package io.helidon.security;

import io.helidon.common.configurable.ThreadPoolSupplier;
import io.helidon.common.reactive.Single;
import io.helidon.common.serviceloader.HelidonServiceLoader;
import io.helidon.config.Config;
import io.helidon.config.ConfigValue;
import io.helidon.config.metadata.Configured;
import io.helidon.security.SecurityContext;
import io.helidon.security.SecurityEnvironment;
import io.helidon.security.spi.AuditProvider;
import io.helidon.security.spi.AuthenticationProvider;
import io.helidon.security.spi.AuthorizationProvider;
import io.helidon.security.spi.DigestProvider;
import io.helidon.security.spi.EncryptionProvider;
import io.helidon.security.spi.OutboundSecurityProvider;
import io.helidon.security.spi.ProviderConfig;
import io.helidon.security.spi.ProviderSelectionPolicy;
import io.helidon.security.spi.SecretsProvider;
import io.helidon.security.spi.SecurityProvider;
import io.helidon.security.spi.SecurityProviderService;
import io.helidon.security.spi.SubjectMappingProvider;
import io.helidon.tracing.Tracer;
import java.lang.System;
import java.lang.annotation.Annotation;
import java.lang.reflect.Constructor;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.IdentityHashMap;
import java.util.LinkedHashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.ServiceLoader;
import java.util.Set;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionStage;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.atomic.AtomicReference;
import java.util.function.Function;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import java.util.stream.Stream;

/* loaded from: input_file:io/helidon/security/Security.class */
public interface Security {
    public static final String HEADER_ORIG_URI = "X_ORIG_URI_HEADER";

    @Configured(root = true, prefix = AuditEvent.SECURITY_TYPE_PREFIX, description = "Configuration of security providers, integration and other security options")
    /* loaded from: input_file:io/helidon/security/Security$Builder.class */
    public static final class Builder implements io.helidon.common.Builder<Builder, Security> {
        private static final System.Logger LOGGER = System.getLogger(Builder.class.getName());
        private NamedProvider<AuthenticationProvider> authnProvider;
        private NamedProvider<AuthorizationProvider> authzProvider;
        private SubjectMappingProvider subjectMappingProvider;
        private Tracer tracer;
        private final Set<AuditProvider> auditProviders = new LinkedHashSet();
        private final List<NamedProvider<AuthenticationProvider>> atnProviders = new LinkedList();
        private final List<NamedProvider<AuthorizationProvider>> atzProviders = new LinkedList();
        private final List<NamedProvider<OutboundSecurityProvider>> outboundProviders = new LinkedList();
        private final Map<String, SecretsProvider<?>> secretsProviders = new HashMap();
        private final Map<String, EncryptionProvider<?>> encryptionProviders = new HashMap();
        private final Map<String, DigestProvider<?>> digestProviders = new HashMap();
        private final Map<SecurityProvider, Boolean> allProviders = new IdentityHashMap();
        private final Map<String, Supplier<Single<Optional<String>>>> secrets = new HashMap();
        private final Map<String, EncryptionProvider.EncryptionSupport> encryptions = new HashMap();
        private final Map<String, DigestProvider.DigestSupport> digests = new HashMap();
        private final Set<String> providerNames = new HashSet();
        private Config config = Config.empty();
        private Function<ProviderSelectionPolicy.Providers, ProviderSelectionPolicy> providerSelectionPolicy = FirstProviderSelectionPolicy::new;
        private boolean tracingEnabled = true;
        private SecurityTime serverTime = SecurityTime.builder().m30build();
        private Supplier<ExecutorService> executorService = ThreadPoolSupplier.create("security-thread-pool");
        private boolean enabled = true;

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:io/helidon/security/Security$Builder$DefaultAtzProvider.class */
        public static class DefaultAtzProvider implements AuthorizationProvider {
            private DefaultAtzProvider() {
            }

