package uk.gov.ida.saml.hub.api;

import java.net.URI;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import java.util.function.Function;
import java.util.stream.Collectors;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.EncryptedAssertion;
import org.opensaml.saml.saml2.core.RequestAbstractType;
import org.opensaml.saml.saml2.core.Response;
import org.opensaml.security.credential.Credential;
import org.opensaml.xmlsec.algorithm.DigestAlgorithm;
import org.opensaml.xmlsec.algorithm.SignatureAlgorithm;
import org.w3c.dom.Element;
import uk.gov.ida.common.shared.security.IdGenerator;
import uk.gov.ida.saml.core.OpenSamlXmlObjectFactory;
import uk.gov.ida.saml.core.api.CoreTransformersFactory;
import uk.gov.ida.saml.core.domain.OutboundResponseFromHub;
import uk.gov.ida.saml.core.domain.SamlAttributeQueryAssertionEncrypter;
import uk.gov.ida.saml.core.security.AssertionsDecrypters;
import uk.gov.ida.saml.core.transformers.AuthnContextFactory;
import uk.gov.ida.saml.core.transformers.outbound.OutboundAssertionToSubjectTransformer;
import uk.gov.ida.saml.core.transformers.outbound.decorators.ResponseAssertionSigner;
import uk.gov.ida.saml.core.transformers.outbound.decorators.SamlSignatureSigner;
import uk.gov.ida.saml.core.validation.assertion.AssertionAttributeStatementValidator;
import uk.gov.ida.saml.core.validation.assertion.AssertionValidator;
import uk.gov.ida.saml.core.validation.assertion.IdentityProviderAssertionValidator;
import uk.gov.ida.saml.core.validation.subjectconfirmation.AssertionSubjectConfirmationValidator;
import uk.gov.ida.saml.core.validation.subjectconfirmation.BasicAssertionSubjectConfirmationValidator;
import uk.gov.ida.saml.core.validators.DestinationValidator;
import uk.gov.ida.saml.core.validators.assertion.AuthnStatementAssertionValidator;
import uk.gov.ida.saml.core.validators.assertion.DuplicateAssertionValidatorImpl;
import uk.gov.ida.saml.core.validators.assertion.IPAddressValidator;
import uk.gov.ida.saml.core.validators.assertion.MatchingDatasetAssertionValidator;
import uk.gov.ida.saml.core.validators.subject.AssertionSubjectValidator;
import uk.gov.ida.saml.deserializers.StringToOpenSamlObjectTransformer;
import uk.gov.ida.saml.hub.configuration.SamlAuthnRequestValidityDurationConfiguration;
import uk.gov.ida.saml.hub.configuration.SamlDuplicateRequestValidationConfiguration;
import uk.gov.ida.saml.hub.domain.AuthnRequestFromRelyingParty;
import uk.gov.ida.saml.hub.domain.Endpoints;
import uk.gov.ida.saml.hub.domain.HubAttributeQueryRequest;
import uk.gov.ida.saml.hub.domain.IdaAuthnRequestFromHub;
import uk.gov.ida.saml.hub.domain.InboundResponseFromIdp;
import uk.gov.ida.saml.hub.domain.MatchingServiceHealthCheckRequest;
import uk.gov.ida.saml.hub.factories.AttributeFactory_1_1;
import uk.gov.ida.saml.hub.factories.AttributeQueryAttributeFactory;
import uk.gov.ida.saml.hub.transformers.inbound.AuthnRequestFromRelyingPartyUnmarshaller;
import uk.gov.ida.saml.hub.transformers.inbound.AuthnRequestToIdaRequestFromRelyingPartyTransformer;
import uk.gov.ida.saml.hub.transformers.inbound.IdaResponseFromIdpUnmarshaller;
import uk.gov.ida.saml.hub.transformers.inbound.IdpIdaStatusUnmarshaller;
import uk.gov.ida.saml.hub.transformers.inbound.InboundHealthCheckResponseFromMatchingServiceUnmarshaller;
import uk.gov.ida.saml.hub.transformers.inbound.InboundResponseFromMatchingServiceUnmarshaller;
import uk.gov.ida.saml.hub.transformers.inbound.MatchingServiceIdaStatusUnmarshaller;
import uk.gov.ida.saml.hub.transformers.inbound.PassthroughAssertionUnmarshaller;
import uk.gov.ida.saml.hub.transformers.inbound.SamlStatusToIdaStatusCodeMapper;
import uk.gov.ida.saml.hub.transformers.inbound.decorators.AuthnRequestSizeValidator;
import uk.gov.ida.saml.hub.transformers.inbound.providers.DecoratedSamlResponseToIdaResponseIssuedByIdpTransformer;
import uk.gov.ida.saml.hub.transformers.inbound.providers.DecoratedSamlResponseToInboundHealthCheckResponseFromMatchingServiceTransformer;
