package org.opensaml.saml2.binding.encoding;

import com.ibm.ws.security.saml.Constants;
import java.io.UnsupportedEncodingException;
import org.apache.velocity.VelocityContext;
import org.apache.velocity.app.VelocityEngine;
import org.opensaml.common.binding.SAMLMessageContext;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.xml.Configuration;
import org.opensaml.xml.io.Marshaller;
import org.opensaml.xml.io.MarshallingException;
import org.opensaml.xml.security.SecurityConfiguration;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.SecurityHelper;
import org.opensaml.xml.security.SigningUtil;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.security.keyinfo.KeyInfoGenerator;
import org.opensaml.xml.signature.KeyInfo;
import org.opensaml.xml.util.Base64;
import org.opensaml.xml.util.DatatypeHelper;
import org.opensaml.xml.util.XMLHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:wlp/lib/com.ibm.ws.org.opensaml.opensaml.2.5.3_1.0.15.jar:org/opensaml/saml2/binding/encoding/HTTPPostSimpleSignEncoder.class */
public class HTTPPostSimpleSignEncoder extends HTTPPostEncoder {
    private final Logger log;
    private boolean signProtocolMessageWithXMLDSIG;

    public HTTPPostSimpleSignEncoder(VelocityEngine velocityEngine, String str) {
        super(velocityEngine, str);
        this.log = LoggerFactory.getLogger(HTTPPostSimpleSignEncoder.class);
        this.signProtocolMessageWithXMLDSIG = false;
    }

    public HTTPPostSimpleSignEncoder(VelocityEngine velocityEngine, String str, boolean z) {
        super(velocityEngine, str);
        this.log = LoggerFactory.getLogger(HTTPPostSimpleSignEncoder.class);
        this.signProtocolMessageWithXMLDSIG = z;
    }

    @Override // org.opensaml.saml2.binding.encoding.HTTPPostEncoder, org.opensaml.common.binding.encoding.SAMLMessageEncoder
    public String getBindingURI() {
        return "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign";
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.opensaml.saml2.binding.encoding.BaseSAML2MessageEncoder
    public void signMessage(SAMLMessageContext sAMLMessageContext) throws MessageEncodingException {
        if (this.signProtocolMessageWithXMLDSIG) {
            super.signMessage(sAMLMessageContext);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.opensaml.saml2.binding.encoding.HTTPPostEncoder
    public void populateVelocityContext(VelocityContext velocityContext, SAMLMessageContext sAMLMessageContext, String str) throws MessageEncodingException {
        super.populateVelocityContext(velocityContext, sAMLMessageContext, str);
        Credential ouboundSAMLMessageSigningCredential = sAMLMessageContext.getOuboundSAMLMessageSigningCredential();
        if (ouboundSAMLMessageSigningCredential == null) {
            this.log.debug("No signing credential was supplied, skipping HTTP-Post simple signing");
            return;
        }
        String signatureAlgorithmURI = getSignatureAlgorithmURI(ouboundSAMLMessageSigningCredential, null);
        velocityContext.put("SigAlg", signatureAlgorithmURI);
        velocityContext.put("Signature", generateSignature(ouboundSAMLMessageSigningCredential, signatureAlgorithmURI, buildFormDataToSign(velocityContext, sAMLMessageContext, signatureAlgorithmURI)));
        KeyInfoGenerator keyInfoGenerator = SecurityHelper.getKeyInfoGenerator(ouboundSAMLMessageSigningCredential, null, null);
        if (keyInfoGenerator != null) {
            String buildKeyInfo = buildKeyInfo(ouboundSAMLMessageSigningCredential, keyInfoGenerator);
            if (DatatypeHelper.isEmpty(buildKeyInfo)) {
                return;
            }
            velocityContext.put("KeyInfo", buildKeyInfo);
        }
    }

    protected String buildKeyInfo(Credential credential, KeyInfoGenerator keyInfoGenerator) throws MessageEncodingException {
        try {
            KeyInfo generate = keyInfoGenerator.generate(credential);
            if (generate == null) {
                return null;
            }
            Marshaller marshaller = Configuration.getMarshallerFactory().getMarshaller(generate);
            if (marshaller != null) {
                return Base64.encodeBytes(XMLHelper.nodeToString(marshaller.marshall(generate)).getBytes(), 8);
            }
            this.log.error("No KeyInfo marshaller available from configuration");
            throw new MessageEncodingException("No KeyInfo marshaller was configured");
        } catch (MarshallingException e) {
            this.log.error("Error marshalling KeyInfo based on signing credential", (Throwable) e);
            throw new MessageEncodingException("Error marshalling KeyInfo based on signing credential", e);
        } catch (SecurityException e2) {
            this.log.error("Error generating KeyInfo from signing credential", (Throwable) e2);
            throw new MessageEncodingException("Error generating KeyInfo from signing credential", e2);
        }
    }

    protected String buildFormDataToSign(VelocityContext velocityContext, SAMLMessageContext sAMLMessageContext, String str) {
        StringBuilder sb = new StringBuilder();
        boolean z = false;
        if (velocityContext.get("SAMLRequest") != null) {
            z = true;
        }
        String str2 = null;
        try {
            str2 = new String(Base64.decode(z ? (String) velocityContext.get("SAMLRequest") : (String) velocityContext.get(Constants.SAMLResponse)), "UTF-8");
        } catch (UnsupportedEncodingException e) {
        }
        if (z) {
            sb.append("SAMLRequest=" + str2);
        } else {
            sb.append("SAMLResponse=" + str2);
        }
        if (sAMLMessageContext.getRelayState() != null) {
            sb.append("&RelayState=" + sAMLMessageContext.getRelayState());
        }
        sb.append("&SigAlg=" + str);
        return sb.toString();
    }

    protected String getSignatureAlgorithmURI(Credential credential, SecurityConfiguration securityConfiguration) throws MessageEncodingException {
        String signatureAlgorithmURI = (securityConfiguration != null ? securityConfiguration : Configuration.getGlobalSecurityConfiguration()).getSignatureAlgorithmURI(credential);
        if (signatureAlgorithmURI == null) {
            throw new MessageEncodingException("The signing credential's algorithm URI could not be derived");
        }
        return signatureAlgorithmURI;
    }

    protected String generateSignature(Credential credential, String str, String str2) throws MessageEncodingException {
        this.log.debug(String.format("Generating signature with key type '%s', algorithm URI '%s' over form control string '%s'", SecurityHelper.extractSigningKey(credential).getAlgorithm(), str, str2));
        String str3 = null;
        try {
            str3 = Base64.encodeBytes(SigningUtil.signWithURI(credential, str, str2.getBytes("UTF-8")), 8);
            this.log.debug("Generated digital signature value (base64-encoded) {}", str3);
        } catch (UnsupportedEncodingException e) {
        } catch (SecurityException e2) {
            this.log.error("Error during URL signing process", (Throwable) e2);
            throw new MessageEncodingException("Unable to sign form control string", e2);
        }
        return str3;
    }
}
