package com.appiancorp.security.auth.saml;

import com.appiancorp.suite.cfg.SamlConfiguration;
import com.google.common.base.Preconditions;
import java.util.Optional;
import javax.servlet.http.HttpServletResponse;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import org.opensaml.messaging.encoder.MessageEncodingException;
import org.opensaml.messaging.encoder.servlet.HttpServletResponseMessageEncoder;
import org.opensaml.messaging.handler.MessageHandlerException;
import org.opensaml.saml.common.SignableSAMLObject;
import org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler;
import org.opensaml.saml.common.binding.security.impl.SAMLOutboundProtocolMessageSigningHandler;
import org.opensaml.saml.saml2.metadata.Endpoint;
import org.opensaml.security.credential.Credential;
import org.opensaml.security.credential.UsageType;
import org.opensaml.security.x509.BasicX509Credential;

/* loaded from: input_file:com/appiancorp/security/auth/saml/SamlMessageSenderAdapter.class */
public class SamlMessageSenderAdapter {
    private final SAMLOutboundProtocolMessageSigningHandler messageSigningHandler;
    private final SamlConfiguration samlConfig;
    private final MessageEncoderResolver messageEncoderResolver;
    private final SigningParametersGenerator signingParametersGenerator;
    private final EndpointURLSchemeSecurityHandler endpointURLSchemeSecurityHandler;

    public SamlMessageSenderAdapter(SAMLOutboundProtocolMessageSigningHandler sAMLOutboundProtocolMessageSigningHandler, SamlConfiguration samlConfiguration, MessageEncoderResolver messageEncoderResolver, SigningParametersGenerator signingParametersGenerator, EndpointURLSchemeSecurityHandler endpointURLSchemeSecurityHandler) {
        this.messageSigningHandler = (SAMLOutboundProtocolMessageSigningHandler) Preconditions.checkNotNull(sAMLOutboundProtocolMessageSigningHandler);
        this.samlConfig = (SamlConfiguration) Preconditions.checkNotNull(samlConfiguration);
        this.messageEncoderResolver = (MessageEncoderResolver) Preconditions.checkNotNull(messageEncoderResolver);
        this.signingParametersGenerator = (SigningParametersGenerator) Preconditions.checkNotNull(signingParametersGenerator);
        this.endpointURLSchemeSecurityHandler = (EndpointURLSchemeSecurityHandler) Preconditions.checkNotNull(endpointURLSchemeSecurityHandler);
    }

    public void sendSamlMessage(SignableSAMLObject signableSAMLObject, Endpoint endpoint, HttpServletResponse httpServletResponse, String str, Optional<String> optional, EndpointType endpointType) throws MessageHandlerException, ResolverException, ComponentInitializationException, MessageEncodingException {
        SamlMessageContextWrapper<HttpServletResponse> samlMessageContextWrapper = new SamlMessageContextWrapper<>();
        samlMessageContextWrapper.setMessage(signableSAMLObject);
        samlMessageContextWrapper.setIssuer(str);
        samlMessageContextWrapper.setEndpoint(endpoint);
        samlMessageContextWrapper.getClass();
        optional.ifPresent(samlMessageContextWrapper::setRelayState);
        signMessage(samlMessageContextWrapper);
        this.endpointURLSchemeSecurityHandler.invoke(samlMessageContextWrapper.unwrap());
        httpServletResponse.setHeader("Content-Security-Policy", "script-src 'sha256-Oka5wP4QXPM7f07v/49Vt8X8rAp9O614XQ4IdgCsllE=' 'unsafe-inline' http: https:; object-src 'none'; base-uri 'none';");
        HttpServletResponseMessageEncoder resolve = this.messageEncoderResolver.resolve(endpointType);
        try {
            resolve.setHttpServletResponse(httpServletResponse);
            resolve.setMessageContext(samlMessageContextWrapper.unwrap());
            resolve.initialize();
            resolve.encode();
            resolve.destroy();
        } catch (Throwable th) {
            resolve.destroy();
            throw th;
        }
    }

    private void signMessage(SamlMessageContextWrapper<HttpServletResponse> samlMessageContextWrapper) throws MessageHandlerException {
        samlMessageContextWrapper.setSignatureSigningParameters(this.signingParametersGenerator.create(getCredential()));
        this.messageSigningHandler.invoke(samlMessageContextWrapper.unwrap());
    }

    private Credential getCredential() {
        BasicX509Credential basicX509Credential = new BasicX509Credential(this.samlConfig.getCertificateChain().get(0), this.samlConfig.getSpPrivateKey());
        basicX509Credential.setUsageType(UsageType.SIGNING);
        return basicX509Credential;
    }
}
