package org.picketlink.identity.federation.bindings.tomcat.sp;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.PrivateKey;
import org.apache.catalina.connector.Response;
import org.picketlink.identity.federation.api.saml.v2.sig.SAML2Signature;
import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
import org.picketlink.identity.federation.core.exceptions.ProcessingException;
import org.picketlink.identity.federation.core.interfaces.TrustKeyProcessingException;
import org.picketlink.identity.federation.core.saml.v2.holders.DestinationInfoHolder;
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
import org.picketlink.identity.federation.web.util.HTTPRedirectUtil;
import org.picketlink.identity.federation.web.util.PostBindingUtil;
import org.picketlink.identity.federation.web.util.RedirectBindingSignatureUtil;
import org.picketlink.identity.federation.web.util.RedirectBindingUtil;
import org.w3c.dom.Document;

/* loaded from: input_file:org/picketlink/identity/federation/bindings/tomcat/sp/ServiceProviderAuthenticator.class */
public class ServiceProviderAuthenticator extends AbstractSPFormAuthenticator {
    @Override // org.picketlink.identity.federation.bindings.tomcat.sp.AbstractSPFormAuthenticator
    protected void sendRequestToIDP(String str, Document document, String str2, Response response, boolean z) throws ProcessingException, ConfigurationException, IOException {
        if (isHttpPostBinding()) {
            sendHttpPostBindingRequest(str, document, str2, response, z);
        } else {
            sendHttpRedirectRequest(str, document, str2, response, z);
        }
    }

    private void sendHttpRedirectRequest(String str, Document document, String str2, Response response, boolean z) throws IOException, UnsupportedEncodingException, ProcessingException, ConfigurationException {
        String deflateBase64URLEncode = RedirectBindingUtil.deflateBase64URLEncode(DocumentUtil.getDocumentAsString(document).getBytes("UTF-8"));
        String signedDestinationQueryString = doSupportSignature() ? getSignedDestinationQueryString(deflateBase64URLEncode, str2, z) : RedirectBindingUtil.getDestinationQueryString(deflateBase64URLEncode, str2, z);
        RedirectBindingUtil.RedirectBindingUtilDestHolder redirectBindingUtilDestHolder = new RedirectBindingUtil.RedirectBindingUtilDestHolder();
        redirectBindingUtilDestHolder.setDestination(str).setDestinationQueryString(signedDestinationQueryString);
        HTTPRedirectUtil.sendRedirectForRequestor(RedirectBindingUtil.getDestinationURL(redirectBindingUtilDestHolder), response);
    }

    private void sendHttpPostBindingRequest(String str, Document document, String str2, Response response, boolean z) throws TrustKeyProcessingException, ProcessingException, IOException, ConfigurationException {
        if (doSupportSignature()) {
            new SAML2Signature().signSAMLDocument(document, this.keyManager.getSigningKeyPair());
        }
        PostBindingUtil.sendPost(new DestinationInfoHolder(str, PostBindingUtil.base64Encode(DocumentUtil.getDocumentAsString(document)), str2), response, z);
    }

    private String getSignedDestinationQueryString(String str, String str2, boolean z) {
        try {
            PrivateKey signingKey = this.keyManager.getSigningKey();
            if (signingKey != null) {
                return z ? RedirectBindingSignatureUtil.getSAMLRequestURLWithSignature(str, str2, signingKey) : RedirectBindingSignatureUtil.getSAMLResponseURLWithSignature(str, str2, signingKey);
            }
            this.log.error("Signing key is null. Check your KeyStore configuration.");
            throw new RuntimeException("PL00100: Signing Process Failure:");
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
}
