package io.quarkiverse.cxf.ws.security;

import io.quarkiverse.cxf.ws.security.WssConfigurationConstant;
import io.quarkus.runtime.annotations.ConfigGroup;
import io.quarkus.runtime.annotations.ConfigPhase;
import io.quarkus.runtime.annotations.ConfigRoot;
import io.smallrye.config.ConfigMapping;
import io.smallrye.config.WithDefault;
import io.smallrye.config.WithName;
import io.smallrye.config.WithParentName;
import java.util.Map;
import java.util.Optional;

@ConfigMapping(prefix = "quarkus.cxf")
@ConfigRoot(phase = ConfigPhase.RUN_TIME)
/* loaded from: input_file:io/quarkiverse/cxf/ws/security/CxfWsSecurityConfig.class */
public interface CxfWsSecurityConfig {

    @ConfigGroup
    /* loaded from: input_file:io/quarkiverse/cxf/ws/security/CxfWsSecurityConfig$ClientConfig.class */
    public interface ClientConfig {
        ClientSecurityConfig security();
    }

    @ConfigGroup
    /* loaded from: input_file:io/quarkiverse/cxf/ws/security/CxfWsSecurityConfig$ClientOrEndpointSecurityConfig.class */
    public interface ClientOrEndpointSecurityConfig {
        public static final String CUSTOM_ALGORITHM_SUITE_NAME = "CustomAlgorithmSuite";

        @WssConfigurationConstant(key = "security.username")
        Optional<String> username();

        @WssConfigurationConstant(key = "security.password")
        Optional<String> password();

        @WssConfigurationConstant(key = "security.signature.username")
        @WithName("signature.username")
        Optional<String> signatureUsername();

        @WssConfigurationConstant(key = "security.signature.password")
        @WithName("signature.password")
        Optional<String> signaturePassword();

        @WssConfigurationConstant(key = "security.encryption.username")
        @WithName("encryption.username")
        Optional<String> encryptionUsername();

        @WssConfigurationConstant(key = "security.callback-handler", transformer = WssConfigurationConstant.Transformer.beanRef)
        Optional<String> callbackHandler();

        @WssConfigurationConstant(key = "security.saml-callback-handler", transformer = WssConfigurationConstant.Transformer.beanRef)
        Optional<String> samlCallbackHandler();

        @WssConfigurationConstant(key = "security.signature.properties", transformer = WssConfigurationConstant.Transformer.properties)
        @WithName("signature.properties")
        Map<String, String> signatureProperties();

        @WssConfigurationConstant(key = "security.encryption.properties", transformer = WssConfigurationConstant.Transformer.properties)
        @WithName("encryption.properties")
        Map<String, String> encryptionProperties();

        @WssConfigurationConstant(key = "security.signature.crypto", transformer = WssConfigurationConstant.Transformer.beanRef)
        @WithName("signature.crypto")
        Optional<String> signatureCrypto();

        @WssConfigurationConstant(key = "security.encryption.crypto", transformer = WssConfigurationConstant.Transformer.beanRef)
        @WithName("encryption.crypto")
        Optional<String> encryptionCrypto();

        @WssConfigurationConstant(key = "security.encryption.certificate")
        @WithName("encryption.certificate")
        Optional<String> encryptionCertificate();

        @WssConfigurationConstant(key = "security.enableRevocation")
        @WithDefault("false")
        boolean enableRevocation();

        @WssConfigurationConstant(key = "security.enable.unsigned-saml-assertion.principal")
        @WithDefault("false")
        boolean enableUnsignedSamlAssertionPrincipal();

        @WssConfigurationConstant(key = "security.validate.saml.subject.conf")
        @WithDefault("true")
        boolean validateSamlSubjectConfirmation();

        @WssConfigurationConstant(key = "security.sc.jaas-subject")
        @WithDefault("true")
        boolean scFromJaasSubject();

        @WssConfigurationConstant(key = "security.validate.audience-restriction")
        @WithDefault("true")
        boolean audienceRestrictionValidation();

        @WssConfigurationConstant(key = "security.saml-role-attributename")
        @WithDefault("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role")
        String samlRoleAttributename();

        @WssConfigurationConstant(key = "security.subject.cert.constraints")
        Optional<String> subjectCertConstraints();

        @WssConfigurationConstant(key = "security.cert.constraints.separator")
        @WithDefault(",")
        String certConstraintsSeparator();

        @WssConfigurationConstant(key = "ws-security.actor")
        @WithName("actor")
        Optional<String> actor();

