package org.springframework.security.saml.websso;

import java.util.Set;
import org.opensaml.common.SAMLException;
import org.opensaml.common.SAMLObjectBuilder;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.liberty.paos.Request;
import org.opensaml.saml2.core.AuthnRequest;
import org.opensaml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.saml2.metadata.SingleSignOnService;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.ws.soap.common.SOAPObjectBuilder;
import org.opensaml.ws.soap.soap11.ActorBearing;
import org.opensaml.ws.soap.soap11.Envelope;
import org.opensaml.ws.soap.util.SOAPHelper;
import org.opensaml.ws.transport.http.HTTPOutTransport;
import org.springframework.security.saml.context.SAMLMessageContext;
import org.springframework.security.saml.storage.SAMLMessageStorage;

/* loaded from: input_file:WEB-INF/lib/spring-security-saml2-core-1.0.0.RELEASE.jar:org/springframework/security/saml/websso/WebSSOProfileECPImpl.class */
public class WebSSOProfileECPImpl extends WebSSOProfileImpl {
    @Override // org.springframework.security.saml.websso.WebSSOProfileImpl, org.springframework.security.saml.websso.AbstractProfileBase
    public String getProfileIdentifier() {
        return "urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp";
    }

    @Override // org.springframework.security.saml.websso.WebSSOProfileImpl, org.springframework.security.saml.websso.WebSSOProfile
    public void sendAuthenticationRequest(SAMLMessageContext sAMLMessageContext, WebSSOProfileOptions webSSOProfileOptions) throws SAMLException, MetadataProviderException, MessageEncodingException {
        SPSSODescriptor sPSSODescriptor = (SPSSODescriptor) sAMLMessageContext.getLocalEntityRoleMetadata();
        AssertionConsumerService assertionConsumerService = getAssertionConsumerService(webSSOProfileOptions, null, sPSSODescriptor);
        AuthnRequest authnRequest = getAuthnRequest(sAMLMessageContext, webSSOProfileOptions, assertionConsumerService, null);
        sAMLMessageContext.setCommunicationProfileId(getProfileIdentifier());
        sAMLMessageContext.setOutboundMessage(getEnvelope());
        sAMLMessageContext.setOutboundSAMLMessage(authnRequest);
        SOAPHelper.addHeaderBlock(sAMLMessageContext, getPAOSRequest(assertionConsumerService));
        SOAPHelper.addHeaderBlock(sAMLMessageContext, getECPRequest(sAMLMessageContext, webSSOProfileOptions));
        sendMessage(sAMLMessageContext, sPSSODescriptor.isAuthnRequestsSigned().booleanValue(), SAMLConstants.SAML2_PAOS_BINDING_URI);
        ((HTTPOutTransport) sAMLMessageContext.getOutboundMessageTransport()).setHeader("Content-Type", org.springframework.security.saml.SAMLConstants.PAOS_HTTP_ACCEPT_HEADER);
        SAMLMessageStorage messageStorage = sAMLMessageContext.getMessageStorage();
        if (messageStorage != null) {
            messageStorage.storeMessage(authnRequest.getID(), authnRequest);
        }
    }

    @Override // org.springframework.security.saml.websso.WebSSOProfileImpl
    protected boolean isEndpointSupported(AssertionConsumerService assertionConsumerService) {
        return SAMLConstants.SAML2_PAOS_BINDING_URI.equals(assertionConsumerService.getBinding());
    }

    @Override // org.springframework.security.saml.websso.WebSSOProfileImpl
    protected boolean isEndpointSupported(SingleSignOnService singleSignOnService) {
        return false;
    }

    protected Request getPAOSRequest(AssertionConsumerService assertionConsumerService) {
        Request request = (Request) ((SAMLObjectBuilder) this.builderFactory.getBuilder(Request.DEFAULT_ELEMENT_NAME)).mo3278buildObject();
        request.setSOAP11Actor(ActorBearing.SOAP11_ACTOR_NEXT);
        request.setSOAP11MustUnderstand((Boolean) true);
        request.setResponseConsumerURL(assertionConsumerService.getLocation());
        request.setService("urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp");
        return request;
    }

    protected org.opensaml.saml2.ecp.Request getECPRequest(SAMLMessageContext sAMLMessageContext, WebSSOProfileOptions webSSOProfileOptions) {
        org.opensaml.saml2.ecp.Request request = (org.opensaml.saml2.ecp.Request) ((SAMLObjectBuilder) this.builderFactory.getBuilder(org.opensaml.saml2.ecp.Request.DEFAULT_ELEMENT_NAME)).mo3278buildObject();
        request.setSOAP11Actor(ActorBearing.SOAP11_ACTOR_NEXT);
        request.setSOAP11MustUnderstand((Boolean) true);
        request.setPassive(webSSOProfileOptions.getPassive());
        request.setProviderName(webSSOProfileOptions.getProviderName());
        request.setIssuer(getIssuer(sAMLMessageContext.getLocalEntityId()));
        Set<String> allowedIDPs = webSSOProfileOptions.getAllowedIDPs();
        if (webSSOProfileOptions.isIncludeScoping().booleanValue() && allowedIDPs != null) {
            request.setIDPList(buildIDPList(allowedIDPs, null));
        }
        return request;
    }

    protected Envelope getEnvelope() {
        return (Envelope) ((SOAPObjectBuilder) this.builderFactory.getBuilder(Envelope.DEFAULT_ELEMENT_NAME)).buildObject();
    }
}
