package io.helidon.security.providers.httpsign;

import io.helidon.common.pki.KeyConfig;
import io.helidon.config.Config;
import io.helidon.security.util.TokenHandler;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Objects;
import java.util.Optional;
import java.util.logging.Logger;

/* loaded from: input_file:io/helidon/security/providers/httpsign/OutboundTargetDefinition.class */
public final class OutboundTargetDefinition {
    private final String keyId;
    private final String algorithm;
    private final KeyConfig keyConfig;
    private final HttpSignHeader header;
    private final byte[] hmacSharedSecret;
    private final SignedHeadersConfig signedHeadersConfig;
    private final TokenHandler tokenHandler;
    private final boolean backwardCompatibleEol;

    /* loaded from: input_file:io/helidon/security/providers/httpsign/OutboundTargetDefinition$Builder.class */
    public static final class Builder implements io.helidon.common.Builder<Builder, OutboundTargetDefinition> {
        private static final Logger LOGGER = Logger.getLogger(Builder.class.getName());
        private String keyId;
        private String algorithm;
        private KeyConfig keyConfig;
        private byte[] hmacSharedSecret;
        private TokenHandler tokenHandler;
        private HttpSignHeader header = HttpSignHeader.SIGNATURE;
        private SignedHeadersConfig signedHeadersConfig = HttpSignProvider.DEFAULT_REQUIRED_HEADERS;
        private boolean backwardCompatibleEol = false;

        private Builder() {
        }

        public Builder keyId(String str) {
            this.keyId = str;
            return this;
        }

        public Builder header(HttpSignHeader httpSignHeader) {
            this.header = httpSignHeader;
            return this;
        }

        public Builder algorithm(String str) {
            this.algorithm = str;
            return this;
        }

        public Builder privateKeyConfig(KeyConfig keyConfig) {
            if (null == this.algorithm) {
                this.algorithm = "rsa-sha256";
            }
            keyConfig.privateKey().orElseThrow(() -> {
                return new HttpSignatureException("Configuration must contain a private key");
            });
            this.keyConfig = keyConfig;
            return this;
        }

        public Builder signedHeaders(SignedHeadersConfig signedHeadersConfig) {
            this.signedHeadersConfig = signedHeadersConfig;
            return this;
        }

        public Builder hmacSecret(byte[] bArr) {
            if (null == this.algorithm) {
                this.algorithm = "hmac-sha256";
            }
            this.hmacSharedSecret = Arrays.copyOf(bArr, bArr.length);
            return this;
        }

        public Builder hmacSecret(String str) {
            return hmacSecret(str.getBytes(StandardCharsets.UTF_8));
        }

        public Builder tokenHandler(TokenHandler tokenHandler) {
            this.tokenHandler = tokenHandler;
            this.header = HttpSignHeader.CUSTOM;
            return this;
        }

        /* renamed from: build, reason: merged with bridge method [inline-methods] */
        public OutboundTargetDefinition m7build() {
            return new OutboundTargetDefinition(this);
        }

        public Builder config(Config config) {
            keyId((String) config.get("key-id").asString().get());
            config.get("header").asString().map(HttpSignHeader::valueOf).ifPresent(this::header);
            config.get("sign-headers").as(SignedHeadersConfig::create).ifPresent(this::signedHeaders);
            config.get("private-key").as(KeyConfig::create).ifPresent(this::privateKeyConfig);
            config.get("hmac.secret").asString().ifPresent(this::hmacSecret);
            config.get("algorithm").asString().ifPresent(this::algorithm);
            config.get("backward-compatible-eol").asBoolean().ifPresent(this::backwardCompatibleEol);
            return this;
        }

        public Builder backwardCompatibleEol(Boolean bool) {
            this.backwardCompatibleEol = bool.booleanValue();
            return this;
        }
    }

    private OutboundTargetDefinition(Builder builder) {
        this.keyId = builder.keyId;
        this.algorithm = builder.algorithm;
        this.keyConfig = builder.keyConfig;
        this.header = builder.header;
        this.hmacSharedSecret = builder.hmacSharedSecret;
        this.signedHeadersConfig = builder.signedHeadersConfig;
        this.tokenHandler = builder.tokenHandler;
        this.backwardCompatibleEol = builder.backwardCompatibleEol;
        Objects.requireNonNull(this.algorithm, "Signature algorithm must not be null");
        Objects.requireNonNull(this.keyId, "Key id must not be null");
        Objects.requireNonNull(this.header, "Header to use must not be null");
        Objects.requireNonNull(this.signedHeadersConfig, "Configuration of how to sign headers must not be null");
        if ("hmac-sha256".equals(this.algorithm)) {
            Objects.requireNonNull(this.hmacSharedSecret, "HMAC shared secret must not be null");
        } else if ("rsa-sha256".equals(this.algorithm)) {
            Objects.requireNonNull(this.keyConfig, "RSA Keys configuration must not be null");
        }
    }

    public static Builder builder(String str) {
        return new Builder().keyId(str);
    }

    public static Builder builder(Config config) {
        return new Builder().config(config);
    }

    public static OutboundTargetDefinition create(Config config) {
        return builder(config).m7build();
    }

    public String keyId() {
        return this.keyId;
    }

    public String algorithm() {
        return this.algorithm;
    }

    public Optional<KeyConfig> keyConfig() {
        return Optional.ofNullable(this.keyConfig);
    }

    public Optional<byte[]> hmacSharedSecret() {
        return Optional.ofNullable(this.hmacSharedSecret);
    }

    public HttpSignHeader header() {
        return this.header;
    }

    public SignedHeadersConfig signedHeadersConfig() {
        return this.signedHeadersConfig;
    }

    public TokenHandler tokenHandler() {
        return this.tokenHandler;
    }

    public boolean backwardCompatibleEol() {
        return this.backwardCompatibleEol;
    }
}