import uk.gov.ida.saml.hub.transformers.inbound.providers.DecoratedSamlResponseToInboundResponseFromMatchingServiceTransformer;
import uk.gov.ida.saml.hub.transformers.outbound.AssertionFromIdpToAssertionTransformer;
import uk.gov.ida.saml.hub.transformers.outbound.AttributeQueryToElementTransformer;
import uk.gov.ida.saml.hub.transformers.outbound.EncryptedAssertionUnmarshaller;
import uk.gov.ida.saml.hub.transformers.outbound.HubAssertionMarshaller;
import uk.gov.ida.saml.hub.transformers.outbound.HubAttributeQueryRequestToSamlAttributeQueryTransformer;
import uk.gov.ida.saml.hub.transformers.outbound.IdaAuthnRequestFromHubToAuthnRequestTransformer;
import uk.gov.ida.saml.hub.transformers.outbound.MatchingServiceHealthCheckRequestToSamlAttributeQueryTransformer;
import uk.gov.ida.saml.hub.transformers.outbound.OutboundResponseFromHubToSamlResponseTransformer;
import uk.gov.ida.saml.hub.transformers.outbound.RequestAbstractTypeToStringTransformer;
import uk.gov.ida.saml.hub.transformers.outbound.SamlAttributeQueryAssertionSignatureSigner;
import uk.gov.ida.saml.hub.transformers.outbound.SamlProfileTransactionIdaStatusMarshaller;
import uk.gov.ida.saml.hub.transformers.outbound.SigningRequestAbstractTypeSignatureCreator;
import uk.gov.ida.saml.hub.transformers.outbound.TransactionIdaStatusMarshaller;
import uk.gov.ida.saml.hub.transformers.outbound.decorators.NoOpSamlAttributeQueryAssertionEncrypter;
import uk.gov.ida.saml.hub.validators.StringSizeValidator;
import uk.gov.ida.saml.hub.validators.authnrequest.AuthnRequestFromTransactionValidator;
import uk.gov.ida.saml.hub.validators.authnrequest.AuthnRequestIssueInstantValidator;
import uk.gov.ida.saml.hub.validators.authnrequest.DuplicateAuthnRequestValidator;
import uk.gov.ida.saml.hub.validators.authnrequest.IdExpirationCache;
import uk.gov.ida.saml.hub.validators.response.common.AssertionSizeValidator;
import uk.gov.ida.saml.hub.validators.response.common.ResponseSizeValidator;
import uk.gov.ida.saml.hub.validators.response.idp.IdpResponseValidator;
import uk.gov.ida.saml.hub.validators.response.idp.components.EncryptedResponseFromIdpValidator;
import uk.gov.ida.saml.hub.validators.response.idp.components.ResponseAssertionsFromIdpValidator;
import uk.gov.ida.saml.hub.validators.response.matchingservice.EncryptedResponseFromMatchingServiceValidator;
import uk.gov.ida.saml.hub.validators.response.matchingservice.HealthCheckResponseFromMatchingServiceValidator;
import uk.gov.ida.saml.hub.validators.response.matchingservice.MatchingServiceResponseValidator;
import uk.gov.ida.saml.hub.validators.response.matchingservice.ResponseAssertionsFromMatchingServiceValidator;
import uk.gov.ida.saml.metadata.domain.HubIdentityProviderMetadataDto;
import uk.gov.ida.saml.metadata.transformers.HubIdentityProviderMetadataDtoToEntityDescriptorTransformer;
import uk.gov.ida.saml.security.AssertionDecrypter;
import uk.gov.ida.saml.security.DecrypterFactory;
import uk.gov.ida.saml.security.EncrypterFactory;
import uk.gov.ida.saml.security.EncryptionKeyStore;
import uk.gov.ida.saml.security.EntityToEncryptForLocator;
import uk.gov.ida.saml.security.IdaKeyStore;
import uk.gov.ida.saml.security.IdaKeyStoreCredentialRetriever;
import uk.gov.ida.saml.security.KeyStoreBackedEncryptionCredentialResolver;
import uk.gov.ida.saml.security.SamlAssertionsSignatureValidator;
import uk.gov.ida.saml.security.SamlMessageSignatureValidator;
import uk.gov.ida.saml.security.SignatureFactory;
import uk.gov.ida.saml.security.SignatureValidator;
import uk.gov.ida.saml.security.SigningCredentialFactory;
import uk.gov.ida.saml.security.SigningKeyStore;
import uk.gov.ida.saml.security.validators.encryptedelementtype.EncryptionAlgorithmValidator;
import uk.gov.ida.saml.security.validators.issuer.IssuerValidator;
import uk.gov.ida.saml.security.validators.signature.SamlResponseSignatureValidator;
import uk.gov.ida.saml.serializers.XmlObjectToBase64EncodedStringTransformer;
import uk.gov.ida.saml.serializers.XmlObjectToElementTransformer;