            @Override // io.helidon.security.spi.AuthorizationProvider
            public CompletionStage<AuthorizationResponse> authorize(ProviderRequest providerRequest) {
                return CompletableFuture.completedFuture(AuthorizationResponse.permit());
            }
        }

        private Builder() {
        }

        public Builder providerSelectionPolicy(Function<ProviderSelectionPolicy.Providers, ProviderSelectionPolicy> function) {
            this.providerSelectionPolicy = function;
            return this;
        }

        public Builder serverTime(SecurityTime securityTime) {
            this.serverTime = securityTime;
            return this;
        }

        public Builder tracer(Tracer tracer) {
            this.tracer = tracer;
            tracingEnabled(null != tracer);
            return this;
        }

        public Builder tracingEnabled(boolean z) {
            this.tracingEnabled = z;
            return this;
        }

        public Builder disableTracing() {
            return tracingEnabled(false);
        }

        public Builder addProvider(SecurityProvider securityProvider) {
            return addProvider(securityProvider, securityProvider.getClass().getSimpleName());
        }

        public Builder addProvider(Supplier<? extends SecurityProvider> supplier) {
            return addProvider(supplier.get());
        }

        public Builder addProvider(SecurityProvider securityProvider, String str) {
            Objects.requireNonNull(securityProvider);
            if (securityProvider instanceof AuthenticationProvider) {
                addAuthenticationProvider((AuthenticationProvider) securityProvider, str);
            }
            if (securityProvider instanceof AuthorizationProvider) {
                addAuthorizationProvider((AuthorizationProvider) securityProvider, str);
            }
            if (securityProvider instanceof OutboundSecurityProvider) {
                addOutboundSecurityProvider((OutboundSecurityProvider) securityProvider, str);
            }
            if (securityProvider instanceof AuditProvider) {
                addAuditProvider((AuditProvider) securityProvider);
            }
            if (securityProvider instanceof SubjectMappingProvider) {
                subjectMappingProvider((SubjectMappingProvider) securityProvider);
            }
            return this;
        }

        public Builder addProvider(Supplier<? extends SecurityProvider> supplier, String str) {
            return addProvider(supplier.get(), str);
        }

        public Builder authenticationProvider(AuthenticationProvider authenticationProvider) {
            this.authnProvider = new NamedProvider<>(authenticationProvider.getClass().getSimpleName(), authenticationProvider);
            return addAuthenticationProvider(authenticationProvider, authenticationProvider.getClass().getSimpleName());
        }

        public Builder authenticationProvider(Supplier<? extends AuthenticationProvider> supplier) {
            return authenticationProvider(supplier.get());
        }

        public Builder authorizationProvider(AuthorizationProvider authorizationProvider) {
            this.authzProvider = new NamedProvider<>(authorizationProvider.getClass().getSimpleName(), authorizationProvider);
            return addAuthorizationProvider(authorizationProvider, authorizationProvider.getClass().getSimpleName());
        }

        public Builder authorizationProvider(Supplier<? extends AuthorizationProvider> supplier) {
            return authorizationProvider(supplier.get());
        }

        public Builder addAuthenticationProvider(AuthenticationProvider authenticationProvider) {
            return addAuthenticationProvider(authenticationProvider, authenticationProvider.getClass().getSimpleName());
        }

        public Builder addAuthenticationProvider(Supplier<? extends AuthenticationProvider> supplier) {
            return addAuthenticationProvider(supplier.get());
        }

        public Builder addAuthenticationProvider(AuthenticationProvider authenticationProvider, String str) {
            Objects.requireNonNull(authenticationProvider);
            NamedProvider<AuthenticationProvider> namedProvider = new NamedProvider<>(str, authenticationProvider);
            if (null == this.authnProvider) {
                this.authnProvider = namedProvider;
            }
            this.atnProviders.add(namedProvider);
            this.allProviders.put(authenticationProvider, true);
            if (null != str) {
                this.providerNames.add(str);
            }
            return this;
        }

        public Builder addAuthenticationProvider(Supplier<? extends AuthenticationProvider> supplier, String str) {
            return addAuthenticationProvider(supplier.get(), str);
        }

        public Builder addAuthorizationProvider(AuthorizationProvider authorizationProvider) {
            return addAuthorizationProvider(authorizationProvider, authorizationProvider.getClass().getSimpleName());
        }

        public Builder addAuthorizationProvider(Supplier<? extends AuthorizationProvider> supplier) {
            return addAuthorizationProvider(supplier.get());
        }

        public Builder addAuthorizationProvider(AuthorizationProvider authorizationProvider, String str) {
            Objects.requireNonNull(authorizationProvider);
            NamedProvider<AuthorizationProvider> namedProvider = new NamedProvider<>(str, authorizationProvider);
            if (null == this.authzProvider) {
                this.authzProvider = namedProvider;
            }
            this.atzProviders.add(namedProvider);
            this.allProviders.put(authorizationProvider, true);
            if (null != str) {
                this.providerNames.add(str);
            }
            return this;
        }

