package edu.internet2.middleware.shibboleth.idp.profile;

import edu.internet2.middleware.shibboleth.common.attribute.BaseAttribute;
import edu.internet2.middleware.shibboleth.common.attribute.encoding.AttributeEncoder;
import edu.internet2.middleware.shibboleth.common.attribute.encoding.SAMLNameIdentifierEncoder;
import edu.internet2.middleware.shibboleth.common.log.AuditLogEntry;
import edu.internet2.middleware.shibboleth.common.profile.ProfileException;
import edu.internet2.middleware.shibboleth.common.profile.provider.AbstractShibbolethProfileHandler;
import edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext;
import edu.internet2.middleware.shibboleth.common.relyingparty.RelyingPartyConfiguration;
import edu.internet2.middleware.shibboleth.common.relyingparty.RelyingPartySecurityPolicyResolver;
import edu.internet2.middleware.shibboleth.common.relyingparty.provider.AbstractSAMLProfileConfiguration;
import edu.internet2.middleware.shibboleth.common.relyingparty.provider.SAMLMDRelyingPartyConfigurationManager;
import edu.internet2.middleware.shibboleth.idp.session.Session;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.opensaml.common.IdentifierGenerator;
import org.opensaml.common.binding.decoding.SAMLMessageDecoder;
import org.opensaml.common.binding.encoding.SAMLMessageEncoder;
import org.opensaml.saml2.metadata.AttributeAuthorityDescriptor;
import org.opensaml.saml2.metadata.AuthnAuthorityDescriptor;
import org.opensaml.saml2.metadata.Endpoint;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.NameIDFormat;
import org.opensaml.saml2.metadata.PDPDescriptor;
import org.opensaml.saml2.metadata.RoleDescriptor;
import org.opensaml.saml2.metadata.SSODescriptor;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.security.MetadataCredentialResolver;
import org.opensaml.security.MetadataCredentialResolverFactory;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.ws.security.SecurityPolicyResolver;
import org.opensaml.ws.transport.InTransport;
import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.util.DatatypeHelper;
import org.opensaml.xml.util.Pair;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:edu/internet2/middleware/shibboleth/idp/profile/AbstractSAMLProfileHandler.class */
public abstract class AbstractSAMLProfileHandler extends AbstractShibbolethProfileHandler<SAMLMDRelyingPartyConfigurationManager, Session> {
    private final Logger auditLog = LoggerFactory.getLogger("Shibboleth-Audit");
    private final Logger log = LoggerFactory.getLogger(AbstractSAMLProfileHandler.class);
    private IdentifierGenerator idGenerator;
    private Map<String, SAMLMessageDecoder> messageDecoders;
    private Map<String, SAMLMessageEncoder> messageEncoders;
    private String inboundBinding;
    private List<String> supportedOutboundBindings;
    private SecurityPolicyResolver securityPolicyResolver;
    private MetadataCredentialResolver metadataCredentialResolver;

    public SecurityPolicyResolver getSecurityPolicyResolver() {
        if (this.securityPolicyResolver == null) {
            setSecurityPolicyResolver(new RelyingPartySecurityPolicyResolver(getRelyingPartyConfigurationManager()));
        }
        return this.securityPolicyResolver;
    }

    public void setSecurityPolicyResolver(SecurityPolicyResolver securityPolicyResolver) {
        this.securityPolicyResolver = securityPolicyResolver;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Logger getAduitLog() {
        return this.auditLog;
    }

    public IdentifierGenerator getIdGenerator() {
        return this.idGenerator;
    }

    public String getInboundBinding() {
        return this.inboundBinding;
    }

    public Map<String, SAMLMessageDecoder> getMessageDecoders() {
        return this.messageDecoders;
    }

    public Map<String, SAMLMessageEncoder> getMessageEncoders() {
        return this.messageEncoders;
    }

    public MetadataProvider getMetadataProvider() {
        SAMLMDRelyingPartyConfigurationManager relyingPartyConfigurationManager = getRelyingPartyConfigurationManager();
        if (relyingPartyConfigurationManager != null) {
            return relyingPartyConfigurationManager.getMetadataProvider();
        }
        return null;
    }

    public MetadataCredentialResolver getMetadataCredentialResolver() {
        synchronized (this) {
            if (this.metadataCredentialResolver == null) {
                this.metadataCredentialResolver = (MetadataCredentialResolver) MetadataCredentialResolverFactory.getFactory().getInstance(getMetadataProvider());
            }
        }
        return this.metadataCredentialResolver;
    }

