package org.opensaml.saml.saml2.binding.encoding.impl;

import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.net.MalformedURLException;
import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.shared.annotation.constraint.NonnullAfterInit;
import net.shibboleth.shared.annotation.constraint.NotEmpty;
import net.shibboleth.shared.codec.Base64Support;
import net.shibboleth.shared.codec.EncodingException;
import net.shibboleth.shared.codec.HTMLEncoder;
import net.shibboleth.shared.codec.StringDigester;
import net.shibboleth.shared.collection.Pair;
import net.shibboleth.shared.component.ComponentInitializationException;
import net.shibboleth.shared.logic.Constraint;
import net.shibboleth.shared.net.URLBuilder;
import net.shibboleth.shared.primitive.LoggerFactory;
import net.shibboleth.shared.primitive.StringSupport;
import net.shibboleth.shared.security.IdentifierGenerationStrategy;
import org.apache.velocity.VelocityContext;
import org.apache.velocity.app.VelocityEngine;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.messaging.encoder.HTMLMessageEncoder;
import org.opensaml.messaging.encoder.MessageEncodingException;
import org.opensaml.saml.common.SAMLObject;
import org.opensaml.saml.common.binding.SAMLBindingSupport;
import org.opensaml.saml.common.binding.artifact.SAMLArtifactMap;
import org.opensaml.saml.common.messaging.context.SAMLArtifactContext;
import org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext;
import org.opensaml.saml.common.messaging.context.SAMLSelfEntityContext;
import org.opensaml.saml.config.SAMLConfigurationSupport;
import org.opensaml.saml.saml2.binding.artifact.SAML2Artifact;
import org.opensaml.saml.saml2.binding.artifact.SAML2ArtifactBuilder;
import org.opensaml.saml.saml2.binding.artifact.SAML2ArtifactBuilderFactory;
import org.opensaml.saml.saml2.binding.artifact.SAML2ArtifactType0004;
import org.slf4j.Logger;

/* loaded from: input_file:org/opensaml/saml/saml2/binding/encoding/impl/HTTPArtifactEncoder.class */
public class HTTPArtifactEncoder extends BaseSAML2MessageEncoder implements HTMLMessageEncoder {

    @Nonnull
    @NotEmpty
    public static final String DEFAULT_TEMPLATE_ID = "/templates/saml2-post-artifact-binding.vm";
    private boolean postEncoding;

    @Nullable
    private VelocityEngine velocityEngine;

    @Nullable
    private StringDigester cspDigester;

    @Nullable
    private IdentifierGenerationStrategy cspNonceGenerator;

    @NonnullAfterInit
    private SAMLArtifactMap artifactMap;
    static final /* synthetic */ boolean $assertionsDisabled;

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(HTTPArtifactEncoder.class);

    @Nonnull
    @NotEmpty
    private byte[] defaultArtifactType = SAML2ArtifactType0004.TYPE_CODE;

    @Nonnull
    @NotEmpty
    private String velocityTemplateId = DEFAULT_TEMPLATE_ID;

    @Nonnull
    @NotEmpty
    public String getBindingURI() {
        return "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact";
    }

    public boolean isPostEncoding() {
        return this.postEncoding;
    }

    public void setPostEncoding(boolean z) {
        checkSetterPreconditions();
        this.postEncoding = z;
    }

    @Nullable
    public VelocityEngine getVelocityEngine() {
        return this.velocityEngine;
    }

    public void setVelocityEngine(@Nullable VelocityEngine velocityEngine) {
        checkSetterPreconditions();
        this.velocityEngine = velocityEngine;
    }

    @Nonnull
    @NotEmpty
    public String getVelocityTemplateId() {
        return this.velocityTemplateId;
    }

    public void setVelocityTemplateId(@Nonnull @NotEmpty String str) {
        checkSetterPreconditions();
        this.velocityTemplateId = (String) Constraint.isNotNull(StringSupport.trimOrNull(str), "Velocity template ID cannot be null or empty");
    }

    public void setCSPDigester(@Nullable StringDigester stringDigester) {
        checkSetterPreconditions();
        this.cspDigester = stringDigester;
    }

    public void setCSPNonceGenerator(@Nullable IdentifierGenerationStrategy identifierGenerationStrategy) {
        checkSetterPreconditions();
        this.cspNonceGenerator = identifierGenerationStrategy;
    }