        public Builder addAuthorizationProvider(Supplier<? extends AuthorizationProvider> supplier, String str) {
            return addAuthorizationProvider(supplier.get(), str);
        }

        public Builder addOutboundSecurityProvider(OutboundSecurityProvider outboundSecurityProvider) {
            return addOutboundSecurityProvider(outboundSecurityProvider, outboundSecurityProvider.getClass().getSimpleName());
        }

        public Builder addOutboundSecurityProvider(Supplier<? extends OutboundSecurityProvider> supplier) {
            return addOutboundSecurityProvider(supplier.get());
        }

        public Builder addOutboundSecurityProvider(Supplier<? extends OutboundSecurityProvider> supplier, String str) {
            return addOutboundSecurityProvider(supplier.get(), str);
        }

        public Builder addOutboundSecurityProvider(OutboundSecurityProvider outboundSecurityProvider, String str) {
            Objects.requireNonNull(outboundSecurityProvider);
            Objects.requireNonNull(str);
            this.outboundProviders.add(new NamedProvider<>(str, outboundSecurityProvider));
            this.allProviders.put(outboundSecurityProvider, true);
            this.providerNames.add(str);
            return this;
        }

        public Builder addSecretProvider(SecretsProvider<?> secretsProvider, String str) {
            Objects.requireNonNull(secretsProvider);
            Objects.requireNonNull(str);
            this.secretsProviders.put(str, secretsProvider);
            this.allProviders.put(secretsProvider, true);
            this.providerNames.add(str);
            return this;
        }

        public Builder addEncryptionProvider(EncryptionProvider<?> encryptionProvider, String str) {
            Objects.requireNonNull(encryptionProvider);
            Objects.requireNonNull(str);
            this.encryptionProviders.put(str, encryptionProvider);
            this.allProviders.put(encryptionProvider, true);
            this.providerNames.add(str);
            return this;
        }

        public Builder addDigestProvider(DigestProvider<?> digestProvider, String str) {
            Objects.requireNonNull(digestProvider);
            Objects.requireNonNull(str);
            this.digestProviders.put(str, digestProvider);
            this.allProviders.put(digestProvider, true);
            this.providerNames.add(str);
            return this;
        }

        public Builder addAuditProvider(AuditProvider auditProvider) {
            this.auditProviders.add(auditProvider);
            this.allProviders.put(auditProvider, true);
            return this;
        }

        public Builder subjectMappingProvider(SubjectMappingProvider subjectMappingProvider) {
            this.subjectMappingProvider = subjectMappingProvider;
            this.allProviders.put(subjectMappingProvider, true);
            return this;
        }

        public Builder addAuditProvider(Supplier<? extends AuditProvider> supplier) {
            return addAuditProvider(supplier.get());
        }

        public Builder config(Config config) {
            this.config = config;
            fromConfig(config);
            return this;
        }

        public Builder enabled(boolean z) {
            this.enabled = z;
            return this;
        }

        /* renamed from: build, reason: merged with bridge method [inline-methods] */
        public Security m21build() {
            if (this.allProviders.isEmpty() && this.enabled) {
                LOGGER.log(System.Logger.Level.WARNING, "Security component is NOT configured with any security providers.");
            }
            if (this.auditProviders.isEmpty()) {
                addAuditProvider(DefaultAuditProvider.create(this.config));
            }
            if (this.atnProviders.isEmpty()) {
                addAuthenticationProvider(providerRequest -> {
                    return CompletableFuture.completedFuture(AuthenticationResponse.success(SecurityContext.ANONYMOUS));
                }, "default");
            }
            if (this.atzProviders.isEmpty()) {
                addAuthorizationProvider(new DefaultAtzProvider(), "default");
            }
            if (!this.enabled) {
                providerSelectionPolicy(FirstProviderSelectionPolicy::new);
            }
            return new SecurityImpl(this);
        }

        public <T extends ProviderConfig> Builder addSecret(String str, SecretsProvider<T> secretsProvider, T t) {
            this.secrets.put(str, secretsProvider.secret((SecretsProvider<T>) t));
            return this;
        }

        public <T extends ProviderConfig> Builder addEncryption(String str, EncryptionProvider<T> encryptionProvider, T t) {
            this.encryptions.put(str, encryptionProvider.encryption((EncryptionProvider<T>) t));
            return this;
        }

