package uk.gov.ida.saml.metadata;

import com.google.common.base.Throwables;
import com.google.inject.Inject;
import java.security.PublicKey;
import java.text.MessageFormat;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.inject.Named;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.Criterion;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
import org.opensaml.core.criterion.EntityIdCriterion;
import org.opensaml.saml.metadata.resolver.MetadataResolver;
import org.opensaml.saml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml.saml2.metadata.KeyDescriptor;
import org.opensaml.security.credential.UsageType;
import org.opensaml.xmlsec.signature.X509Certificate;
import uk.gov.ida.saml.core.InternalPublicKeyStore;
import uk.gov.ida.saml.metadata.exceptions.HubEntityMissingException;
import uk.gov.ida.saml.security.PublicKeyFactory;

@Deprecated
/* loaded from: input_file:uk/gov/ida/saml/metadata/HubMetadataPublicKeyStore.class */
public class HubMetadataPublicKeyStore implements InternalPublicKeyStore {
    private final MetadataResolver metadataResolver;
    private final PublicKeyFactory publicKeyFactory;
    private final String hubEntityId;

    @Inject
    public HubMetadataPublicKeyStore(MetadataResolver metadataResolver, PublicKeyFactory publicKeyFactory, @Named("HubEntityId") String str) {
        this.metadataResolver = metadataResolver;
        this.publicKeyFactory = publicKeyFactory;
        this.hubEntityId = str;
    }

    @Override // uk.gov.ida.saml.core.InternalPublicKeyStore
    public List<PublicKey> getVerifyingKeysForEntity() {
        try {
            return (List) Optional.ofNullable((EntityDescriptor) this.metadataResolver.resolveSingle(new CriteriaSet(new Criterion[]{new EntityIdCriterion(this.hubEntityId)}))).map(this::getPublicKeys).orElseThrow(hubMissingException());
        } catch (ResolverException e) {
            throw Throwables.propagate(e);
        }
    }

    private Supplier<HubEntityMissingException> hubMissingException() {
        return () -> {
            return new HubEntityMissingException(MessageFormat.format("The HUB entity-id: \"{0}\" could not be found in the metadata. Metadata could be expired, invalid, or missing entities", this.hubEntityId));
        };
    }

    private List<PublicKey> getPublicKeys(EntityDescriptor entityDescriptor) {
        Stream flatMap = entityDescriptor.getSPSSODescriptor("urn:oasis:names:tc:SAML:2.0:protocol").getKeyDescriptors().stream().filter(keyDescriptor -> {
            return keyDescriptor.getUse() == UsageType.SIGNING;
        }).flatMap(this::getCertificateFromKeyDescriptor);
        PublicKeyFactory publicKeyFactory = this.publicKeyFactory;
        Objects.requireNonNull(publicKeyFactory);
        return (List) flatMap.map(publicKeyFactory::create).collect(Collectors.toList());
    }

    private Stream<X509Certificate> getCertificateFromKeyDescriptor(KeyDescriptor keyDescriptor) {
        return keyDescriptor.getKeyInfo().getX509Datas().stream().flatMap(x509Data -> {
            return x509Data.getX509Certificates().stream();
        });
    }
}