    @NonnullAfterInit
    public SAMLArtifactMap getArtifactMap() {
        return this.artifactMap;
    }

    public void setArtifactMap(@Nonnull SAMLArtifactMap sAMLArtifactMap) {
        checkSetterPreconditions();
        this.artifactMap = (SAMLArtifactMap) Constraint.isNotNull(sAMLArtifactMap, "SAMLArtifactMap cannot be null");
    }

    protected void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (this.artifactMap == null) {
            throw new ComponentInitializationException("SAMLArtifactMap cannot be null");
        }
        if (isPostEncoding() && this.velocityEngine == null) {
            throw new ComponentInitializationException("VelocityEngine cannot be null when POST is used");
        }
    }

    protected void doEncode() throws MessageEncodingException {
        getHttpServletResponse().setCharacterEncoding("UTF-8");
        if (this.postEncoding) {
            postEncode();
        } else {
            getEncode();
        }
    }

    protected void postEncode() throws MessageEncodingException {
        this.log.debug("Performing HTTP POST SAML 2 artifact encoding");
        MessageContext messageContext = getMessageContext();
        if (!$assertionsDisabled && messageContext == null) {
            throw new AssertionError();
        }
        this.log.debug("Creating velocity context");
        VelocityContext velocityContext = new VelocityContext();
        String uri = getEndpointURL(messageContext).toString();
        String encodeForHTMLAttribute = HTMLEncoder.encodeForHTMLAttribute(uri);
        this.log.debug("Setting action parameter to: '{}', encoded as '{}'", uri, encodeForHTMLAttribute);
        velocityContext.put("action", encodeForHTMLAttribute);
        try {
            velocityContext.put("SAMLArt", Base64Support.encode(buildArtifact(messageContext).getArtifactBytes(), false));
            velocityContext.put("binding", getBindingURI());
            if (this.cspDigester != null) {
                this.log.trace("Adding CSP digester to context");
                velocityContext.put("cspDigester", this.cspDigester);
            }
            if (this.cspNonceGenerator != null) {
                this.log.trace("Adding CSP nonce generator to context");
                velocityContext.put("cspNonce", this.cspNonceGenerator);
            }
            String relayState = SAMLBindingSupport.getRelayState(messageContext);
            if (SAMLBindingSupport.checkRelayState(relayState)) {
                String encodeForHTMLAttribute2 = HTMLEncoder.encodeForHTMLAttribute(relayState);
                this.log.debug("Setting RelayState parameter to: '{}', encoded as '{}'", relayState, encodeForHTMLAttribute2);
                velocityContext.put("RelayState", encodeForHTMLAttribute2);
            }
            HttpServletResponse httpServletResponse = getHttpServletResponse();
            velocityContext.put("response", httpServletResponse);
            try {
                this.log.debug("Invoking velocity template");
                OutputStreamWriter outputStreamWriter = new OutputStreamWriter(httpServletResponse.getOutputStream());
                try {
                    if (!$assertionsDisabled && this.velocityEngine == null) {
                        throw new AssertionError();
                    }
                    this.velocityEngine.mergeTemplate(this.velocityTemplateId, "UTF-8", velocityContext, outputStreamWriter);
                    outputStreamWriter.flush();
                    outputStreamWriter.close();
                } finally {
                }
            } catch (Exception e) {
                this.log.error("Error invoking velocity template to create POST form: {}", e.getMessage());
                throw new MessageEncodingException("Error creating output document", e);
            }
        } catch (EncodingException e2) {
            this.log.warn("Unable to base64 encode SAML 2 artifact when creating POST form: {}", e2.getMessage());
            throw new MessageEncodingException("Unable to base64 encode SAML 2 artifact when creating POST form", e2);
        }
    }

    protected void getEncode() throws MessageEncodingException {
        this.log.debug("Performing HTTP GET SAML 2 artifact encoding");
        MessageContext messageContext = getMessageContext();
        if (!$assertionsDisabled && messageContext == null) {
            throw new AssertionError();
        }
        String uri = getEndpointURL(messageContext).toString();
        if (!$assertionsDisabled && uri == null) {
            throw new AssertionError();
        }
        try {
            URLBuilder uRLBuilder = new URLBuilder(uri);
            List queryParams = uRLBuilder.getQueryParams();
            queryParams.clear();
            try {
                queryParams.add(new Pair("SAMLart", Base64Support.encode(buildArtifact(messageContext).getArtifactBytes(), false)));
                String relayState = SAMLBindingSupport.getRelayState(messageContext);
                if (SAMLBindingSupport.checkRelayState(relayState)) {
                    queryParams.add(new Pair("RelayState", relayState));
                }
                try {
                    getHttpServletResponse().sendRedirect(uRLBuilder.buildURL());
                } catch (IOException e) {
                    throw new MessageEncodingException("Problem sending HTTP redirect", e);
                }
            } catch (EncodingException e2) {
                this.log.error("Unable to base64 encode artifact for message to relying party: {}", e2.getMessage());
                throw new MessageEncodingException("Unable to base64 encode artifact for message to relying party", e2);
            }
        } catch (MalformedURLException e3) {
            throw new MessageEncodingException("Endpoint URL " + uri + " is not a valid URL", e3);
        }
    }

