package org.picketlink.identity.seam.federation;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.PrivateKey;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.bind.Binder;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
import javax.xml.bind.JAXBException;
import org.jboss.seam.annotations.AutoCreate;
import org.jboss.seam.annotations.Import;
import org.jboss.seam.annotations.In;
import org.jboss.seam.annotations.Logger;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.log.Log;
import org.jboss.seam.ui.util.HTML;
import org.picketlink.identity.federation.api.saml.v2.request.SAML2Request;
import org.picketlink.identity.federation.api.saml.v2.sig.SAML2Signature;
import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
import org.picketlink.identity.federation.core.exceptions.ProcessingException;
import org.picketlink.identity.federation.core.saml.v2.holders.DestinationInfoHolder;
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
import org.picketlink.identity.federation.core.util.JAXBUtil;
import org.picketlink.identity.federation.core.util.StringUtil;
import org.picketlink.identity.federation.saml.v2.protocol.ObjectFactory;
import org.picketlink.identity.federation.saml.v2.protocol.RequestAbstractType;
import org.picketlink.identity.federation.saml.v2.protocol.StatusResponseType;
import org.picketlink.identity.federation.web.util.HTTPRedirectUtil;
import org.picketlink.identity.federation.web.util.PostBindingUtil;
import org.picketlink.identity.federation.web.util.RedirectBindingSignatureUtil;
import org.picketlink.identity.federation.web.util.RedirectBindingUtil;
import org.picketlink.identity.seam.federation.configuration.Binding;
import org.picketlink.identity.seam.federation.configuration.SamlEndpoint;
import org.picketlink.identity.seam.federation.configuration.SamlIdentityProvider;
import org.picketlink.identity.seam.federation.configuration.SamlService;
import org.picketlink.identity.seam.federation.configuration.ServiceProvider;
import org.w3c.dom.Document;
import org.xml.sax.SAXException;

@Import({"org.picketlink.identity.seam.federation"})
@Name("org.picketlink.identity.seam.federation.samlMessageSender")
@AutoCreate
/* loaded from: input_file:WEB-INF/lib/picketlink-seam-1.0.3.CR3.jar:org/picketlink/identity/seam/federation/SamlMessageSender.class */
public class SamlMessageSender {

    @Logger
    private Log log;

    @In
    private ServiceProvider serviceProvider;

    public void sendRequestToIDP(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SamlIdentityProvider samlIdentityProvider, SamlProfile samlProfile, RequestAbstractType requestAbstractType) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            SamlService service = samlIdentityProvider.getService(samlProfile);
            SamlEndpoint endpointForBinding = service.getEndpointForBinding(Binding.HTTP_Post);
            if (endpointForBinding == null) {
                endpointForBinding = service.getEndpointForBinding(Binding.HTTP_Redirect);
            }
            if (endpointForBinding == null) {
                throw new RuntimeException("Idp " + samlIdentityProvider.getEntityId() + " has no endpoint found for profile " + samlProfile);
            }
            SAML2Request sAML2Request = new SAML2Request();
            requestAbstractType.setDestination(endpointForBinding.getLocation());
            sAML2Request.marshall(requestAbstractType, byteArrayOutputStream);
            sendMessageToIDP(httpServletRequest, httpServletResponse, samlIdentityProvider, sAML2Request.convert(requestAbstractType), RequestOrResponse.REQUEST, endpointForBinding);
        } catch (IOException e) {
            throw new RuntimeException(e);
        } catch (ConfigurationException e2) {
            throw new RuntimeException(e2);
        } catch (JAXBException e3) {
            throw new RuntimeException((Throwable) e3);
        } catch (SAXException e4) {
            throw new RuntimeException(e4);
        }
    }

