package org.adeptnet.auth.saml;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.StringReader;
import java.io.UnsupportedEncodingException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.zip.Deflater;
import java.util.zip.Inflater;
import java.util.zip.InflaterInputStream;
import javax.servlet.http.HttpServletResponse;
import javax.xml.bind.DatatypeConverter;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.xml.security.Init;
import org.joda.time.DateTime;
import org.opensaml.Configuration;
import org.opensaml.common.binding.BasicSAMLMessageContext;
import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.core.AttributeStatement;
import org.opensaml.saml2.core.Audience;
import org.opensaml.saml2.core.AudienceRestriction;
import org.opensaml.saml2.core.AuthnRequest;
import org.opensaml.saml2.core.AuthnStatement;
import org.opensaml.saml2.core.Conditions;
import org.opensaml.saml2.core.Issuer;
import org.opensaml.saml2.core.NameIDPolicy;
import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.core.Subject;
import org.opensaml.saml2.core.SubjectConfirmation;
import org.opensaml.saml2.core.SubjectConfirmationData;
import org.opensaml.saml2.core.impl.AuthnRequestBuilder;
import org.opensaml.saml2.core.impl.IssuerBuilder;
import org.opensaml.saml2.core.impl.NameIDPolicyBuilder;
import org.opensaml.saml2.metadata.SingleSignOnService;
import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.ws.transport.http.HTTPTransportUtils;
import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.io.MarshallingException;
import org.opensaml.xml.io.UnmarshallingException;
import org.opensaml.xml.parse.BasicParserPool;
import org.opensaml.xml.parse.XMLParserException;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.SecurityHelper;
import org.opensaml.xml.security.SigningUtil;
import org.opensaml.xml.security.credential.BasicCredential;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.security.x509.BasicX509Credential;
import org.opensaml.xml.signature.Signature;
import org.opensaml.xml.signature.SignatureValidator;
import org.opensaml.xml.validation.ValidationException;
import org.w3c.dom.DOMException;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.ls.DOMImplementationLS;
import org.w3c.dom.ls.LSSerializer;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/adeptnet/auth/saml/SAMLClient.class */
public class SAMLClient {
    public static final String SAML_RESPONSE = "SAMLResponse";
    public static final String SAML_RELAYSTATE = "RelayState";
    public static final String SAML_SIGALG = "SigAlg";
    public static final String SAML_SIGNATURE = "Signature";
    private static final Log LOG = LogFactory.getLog(SAMLClient.class);
    private final SAMLConfig config;
    private final SignatureValidator sigValidator;
    private final BasicParserPool parsers;
    private final Credential cred;
    private static final int slack = 300;
    private final Map<String, String> map = new HashMap();

    public SAMLClient(SAMLConfig sAMLConfig) throws SAMLException {
        SAMLInit.initialize();
        this.config = sAMLConfig;
        BasicCredential basicCredential = new BasicCredential();
        basicCredential.setEntityId(sAMLConfig.getIdPConfig().getEntityId());
        basicCredential.setPublicKey(sAMLConfig.getIdPConfig().getCert().getPublicKey());
        this.cred = basicCredential;
        this.sigValidator = new SignatureValidator(this.cred);
        this.parsers = new BasicParserPool();
        this.parsers.setNamespaceAware(true);
    }

    public IdPConfig getIdPConfig() {
        return this.config.getIdPConfig();
    }

    public SPConfig getSPConfig() {
        return this.config.getSPConfig();
    }

    private Response parseResponse(String str) throws SAMLException {
        try {
            Element documentElement = this.parsers.getBuilder().parse(new InputSource(new StringReader(str))).getDocumentElement();
            return Configuration.getUnmarshallerFactory().getUnmarshaller(documentElement).unmarshall(documentElement);
        } catch (XMLParserException | UnmarshallingException | IOException | SAXException e) {
            throw new SAMLException((Throwable) e);
        }
    }

    private void validatePOST(Response response) throws ValidationException {
        this.sigValidator.validate(response.getSignature());
        validate(response);
    }

