package io.helidon.security.providers.oidc;

import io.helidon.common.Errors;
import io.helidon.common.Severity;
import io.helidon.common.http.FormParams;
import io.helidon.common.http.Http;
import io.helidon.common.http.MediaType;
import io.helidon.common.reactive.Single;
import io.helidon.config.Config;
import io.helidon.config.DeprecatedConfig;
import io.helidon.security.AuthenticationResponse;
import io.helidon.security.EndpointConfig;
import io.helidon.security.Grant;
import io.helidon.security.OutboundSecurityResponse;
import io.helidon.security.Principal;
import io.helidon.security.ProviderRequest;
import io.helidon.security.Role;
import io.helidon.security.SecurityEnvironment;
import io.helidon.security.SecurityLevel;
import io.helidon.security.SecurityResponse;
import io.helidon.security.Subject;
import io.helidon.security.abac.scope.ScopeValidator;
import io.helidon.security.jwt.Jwt;
import io.helidon.security.jwt.JwtException;
import io.helidon.security.jwt.JwtUtil;
import io.helidon.security.jwt.SignedJwt;
import io.helidon.security.providers.common.OutboundConfig;
import io.helidon.security.providers.common.OutboundTarget;
import io.helidon.security.providers.common.TokenCredential;
import io.helidon.security.providers.oidc.common.OidcConfig;
import io.helidon.security.providers.oidc.common.OidcCookieHandler;
import io.helidon.security.spi.AuthenticationProvider;
import io.helidon.security.spi.OutboundSecurityProvider;
import io.helidon.security.util.TokenHandler;
import io.helidon.webclient.WebClientRequestBuilder;
import java.lang.annotation.Annotation;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionStage;
import java.util.function.BiConsumer;
import java.util.function.BiFunction;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import java.util.stream.Stream;

/* loaded from: input_file:io/helidon/security/providers/oidc/OidcProvider.class */
public final class OidcProvider implements AuthenticationProvider, OutboundSecurityProvider {
    private static final Logger LOGGER = Logger.getLogger(OidcProvider.class.getName());
    private final boolean optional;
    private final OidcConfig oidcConfig;
    private final TokenHandler paramHeaderHandler;
    private final BiFunction<SignedJwt, Errors.Collector, Single<Errors.Collector>> jwtValidator;
    private final Pattern attemptPattern;
    private final boolean propagate;
    private final OidcOutboundConfig outboundConfig;
    private final boolean useJwtGroups;
    private final BiConsumer<StringBuilder, String> scopeAppender;
    private final OidcCookieHandler cookieHandler;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: io.helidon.security.providers.oidc.OidcProvider$1, reason: invalid class name */
    /* loaded from: input_file:io/helidon/security/providers/oidc/OidcProvider$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$io$helidon$common$Severity = new int[Severity.values().length];

        static {
            try {
                $SwitchMap$io$helidon$common$Severity[Severity.FATAL.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$io$helidon$common$Severity[Severity.WARN.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$io$helidon$common$Severity[Severity.HINT.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    /* loaded from: input_file:io/helidon/security/providers/oidc/OidcProvider$Builder.class */
    public static final class Builder implements io.helidon.common.Builder<OidcProvider> {
        private OidcConfig oidcConfig;
        private Boolean propagate;
        private OutboundConfig outboundConfig;
        private boolean optional = false;
        private boolean useJwtGroups = true;
        private TokenHandler defaultOutboundHandler = TokenHandler.builder().tokenHeader("Authorization").tokenPrefix("Bearer ").build();

