package org.opensaml.saml1.binding.encoding;

import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import org.apache.cxf.transport.https.HttpsURLConnectionFactory;
import org.opensaml.Configuration;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.SignableSAMLObject;
import org.opensaml.common.binding.SAMLMessageContext;
import org.opensaml.common.binding.encoding.SAMLMessageEncoder;
import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.metadata.Endpoint;
import org.opensaml.util.URLBuilder;
import org.opensaml.ws.message.encoder.BaseMessageEncoder;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.xml.io.MarshallingException;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.SecurityHelper;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.signature.Signature;
import org.opensaml.xml.signature.SignatureException;
import org.opensaml.xml.signature.Signer;
import org.opensaml.xml.util.DatatypeHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:wlp/lib/com.ibm.ws.org.opensaml.opensaml.2.5.3_1.0.13.jar:org/opensaml/saml1/binding/encoding/BaseSAML1MessageEncoder.class */
public abstract class BaseSAML1MessageEncoder extends BaseMessageEncoder implements SAMLMessageEncoder {
    private final Logger log = LoggerFactory.getLogger(BaseSAML1MessageEncoder.class);
    private List<String> allowedURLSchemes;

    public BaseSAML1MessageEncoder() {
        setAllowedURLSchemes(new String[]{"http", HttpsURLConnectionFactory.HTTPS_URL_PROTOCOL_ID});
    }

    public List<String> getAllowedURLSchemes() {
        return this.allowedURLSchemes;
    }

    public void setAllowedURLSchemes(String[] strArr) {
        if (strArr == null || strArr.length == 0) {
            this.allowedURLSchemes = Collections.emptyList();
            return;
        }
        ArrayList arrayList = new ArrayList();
        for (String str : strArr) {
            arrayList.add(str);
        }
        this.allowedURLSchemes = Collections.unmodifiableList(arrayList);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public URLBuilder getEndpointURL(SAMLMessageContext sAMLMessageContext) throws MessageEncodingException {
        URLBuilder uRLBuilder;
        Endpoint peerEntityEndpoint = sAMLMessageContext.getPeerEntityEndpoint();
        if (peerEntityEndpoint == null) {
            throw new MessageEncodingException("Endpoint for relying party was null.");
        }
        if ((sAMLMessageContext.getOutboundMessage() instanceof Response) && !DatatypeHelper.isEmpty(peerEntityEndpoint.getResponseLocation())) {
            uRLBuilder = new URLBuilder(peerEntityEndpoint.getResponseLocation());
        } else {
            if (DatatypeHelper.isEmpty(peerEntityEndpoint.getLocation())) {
                throw new MessageEncodingException("Relying party endpoint location was null or empty.");
            }
            uRLBuilder = new URLBuilder(peerEntityEndpoint.getLocation());
        }
        if (getAllowedURLSchemes().contains(uRLBuilder.getScheme())) {
            return uRLBuilder;
        }
        throw new MessageEncodingException("Relying party endpoint used the untrusted URL scheme " + uRLBuilder.getScheme());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void signMessage(SAMLMessageContext sAMLMessageContext) throws MessageEncodingException {
        SAMLObject outboundSAMLMessage = sAMLMessageContext.getOutboundSAMLMessage();
        if (!(outboundSAMLMessage instanceof SignableSAMLObject) || sAMLMessageContext.getOuboundSAMLMessageSigningCredential() == null) {
            return;
        }
        this.log.debug("Signing outbound SAML message.");
        SignableSAMLObject signableSAMLObject = (SignableSAMLObject) outboundSAMLMessage;
        Credential ouboundSAMLMessageSigningCredential = sAMLMessageContext.getOuboundSAMLMessageSigningCredential();
        Signature signature = (Signature) Configuration.getBuilderFactory().getBuilder(Signature.DEFAULT_ELEMENT_NAME).buildObject(Signature.DEFAULT_ELEMENT_NAME);
        signature.setSigningCredential(ouboundSAMLMessageSigningCredential);
        try {
            SecurityHelper.prepareSignatureParams(signature, ouboundSAMLMessageSigningCredential, null, null);
            signableSAMLObject.setSignature(signature);
            try {
                Configuration.getMarshallerFactory().getMarshaller(signableSAMLObject).marshall(signableSAMLObject);
                Signer.signObject(signature);
            } catch (MarshallingException e) {
                this.log.error("Unable to marshall protocol message in preparation for signing", e);
                throw new MessageEncodingException("Unable to marshall protocol message in preparation for signing", e);
            } catch (SignatureException e2) {
                this.log.error("Unable to sign protocol message", e2);
                throw new MessageEncodingException("Unable to sign protocol message", e2);
            }
        } catch (SecurityException e3) {
            throw new MessageEncodingException("Error preparing signature for signing", e3);
        }
    }
}
