package io.helidon.security.providers.oidc.common;

import io.helidon.common.Errors;
import io.helidon.common.LazyValue;
import io.helidon.common.configurable.Resource;
import io.helidon.common.http.FormParams;
import io.helidon.common.http.Http;
import io.helidon.common.http.SetCookie;
import io.helidon.common.reactive.Single;
import io.helidon.config.Config;
import io.helidon.config.metadata.Configured;
import io.helidon.security.SecurityException;
import io.helidon.security.jwt.jwk.JwkKeys;
import io.helidon.security.providers.oidc.common.OidcCookieHandler;
import io.helidon.security.providers.oidc.common.spi.TenantConfigFinder;
import io.helidon.security.util.TokenHandler;
import io.helidon.webclient.WebClient;
import io.helidon.webclient.WebClientRequestBuilder;
import io.helidon.webserver.cors.CrossOriginConfig;
import jakarta.json.JsonObject;
import jakarta.ws.rs.client.Client;
import jakarta.ws.rs.client.ClientBuilder;
import jakarta.ws.rs.client.WebTarget;
import java.net.URI;
import java.time.Duration;
import java.util.HashMap;
import java.util.Locale;
import java.util.Map;
import java.util.Optional;
import java.util.function.BiFunction;
import java.util.function.Function;
import java.util.function.Supplier;
import java.util.logging.Logger;

/* loaded from: input_file:io/helidon/security/providers/oidc/common/OidcConfig.class */
public final class OidcConfig extends TenantConfigImpl {
    public static final String PARAM_HEADER_NAME = "X_OIDC_TOKEN_HEADER";
    public static final String DEFAULT_TENANT_PARAM_NAME = "h_tenant";
    static final String DEFAULT_REDIRECT_URI = "/oidc/redirect";
    static final String DEFAULT_LOGOUT_URI = "/oidc/logout";
    static final boolean DEFAULT_REDIRECT = true;
    static final String DEFAULT_ATTEMPT_PARAM = "h_ra";
    static final int DEFAULT_MAX_REDIRECTS = 5;
    static final boolean DEFAULT_FORCE_HTTPS_REDIRECTS = false;
    static final boolean DEFAULT_RELATIVE_URIS = false;
    static final int DEFAULT_PROXY_PORT = 80;
    static final String DEFAULT_PROXY_PROTOCOL = "http";
    static final String TENANT_IDENT = "name";
    static final String DEFAULT_PARAM_NAME = "accessToken";
    static final boolean DEFAULT_PARAM_USE = false;
    static final boolean DEFAULT_HEADER_USE = false;
    static final boolean DEFAULT_COOKIE_USE = true;
    static final String DEFAULT_COOKIE_NAME = "JSESSIONID";
    static final String DEFAULT_TENANT_COOKIE_NAME = "HELIDON_TENANT";
    private final Map<String, TenantConfig> tenantConfigurations;
    private final String redirectUri;
    private final String logoutUri;
    private final boolean logoutEnabled;
    private final String frontendUri;
    private final boolean redirect;
    private final String redirectAttemptParam;
    private final int maxRedirects;
    private final URI postLogoutUri;
    private final CrossOriginConfig crossOriginConfig;
    private final boolean forceHttpsRedirects;
    private final Duration tokenRefreshSkew;
    private final boolean relativeUris;
    private final Client generalClient;
    private final WebClient webClient;
    private final LazyValue<Optional<WebTarget>> introspectEndpoint;
    private final Supplier<WebClient.Builder> webClientBuilderSupplier;
    private final Supplier<ClientBuilder> jaxrsClientBuilderSupplier;
    private final LazyValue<Tenant> defaultTenant;
    private final boolean useParam;
    private final String paramName;
    private final String tenantParamName;
    private final boolean useHeader;
    private final TokenHandler headerHandler;
    private final boolean useCookie;
    private final OidcCookieHandler tokenCookieHandler;
    private final OidcCookieHandler idTokenCookieHandler;
    private final OidcCookieHandler tenantCookieHandler;
    static final Duration DEFAULT_TOKEN_REFRESH_SKEW = Duration.ofSeconds(5);
    private static final Logger LOGGER = Logger.getLogger(OidcConfig.class.getName());

    @Configured(description = "Open ID Connect configuration")
    /* loaded from: input_file:io/helidon/security/providers/oidc/common/OidcConfig$Builder.class */
    public static class Builder extends BaseBuilder<Builder, OidcConfig> {
        private String frontendUri;
        private URI postLogoutUri;
        private CrossOriginConfig crossOriginConfig;
        private String proxyHost;