    @Nonnull
    protected SAML2Artifact buildArtifact(@Nonnull MessageContext messageContext) throws MessageEncodingException {
        SAML2ArtifactBuilder artifactBuilder;
        Object message = messageContext.getMessage();
        if (!(message instanceof SAMLObject)) {
            throw new MessageEncodingException("Outbound message was not a SAMLObject");
        }
        SAMLObject sAMLObject = (SAMLObject) message;
        String inboundMessageIssuer = getInboundMessageIssuer(messageContext);
        String outboundMessageIssuer = getOutboundMessageIssuer(messageContext);
        if (inboundMessageIssuer == null || outboundMessageIssuer == null) {
            throw new MessageEncodingException("Unable to obtain issuer or relying party for message encoding");
        }
        byte[] sAMLArtifactType = getSAMLArtifactType(messageContext);
        if (sAMLArtifactType != null) {
            SAML2ArtifactBuilderFactory sAML2ArtifactBuilderFactory = SAMLConfigurationSupport.getSAML2ArtifactBuilderFactory();
            artifactBuilder = sAML2ArtifactBuilderFactory != null ? sAML2ArtifactBuilderFactory.getArtifactBuilder(sAMLArtifactType) : null;
        } else {
            SAML2ArtifactBuilderFactory sAML2ArtifactBuilderFactory2 = SAMLConfigurationSupport.getSAML2ArtifactBuilderFactory();
            artifactBuilder = sAML2ArtifactBuilderFactory2 != null ? sAML2ArtifactBuilderFactory2.getArtifactBuilder(this.defaultArtifactType) : null;
            storeSAMLArtifactType(messageContext, this.defaultArtifactType);
        }
        if (artifactBuilder == null) {
            throw new MessageEncodingException("Unable to obtain SAML2ArtifactBuilder");
        }
        SAML2Artifact buildArtifact = artifactBuilder.buildArtifact(messageContext);
        if (buildArtifact == null) {
            this.log.error("Unable to build artifact for message to relying party");
            throw new MessageEncodingException("Unable to build artifact for message to relying party");
        }
        try {
            this.artifactMap.put(Base64Support.encode(buildArtifact.getArtifactBytes(), false), inboundMessageIssuer, outboundMessageIssuer, sAMLObject);
            return buildArtifact;
        } catch (EncodingException e) {
            this.log.error("Unable to base64 encode artifact: {}", e.getMessage());
            throw new MessageEncodingException("Unable to base64 encode artifact", e);
        } catch (IOException e2) {
            this.log.error("Unable to store message mapping for artifact: {}", e2.getMessage());
            throw new MessageEncodingException("Unable to store message mapping for artifact", e2);
        }
    }

    @Nullable
    private String getOutboundMessageIssuer(@Nonnull MessageContext messageContext) {
        SAMLSelfEntityContext subcontext = messageContext.getSubcontext(SAMLSelfEntityContext.class);
        if (subcontext == null) {
            return null;
        }
        return subcontext.getEntityId();
    }

    @Nullable
    private String getInboundMessageIssuer(@Nonnull MessageContext messageContext) {
        SAMLPeerEntityContext subcontext = messageContext.getSubcontext(SAMLPeerEntityContext.class);
        if (subcontext == null) {
            return null;
        }
        return subcontext.getEntityId();
    }

    private void storeSAMLArtifactType(@Nonnull MessageContext messageContext, @Nonnull @NotEmpty byte[] bArr) {
        messageContext.ensureSubcontext(SAMLArtifactContext.class).setArtifactType(bArr);
    }

    @Nullable
    private byte[] getSAMLArtifactType(@Nonnull MessageContext messageContext) {
        return messageContext.ensureSubcontext(SAMLArtifactContext.class).getArtifactType();
    }

    static {
        $assertionsDisabled = !HTTPArtifactEncoder.class.desiredAssertionStatus();
    }
}