    public List<String> getSupportedOutboundBindings() {
        return this.supportedOutboundBindings;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Session getUserSession(InTransport inTransport) {
        return (Session) ((HttpServletRequestAdapter) inTransport).getWrappedRequest().getAttribute(Session.HTTP_SESSION_BINDING_ATTRIBUTE);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Session getUserSession(String str) {
        return (Session) getSessionManager().getSession(str);
    }

    public void setIdGenerator(IdentifierGenerator identifierGenerator) {
        this.idGenerator = identifierGenerator;
    }

    public void setInboundBinding(String str) {
        this.inboundBinding = str;
    }

    public void setMessageDecoders(Map<String, SAMLMessageDecoder> map) {
        this.messageDecoders = map;
    }

    public void setMessageEncoders(Map<String, SAMLMessageEncoder> map) {
        this.messageEncoders = map;
    }

    public void setSupportedOutboundBindings(List<String> list) {
        this.supportedOutboundBindings = list;
    }

    public RelyingPartyConfiguration getRelyingPartyConfiguration(String str) {
        try {
            if (getMetadataProvider().getEntityDescriptor(str) != null) {
                return super.getRelyingPartyConfiguration(str);
            }
            this.log.warn("No metadata for relying party {}, treating party as anonymous", str);
            return getRelyingPartyConfigurationManager().getAnonymousRelyingConfiguration();
        } catch (MetadataProviderException e) {
            this.log.error("Unable to look up relying party metadata", e);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void populateRequestContext(BaseSAMLProfileRequestContext baseSAMLProfileRequestContext) throws ProfileException {
        populateRelyingPartyInformation(baseSAMLProfileRequestContext);
        populateAssertingPartyInformation(baseSAMLProfileRequestContext);
        populateSAMLMessageInformation(baseSAMLProfileRequestContext);
        populateProfileInformation(baseSAMLProfileRequestContext);
        populateUserInformation(baseSAMLProfileRequestContext);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void populateRelyingPartyInformation(BaseSAMLProfileRequestContext baseSAMLProfileRequestContext) throws ProfileException {
        MetadataProvider metadataProvider = baseSAMLProfileRequestContext.getMetadataProvider();
        String inboundMessageIssuer = baseSAMLProfileRequestContext.getInboundMessageIssuer();
        baseSAMLProfileRequestContext.setPeerEntityId(inboundMessageIssuer);
        try {
            baseSAMLProfileRequestContext.setPeerEntityMetadata(metadataProvider.getEntityDescriptor(inboundMessageIssuer));
            RelyingPartyConfiguration relyingPartyConfiguration = getRelyingPartyConfiguration(inboundMessageIssuer);
            if (relyingPartyConfiguration == null) {
                this.log.error("Unable to retrieve relying party configuration data for entity with ID {}", inboundMessageIssuer);
                throw new ProfileException("Unable to retrieve relying party configuration data for entity with ID " + inboundMessageIssuer);
            }
            baseSAMLProfileRequestContext.setRelyingPartyConfiguration(relyingPartyConfiguration);
        } catch (MetadataProviderException e) {
            this.log.error("Error looking up metadata for relying party " + inboundMessageIssuer, e);
            throw new ProfileException("Error looking up metadata for relying party " + inboundMessageIssuer);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void populateAssertingPartyInformation(BaseSAMLProfileRequestContext baseSAMLProfileRequestContext) throws ProfileException {
        String providerId = baseSAMLProfileRequestContext.getRelyingPartyConfiguration().getProviderId();
        baseSAMLProfileRequestContext.setLocalEntityId(providerId);
        baseSAMLProfileRequestContext.setOutboundMessageIssuer(providerId);
        try {
            EntityDescriptor entityDescriptor = baseSAMLProfileRequestContext.getMetadataProvider().getEntityDescriptor(providerId);
            if (entityDescriptor != null) {
                baseSAMLProfileRequestContext.setLocalEntityMetadata(entityDescriptor);
            }
        } catch (MetadataProviderException e) {
            this.log.error("Error looking up metadata for asserting party " + providerId, e);
            throw new ProfileException("Error looking up metadata for asserting party " + providerId);
        }
    }

    protected abstract void populateSAMLMessageInformation(BaseSAMLProfileRequestContext baseSAMLProfileRequestContext) throws ProfileException;

