package org.opensaml.saml.common.binding;

import com.google.common.base.Strings;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.ByteBuffer;
import java.nio.ByteOrder;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.servlet.http.HttpServletRequest;
import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.primitive.StringSupport;
import org.opensaml.messaging.MessageException;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.saml.common.SAMLObject;
import org.opensaml.saml.common.SignableSAMLObject;
import org.opensaml.saml.common.messaging.context.SAMLBindingContext;
import org.opensaml.saml.common.messaging.context.SAMLEndpointContext;
import org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext;
import org.opensaml.saml.saml1.core.Response;
import org.opensaml.saml.saml1.core.ResponseAbstractType;
import org.opensaml.saml.saml2.core.RequestAbstractType;
import org.opensaml.saml.saml2.core.StatusResponseType;
import org.opensaml.saml.saml2.metadata.Endpoint;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/opensaml-3.3.1.wso2v1.jar:org/opensaml/saml/common/binding/SAMLBindingSupport.class */
public final class SAMLBindingSupport {

    @Nonnull
    private static final Logger LOG = LoggerFactory.getLogger(SAMLBindingSupport.class);

    private SAMLBindingSupport() {
    }

    @NotEmpty
    @Nullable
    public static String getRelayState(@Nonnull MessageContext<SAMLObject> messageContext) {
        SAMLBindingContext sAMLBindingContext = (SAMLBindingContext) messageContext.getSubcontext(SAMLBindingContext.class);
        if (sAMLBindingContext == null) {
            return null;
        }
        return sAMLBindingContext.getRelayState();
    }

    public static void setRelayState(@Nonnull MessageContext<SAMLObject> messageContext, @Nullable String str) {
        ((SAMLBindingContext) messageContext.getSubcontext(SAMLBindingContext.class, true)).setRelayState(str);
    }

    public static boolean checkRelayState(@Nullable String str) {
        if (Strings.isNullOrEmpty(str)) {
            return false;
        }
        if (str.getBytes().length <= 80) {
            return true;
        }
        LOG.warn("Relay state exceeds 80 bytes: {}", str);
        return true;
    }

    @Nonnull
    public static URI getEndpointURL(@Nonnull MessageContext<SAMLObject> messageContext) throws BindingException {
        SAMLPeerEntityContext sAMLPeerEntityContext = (SAMLPeerEntityContext) messageContext.getSubcontext(SAMLPeerEntityContext.class, false);
        if (sAMLPeerEntityContext == null) {
            throw new BindingException("Message context contained no PeerEntityContext");
        }
        SAMLEndpointContext sAMLEndpointContext = (SAMLEndpointContext) sAMLPeerEntityContext.getSubcontext(SAMLEndpointContext.class, false);
        if (sAMLEndpointContext == null) {
            throw new BindingException("PeerEntityContext contained no SAMLEndpointContext");
        }
        Endpoint endpoint = sAMLEndpointContext.getEndpoint();
        if (endpoint == null) {
            throw new BindingException("Endpoint for relying party was null.");
        }
        SAMLObject message = messageContext.getMessage();
        if (((message instanceof StatusResponseType) || (message instanceof Response)) && !Strings.isNullOrEmpty(endpoint.getResponseLocation())) {
            try {
                return new URI(endpoint.getResponseLocation());
            } catch (URISyntaxException e) {
                throw new BindingException("The endpoint response location " + endpoint.getResponseLocation() + " is not a valid URL", e);
            }
        }
        if (Strings.isNullOrEmpty(endpoint.getLocation())) {
            throw new BindingException("Relying party endpoint location was null or empty.");
        }
        try {
            return new URI(endpoint.getLocation());
        } catch (URISyntaxException e2) {
            throw new BindingException("The endpoint location " + endpoint.getLocation() + " is not a valid URL", e2);
        }
    }

    public static void setSAML1ResponseRecipient(@Nonnull SAMLObject sAMLObject, @NotEmpty @Nonnull String str) {
        if (sAMLObject instanceof ResponseAbstractType) {
            ((ResponseAbstractType) sAMLObject).setRecipient(str);
        }
    }