        public <T extends ProviderConfig> Builder addDigest(String str, DigestProvider<T> digestProvider, T t) {
            this.digests.put(str, digestProvider.digest((DigestProvider<T>) t));
            return this;
        }

        private void fromConfig(Config config) {
            config.get("enabled").asBoolean().ifPresent((v1) -> {
                enabled(v1);
            });
            if (!this.enabled) {
                LOGGER.log(System.Logger.Level.INFO, "Security is disabled, ignoring provider configuration");
                return;
            }
            config.get("environment.server-time").as(SecurityTime::create).ifPresent(this::serverTime);
            executorService(ThreadPoolSupplier.create(config.get("environment.executor-service"), "security-thread-pool"));
            HashMap hashMap = new HashMap();
            HashMap hashMap2 = new HashMap();
            String loadProviderServices = loadProviderServices(hashMap, hashMap2);
            config.get("tracing.enabled").as(Boolean.class).ifPresent((v1) -> {
                tracingEnabled(v1);
            });
            config.get("providers").asList(Config.class).ifPresent(list -> {
                list.forEach(config2 -> {
                    providerFromConfig(hashMap, hashMap2, loadProviderServices, config2);
                });
            });
            String str = (String) config.get("default-authentication-provider").asString().orElse((Object) null);
            if (null != str) {
                authenticationProvider((AuthenticationProvider) this.atnProviders.stream().filter(namedProvider -> {
                    return namedProvider.getName().equals(str);
                }).findFirst().map((v0) -> {
                    return v0.getProvider();
                }).orElseThrow(() -> {
                    return new SecurityException("Authentication provider named \"" + str + "\" is set as default, yet no provider configuration exists");
                }));
            }
            String str2 = (String) config.get("default-authorization-provider").asString().orElse((Object) null);
            if (null != str2) {
                authorizationProvider((AuthorizationProvider) this.atzProviders.stream().filter(namedProvider2 -> {
                    return namedProvider2.getName().equals(str2);
                }).findFirst().map((v0) -> {
                    return v0.getProvider();
                }).orElseThrow(() -> {
                    return new SecurityException("Authorization provider named \"" + str2 + "\" is set as default, yet no provider configuration exists");
                }));
            }
            Config config2 = config.get("provider-policy");
            ProviderSelectionPolicyType providerSelectionPolicyType = (ProviderSelectionPolicyType) config2.get("type").asString().map(ProviderSelectionPolicyType::valueOf).orElse(ProviderSelectionPolicyType.FIRST);
            switch (providerSelectionPolicyType) {
                case FIRST:
                    this.providerSelectionPolicy = FirstProviderSelectionPolicy::new;
                    break;
                case COMPOSITE:
                    this.providerSelectionPolicy = CompositeProviderSelectionPolicy.create(config2);
                    break;
                case CLASS:
                    this.providerSelectionPolicy = findProviderSelectionPolicy(config2);
                    break;
                default:
                    throw new IllegalStateException("Invalid enum option: " + providerSelectionPolicyType + ", probably version mis-match");
            }
            config.get("secrets").asList(Config.class).ifPresent(list2 -> {
                list2.forEach(config3 -> {
                    String str3 = (String) config3.get("name").asString().get();
                    String str4 = (String) config3.get("provider").asString().get();
                    Config config3 = config3.get("config");
                    SecretsProvider<?> secretsProvider = this.secretsProviders.get(str4);
                    if (secretsProvider == null) {
                        throw new SecurityException("Provider \"" + str4 + "\" used for secret \"" + str3 + "\" not found");
                    }
                    this.secrets.put(str3, secretsProvider.secret(config3));
                });
            });
            config.get("encryption").asList(Config.class).ifPresent(list3 -> {
                list3.forEach(config3 -> {
                    String str3 = (String) config3.get("name").asString().get();
                    String str4 = (String) config3.get("provider").asString().get();
                    Config config3 = config3.get("config");
                    EncryptionProvider<?> encryptionProvider = this.encryptionProviders.get(str4);
                    if (encryptionProvider == null) {
                        throw new SecurityException("Provider \"" + str4 + "\" used for encryption \"" + str3 + "\" not found");
                    }
                    this.encryptions.put(str3, encryptionProvider.encryption(config3));
                });
            });
            config.get("digest").asList(Config.class).ifPresent(list4 -> {
                list4.forEach(config3 -> {
                    String str3 = (String) config3.get("name").asString().get();
                    String str4 = (String) config3.get("provider").asString().get();
                    Config config3 = config3.get("config");
                    DigestProvider<?> digestProvider = this.digestProviders.get(str4);
                    if (digestProvider == null) {
                        throw new SecurityException("Provider \"" + str4 + "\" used for digest \"" + str3 + "\" not found");
                    }
                    this.digests.put(str3, digestProvider.digest(config3));
                });
            });
        }