/* loaded from: input_file:uk/gov/ida/saml/hub/api/HubTransformersFactory.class */
public class HubTransformersFactory {
    private final CoreTransformersFactory coreTransformersFactory = new CoreTransformersFactory();
    private final DecrypterFactory decrypterFactory = new DecrypterFactory();
    private final EncryptionAlgorithmValidator encryptionAlgorithmValidator = new EncryptionAlgorithmValidator();

    public Function<OutboundResponseFromHub, String> getOutboundResponseFromHubToStringTransformer(EncryptionKeyStore encryptionKeyStore, IdaKeyStore idaKeyStore, EntityToEncryptForLocator entityToEncryptForLocator, SignatureAlgorithm signatureAlgorithm, DigestAlgorithm digestAlgorithm) {
        return this.coreTransformersFactory.getResponseStringTransformer(encryptionKeyStore, idaKeyStore, entityToEncryptForLocator, signatureAlgorithm, digestAlgorithm).compose(getOutboundResponseFromHubToSamlResponseTransformer());
    }

    public Function<OutboundResponseFromHub, String> getOutboundResponseFromHubToStringTransformer(EncryptionKeyStore encryptionKeyStore, IdaKeyStore idaKeyStore, EntityToEncryptForLocator entityToEncryptForLocator, ResponseAssertionSigner responseAssertionSigner, SignatureAlgorithm signatureAlgorithm, DigestAlgorithm digestAlgorithm) {
        return this.coreTransformersFactory.getResponseStringTransformer(encryptionKeyStore, idaKeyStore, entityToEncryptForLocator, responseAssertionSigner, signatureAlgorithm, digestAlgorithm).compose(getOutboundResponseFromHubToSamlResponseTransformer());
    }

    public Function<OutboundResponseFromHub, String> getSamlProfileOutboundResponseFromHubToStringTransformer(EncryptionKeyStore encryptionKeyStore, IdaKeyStore idaKeyStore, EntityToEncryptForLocator entityToEncryptForLocator, ResponseAssertionSigner responseAssertionSigner, SignatureAlgorithm signatureAlgorithm, DigestAlgorithm digestAlgorithm) {
        return this.coreTransformersFactory.getResponseStringTransformer(encryptionKeyStore, idaKeyStore, entityToEncryptForLocator, responseAssertionSigner, signatureAlgorithm, digestAlgorithm).compose(getSamlProfileOutboundResponseFromHubToSamlResponseTransformer());
    }