    private void validate(Response response) throws ValidationException {
        if (response.getStatus() == null || response.getStatus().getStatusCode() == null || !"urn:oasis:names:tc:SAML:2.0:status:Success".equals(response.getStatus().getStatusCode().getValue())) {
            throw new ValidationException("Response has an unsuccessful status code");
        }
        if (!this.config.getSPConfig().getAcs().equals(response.getDestination())) {
            throw new ValidationException("Response is destined for a different endpoint");
        }
        DateTime now = DateTime.now();
        DateTime issueInstant = response.getIssueInstant();
        if (issueInstant != null) {
            if (issueInstant.isBefore(now.minusDays(1).minusSeconds(slack))) {
                throw new ValidationException("Response IssueInstant is in the past");
            }
            if (issueInstant.isAfter(now.plusDays(1).plusSeconds(slack))) {
                throw new ValidationException("Response IssueInstant is in the future");
            }
        }
        for (Assertion assertion : response.getAssertions()) {
            if (!assertion.isSigned()) {
                throw new ValidationException("Assertion must be signed");
            }
            this.sigValidator.validate(assertion.getSignature());
            if (assertion.getAuthnStatements().isEmpty()) {
                throw new ValidationException("Assertion should contain an AuthnStatement");
            }
            for (AuthnStatement authnStatement : assertion.getAuthnStatements()) {
                if (authnStatement.getSessionNotOnOrAfter() == null) {
                    LOG.error("SessionNotOnOrAfter is null");
                } else {
                    DateTime plusSeconds = authnStatement.getSessionNotOnOrAfter().plusSeconds(slack);
                    if (plusSeconds != null && (now.isEqual(plusSeconds) || now.isAfter(plusSeconds))) {
                        throw new ValidationException("AuthnStatement has expired");
                    }
                }
            }
            if (assertion.getConditions() == null) {
                throw new ValidationException("Assertion should contain conditions");
            }
            DateTime issueInstant2 = assertion.getIssueInstant();
            if (issueInstant2 != null) {
                if (issueInstant2.isBefore(now.minusDays(1).minusSeconds(slack))) {
                    throw new ValidationException("Response IssueInstant is in the past");
                }
                if (issueInstant2.isAfter(now.plusDays(1).plusSeconds(slack))) {
                    throw new ValidationException("Response IssueInstant is in the future");
                }
            }
            Conditions conditions = assertion.getConditions();
            DateTime notBefore = conditions.getNotBefore();
            DateTime notOnOrAfter = conditions.getNotOnOrAfter();
            if (notBefore == null) {
                notBefore = now;
            }
            if (notBefore == null || notOnOrAfter == null) {
                throw new ValidationException("Assertion conditions must have limits");
            }
            DateTime minusSeconds = notBefore.minusSeconds(slack);
            DateTime plusSeconds2 = notOnOrAfter.plusSeconds(slack);
            if (now.isBefore(minusSeconds)) {
                throw new ValidationException("Assertion conditions is in the future");
            }
            if (now.isEqual(plusSeconds2) || now.isAfter(plusSeconds2)) {
                throw new ValidationException("Assertion conditions is in the past");
            }
            Subject subject = assertion.getSubject();
            if (subject != null && !subject.getSubjectConfirmations().isEmpty()) {
                boolean z = false;
                for (SubjectConfirmation subjectConfirmation : subject.getSubjectConfirmations()) {
                    if (subjectConfirmation.getSubjectConfirmationData() != null) {
                        SubjectConfirmationData subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData();
                        if (subjectConfirmationData.getNotOnOrAfter() != null) {
                            DateTime plusSeconds3 = subjectConfirmationData.getNotOnOrAfter().plusSeconds(slack);
                            if (now.isEqual(plusSeconds3) || now.isAfter(plusSeconds3)) {
                                throw new ValidationException("SubjectConfirmationData is in the past");
                            }
                        }
                        if (this.config.getSPConfig().getAcs().equals(subjectConfirmationData.getRecipient())) {
                            z = true;
                        }
                    }
                }
                if (!z) {
                    throw new ValidationException("No SubjectConfirmationData found for ACS");
                }
            }
            if (conditions.getAudienceRestrictions().isEmpty()) {
                throw new ValidationException("Assertion conditions must have audience restrictions");
            }
            if (conditions.getAudienceRestrictions().size() > 1) {
                throw new ValidationException("Assertion contains multiple audience restrictions");
            }
            boolean z2 = false;
            Iterator it = ((AudienceRestriction) conditions.getAudienceRestrictions().get(0)).getAudiences().iterator();
            while (it.hasNext()) {
                if (this.config.getSPConfig().getEntityId().equals(((Audience) it.next()).getAudienceURI())) {
                    z2 = true;
                }
            }
            if (!z2) {
                throw new ValidationException("Assertion audience does not include issuer");
            }
        }
    }

