package org.pac4j.saml.profile.impl;

import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import org.apache.velocity.app.VelocityEngine;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.messaging.encoder.MessageEncoder;
import org.opensaml.messaging.encoder.MessageEncodingException;
import org.opensaml.saml.common.SAMLObject;
import org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler;
import org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler;
import org.opensaml.saml.common.binding.security.impl.SAMLOutboundProtocolMessageSigningHandler;
import org.opensaml.saml.common.xml.SAMLConstants;
import org.opensaml.saml.saml2.core.RequestAbstractType;
import org.opensaml.saml.saml2.core.StatusResponseType;
import org.opensaml.saml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml.saml2.metadata.Endpoint;
import org.opensaml.saml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml.saml2.metadata.SPSSODescriptor;
import org.pac4j.saml.context.SAML2MessageContext;
import org.pac4j.saml.crypto.SignatureSigningParametersProvider;
import org.pac4j.saml.exceptions.SAMLException;
import org.pac4j.saml.profile.api.SAML2MessageSender;
import org.pac4j.saml.store.SAMLMessageStore;
import org.pac4j.saml.transport.Pac4jHTTPPostEncoder;
import org.pac4j.saml.transport.Pac4jHTTPPostSimpleSignEncoder;
import org.pac4j.saml.transport.Pac4jHTTPRedirectDeflateEncoder;
import org.pac4j.saml.transport.Pac4jSAMLResponse;
import org.pac4j.saml.util.SAML2Utils;
import org.pac4j.saml.util.VelocityEngineFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/pac4j-saml-5.7.1.jar:org/pac4j/saml/profile/impl/AbstractSAML2MessageSender.class */
public abstract class AbstractSAML2MessageSender<T extends SAMLObject> implements SAML2MessageSender<T> {
    protected final Logger logger = LoggerFactory.getLogger(getClass());
    protected final SignatureSigningParametersProvider signatureSigningParametersProvider;
    protected final String destinationBindingType;
    protected final boolean signErrorResponses;
    protected final boolean isRequestSigned;

    public AbstractSAML2MessageSender(SignatureSigningParametersProvider signatureSigningParametersProvider, String str, boolean z, boolean z2) {
        this.signatureSigningParametersProvider = signatureSigningParametersProvider;
        this.destinationBindingType = str;
        this.signErrorResponses = z;
        this.isRequestSigned = z2;
    }

    @Override // org.pac4j.saml.profile.api.SAML2MessageSender
    public void sendMessage(SAML2MessageContext sAML2MessageContext, T t, Object obj) {
        SPSSODescriptor sPSSODescriptor = sAML2MessageContext.getSPSSODescriptor();
        IDPSSODescriptor iDPSSODescriptor = sAML2MessageContext.getIDPSSODescriptor();
        AssertionConsumerService sPAssertionConsumerService = sAML2MessageContext.getSPAssertionConsumerService();
        MessageEncoder messageEncoder = getMessageEncoder(sPSSODescriptor, iDPSSODescriptor, sAML2MessageContext);
        SAML2MessageContext sAML2MessageContext2 = new SAML2MessageContext();
        sAML2MessageContext2.setMessageContext(sAML2MessageContext.getMessageContext());
        sAML2MessageContext2.getProfileRequestContext().setProfileId(sAML2MessageContext2.getProfileRequestContext().getProfileId());
        sAML2MessageContext2.getProfileRequestContext().setInboundMessageContext(sAML2MessageContext.getProfileRequestContext().getInboundMessageContext());
        sAML2MessageContext2.getProfileRequestContext().setOutboundMessageContext(sAML2MessageContext.getProfileRequestContext().getOutboundMessageContext());
        sAML2MessageContext2.getMessageContext().setMessage(t);
        sAML2MessageContext2.getSAMLEndpointContext().setEndpoint(sPAssertionConsumerService);
        sAML2MessageContext2.getSAMLPeerEndpointContext().setEndpoint(getEndpoint(sAML2MessageContext2));
        sAML2MessageContext2.getSAMLPeerEntityContext().setRole(sAML2MessageContext2.getSAMLPeerEntityContext().getRole());
        sAML2MessageContext2.getSAMLPeerEntityContext().setEntityId(sAML2MessageContext2.getSAMLPeerEntityContext().getEntityId());
        sAML2MessageContext2.getSAMLProtocolContext().setProtocol(sAML2MessageContext2.getSAMLProtocolContext().getProtocol());
        sAML2MessageContext2.getSecurityParametersContext().setSignatureSigningParameters(this.signatureSigningParametersProvider.build(sPSSODescriptor));
        if (obj != null) {
            sAML2MessageContext2.getSAMLBindingContext().setRelayState(obj.toString());
        }
        try {
            MessageContext messageContext = sAML2MessageContext2.getMessageContext();
            invokeOutboundMessageHandlers(sPSSODescriptor, iDPSSODescriptor, messageContext);
            messageEncoder.setMessageContext(messageContext);
            messageEncoder.initialize();
            messageEncoder.prepareContext();
            messageEncoder.encode();
            storeMessage(sAML2MessageContext, t);
            SAML2Utils.logProtocolMessage(t);
        } catch (ComponentInitializationException e) {
            throw new SAMLException("Error initializing saml encoder", e);
        } catch (MessageEncodingException e2) {
            throw new SAMLException("Error encoding saml message", e2);
        }
    }

