package io.quarkus.keycloak;

import io.quarkus.runtime.annotations.ConfigGroup;
import io.quarkus.runtime.annotations.ConfigItem;
import io.quarkus.runtime.annotations.ConfigRoot;
import io.quarkus.runtime.annotations.DefaultConverter;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import org.keycloak.representations.adapters.config.PolicyEnforcerConfig;

@ConfigRoot(name = "keycloak")
/* loaded from: input_file:io/quarkus/keycloak/KeycloakConfig.class */
public final class KeycloakConfig {

    @ConfigItem(name = "realm")
    String realm;

    @ConfigItem(name = "realm-public-key")
    Optional<String> realmKey;

    @ConfigItem(name = "resource")
    Optional<String> resource;

    @ConfigItem(name = "auth-server-url")
    String authServerUrl;

    @ConfigItem(name = "ssl-required", defaultValue = "external")
    String sslRequired;

    @ConfigItem(name = "confidential-port", defaultValue = "8443")
    int confidentialPort;

    @ConfigItem(name = "use-resource-role-mappings", defaultValue = "false")
    boolean useResourceRoleMappings;

    @ConfigItem(name = "enable-cors", defaultValue = "false")
    boolean cors;

    @ConfigItem(name = "cors-max-age", defaultValue = "-1")
    int corsMaxAge;

    @ConfigItem(name = "cors-allowed-headers")
    Optional<String> corsAllowedHeaders;

    @ConfigItem(name = "cors-allowed-methods")
    Optional<String> corsAllowedMethods;

    @ConfigItem(name = "cors-exposed-headers")
    Optional<String> corsExposedHeaders;

    @ConfigItem(name = "bearer-only", defaultValue = "true")
    boolean bearerOnly;

    @ConfigItem(name = "autodetect-bearer-only", defaultValue = "false")
    boolean autodetectBearerOnly;

    @ConfigItem(name = "public-client", defaultValue = "false")
    boolean publicClient;

    @ConfigItem(name = "credentials")
    KeycloakConfigCredentials credentials;

    @ConfigItem(name = "allow-any-hostname", defaultValue = "false")
    boolean allowAnyHostname;

    @ConfigItem(name = "disable-trust-manager", defaultValue = "false")
    boolean disableTrustManager;

    @ConfigItem(name = "always-refresh-token", defaultValue = "false")
    boolean alwaysRefreshToken;

    @ConfigItem(name = "truststore")
    Optional<String> truststore;

    @ConfigItem(name = "truststore-password")
    String truststorePassword;

    @ConfigItem(name = "client-keystore")
    Optional<String> clientKeystore;

    @ConfigItem(name = "client-keystore-password")
    String clientKeystorePassword;

    @ConfigItem(name = "client-key-password")
    String clientKeyPassword;

    @ConfigItem(name = "connection-pool-size", defaultValue = "20")
    int connectionPoolSize;

    @ConfigItem(name = "register-node-at-startup", defaultValue = "false")
    boolean registerNodeAtStartup;

    @ConfigItem(name = "register-node-period", defaultValue = "-1")
    int registerNodePeriod;

    @ConfigItem(name = "token-store")
    Optional<String> tokenStore;

    @ConfigItem(name = "adapter-state-cookie-path")
    Optional<String> tokenCookiePath;

    @ConfigItem(name = "principal-attribute", defaultValue = "sub")
    String principalAttribute;

    @ConfigItem(name = "turn-off-change-session-id-on-login", defaultValue = "false")
    boolean turnOffChangeSessionIdOnLogin;

    @ConfigItem(name = "token-minimum-time-to-live", defaultValue = "0")
    int tokenMinimumTimeToLive;

    @ConfigItem(name = "min-time-between-jwks-requests", defaultValue = "10")
    int minTimeBetweenJwksRequests;

    @ConfigItem(name = "public-key-cache-ttl", defaultValue = "86400")
    int publicKeyCacheTtl;

    @ConfigItem(name = "verify-token-audience", defaultValue = "false")
    boolean verifyTokenAudience;