    private Signature getSignature() {
        try {
            char[] keystorePassword = this.config.getKeystorePassword();
            String certificateAlias = this.config.getCertificateAlias();
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            FileInputStream fileInputStream = new FileInputStream(this.config.getKeystore());
            Throwable th = null;
            try {
                try {
                    keyStore.load(fileInputStream, keystorePassword);
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                    KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(certificateAlias, new KeyStore.PasswordProtection(keystorePassword));
                    PrivateKey privateKey = privateKeyEntry.getPrivateKey();
                    X509Certificate x509Certificate = (X509Certificate) privateKeyEntry.getCertificate();
                    BasicX509Credential basicX509Credential = new BasicX509Credential();
                    basicX509Credential.setEntityCertificate(x509Certificate);
                    basicX509Credential.setPrivateKey(privateKey);
                    Signature buildObject = org.opensaml.xml.Configuration.getBuilderFactory().getBuilder(Signature.DEFAULT_ELEMENT_NAME).buildObject(Signature.DEFAULT_ELEMENT_NAME);
                    buildObject.setSigningCredential(basicX509Credential);
                    SecurityHelper.prepareSignatureParams(buildObject, basicX509Credential, Configuration.getGlobalSecurityConfiguration(), (String) null);
                    return buildObject;
                } finally {
                }
            } finally {
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException | SecurityException e) {
            Logger.getLogger(SAMLClient.class.getName()).log(Level.SEVERE, (String) null, e);
            return null;
        }
    }

    public AuthnRequest createAuthnRequest(String str) {
        AuthnRequest buildObject = new AuthnRequestBuilder().buildObject();
        buildObject.setAssertionConsumerServiceURL(this.config.getSPConfig().getAcs());
        buildObject.setDestination(this.config.getIdPConfig().getLoginUrl());
        buildObject.setIssueInstant(new DateTime());
        buildObject.setID(str);
        NameIDPolicy buildObject2 = new NameIDPolicyBuilder().buildObject();
        buildObject2.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified");
        buildObject.setNameIDPolicy(buildObject2);
        Issuer buildObject3 = new IssuerBuilder().buildObject();
        buildObject3.setValue(this.config.getSPConfig().getEntityId());
        buildObject.setIssuer(buildObject3);
        buildObject.setSignature(getSignature());
        return buildObject;
    }

    private String _createAuthnRequest(String str) throws SAMLException {
        AuthnRequest createAuthnRequest = createAuthnRequest(str);
        try {
            Element marshall = Configuration.getMarshallerFactory().getMarshaller(createAuthnRequest).marshall(createAuthnRequest);
            LSSerializer createLSSerializer = ((DOMImplementationLS) marshall.getOwnerDocument().getImplementation()).createLSSerializer();
            createLSSerializer.getDomConfig().setParameter("xml-declaration", false);
            return createLSSerializer.writeToString(marshall);
        } catch (MarshallingException e) {
            throw new SAMLException((Throwable) e);
        }
    }

