package org.jboss.seam.security.external.saml;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.util.zip.Deflater;
import java.util.zip.DeflaterOutputStream;
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.inject.Instance;
import javax.inject.Inject;
import javax.servlet.http.HttpServletResponse;
import javax.xml.bind.Binder;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
import javax.xml.bind.JAXBException;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.jboss.logging.Logger;
import org.jboss.seam.security.external.Base64;
import org.jboss.seam.security.external.JaxbContext;
import org.jboss.seam.security.external.ResponseHandler;
import org.jboss.seam.security.external.jaxb.samlv2.protocol.AuthnRequestType;
import org.jboss.seam.security.external.jaxb.samlv2.protocol.LogoutRequestType;
import org.jboss.seam.security.external.jaxb.samlv2.protocol.ObjectFactory;
import org.jboss.seam.security.external.jaxb.samlv2.protocol.RequestAbstractType;
import org.jboss.seam.security.external.jaxb.samlv2.protocol.ResponseType;
import org.jboss.seam.security.external.jaxb.samlv2.protocol.StatusResponseType;
import org.jboss.seam.security.external.saml.api.SamlBinding;
import org.jboss.seam.security.external.saml.sp.SamlExternalIdentityProvider;
import org.w3c.dom.Document;

@ApplicationScoped
/* loaded from: input_file:WEB-INF/lib/seam-security-external-3.0.0.Final.jar:org/jboss/seam/security/external/saml/SamlMessageSender.class */
public class SamlMessageSender {

    @Inject
    private Logger log;

    @Inject
    private Instance<SamlEntityBean> samlEntityBean;

    @Inject
    private SamlSignatureUtilForPostBinding signatureUtilForPostBinding;

    @Inject
    private SamlSignatureUtilForRedirectBinding samlSignatureUtilForRedirectBinding;

    @Inject
    private ResponseHandler responseHandler;

    @Inject
    @JaxbContext({RequestAbstractType.class, StatusResponseType.class})
    private JAXBContext jaxbContext;

    @Inject
    private Instance<SamlDialogue> samlDialogue;

    /* JADX WARN: Multi-variable type inference failed */
    public void sendRequest(SamlExternalEntity samlExternalEntity, SamlProfile samlProfile, RequestAbstractType requestAbstractType, HttpServletResponse httpServletResponse) {
        JAXBElement createLogoutRequest;
        SamlEndpoint endpoint = getEndpoint(samlExternalEntity.getService(samlProfile));
        try {
            requestAbstractType.setDestination(endpoint.getLocation());
            if (requestAbstractType instanceof AuthnRequestType) {
                createLogoutRequest = new ObjectFactory().createAuthnRequest((AuthnRequestType) requestAbstractType);
            } else {
                if (!(requestAbstractType instanceof LogoutRequestType)) {
                    throw new RuntimeException("Currently only authentication and logout requests can be sent");
                }
                createLogoutRequest = new ObjectFactory().createLogoutRequest((LogoutRequestType) requestAbstractType);
            }
            Binder createBinder = this.jaxbContext.createBinder();
            DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
            newInstance.setNamespaceAware(true);
            newInstance.setXIncludeAware(true);
            Document newDocument = newInstance.newDocumentBuilder().newDocument();
            createBinder.marshal(createLogoutRequest, newDocument);
            sendMessage(samlExternalEntity, newDocument, SamlRequestOrResponse.REQUEST, endpoint, httpServletResponse);
        } catch (JAXBException e) {
            throw new RuntimeException((Throwable) e);
        } catch (ParserConfigurationException e2) {
            throw new RuntimeException(e2);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void sendResponse(SamlExternalEntity samlExternalEntity, StatusResponseType statusResponseType, SamlProfile samlProfile, HttpServletResponse httpServletResponse) {
        SamlEndpoint endpoint = getEndpoint(samlExternalEntity.getService(samlProfile));
        try {
            statusResponseType.setDestination(endpoint.getResponseLocation());
            JAXBElement createLogoutResponse = endpoint.getService().getProfile().equals(SamlProfile.SINGLE_LOGOUT) ? new ObjectFactory().createLogoutResponse(statusResponseType) : new ObjectFactory().createResponse((ResponseType) statusResponseType);
            Binder createBinder = this.jaxbContext.createBinder();
            DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
            newInstance.setNamespaceAware(true);
            newInstance.setXIncludeAware(true);
            Document newDocument = newInstance.newDocumentBuilder().newDocument();
            createBinder.marshal(createLogoutResponse, newDocument);
            sendMessage(((SamlDialogue) this.samlDialogue.get()).getExternalProvider(), newDocument, SamlRequestOrResponse.RESPONSE, endpoint, httpServletResponse);
        } catch (ParserConfigurationException e) {
            throw new RuntimeException(e);
        } catch (JAXBException e2) {
            throw new RuntimeException((Throwable) e2);
        }
    }

