package uk.gov.ida.saml.metadata.bundle;

import com.google.inject.Module;
import io.dropwizard.Configuration;
import io.dropwizard.ConfiguredBundle;
import io.dropwizard.setup.Bootstrap;
import io.dropwizard.setup.Environment;
import java.util.Optional;
import javax.annotation.Nullable;
import javax.inject.Provider;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import org.opensaml.saml.metadata.resolver.MetadataResolver;
import org.opensaml.saml.security.impl.MetadataCredentialResolver;
import org.opensaml.xmlsec.signature.support.impl.ExplicitKeySignatureTrustEngine;
import uk.gov.ida.saml.metadata.MetadataHealthCheck;
import uk.gov.ida.saml.metadata.MetadataResolverConfiguration;
import uk.gov.ida.saml.metadata.exception.MetadataResolverCreationException;
import uk.gov.ida.saml.metadata.factories.CredentialResolverFactory;
import uk.gov.ida.saml.metadata.factories.DropwizardMetadataResolverFactory;
import uk.gov.ida.saml.metadata.factories.MetadataSignatureTrustEngineFactory;

/* loaded from: input_file:uk/gov/ida/saml/metadata/bundle/MetadataResolverBundle.class */
public class MetadataResolverBundle<T extends Configuration> implements ConfiguredBundle<T> {
    private final MetadataConfigurationExtractor<T> configExtractor;
    private MetadataResolver metadataResolver;
    private DropwizardMetadataResolverFactory dropwizardMetadataResolverFactory;
    private ExplicitKeySignatureTrustEngine signatureTrustEngine;
    private MetadataCredentialResolver credentialResolver;
    private final boolean validateSignatures;

    /* loaded from: input_file:uk/gov/ida/saml/metadata/bundle/MetadataResolverBundle$MetadataConfigurationExtractor.class */
    public interface MetadataConfigurationExtractor<T> {
        Optional<MetadataResolverConfiguration> getMetadataConfiguration(T t);
    }

    public MetadataResolverBundle(MetadataConfigurationExtractor<T> metadataConfigurationExtractor) {
        this(metadataConfigurationExtractor, true);
    }

    public MetadataResolverBundle(MetadataConfigurationExtractor<T> metadataConfigurationExtractor, boolean z) {
        this.dropwizardMetadataResolverFactory = new DropwizardMetadataResolverFactory();
        this.configExtractor = metadataConfigurationExtractor;
        this.validateSignatures = z;
    }

    public void run(T t, Environment environment) throws Exception {
        this.configExtractor.getMetadataConfiguration(t).ifPresent(metadataResolverConfiguration -> {
            this.metadataResolver = this.dropwizardMetadataResolverFactory.createMetadataResolver(environment, metadataResolverConfiguration, this.validateSignatures);
            try {
                this.signatureTrustEngine = new MetadataSignatureTrustEngineFactory().createSignatureTrustEngine(this.metadataResolver);
                this.credentialResolver = new CredentialResolverFactory().create(this.metadataResolver);
                environment.healthChecks().register(metadataResolverConfiguration.getUri().toString(), new MetadataHealthCheck(this.metadataResolver, metadataResolverConfiguration.getExpectedEntityId()));
            } catch (ComponentInitializationException e) {
                throw new MetadataResolverCreationException(metadataResolverConfiguration.getUri(), e.getMessage());
            }
        });
    }

    public void initialize(Bootstrap<?> bootstrap) {
    }

    @Nullable
    public MetadataResolver getMetadataResolver() {
        return this.metadataResolver;
    }

    public Provider<MetadataResolver> getMetadataResolverProvider() {
        return () -> {
            return this.metadataResolver;
        };
    }

    @Nullable
    public ExplicitKeySignatureTrustEngine getSignatureTrustEngine() {
        return this.signatureTrustEngine;
    }

    public Provider<ExplicitKeySignatureTrustEngine> getSignatureTrustEngineProvider() {
        return () -> {
            return this.signatureTrustEngine;
        };
    }

    @Nullable
    public MetadataCredentialResolver getMetadataCredentialResolver() {
        return this.credentialResolver;
    }

    public Provider<MetadataCredentialResolver> getMetadataCredentialResolverProvider() {
        return () -> {
            return this.credentialResolver;
        };
    }

    public Module getMetadataModule() {
        return binder -> {
            binder.bind(MetadataResolver.class).toProvider(getMetadataResolverProvider());
        };
    }
}