    private byte[] deflate(byte[] bArr) throws IOException {
        Deflater deflater = new Deflater(-1, true);
        deflater.setInput(bArr);
        deflater.finish();
        byte[] bArr2 = new byte[8192];
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        while (!deflater.finished()) {
            byteArrayOutputStream.write(bArr2, 0, deflater.deflate(bArr2));
        }
        byteArrayOutputStream.close();
        deflater.end();
        return byteArrayOutputStream.toByteArray();
    }

    public String generateAuthnRequest(String str) throws SAMLException {
        try {
            return DatatypeConverter.printBase64Binary(deflate(_createAuthnRequest(str).getBytes("UTF-8")));
        } catch (UnsupportedEncodingException e) {
            throw new SAMLException("Apparently your platform lacks UTF-8.  That's too bad.", e);
        } catch (IOException e2) {
            throw new SAMLException("Unable to compress the AuthnRequest", e2);
        }
    }

    private byte[] inflate(byte[] bArr) throws IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        Throwable th = null;
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(bArr.length * 2);
            Throwable th2 = null;
            try {
                InflaterInputStream inflaterInputStream = new InflaterInputStream(byteArrayInputStream, new Inflater(true));
                Throwable th3 = null;
                try {
                    byte[] bArr2 = new byte[4096];
                    while (true) {
                        int read = inflaterInputStream.read(bArr2);
                        if (-1 == read) {
                            break;
                        }
                        byteArrayOutputStream.write(bArr2, 0, read);
                    }
                    byteArrayOutputStream.flush();
                    byte[] byteArray = byteArrayOutputStream.toByteArray();
                    if (inflaterInputStream != null) {
                        if (0 != 0) {
                            try {
                                inflaterInputStream.close();
                            } catch (Throwable th4) {
                                th3.addSuppressed(th4);
                            }
                        } else {
                            inflaterInputStream.close();
                        }
                    }
                    return byteArray;
                } catch (Throwable th5) {
                    if (inflaterInputStream != null) {
                        if (0 != 0) {
                            try {
                                inflaterInputStream.close();
                            } catch (Throwable th6) {
                                th3.addSuppressed(th6);
                            }
                        } else {
                            inflaterInputStream.close();
                        }
                    }
                    throw th5;
                }
            } finally {
                if (byteArrayOutputStream != null) {
                    if (0 != 0) {
                        try {
                            byteArrayOutputStream.close();
                        } catch (Throwable th7) {
                            th2.addSuppressed(th7);
                        }
                    } else {
                        byteArrayOutputStream.close();
                    }
                }
            }
        } finally {
            if (byteArrayInputStream != null) {
                if (0 != 0) {
                    try {
                        byteArrayInputStream.close();
                    } catch (Throwable th8) {
                        th.addSuppressed(th8);
                    }
                } else {
                    byteArrayInputStream.close();
                }
            }
        }
    }

    private AttributeSet getAttributeSet(Response response) throws SAMLException {
        if (response.getAssertions().size() != 1) {
            throw new SAMLException("Response should have a single assertion.");
        }
        Assertion assertion = (Assertion) response.getAssertions().get(0);
        Subject subject = assertion.getSubject();
        if (subject == null) {
            throw new SAMLException("No subject contained in the assertion.");
        }
        if (subject.getNameID() == null) {
            throw new SAMLException("No NameID found in the subject.");
        }
        String value = subject.getNameID().getValue();
        HashMap hashMap = new HashMap();
        Iterator it = assertion.getAttributeStatements().iterator();
        while (it.hasNext()) {
            for (Attribute attribute : ((AttributeStatement) it.next()).getAttributes()) {
                String name = attribute.getName();
                ArrayList arrayList = new ArrayList();
                Iterator it2 = attribute.getAttributeValues().iterator();
                while (it2.hasNext()) {
                    arrayList.add(((XMLObject) it2.next()).getDOM().getTextContent());
                }
                hashMap.put(name, arrayList);
            }
        }
        return new AttributeSet(value, hashMap);
    }

