package org.opensaml.saml2.binding.encoding;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.util.List;
import java.util.zip.Deflater;
import java.util.zip.DeflaterOutputStream;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.SignableSAMLObject;
import org.opensaml.common.binding.SAMLMessageContext;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.core.RequestAbstractType;
import org.opensaml.saml2.core.StatusResponseType;
import org.opensaml.saml2.ecp.RelayState;
import org.opensaml.util.URLBuilder;
import org.opensaml.ws.message.MessageContext;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.ws.transport.http.HTTPOutTransport;
import org.opensaml.ws.transport.http.HTTPTransportUtils;
import org.opensaml.xml.Configuration;
import org.opensaml.xml.security.SecurityConfiguration;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.SecurityHelper;
import org.opensaml.xml.security.SigningUtil;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.util.Base64;
import org.opensaml.xml.util.Pair;
import org.opensaml.xml.util.XMLHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/opensaml-2.6.6.jar:org/opensaml/saml2/binding/encoding/HTTPRedirectDeflateEncoder.class
  input_file:WEB-INF/lib/opensaml-2.6.6.wso2v3.jar:org/opensaml/saml2/binding/encoding/HTTPRedirectDeflateEncoder.class
 */
/* loaded from: input_file:WEB-INF/lib/wss4j-1.5.11-wso2v19.jar:opensaml-2.6.1.jar:org/opensaml/saml2/binding/encoding/HTTPRedirectDeflateEncoder.class */
public class HTTPRedirectDeflateEncoder extends BaseSAML2MessageEncoder {
    private final Logger log = LoggerFactory.getLogger(HTTPRedirectDeflateEncoder.class);

    @Override // org.opensaml.common.binding.encoding.SAMLMessageEncoder
    public String getBindingURI() {
        return SAMLConstants.SAML2_REDIRECT_BINDING_URI;
    }

    @Override // org.opensaml.ws.message.encoder.MessageEncoder
    public boolean providesMessageConfidentiality(MessageContext messageContext) throws MessageEncodingException {
        return false;
    }

    @Override // org.opensaml.ws.message.encoder.MessageEncoder
    public boolean providesMessageIntegrity(MessageContext messageContext) throws MessageEncodingException {
        return false;
    }

    @Override // org.opensaml.ws.message.encoder.BaseMessageEncoder
    protected void doEncode(MessageContext messageContext) throws MessageEncodingException {
        if (!(messageContext instanceof SAMLMessageContext)) {
            this.log.error("Invalid message context type, this encoder only support SAMLMessageContext");
            throw new MessageEncodingException("Invalid message context type, this encoder only support SAMLMessageContext");
        }
        if (!(messageContext.getOutboundMessageTransport() instanceof HTTPOutTransport)) {
            this.log.error("Invalid outbound message transport type, this encoder only support HTTPOutTransport");
            throw new MessageEncodingException("Invalid outbound message transport type, this encoder only support HTTPOutTransport");
        }
        SAMLMessageContext sAMLMessageContext = (SAMLMessageContext) messageContext;
        String buildURL = getEndpointURL(sAMLMessageContext).buildURL();
        setResponseDestination(sAMLMessageContext.getOutboundSAMLMessage(), buildURL);
        removeSignature(sAMLMessageContext);
        String buildRedirectURL = buildRedirectURL(sAMLMessageContext, buildURL, deflateAndBase64Encode(sAMLMessageContext.getOutboundSAMLMessage()));
        HTTPOutTransport hTTPOutTransport = (HTTPOutTransport) messageContext.getOutboundMessageTransport();
        HTTPTransportUtils.addNoCacheHeaders(hTTPOutTransport);
        HTTPTransportUtils.setUTF8Encoding(hTTPOutTransport);
        hTTPOutTransport.sendRedirect(buildRedirectURL);
    }