    public SamlEndpoint getEndpoint(SamlService samlService) {
        SamlEndpoint endpointForBinding = samlService.getEndpointForBinding(((SamlEntityBean) this.samlEntityBean.get()).getPreferredBinding());
        if (endpointForBinding == null) {
            endpointForBinding = samlService.getEndpointForBinding(((SamlEntityBean) this.samlEntityBean.get()).getPreferredBinding() == SamlBinding.HTTP_Post ? SamlBinding.HTTP_Redirect : SamlBinding.HTTP_Post);
        }
        if (endpointForBinding == null) {
            throw new RuntimeException("No endpoint found for profile " + samlService.getProfile());
        }
        return endpointForBinding;
    }

    private void sendMessage(SamlExternalEntity samlExternalEntity, Document document, SamlRequestOrResponse samlRequestOrResponse, SamlEndpoint samlEndpoint, HttpServletResponse httpServletResponse) {
        this.log.debug("Sending " + samlRequestOrResponse + ": " + SamlUtils.getDocumentAsString(document));
        try {
            boolean isWantAuthnRequestsSigned = samlEndpoint.getService().getProfile() == SamlProfile.SINGLE_SIGN_ON ? ((SamlEntityBean) this.samlEntityBean.get()).getIdpOrSp() == SamlIdpOrSp.SP ? ((SamlExternalIdentityProvider) samlExternalEntity).isWantAuthnRequestsSigned() : true : ((SamlEntityBean) this.samlEntityBean.get()).isSingleLogoutMessagesSigned();
            if (samlEndpoint.getBinding() == SamlBinding.HTTP_Redirect) {
                byte[] bytes = SamlUtils.getDocumentAsString(document).getBytes("UTF-8");
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                DeflaterOutputStream deflaterOutputStream = new DeflaterOutputStream(byteArrayOutputStream, new Deflater(8, true));
                deflaterOutputStream.write(bytes);
                deflaterOutputStream.finish();
                String encodeBytes = Base64.encodeBytes(byteArrayOutputStream.toByteArray(), 8);
                PrivateKey privateKey = null;
                if (isWantAuthnRequestsSigned) {
                    privateKey = ((SamlEntityBean) this.samlEntityBean.get()).getSigningKey().getPrivateKey();
                }
                sendSamlRedirect(encodeBytes, isWantAuthnRequestsSigned, samlRequestOrResponse, privateKey, samlEndpoint, httpServletResponse);
            } else {
                if (isWantAuthnRequestsSigned) {
                    this.signatureUtilForPostBinding.sign(document, new KeyPair(((SamlEntityBean) this.samlEntityBean.get()).getSigningKey().getCertificate().getPublicKey(), ((SamlEntityBean) this.samlEntityBean.get()).getSigningKey().getPrivateKey()));
                }
                String encodeBytes2 = Base64.encodeBytes(SamlUtils.getDocumentAsString(document).getBytes("UTF-8"), 8);
                SamlPostMessage samlPostMessage = new SamlPostMessage();
                samlPostMessage.setRequestOrResponse(samlRequestOrResponse);
                samlPostMessage.setSamlMessage(encodeBytes2);
                samlPostMessage.setRelayState(((SamlDialogue) this.samlDialogue.get()).getExternalProviderRelayState());
                this.responseHandler.sendFormToUserAgent(samlEndpoint.getLocation(), samlPostMessage, httpServletResponse);
            }
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    private void sendSamlRedirect(String str, boolean z, SamlRequestOrResponse samlRequestOrResponse, PrivateKey privateKey, SamlEndpoint samlEndpoint, HttpServletResponse httpServletResponse) {
        SamlRedirectMessage samlRedirectMessage = new SamlRedirectMessage();
        if (z) {
            try {
                samlRedirectMessage.setRequestOrResponse(samlRequestOrResponse);
                samlRedirectMessage.setSamlMessage(str);
                samlRedirectMessage.setRelayState(((SamlDialogue) this.samlDialogue.get()).getExternalProviderRelayState());
                this.samlSignatureUtilForRedirectBinding.sign(samlRedirectMessage, privateKey);
            } catch (IOException e) {
                throw new RuntimeException(e);
            } catch (GeneralSecurityException e2) {
                throw new RuntimeException(e2);
            }
        } else {
            samlRedirectMessage.setRequestOrResponse(samlRequestOrResponse);
            samlRedirectMessage.setSamlMessage(str);
        }
        this.responseHandler.sendHttpRedirectToUserAgent(samlEndpoint.getLocation(), samlRedirectMessage, httpServletResponse);
    }
}
