package org.elasticsearch.xpack.security.authc.saml;

import java.io.ByteArrayOutputStream;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.zip.Deflater;
import java.util.zip.DeflaterOutputStream;
import org.elasticsearch.ElasticsearchException;
import org.opensaml.core.xml.util.XMLObjectSupport;
import org.opensaml.saml.common.SAMLObject;
import org.opensaml.saml.saml2.core.RequestAbstractType;
import org.opensaml.saml.saml2.core.StatusResponseType;

/* loaded from: input_file:org/elasticsearch/xpack/security/authc/saml/SamlRedirect.class */
public class SamlRedirect {
    private final SAMLObject samlObject;
    private final String destination;
    private final String parameterName;
    private final SigningConfiguration signing;

    public SamlRedirect(RequestAbstractType requestAbstractType, SigningConfiguration signingConfiguration) {
        this.samlObject = requestAbstractType;
        this.destination = requestAbstractType.getDestination();
        this.parameterName = "SAMLRequest";
        this.signing = signingConfiguration;
    }

    public SamlRedirect(StatusResponseType statusResponseType, SigningConfiguration signingConfiguration) {
        this.samlObject = statusResponseType;
        this.destination = statusResponseType.getDestination();
        this.parameterName = "SAMLResponse";
        this.signing = signingConfiguration;
    }

    public String getRedirectUrl() throws ElasticsearchException {
        return getRedirectUrl(null);
    }

    public String getRedirectUrl(String str) throws ElasticsearchException {
        try {
            String str2 = this.parameterName + "=" + urlEncode(deflateAndBase64Encode(this.samlObject));
            if (str != null) {
                str2 = str2 + "&RelayState=" + urlEncode(str);
            }
            if (this.signing.shouldSign(this.samlObject)) {
                String str3 = str2 + "&SigAlg=" + urlEncode("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
                str2 = str3 + "&Signature=" + urlEncode(base64Encode(this.signing.sign(str3, "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256")));
            }
            return withParameters(str2);
        } catch (Exception e) {
            throw new ElasticsearchException("Cannot construct SAML redirect", e, new Object[0]);
        }
    }

    private String withParameters(String str) {
        return this.destination.indexOf(63) == -1 ? this.destination + "?" + str : this.destination.endsWith("?") ? this.destination + str : this.destination + "&" + str;
    }

    private static String base64Encode(byte[] bArr) {
        return Base64.getEncoder().encodeToString(bArr);
    }

    private static String urlEncode(String str) {
        return URLEncoder.encode(str, StandardCharsets.US_ASCII);
    }

    protected String deflateAndBase64Encode(SAMLObject sAMLObject) throws Exception {
        Deflater deflater = new Deflater(8, true);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            DeflaterOutputStream deflaterOutputStream = new DeflaterOutputStream(byteArrayOutputStream, deflater);
            try {
                deflaterOutputStream.write(SamlUtils.toString(XMLObjectSupport.marshall(sAMLObject)).getBytes(StandardCharsets.UTF_8));
                deflaterOutputStream.finish();
                String base64Encode = base64Encode(byteArrayOutputStream.toByteArray());
                deflaterOutputStream.close();
                byteArrayOutputStream.close();
                return base64Encode;
            } finally {
            }
        } catch (Throwable th) {
            try {
                byteArrayOutputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }
}