    protected void populateProfileInformation(BaseSAMLProfileRequestContext baseSAMLProfileRequestContext) throws ProfileException {
        AbstractSAMLProfileConfiguration profileConfiguration = baseSAMLProfileRequestContext.getRelyingPartyConfiguration().getProfileConfiguration(getProfileId());
        if (profileConfiguration != null) {
            baseSAMLProfileRequestContext.setProfileConfiguration(profileConfiguration);
            baseSAMLProfileRequestContext.setOutboundMessageArtifactType(profileConfiguration.getOutboundArtifactType());
        }
        Endpoint selectEndpoint = selectEndpoint(baseSAMLProfileRequestContext);
        if (selectEndpoint == null) {
            this.log.error("No return endpoint available for relying party {}", baseSAMLProfileRequestContext.getInboundMessageIssuer());
            throw new ProfileException("No peer endpoint available to which to send SAML response");
        }
        baseSAMLProfileRequestContext.setPeerEntityEndpoint(selectEndpoint);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public <T extends SAMLNameIdentifierEncoder> Pair<BaseAttribute, T> selectNameIDAttributeAndEncoder(Class<T> cls, BaseSAMLProfileRequestContext baseSAMLProfileRequestContext) throws ProfileException {
        List emptyList = baseSAMLProfileRequestContext.getAttributes() == null ? Collections.emptyList() : new ArrayList(baseSAMLProfileRequestContext.getAttributes().values());
        filterNameIDAttributesByProtocol(emptyList, cls);
        String safeTrimOrNullString = DatatypeHelper.safeTrimOrNullString(getRequiredNameIDFormat(baseSAMLProfileRequestContext));
        if (safeTrimOrNullString != null) {
            this.log.debug("Attempting to select name identifier attribute for relying party '{}' that requires format '{}'", baseSAMLProfileRequestContext.getInboundMessageIssuer(), safeTrimOrNullString);
            filterNameIDAttributesByFormats(emptyList, Collections.singleton(safeTrimOrNullString));
            if (emptyList.isEmpty()) {
                String str = "No attribute of principal '" + baseSAMLProfileRequestContext.getPrincipalName() + "' can be encoded in to a NameIdentifier of required format '" + safeTrimOrNullString + "' for relying party '" + baseSAMLProfileRequestContext.getInboundMessageIssuer() + "'";
                this.log.warn(str);
                throw new ProfileException(str);
            }
        } else {
            filterNameIDAttributesByFormats(emptyList, getSupportedNameFormats(baseSAMLProfileRequestContext));
        }
        Pair<BaseAttribute, T> selectNameIDAttributeAndEncoder = selectNameIDAttributeAndEncoder(emptyList, cls, baseSAMLProfileRequestContext.getRelyingPartyConfiguration().getNameIdFormatPrecedence());
        if (selectNameIDAttributeAndEncoder != null) {
            this.log.debug("Name identifier for relying party '{}' will be built from attribute '{}'", baseSAMLProfileRequestContext.getInboundMessageIssuer(), ((BaseAttribute) selectNameIDAttributeAndEncoder.getFirst()).getId());
        } else {
            this.log.debug("No attributes for principal '{}' support encoding into a supported name identifier format for relying party '{}'", baseSAMLProfileRequestContext.getPrincipalName(), baseSAMLProfileRequestContext.getInboundMessageIssuer());
        }
        return selectNameIDAttributeAndEncoder;
    }

    protected <T extends SAMLNameIdentifierEncoder> void filterNameIDAttributesByProtocol(Collection<BaseAttribute<?>> collection, Class<T> cls) {
        if (collection.isEmpty()) {
            return;
        }
        this.log.debug("Filtering out potential name identifier attributes which can not be encoded by {}", cls.getName());
        Iterator<BaseAttribute<?>> it = collection.iterator();
        while (it.hasNext()) {
            BaseAttribute<?> next = it.next();
            Iterator it2 = next.getEncoders().iterator();
            while (true) {
                if (!it2.hasNext()) {
                    this.log.debug("Removing attribute {}, it can not be encoded via {}", next.getId(), cls.getName());
                    it.remove();
                    break;
                } else {
                    AttributeEncoder attributeEncoder = (AttributeEncoder) it2.next();
                    if (attributeEncoder != null && cls.isInstance(attributeEncoder)) {
                        this.log.debug("Retaining attribute {} which may be encoded to via {}", next.getId(), cls.getName());
                        break;
                    }
                }
            }
        }
    }

