    private void validateFederationServices(FederationServicesMBean federationServicesMBean) throws ProviderInitializationException {
        validateSourceSite(federationServicesMBean.isSourceSiteEnabled(), federationServicesMBean.getAssertionStoreClassName(), federationServicesMBean.getAssertionStoreProperties(), federationServicesMBean.getSourceSiteURL());
        validateDestinationSite(federationServicesMBean.isDestinationSiteEnabled(), federationServicesMBean.isPOSTOneUseCheckEnabled(), federationServicesMBean.getUsedAssertionCacheClassName(), federationServicesMBean.getUsedAssertionCacheProperties());
        SAMLKeyManager manager = SAMLKeyManager.getManager();
        if (manager != null) {
            String signingKeyAlias = federationServicesMBean.getSigningKeyAlias();
            if (!manager.checkProtocolKeyConfiguration(signingKeyAlias, federationServicesMBean.getSigningKeyPassPhrase())) {
                throw new ProviderInitializationException(ServiceLogger.getSAMLInvalidSigningKey(signingKeyAlias));
            }
            String sSLClientIdentityAlias = federationServicesMBean.getSSLClientIdentityAlias();
            if (!manager.checkSSLCLIENTKeyConfiguration(sSLClientIdentityAlias, federationServicesMBean.getSSLClientIdentityPassPhrase())) {
                throw new ProviderInitializationException(ServiceLogger.getSAMLInvalidSSLKey(sSLClientIdentityAlias));
            }
        }
    }

    private void updateFederationServices(FederationServicesMBean federationServicesMBean) {
        logDebug("updateFederationServices", "Initializing static source site params");
        this.itsURIs = federationServicesMBean.getIntersiteTransferURIs();
        this.arsURIs = federationServicesMBean.getAssertionRetrievalURIs();
        this.assertionStoreClassName = federationServicesMBean.getAssertionStoreClassName();
        this.assertionStoreProperties = federationServicesMBean.getAssertionStoreProperties();
        this.sourceSiteInitted = true;
        logDebug("updateFederationServices", "Initializing static destination site params");
        this.acsURIs = federationServicesMBean.getAssertionConsumerURIs();
        this.usedAssertionCacheClassName = federationServicesMBean.getUsedAssertionCacheClassName();
        this.usedAssertionCacheProperties = federationServicesMBean.getUsedAssertionCacheProperties();
        this.destinationSiteInitted = true;
        SAMLSourceId instantiateSourceId = instantiateSourceId(federationServicesMBean.getSourceSiteURL());
        if (instantiateSourceId != null) {
            this.sourceIdHex = instantiateSourceId.getSourceIdHex();
            this.sourceIdBytes = instantiateSourceId.getSourceIdBytes();
        }
        SAMLKeyManager manager = SAMLKeyManager.getManager();
        if (manager != null) {
            String signingKeyAlias = federationServicesMBean.getSigningKeyAlias();
            String signingKeyPassPhrase = federationServicesMBean.getSigningKeyPassPhrase();
            if (signingKeyAlias != null && !signingKeyAlias.equals("")) {
                logDebug("updateFederationServices", "Setting SigningKey: " + signingKeyAlias);
                if (signingKeyPassPhrase == null) {
                    signingKeyPassPhrase = "";
                }
                manager.setProtocolKeyAliasInfo(signingKeyAlias, signingKeyPassPhrase);
            }
            String sSLClientIdentityAlias = federationServicesMBean.getSSLClientIdentityAlias();
            String sSLClientIdentityPassPhrase = federationServicesMBean.getSSLClientIdentityPassPhrase();
            if (sSLClientIdentityAlias == null || sSLClientIdentityAlias.equals("")) {
                return;
            }
            logDebug("updateFederationServices", "Setting SSLClientKey: " + sSLClientIdentityAlias);
            if (sSLClientIdentityPassPhrase == null) {
                sSLClientIdentityPassPhrase = "";
            }
            manager.setSSLClientKeyAliasInfo(sSLClientIdentityAlias, sSLClientIdentityPassPhrase);
        }
    }

