/**
   * Gets the signature algorithm URI to use.
   *
   * @param signingParameters the signing parameters to use
   * @return signature algorithm to use with the associated signing credential
   * @throws MessageEncodingException thrown if the algorithm URI is not supplied explicitly and
   *     could not be derived from the supplied credential
   */
  protected String getSignatureAlgorithmURI(SignatureSigningParameters signingParameters)
      throws MessageEncodingException {

    if (signingParameters.getSignatureAlgorithm() != null) {
      return signingParameters.getSignatureAlgorithm();
    }

    throw new MessageEncodingException("The signing algorithm URI could not be determined");
  }
  /**
   * Builds the URL to redirect the client to.
   *
   * @param messageContext current message context
   * @param endpoint endpoint URL to send encoded message to
   * @param message Deflated and Base64 encoded message
   * @return URL to redirect client to
   * @throws MessageEncodingException thrown if the SAML message is neither a RequestAbstractType or
   *     Response
   */
  protected String buildRedirectURL(
      MessageContext<SAMLObject> messageContext, String endpoint, String message)
      throws MessageEncodingException {
    log.debug("Building URL to redirect client to");

    URLBuilder urlBuilder = null;
    try {
      urlBuilder = new URLBuilder(endpoint);
    } catch (MalformedURLException e) {
      throw new MessageEncodingException("Endpoint URL " + endpoint + " is not a valid URL", e);
    }

    List<Pair<String, String>> queryParams = urlBuilder.getQueryParams();
    queryParams.clear();

    SAMLObject outboundMessage = messageContext.getMessage();

    if (outboundMessage instanceof RequestAbstractType) {
      queryParams.add(new Pair<String, String>("SAMLRequest", message));
    } else if (outboundMessage instanceof StatusResponseType) {
      queryParams.add(new Pair<String, String>("SAMLResponse", message));
    } else {
      throw new MessageEncodingException(
          "SAML message is neither a SAML RequestAbstractType or StatusResponseType");
    }

    String relayState = SAMLBindingSupport.getRelayState(messageContext);
    if (SAMLBindingSupport.checkRelayState(relayState)) {
      queryParams.add(new Pair<String, String>("RelayState", relayState));
    }

    SignatureSigningParameters signingParameters =
        SAMLMessageSecuritySupport.getContextSigningParameters(messageContext);
    if (signingParameters != null && signingParameters.getSigningCredential() != null) {
      String sigAlgURI = getSignatureAlgorithmURI(signingParameters);
      Pair<String, String> sigAlg = new Pair<String, String>("SigAlg", sigAlgURI);
      queryParams.add(sigAlg);
      String sigMaterial = urlBuilder.buildQueryString();

      queryParams.add(
          new Pair<String, String>(
              "Signature",
              generateSignature(signingParameters.getSigningCredential(), sigAlgURI, sigMaterial)));
    } else {
      log.debug("No signing credential was supplied, skipping HTTP-Redirect DEFLATE signing");
    }

    return urlBuilder.buildURL();
  }