package io.quarkus.oidc.runtime;

import io.quarkus.oidc.common.runtime.config.OidcClientCommonConfig;
import io.quarkus.runtime.annotations.ConfigDocDefault;
import io.quarkus.runtime.annotations.ConfigDocMapKey;
import io.quarkus.runtime.annotations.ConfigDocSection;
import io.smallrye.config.WithDefault;
import java.nio.file.Path;
import java.time.Duration;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.OptionalInt;
import java.util.Set;

/* loaded from: input_file:io/quarkus/oidc/runtime/OidcTenantConfig.class */
public interface OidcTenantConfig extends OidcClientCommonConfig {

    /* loaded from: input_file:io/quarkus/oidc/runtime/OidcTenantConfig$ApplicationType.class */
    public enum ApplicationType {
        WEB_APP,
        SERVICE,
        HYBRID
    }

    /* loaded from: input_file:io/quarkus/oidc/runtime/OidcTenantConfig$Authentication.class */
    public interface Authentication {

        /* loaded from: input_file:io/quarkus/oidc/runtime/OidcTenantConfig$Authentication$CookieSameSite.class */
        public enum CookieSameSite {
            STRICT,
            LAX,
            NONE
        }

        /* loaded from: input_file:io/quarkus/oidc/runtime/OidcTenantConfig$Authentication$ResponseMode.class */
        public enum ResponseMode {
            QUERY,
            FORM_POST
        }

        @ConfigDocDefault("query")
        Optional<ResponseMode> responseMode();

        Optional<String> redirectPath();

        @WithDefault("false")
        boolean restorePathAfterRedirect();

        @WithDefault("true")
        boolean removeRedirectParameters();

        Optional<String> errorPath();

        Optional<String> sessionExpiredPath();

        @ConfigDocDefault("true when access token is injected as the JsonWebToken bean, false otherwise")
        @WithDefault("false")
        boolean verifyAccessToken();

        @ConfigDocDefault("false")
        Optional<Boolean> forceRedirectHttpsScheme();

        Optional<List<String>> scopes();

        Optional<String> scopeSeparator();

        @WithDefault("false")
        boolean nonceRequired();

        @ConfigDocDefault("true")
        Optional<Boolean> addOpenidScope();

        @ConfigDocMapKey("parameter-name")
        Map<String, String> extraParams();

        Optional<List<String>> forwardParams();

        @WithDefault("false")
        boolean cookieForceSecure();

        Optional<String> cookieSuffix();

        @WithDefault("/")
        String cookiePath();

        Optional<String> cookiePathHeader();

        Optional<String> cookieDomain();

        @WithDefault("lax")
        CookieSameSite cookieSameSite();

        @WithDefault("true")
        boolean allowMultipleCodeFlows();

        @WithDefault("false")
        boolean failOnMissingStateParam();

        @WithDefault("true")
        boolean failOnUnresolvedKid();

        @ConfigDocDefault("true when UserInfo bean is injected, false otherwise")
        Optional<Boolean> userInfoRequired();

        @WithDefault("5M")
        Duration sessionAgeExtension();

        @WithDefault("5M")
        Duration stateCookieAge();

        @WithDefault("true")
        boolean javaScriptAutoRedirect();

        @ConfigDocDefault("true")
        Optional<Boolean> idTokenRequired();

        Optional<Duration> internalIdTokenLifespan();

        @ConfigDocDefault("false")
        Optional<Boolean> pkceRequired();

        @Deprecated(forRemoval = true)
        Optional<String> pkceSecret();

        Optional<String> stateSecret();
    }

    /* loaded from: input_file:io/quarkus/oidc/runtime/OidcTenantConfig$Backchannel.class */
    public interface Backchannel {
        Optional<String> path();

        @WithDefault("10")
        int tokenCacheSize();

        @WithDefault("10M")
        Duration tokenCacheTimeToLive();

        Optional<Duration> cleanUpTimerInterval();

        @WithDefault("sub")
        String logoutTokenKey();
    }

    /* loaded from: input_file:io/quarkus/oidc/runtime/OidcTenantConfig$Binding.class */
    public interface Binding {
        @WithDefault("false")
        boolean certificate();
    }