        /* renamed from: build, reason: merged with bridge method [inline-methods] */
        public OidcProvider m2build() {
            if (null == this.oidcConfig) {
                throw new IllegalArgumentException("OidcConfig must be configured");
            }
            if (this.outboundConfig == null) {
                this.outboundConfig = OutboundConfig.builder().build();
            }
            if (this.propagate == null) {
                this.propagate = Boolean.valueOf(this.outboundConfig.targets().size() > 0);
            }
            return new OidcProvider(this, new OidcOutboundConfig(this.outboundConfig, this.defaultOutboundHandler));
        }

        public Builder config(Config config) {
            config.get("optional").asBoolean().ifPresent((v1) -> {
                optional(v1);
            });
            if (null == this.oidcConfig && config.get("identity-uri").exists()) {
                this.oidcConfig = OidcConfig.create(config);
            }
            config.get("propagate").asBoolean().ifPresent((v1) -> {
                propagate(v1);
            });
            if (null == this.outboundConfig) {
                config.get("outbound").ifExists(config2 -> {
                    outboundConfig(OutboundConfig.create(config));
                });
            }
            config.get("use-jwt-groups").asBoolean().ifPresent((v1) -> {
                useJwtGroups(v1);
            });
            return this;
        }

        public Builder propagate(boolean z) {
            this.propagate = Boolean.valueOf(z);
            return this;
        }

        public Builder outboundConfig(OutboundConfig outboundConfig) {
            this.outboundConfig = outboundConfig;
            return this;
        }

        public Builder oidcConfig(OidcConfig oidcConfig) {
            this.oidcConfig = oidcConfig;
            return this;
        }

        public Builder optional(boolean z) {
            this.optional = z;
            return this;
        }

        public Builder useJwtGroups(boolean z) {
            this.useJwtGroups = z;
            return this;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/helidon/security/providers/oidc/OidcProvider$OidcOutboundConfig.class */
    public static final class OidcOutboundConfig {
        private final Map<OutboundTarget, OidcOutboundTarget> targetCache = new HashMap();
        private final OutboundConfig outboundConfig;
        private final TokenHandler defaultTokenHandler;
        private final OidcOutboundTarget defaultTarget;

        private OidcOutboundConfig(OutboundConfig outboundConfig, TokenHandler tokenHandler) {
            this.outboundConfig = outboundConfig;
            this.defaultTokenHandler = tokenHandler;
            this.defaultTarget = new OidcOutboundTarget(true, tokenHandler);
        }

        private boolean hasOutbound() {
            return this.outboundConfig.targets().size() > 0;
        }

        private OidcOutboundTarget findTarget(SecurityEnvironment securityEnvironment) {
            return (OidcOutboundTarget) this.outboundConfig.findTarget(securityEnvironment).map(outboundTarget -> {
                return this.targetCache.computeIfAbsent(outboundTarget, outboundTarget -> {
                    return new OidcOutboundTarget(((Boolean) outboundTarget.getConfig().flatMap(config -> {
                        return config.get("propagate").asBoolean().asOptional();
                    }).orElse(true)).booleanValue(), (TokenHandler) outboundTarget.getConfig().flatMap(config2 -> {
                        return DeprecatedConfig.get(config2, "outbound-token", "token").as(TokenHandler::create).asOptional();
                    }).orElse(this.defaultTokenHandler));
                });
            }).orElse(this.defaultTarget);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/helidon/security/providers/oidc/OidcProvider$OidcOutboundTarget.class */
    public static final class OidcOutboundTarget {
        private final boolean propagate;
        private final TokenHandler tokenHandler;

        private OidcOutboundTarget(boolean z, TokenHandler tokenHandler) {
            this.propagate = z;
            this.tokenHandler = tokenHandler;
        }
    }