    public Function<HubIdentityProviderMetadataDto, Element> getHubIdentityProviderMetadataDtoToElementTransformer() {
        return this.coreTransformersFactory.getXmlObjectToElementTransformer().compose(getHubIdentityProviderMetadataDtoToEntityDescriptorTransformer());
    }

    public Function<IdaAuthnRequestFromHub, String> getIdaAuthnRequestFromHubToStringTransformer(IdaKeyStore idaKeyStore, SignatureAlgorithm signatureAlgorithm, DigestAlgorithm digestAlgorithm) {
        return getAuthnRequestToStringTransformer(false, idaKeyStore, signatureAlgorithm, digestAlgorithm).compose(getIdaAuthnRequestFromHubToAuthnRequestTransformer());
    }

    public Function<String, AuthnRequestFromRelyingParty> getStringToIdaAuthnRequestTransformer(URI uri, SigningKeyStore signingKeyStore, IdaKeyStore idaKeyStore, IdExpirationCache idExpirationCache, SamlDuplicateRequestValidationConfiguration samlDuplicateRequestValidationConfiguration, SamlAuthnRequestValidityDurationConfiguration samlAuthnRequestValidityDurationConfiguration) {
        return getAuthnRequestToAuthnRequestFromTransactionTransformer(uri, signingKeyStore, idaKeyStore, idExpirationCache, samlDuplicateRequestValidationConfiguration, samlAuthnRequestValidityDurationConfiguration).compose(getStringToAuthnRequestTransformer());
    }

    public StringToOpenSamlObjectTransformer<AuthnRequest> getStringToAuthnRequestTransformer() {
        return this.coreTransformersFactory.getStringtoOpenSamlObjectTransformer(new AuthnRequestSizeValidator(new StringSizeValidator()));
    }

    public StringToOpenSamlObjectTransformer<Response> getStringToResponseTransformer() {
        return this.coreTransformersFactory.getStringtoOpenSamlObjectTransformer(new ResponseSizeValidator(new StringSizeValidator()));
    }

    public StringToOpenSamlObjectTransformer<Response> getStringToResponseTransformer(ResponseSizeValidator responseSizeValidator) {
        return this.coreTransformersFactory.getStringtoOpenSamlObjectTransformer(responseSizeValidator);
    }

    public StringToOpenSamlObjectTransformer<Assertion> getStringToAssertionTransformer() {
        return this.coreTransformersFactory.getStringtoOpenSamlObjectTransformer(new AssertionSizeValidator());
    }

    public PassthroughAssertionUnmarshaller getAssertionToPassthroughAssertionTransformer() {
        return new PassthroughAssertionUnmarshaller(new XmlObjectToBase64EncodedStringTransformer(), new AuthnContextFactory());
    }

    public AssertionFromIdpToAssertionTransformer getAssertionFromIdpToAssertionTransformer() {
        return new AssertionFromIdpToAssertionTransformer(getStringToAssertionTransformer());
    }

    public Function<HubAttributeQueryRequest, Element> getMatchingServiceRequestToElementTransformer(IdaKeyStore idaKeyStore, EncryptionKeyStore encryptionKeyStore, EntityToEncryptForLocator entityToEncryptForLocator, SignatureAlgorithm signatureAlgorithm, DigestAlgorithm digestAlgorithm, String str) {
        return getAttributeQueryToElementTransformer(idaKeyStore, encryptionKeyStore, Optional.ofNullable(entityToEncryptForLocator), signatureAlgorithm, digestAlgorithm, str).compose(getHubAttributeQueryRequestToSamlAttributeQueryTransformer());
    }

    public Function<MatchingServiceHealthCheckRequest, Element> getMatchingServiceHealthCheckRequestToElementTransformer(IdaKeyStore idaKeyStore, EncryptionKeyStore encryptionKeyStore, EntityToEncryptForLocator entityToEncryptForLocator, SignatureAlgorithm signatureAlgorithm, DigestAlgorithm digestAlgorithm, String str) {
        return getAttributeQueryToElementTransformer(idaKeyStore, encryptionKeyStore, Optional.ofNullable(entityToEncryptForLocator), signatureAlgorithm, digestAlgorithm, str).compose(new MatchingServiceHealthCheckRequestToSamlAttributeQueryTransformer(new OpenSamlXmlObjectFactory()));
    }