        @WssConfigurationConstant(key = "ws-security.validate.token")
        @WithName("validate.token")
        @WithDefault("true")
        boolean validateToken();

        @WssConfigurationConstant(key = "ws-security.username-token.always.encrypted")
        @WithName("username-token.always.encrypted")
        @WithDefault("true")
        boolean alwaysEncryptUt();

        @WssConfigurationConstant(key = "ws-security.is-bsp-compliant")
        @WithName("is-bsp-compliant")
        @WithDefault("true")
        boolean isBspCompliant();

        @WssConfigurationConstant(key = "ws-security.enable.nonce.cache")
        @WithName("enable.nonce.cache")
        Optional<Boolean> enableNonceCache();

        @WssConfigurationConstant(key = "ws-security.enable.timestamp.cache")
        @WithName("enable.timestamp.cache")
        Optional<Boolean> enableTimestampCache();

        @WssConfigurationConstant(key = "ws-security.enable.streaming")
        @WithName("enable.streaming")
        @WithDefault("false")
        boolean enableStreaming();

        @WssConfigurationConstant(key = "ws-security.return.security.error")
        @WithName("return.security.error")
        @WithDefault("false")
        boolean returnSecurityError();

        @WssConfigurationConstant(key = "ws-security.must-understand")
        @WithName("must-understand")
        @WithDefault("true")
        boolean mustUnderstand();

        @WssConfigurationConstant(key = "ws-security.enable.saml.cache")
        @WithName("enable.saml.cache")
        Optional<Boolean> enableSamlOneTimeUseCache();

        @WssConfigurationConstant(key = "ws-security.store.bytes.in.attachment")
        @WithName("store.bytes.in.attachment")
        Optional<Boolean> storeBytesInAttachment();

        @WssConfigurationConstant(key = "ws-security.swa.encryption.attachment.transform.content")
        @WithName("swa.encryption.attachment.transform.content")
        @WithDefault("false")
        boolean useAttachmentEncryptionContentOnlyTransform();

        @WssConfigurationConstant(key = "ws-security.use.str.transform")
        @WithName("use.str.transform")
        @WithDefault("true")
        boolean useStrTransform();

        @WssConfigurationConstant(key = "ws-security.add.inclusive.prefixes")
        @WithName("add.inclusive.prefixes")
        @WithDefault("true")
        boolean addInclusivePrefixes();

        @WssConfigurationConstant(key = "ws-security.disable.require.client.cert.check")
        @WithName("disable.require.client.cert.check")
        @WithDefault("false")
        boolean disableReqClientCertCheck();

        @WssConfigurationConstant(key = "ws-security.expand.xop.include")
        @WithName("expand.xop.include")
        Optional<Boolean> expandXopInclude();

        @WssConfigurationConstant(key = "ws-security.timestamp.timeToLive")
        @WithName("timestamp.timeToLive")
        @WithDefault("300")
        Optional<String> timestampTtl();

        @WssConfigurationConstant(key = "ws-security.timestamp.futureTimeToLive")
        @WithName("timestamp.futureTimeToLive")
        @WithDefault("60")
        Optional<String> timestampFutureTtl();

        @WssConfigurationConstant(key = "ws-security.usernametoken.timeToLive")
        @WithName("usernametoken.timeToLive")
        @WithDefault("300")
        Optional<String> usernametokenTtl();

        @WssConfigurationConstant(key = "ws-security.usernametoken.futureTimeToLive")
        @WithName("usernametoken.futureTimeToLive")
        @WithDefault("60")
        Optional<String> usernametokenFutureTtl();

        @WssConfigurationConstant(key = "ws-security.spnego.client.action", transformer = WssConfigurationConstant.Transformer.beanRef)
        @WithName("spnego.client.action")
        Optional<String> spnegoClientAction();

        @WssConfigurationConstant(key = "ws-security.nonce.cache.instance", transformer = WssConfigurationConstant.Transformer.beanRef)
        @WithName("nonce.cache.instance")
        Optional<String> nonceCacheInstance();

        @WssConfigurationConstant(key = "ws-security.timestamp.cache.instance", transformer = WssConfigurationConstant.Transformer.beanRef)
        @WithName("timestamp.cache.instance")
        Optional<String> timestampCacheInstance();

        @WssConfigurationConstant(key = "ws-security.saml.cache.instance", transformer = WssConfigurationConstant.Transformer.beanRef)
        @WithName("saml.cache.instance")
        Optional<String> samlOneTimeUseCacheInstance();

        @WssConfigurationConstant(key = "ws-security.cache.config.file")
        @WithName("cache.config.file")
        Optional<String> cacheConfigFile();