    private OidcProvider(Builder builder, OidcOutboundConfig oidcOutboundConfig) {
        this.optional = builder.optional;
        this.oidcConfig = builder.oidcConfig;
        this.propagate = builder.propagate.booleanValue() && oidcOutboundConfig.hasOutbound();
        this.useJwtGroups = builder.useJwtGroups;
        this.outboundConfig = oidcOutboundConfig;
        this.cookieHandler = this.oidcConfig.tokenCookieHandler();
        this.attemptPattern = Pattern.compile(".*?" + this.oidcConfig.redirectAttemptParam() + "=(\\d+).*");
        if (this.oidcConfig.useParam()) {
            this.paramHeaderHandler = TokenHandler.forHeader("X_OIDC_TOKEN_HEADER");
        } else {
            this.paramHeaderHandler = null;
        }
        String scopeAudience = this.oidcConfig.scopeAudience();
        if (null == scopeAudience || scopeAudience.isEmpty()) {
            this.scopeAppender = (v0, v1) -> {
                v0.append(v1);
            };
        } else if (scopeAudience.endsWith("/")) {
            this.scopeAppender = (sb, str) -> {
                sb.append(scopeAudience).append(str);
            };
        } else {
            this.scopeAppender = (sb2, str2) -> {
                sb2.append(scopeAudience).append("/").append(str2);
            };
        }
        if (this.oidcConfig.validateJwtWithJwk()) {
            this.jwtValidator = (signedJwt, collector) -> {
                signedJwt.verifySignature(this.oidcConfig.signJwk()).forEach(errorMessage -> {
                    switch (AnonymousClass1.$SwitchMap$io$helidon$common$Severity[errorMessage.getSeverity().ordinal()]) {
                        case 1:
                            collector.fatal(errorMessage.getSource(), errorMessage.getMessage());
                            return;
                        case 2:
                            collector.warn(errorMessage.getSource(), errorMessage.getMessage());
                            return;
                        case 3:
                        default:
                            collector.hint(errorMessage.getSource(), errorMessage.getMessage());
                            return;
                    }
                });
                return Single.just(collector);
            };
        } else {
            this.jwtValidator = (signedJwt2, collector2) -> {
                FormParams.Builder add = FormParams.builder().add("token", new String[]{signedJwt2.tokenContent()});
                WebClientRequestBuilder headers = this.oidcConfig.appWebClient().post().uri(this.oidcConfig.introspectUri()).accept(new MediaType[]{MediaType.APPLICATION_JSON}).headers(webClientRequestHeaders -> {
                    webClientRequestHeaders.add("Cache-Control", new String[]{"no-cache, no-store, must-revalidate"});
                    return webClientRequestHeaders;
                });
                this.oidcConfig.updateRequest(OidcConfig.RequestType.INTROSPECT_JWT, headers, add);
                return OidcConfig.postJsonResponse(headers, add.build(), jsonObject -> {
                    if (!jsonObject.getBoolean("active")) {
                        collector2.fatal(jsonObject, "Token is not active");
                    }
                    return collector2;
                }, (responseStatus, str3) -> {
                    return Optional.of(collector2.fatal(responseStatus, "Failed to validate token, response status: " + responseStatus + ", entity: " + str3));
                }, (th, str4) -> {
                    return Optional.of(collector2.fatal(th, "Failed to validate token, request failed: " + str4));
                });
            };
        }
    }

    public static OidcProvider create(Config config) {
        return builder().config(config).m2build();
    }

    public static OidcProvider create(OidcConfig oidcConfig) {
        return builder().oidcConfig(oidcConfig).m2build();
    }

    public static Builder builder() {
        return new Builder();
    }

    public Collection<Class<? extends Annotation>> supportedAnnotations() {
        return Set.of(ScopeValidator.Scope.class, ScopeValidator.Scopes.class);
    }

    public CompletionStage<AuthenticationResponse> authenticate(ProviderRequest providerRequest) {
        LinkedList linkedList = new LinkedList();
        Optional empty = Optional.empty();
        try {
            if (this.oidcConfig.useHeader()) {
                empty = empty.or(() -> {
                    return this.oidcConfig.headerHandler().extractToken(providerRequest.env().headers());
                });
                if (empty.isEmpty()) {
                    linkedList.add("header");
                }
            }
            if (this.oidcConfig.useParam()) {
                empty = empty.or(() -> {
                    return this.paramHeaderHandler.extractToken(providerRequest.env().headers());
                });
                if (empty.isEmpty()) {
                    linkedList.add("query-param");
                }
            }
            if (this.oidcConfig.useCookie() && empty.isEmpty()) {
                Optional findCookie = this.cookieHandler.findCookie(providerRequest.env().headers());
                if (!findCookie.isEmpty()) {
                    return ((Single) findCookie.get()).flatMapSingle(str -> {
                        return validateToken(providerRequest, str);
                    }).onErrorResumeWithSingle(th -> {
                        if (LOGGER.isLoggable(Level.FINEST)) {
                            LOGGER.log(Level.FINEST, "Invalid token in cookie", th);
                        }
                        return Single.just(errorResponse(providerRequest, Http.Status.UNAUTHORIZED_401, null, "Invalid token"));
                    });
                }
                linkedList.add("cookie");
            }
            if (empty.isPresent()) {
                return validateToken(providerRequest, (String) empty.get());
            }
            LOGGER.finest(() -> {
                return "Missing token, could not find in either of: " + linkedList;
            });
            return CompletableFuture.completedFuture(errorResponse(providerRequest, Http.Status.UNAUTHORIZED_401, null, "Missing token, could not find in either of: " + linkedList));
        } catch (SecurityException e) {
            LOGGER.log(Level.FINEST, "Failed to extract token from one of the configured locations", (Throwable) e);
            return failOrAbstain("Failed to extract one of the configured tokens" + e);
        }
    }