    public <T extends RequestAbstractType> RequestAbstractTypeToStringTransformer<T> getRequestAbstractTypeToStringTransformer(boolean z, IdaKeyStore idaKeyStore, SignatureAlgorithm signatureAlgorithm, DigestAlgorithm digestAlgorithm) {
        return new RequestAbstractTypeToStringTransformer<>(new SigningRequestAbstractTypeSignatureCreator(new SignatureFactory(z, new IdaKeyStoreCredentialRetriever(idaKeyStore), signatureAlgorithm, digestAlgorithm)), new SamlSignatureSigner(), new XmlObjectToBase64EncodedStringTransformer());
    }

    public RequestAbstractTypeToStringTransformer<AuthnRequest> getAuthnRequestToStringTransformer(boolean z, IdaKeyStore idaKeyStore, SignatureAlgorithm signatureAlgorithm, DigestAlgorithm digestAlgorithm) {
        return getRequestAbstractTypeToStringTransformer(z, idaKeyStore, signatureAlgorithm, digestAlgorithm);
    }

    public DecoratedSamlResponseToInboundResponseFromMatchingServiceTransformer getResponseToInboundResponseFromMatchingServiceTransformer(SigningKeyStore signingKeyStore, IdaKeyStore idaKeyStore, String str) {
        ResponseAssertionsFromMatchingServiceValidator responseAssertionsFromMatchingServiceValidator = new ResponseAssertionsFromMatchingServiceValidator(new AssertionValidator(new IssuerValidator(), new AssertionSubjectValidator(), new AssertionAttributeStatementValidator(), new BasicAssertionSubjectConfirmationValidator()), str);
        InboundResponseFromMatchingServiceUnmarshaller inboundResponseFromMatchingServiceUnmarshaller = new InboundResponseFromMatchingServiceUnmarshaller(getAssertionToPassthroughAssertionTransformer(), new MatchingServiceIdaStatusUnmarshaller());
        SignatureValidator signatureValidator = getSignatureValidator(signingKeyStore);
        return new DecoratedSamlResponseToInboundResponseFromMatchingServiceTransformer(new MatchingServiceResponseValidator(new EncryptedResponseFromMatchingServiceValidator(), getSamlResponseSignatureValidator(signatureValidator), new AssertionsDecrypters(getSamlResponseAssertionDecrypters(idaKeyStore)), getSamlAssertionsSignatureValidator(signatureValidator), responseAssertionsFromMatchingServiceValidator), inboundResponseFromMatchingServiceUnmarshaller);
    }

    public Function<String, InboundResponseFromIdp> getStringToIdaResponseIssuedByIdpTransformer(SignatureValidator signatureValidator, IdaKeyStore idaKeyStore, URI uri, String str, IdExpirationCache<String> idExpirationCache, String str2) {
        return getDecoratedSamlResponseToIdaResponseIssuedByIdpTransformer(signatureValidator, idaKeyStore, uri, str, idExpirationCache, str2).compose(getStringToResponseTransformer());
    }

    public DecoratedSamlResponseToIdaResponseIssuedByIdpTransformer getDecoratedSamlResponseToIdaResponseIssuedByIdpTransformer(SignatureValidator signatureValidator, IdaKeyStore idaKeyStore, URI uri, String str, IdExpirationCache<String> idExpirationCache, String str2) {
        return new DecoratedSamlResponseToIdaResponseIssuedByIdpTransformer(new IdpResponseValidator(getSamlResponseSignatureValidator(signatureValidator), new AssertionsDecrypters(getSamlResponseAssertionDecrypters(idaKeyStore)), getSamlAssertionsSignatureValidator(signatureValidator), new EncryptedResponseFromIdpValidator(new SamlStatusToIdaStatusCodeMapper()), new DestinationValidator(uri, str), getResponseAssertionsFromIdpValidator(idExpirationCache, str2)), new IdaResponseFromIdpUnmarshaller(new IdpIdaStatusUnmarshaller(), getAssertionToPassthroughAssertionTransformer()));
    }