    public void sendResponseToIDP(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SamlIdentityProvider samlIdentityProvider, SamlEndpoint samlEndpoint, StatusResponseType statusResponseType) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            statusResponseType.setDestination(samlEndpoint.getResponseLocation());
            if (!samlEndpoint.getService().getProfile().equals(SamlProfile.SINGLE_LOGOUT)) {
                throw new RuntimeException("Responses can currently only be created for the single logout service");
            }
            JAXBElement<StatusResponseType> createLogoutResponse = new ObjectFactory().createLogoutResponse(statusResponseType);
            JAXBContext jAXBContext = JAXBUtil.getJAXBContext((Class<?>) RequestAbstractType.class);
            jAXBContext.createMarshaller().marshal(createLogoutResponse, byteArrayOutputStream);
            Binder createBinder = jAXBContext.createBinder();
            Document createDocument = DocumentUtil.createDocument();
            createBinder.marshal(createLogoutResponse, createDocument);
            sendMessageToIDP(httpServletRequest, httpServletResponse, samlIdentityProvider, createDocument, RequestOrResponse.RESPONSE, samlEndpoint);
        } catch (ConfigurationException e) {
            throw new RuntimeException(e);
        } catch (JAXBException e2) {
            throw new RuntimeException((Throwable) e2);
        }
    }

    private void sendMessageToIDP(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SamlIdentityProvider samlIdentityProvider, Document document, RequestOrResponse requestOrResponse, SamlEndpoint samlEndpoint) {
        if (this.log.isDebugEnabled()) {
            this.log.debug("Sending over to IDP: " + DocumentUtil.asString(document), new Object[0]);
        }
        try {
            boolean isWantAuthnRequestsSigned = samlEndpoint.getService().getProfile().equals(SamlProfile.SINGLE_SIGN_ON) ? samlIdentityProvider.isWantAuthnRequestsSigned() : samlIdentityProvider.isWantSingleLogoutMessagesSigned();
            PrivateKey privateKey = this.serviceProvider.getSamlConfiguration().getPrivateKey();
            if (samlEndpoint.getBinding() == Binding.HTTP_Redirect) {
                HTTPRedirectUtil.sendRedirectForResponder(samlEndpoint.getLocation() + getQueryString(RedirectBindingUtil.deflateBase64URLEncode(DocumentUtil.getDocumentAsString(document).getBytes("UTF-8")), null, isWantAuthnRequestsSigned, requestOrResponse, privateKey), httpServletResponse);
            } else {
                if (isWantAuthnRequestsSigned) {
                    new SAML2Signature().signSAMLDocument(document, new KeyPair(this.serviceProvider.getSamlConfiguration().getCertificate().getPublicKey(), privateKey));
                }
                PostBindingUtil.sendPost(new DestinationInfoHolder(samlEndpoint.getLocation(), PostBindingUtil.base64Encode(new String(DocumentUtil.getDocumentAsString(document).getBytes("UTF-8"))), null), httpServletResponse, requestOrResponse.isRequest());
            }
        } catch (IOException e) {
            throw new RuntimeException(e);
        } catch (ConfigurationException e2) {
            throw new RuntimeException();
        } catch (ProcessingException e3) {
            throw new RuntimeException(e3);
        }
    }

    private String getQueryString(String str, String str2, boolean z, RequestOrResponse requestOrResponse, PrivateKey privateKey) {
        StringBuilder sb = new StringBuilder();
        sb.append("?");
        if (z) {
            try {
                sb.append(RedirectBindingSignatureUtil.getSAMLResponseURLWithSignature(str, str2, privateKey));
            } catch (IOException e) {
                throw new RuntimeException(e);
            } catch (GeneralSecurityException e2) {
                throw new RuntimeException(e2);
            }
        } else {
            if (requestOrResponse == RequestOrResponse.REQUEST) {
                sb.append("SAMLRequest");
            } else {
                sb.append("SAMLResponse");
            }
            sb.append(HTML.HREF_PARAM_NAME_FROM_VALUE_SEPARATOR).append(str);
            if (StringUtil.isNotNull(str2)) {
                sb.append(HTML.HREF_PARAM_SEPARATOR).append("RelayState").append(HTML.HREF_PARAM_NAME_FROM_VALUE_SEPARATOR).append(str2);
            }
        }
        return sb.toString();
    }
}