    /* loaded from: input_file:io/quarkus/oidc/runtime/OidcTenantConfig$CertificateChain.class */
    public interface CertificateChain {
        Optional<String> leafCertificateName();

        Optional<Path> trustStoreFile();

        Optional<String> trustStorePassword();

        Optional<String> trustStoreCertAlias();

        Optional<String> trustStoreFileType();
    }

    /* loaded from: input_file:io/quarkus/oidc/runtime/OidcTenantConfig$CodeGrant.class */
    public interface CodeGrant {
        @ConfigDocMapKey("parameter-name")
        Map<String, String> extraParams();

        @ConfigDocMapKey("header-name")
        Map<String, String> headers();
    }

    /* loaded from: input_file:io/quarkus/oidc/runtime/OidcTenantConfig$Frontchannel.class */
    public interface Frontchannel {
        Optional<String> path();
    }

    /* loaded from: input_file:io/quarkus/oidc/runtime/OidcTenantConfig$IntrospectionCredentials.class */
    public interface IntrospectionCredentials {
        Optional<String> name();

        Optional<String> secret();

        @WithDefault("true")
        boolean includeClientId();
    }

    /* loaded from: input_file:io/quarkus/oidc/runtime/OidcTenantConfig$Jwks.class */
    public interface Jwks {
        @WithDefault("true")
        boolean resolveEarly();

        @WithDefault("10")
        int cacheSize();

        @WithDefault("10M")
        Duration cacheTimeToLive();

        Optional<Duration> cleanUpTimerInterval();

        @WithDefault("false")
        boolean tryAll();
    }

    /* loaded from: input_file:io/quarkus/oidc/runtime/OidcTenantConfig$Logout.class */
    public interface Logout {

        /* loaded from: input_file:io/quarkus/oidc/runtime/OidcTenantConfig$Logout$ClearSiteData.class */
        public enum ClearSiteData {
            CACHE("cache"),
            CLIENT_HINTS("clientHints"),
            COOKIES("cookies"),
            EXECUTION_CONTEXTS("executionContexts"),
            STORAGE("storage"),
            WILDCARD("*");

            private String directive;

            ClearSiteData(String str) {
                this.directive = str;
            }

            public String directive() {
                return "\"" + this.directive + "\"";
            }
        }

        /* loaded from: input_file:io/quarkus/oidc/runtime/OidcTenantConfig$Logout$LogoutMode.class */
        public enum LogoutMode {
            QUERY,
            FORM_POST
        }

        Optional<String> path();

        Optional<String> postLogoutPath();

        @WithDefault("post_logout_redirect_uri")
        String postLogoutUriParam();

        @ConfigDocMapKey("query-parameter-name")
        Map<String, String> extraParams();

        Backchannel backchannel();

        Frontchannel frontchannel();

        Optional<Set<ClearSiteData>> clearSiteData();

        @WithDefault("query")
        LogoutMode logoutMode();
    }

    /* loaded from: input_file:io/quarkus/oidc/runtime/OidcTenantConfig$Provider.class */
    public enum Provider {
        APPLE,
        DISCORD,
        FACEBOOK,
        GITHUB,
        GOOGLE,
        LINKEDIN,
        MASTODON,
        MICROSOFT,
        SLACK,
        SPOTIFY,
        STRAVA,
        TWITCH,
        TWITTER,
        X
    }

    /* loaded from: input_file:io/quarkus/oidc/runtime/OidcTenantConfig$ResourceMetadata.class */
    public interface ResourceMetadata {
        @WithDefault("false")
        boolean enabled();

        Optional<String> resource();

        @WithDefault("true")
        boolean forceHttpsScheme();
    }

    /* loaded from: input_file:io/quarkus/oidc/runtime/OidcTenantConfig$Roles.class */
    public interface Roles {

        /* loaded from: input_file:io/quarkus/oidc/runtime/OidcTenantConfig$Roles$Source.class */
        public enum Source {
            idtoken,
            accesstoken,
            userinfo
        }

        Optional<List<String>> roleClaimPath();

        Optional<String> roleClaimSeparator();