    public AuthnRequestToIdaRequestFromRelyingPartyTransformer getAuthnRequestToAuthnRequestFromTransactionTransformer(URI uri, SigningKeyStore signingKeyStore, IdaKeyStore idaKeyStore, IdExpirationCache idExpirationCache, SamlDuplicateRequestValidationConfiguration samlDuplicateRequestValidationConfiguration, SamlAuthnRequestValidityDurationConfiguration samlAuthnRequestValidityDurationConfiguration) {
        return new AuthnRequestToIdaRequestFromRelyingPartyTransformer(new AuthnRequestFromRelyingPartyUnmarshaller(this.decrypterFactory.createDecrypter(new IdaKeyStoreCredentialRetriever(idaKeyStore).getDecryptingCredentials())), this.coreTransformersFactory.getSamlRequestSignatureValidator(signingKeyStore), new DestinationValidator(uri, Endpoints.SSO_REQUEST_ENDPOINT), new AuthnRequestFromTransactionValidator(new IssuerValidator(), new DuplicateAuthnRequestValidator(idExpirationCache, samlDuplicateRequestValidationConfiguration), new AuthnRequestIssueInstantValidator(samlAuthnRequestValidityDurationConfiguration)));
    }

    private OutboundResponseFromHubToSamlResponseTransformer getOutboundResponseFromHubToSamlResponseTransformer() {
        return new OutboundResponseFromHubToSamlResponseTransformer(new TransactionIdaStatusMarshaller(new OpenSamlXmlObjectFactory()), new OpenSamlXmlObjectFactory(), getEncryptedAssertionUnmarshaller());
    }

    private OutboundResponseFromHubToSamlResponseTransformer getSamlProfileOutboundResponseFromHubToSamlResponseTransformer() {
        return new OutboundResponseFromHubToSamlResponseTransformer(new SamlProfileTransactionIdaStatusMarshaller(new OpenSamlXmlObjectFactory()), new OpenSamlXmlObjectFactory(), getEncryptedAssertionUnmarshaller());
    }

    private HubIdentityProviderMetadataDtoToEntityDescriptorTransformer getHubIdentityProviderMetadataDtoToEntityDescriptorTransformer() {
        return new HubIdentityProviderMetadataDtoToEntityDescriptorTransformer(new OpenSamlXmlObjectFactory(), this.coreTransformersFactory.getCertificatesToKeyDescriptorsTransformer(), new IdGenerator());
    }

    private IdaAuthnRequestFromHubToAuthnRequestTransformer getIdaAuthnRequestFromHubToAuthnRequestTransformer() {
        return new IdaAuthnRequestFromHubToAuthnRequestTransformer(new OpenSamlXmlObjectFactory());
    }

    private HubAttributeQueryRequestToSamlAttributeQueryTransformer getHubAttributeQueryRequestToSamlAttributeQueryTransformer() {
        return new HubAttributeQueryRequestToSamlAttributeQueryTransformer(new OpenSamlXmlObjectFactory(), new HubAssertionMarshaller(new OpenSamlXmlObjectFactory(), new AttributeFactory_1_1(new OpenSamlXmlObjectFactory()), new OutboundAssertionToSubjectTransformer(new OpenSamlXmlObjectFactory())), new AttributeQueryAttributeFactory(new OpenSamlXmlObjectFactory()), getEncryptedAssertionUnmarshaller());
    }

    public EncryptedAssertionUnmarshaller getEncryptedAssertionUnmarshaller() {
        return new EncryptedAssertionUnmarshaller(getStringToEncryptedAssertionTransformer());
    }

    private StringToOpenSamlObjectTransformer<EncryptedAssertion> getStringToEncryptedAssertionTransformer() {
        return this.coreTransformersFactory.getStringtoOpenSamlObjectTransformer(new AssertionSizeValidator());
    }