    public AttributeSet validateResponsePOST(String str) throws SAMLException {
        try {
            String str2 = new String(DatatypeConverter.parseBase64Binary(str), "UTF-8");
            if (LOG.isTraceEnabled()) {
                LOG.trace(str2);
            }
            Response parseResponse = parseResponse(str2);
            try {
                validatePOST(parseResponse);
                return getAttributeSet(parseResponse);
            } catch (ValidationException e) {
                throw new SAMLException((Throwable) e);
            }
        } catch (UnsupportedEncodingException e2) {
            throw new SAMLException("UTF-8 is missing, oh well.", e2);
        }
    }

    private DocumentBuilder createDocumentBuilder(boolean z, boolean z2) throws ParserConfigurationException {
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setFeature("http://javax.xml.XMLConstants/feature/secure-processing", Boolean.TRUE.booleanValue());
        if (z2) {
            newInstance.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
        }
        newInstance.setValidating(z);
        newInstance.setNamespaceAware(true);
        return newInstance.newDocumentBuilder();
    }

    private Element[] selectNodes(Node node, String str, String str2) {
        ArrayList arrayList = new ArrayList();
        Node node2 = node;
        while (true) {
            Node node3 = node2;
            if (node3 == null) {
                return (Element[]) arrayList.toArray(new Element[arrayList.size()]);
            }
            if (node3.getNamespaceURI() != null && node3.getNamespaceURI().equals(str) && node3.getLocalName().equals(str2)) {
                arrayList.add((Element) node3);
            }
            node2 = node3.getNextSibling();
        }
    }

    private void initMap() {
        Node item;
        if (this.map.isEmpty()) {
            InputStream resourceAsStream = Init.class.getResourceAsStream("resource/config.xml");
            if (resourceAsStream == null) {
                LOG.error("cannot read resource/config.xml");
                return;
            }
            try {
                Node firstChild = createDocumentBuilder(false, true).parse(resourceAsStream).getFirstChild();
                while (firstChild != null && !"Configuration".equals(firstChild.getLocalName())) {
                    firstChild = firstChild.getNextSibling();
                }
                if (firstChild == null) {
                    LOG.error("Error in reading configuration file - Configuration element not found");
                    return;
                }
                for (Node firstChild2 = firstChild.getFirstChild(); firstChild2 != null; firstChild2 = firstChild2.getNextSibling()) {
                    if (1 == firstChild2.getNodeType() && "JCEAlgorithmMappings".equals(firstChild2.getLocalName()) && (item = ((Element) firstChild2).getElementsByTagName("Algorithms").item(0)) != null) {
                        for (Element element : selectNodes(item.getFirstChild(), "http://www.xmlsecurity.org/NS/#configuration", "Algorithm")) {
                            if (SAML_SIGNATURE.equals(element.getAttributeNS(null, "AlgorithmClass"))) {
                                String attributeNS = element.getAttributeNS(null, "URI");
                                String attributeNS2 = element.getAttributeNS(null, "JCEName");
                                this.map.put(attributeNS2, attributeNS);
                                if (LOG.isDebugEnabled()) {
                                    LOG.debug(String.format("Mapping %s - %s", attributeNS2, attributeNS));
                                }
                            }
                        }
                    }
                }
            } catch (IOException | ParserConfigurationException | DOMException | SAXException e) {
                LOG.error(e.getMessage(), e);
            }
        }
    }

    private String getAlgorithmURIFromID(String str) {
        initMap();
        return this.map.containsKey(str) ? this.map.get(str) : str;
    }

    private String getRawQueryStringParameter(String str, String str2) {
        String str3;
        int indexOf;
        if (str == null || (indexOf = str.indexOf((str3 = str2 + "="))) == -1) {
            return null;
        }
        int length = indexOf + str3.length();
        int indexOf2 = str.indexOf(38, length);
        return indexOf2 == -1 ? str.substring(length) : str.substring(length, indexOf2);
    }

