package org.opensaml.saml2.binding.encoding;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.GeneralSecurityException;
import java.security.Signature;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.RSAPrivateKey;
import java.util.List;
import java.util.zip.Deflater;
import java.util.zip.DeflaterOutputStream;
import org.apache.log4j.Logger;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.SignableSAMLObject;
import org.opensaml.common.binding.BindingException;
import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
import org.opensaml.saml2.core.RequestAbstractType;
import org.opensaml.saml2.core.Response;
import org.opensaml.util.URLBuilder;
import org.opensaml.xml.util.Base64;
import org.opensaml.xml.util.Pair;

/* loaded from: input_file:org/opensaml/saml2/binding/encoding/HTTPRedirectDeflateEncoder.class */
public class HTTPRedirectDeflateEncoder extends AbstractSAML2HTTPMessageEncoder {
    public static final String BINDING_URI = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect";
    public static final String DSA_SHA1_SIGNATURE = "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
    public static final String RSA_SHA1_SIGNATURE = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
    private static Logger log = Logger.getLogger(HTTPRedirectDeflateEncoder.class);

    @Override // org.opensaml.common.binding.encoding.MessageEncoder
    public String getBindingURI() {
        return "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect";
    }

    @Override // org.opensaml.common.binding.encoding.MessageEncoder
    public void encode() throws BindingException {
        if (log.isDebugEnabled()) {
            log.debug("Beginning SAML 2 HTTP Redirect encoding");
        }
        removeSignature();
        String buildRedirectURL = buildRedirectURL(new String(defalteAndBase64Encode(getSamlMessage())));
        try {
            if (log.isDebugEnabled()) {
                log.debug("Redirect encoding complete, redirecting client to " + buildRedirectURL);
            }
            initializeResponse();
            getResponse().setCharacterEncoding("UTF-8");
            getResponse().sendRedirect(buildRedirectURL);
        } catch (IOException e) {
            log.error("Unable to redirect client to " + buildRedirectURL, e);
            throw new BindingException("Unable to redirect client", e);
        }
    }

    protected void removeSignature() {
        SignableSAMLObject signableSAMLObject = (SignableSAMLObject) getSamlMessage();
        if (signableSAMLObject.isSigned()) {
            if (log.isDebugEnabled()) {
                log.debug("Removing SAML protocol message signature");
            }
            signableSAMLObject.setSignature(null);
        }
    }

    protected byte[] defalteAndBase64Encode(SAMLObject sAMLObject) throws BindingException {
        if (log.isDebugEnabled()) {
            log.debug("Deflating and Base64 encoding SAML message");
        }
        try {
            String marshallMessage = marshallMessage(sAMLObject);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            DeflaterOutputStream deflaterOutputStream = new DeflaterOutputStream((OutputStream) new Base64.OutputStream(byteArrayOutputStream), new Deflater(8, true));
            deflaterOutputStream.write(marshallMessage.getBytes());
            deflaterOutputStream.close();
            return byteArrayOutputStream.toByteArray();
        } catch (IOException e) {
            throw new BindingException("Unable to DEFLATE and Base64 encode SAML message", e);
        }
    }

    protected String buildRedirectURL(String str) throws BindingException {
        if (log.isDebugEnabled()) {
            log.debug("Building URL to redirect client to");
        }
        URLBuilder uRLBuilder = new URLBuilder(getEndpointURL());
        List queryParams = uRLBuilder.getQueryParams();
        queryParams.clear();
        if (getSamlMessage() instanceof RequestAbstractType) {
            queryParams.add(new Pair(HTTPPostDecoder.REQUEST_PARAM, str));
        } else {
            if (!(getSamlMessage() instanceof Response)) {
                throw new BindingException("SAML message is neither a SAML RequestAbstractType or Response");
            }
            queryParams.add(new Pair("SAMLResponse", str));
        }
        if (checkRelayState()) {
            queryParams.add(new Pair(HTTPPostDecoder.RELAY_STATE_PARAM, getEncodeRelayState()));
        }
        if (getSigningCredential() != null) {
            Pair pair = new Pair("SigAlg", getSignatureAlgorithm());
            queryParams.add(pair);
            queryParams.add(new Pair("Signature", generateSignature((String) pair.getSecond(), uRLBuilder.buildQueryString())));
        }
        return uRLBuilder.buildURL();
    }

    protected String getSignatureAlgorithm() throws BindingException {
        if (getSigningCredential().getPrivateKey() instanceof RSAPrivateKey) {
            return "SHA1withRSA";
        }
        if (getSigningCredential().getPrivateKey() instanceof DSAPrivateKey) {
            return "SHA1withDSA";
        }
        throw new BindingException("Encoder only supports signing with RSA or DSA keys.");
    }

    protected String generateSignature(String str, String str2) throws BindingException {
        if (log.isDebugEnabled()) {
            log.debug("Generating digital signature of query string using algorithm " + getSignatureAlgorithm());
        }
        try {
            Signature signature = Signature.getInstance(str);
            signature.initSign(getSigningCredential().getPrivateKey());
            signature.update(str2.getBytes());
            return Base64.encodeBytes(signature.sign());
        } catch (GeneralSecurityException e) {
            log.error("Error during URL signing process", e);
            throw new BindingException("Unable to sign URL query string", e);
        }
    }
}
