package org.opensaml.saml.saml2.binding.encoding.impl;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.util.List;
import java.util.zip.Deflater;
import java.util.zip.DeflaterOutputStream;
import javax.servlet.http.HttpServletResponse;
import net.shibboleth.utilities.java.support.codec.Base64Support;
import net.shibboleth.utilities.java.support.collection.Pair;
import net.shibboleth.utilities.java.support.net.HttpServletSupport;
import net.shibboleth.utilities.java.support.net.URLBuilder;
import net.shibboleth.utilities.java.support.xml.SerializeSupport;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.messaging.encoder.MessageEncodingException;
import org.opensaml.saml.common.SAMLObject;
import org.opensaml.saml.common.SignableSAMLObject;
import org.opensaml.saml.common.binding.SAMLBindingSupport;
import org.opensaml.saml.common.messaging.SAMLMessageSecuritySupport;
import org.opensaml.saml.common.xml.SAMLConstants;
import org.opensaml.saml.saml2.core.RequestAbstractType;
import org.opensaml.saml.saml2.core.StatusResponseType;
import org.opensaml.saml.saml2.ecp.RelayState;
import org.opensaml.security.SecurityException;
import org.opensaml.security.credential.Credential;
import org.opensaml.security.credential.CredentialSupport;
import org.opensaml.xmlsec.SignatureSigningParameters;
import org.opensaml.xmlsec.crypto.XMLSigningUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:opensaml-saml-impl-3.2.0.jar:org/opensaml/saml/saml2/binding/encoding/impl/HTTPRedirectDeflateEncoder.class */
public class HTTPRedirectDeflateEncoder extends BaseSAML2MessageEncoder {
    private final Logger log = LoggerFactory.getLogger(HTTPRedirectDeflateEncoder.class);

    @Override // org.opensaml.saml.common.binding.encoding.SAMLMessageEncoder
    public String getBindingURI() {
        return SAMLConstants.SAML2_REDIRECT_BINDING_URI;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.opensaml.messaging.encoder.AbstractMessageEncoder
    protected void doEncode() throws MessageEncodingException {
        MessageContext messageContext = getMessageContext();
        SAMLObject sAMLObject = (SAMLObject) messageContext.getMessage();
        String uri = getEndpointURL(messageContext).toString();
        removeSignature(sAMLObject);
        String buildRedirectURL = buildRedirectURL(messageContext, uri, deflateAndBase64Encode(sAMLObject));
        HttpServletResponse httpServletResponse = getHttpServletResponse();
        HttpServletSupport.addNoCacheHeaders(httpServletResponse);
        HttpServletSupport.setUTF8Encoding(httpServletResponse);
        try {
            httpServletResponse.sendRedirect(buildRedirectURL);
        } catch (IOException e) {
            throw new MessageEncodingException("Problem sending HTTP redirect", e);
        }
    }

    protected void removeSignature(SAMLObject sAMLObject) {
        if (sAMLObject instanceof SignableSAMLObject) {
            SignableSAMLObject signableSAMLObject = (SignableSAMLObject) sAMLObject;
            if (signableSAMLObject.isSigned()) {
                this.log.debug("Removing SAML protocol message signature");
                signableSAMLObject.setSignature(null);
            }
        }
    }

    protected String deflateAndBase64Encode(SAMLObject sAMLObject) throws MessageEncodingException {
        this.log.debug("Deflating and Base64 encoding SAML message");
        try {
            String nodeToString = SerializeSupport.nodeToString(marshallMessage(sAMLObject));
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            DeflaterOutputStream deflaterOutputStream = new DeflaterOutputStream(byteArrayOutputStream, new Deflater(8, true));
            deflaterOutputStream.write(nodeToString.getBytes("UTF-8"));
            deflaterOutputStream.finish();
            return Base64Support.encode(byteArrayOutputStream.toByteArray(), false);
        } catch (IOException e) {
            throw new MessageEncodingException("Unable to DEFLATE and Base64 encode SAML message", e);
        }
    }

    protected String buildRedirectURL(MessageContext<SAMLObject> messageContext, String str, String str2) throws MessageEncodingException {
        this.log.debug("Building URL to redirect client to");
        try {
            URLBuilder uRLBuilder = new URLBuilder(str);
            List<Pair<String, String>> queryParams = uRLBuilder.getQueryParams();
            queryParams.clear();
            SAMLObject message = messageContext.getMessage();
            if (message instanceof RequestAbstractType) {
                queryParams.add(new Pair<>("SAMLRequest", str2));
            } else {
                if (!(message instanceof StatusResponseType)) {
                    throw new MessageEncodingException("SAML message is neither a SAML RequestAbstractType or StatusResponseType");
                }
                queryParams.add(new Pair<>("SAMLResponse", str2));
            }
            String relayState = SAMLBindingSupport.getRelayState(messageContext);
            if (SAMLBindingSupport.checkRelayState(relayState)) {
                queryParams.add(new Pair<>(RelayState.DEFAULT_ELEMENT_LOCAL_NAME, relayState));
            }
            SignatureSigningParameters contextSigningParameters = SAMLMessageSecuritySupport.getContextSigningParameters(messageContext);
            if (contextSigningParameters == null || contextSigningParameters.getSigningCredential() == null) {
                this.log.debug("No signing credential was supplied, skipping HTTP-Redirect DEFLATE signing");
            } else {
                String signatureAlgorithmURI = getSignatureAlgorithmURI(contextSigningParameters);
                queryParams.add(new Pair<>("SigAlg", signatureAlgorithmURI));
                queryParams.add(new Pair<>("Signature", generateSignature(contextSigningParameters.getSigningCredential(), signatureAlgorithmURI, uRLBuilder.buildQueryString())));
            }
            return uRLBuilder.buildURL();
        } catch (MalformedURLException e) {
            throw new MessageEncodingException("Endpoint URL " + str + " is not a valid URL", e);
        }
    }

    protected String getSignatureAlgorithmURI(SignatureSigningParameters signatureSigningParameters) throws MessageEncodingException {
        if (signatureSigningParameters.getSignatureAlgorithm() != null) {
            return signatureSigningParameters.getSignatureAlgorithm();
        }
        throw new MessageEncodingException("The signing algorithm URI could not be determined");
    }

    protected String generateSignature(Credential credential, String str, String str2) throws MessageEncodingException {
        this.log.debug(String.format("Generating signature with key type '%s', algorithm URI '%s' over query string '%s'", CredentialSupport.extractSigningKey(credential).getAlgorithm(), str, str2));
        String str3 = null;
        try {
            str3 = Base64Support.encode(XMLSigningUtil.signWithURI(credential, str, str2.getBytes("UTF-8")), false);
            this.log.debug("Generated digital signature value (base64-encoded) {}", str3);
        } catch (UnsupportedEncodingException e) {
        } catch (SecurityException e2) {
            this.log.error("Error during URL signing process", (Throwable) e2);
            throw new MessageEncodingException("Unable to sign URL query string", e2);
        }
        return str3;
    }
}