    protected void storeMessage(SAML2MessageContext sAML2MessageContext, T t) {
        SAMLMessageStore sAMLMessageStore = sAML2MessageContext.getSAMLMessageStore();
        if (sAMLMessageStore != null) {
            if (t instanceof RequestAbstractType) {
                sAMLMessageStore.set(((RequestAbstractType) t).getID(), t);
            } else if (t instanceof StatusResponseType) {
                sAMLMessageStore.set(((StatusResponseType) t).getID(), t);
            }
        }
    }

    protected abstract Endpoint getEndpoint(SAML2MessageContext sAML2MessageContext);

    protected void invokeOutboundMessageHandlers(SPSSODescriptor sPSSODescriptor, IDPSSODescriptor iDPSSODescriptor, MessageContext messageContext) {
        try {
            EndpointURLSchemeSecurityHandler endpointURLSchemeSecurityHandler = new EndpointURLSchemeSecurityHandler();
            endpointURLSchemeSecurityHandler.initialize();
            endpointURLSchemeSecurityHandler.invoke(messageContext);
            SAMLOutboundDestinationHandler sAMLOutboundDestinationHandler = new SAMLOutboundDestinationHandler();
            sAMLOutboundDestinationHandler.initialize();
            sAMLOutboundDestinationHandler.invoke(messageContext);
            if (!this.destinationBindingType.equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI) && mustSignRequest(sPSSODescriptor, iDPSSODescriptor)) {
                this.logger.debug("Signing SAML2 outbound context...");
                SAMLOutboundProtocolMessageSigningHandler sAMLOutboundProtocolMessageSigningHandler = new SAMLOutboundProtocolMessageSigningHandler();
                sAMLOutboundProtocolMessageSigningHandler.setSignErrorResponses(this.signErrorResponses);
                sAMLOutboundProtocolMessageSigningHandler.invoke(messageContext);
            }
        } catch (Exception e) {
            throw new SAMLException(e);
        }
    }

    protected boolean mustSignRequest(SPSSODescriptor sPSSODescriptor, IDPSSODescriptor iDPSSODescriptor) {
        return this.isRequestSigned;
    }

    private MessageEncoder getMessageEncoder(SPSSODescriptor sPSSODescriptor, IDPSSODescriptor iDPSSODescriptor, SAML2MessageContext sAML2MessageContext) {
        Pac4jSAMLResponse profileRequestContextOutboundMessageTransportResponse = sAML2MessageContext.getProfileRequestContextOutboundMessageTransportResponse();
        if (SAMLConstants.SAML2_POST_BINDING_URI.equals(this.destinationBindingType)) {
            VelocityEngine engine = VelocityEngineFactory.getEngine();
            Pac4jHTTPPostEncoder pac4jHTTPPostEncoder = new Pac4jHTTPPostEncoder(profileRequestContextOutboundMessageTransportResponse);
            pac4jHTTPPostEncoder.setVelocityEngine(engine);
            return pac4jHTTPPostEncoder;
        }
        if (!SAMLConstants.SAML2_POST_SIMPLE_SIGN_BINDING_URI.equals(this.destinationBindingType)) {
            if (SAMLConstants.SAML2_REDIRECT_BINDING_URI.equals(this.destinationBindingType)) {
                return new Pac4jHTTPRedirectDeflateEncoder(profileRequestContextOutboundMessageTransportResponse, mustSignRequest(sPSSODescriptor, iDPSSODescriptor));
            }
            throw new UnsupportedOperationException("Binding type - " + this.destinationBindingType + " is not supported");
        }
        VelocityEngine engine2 = VelocityEngineFactory.getEngine();
        Pac4jHTTPPostSimpleSignEncoder pac4jHTTPPostSimpleSignEncoder = new Pac4jHTTPPostSimpleSignEncoder(profileRequestContextOutboundMessageTransportResponse);
        pac4jHTTPPostSimpleSignEncoder.setVelocityEngine(engine2);
        return pac4jHTTPPostSimpleSignEncoder;
    }
}