        private void providerFromConfig(Map<String, SecurityProviderService> map, Map<String, SecurityProviderService> map2, String str, Config config) {
            AtomicReference<SecurityProviderService> atomicReference = new AtomicReference<>();
            AtomicReference<Config> atomicReference2 = new AtomicReference<>();
            String str2 = (String) config.get("class").asString().orElse((Object) null);
            if (null == str2) {
                findProviderService(map, str, config, atomicReference, atomicReference2);
            } else {
                SecurityProviderService securityProviderService = map2.get(str2);
                if (null == securityProviderService) {
                    findProviderSpecificConfig(config, atomicReference2);
                } else {
                    atomicReference.set(securityProviderService);
                    atomicReference2.set(config.get(securityProviderService.providerConfigKey()));
                }
            }
            Config config2 = atomicReference2.get();
            SecurityProviderService securityProviderService2 = atomicReference.get();
            if (null == str2 && null == securityProviderService2) {
                throw new SecurityException("Each configured provider MUST have a \"class\" configuration property defined or a custom configuration section mapped to that provider, supported keys: " + str);
            }
            String resolveProviderName = resolveProviderName(config, str2, config2, securityProviderService2);
            boolean booleanValue = ((Boolean) config.get("is-authentication-provider").asBoolean().orElse(true)).booleanValue();
            boolean booleanValue2 = ((Boolean) config.get("is-authorization-provider").asBoolean().orElse(true)).booleanValue();
            boolean booleanValue3 = ((Boolean) config.get("is-client-security-provider").asBoolean().orElse(true)).booleanValue();
            boolean booleanValue4 = ((Boolean) config.get("is-audit-provider").asBoolean().orElse(true)).booleanValue();
            boolean booleanValue5 = ((Boolean) config.get("is-subject-mapper").asBoolean().orElse(true)).booleanValue();
            SecurityProvider providerInstance = null == securityProviderService2 ? (SecurityProvider) SecurityUtil.instantiate(str2, SecurityProvider.class, config2) : securityProviderService2.providerInstance(config2);
            if (booleanValue && (providerInstance instanceof AuthenticationProvider)) {
                addAuthenticationProvider((AuthenticationProvider) providerInstance, resolveProviderName);
            }
            if (booleanValue2 && (providerInstance instanceof AuthorizationProvider)) {
                addAuthorizationProvider((AuthorizationProvider) providerInstance, resolveProviderName);
            }
            if (booleanValue3 && (providerInstance instanceof OutboundSecurityProvider)) {
                addOutboundSecurityProvider((OutboundSecurityProvider) providerInstance, resolveProviderName);
            }
            if (booleanValue4 && (providerInstance instanceof AuditProvider)) {
                addAuditProvider((AuditProvider) providerInstance);
            }
            if (booleanValue5 && (providerInstance instanceof SubjectMappingProvider)) {
                subjectMappingProvider((SubjectMappingProvider) providerInstance);
            }
            if (providerInstance instanceof SecretsProvider) {
                addSecretProvider((SecretsProvider) providerInstance, resolveProviderName);
            }
            if (providerInstance instanceof EncryptionProvider) {
                addEncryptionProvider((EncryptionProvider) providerInstance, resolveProviderName);
            }
            if (providerInstance instanceof DigestProvider) {
                addDigestProvider((DigestProvider) providerInstance, resolveProviderName);
            }
        }

        public Builder executorService(Supplier<ExecutorService> supplier) {
            this.executorService = supplier;
            return this;
        }

        private String resolveProviderName(Config config, String str, Config config2, SecurityProviderService securityProviderService) {
            return (String) config.get("name").asString().orElseGet(() -> {
                if (null != config2) {
                    return config2.name();
                }
                if (null == str) {
                    return securityProviderService.providerClass().getSimpleName();
                }
                int indexOf = str.indexOf(46);
                return indexOf > -1 ? str.substring(indexOf + 1) : str;
            });
        }