    protected void filterNameIDAttributesByFormats(Collection<BaseAttribute<?>> collection, Collection<String> collection2) {
        if (collection.isEmpty() || collection2 == null || collection2.isEmpty()) {
            return;
        }
        this.log.debug("Filtering out potential name identifier attributes which do not support one of the following formats: {}", collection2);
        Iterator<BaseAttribute<?>> it = collection.iterator();
        while (it.hasNext()) {
            BaseAttribute<?> next = it.next();
            Iterator it2 = next.getEncoders().iterator();
            while (true) {
                if (!it2.hasNext()) {
                    this.log.debug("Removing attribute {}, it can not be encoded in to a name identifier of an acceptable format", next.getId());
                    it.remove();
                    break;
                }
                SAMLNameIdentifierEncoder sAMLNameIdentifierEncoder = (AttributeEncoder) it2.next();
                if (sAMLNameIdentifierEncoder != null && (sAMLNameIdentifierEncoder instanceof SAMLNameIdentifierEncoder)) {
                    SAMLNameIdentifierEncoder sAMLNameIdentifierEncoder2 = sAMLNameIdentifierEncoder;
                    if (collection2.contains(sAMLNameIdentifierEncoder2.getNameFormat())) {
                        this.log.debug("Retaining attribute {} which may be encoded as a name identifier of format {}", next.getId(), sAMLNameIdentifierEncoder2.getNameFormat());
                        break;
                    }
                }
            }
        }
    }

    protected String getRequiredNameIDFormat(BaseSAMLProfileRequestContext baseSAMLProfileRequestContext) {
        return null;
    }

    protected List<String> getSupportedNameFormats(BaseSAMLProfileRequestContext baseSAMLProfileRequestContext) throws ProfileException {
        List<String> entitySupportedFormats;
        ArrayList arrayList = new ArrayList();
        RoleDescriptor peerEntityRoleMetadata = baseSAMLProfileRequestContext.getPeerEntityRoleMetadata();
        if (peerEntityRoleMetadata != null && (entitySupportedFormats = getEntitySupportedFormats(peerEntityRoleMetadata)) != null && !entitySupportedFormats.isEmpty()) {
            arrayList.addAll(entitySupportedFormats);
        }
        if (arrayList.contains("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified")) {
            arrayList.clear();
        }
        return arrayList;
    }

    protected List<String> getEntitySupportedFormats(RoleDescriptor roleDescriptor) {
        List list = null;
        if (roleDescriptor instanceof SSODescriptor) {
            list = ((SSODescriptor) roleDescriptor).getNameIDFormats();
        } else if (roleDescriptor instanceof AuthnAuthorityDescriptor) {
            list = ((AuthnAuthorityDescriptor) roleDescriptor).getNameIDFormats();
        } else if (roleDescriptor instanceof PDPDescriptor) {
            list = ((PDPDescriptor) roleDescriptor).getNameIDFormats();
        } else if (roleDescriptor instanceof AttributeAuthorityDescriptor) {
            list = ((AttributeAuthorityDescriptor) roleDescriptor).getNameIDFormats();
        }
        ArrayList arrayList = new ArrayList();
        if (list != null) {
            Iterator it = list.iterator();
            while (it.hasNext()) {
                arrayList.add(((NameIDFormat) it.next()).getFormat());
            }
        }
        return arrayList;
    }

    protected <T extends SAMLNameIdentifierEncoder> Pair<BaseAttribute, T> selectNameIDAttributeAndEncoder(Collection<BaseAttribute<?>> collection, Class<T> cls, String[] strArr) {
        if (collection.isEmpty()) {
            return null;
        }
        this.log.debug("Selecting attribute to be encoded as a name identifier by encoder of type {}", cls.getName());
        if (strArr != null) {
            this.log.debug("Attempting to select name identifier with highest precedence");
            for (String str : strArr) {
                for (BaseAttribute<?> baseAttribute : collection) {
                    for (SAMLNameIdentifierEncoder sAMLNameIdentifierEncoder : baseAttribute.getEncoders()) {
                        if (sAMLNameIdentifierEncoder != null && cls.isInstance(sAMLNameIdentifierEncoder)) {
                            SAMLNameIdentifierEncoder sAMLNameIdentifierEncoder2 = sAMLNameIdentifierEncoder;
                            if (DatatypeHelper.safeEquals(str, sAMLNameIdentifierEncoder2.getNameFormat())) {
                                return new Pair<>(baseAttribute, sAMLNameIdentifierEncoder2);
                            }
                        }
                    }
                }
                this.log.debug("No attribute can be encoded as a name identifier with format {}", str);
            }
            this.log.debug("No attribute can be encoded in to a name identifer with a format given in the precdence list.");
        }
        this.log.debug("Selecting the first attribute that can be encoded in to a name identifier");
        BaseAttribute<?> next = collection.iterator().next();
        for (SAMLNameIdentifierEncoder sAMLNameIdentifierEncoder3 : next.getEncoders()) {
            if (sAMLNameIdentifierEncoder3 != null && cls.isInstance(sAMLNameIdentifierEncoder3)) {
                return new Pair<>(next, sAMLNameIdentifierEncoder3);
            }
        }
        return null;
    }

