package org.opensaml.saml2.binding.security;

import java.io.UnsupportedEncodingException;
import javax.servlet.http.HttpServletRequest;
import org.opensaml.common.binding.SAMLMessageContext;
import org.opensaml.common.binding.security.BaseSAMLSimpleSignatureSecurityPolicyRule;
import org.opensaml.ws.security.SecurityPolicyException;
import org.opensaml.ws.transport.http.HTTPTransportUtils;
import org.opensaml.xml.signature.SignatureTrustEngine;
import org.opensaml.xml.util.DatatypeHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/rampart-core-1.6.1-wso2v42.jar:opensaml-2.6.6.jar:org/opensaml/saml2/binding/security/SAML2HTTPRedirectDeflateSignatureRule.class
 */
/* loaded from: input_file:WEB-INF/lib/wss4j-1.5.11-wso2v19.jar:opensaml-2.6.1.jar:org/opensaml/saml2/binding/security/SAML2HTTPRedirectDeflateSignatureRule.class */
public class SAML2HTTPRedirectDeflateSignatureRule extends BaseSAMLSimpleSignatureSecurityPolicyRule {
    private final Logger log;

    public SAML2HTTPRedirectDeflateSignatureRule(SignatureTrustEngine signatureTrustEngine) {
        super(signatureTrustEngine);
        this.log = LoggerFactory.getLogger((Class<?>) SAML2HTTPRedirectDeflateSignatureRule.class);
    }

    @Override // org.opensaml.common.binding.security.BaseSAMLSimpleSignatureSecurityPolicyRule
    protected boolean ruleHandles(HttpServletRequest httpServletRequest, SAMLMessageContext sAMLMessageContext) throws SecurityPolicyException {
        return "GET".equals(httpServletRequest.getMethod());
    }

    @Override // org.opensaml.common.binding.security.BaseSAMLSimpleSignatureSecurityPolicyRule
    protected byte[] getSignedContent(HttpServletRequest httpServletRequest) throws SecurityPolicyException {
        String queryString = httpServletRequest.getQueryString();
        this.log.debug("Constructing signed content string from URL query string {}", queryString);
        String buildSignedContentString = buildSignedContentString(queryString);
        if (DatatypeHelper.isEmpty(buildSignedContentString)) {
            this.log.warn("Could not extract signed content string from query string");
            return null;
        }
        this.log.debug("Constructed signed content string for HTTP-Redirect DEFLATE {}", buildSignedContentString);
        try {
            return buildSignedContentString.getBytes("UTF-8");
        } catch (UnsupportedEncodingException e) {
            return null;
        }
    }

    private String buildSignedContentString(String str) throws SecurityPolicyException {
        StringBuilder sb = new StringBuilder();
        if (!appendParameter(sb, str, "SAMLRequest") && !appendParameter(sb, str, "SAMLResponse")) {
            this.log.warn("Could not extract either a SAMLRequest or a SAMLResponse from the query string");
            throw new SecurityPolicyException("Extract of SAMLRequest or SAMLResponse from query string failed");
        }
        appendParameter(sb, str, "RelayState");
        appendParameter(sb, str, "SigAlg");
        return sb.toString();
    }

    private boolean appendParameter(StringBuilder sb, String str, String str2) {
        String rawQueryStringParameter = HTTPTransportUtils.getRawQueryStringParameter(str, str2);
        if (rawQueryStringParameter == null) {
            return false;
        }
        if (sb.length() > 0) {
            sb.append('&');
        }
        sb.append(rawQueryStringParameter);
        return true;
    }
}