        private void findProviderSpecificConfig(Config config, AtomicReference<Config> atomicReference) {
            ((List) config.asNodeList().get()).stream().filter(this::notReservedProviderKey).forEach(config2 -> {
                if (!atomicReference.compareAndSet(null, config2)) {
                    throw new SecurityException("More than one provider configurations found, each provider can only have one provide specific config. Conflict: " + ((Config) atomicReference.get()).key() + " and " + config2.key());
                }
            });
        }

        private void findProviderService(Map<String, SecurityProviderService> map, String str, Config config, AtomicReference<SecurityProviderService> atomicReference, AtomicReference<Config> atomicReference2) {
            ConfigValue asString = config.get("type").asString();
            if (!asString.isPresent()) {
                ((List) config.asNodeList().get()).stream().filter(this::notReservedProviderKey).forEach(config2 -> {
                    if (!atomicReference2.compareAndSet(null, config2)) {
                        throw new SecurityException("More than one provider configurations found, each provider can only have one provider specific config. Conflict: " + ((Config) atomicReference2.get()).key() + " and " + config2.key());
                    }
                    findProviderService(atomicReference, map, config2.name(), str);
                });
            } else {
                findProviderService(atomicReference, map, (String) asString.get(), str);
                atomicReference2.set(config.get((String) asString.get()));
            }
        }

        private void findProviderService(AtomicReference<SecurityProviderService> atomicReference, Map<String, SecurityProviderService> map, String str, String str2) {
            if (!map.containsKey(str)) {
                throw new SecurityException("Configuration key " + str + " is not a valid provider configuration. Supported keys: " + str2);
            }
            atomicReference.set(map.get(str));
        }

        private String loadProviderServices(Map<String, SecurityProviderService> map, Map<String, SecurityProviderService> map2) {
            HashSet hashSet = new HashSet();
            HelidonServiceLoader.create(ServiceLoader.load(SecurityProviderService.class)).forEach(securityProviderService -> {
                String providerConfigKey = securityProviderService.providerConfigKey();
                if (null != providerConfigKey) {
                    map.put(providerConfigKey, securityProviderService);
                    hashSet.add(providerConfigKey);
                }
                map2.put(securityProviderService.providerClass().getName(), securityProviderService);
            });
            return String.join(", ", hashSet);
        }

        private boolean notReservedProviderKey(Config config) {
            return !SecurityImpl.RESERVED_PROVIDER_KEYS.contains(config.name());
        }

        private Function<ProviderSelectionPolicy.Providers, ProviderSelectionPolicy> findProviderSelectionPolicy(Config config) {
            Class cls = (Class) config.get("class-name").as(Class.class).orElseThrow(() -> {
                return new java.lang.SecurityException("You have configured a CLASS provider selection without configuring class-name");
            });
            if (!ProviderSelectionPolicy.class.isAssignableFrom(cls)) {
                throw new SecurityException("Class " + cls.getName() + " does not implement ProviderSelectionPolicy");
            }
            try {
                Constructor constructor = cls.getConstructor(ProviderSelectionPolicy.Providers.class, Config.class);
                if (ReflectionUtil.canAccess(getClass(), constructor)) {
                    return providers -> {
                        try {
                            return (ProviderSelectionPolicy) constructor.newInstance(providers, config);
                        } catch (Exception e) {
                            throw new SecurityException("Failed to instantiate ProviderSelectionPolicy", e);
                        }
                    };
                }
                throw new SecurityException("Constructor " + constructor + " of class " + cls.getName() + " is not accessible");
            } catch (NoSuchMethodException e) {
                try {
                    Constructor constructor2 = cls.getConstructor(ProviderSelectionPolicy.Providers.class);
                    if (ReflectionUtil.canAccess(getClass(), constructor2)) {
                        return providers2 -> {
                            try {
                                return (ProviderSelectionPolicy) constructor2.newInstance(providers2);
                            } catch (Exception e2) {
                                throw new SecurityException("Failed to instantiate ProviderSelectionPolicy", e2);
                            }
                        };
                    }
                    throw new SecurityException("Constructor " + constructor2 + " of class " + cls.getName() + " is not accessible");
                } catch (NoSuchMethodException e2) {
                    throw new SecurityException("You have configured " + cls.getName() + " as provider selection policy class, yet it is missing public constructor with Providers or Providers and Config as parameters.", e2);
                }
            }
        }