    protected abstract void populateUserInformation(BaseSAMLProfileRequestContext baseSAMLProfileRequestContext) throws ProfileException;

    protected abstract Endpoint selectEndpoint(BaseSAMLProfileRequestContext baseSAMLProfileRequestContext) throws ProfileException;

    /* JADX INFO: Access modifiers changed from: protected */
    public void encodeResponse(BaseSAMLProfileRequestContext baseSAMLProfileRequestContext) throws ProfileException {
        try {
            SAMLMessageEncoder outboundMessageEncoder = getOutboundMessageEncoder(baseSAMLProfileRequestContext);
            AbstractSAMLProfileConfiguration profileConfiguration = baseSAMLProfileRequestContext.getProfileConfiguration();
            if (profileConfiguration != null && isSignResponse(baseSAMLProfileRequestContext)) {
                Credential signingCredential = profileConfiguration.getSigningCredential();
                if (signingCredential == null) {
                    signingCredential = baseSAMLProfileRequestContext.getRelyingPartyConfiguration().getDefaultSigningCredential();
                }
                if (signingCredential == null) {
                    throw new ProfileException("Signing of responses is required but no signing credential is available");
                }
                if (signingCredential.getPrivateKey() == null) {
                    throw new ProfileException("Signing of response is required but signing credential does not have a private key");
                }
                baseSAMLProfileRequestContext.setOutboundSAMLMessageSigningCredential(signingCredential);
            }
            this.log.debug("Encoding response to SAML request {} from relying party {}", baseSAMLProfileRequestContext.getInboundSAMLMessageId(), baseSAMLProfileRequestContext.getInboundMessageIssuer());
            baseSAMLProfileRequestContext.setMessageEncoder(outboundMessageEncoder);
            outboundMessageEncoder.encode(baseSAMLProfileRequestContext);
        } catch (MessageEncodingException e) {
            throw new ProfileException("Unable to encode response to relying party: " + baseSAMLProfileRequestContext.getInboundMessageIssuer(), e);
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:11:0x002d, code lost:
    