    private Set<String> expectedScopes(ProviderRequest providerRequest) {
        HashSet hashSet = new HashSet();
        for (SecurityLevel securityLevel : providerRequest.endpointConfig().securityLevels()) {
            securityLevel.combineAnnotations(ScopeValidator.Scopes.class, EndpointConfig.AnnotationScope.values()).stream().map((v0) -> {
                return v0.value();
            }).map((v0) -> {
                return Arrays.asList(v0);
            }).map((v0) -> {
                return v0.stream();
            }).forEach(stream -> {
                Stream map = stream.map((v0) -> {
                    return v0.value();
                });
                Objects.requireNonNull(hashSet);
                map.forEach((v1) -> {
                    r1.add(v1);
                });
            });
            Stream map = securityLevel.combineAnnotations(ScopeValidator.Scope.class, EndpointConfig.AnnotationScope.values()).stream().map((v0) -> {
                return v0.value();
            });
            Objects.requireNonNull(hashSet);
            map.forEach((v1) -> {
                r1.add(v1);
            });
        }
        return hashSet;
    }

    private AuthenticationResponse errorResponse(ProviderRequest providerRequest, Http.Status status, String str, String str2) {
        if (!this.oidcConfig.shouldRedirect()) {
            return errorResponseNoRedirect(str, str2, status);
        }
        String origUri = origUri(providerRequest);
        if (redirectAttempt(origUri) >= this.oidcConfig.maxRedirects()) {
            return errorResponseNoRedirect(str, str2, status);
        }
        Set<String> expectedScopes = expectedScopes(providerRequest);
        StringBuilder sb = new StringBuilder(this.oidcConfig.baseScopes());
        for (String str3 : expectedScopes) {
            if (sb.length() > 0) {
                sb.append(' ');
            }
            String str4 = str3;
            if (str4.startsWith("/")) {
                str4 = str4.substring(1);
            }
            this.scopeAppender.accept(sb, str4);
        }
        String encode = URLEncoder.encode(sb.toString(), StandardCharsets.UTF_8);
        String authorizationEndpointUri = this.oidcConfig.authorizationEndpointUri();
        String uuid = UUID.randomUUID().toString();
        String redirectUri = redirectUri(providerRequest.env());
        StringBuilder sb2 = new StringBuilder("?");
        sb2.append("client_id=").append(this.oidcConfig.clientId()).append("&");
        sb2.append("response_type=code&");
        sb2.append("redirect_uri=").append(redirectUri).append("&");
        sb2.append("scope=").append(encode).append("&");
        sb2.append("nonce=").append(uuid).append("&");
        sb2.append("state=").append(encodeState(origUri));
        return AuthenticationResponse.builder().status(SecurityResponse.SecurityStatus.FAILURE_FINISH).statusCode(Http.Status.TEMPORARY_REDIRECT_307.code()).description("Redirecting to identity server: " + str2).responseHeader("Location", authorizationEndpointUri + sb2).build();
    }