        @Deprecated
        private Client generalClient;
        private WebClient webClient;
        private Supplier<WebClient.Builder> webClientBuilderSupplier;
        private Supplier<ClientBuilder> jaxrsClientBuilderSupplier;
        private final Map<String, TenantConfig> tenantConfigurations = new HashMap();
        private String redirectUri = OidcConfig.DEFAULT_REDIRECT_URI;
        private String logoutUri = OidcConfig.DEFAULT_LOGOUT_URI;
        private boolean logoutEnabled = false;
        private boolean redirect = true;
        private String redirectAttemptParam = OidcConfig.DEFAULT_ATTEMPT_PARAM;
        private int maxRedirects = OidcConfig.DEFAULT_MAX_REDIRECTS;
        private boolean forceHttpsRedirects = false;
        private Duration tokenRefreshSkew = OidcConfig.DEFAULT_TOKEN_REFRESH_SKEW;
        private String proxyProtocol = OidcConfig.DEFAULT_PROXY_PROTOCOL;
        private int proxyPort = OidcConfig.DEFAULT_PROXY_PORT;
        private String paramName = OidcConfig.DEFAULT_PARAM_NAME;
        private String tenantParamName = OidcConfig.DEFAULT_TENANT_PARAM_NAME;
        private boolean useHeader = false;
        private boolean useParam = false;
        private final OidcCookieHandler.Builder tenantCookieBuilder = OidcCookieHandler.builder().cookieName(OidcConfig.DEFAULT_TENANT_COOKIE_NAME);
        private final OidcCookieHandler.Builder tokenCookieBuilder = OidcCookieHandler.builder().cookieName(OidcConfig.DEFAULT_COOKIE_NAME);
        private final OidcCookieHandler.Builder idTokenCookieBuilder = OidcCookieHandler.builder().cookieName("JSESSIONID_2");
        private TokenHandler headerHandler = TokenHandler.builder().tokenHeader("Authorization").tokenPrefix("bearer ").build();
        private boolean useCookie = true;
        private boolean cookieSameSiteDefault = true;
        private boolean relativeUris = false;

        protected Builder() {
        }

        /* renamed from: build, reason: merged with bridge method [inline-methods] */
        public OidcConfig m3build() {
            buildConfiguration();
            Errors.Collector collector = Errors.collector();
            if (this.useCookie && this.logoutEnabled && this.postLogoutUri == null) {
                collector.fatal("post-logout-uri must be defined when logout is enabled.");
            }
            collector.collect().checkValid();
            if (this.cookieSameSiteDefault && this.useCookie && identityUri() != null) {
                String host = identityUri().getHost();
                if (this.frontendUri != null && host.equals(URI.create(this.frontendUri).getHost())) {
                    OidcConfig.LOGGER.info("As frontend host and identity host are equal, setting Same-Site policy to Strict this can be overridden using configuration option of OIDC: \"cookie-same-site\"");
                    this.tenantCookieBuilder.sameSite(SetCookie.SameSite.STRICT);
                    this.tokenCookieBuilder.sameSite(SetCookie.SameSite.STRICT);
                    this.idTokenCookieBuilder.sameSite(SetCookie.SameSite.STRICT);
                }
            }
            if (this.logoutEnabled) {
                this.idTokenCookieBuilder.encryptionEnabled(true);
            }
            this.webClientBuilderSupplier = () -> {
                return OidcUtil.webClientBaseBuilder(this.proxyHost, this.proxyPort, this.relativeUris, clientTimeout());
            };
            this.jaxrsClientBuilderSupplier = () -> {
                return OidcUtil.clientBaseBuilder(this.proxyProtocol, this.proxyHost, this.proxyPort);
            };
            this.generalClient = this.jaxrsClientBuilderSupplier.get().build();
            this.webClient = this.webClientBuilderSupplier.get().build();
            return new OidcConfig(this);
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // io.helidon.security.providers.oidc.common.BaseBuilder
        public Builder config(Config config) {
            super.config(config);
            config.get("frontend-uri").asString().ifPresent(this::frontendUri);
            config.get("proxy-protocol").asString().ifPresent(this::proxyProtocol);
            config.get("proxy-host").asString().ifPresent(this::proxyHost);
            config.get("proxy-port").asInt().ifPresent((v1) -> {
                proxyPort(v1);
            });
            config.get("relative-uris").asBoolean().ifPresent((v1) -> {
                relativeUris(v1);
            });
            config.get("query-param-use").asBoolean().ifPresent(this::useParam);
            config.get("query-param-name").asString().ifPresent(this::paramName);
            config.get("query-param-tenant-name").asString().ifPresent(this::paramTenantName);
            config.get("header-use").asBoolean().ifPresent(this::useHeader);
            config.get("header-token").as(TokenHandler.class).ifPresent(this::headerTokenHandler);
            config.get("cookie-use").asBoolean().ifPresent(this::useCookie);
            config.get("cookie-name").asString().ifPresent(this::cookieName);
            config.get("cookie-name-id-token").asString().ifPresent(this::cookieNameIdToken);
            config.get("cookie-name-tenant").asString().ifPresent(this::cookieTenantName);
            config.get("cookie-domain").asString().ifPresent(this::cookieDomain);
            config.get("cookie-path").asString().ifPresent(this::cookiePath);
            config.get("cookie-max-age-seconds").asLong().ifPresent((v1) -> {
                cookieMaxAgeSeconds(v1);
            });
            config.get("cookie-http-only").asBoolean().ifPresent(this::cookieHttpOnly);
            config.get("cookie-secure").asBoolean().ifPresent(this::cookieSecure);
            config.get("cookie-same-site").asString().ifPresent(this::cookieSameSite);
            config.get("cookie-encryption-enabled").asBoolean().ifPresent((v1) -> {
                cookieEncryptionEnabled(v1);
            });
            config.get("cookie-encryption-id-enabled").asBoolean().ifPresent((v1) -> {
                cookieEncryptionEnabledIdToken(v1);
            });
            config.get("cookie-encryption-tenant-enabled").asBoolean().ifPresent((v1) -> {
                cookieEncryptionEnabledTenantName(v1);
            });
            config.get("cookie-encryption-password").as(String.class).map((v0) -> {
                return v0.toCharArray();
            }).ifPresent(this::cookieEncryptionPassword);
            config.get("cookie-encryption-name").asString().ifPresent(this::cookieEncryptionName);
            config.get("redirect-uri").asString().ifPresent(this::redirectUri);
            config.get("logout-uri").asString().ifPresent(this::logoutUri);
            config.get("post-logout-uri").as(URI.class).ifPresent(this::postLogoutUri);
            config.get("logout-enabled").asBoolean().ifPresent(this::logoutEnabled);
            config.get("redirect").asBoolean().ifPresent((v1) -> {
                redirect(v1);
            });
            config.get("redirect-attempt-param").asString().ifPresent(this::redirectAttemptParam);
            config.get("max-redirects").asInt().ifPresent((v1) -> {
                maxRedirects(v1);
            });
            config.get("force-https-redirects").asBoolean().ifPresent((v1) -> {
                forceHttpsRedirects(v1);
            });
            config.get("cors").as(CrossOriginConfig::create).ifPresent(this::crossOriginConfig);
            config.get("token-refresh-before-expiration").as(Duration.class).ifPresent(this::tokenRefreshSkew);
            config.get("tenants").asList(Config.class).ifPresent(list -> {
                list.forEach(config2 -> {
                    tenantFromConfig(config, config2);
                });
            });
            return this;
        }