        @WssConfigurationConstant(key = "org.apache.cxf.ws.security.tokenstore.TokenStore", transformer = WssConfigurationConstant.Transformer.beanRef)
        Optional<String> tokenStoreCacheInstance();

        @WssConfigurationConstant(key = "ws-security.cache.identifier")
        @WithName("cache.identifier")
        Optional<String> cacheIdentifier();

        @WssConfigurationConstant(key = "ws-security.role.classifier")
        @WithName("role.classifier")
        Optional<String> subjectRoleClassifier();

        @WssConfigurationConstant(key = "ws-security.role.classifier.type")
        @WithName("role.classifier.type")
        @WithDefault("prefix")
        String subjectRoleClassifierType();

        @WssConfigurationConstant(key = "ws-security.asymmetric.signature.algorithm")
        @WithName("asymmetric.signature.algorithm")
        Optional<String> asymmetricSignatureAlgorithm();

        @WssConfigurationConstant(key = "ws-security.symmetric.signature.algorithm")
        @WithName("symmetric.signature.algorithm")
        Optional<String> symmetricSignatureAlgorithm();

        @WssConfigurationConstant(key = "ws-security.password.encryptor.instance", transformer = WssConfigurationConstant.Transformer.beanRef)
        @WithName("password.encryptor.instance")
        Optional<String> passwordEncryptorInstance();

        @WssConfigurationConstant(key = "ws-security.delegated.credential", transformer = WssConfigurationConstant.Transformer.beanRef)
        @WithName("delegated.credential")
        Optional<String> delegatedCredential();

        @WssConfigurationConstant(key = "ws-security.security.context.creator", transformer = WssConfigurationConstant.Transformer.beanRef)
        @WithName("security.context.creator")
        Optional<String> securityContextCreator();

        @WssConfigurationConstant(key = "ws-security.security.token.lifetime")
        @WithName("security.token.lifetime")
        @WithDefault("300000")
        long securityTokenLifetime();

        @WssConfigurationConstant(key = "ws-security.kerberos.request.credential.delegation")
        @WithName("kerberos.request.credential.delegation")
        @WithDefault("false")
        boolean kerberosRequestCredentialDelegation();

        @WssConfigurationConstant(key = "ws-security.kerberos.use.credential.delegation")
        @WithName("kerberos.use.credential.delegation")
        @WithDefault("false")
        boolean kerberosUseCredentialDelegation();

        @WssConfigurationConstant(key = "ws-security.kerberos.is.username.in.servicename.form")
        @WithName("kerberos.is.username.in.servicename.form")
        @WithDefault("false")
        boolean kerberosIsUsernameInServicenameForm();

        @WssConfigurationConstant(key = "ws-security.kerberos.jaas.context")
        @WithName("kerberos.jaas.context")
        Optional<String> kerberosJaasContextName();

        @WssConfigurationConstant(key = "ws-security.kerberos.spn")
        @WithName("kerberos.spn")
        Optional<String> kerberosSpn();

        @WssConfigurationConstant(key = "ws-security.kerberos.client")
        @WithName("kerberos.client")
        Optional<String> kerberosClient();

        @WssConfigurationConstant(key = "ws-security.custom.alg.suite.digest.algorithm")
        @WithName("custom.digest.algorithm")
        @WithDefault("http://www.w3.org/2001/04/xmlenc#sha256")
        String digestAlgorithm();

        @WssConfigurationConstant(key = "ws-security.custom.alg.suite.encryption.algorithm")
        @WithName("custom.encryption.algorithm")
        @WithDefault("http://www.w3.org/2009/xmlenc11#aes256-gcm")
        String encryptionAlgorithm();

        @WssConfigurationConstant(key = "ws-security.custom.alg.suite.symmetric.key.encryption.algorithm")
        @WithName("custom.symmetric.key.encryption.algorithm")
        @WithDefault("http://www.w3.org/2001/04/xmlenc#kw-aes256")
        String symmetricKeyEncryptionAlgorithm();

        @WssConfigurationConstant(key = "ws-security.custom.alg.suite.asymmetric.key.encryption.algorithm")
        @WithName("custom.asymmetric.key.encryption.algorithm")
        @WithDefault("http://www.w3.org/2001/04/xmlenc#rsa-1_5")
        String asymmetricKeyEncryptionAlgorithm();

        @WssConfigurationConstant(key = "ws-security.custom.alg.suite.encryption.key.derivation")
        @WithName("custom.encryption.key.derivation")
        @WithDefault("http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1")
        String encryptionKeyDerivation();