    protected void removeSignature(SAMLMessageContext sAMLMessageContext) {
        SignableSAMLObject signableSAMLObject = (SignableSAMLObject) sAMLMessageContext.getOutboundSAMLMessage();
        if (signableSAMLObject.isSigned()) {
            this.log.debug("Removing SAML protocol message signature");
            signableSAMLObject.setSignature(null);
        }
    }

    protected String deflateAndBase64Encode(SAMLObject sAMLObject) throws MessageEncodingException {
        this.log.debug("Deflating and Base64 encoding SAML message");
        try {
            String nodeToString = XMLHelper.nodeToString(marshallMessage(sAMLObject));
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            DeflaterOutputStream deflaterOutputStream = new DeflaterOutputStream(byteArrayOutputStream, new Deflater(8, true));
            deflaterOutputStream.write(nodeToString.getBytes("UTF-8"));
            deflaterOutputStream.finish();
            return Base64.encodeBytes(byteArrayOutputStream.toByteArray(), 8);
        } catch (IOException e) {
            throw new MessageEncodingException("Unable to DEFLATE and Base64 encode SAML message", e);
        }
    }

    protected String buildRedirectURL(SAMLMessageContext sAMLMessageContext, String str, String str2) throws MessageEncodingException {
        this.log.debug("Building URL to redirect client to");
        URLBuilder uRLBuilder = new URLBuilder(str);
        List<Pair<String, String>> queryParams = uRLBuilder.getQueryParams();
        queryParams.clear();
        if (sAMLMessageContext.getOutboundSAMLMessage() instanceof RequestAbstractType) {
            queryParams.add(new Pair<>("SAMLRequest", str2));
        } else {
            if (!(sAMLMessageContext.getOutboundSAMLMessage() instanceof StatusResponseType)) {
                throw new MessageEncodingException("SAML message is neither a SAML RequestAbstractType or StatusResponseType");
            }
            queryParams.add(new Pair<>("SAMLResponse", str2));
        }
        String relayState = sAMLMessageContext.getRelayState();
        if (checkRelayState(relayState)) {
            queryParams.add(new Pair<>(RelayState.DEFAULT_ELEMENT_LOCAL_NAME, relayState));
        }
        Credential ouboundSAMLMessageSigningCredential = sAMLMessageContext.getOuboundSAMLMessageSigningCredential();
        if (ouboundSAMLMessageSigningCredential != null) {
            String signatureAlgorithmURI = getSignatureAlgorithmURI(ouboundSAMLMessageSigningCredential, null);
            queryParams.add(new Pair<>("SigAlg", signatureAlgorithmURI));
            queryParams.add(new Pair<>("Signature", generateSignature(ouboundSAMLMessageSigningCredential, signatureAlgorithmURI, uRLBuilder.buildQueryString())));
        }
        return uRLBuilder.buildURL();
    }

    protected String getSignatureAlgorithmURI(Credential credential, SecurityConfiguration securityConfiguration) throws MessageEncodingException {
        String signatureAlgorithmURI = (securityConfiguration != null ? securityConfiguration : Configuration.getGlobalSecurityConfiguration()).getSignatureAlgorithmURI(credential);
        if (signatureAlgorithmURI == null) {
            throw new MessageEncodingException("The signing credential's algorithm URI could not be derived");
        }
        return signatureAlgorithmURI;
    }

    protected String generateSignature(Credential credential, String str, String str2) throws MessageEncodingException {
        this.log.debug(String.format("Generating signature with key type '%s', algorithm URI '%s' over query string '%s'", SecurityHelper.extractSigningKey(credential).getAlgorithm(), str, str2));
        String str3 = null;
        try {
            str3 = Base64.encodeBytes(SigningUtil.signWithURI(credential, str, str2.getBytes("UTF-8")), 8);
            this.log.debug("Generated digital signature value (base64-encoded) {}", str3);
        } catch (UnsupportedEncodingException e) {
        } catch (SecurityException e2) {
            this.log.error("Error during URL signing process", (Throwable) e2);
            throw new MessageEncodingException("Unable to sign URL query string", e2);
        }
        return str3;
    }
}
