package org.pac4j.saml.sso;

import org.opensaml.common.binding.SAMLMessageContext;
import org.opensaml.common.binding.security.SAMLProtocolMessageXMLSignatureSecurityPolicyRule;
import org.opensaml.saml2.binding.security.SAML2HTTPPostSimpleSignRule;
import org.opensaml.saml2.core.AuthnRequest;
import org.opensaml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.saml2.metadata.SingleSignOnService;
import org.opensaml.ws.message.decoder.MessageDecoder;
import org.opensaml.ws.message.decoder.MessageDecodingException;
import org.opensaml.ws.message.encoder.MessageEncoder;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.ws.security.provider.BasicSecurityPolicy;
import org.opensaml.ws.security.provider.StaticSecurityPolicyResolver;
import org.opensaml.xml.parse.StaticBasicParserPool;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.signature.SignatureTrustEngine;
import org.pac4j.saml.crypto.CredentialProvider;
import org.pac4j.saml.exceptions.SamlException;
import org.pac4j.saml.util.SamlUtils;

/* loaded from: input_file:org/pac4j/saml/sso/Saml2WebSSOProfileHandler.class */
public class Saml2WebSSOProfileHandler {
    private final CredentialProvider credentialProvider;
    private final MessageEncoder encoder;
    private final MessageDecoder decoder;
    private final StaticBasicParserPool parserPool;
    public static final String SAML2_WEBSSO_PROFILE_URI = "urn:oasis:names:tc:SAML:2.0:profiles:SSO:browser";

    public Saml2WebSSOProfileHandler(CredentialProvider credentialProvider, MessageEncoder messageEncoder, MessageDecoder messageDecoder, StaticBasicParserPool staticBasicParserPool) {
        this.credentialProvider = credentialProvider;
        this.encoder = messageEncoder;
        this.decoder = messageDecoder;
        this.parserPool = staticBasicParserPool;
    }

    public void sendMessage(SAMLMessageContext sAMLMessageContext, AuthnRequest authnRequest, String str) {
        SPSSODescriptor localEntityRoleMetadata = sAMLMessageContext.getLocalEntityRoleMetadata();
        IDPSSODescriptor peerEntityRoleMetadata = sAMLMessageContext.getPeerEntityRoleMetadata();
        SingleSignOnService singleSignOnService = SamlUtils.getSingleSignOnService(peerEntityRoleMetadata, "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
        sAMLMessageContext.setCommunicationProfileId(SAML2_WEBSSO_PROFILE_URI);
        sAMLMessageContext.setOutboundMessage(authnRequest);
        sAMLMessageContext.setOutboundSAMLMessage(authnRequest);
        sAMLMessageContext.setPeerEntityEndpoint(singleSignOnService);
        if (str != null) {
            sAMLMessageContext.setRelayState(str);
        }
        if (localEntityRoleMetadata.isAuthnRequestsSigned().booleanValue() || peerEntityRoleMetadata.getWantAuthnRequestsSigned().booleanValue()) {
            sAMLMessageContext.setOutboundSAMLMessageSigningCredential(this.credentialProvider.getCredential());
        }
        try {
            this.encoder.encode(sAMLMessageContext);
        } catch (MessageEncodingException e) {
            throw new SamlException("Error encoding saml message", e);
        }
    }

    public void receiveMessage(SAMLMessageContext sAMLMessageContext, SignatureTrustEngine signatureTrustEngine) {
        sAMLMessageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
        sAMLMessageContext.setInboundSAMLProtocol("urn:oasis:names:tc:SAML:2.0:protocol");
        BasicSecurityPolicy basicSecurityPolicy = new BasicSecurityPolicy();
        basicSecurityPolicy.getPolicyRules().add(new SAML2HTTPPostSimpleSignRule(signatureTrustEngine, this.parserPool, signatureTrustEngine.getKeyInfoResolver()));
        basicSecurityPolicy.getPolicyRules().add(new SAMLProtocolMessageXMLSignatureSecurityPolicyRule(signatureTrustEngine));
        sAMLMessageContext.setSecurityPolicyResolver(new StaticSecurityPolicyResolver(basicSecurityPolicy));
        try {
            this.decoder.decode(sAMLMessageContext);
            if (sAMLMessageContext.getPeerEntityMetadata() == null) {
                throw new SamlException("IDP Metadata cannot be null");
            }
            sAMLMessageContext.setPeerEntityId(sAMLMessageContext.getPeerEntityMetadata().getEntityID());
            sAMLMessageContext.setCommunicationProfileId(SAML2_WEBSSO_PROFILE_URI);
        } catch (SecurityException e) {
            throw new SamlException("Error decoding saml message", e);
        } catch (MessageDecodingException e2) {
            throw new SamlException("Error decoding saml message", e2);
        }
    }
}
