package uk.gov.ida.saml.metadata.transformers;

import java.util.Iterator;
import java.util.List;
import java.util.function.Function;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml.saml2.metadata.IDPSSODescriptor;
import uk.gov.ida.common.shared.security.IdGenerator;
import uk.gov.ida.saml.core.OpenSamlXmlObjectFactory;
import uk.gov.ida.saml.metadata.domain.HubIdentityProviderMetadataDto;
import uk.gov.ida.saml.metadata.domain.SamlEndpointDto;

/* loaded from: input_file:uk/gov/ida/saml/metadata/transformers/HubIdentityProviderMetadataDtoToEntityDescriptorTransformer.class */
public class HubIdentityProviderMetadataDtoToEntityDescriptorTransformer implements Function<HubIdentityProviderMetadataDto, EntityDescriptor> {
    private final OpenSamlXmlObjectFactory openSamlXmlObjectFactory;
    private final KeyDescriptorsUnmarshaller keyDescriptorsUnmarshaller;
    private final IdGenerator idGenerator;

    public HubIdentityProviderMetadataDtoToEntityDescriptorTransformer(OpenSamlXmlObjectFactory openSamlXmlObjectFactory, KeyDescriptorsUnmarshaller keyDescriptorsUnmarshaller, IdGenerator idGenerator) {
        this.openSamlXmlObjectFactory = openSamlXmlObjectFactory;
        this.keyDescriptorsUnmarshaller = keyDescriptorsUnmarshaller;
        this.idGenerator = idGenerator;
    }

    @Override // java.util.function.Function
    public EntityDescriptor apply(HubIdentityProviderMetadataDto hubIdentityProviderMetadataDto) {
        EntityDescriptor doTransform = doTransform(hubIdentityProviderMetadataDto);
        List keyDescriptors = doTransform.getIDPSSODescriptor("urn:oasis:names:tc:SAML:2.0:protocol").getKeyDescriptors();
        keyDescriptors.addAll(getKeyDescriptorsUnmarshaller().fromCertificates(hubIdentityProviderMetadataDto.getIdpSigningCertificates()));
        keyDescriptors.addAll(getKeyDescriptorsUnmarshaller().fromCertificates(hubIdentityProviderMetadataDto.getEncryptionCertificates()));
        return doTransform;
    }

    public EntityDescriptor doTransform(HubIdentityProviderMetadataDto hubIdentityProviderMetadataDto) {
        EntityDescriptor createEntityDescriptor = this.openSamlXmlObjectFactory.createEntityDescriptor();
        createEntityDescriptor.setID(this.idGenerator.getId());
        createEntityDescriptor.setEntityID(hubIdentityProviderMetadataDto.getEntityId());
        createEntityDescriptor.setValidUntil(hubIdentityProviderMetadataDto.getValidUntil());
        IDPSSODescriptor createIDPSSODescriptor = this.openSamlXmlObjectFactory.createIDPSSODescriptor();
        createIDPSSODescriptor.addSupportedProtocol("urn:oasis:names:tc:SAML:2.0:protocol");
        transformSingleSignOnServiceEndpoints(createIDPSSODescriptor, hubIdentityProviderMetadataDto);
        createIDPSSODescriptor.getKeyDescriptors().addAll(this.keyDescriptorsUnmarshaller.fromCertificates(List.copyOf(hubIdentityProviderMetadataDto.getSigningCertificates())));
        createEntityDescriptor.getRoleDescriptors().add(createIDPSSODescriptor);
        return createEntityDescriptor;
    }

    private void transformSingleSignOnServiceEndpoints(IDPSSODescriptor iDPSSODescriptor, HubIdentityProviderMetadataDto hubIdentityProviderMetadataDto) {
        Iterator<SamlEndpointDto> it = hubIdentityProviderMetadataDto.getSingleSignOnEndpoints().iterator();
        while (it.hasNext()) {
            iDPSSODescriptor.getSingleSignOnServices().add(this.openSamlXmlObjectFactory.createSingleSignOnService("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", it.next().getLocation().toASCIIString()));
        }
    }

    protected KeyDescriptorsUnmarshaller getKeyDescriptorsUnmarshaller() {
        return this.keyDescriptorsUnmarshaller;
    }
}