        Optional<Source> source();
    }

    /* loaded from: input_file:io/quarkus/oidc/runtime/OidcTenantConfig$SignatureAlgorithm.class */
    public enum SignatureAlgorithm {
        RS256,
        RS384,
        RS512,
        PS256,
        PS384,
        PS512,
        ES256,
        ES384,
        ES512,
        EDDSA;

        private static String EDDSA_ALG = "EDDSA";
        private static String REQUIRED_EDDSA_ALG = "EdDSA";

        public String getAlgorithm() {
            String name = name();
            return EDDSA_ALG.equals(name) ? REQUIRED_EDDSA_ALG : name;
        }
    }

    /* loaded from: input_file:io/quarkus/oidc/runtime/OidcTenantConfig$Token.class */
    public interface Token {
        Optional<String> issuer();

        Optional<List<String>> audience();

        @WithDefault("false")
        boolean subjectRequired();

        @ConfigDocMapKey("claim-name")
        Map<String, Set<String>> requiredClaims();

        Optional<String> tokenType();

        OptionalInt lifespanGrace();

        Optional<Duration> age();

        @WithDefault("true")
        boolean issuedAtRequired();

        Optional<String> principalClaim();

        @WithDefault("false")
        boolean refreshExpired();

        Optional<Duration> refreshTokenTimeSkew();

        @WithDefault("10M")
        Duration forcedJwkRefreshInterval();

        Optional<String> header();

        @WithDefault("Bearer")
        String authorizationScheme();

        Optional<SignatureAlgorithm> signatureAlgorithm();

        Optional<String> decryptionKeyLocation();

        Optional<Boolean> decryptIdToken();

        @WithDefault("false")
        boolean decryptAccessToken();

        @WithDefault("true")
        boolean allowJwtIntrospection();

        @WithDefault("false")
        boolean requireJwtIntrospectionOnly();

        @WithDefault("true")
        boolean allowOpaqueTokenIntrospection();

        Optional<String> customizerName();

        @ConfigDocDefault("false")
        Optional<Boolean> verifyAccessTokenWithUserInfo();

        Binding binding();
    }

    /* loaded from: input_file:io/quarkus/oidc/runtime/OidcTenantConfig$TokenStateManager.class */
    public interface TokenStateManager {

        /* loaded from: input_file:io/quarkus/oidc/runtime/OidcTenantConfig$TokenStateManager$EncryptionAlgorithm.class */
        public enum EncryptionAlgorithm {
            A256GCMKW,
            DIR
        }

        /* loaded from: input_file:io/quarkus/oidc/runtime/OidcTenantConfig$TokenStateManager$Strategy.class */
        public enum Strategy {
            KEEP_ALL_TOKENS,
            ID_TOKEN,
            ID_REFRESH_TOKENS
        }

        @WithDefault("keep_all_tokens")
        Strategy strategy();

        @WithDefault("false")
        boolean splitTokens();

        @WithDefault("true")
        boolean encryptionRequired();

        Optional<String> encryptionSecret();

        @WithDefault("A256GCMKW")
        EncryptionAlgorithm encryptionAlgorithm();
    }

    Optional<String> tenantId();

    @WithDefault("true")
    boolean tenantEnabled();

    @ConfigDocDefault("service")
    Optional<ApplicationType> applicationType();

    Optional<String> authorizationPath();

    Optional<String> userInfoPath();

    Optional<String> introspectionPath();

    Optional<String> jwksPath();

    Optional<String> endSessionPath();

    Optional<List<String>> tenantPaths();

    Optional<String> publicKey();

    @ConfigDocSection
    IntrospectionCredentials introspectionCredentials();

    @ConfigDocSection
    Roles roles();

    @ConfigDocSection
    ResourceMetadata resourceMetadata();

    @ConfigDocSection
    Token token();

    @ConfigDocSection
    Logout logout();

    @ConfigDocSection
    CertificateChain certificateChain();

    @ConfigDocSection
    Authentication authentication();

    @ConfigDocSection
    CodeGrant codeGrant();

    @ConfigDocSection
    TokenStateManager tokenStateManager();

    @WithDefault("true")
    boolean allowTokenIntrospectionCache();

    @WithDefault("true")
    boolean allowUserInfoCache();

    Optional<Boolean> cacheUserInfoInIdtoken();

    @ConfigDocSection
    Jwks jwks();

    Optional<Provider> provider();
}