        private void tenantFromConfig(Config config, Config config2) {
            addTenantConfig(TenantConfig.tenantBuilder().config(config).config(config2).m13build());
        }

        public Builder tokenRefreshSkew(Duration duration) {
            this.tokenRefreshSkew = duration;
            return this;
        }

        public Builder crossOriginConfig(CrossOriginConfig crossOriginConfig) {
            this.crossOriginConfig = crossOriginConfig;
            return this;
        }

        public Builder logoutEnabled(Boolean bool) {
            this.logoutEnabled = bool.booleanValue();
            return this;
        }

        public Builder redirect(boolean z) {
            this.redirect = z;
            return this;
        }

        public Builder frontendUri(String str) {
            this.frontendUri = str;
            return this;
        }

        public Builder forceHttpsRedirects(boolean z) {
            this.forceHttpsRedirects = z;
            return this;
        }

        public Builder relativeUris(boolean z) {
            this.relativeUris = z;
            return this;
        }

        public Builder redirectUri(String str) {
            this.redirectUri = str;
            return this;
        }

        public Builder logoutUri(String str) {
            this.logoutUri = str;
            return this;
        }

        public Builder postLogoutUri(URI uri) {
            this.postLogoutUri = uri;
            return this;
        }

        public Builder redirectAttemptParam(String str) {
            this.redirectAttemptParam = str;
            return this;
        }

        public Builder maxRedirects(int i) {
            this.maxRedirects = i;
            return this;
        }

        public Builder proxyProtocol(String str) {
            this.proxyProtocol = str;
            return this;
        }

        public Builder proxyHost(String str) {
            if (str == null || str.isEmpty()) {
                this.proxyHost = null;
            } else {
                this.proxyHost = str;
            }
            return this;
        }

        public Builder proxyPort(int i) {
            this.proxyPort = i;
            return this;
        }

        public Builder headerTokenHandler(TokenHandler tokenHandler) {
            this.headerHandler = tokenHandler;
            return this;
        }

        public Builder useHeader(Boolean bool) {
            this.useHeader = bool.booleanValue();
            return this;
        }

        public Builder paramName(String str) {
            this.paramName = str;
            return this;
        }

        public Builder paramTenantName(String str) {
            this.tenantParamName = str;
            return this;
        }

        public Builder useParam(Boolean bool) {
            this.useParam = bool.booleanValue();
            return this;
        }

        public Builder cookieEncryptionName(String str) {
            this.tokenCookieBuilder.encryptionName(str);
            this.idTokenCookieBuilder.encryptionName(str);
            this.tenantCookieBuilder.encryptionName(str);
            return this;
        }

        public Builder cookieEncryptionPassword(char[] cArr) {
            this.tokenCookieBuilder.encryptionPassword(cArr);
            this.idTokenCookieBuilder.encryptionPassword(cArr);
            this.tenantCookieBuilder.encryptionPassword(cArr);
            return this;
        }

        public Builder cookieEncryptionEnabled(boolean z) {
            this.tokenCookieBuilder.encryptionEnabled(Boolean.valueOf(z));
            return this;
        }

        public Builder cookieEncryptionEnabledIdToken(boolean z) {
            this.idTokenCookieBuilder.encryptionEnabled(Boolean.valueOf(z));
            return this;
        }