    private String redirectUri(SecurityEnvironment securityEnvironment) {
        for (Map.Entry entry : securityEnvironment.headers().entrySet()) {
            if (((String) entry.getKey()).equalsIgnoreCase("host") && !((List) entry.getValue()).isEmpty()) {
                return this.oidcConfig.redirectUriWithHost(securityEnvironment.transport() + "://" + ((String) ((List) entry.getValue()).get(0)));
            }
        }
        return this.oidcConfig.redirectUriWithHost();
    }

    private CompletionStage<AuthenticationResponse> failOrAbstain(String str) {
        return this.optional ? CompletableFuture.completedFuture(AuthenticationResponse.builder().status(SecurityResponse.SecurityStatus.ABSTAIN).description(str).build()) : CompletableFuture.completedFuture(AuthenticationResponse.builder().status(SecurityResponse.SecurityStatus.FAILURE).description(str).build());
    }

    private AuthenticationResponse errorResponseNoRedirect(String str, String str2, Http.Status status) {
        return this.optional ? AuthenticationResponse.builder().status(SecurityResponse.SecurityStatus.ABSTAIN).description(str2).build() : null == str ? AuthenticationResponse.builder().status(SecurityResponse.SecurityStatus.FAILURE).statusCode(Http.Status.UNAUTHORIZED_401.code()).responseHeader("WWW-Authenticate", "Bearer realm=\"" + this.oidcConfig.realm() + "\"").description(str2).build() : AuthenticationResponse.builder().status(SecurityResponse.SecurityStatus.FAILURE).statusCode(status.code()).responseHeader("WWW-Authenticate", errorHeader(str, str2)).description(str2).build();
    }

    private int redirectAttempt(String str) {
        if (!str.contains("?")) {
            return 1;
        }
        Matcher matcher = this.attemptPattern.matcher(str);
        if (matcher.matches()) {
            return Integer.parseInt(matcher.group(1));
        }
        return 1;
    }

    private String errorHeader(String str, String str2) {
        return "Bearer realm=\"" + this.oidcConfig.realm() + "\", error=\"" + str + "\", error_description=\"" + str2 + "\"";
    }

    private String origUri(ProviderRequest providerRequest) {
        List list = (List) providerRequest.env().headers().getOrDefault("X_ORIG_URI_HEADER", List.of());
        if (list.isEmpty()) {
            list = List.of(providerRequest.env().targetUri().getPath());
        }
        return (String) list.get(0);
    }

    private String encodeState(String str) {
        return URLEncoder.encode(str, StandardCharsets.UTF_8);
    }

    private Single<AuthenticationResponse> validateToken(ProviderRequest providerRequest, String str) {
        try {
            SignedJwt parseToken = SignedJwt.parseToken(str);
            return this.jwtValidator.apply(parseToken, Errors.collector()).map(collector -> {
                return processValidationResult(providerRequest, parseToken, collector);
            }).onErrorResume(th -> {
                LOGGER.log(Level.FINEST, "Failed to validate request", th);
                return AuthenticationResponse.failed("Failed to validate JWT", th);
            });
        } catch (Exception e) {
            LOGGER.log(Level.FINEST, "Could not parse inbound token", (Throwable) e);
            return Single.just(AuthenticationResponse.failed("Invalid token", e));
        }
    }

    private AuthenticationResponse processValidationResult(ProviderRequest providerRequest, SignedJwt signedJwt, Errors.Collector collector) {
        Jwt jwt = signedJwt.getJwt();
        Errors collect = collector.collect();
        Errors validate = jwt.validate(this.oidcConfig.issuer(), this.oidcConfig.audience());
        if (!collect.isValid() || !validate.isValid()) {
            if (LOGGER.isLoggable(Level.FINEST)) {
                collect.log(LOGGER);
                validate.log(LOGGER);
            }
            return errorResponse(providerRequest, Http.Status.UNAUTHORIZED_401, "invalid_token", "Token not valid");
        }
        collect.log(LOGGER);
        Subject buildSubject = buildSubject(jwt, signedJwt);
        Set set = (Set) buildSubject.grantsByType("scope").stream().map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toSet());
        Set<String> expectedScopes = expectedScopes(providerRequest);
        LinkedList linkedList = new LinkedList();
        for (String str : expectedScopes) {
            if (!set.contains(str)) {
                linkedList.add(str);
            }
        }
        return linkedList.isEmpty() ? AuthenticationResponse.success(buildSubject) : errorResponse(providerRequest, Http.Status.FORBIDDEN_403, "insufficient_scope", "Scopes " + linkedList + " are missing");
    }