    private AttributeQueryToElementTransformer getAttributeQueryToElementTransformer(IdaKeyStore idaKeyStore, EncryptionKeyStore encryptionKeyStore, Optional<EntityToEncryptForLocator> optional, SignatureAlgorithm signatureAlgorithm, DigestAlgorithm digestAlgorithm, String str) {
        return new AttributeQueryToElementTransformer(new SigningRequestAbstractTypeSignatureCreator(new SignatureFactory(new IdaKeyStoreCredentialRetriever(idaKeyStore), signatureAlgorithm, digestAlgorithm)), new SamlAttributeQueryAssertionSignatureSigner(new IdaKeyStoreCredentialRetriever(idaKeyStore), new OpenSamlXmlObjectFactory(), str), new SamlSignatureSigner(), new XmlObjectToElementTransformer(), getSamlAttributeQueryAssertionEncrypter(encryptionKeyStore, optional));
    }

    private SamlAttributeQueryAssertionEncrypter getSamlAttributeQueryAssertionEncrypter(EncryptionKeyStore encryptionKeyStore, Optional<EntityToEncryptForLocator> optional) {
        return (SamlAttributeQueryAssertionEncrypter) optional.map(entityToEncryptForLocator -> {
            return new SamlAttributeQueryAssertionEncrypter(new KeyStoreBackedEncryptionCredentialResolver(encryptionKeyStore), new EncrypterFactory(), entityToEncryptForLocator);
        }).orElseGet(NoOpSamlAttributeQueryAssertionEncrypter::new);
    }

    private ResponseAssertionsFromIdpValidator getResponseAssertionsFromIdpValidator(IdExpirationCache<String> idExpirationCache, String str) {
        return new ResponseAssertionsFromIdpValidator(new IdentityProviderAssertionValidator(new IssuerValidator(), new AssertionSubjectValidator(), new AssertionAttributeStatementValidator(), new AssertionSubjectConfirmationValidator()), new MatchingDatasetAssertionValidator(new DuplicateAssertionValidatorImpl(idExpirationCache)), new AuthnStatementAssertionValidator(new DuplicateAssertionValidatorImpl(idExpirationCache)), new IPAddressValidator(), str);
    }

    public DecoratedSamlResponseToInboundHealthCheckResponseFromMatchingServiceTransformer getResponseInboundHealthCheckResponseFromMatchingServiceTransformer(SigningKeyStore signingKeyStore) {
        return new DecoratedSamlResponseToInboundHealthCheckResponseFromMatchingServiceTransformer(new InboundHealthCheckResponseFromMatchingServiceUnmarshaller(new MatchingServiceIdaStatusUnmarshaller()), getSamlResponseSignatureValidator(getSignatureValidator(signingKeyStore)), new HealthCheckResponseFromMatchingServiceValidator());
    }

    private List<AssertionDecrypter> getSamlResponseAssertionDecrypters(IdaKeyStore idaKeyStore) {
        return (List) new IdaKeyStoreCredentialRetriever(idaKeyStore).getDecryptingCredentials().stream().map(this::getAssertionDecrypter).collect(Collectors.toList());
    }

    private AssertionDecrypter getAssertionDecrypter(Credential credential) {
        return new AssertionDecrypter(this.encryptionAlgorithmValidator, this.decrypterFactory.createDecrypter(Collections.singletonList(credential)));
    }

    private SignatureValidator getSignatureValidator(SigningKeyStore signingKeyStore) {
        return this.coreTransformersFactory.getSignatureValidator(new SigningCredentialFactory(signingKeyStore));
    }

    private SamlResponseSignatureValidator getSamlResponseSignatureValidator(SignatureValidator signatureValidator) {
        return new SamlResponseSignatureValidator(new SamlMessageSignatureValidator(signatureValidator));
    }

    private SamlAssertionsSignatureValidator getSamlAssertionsSignatureValidator(SignatureValidator signatureValidator) {
        return new SamlAssertionsSignatureValidator(new SamlMessageSignatureValidator(signatureValidator));
    }
}