        public Builder cookieEncryptionEnabledTenantName(boolean z) {
            this.tenantCookieBuilder.encryptionEnabled(Boolean.valueOf(z));
            return this;
        }

        public Builder cookieSameSite(String str) {
            return cookieSameSite(SetCookie.SameSite.valueOf(str.toUpperCase(Locale.ROOT)));
        }

        public Builder cookieSameSite(SetCookie.SameSite sameSite) {
            this.tokenCookieBuilder.sameSite(sameSite);
            this.idTokenCookieBuilder.sameSite(sameSite);
            this.tenantCookieBuilder.sameSite(sameSite);
            this.cookieSameSiteDefault = false;
            return this;
        }

        public Builder cookieSecure(Boolean bool) {
            this.tokenCookieBuilder.secure(bool.booleanValue());
            this.idTokenCookieBuilder.secure(bool.booleanValue());
            this.tenantCookieBuilder.secure(bool.booleanValue());
            return this;
        }

        public Builder cookieHttpOnly(Boolean bool) {
            this.tokenCookieBuilder.httpOnly(bool.booleanValue());
            this.idTokenCookieBuilder.httpOnly(bool.booleanValue());
            this.tenantCookieBuilder.httpOnly(bool.booleanValue());
            return this;
        }

        public Builder cookieMaxAgeSeconds(long j) {
            this.tokenCookieBuilder.maxAge(Long.valueOf(j));
            this.idTokenCookieBuilder.maxAge(Long.valueOf(j));
            this.tenantCookieBuilder.maxAge(Long.valueOf(j));
            return this;
        }

        public Builder cookiePath(String str) {
            this.tokenCookieBuilder.path(str);
            this.idTokenCookieBuilder.path(str);
            this.tenantCookieBuilder.path(str);
            return this;
        }

        public Builder cookieDomain(String str) {
            this.tokenCookieBuilder.domain(str);
            this.idTokenCookieBuilder.domain(str);
            this.tenantCookieBuilder.domain(str);
            return this;
        }

        public Builder cookieName(String str) {
            this.tokenCookieBuilder.cookieName(str);
            return this;
        }

        public Builder cookieNameIdToken(String str) {
            this.idTokenCookieBuilder.cookieName(str);
            return this;
        }

        public Builder cookieTenantName(String str) {
            this.tenantCookieBuilder.cookieName(str);
            return this;
        }

        public Builder useCookie(Boolean bool) {
            this.useCookie = bool.booleanValue();
            return this;
        }

        public Builder addTenantConfig(TenantConfig tenantConfig) {
            this.tenantConfigurations.put(tenantConfig.name(), tenantConfig);
            return this;
        }

        @Override // io.helidon.security.providers.oidc.common.BaseBuilder
        public /* bridge */ /* synthetic */ boolean useWellKnown() {
            return super.useWellKnown();
        }

        /* JADX WARN: Type inference failed for: r0v1, types: [io.helidon.security.providers.oidc.common.OidcConfig$Builder, io.helidon.security.providers.oidc.common.BaseBuilder] */
        @Override // io.helidon.security.providers.oidc.common.BaseBuilder
        public /* bridge */ /* synthetic */ Builder scopeAudience(String str) {
            return super.scopeAudience(str);
        }

        /* JADX WARN: Type inference failed for: r0v1, types: [io.helidon.security.providers.oidc.common.OidcConfig$Builder, io.helidon.security.providers.oidc.common.BaseBuilder] */
        @Override // io.helidon.security.providers.oidc.common.BaseBuilder
        public /* bridge */ /* synthetic */ Builder clientTimeout(Duration duration) {
            return super.clientTimeout(duration);
        }

        /* JADX WARN: Type inference failed for: r0v1, types: [io.helidon.security.providers.oidc.common.OidcConfig$Builder, io.helidon.security.providers.oidc.common.BaseBuilder] */
        @Override // io.helidon.security.providers.oidc.common.BaseBuilder
        public /* bridge */ /* synthetic */ Builder serverType(String str) {
            return super.serverType(str);
        }

        /* JADX WARN: Type inference failed for: r0v1, types: [io.helidon.security.providers.oidc.common.OidcConfig$Builder, io.helidon.security.providers.oidc.common.BaseBuilder] */
        @Override // io.helidon.security.providers.oidc.common.BaseBuilder
        public /* bridge */ /* synthetic */ Builder oidcMetadataWellKnown(boolean z) {
            return super.oidcMetadataWellKnown(z);
        }

        /* JADX WARN: Type inference failed for: r0v1, types: [io.helidon.security.providers.oidc.common.OidcConfig$Builder, io.helidon.security.providers.oidc.common.BaseBuilder] */
        @Override // io.helidon.security.providers.oidc.common.BaseBuilder
        public /* bridge */ /* synthetic */ Builder baseScopes(String str) {
            return super.baseScopes(str);
        }

        /* JADX WARN: Type inference failed for: r0v1, types: [io.helidon.security.providers.oidc.common.OidcConfig$Builder, io.helidon.security.providers.oidc.common.BaseBuilder] */
        @Override // io.helidon.security.providers.oidc.common.BaseBuilder
        public /* bridge */ /* synthetic */ Builder oidcMetadata(JsonObject jsonObject) {
            return super.oidcMetadata(jsonObject);
        }