    public boolean isOutboundSupported(ProviderRequest providerRequest, SecurityEnvironment securityEnvironment, EndpointConfig endpointConfig) {
        if (this.propagate) {
            return this.outboundConfig.findTarget(securityEnvironment).propagate;
        }
        return false;
    }

    public CompletionStage<OutboundSecurityResponse> outboundSecurity(ProviderRequest providerRequest, SecurityEnvironment securityEnvironment, EndpointConfig endpointConfig) {
        Optional user = providerRequest.securityContext().user();
        if (user.isPresent()) {
            Optional publicCredential = ((Subject) user.get()).publicCredential(TokenCredential.class);
            if (publicCredential.isPresent()) {
                String str = ((TokenCredential) publicCredential.get()).token();
                OidcOutboundTarget findTarget = this.outboundConfig.findTarget(securityEnvironment);
                if (findTarget.propagate) {
                    HashMap hashMap = new HashMap(securityEnvironment.headers());
                    findTarget.tokenHandler.header(hashMap, str);
                    return CompletableFuture.completedFuture(OutboundSecurityResponse.withHeaders(hashMap));
                }
            }
        }
        return CompletableFuture.completedFuture(OutboundSecurityResponse.empty());
    }

    private Subject buildSubject(Jwt jwt, SignedJwt signedJwt) {
        Principal buildPrincipal = buildPrincipal(jwt);
        TokenCredential.Builder builder = TokenCredential.builder();
        Optional issueTime = jwt.issueTime();
        Objects.requireNonNull(builder);
        issueTime.ifPresent(builder::issueTime);
        Optional expirationTime = jwt.expirationTime();
        Objects.requireNonNull(builder);
        expirationTime.ifPresent(builder::expTime);
        Optional issuer = jwt.issuer();
        Objects.requireNonNull(builder);
        issuer.ifPresent(builder::issuer);
        builder.token(signedJwt.tokenContent());
        builder.addToken(Jwt.class, jwt);
        builder.addToken(SignedJwt.class, signedJwt);
        Subject.Builder addPublicCredential = Subject.builder().principal(buildPrincipal).addPublicCredential(TokenCredential.class, builder.build());
        if (this.useJwtGroups) {
            jwt.userGroups().ifPresent(list -> {
                list.forEach(str -> {
                    addPublicCredential.addGrant(Role.create(str));
                });
            });
        }
        jwt.scopes().ifPresent(list2 -> {
            list2.forEach(str -> {
                addPublicCredential.addGrant(Grant.builder().name(str).type("scope").build());
            });
        });
        return addPublicCredential.build();
    }

    private Principal buildPrincipal(Jwt jwt) {
        String str = (String) jwt.subject().orElseThrow(() -> {
            return new JwtException("JWT does not contain subject claim, cannot create principal.");
        });
        String str2 = (String) jwt.preferredUsername().orElse(str);
        Principal.Builder builder = Principal.builder();
        builder.name(str2).id(str);
        jwt.payloadClaims().forEach((str3, jsonValue) -> {
            builder.addAttribute(str3, JwtUtil.toObject(jsonValue));
        });
        jwt.email().ifPresent(str4 -> {
            builder.addAttribute("email", str4);
        });
        jwt.emailVerified().ifPresent(bool -> {
            builder.addAttribute("email_verified", bool);
        });
        jwt.locale().ifPresent(locale -> {
            builder.addAttribute("locale", locale);
        });
        jwt.familyName().ifPresent(str5 -> {
            builder.addAttribute("family_name", str5);
        });
        jwt.givenName().ifPresent(str6 -> {
            builder.addAttribute("given_name", str6);
        });
        jwt.fullName().ifPresent(str7 -> {
            builder.addAttribute("full_name", str7);
        });
        return builder.build();
    }
}