    public AttributeSet validateResponseGET(String str) throws SAMLException {
        String rawQueryStringParameter = getRawQueryStringParameter(str, SAML_RESPONSE);
        if (rawQueryStringParameter == null) {
            throw new SAMLException(String.format("%s cannot be null", SAML_RESPONSE));
        }
        String rawQueryStringParameter2 = getRawQueryStringParameter(str, SAML_SIGALG);
        if (rawQueryStringParameter2 == null) {
            throw new SAMLException(String.format("%s cannot be null", SAML_SIGALG));
        }
        String rawQueryStringParameter3 = getRawQueryStringParameter(str, SAML_SIGNATURE);
        if (rawQueryStringParameter3 == null) {
            throw new SAMLException(String.format("%s cannot be null", SAML_SIGNATURE));
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug(String.format("%s: %s", SAML_RESPONSE, rawQueryStringParameter));
            LOG.debug(String.format("%s: %s", SAML_SIGALG, rawQueryStringParameter2));
            LOG.debug(String.format("%s: %s", SAML_SIGNATURE, rawQueryStringParameter3));
        }
        try {
            StringBuilder sb = new StringBuilder();
            sb.append(String.format("%s=%s&", SAML_RESPONSE, rawQueryStringParameter));
            String rawQueryStringParameter4 = getRawQueryStringParameter(str, SAML_RELAYSTATE);
            if (rawQueryStringParameter4 != null) {
                sb.append(String.format("%s=%s&", SAML_RELAYSTATE, rawQueryStringParameter4));
            }
            sb.append(String.format("%s=%s", SAML_SIGALG, rawQueryStringParameter2));
            if (LOG.isDebugEnabled()) {
                LOG.debug(String.format("%s: %s", "verification", sb.toString()));
            }
            if (!SigningUtil.verifyWithURI(this.cred, getAlgorithmURIFromID(rawQueryStringParameter2), DatatypeConverter.parseBase64Binary(HTTPTransportUtils.urlDecode(rawQueryStringParameter3)), sb.toString().getBytes("UTF-8"))) {
                throw new SAMLException("!SigningUtil.verifyWithURI");
            }
            try {
                try {
                    String str2 = new String(inflate(DatatypeConverter.parseBase64Binary(HTTPTransportUtils.urlDecode(rawQueryStringParameter))), "UTF-8");
                    if (LOG.isTraceEnabled()) {
                        LOG.trace(str2);
                    }
                    Response parseResponse = parseResponse(str2);
                    try {
                        validate(parseResponse);
                        return getAttributeSet(parseResponse);
                    } catch (ValidationException e) {
                        throw new SAMLException((Throwable) e);
                    }
                } catch (UnsupportedEncodingException e2) {
                    throw new SAMLException("UTF-8 is missing, oh well.", e2);
                }
            } catch (IOException e3) {
                throw new SAMLException(e3);
            }
        } catch (UnsupportedEncodingException | SecurityException e4) {
            throw new SAMLException(e4);
        }
    }

    public void doSAMLRedirect(HttpServletResponse httpServletResponse, String str) throws SAMLException, MessageEncodingException {
        AuthnRequest createAuthnRequest = createAuthnRequest(SAMLUtils.generateRequestId());
        HttpServletResponseAdapter httpServletResponseAdapter = new HttpServletResponseAdapter(httpServletResponse, true);
        BasicSAMLMessageContext basicSAMLMessageContext = new BasicSAMLMessageContext();
        SingleSignOnService buildObject = new SingleSignOnServiceBuilder().buildObject();
        buildObject.setLocation(getIdPConfig().getLoginUrl());
        basicSAMLMessageContext.setPeerEntityEndpoint(buildObject);
        basicSAMLMessageContext.setOutboundSAMLMessage(createAuthnRequest);
        basicSAMLMessageContext.setOutboundSAMLMessageSigningCredential(createAuthnRequest.getSignature().getSigningCredential());
        basicSAMLMessageContext.setOutboundMessageTransport(httpServletResponseAdapter);
        basicSAMLMessageContext.setRelayState(str == null ? "/" : str);
        new HTTPRedirectDeflateEncoder().encode(basicSAMLMessageContext);
    }
}