        /* JADX WARN: Type inference failed for: r0v1, types: [io.helidon.security.providers.oidc.common.OidcConfig$Builder, io.helidon.security.providers.oidc.common.BaseBuilder] */
        @Override // io.helidon.security.providers.oidc.common.BaseBuilder
        public /* bridge */ /* synthetic */ Builder oidcMetadata(Resource resource) {
            return super.oidcMetadata(resource);
        }

        /* JADX WARN: Type inference failed for: r0v1, types: [io.helidon.security.providers.oidc.common.OidcConfig$Builder, io.helidon.security.providers.oidc.common.BaseBuilder] */
        @Override // io.helidon.security.providers.oidc.common.BaseBuilder
        public /* bridge */ /* synthetic */ Builder tokenEndpointUri(URI uri) {
            return super.tokenEndpointUri(uri);
        }

        /* JADX WARN: Type inference failed for: r0v1, types: [io.helidon.security.providers.oidc.common.OidcConfig$Builder, io.helidon.security.providers.oidc.common.BaseBuilder] */
        @Override // io.helidon.security.providers.oidc.common.BaseBuilder
        public /* bridge */ /* synthetic */ Builder logoutEndpointUri(URI uri) {
            return super.logoutEndpointUri(uri);
        }

        /* JADX WARN: Type inference failed for: r0v1, types: [io.helidon.security.providers.oidc.common.OidcConfig$Builder, io.helidon.security.providers.oidc.common.BaseBuilder] */
        @Override // io.helidon.security.providers.oidc.common.BaseBuilder
        public /* bridge */ /* synthetic */ Builder authorizationEndpointUri(URI uri) {
            return super.authorizationEndpointUri(uri);
        }

        /* JADX WARN: Type inference failed for: r0v1, types: [io.helidon.security.providers.oidc.common.OidcConfig$Builder, io.helidon.security.providers.oidc.common.BaseBuilder] */
        @Override // io.helidon.security.providers.oidc.common.BaseBuilder
        public /* bridge */ /* synthetic */ Builder tokenEndpointAuthentication(ClientAuthentication clientAuthentication) {
            return super.tokenEndpointAuthentication(clientAuthentication);
        }

        /* JADX WARN: Type inference failed for: r0v1, types: [io.helidon.security.providers.oidc.common.OidcConfig$Builder, io.helidon.security.providers.oidc.common.BaseBuilder] */
        @Override // io.helidon.security.providers.oidc.common.BaseBuilder
        public /* bridge */ /* synthetic */ Builder signJwk(JwkKeys jwkKeys) {
            return super.signJwk(jwkKeys);
        }

        /* JADX WARN: Type inference failed for: r0v1, types: [io.helidon.security.providers.oidc.common.OidcConfig$Builder, io.helidon.security.providers.oidc.common.BaseBuilder] */
        @Override // io.helidon.security.providers.oidc.common.BaseBuilder
        public /* bridge */ /* synthetic */ Builder signJwk(Resource resource) {
            return super.signJwk(resource);
        }

        /* JADX WARN: Type inference failed for: r0v1, types: [io.helidon.security.providers.oidc.common.OidcConfig$Builder, io.helidon.security.providers.oidc.common.BaseBuilder] */
        @Override // io.helidon.security.providers.oidc.common.BaseBuilder
        public /* bridge */ /* synthetic */ Builder introspectEndpointUri(URI uri) {
            return super.introspectEndpointUri(uri);
        }

        /* JADX WARN: Type inference failed for: r0v1, types: [io.helidon.security.providers.oidc.common.OidcConfig$Builder, io.helidon.security.providers.oidc.common.BaseBuilder] */
        @Override // io.helidon.security.providers.oidc.common.BaseBuilder
        public /* bridge */ /* synthetic */ Builder validateJwtWithJwk(Boolean bool) {
            return super.validateJwtWithJwk(bool);
        }

        /* JADX WARN: Type inference failed for: r0v1, types: [io.helidon.security.providers.oidc.common.OidcConfig$Builder, io.helidon.security.providers.oidc.common.BaseBuilder] */
        @Override // io.helidon.security.providers.oidc.common.BaseBuilder
        public /* bridge */ /* synthetic */ Builder issuer(String str) {
            return super.issuer(str);
        }

        /* JADX WARN: Type inference failed for: r0v1, types: [io.helidon.security.providers.oidc.common.OidcConfig$Builder, io.helidon.security.providers.oidc.common.BaseBuilder] */
        @Override // io.helidon.security.providers.oidc.common.BaseBuilder
        public /* bridge */ /* synthetic */ Builder audience(String str) {
            return super.audience(str);
        }

        /* JADX WARN: Type inference failed for: r0v1, types: [io.helidon.security.providers.oidc.common.OidcConfig$Builder, io.helidon.security.providers.oidc.common.BaseBuilder] */
        @Override // io.helidon.security.providers.oidc.common.BaseBuilder
        public /* bridge */ /* synthetic */ Builder realm(String str) {
            return super.realm(str);
        }