        public boolean noProvider(Class<? extends SecurityProvider> cls) {
            return cls.equals(AuthenticationProvider.class) ? this.atnProviders.isEmpty() : cls.equals(AuthorizationProvider.class) ? this.atzProviders.isEmpty() : cls.equals(OutboundSecurityProvider.class) ? this.outboundProviders.isEmpty() : cls.equals(AuditProvider.class) ? this.auditProviders.isEmpty() : cls.equals(SubjectMappingProvider.class) ? this.subjectMappingProvider == null : this.allProviders.isEmpty();
        }

        public boolean hasProvider(String str) {
            Stream<String> stream = this.providerNames.stream();
            Objects.requireNonNull(str);
            return stream.anyMatch((v1) -> {
                return r1.equals(v1);
            });
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Set<AuditProvider> auditProviders() {
            return this.auditProviders;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public List<NamedProvider<AuthenticationProvider>> atnProviders() {
            return this.atnProviders;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public List<NamedProvider<AuthorizationProvider>> atzProviders() {
            return this.atzProviders;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public List<NamedProvider<OutboundSecurityProvider>> outboundProviders() {
            return this.outboundProviders;
        }

        Map<String, SecretsProvider<?>> secretsProviders() {
            return this.secretsProviders;
        }

        Map<String, EncryptionProvider<?>> encryptionProviders() {
            return this.encryptionProviders;
        }

        Map<String, DigestProvider<?>> digestProviders() {
            return this.digestProviders;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Map<SecurityProvider, Boolean> allProviders() {
            return this.allProviders;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Map<String, Supplier<Single<Optional<String>>>> secrets() {
            return this.secrets;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Map<String, EncryptionProvider.EncryptionSupport> encryptions() {
            return this.encryptions;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Map<String, DigestProvider.DigestSupport> digests() {
            return this.digests;
        }

        Set<String> providerNames() {
            return this.providerNames;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public NamedProvider<AuthenticationProvider> authnProvider() {
            return this.authnProvider;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public NamedProvider<AuthorizationProvider> authzProvider() {
            return this.authzProvider;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public SubjectMappingProvider subjectMappingProvider() {
            return this.subjectMappingProvider;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Config config() {
            return this.config;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Function<ProviderSelectionPolicy.Providers, ProviderSelectionPolicy> providerSelectionPolicy() {
            return this.providerSelectionPolicy;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Tracer tracer() {
            return this.tracer;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public boolean tracingEnabled() {
            return this.tracingEnabled;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public SecurityTime serverTime() {
            return this.serverTime;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public Supplier<ExecutorService> executorService() {
            return this.executorService;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public boolean enabled() {
            return this.enabled;
        }
    }

    static Security create(Config config) {
        Objects.requireNonNull(config, "Configuration must not be null");
        return builder().config(config).m21build();
    }

    static Builder builder(Config config) {
        Objects.requireNonNull(config, "Configuration must not be null");
        return builder().config(config);
    }

    static Builder builder() {
        return new Builder();
    }

    static Set<String> getRoles(Subject subject) {
        return (Set) subject.grants(Role.class).stream().map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toSet());
    }

    SecurityTime serverTime();

    SecurityContext.Builder contextBuilder(String str);

    SecurityContext createContext(String str);

    Tracer tracer();

    Collection<Class<? extends Annotation>> customAnnotations();

    Config configFor(String str);

    Single<String> encrypt(String str, byte[] bArr);

    Single<byte[]> decrypt(String str, String str2);

    Single<String> digest(String str, byte[] bArr, boolean z);

    Single<String> digest(String str, byte[] bArr);

    Single<Boolean> verifyDigest(String str, byte[] bArr, String str2, boolean z);

    Single<Boolean> verifyDigest(String str, byte[] bArr, String str2);

    Single<Optional<String>> secret(String str);

    Single<String> secret(String str, String str2);

    SecurityEnvironment.Builder environmentBuilder();

    Optional<SubjectMappingProvider> subjectMapper();

    boolean enabled();

    void audit(String str, AuditEvent auditEvent);

    ProviderSelectionPolicy providerSelectionPolicy();

    Supplier<ExecutorService> executorService();

    Optional<? extends AuthenticationProvider> resolveAtnProvider(String str);

    Optional<AuthorizationProvider> resolveAtzProvider(String str);

    List<? extends OutboundSecurityProvider> resolveOutboundProvider(String str);
}
