package org.pac4j.saml.sso.impl;

import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import org.apache.velocity.app.VelocityEngine;
import org.opensaml.messaging.encoder.MessageEncoder;
import org.opensaml.messaging.encoder.MessageEncodingException;
import org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler;
import org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler;
import org.opensaml.saml.common.binding.security.impl.SAMLOutboundProtocolMessageSigningHandler;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml.saml2.metadata.SPSSODescriptor;
import org.opensaml.saml.saml2.metadata.SSODescriptor;
import org.opensaml.saml.saml2.metadata.SingleSignOnService;
import org.pac4j.saml.context.SAML2MessageContext;
import org.pac4j.saml.crypto.SignatureSigningParametersProvider;
import org.pac4j.saml.exceptions.SAMLException;
import org.pac4j.saml.sso.SAML2MessageSender;
import org.pac4j.saml.storage.SAMLMessageStorage;
import org.pac4j.saml.transport.Pac4jHTTPPostEncoder;
import org.pac4j.saml.transport.Pac4jHTTPRedirectDeflateEncoder;
import org.pac4j.saml.transport.Pac4jSAMLResponse;
import org.pac4j.saml.util.VelocityEngineFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/pac4j-saml-2.0.0-RC2.jar:org/pac4j/saml/sso/impl/SAML2WebSSOMessageSender.class */
public class SAML2WebSSOMessageSender implements SAML2MessageSender<AuthnRequest> {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) SAML2WebSSOProfileHandler.class);
    private final SignatureSigningParametersProvider signatureSigningParametersProvider;
    private final String destinationBindingType;
    private final boolean forceSignRedirectBindingAuthnRequest;

    public SAML2WebSSOMessageSender(SignatureSigningParametersProvider signatureSigningParametersProvider, String str, boolean z) {
        this.signatureSigningParametersProvider = signatureSigningParametersProvider;
        this.destinationBindingType = str;
        this.forceSignRedirectBindingAuthnRequest = z;
    }

    @Override // org.pac4j.saml.sso.SAML2MessageSender
    public void sendMessage(SAML2MessageContext sAML2MessageContext, AuthnRequest authnRequest, Object obj) {
        SSODescriptor sPSSODescriptor = sAML2MessageContext.getSPSSODescriptor();
        IDPSSODescriptor iDPSSODescriptor = sAML2MessageContext.getIDPSSODescriptor();
        SingleSignOnService iDPSingleSignOnService = sAML2MessageContext.getIDPSingleSignOnService(this.destinationBindingType);
        AssertionConsumerService sPAssertionConsumerService = sAML2MessageContext.getSPAssertionConsumerService();
        MessageEncoder messageEncoder = getMessageEncoder(sAML2MessageContext);
        SAML2MessageContext sAML2MessageContext2 = new SAML2MessageContext(sAML2MessageContext);
        sAML2MessageContext2.getProfileRequestContext().setProfileId(sAML2MessageContext.getProfileRequestContext().getProfileId());
        sAML2MessageContext2.getProfileRequestContext().setInboundMessageContext(sAML2MessageContext.getProfileRequestContext().getInboundMessageContext());
        sAML2MessageContext2.getProfileRequestContext().setOutboundMessageContext(sAML2MessageContext.getProfileRequestContext().getOutboundMessageContext());
        sAML2MessageContext2.setMessage(authnRequest);
        sAML2MessageContext2.getSAMLEndpointContext().setEndpoint(sPAssertionConsumerService);
        sAML2MessageContext2.getSAMLPeerEndpointContext().setEndpoint(iDPSingleSignOnService);
        sAML2MessageContext2.getSAMLPeerEntityContext().setRole(sAML2MessageContext.getSAMLPeerEntityContext().getRole());
        sAML2MessageContext2.getSAMLPeerEntityContext().setEntityId(sAML2MessageContext.getSAMLPeerEntityContext().getEntityId());
        sAML2MessageContext2.getSAMLProtocolContext().setProtocol(sAML2MessageContext.getSAMLProtocolContext().getProtocol());
        sAML2MessageContext2.getSecurityParametersContext().setSignatureSigningParameters(this.signatureSigningParametersProvider.build(sPSSODescriptor));
        if (obj != null) {
            sAML2MessageContext2.getSAMLBindingContext().setRelayState(obj.toString());
        }
        try {
            invokeOutboundMessageHandlers(sPSSODescriptor, iDPSSODescriptor, sAML2MessageContext2);
            messageEncoder.setMessageContext(sAML2MessageContext2);
            messageEncoder.initialize();
            messageEncoder.prepareContext();
            messageEncoder.encode();
            SAMLMessageStorage sAMLMessageStorage = sAML2MessageContext.getSAMLMessageStorage();
            if (sAMLMessageStorage != null) {
                sAMLMessageStorage.storeMessage(authnRequest.getID(), authnRequest);
            }
        } catch (ComponentInitializationException e) {
            throw new SAMLException("Error initializing saml encoder", e);
        } catch (MessageEncodingException e2) {
            throw new SAMLException("Error encoding saml message", e2);
        }
    }

    protected final void invokeOutboundMessageHandlers(SPSSODescriptor sPSSODescriptor, IDPSSODescriptor iDPSSODescriptor, SAML2MessageContext sAML2MessageContext) {
        try {
            EndpointURLSchemeSecurityHandler endpointURLSchemeSecurityHandler = new EndpointURLSchemeSecurityHandler();
            endpointURLSchemeSecurityHandler.initialize();
            endpointURLSchemeSecurityHandler.invoke(sAML2MessageContext);
            SAMLOutboundDestinationHandler sAMLOutboundDestinationHandler = new SAMLOutboundDestinationHandler();
            sAMLOutboundDestinationHandler.initialize();
            sAMLOutboundDestinationHandler.invoke(sAML2MessageContext);
            if (sPSSODescriptor.isAuthnRequestsSigned().booleanValue()) {
                new SAMLOutboundProtocolMessageSigningHandler().invoke(sAML2MessageContext);
            } else if (iDPSSODescriptor.getWantAuthnRequestsSigned().booleanValue()) {
                logger.warn("IdP wants authn requests signed, it will perhaps reject your authn requests unless you provide a keystore");
            }
        } catch (Exception e) {
            throw new SAMLException(e);
        }
    }

    private MessageEncoder getMessageEncoder(SAML2MessageContext sAML2MessageContext) {
        Pac4jSAMLResponse profileRequestContextOutboundMessageTransportResponse = sAML2MessageContext.getProfileRequestContextOutboundMessageTransportResponse();
        if (!"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST".equals(this.destinationBindingType)) {
            if ("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect".equals(this.destinationBindingType)) {
                return new Pac4jHTTPRedirectDeflateEncoder(profileRequestContextOutboundMessageTransportResponse, this.forceSignRedirectBindingAuthnRequest);
            }
            throw new UnsupportedOperationException("Binding type - " + this.destinationBindingType + " is not supported");
        }
        VelocityEngine engine = VelocityEngineFactory.getEngine();
        Pac4jHTTPPostEncoder pac4jHTTPPostEncoder = new Pac4jHTTPPostEncoder(profileRequestContextOutboundMessageTransportResponse);
        pac4jHTTPPostEncoder.setVelocityEngine(engine);
        return pac4jHTTPPostEncoder;
    }
}
