package com.bea.security.saml2.binding.impl;

import com.bea.common.security.saml.registry.SAMLXMLUtil;
import com.bea.security.saml2.Saml2Logger;
import com.bea.security.saml2.binding.BindingHandlerException;
import com.bea.security.saml2.config.SAML2ConfigSpi;
import com.bea.security.saml2.providers.registry.Endpoint;
import com.bea.security.saml2.providers.registry.WebSSOPartner;
import com.bea.security.saml2.util.SAML2Utils;
import com.bea.security.utils.saml2.SSOConstants;
import java.security.Key;
import java.security.PrivateKey;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.opensaml.common.SignableSAMLObject;
import org.opensaml.saml2.core.Request;
import org.opensaml.saml2.core.StatusResponse;
import org.opensaml.xml.Configuration;
import org.opensaml.xml.io.MarshallingException;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

/* loaded from: input_file:com/bea/security/saml2/binding/impl/HttpRedirectBindingSender.class */
public class HttpRedirectBindingSender extends BaseHttpBindingSender {
    private boolean logdebug;

    public HttpRedirectBindingSender(SAML2ConfigSpi sAML2ConfigSpi, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        super(sAML2ConfigSpi, httpServletRequest, httpServletResponse);
        this.logdebug = false;
        if (this.log == null || !this.log.isDebugEnabled()) {
            return;
        }
        this.logdebug = true;
    }

    @Override // com.bea.security.saml2.binding.BindingSender
    public void sendRequest(Request request, Endpoint endpoint, WebSSOPartner webSSOPartner, String str, Key key) throws BindingHandlerException {
        send(request, endpoint, str, key, SSOConstants.SAML_REQUEST);
    }

    private void send(SignableSAMLObject signableSAMLObject, Endpoint endpoint, String str, Key key, String str2) throws BindingHandlerException {
        try {
            String samlSignAlgorithm = BindingUtil.getSamlSignAlgorithm(signableSAMLObject);
            if (this.logdebug) {
                this.log.debug("signature algorithm of saml object: " + samlSignAlgorithm);
            }
            String urlEncode = SAML2Utils.urlEncode(SAML2Utils.base64Encode(BindingUtil.deflateEncode(BindingUtil.transformNode(this.config, removeSignature(signableSAMLObject)))));
            String str3 = null;
            if (str != null && !str.equals("")) {
                str3 = SAML2Utils.urlEncode(str);
            }
            if (this.logdebug) {
                this.log.debug("URL encoded saml message:" + urlEncode);
                this.log.debug("URL encoded relay state:" + str3);
            }
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append(str2 + "=" + urlEncode);
            if (str3 != null && !str3.equals("")) {
                stringBuffer.append("&RelayState=" + str3);
            }
            if (this.logdebug) {
                this.log.debug("QueryString without signature:" + stringBuffer.toString());
            }
            if (samlSignAlgorithm != null && !samlSignAlgorithm.equals("")) {
                if (key == null) {
                    String sAML2NoSignKeyFor = Saml2Logger.getSAML2NoSignKeyFor(str2);
                    if (this.logdebug) {
                        this.log.debug(sAML2NoSignKeyFor);
                    }
                    throw new BindingHandlerException(sAML2NoSignKeyFor, 404);
                }
                stringBuffer.append("&SigAlg=" + SAML2Utils.urlEncode(samlSignAlgorithm));
                try {
                    String xmlSigAlgoToSigAlgo = BindingUtil.xmlSigAlgoToSigAlgo(samlSignAlgorithm);
                    if (this.logdebug) {
                        this.log.debug("Sign: QueryString to be signed:" + stringBuffer.toString());
                        this.log.debug("Sign: sign algorithm: " + xmlSigAlgoToSigAlgo);
                    }
                    byte[] signString = SAML2Utils.signString(stringBuffer.toString().getBytes("UTF-8"), xmlSigAlgoToSigAlgo, (PrivateKey) key);
                    if (this.logdebug) {
                        this.log.debug("signature of QueryString:" + signString);
                    }
                    stringBuffer.append("&Signature=" + SAML2Utils.urlEncode(SAML2Utils.base64Encode(signString)));
                } catch (Exception e) {
                    if (this.logdebug) {
                        this.log.debug("can't sign QueryString.", e);
                    }
                    throw new BindingHandlerException(e.getMessage(), 500);
                }
            }
            String location = endpoint.getLocation();
            String str4 = location + SAML2Utils.getDelimiterForQueryParams(location) + stringBuffer.toString();
            if (this.logdebug) {
                this.log.debug("URL:" + str4);
            }
            this.httpResponse.setContentType("text/html");
            this.httpResponse.setStatus(302);
            BindingUtil.setHttpHeaders(this.httpResponse);
            this.httpResponse.getWriter().println("<HTML><HEAD></HEAD><BODY>Location: " + str4 + "</BODY></HTML>");
            this.httpResponse.sendRedirect(SAML2Utils.ENABLE_URL_REWRITING ? this.httpResponse.encodeRedirectURL(str4) : str4);
        } catch (Exception e2) {
            throw new BindingHandlerException(e2.getMessage(), 500);
        }
    }

    private Element removeSignature(SignableSAMLObject signableSAMLObject) throws BindingHandlerException {
        try {
            Element marshall = Configuration.getMarshallerFactory().getMarshaller(signableSAMLObject).marshall(signableSAMLObject);
            NodeList childNodes = marshall.getChildNodes();
            for (int i = 0; i < childNodes.getLength(); i++) {
                if (childNodes.item(i).getNodeType() == 1) {
                    Element element = (Element) childNodes.item(i);
                    if (element.getNamespaceURI().equals(SAMLXMLUtil.DS_NAME_SPACE_URI) && element.getLocalName().equals(SSOConstants.SIGNATURE_VALUE)) {
                        marshall.removeChild(element);
                    }
                }
            }
            return marshall;
        } catch (MarshallingException e) {
            if (this.logdebug) {
                this.log.debug("can't marshall saml object to xml document.", e);
            }
            throw new BindingHandlerException(e.getMessage(), 500);
        }
    }

    @Override // com.bea.security.saml2.binding.BindingSender
    public void sendResponse(StatusResponse statusResponse, Endpoint endpoint, WebSSOPartner webSSOPartner, String str, Key key) throws BindingHandlerException {
        send(statusResponse, endpoint, str, key, "SAMLResponse");
    }
}