        /* JADX WARN: Type inference failed for: r0v1, types: [io.helidon.security.providers.oidc.common.OidcConfig$Builder, io.helidon.security.providers.oidc.common.BaseBuilder] */
        @Override // io.helidon.security.providers.oidc.common.BaseBuilder
        public /* bridge */ /* synthetic */ Builder identityUri(URI uri) {
            return super.identityUri(uri);
        }

        /* JADX WARN: Type inference failed for: r0v1, types: [io.helidon.security.providers.oidc.common.OidcConfig$Builder, io.helidon.security.providers.oidc.common.BaseBuilder] */
        @Override // io.helidon.security.providers.oidc.common.BaseBuilder
        public /* bridge */ /* synthetic */ Builder clientSecret(String str) {
            return super.clientSecret(str);
        }

        /* JADX WARN: Type inference failed for: r0v1, types: [io.helidon.security.providers.oidc.common.OidcConfig$Builder, io.helidon.security.providers.oidc.common.BaseBuilder] */
        @Override // io.helidon.security.providers.oidc.common.BaseBuilder
        public /* bridge */ /* synthetic */ Builder clientId(String str) {
            return super.clientId(str);
        }
    }

    /* loaded from: input_file:io/helidon/security/providers/oidc/common/OidcConfig$ClientAuthentication.class */
    public enum ClientAuthentication {
        CLIENT_SECRET_BASIC,
        CLIENT_SECRET_POST,
        CLIENT_SECRET_JWT,
        PRIVATE_KEY_JWT,
        NONE
    }

    /* loaded from: input_file:io/helidon/security/providers/oidc/common/OidcConfig$RequestType.class */
    public enum RequestType {
        CODE_TO_TOKEN,
        INTROSPECT_JWT
    }

    private OidcConfig(Builder builder) {
        super(builder);
        this.frontendUri = builder.frontendUri;
        this.redirectUri = builder.redirectUri;
        this.logoutUri = builder.logoutUri;
        this.logoutEnabled = builder.logoutEnabled;
        this.postLogoutUri = builder.postLogoutUri;
        this.redirect = builder.redirect;
        this.redirectAttemptParam = builder.redirectAttemptParam;
        this.maxRedirects = builder.maxRedirects;
        this.forceHttpsRedirects = builder.forceHttpsRedirects;
        this.crossOriginConfig = builder.crossOriginConfig;
        this.tokenRefreshSkew = builder.tokenRefreshSkew;
        this.tenantConfigurations = Map.copyOf(builder.tenantConfigurations);
        this.webClient = builder.webClient;
        this.generalClient = builder.generalClient;
        this.relativeUris = builder.relativeUris;
        this.useParam = builder.useParam;
        this.paramName = builder.paramName;
        this.tenantParamName = builder.tenantParamName;
        this.useHeader = builder.useHeader;
        this.headerHandler = builder.headerHandler;
        this.useCookie = builder.useCookie;
        this.tokenCookieHandler = builder.tokenCookieBuilder.m8build();
        this.idTokenCookieHandler = builder.idTokenCookieBuilder.m8build();
        this.tenantCookieHandler = builder.tenantCookieBuilder.m8build();
        if (builder.validateJwtWithJwk()) {
            this.introspectEndpoint = LazyValue.create(Optional.empty());
        } else {
            this.introspectEndpoint = LazyValue.create(() -> {
                return Optional.of(appClient().target(builder.introspectUri()));
            });
        }
        this.webClientBuilderSupplier = builder.webClientBuilderSupplier;
        this.jaxrsClientBuilderSupplier = builder.jaxrsClientBuilderSupplier;
        this.defaultTenant = LazyValue.create(() -> {
            return Tenant.create(this, this);
        });
        LOGGER.finest(() -> {
            return "Redirect URI with host: " + this.frontendUri + this.redirectUri;
        });
    }

    public static Builder builder() {
        return new Builder();
    }

    public static OidcConfig create(Config config) {
        return builder().config(config).m3build();
    }

    public static <T> Single<T> postJsonResponse(WebClientRequestBuilder webClientRequestBuilder, Object obj, Function<JsonObject, T> function, BiFunction<Http.ResponseStatus, String, Optional<T>> biFunction, BiFunction<Throwable, String, Optional<T>> biFunction2) {
        return webClientRequestBuilder.submit(obj).flatMapSingle(webClientResponse -> {
            return webClientResponse.status().family() == Http.ResponseStatus.Family.SUCCESSFUL ? webClientResponse.content().as(JsonObject.class).map(function).onErrorResumeWithSingle(th -> {
                return (Single) ((Optional) biFunction2.apply(th, "Failed to read JSON from response")).map(Single::just).orElseGet(() -> {
                    return Single.error(th);
                });
            }) : webClientResponse.content().as(String.class).flatMapSingle(str -> {
                return (Single) ((Optional) biFunction.apply(webClientResponse.status(), str)).map(Single::just).orElseGet(() -> {
                    return Single.error(new SecurityException("Failed to process request: " + str));
                });
            }).onErrorResumeWithSingle(th2 -> {
                return (Single) ((Optional) biFunction2.apply(th2, "Failed to process error entity")).map(Single::just).orElseGet(() -> {
                    return Single.error(th2);
                });
            });
        }).onErrorResumeWithSingle(th -> {
            return (Single) ((Optional) biFunction2.apply(th, "Failed to invoke request")).map(Single::just).orElseGet(() -> {
                return Single.error(th);
            });
        });
    }