        if (r0.providesMessageIntegrity(r5) == false) goto L10;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    protected boolean isSignResponse(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext r5) throws edu.internet2.middleware.shibboleth.common.profile.ProfileException {
        /*
            r4 = this;
            r0 = r4
            r1 = r5
            org.opensaml.common.binding.encoding.SAMLMessageEncoder r0 = r0.getOutboundMessageEncoder(r1)
            r6 = r0
            r0 = r5
            edu.internet2.middleware.shibboleth.common.relyingparty.ProfileConfiguration r0 = r0.getProfileConfiguration()
            edu.internet2.middleware.shibboleth.common.relyingparty.provider.AbstractSAMLProfileConfiguration r0 = (edu.internet2.middleware.shibboleth.common.relyingparty.provider.AbstractSAMLProfileConfiguration) r0
            r7 = r0
            r0 = r7
            if (r0 == 0) goto L53
            r0 = r7
            edu.internet2.middleware.shibboleth.common.relyingparty.provider.CryptoOperationRequirementLevel r0 = r0.getSignResponses()     // Catch: org.opensaml.ws.message.encoder.MessageEncodingException -> L36
            edu.internet2.middleware.shibboleth.common.relyingparty.provider.CryptoOperationRequirementLevel r1 = edu.internet2.middleware.shibboleth.common.relyingparty.provider.CryptoOperationRequirementLevel.always     // Catch: org.opensaml.ws.message.encoder.MessageEncodingException -> L36
            if (r0 == r1) goto L30
            r0 = r7
            edu.internet2.middleware.shibboleth.common.relyingparty.provider.CryptoOperationRequirementLevel r0 = r0.getSignResponses()     // Catch: org.opensaml.ws.message.encoder.MessageEncodingException -> L36
            edu.internet2.middleware.shibboleth.common.relyingparty.provider.CryptoOperationRequirementLevel r1 = edu.internet2.middleware.shibboleth.common.relyingparty.provider.CryptoOperationRequirementLevel.conditional     // Catch: org.opensaml.ws.message.encoder.MessageEncodingException -> L36
            if (r0 != r1) goto L34
            r0 = r6
            r1 = r5
            boolean r0 = r0.providesMessageIntegrity(r1)     // Catch: org.opensaml.ws.message.encoder.MessageEncodingException -> L36
            if (r0 != 0) goto L34
        L30:
            r0 = 1
            goto L35
        L34:
            r0 = 0
        L35:
            return r0
        L36:
            r8 = move-exception
            r0 = r4
            org.slf4j.Logger r0 = r0.log
            java.lang.String r1 = "Unable to determine if outbound encoding '{}' provides message integrity protection"
            r2 = r6
            java.lang.String r2 = r2.getBindingURI()
            r0.error(r1, r2)
            edu.internet2.middleware.shibboleth.common.profile.ProfileException r0 = new edu.internet2.middleware.shibboleth.common.profile.ProfileException
            r1 = r0
            java.lang.String r2 = "Unable to determine if outbound response should be signed"
            r1.<init>(r2)
            throw r0
        L53:
            r0 = 0
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler.isSignResponse(edu.internet2.middleware.shibboleth.common.profile.provider.BaseSAMLProfileRequestContext):boolean");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SAMLMessageEncoder getOutboundMessageEncoder(BaseSAMLProfileRequestContext baseSAMLProfileRequestContext) throws ProfileException {
        SAMLMessageEncoder sAMLMessageEncoder = null;
        Endpoint peerEntityEndpoint = baseSAMLProfileRequestContext.getPeerEntityEndpoint();
        if (peerEntityEndpoint == null) {
            this.log.warn("No peer endpoint available for peer. Unable to send response.");
            throw new ProfileException("No peer endpoint available for peer. Unable to send response.");
        }
        if (peerEntityEndpoint != null) {
            sAMLMessageEncoder = getMessageEncoders().get(peerEntityEndpoint.getBinding());
            if (sAMLMessageEncoder == null) {
                this.log.error("No outbound message encoder configured for binding: {}", baseSAMLProfileRequestContext.getPeerEntityEndpoint().getBinding());
                throw new ProfileException("No outbound message encoder configured for binding: " + baseSAMLProfileRequestContext.getPeerEntityEndpoint().getBinding());
            }
        }
        return sAMLMessageEncoder;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SAMLMessageDecoder getInboundMessageDecoder(BaseSAMLProfileRequestContext baseSAMLProfileRequestContext) throws ProfileException {
        SAMLMessageDecoder sAMLMessageDecoder = getMessageDecoders().get(getInboundBinding());
        if (sAMLMessageDecoder != null) {
            return sAMLMessageDecoder;
        }
        this.log.error("No inbound message decoder configured for binding: {}", getInboundBinding());
        throw new ProfileException("No inbound message decoder configured for binding: " + getInboundBinding());
    }

    protected void writeAuditLogEntry(BaseSAMLProfileRequestContext baseSAMLProfileRequestContext) {
        AuditLogEntry auditLogEntry = new AuditLogEntry();
        auditLogEntry.setMessageProfile(getProfileId());
        auditLogEntry.setPrincipalAuthenticationMethod(baseSAMLProfileRequestContext.getPrincipalAuthenticationMethod());
        auditLogEntry.setPrincipalName(baseSAMLProfileRequestContext.getPrincipalName());
        auditLogEntry.setAssertingPartyId(baseSAMLProfileRequestContext.getLocalEntityId());
        auditLogEntry.setRelyingPartyId(baseSAMLProfileRequestContext.getInboundMessageIssuer());
        auditLogEntry.setRequestBinding(baseSAMLProfileRequestContext.getMessageDecoder().getBindingURI());
        auditLogEntry.setRequestId(baseSAMLProfileRequestContext.getInboundSAMLMessageId());
        auditLogEntry.setResponseBinding(baseSAMLProfileRequestContext.getMessageEncoder().getBindingURI());
        auditLogEntry.setResponseId(baseSAMLProfileRequestContext.getOutboundSAMLMessageId());
        if (baseSAMLProfileRequestContext.getReleasedAttributes() != null) {
            auditLogEntry.getReleasedAttributes().addAll(baseSAMLProfileRequestContext.getReleasedAttributes());
        }
        getAduitLog().info(auditLogEntry.toString());
    }
}