    private synchronized void validateCredentialMapper(SAMLCredentialMapperMBean sAMLCredentialMapperMBean) throws ProviderInitializationException {
        validateSourceSite(sAMLCredentialMapperMBean.isArtifactEnabled(), sAMLCredentialMapperMBean.getAssertionStoreClassName(), sAMLCredentialMapperMBean.getAssertionStoreProperties(), sAMLCredentialMapperMBean.getSourceSiteURL());
    }

    private synchronized void updateCredentialMapper(SAMLCredentialMapperMBean sAMLCredentialMapperMBean) throws ProviderInitializationException {
        this.itsURIs = sAMLCredentialMapperMBean.getIntersiteTransferURIs();
        this.arsURIs = sAMLCredentialMapperMBean.getAssertionRetrievalURIs();
        this.assertionStoreClassName = sAMLCredentialMapperMBean.getAssertionStoreClassName();
        this.assertionStoreProperties = sAMLCredentialMapperMBean.getAssertionStoreProperties();
        this.sourceSiteInitted = true;
        SAMLSourceId instantiateSourceId = instantiateSourceId(sAMLCredentialMapperMBean.getSourceSiteURL());
        if (instantiateSourceId == null) {
            return;
        }
        this.sourceIdHex = instantiateSourceId.getSourceIdHex();
        this.sourceIdBytes = instantiateSourceId.getSourceIdBytes();
    }

    private synchronized void validateIdentityAsserter(SAMLIdentityAsserterMBean sAMLIdentityAsserterMBean) throws ProviderInitializationException {
        validateDestinationSite(sAMLIdentityAsserterMBean.isPostEnabled(), sAMLIdentityAsserterMBean.isEnforceOneUsePolicy(), sAMLIdentityAsserterMBean.getUsedAssertionCacheClassName(), sAMLIdentityAsserterMBean.getUsedAssertionCacheProperties());
    }

    public void updateIdentityAsserter(SAMLIdentityAsserterMBean sAMLIdentityAsserterMBean) throws ProviderInitializationException {
        this.acsURIs = sAMLIdentityAsserterMBean.getAssertionConsumerURIs();
        this.usedAssertionCacheClassName = sAMLIdentityAsserterMBean.getUsedAssertionCacheClassName();
        this.usedAssertionCacheProperties = sAMLIdentityAsserterMBean.getUsedAssertionCacheProperties();
        this.destinationSiteInitted = true;
    }

    private void validateSourceSite(boolean z, String str, Properties properties, String str2) throws ProviderInitializationException {
        if (z) {
            if (str != null && str.length() != 0) {
                try {
                    SAMLAssertionStore sAMLAssertionStore = (SAMLAssertionStore) SAMLUtil.instantiatePlugin(str, SAMLAssertionStore.class.getName());
                    if (sAMLAssertionStore != null) {
                        sAMLAssertionStore.initStore(properties);
                    }
                } catch (Exception e) {
                    throw new ProviderInitializationException(SecurityLogger.logSAMLAssertionCacheInitFailLoggable(str, e).getFormattedMessageBody());
                }
            }
            if (str2 == null || str2.length() == 0) {
                throw new ProviderInitializationException(ServiceLogger.getSAMLInvalidSourceSiteConfig("URL"));
            }
            if (instantiateSourceId(str2) == null) {
                throw new ProviderInitializationException(ServiceLogger.getSAMLInvalidSourceSiteConfig("source id"));
            }
        }
    }

    private void validateDestinationSite(boolean z, boolean z2, String str, Properties properties) throws ProviderInitializationException {
        if (!z || !z2 || str == null || str.length() == 0) {
            return;
        }
        try {
            SAMLUsedAssertionCache sAMLUsedAssertionCache = (SAMLUsedAssertionCache) SAMLUtil.instantiatePlugin(str, SAMLUsedAssertionCache.class.getName());
            if (sAMLUsedAssertionCache != null) {
                sAMLUsedAssertionCache.initCache(properties);
            }
        } catch (Exception e) {
            throw new ProviderInitializationException(SecurityLogger.logSAMLAssertionCacheInitFailLoggable(str, e).getFormattedMessageBody());
        }
    }

    private SAMLSourceId instantiateSourceId(String str) throws ProviderInitializationException {
        if (str == null || str.equals("")) {
            return null;
        }
        try {
            return new SAMLSourceId(str);
        } catch (IllegalArgumentException e) {
            return null;
        }
    }