    public boolean useParam() {
        return this.useParam;
    }

    public String paramName() {
        return this.paramName;
    }

    public String tenantParamName() {
        return this.tenantParamName;
    }

    public boolean useHeader() {
        return this.useHeader;
    }

    public TokenHandler headerHandler() {
        return this.headerHandler;
    }

    public boolean useCookie() {
        return this.useCookie;
    }

    public OidcCookieHandler tokenCookieHandler() {
        return this.tokenCookieHandler;
    }

    public OidcCookieHandler idTokenCookieHandler() {
        return this.idTokenCookieHandler;
    }

    public OidcCookieHandler tenantCookieHandler() {
        return this.tenantCookieHandler;
    }

    public String redirectUri() {
        return this.redirectUri;
    }

    public boolean forceHttpsRedirects() {
        return this.forceHttpsRedirects;
    }

    public boolean logoutEnabled() {
        return this.logoutEnabled;
    }

    public String logoutUri() {
        return this.logoutUri;
    }

    public URI postLogoutUri() {
        return this.postLogoutUri;
    }

    public String redirectUriWithHost() {
        if (this.frontendUri == null) {
            throw new SecurityException("Frontend URI is not defined");
        }
        return this.frontendUri + this.redirectUri;
    }

    public String redirectUriWithHost(String str) {
        return this.frontendUri != null ? redirectUriWithHost() : str + this.redirectUri;
    }

    public boolean shouldRedirect() {
        return this.redirect;
    }

    public String redirectAttemptParam() {
        return this.redirectAttemptParam;
    }

    public int maxRedirects() {
        return this.maxRedirects;
    }

    public CrossOriginConfig crossOriginConfig() {
        return this.crossOriginConfig;
    }

    public Duration tokenRefreshSkew() {
        return this.tokenRefreshSkew;
    }

    @Deprecated(forRemoval = true, since = "2.4.0")
    public String cookieName() {
        return tokenCookieHandler().cookieName();
    }

    @Deprecated(forRemoval = true, since = "2.4.0")
    public String cookieOptions() {
        return tokenCookieHandler().createCookieOptions();
    }

    @Deprecated(forRemoval = true, since = "2.4.0")
    public String cookieValuePrefix() {
        return tokenCookieHandler().cookieValuePrefix();
    }

    public boolean relativeUris() {
        return this.relativeUris;
    }

    @Deprecated(forRemoval = true, since = "2.4.0")
    public Client generalClient() {
        return this.generalClient;
    }

    public WebClient generalWebClient() {
        return this.webClient;
    }

    @Deprecated(forRemoval = true, since = "2.4.0")
    public Client appClient() {
        return ((Tenant) this.defaultTenant.get()).appClient();
    }

    public WebClient appWebClient() {
        return ((Tenant) this.defaultTenant.get()).appWebClient();
    }

    @Deprecated(forRemoval = true, since = "2.4.0")
    public WebTarget tokenEndpoint() {
        return ((Tenant) this.defaultTenant.get()).tokenEndpoint();
    }

    @Deprecated(forRemoval = true, since = "2.4.0")
    public WebTarget introspectEndpoint() {
        return (WebTarget) ((Optional) this.introspectEndpoint.get()).orElse(null);
    }

    public TenantConfig tenantConfig(String str) {
        TenantConfig tenantConfig = this.tenantConfigurations.get(str);
        return tenantConfig == null ? this.tenantConfigurations.getOrDefault(TenantConfigFinder.DEFAULT_TENANT_ID, this) : tenantConfig;
    }

    public URI tokenEndpointUri() {
        return ((Tenant) this.defaultTenant.get()).tokenEndpointUri();
    }

    public String authorizationEndpointUri() {
        return ((Tenant) this.defaultTenant.get()).authorizationEndpointUri();
    }

    public URI logoutEndpointUri() {
        return ((Tenant) this.defaultTenant.get()).logoutEndpointUri();
    }

    public String issuer() {
        return ((Tenant) this.defaultTenant.get()).issuer();
    }

    public JwkKeys signJwk() {
        return ((Tenant) this.defaultTenant.get()).signJwk();
    }

    public URI introspectUri() {
        return ((Tenant) this.defaultTenant.get()).introspectUri();
    }

    @Deprecated(since = "2.5.5", forRemoval = true)
    public void updateRequest(RequestType requestType, WebClientRequestBuilder webClientRequestBuilder, FormParams.Builder builder) {
        if (requestType == RequestType.CODE_TO_TOKEN && tokenEndpointAuthentication() == ClientAuthentication.CLIENT_SECRET_POST) {
            builder.add("client_id", new String[]{clientId()});
            builder.add("client_secret", new String[]{clientSecret()});
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Supplier<WebClient.Builder> webClientBuilderSupplier() {
        return this.webClientBuilderSupplier;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Supplier<ClientBuilder> jaxrsClientBuilderSupplier() {
        return this.jaxrsClientBuilderSupplier;
    }