    public static void setSAML2Destination(@Nonnull SAMLObject sAMLObject, @NotEmpty @Nonnull String str) {
        if (sAMLObject instanceof RequestAbstractType) {
            ((RequestAbstractType) sAMLObject).setDestination(str);
        } else if (sAMLObject instanceof StatusResponseType) {
            ((StatusResponseType) sAMLObject).setDestination(str);
        }
    }

    public static boolean isMessageSigned(@Nonnull MessageContext<SAMLObject> messageContext) {
        SAMLObject sAMLObject = (SAMLObject) Constraint.isNotNull(messageContext.getMessage(), "SAML message was not present in message context");
        if ((sAMLObject instanceof SignableSAMLObject) && ((SignableSAMLObject) sAMLObject).isSigned()) {
            return true;
        }
        SAMLBindingContext sAMLBindingContext = (SAMLBindingContext) messageContext.getSubcontext(SAMLBindingContext.class, false);
        if (sAMLBindingContext != null) {
            return sAMLBindingContext.hasBindingSignature();
        }
        return false;
    }

    public static boolean isSigningCapableBinding(@Nonnull MessageContext<SAMLObject> messageContext) {
        SAMLBindingContext sAMLBindingContext = (SAMLBindingContext) messageContext.getSubcontext(SAMLBindingContext.class);
        if (sAMLBindingContext == null || sAMLBindingContext.getBindingDescriptor() == null) {
            return false;
        }
        return sAMLBindingContext.getBindingDescriptor().isSignatureCapable();
    }

    public static boolean isIntendedDestinationEndpointURIRequired(@Nonnull MessageContext<SAMLObject> messageContext) {
        SAMLBindingContext sAMLBindingContext = (SAMLBindingContext) messageContext.getSubcontext(SAMLBindingContext.class, false);
        if (sAMLBindingContext == null) {
            return false;
        }
        return sAMLBindingContext.isIntendedDestinationEndpointURIRequired();
    }

    @Nullable
    public static String getIntendedDestinationEndpointURI(@Nonnull MessageContext<SAMLObject> messageContext) throws MessageException {
        String trimOrNull;
        SAMLObject sAMLObject = (SAMLObject) Constraint.isNotNull(messageContext.getMessage(), "SAML message was not present in message context");
        if (sAMLObject instanceof RequestAbstractType) {
            trimOrNull = StringSupport.trimOrNull(((RequestAbstractType) sAMLObject).getDestination());
        } else if (sAMLObject instanceof StatusResponseType) {
            trimOrNull = StringSupport.trimOrNull(((StatusResponseType) sAMLObject).getDestination());
        } else {
            if (!(sAMLObject instanceof ResponseAbstractType)) {
                if (sAMLObject instanceof org.opensaml.saml.saml1.core.RequestAbstractType) {
                    return null;
                }
                LOG.error("Unknown SAML message type encountered: {}", sAMLObject.getElementQName().toString());
                throw new MessageException("Invalid SAML message type encountered");
            }
            trimOrNull = StringSupport.trimOrNull(((ResponseAbstractType) sAMLObject).getRecipient());
        }
        return trimOrNull;
    }

    @Nonnull
    public static String getActualReceiverEndpointURI(@Nonnull MessageContext<SAMLObject> messageContext, @Nonnull HttpServletRequest httpServletRequest) throws MessageException {
        Constraint.isNotNull(httpServletRequest, "HttpServletRequest cannot be null");
        return httpServletRequest.getRequestURL().toString();
    }

    @Nonnull
    public static int convertSAML2ArtifactEndpointIndex(@Nonnull byte[] bArr) {
        Constraint.isNotNull(bArr, "Artifact endpoint index cannot be null");
        Constraint.isTrue(bArr.length == 2, "Artifact endpoint index length was not 2, was: " + bArr.length);
        return (int) Constraint.isGreaterThanOrEqual(0L, ByteBuffer.wrap(bArr).order(ByteOrder.BIG_ENDIAN).getShort(), "Input value was too large, resulting in a negative 16-bit short");
    }
}
