package org.eclipse.edc.connector.transfer.dataplane;

import java.security.KeyPair;
import java.security.PublicKey;
import java.time.Clock;
import java.util.Objects;
import org.eclipse.edc.connector.api.control.configuration.ControlApiConfiguration;
import org.eclipse.edc.connector.contract.spi.negotiation.store.ContractNegotiationStore;
import org.eclipse.edc.connector.dataplane.selector.spi.client.DataPlaneSelectorClient;
import org.eclipse.edc.connector.dataplane.spi.client.DataPlaneClient;
import org.eclipse.edc.connector.transfer.dataplane.api.ConsumerPullTransferTokenValidationApiController;
import org.eclipse.edc.connector.transfer.dataplane.flow.ConsumerPullTransferDataFlowController;
import org.eclipse.edc.connector.transfer.dataplane.flow.ProviderPushTransferDataFlowController;
import org.eclipse.edc.connector.transfer.dataplane.proxy.ConsumerPullDataPlaneProxyResolver;
import org.eclipse.edc.connector.transfer.dataplane.security.ConsumerPullKeyPairFactory;
import org.eclipse.edc.connector.transfer.dataplane.spi.security.DataEncrypter;
import org.eclipse.edc.connector.transfer.dataplane.spi.token.ConsumerPullTokenExpirationDateFunction;
import org.eclipse.edc.connector.transfer.dataplane.validation.ContractValidationRule;
import org.eclipse.edc.connector.transfer.dataplane.validation.ExpirationDateValidationRule;
import org.eclipse.edc.connector.transfer.spi.callback.ControlApiUrl;
import org.eclipse.edc.connector.transfer.spi.flow.DataFlowManager;
import org.eclipse.edc.jwt.TokenGenerationServiceImpl;
import org.eclipse.edc.jwt.TokenValidationRulesRegistryImpl;
import org.eclipse.edc.jwt.TokenValidationServiceImpl;
import org.eclipse.edc.jwt.spi.TokenValidationService;
import org.eclipse.edc.runtime.metamodel.annotation.Extension;
import org.eclipse.edc.runtime.metamodel.annotation.Inject;
import org.eclipse.edc.spi.EdcException;
import org.eclipse.edc.spi.security.PrivateKeyResolver;
import org.eclipse.edc.spi.security.Vault;
import org.eclipse.edc.spi.system.ServiceExtension;
import org.eclipse.edc.spi.system.ServiceExtensionContext;
import org.eclipse.edc.spi.types.TypeManager;
import org.eclipse.edc.web.spi.WebService;

@Extension(TransferDataPlaneCoreExtension.NAME)
/* loaded from: input_file:org/eclipse/edc/connector/transfer/dataplane/TransferDataPlaneCoreExtension.class */
public class TransferDataPlaneCoreExtension implements ServiceExtension {
    public static final String NAME = "Transfer Data Plane Core";

    @Inject
    private ContractNegotiationStore contractNegotiationStore;

    @Inject
    private Vault vault;

    @Inject
    private PrivateKeyResolver privateKeyResolver;

    @Inject
    private WebService webService;

    @Inject
    private DataFlowManager dataFlowManager;

    @Inject
    private Clock clock;

    @Inject
    private DataEncrypter dataEncrypter;

    @Inject
    private DataPlaneClient dataPlaneClient;

    @Inject
    private ControlApiConfiguration controlApiConfiguration;

    @Inject
    private DataPlaneSelectorClient selectorClient;

    @Inject
    private ConsumerPullTokenExpirationDateFunction tokenExpirationDateFunction;

    @Inject(required = false)
    private ControlApiUrl callbackUrl;

    @Inject
    private TypeManager typeManager;

    public String name() {
        return NAME;
    }

    public void initialize(ServiceExtensionContext serviceExtensionContext) {
        KeyPair keyPairFromConfig = keyPairFromConfig(serviceExtensionContext);
        this.webService.registerResource(this.controlApiConfiguration.getContextAlias(), new ConsumerPullTransferTokenValidationApiController(tokenValidationService(keyPairFromConfig.getPublic()), this.dataEncrypter, this.typeManager));
        this.dataFlowManager.register(new ConsumerPullTransferDataFlowController(this.selectorClient, new ConsumerPullDataPlaneProxyResolver(this.dataEncrypter, this.typeManager, new TokenGenerationServiceImpl(keyPairFromConfig.getPrivate()), this.tokenExpirationDateFunction)));
        this.dataFlowManager.register(new ProviderPushTransferDataFlowController(this.callbackUrl, this.dataPlaneClient));
    }

    private KeyPair keyPairFromConfig(ServiceExtensionContext serviceExtensionContext) {
        ConsumerPullKeyPairFactory consumerPullKeyPairFactory = new ConsumerPullKeyPairFactory(this.privateKeyResolver, this.vault);
        String setting = serviceExtensionContext.getSetting(TransferDataPlaneConfig.TOKEN_VERIFIER_PUBLIC_KEY_ALIAS, (String) null);
        String setting2 = serviceExtensionContext.getSetting(TransferDataPlaneConfig.TOKEN_SIGNER_PRIVATE_KEY_ALIAS, (String) null);
        if (setting == null && setting2 == null) {
            serviceExtensionContext.getMonitor().info(() -> {
                return "No public or private key provided for 'Consumer Pull' transfers -> a key pair will be generated (DO NOT USE IN PRODUCTION)";
            }, new Throwable[0]);
            return consumerPullKeyPairFactory.defaultKeyPair();
        }
        Objects.requireNonNull(setting, "public key alias");
        Objects.requireNonNull(setting2, "private key alias");
        return (KeyPair) consumerPullKeyPairFactory.fromConfig(setting, setting2).orElseThrow(failure -> {
            return new EdcException(failure.getFailureDetail());
        });
    }

    private TokenValidationService tokenValidationService(PublicKey publicKey) {
        TokenValidationRulesRegistryImpl tokenValidationRulesRegistryImpl = new TokenValidationRulesRegistryImpl();
        tokenValidationRulesRegistryImpl.addRule(new ContractValidationRule(this.contractNegotiationStore, this.clock));
        tokenValidationRulesRegistryImpl.addRule(new ExpirationDateValidationRule(this.clock));
        return new TokenValidationServiceImpl(str -> {
            return publicKey;
        }, tokenValidationRulesRegistryImpl);
    }
}