    @Override // io.helidon.security.providers.oidc.common.TenantConfigImpl, io.helidon.security.providers.oidc.common.TenantConfig
    public /* bridge */ /* synthetic */ boolean useWellKnown() {
        return super.useWellKnown();
    }

    @Override // io.helidon.security.providers.oidc.common.TenantConfigImpl, io.helidon.security.providers.oidc.common.TenantConfig
    public /* bridge */ /* synthetic */ JsonObject oidcMetadata() {
        return super.oidcMetadata();
    }

    @Override // io.helidon.security.providers.oidc.common.TenantConfigImpl, io.helidon.security.providers.oidc.common.TenantConfig
    public /* bridge */ /* synthetic */ String serverType() {
        return super.serverType();
    }

    @Override // io.helidon.security.providers.oidc.common.TenantConfigImpl, io.helidon.security.providers.oidc.common.TenantConfig
    public /* bridge */ /* synthetic */ String clientSecret() {
        return super.clientSecret();
    }

    @Override // io.helidon.security.providers.oidc.common.TenantConfigImpl, io.helidon.security.providers.oidc.common.TenantConfig
    public /* bridge */ /* synthetic */ Optional authorizationEndpoint() {
        return super.authorizationEndpoint();
    }

    @Override // io.helidon.security.providers.oidc.common.TenantConfigImpl, io.helidon.security.providers.oidc.common.TenantConfig
    public /* bridge */ /* synthetic */ Duration clientTimeout() {
        return super.clientTimeout();
    }

    @Override // io.helidon.security.providers.oidc.common.TenantConfigImpl, io.helidon.security.providers.oidc.common.TenantConfig
    public /* bridge */ /* synthetic */ ClientAuthentication tokenEndpointAuthentication() {
        return super.tokenEndpointAuthentication();
    }

    @Override // io.helidon.security.providers.oidc.common.TenantConfigImpl, io.helidon.security.providers.oidc.common.TenantConfig
    public /* bridge */ /* synthetic */ String realm() {
        return super.realm();
    }

    @Override // io.helidon.security.providers.oidc.common.TenantConfigImpl, io.helidon.security.providers.oidc.common.TenantConfig
    public /* bridge */ /* synthetic */ URI identityUri() {
        return super.identityUri();
    }

    @Override // io.helidon.security.providers.oidc.common.TenantConfigImpl, io.helidon.security.providers.oidc.common.TenantConfig
    public /* bridge */ /* synthetic */ String scopeAudience() {
        return super.scopeAudience();
    }

    @Override // io.helidon.security.providers.oidc.common.TenantConfigImpl, io.helidon.security.providers.oidc.common.TenantConfig
    public /* bridge */ /* synthetic */ String audience() {
        return super.audience();
    }

    @Override // io.helidon.security.providers.oidc.common.TenantConfigImpl, io.helidon.security.providers.oidc.common.TenantConfig
    public /* bridge */ /* synthetic */ Optional tenantIssuer() {
        return super.tenantIssuer();
    }

    @Override // io.helidon.security.providers.oidc.common.TenantConfigImpl, io.helidon.security.providers.oidc.common.TenantConfig
    public /* bridge */ /* synthetic */ Optional tenantIntrospectUri() {
        return super.tenantIntrospectUri();
    }

    @Override // io.helidon.security.providers.oidc.common.TenantConfigImpl, io.helidon.security.providers.oidc.common.TenantConfig
    public /* bridge */ /* synthetic */ boolean validateJwtWithJwk() {
        return super.validateJwtWithJwk();
    }

    @Override // io.helidon.security.providers.oidc.common.TenantConfigImpl, io.helidon.security.providers.oidc.common.TenantConfig
    public /* bridge */ /* synthetic */ String baseScopes() {
        return super.baseScopes();
    }

    @Override // io.helidon.security.providers.oidc.common.TenantConfigImpl, io.helidon.security.providers.oidc.common.TenantConfig
    public /* bridge */ /* synthetic */ String name() {
        return super.name();
    }

    @Override // io.helidon.security.providers.oidc.common.TenantConfigImpl, io.helidon.security.providers.oidc.common.TenantConfig
    public /* bridge */ /* synthetic */ String clientId() {
        return super.clientId();
    }

    @Override // io.helidon.security.providers.oidc.common.TenantConfigImpl, io.helidon.security.providers.oidc.common.TenantConfig
    public /* bridge */ /* synthetic */ Optional tenantTokenEndpointUri() {
        return super.tenantTokenEndpointUri();
    }

    @Override // io.helidon.security.providers.oidc.common.TenantConfigImpl, io.helidon.security.providers.oidc.common.TenantConfig
    public /* bridge */ /* synthetic */ Optional tenantLogoutEndpointUri() {
        return super.tenantLogoutEndpointUri();
    }

    @Override // io.helidon.security.providers.oidc.common.TenantConfigImpl, io.helidon.security.providers.oidc.common.TenantConfig
    public /* bridge */ /* synthetic */ Optional tenantSignJwk() {
        return super.tenantSignJwk();
    }
}
