package org.opensaml.saml.saml2.binding.decoding.impl;

import com.google.common.base.Strings;
import jakarta.servlet.http.HttpServletRequest;
import java.io.UnsupportedEncodingException;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.shared.annotation.constraint.NotEmpty;
import net.shibboleth.shared.codec.Base64Support;
import net.shibboleth.shared.codec.DecodingException;
import net.shibboleth.shared.primitive.LoggerFactory;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.messaging.decoder.MessageDecodingException;
import org.opensaml.saml.common.binding.SAMLBindingSupport;
import org.opensaml.saml.common.messaging.context.SAMLBindingContext;
import org.slf4j.Logger;

/* loaded from: input_file:org/opensaml/saml/saml2/binding/decoding/impl/HTTPPostSimpleSignDecoder.class */
public class HTTPPostSimpleSignDecoder extends HTTPPostDecoder {

    @Nonnull
    private Logger log = LoggerFactory.getLogger(HTTPPostSimpleSignDecoder.class);
    static final /* synthetic */ boolean $assertionsDisabled;

    @Override // org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder
    @Nonnull
    @NotEmpty
    public String getBindingURI() {
        return "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign";
    }

    @Override // org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder
    protected void populateBindingContext(@Nonnull MessageContext messageContext) {
        SAMLBindingContext ensureSubcontext = messageContext.ensureSubcontext(SAMLBindingContext.class);
        ensureSubcontext.setBindingUri(getBindingURI());
        ensureSubcontext.setBindingDescriptor(getBindingDescriptor());
        ensureSubcontext.setHasBindingSignature(!Strings.isNullOrEmpty(getHttpServletRequest().getParameter("Signature")));
        ensureSubcontext.setIntendedDestinationEndpointURIRequired(SAMLBindingSupport.isMessageSigned(messageContext));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder
    public void doDecode() throws MessageDecodingException {
        super.doDecode();
        byte[] signedContent = getSignedContent();
        if (signedContent == null) {
            this.log.warn("Failed to build signed content data, signature evaluation will be skipped");
            return;
        }
        MessageContext messageContext = getMessageContext();
        if (!$assertionsDisabled && messageContext == null) {
            throw new AssertionError();
        }
        ((SimpleSignatureContext) messageContext.ensureSubcontext(SimpleSignatureContext.class)).setSignedContent(signedContent);
    }

    @Nullable
    protected byte[] getSignedContent() throws MessageDecodingException {
        HttpServletRequest httpServletRequest = getHttpServletRequest();
        StringBuilder sb = new StringBuilder();
        try {
            if (httpServletRequest.getParameter("SAMLRequest") != null) {
                String parameter = httpServletRequest.getParameter("SAMLRequest");
                if (!$assertionsDisabled && parameter == null) {
                    throw new AssertionError();
                }
                sb.append("SAMLRequest=" + new String(Base64Support.decode(parameter), "UTF-8"));
            } else {
                if (httpServletRequest.getParameter("SAMLResponse") == null) {
                    this.log.warn("Could not extract either a SAMLRequest or a SAMLResponse from the form control data");
                    return null;
                }
                String parameter2 = httpServletRequest.getParameter("SAMLResponse");
                if (!$assertionsDisabled && parameter2 == null) {
                    throw new AssertionError();
                }
                sb.append("SAMLResponse=" + new String(Base64Support.decode(parameter2), "UTF-8"));
            }
            if (httpServletRequest.getParameter("RelayState") != null) {
                sb.append("&RelayState=" + httpServletRequest.getParameter("RelayState"));
            }
            if (httpServletRequest.getParameter("SigAlg") == null) {
                this.log.warn("Signature algorithm could not be extracted from request, cannot build simple signature content");
                return null;
            }
            sb.append("&SigAlg=" + httpServletRequest.getParameter("SigAlg"));
            String sb2 = sb.toString();
            if (Strings.isNullOrEmpty(sb2)) {
                this.log.warn("Could not construct signed content string from form control data");
                return null;
            }
            this.log.debug("Constructed signed content string for HTTP-Post-SimpleSign {}", sb2);
            try {
                return sb2.getBytes("UTF-8");
            } catch (UnsupportedEncodingException e) {
                this.log.error("UTF-8 encoding is not supported, this VM is not Java compliant");
                throw new MessageDecodingException("Unable to process message, UTF-8 encoding is not supported");
            }
        } catch (UnsupportedEncodingException e2) {
            this.log.error("UTF-8 encoding is not supported, this VM is not Java compliant");
            throw new MessageDecodingException("Unable to process message, UTF-8 encoding is not supported");
        } catch (DecodingException e3) {
            this.log.error("Unable to Base64 decode either a SAMLRequest or a SAMLResponse from the form control data");
            throw new MessageDecodingException("Unable to Base64 decode either a SAMLRequest or a SAMLResponse from the form control data", e3);
        }
    }

    static {
        $assertionsDisabled = !HTTPPostSimpleSignDecoder.class.desiredAssertionStatus();
    }
}