    @ConfigItem(name = "ignore-oauth-query-parameter", defaultValue = "false")
    boolean ignoreOAuthQueryParameter;

    @ConfigItem(name = "proxy-url")
    Optional<String> proxyUrl;

    @ConfigItem(name = "redirect-rewrite-rules")
    Map<String, String> redirectRewriteRules;

    @ConfigItem(name = "policy-enforcer")
    KeycloakConfigPolicyEnforcer policyEnforcer;

    @ConfigGroup
    /* loaded from: input_file:io/quarkus/keycloak/KeycloakConfig$KeycloakConfigCredentials.class */
    public static class KeycloakConfigCredentials {

        @ConfigItem(name = "secret")
        Optional<String> secret;

        @ConfigItem(name = "jwt")
        Map<String, String> jwt;

        @ConfigItem(name = "secret-jwt")
        Map<String, String> secretJwt;
    }

    @ConfigGroup
    /* loaded from: input_file:io/quarkus/keycloak/KeycloakConfig$KeycloakConfigPolicyEnforcer.class */
    public static class KeycloakConfigPolicyEnforcer {

        @ConfigItem(name = "enable", defaultValue = "false")
        boolean enable;

        @ConfigItem(name = "enforcement-mode", defaultValue = "ENFORCING")
        String enforcementMode;

        @ConfigItem(name = "paths")
        Map<String, PathConfig> paths;

        @ConfigItem(name = "path-cache")
        PathCacheConfig pathCacheConfig;

        @ConfigItem(name = "lazy-load-paths", defaultValue = "true")
        Boolean lazyLoadPaths;

        @ConfigItem(name = "on-deny-redirect-to")
        Optional<String> onDenyRedirectTo;

        @ConfigItem(name = "user-managed-access", defaultValue = "false")
        boolean userManagedAccess;

        @ConfigItem(name = "claim-information-point")
        ClaimInformationPointConfig claimInformationPointConfig;

        @ConfigItem(name = "http-method-as-scope", defaultValue = "false")
        boolean httpMethodAsScope;

        @ConfigGroup
        /* loaded from: input_file:io/quarkus/keycloak/KeycloakConfig$KeycloakConfigPolicyEnforcer$ClaimInformationPointConfig.class */
        public static class ClaimInformationPointConfig {

            @ConfigItem(name = "<<parent>>")
            Map<String, Map<String, Map<String, String>>> complexConfig;

            @ConfigItem(name = "<<parent>>")
            Map<String, Map<String, String>> simpleConfig;
        }

        @ConfigGroup
        /* loaded from: input_file:io/quarkus/keycloak/KeycloakConfig$KeycloakConfigPolicyEnforcer$MethodConfig.class */
        public static class MethodConfig {

            @ConfigItem
            String method;

            @ConfigItem
            List<String> scopes;

            @DefaultConverter
            @ConfigItem(name = "scopes-enforcement-mode", defaultValue = "ALL")
            PolicyEnforcerConfig.ScopeEnforcementMode scopesEnforcementMode;
        }

        @ConfigGroup
        /* loaded from: input_file:io/quarkus/keycloak/KeycloakConfig$KeycloakConfigPolicyEnforcer$PathCacheConfig.class */
        public static class PathCacheConfig {

            @ConfigItem(name = "max-entries", defaultValue = "1000")
            int maxEntries = 1000;

            @ConfigItem(defaultValue = "30000")
            long lifespan = 30000;
        }

        @ConfigGroup
        /* loaded from: input_file:io/quarkus/keycloak/KeycloakConfig$KeycloakConfigPolicyEnforcer$PathConfig.class */
        public static class PathConfig {

            @ConfigItem
            Optional<String> name;

            @ConfigItem
            Optional<String> path;

            @ConfigItem
            Map<String, MethodConfig> methods;

            @DefaultConverter
            @ConfigItem(name = "enforcement-mode", defaultValue = "ENFORCING")
            PolicyEnforcerConfig.EnforcementMode enforcementMode;

            @ConfigItem(name = "claim-information-point")
            ClaimInformationPointConfig claimInformationPointConfig;
        }
    }
}