    @Override // com.bea.common.security.legacy.spi.SAMLSingleSignOnServiceConfigInfoSpi
    public boolean isV1Config() {
        return this.configVersion == 1;
    }

    @Override // com.bea.common.security.legacy.spi.SAMLSingleSignOnServiceConfigInfoSpi
    public boolean isV2Config() {
        return this.configVersion == 2;
    }

    @Override // com.bea.common.security.legacy.spi.SAMLSingleSignOnServiceConfigInfoSpi
    public byte[] getSourceIdBytes() {
        return this.sourceIdBytes;
    }

    @Override // com.bea.common.security.legacy.spi.SAMLSingleSignOnServiceConfigInfoSpi
    public String getSourceIdHex() {
        return this.sourceIdHex;
    }

    @Override // com.bea.common.security.legacy.spi.SAMLSingleSignOnServiceConfigInfoSpi
    public String[] getIntersiteTransferURIs() {
        return this.itsURIs;
    }

    @Override // com.bea.common.security.legacy.spi.SAMLSingleSignOnServiceConfigInfoSpi
    public String[] getAssertionRetrievalURIs() {
        return this.arsURIs;
    }

    @Override // com.bea.common.security.legacy.spi.SAMLSingleSignOnServiceConfigInfoSpi
    public String[] getAssertionConsumerURIs() {
        return this.acsURIs;
    }

    @Override // com.bea.common.security.legacy.spi.SAMLSingleSignOnServiceConfigInfoSpi
    public String getAssertionStoreClassName() {
        return this.assertionStoreClassName;
    }

    @Override // com.bea.common.security.legacy.spi.SAMLSingleSignOnServiceConfigInfoSpi
    public Properties getAssertionStoreProperties() {
        return this.assertionStoreProperties;
    }

    @Override // com.bea.common.security.legacy.spi.SAMLSingleSignOnServiceConfigInfoSpi
    public String getUsedAssertionCacheClassName() {
        return this.usedAssertionCacheClassName;
    }

    @Override // com.bea.common.security.legacy.spi.SAMLSingleSignOnServiceConfigInfoSpi
    public Properties getUsedAssertionCacheProperties() {
        return this.usedAssertionCacheProperties;
    }

    @Override // com.bea.common.security.legacy.spi.SAMLSingleSignOnServiceConfigInfoSpi
    public boolean isSourceSiteEnabled() {
        if (this.sourceSiteDisabled) {
            return false;
        }
        return this.cmMBean != null ? (this.cmMBean.isPostEnabled() || this.cmMBean.isArtifactEnabled()) && this.itsURIs != null : this.fsMBean.isSourceSiteEnabled() && this.itsURIs != null;
    }

    @Override // com.bea.common.security.legacy.spi.SAMLSingleSignOnServiceConfigInfoSpi
    public boolean isDestinationSiteEnabled() {
        if (this.destinationSiteDisabled) {
            return false;
        }
        return this.iaMBean != null ? (this.iaMBean.isPostEnabled() || this.iaMBean.isArtifactEnabled()) && this.acsURIs != null : this.fsMBean.isDestinationSiteEnabled() && this.acsURIs != null;
    }

    @Override // com.bea.common.security.legacy.spi.SAMLSingleSignOnServiceConfigInfoSpi
    public boolean isITSArtifactEnabled() {
        if (!isSourceSiteEnabled() || this.cmMBean == null || !this.cmMBean.isArtifactEnabled() || this.arsURIs == null) {
            return isSourceSiteEnabled();
        }
        return true;
    }

    @Override // com.bea.common.security.legacy.spi.SAMLSingleSignOnServiceConfigInfoSpi
    public boolean isITSPostEnabled() {
        if (this.cmMBean == null || this.cmMBean.isPostEnabled()) {
            return isSourceSiteEnabled();
        }
        return false;
    }

    @Override // com.bea.common.security.legacy.spi.SAMLSingleSignOnServiceConfigInfoSpi
    public boolean isACSArtifactEnabled() {
        if (isDestinationSiteEnabled()) {
            return this.iaMBean != null ? this.iaMBean.isArtifactEnabled() : this.fsMBean.isDestinationSiteEnabled();
        }
        return false;
    }

    @Override // com.bea.common.security.legacy.spi.SAMLSingleSignOnServiceConfigInfoSpi
    public boolean isACSPostEnabled() {
        if (isDestinationSiteEnabled()) {
            return this.iaMBean != null ? this.iaMBean.isPostEnabled() : this.fsMBean.isDestinationSiteEnabled();
        }
        return false;
    }

    @Override // com.bea.common.security.legacy.spi.SAMLSingleSignOnServiceConfigInfoSpi
    public boolean isITSRequiresSSL() {
        if (this.cmMBean != null) {
            return false;
        }
        return this.fsMBean.isITSRequiresSSL();
    }

    @Override // com.bea.common.security.legacy.spi.SAMLSingleSignOnServiceConfigInfoSpi
    public boolean isACSRequiresSSL() {
        if (this.iaMBean != null) {
            return false;
        }
        return this.fsMBean.isACSRequiresSSL();
    }

    @Override // com.bea.common.security.legacy.spi.SAMLSingleSignOnServiceConfigInfoSpi
    public boolean isARSRequiresSSL() {
        if (this.cmMBean != null) {
            return false;
        }
        return this.fsMBean.isARSRequiresSSL();
    }

    @Override // com.bea.common.security.legacy.spi.SAMLSingleSignOnServiceConfigInfoSpi
    public boolean isARSRequiresTwoWaySSL() {
        if (this.cmMBean != null) {
            return false;
        }
        return this.fsMBean.isARSRequiresTwoWaySSL();
    }

    @Override // com.bea.common.security.legacy.spi.SAMLSingleSignOnServiceConfigInfoSpi
    public boolean isPOSTOneUseCheckEnabled() {
        return this.iaMBean != null ? this.iaMBean.isEnforceOneUsePolicy() : this.fsMBean.isPOSTOneUseCheckEnabled();
    }

    @Override // com.bea.common.security.legacy.spi.SAMLSingleSignOnServiceConfigInfoSpi
    public boolean isPOSTRecipientCheckEnabled() {
        return this.iaMBean != null ? this.iaMBean.isRecipientCheckEnabled() : this.fsMBean.isPOSTRecipientCheckEnabled();
    }

    @Override // com.bea.common.security.legacy.spi.SAMLSingleSignOnServiceConfigInfoSpi
    public String getSigningKeyAlias() {
        if (this.cmMBean != null) {
            return null;
        }
        return this.fsMBean.getSigningKeyAlias();
    }

    @Override // com.bea.common.security.legacy.spi.SAMLSingleSignOnServiceConfigInfoSpi
    public String getSigningKeyPassPhrase() {
        if (this.cmMBean != null) {
            return null;
        }
        return this.fsMBean.getSigningKeyPassPhrase();
    }

    @Override // com.bea.common.security.legacy.spi.SAMLSingleSignOnServiceConfigInfoSpi
    public String getSSLClientIdentityAlias() {
        if (this.cmMBean != null) {
            return null;
        }
        return this.fsMBean.getSSLClientIdentityAlias();
    }

    @Override // com.bea.common.security.legacy.spi.SAMLSingleSignOnServiceConfigInfoSpi
    public String getSSLClientIdentityPassPhrase() {
        if (this.cmMBean != null) {
            return null;
        }
        return this.fsMBean.getSSLClientIdentityPassPhrase();
    }
}