        @WssConfigurationConstant(key = "ws-security.custom.alg.suite.signature.key.derivation")
        @WithName("custom.signature.key.derivation")
        @WithDefault("http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1")
        String signatureKeyDerivation();

        @WssConfigurationConstant(key = "ws-security.custom.alg.suite.encryption.derived.key.length", transformer = WssConfigurationConstant.Transformer.toInteger)
        @WithName("custom.encryption.derived.key.length")
        @WithDefault("256")
        Integer encryptionDerivedKeyLength();

        @WssConfigurationConstant(key = "ws-security.custom.alg.suite.signature.derived.key.length", transformer = WssConfigurationConstant.Transformer.toInteger)
        @WithName("custom.signature.derived.key.length")
        @WithDefault("192")
        Integer signatureDerivedKeyLength();

        @WssConfigurationConstant(key = "ws-security.custom.alg.suite.minimum.symmetric.key.length", transformer = WssConfigurationConstant.Transformer.toInteger)
        @WithName("custom.minimum.symmetric.key.length")
        @WithDefault("256")
        Integer minimumSymmetricKeyLength();

        @WssConfigurationConstant(key = "ws-security.custom.alg.suite.maximum.symmetric.key.length", transformer = WssConfigurationConstant.Transformer.toInteger)
        @WithName("custom.maximum.symmetric.key.length")
        @WithDefault("256")
        Integer maximumSymmetricKeyLength();

        @WssConfigurationConstant(key = "ws-security.custom.alg.suite.minimum.asymmetric.key.length", transformer = WssConfigurationConstant.Transformer.toInteger)
        @WithName("custom.minimum.asymmetric.key.length")
        @WithDefault("1024")
        Integer minimumAsymmetricKeyLength();

        @WssConfigurationConstant(key = "ws-security.custom.alg.suite.maximum.asymmetric.key.length", transformer = WssConfigurationConstant.Transformer.toInteger)
        @WithName("custom.maximum.asymmetric.key.length")
        @WithDefault("4096")
        Integer maximumAsymmetricKeyLength();
    }

    @ConfigGroup
    /* loaded from: input_file:io/quarkiverse/cxf/ws/security/CxfWsSecurityConfig$ClientSecurityConfig.class */
    public interface ClientSecurityConfig extends ClientOrEndpointSecurityConfig {
        @WithName("sts.client")
        StsClientConfig sts();
    }

    @ConfigGroup
    /* loaded from: input_file:io/quarkiverse/cxf/ws/security/CxfWsSecurityConfig$EndpointConfig.class */
    public interface EndpointConfig {
        ClientOrEndpointSecurityConfig security();
    }

    /* loaded from: input_file:io/quarkiverse/cxf/ws/security/CxfWsSecurityConfig$FutureStsConfig.class */
    public interface FutureStsConfig {
        @WssConfigurationConstant(key = "security.sts.applies-to")
        Optional<String> stsAppliesTo();

        @WssConfigurationConstant(key = "security.sts.token.do.cancel")
        Optional<String> stsTokenDoCancel();

        @WssConfigurationConstant(key = "security.issue.after.failed.renew")
        Optional<String> stsIssueAfterFailedRenew();

        @WssConfigurationConstant(key = "security.cache.issued.token.in.endpoint")
        Optional<String> cacheIssuedTokenInEndpoint();

        @WssConfigurationConstant(key = "security.sts.disable-wsmex-call-using-epr-address")
        Optional<String> disableStsClientWsmexCallUsingEprAddress();

        @WssConfigurationConstant(key = "security.sts.prefer-wsmex")
        Optional<String> preferWsmexOverStsClientConfig();

        @WssConfigurationConstant(key = "security.sts.token.act-as")
        Optional<String> stsTokenActAs();

        @WssConfigurationConstant(key = "security.sts.token.on-behalf-of")
        Optional<String> stsTokenOnBehalfOf();

        @WssConfigurationConstant(key = "security.sts.token.imminent-expiry-value")
        Optional<String> stsTokenImminentExpiryValue();

        @WssConfigurationConstant(key = "security.sts.token.cacher.impl")
        Optional<String> stsTokenCacherImpl();

        @WssConfigurationConstant(key = "security.sts.check.for.recursive.call")
        Optional<String> stsCheckForRecursiveCall();

        @WssConfigurationConstant(key = "security.audience-restrictions")
        Optional<String> audienceRestrictions();
    }

    /* loaded from: input_file:io/quarkiverse/cxf/ws/security/CxfWsSecurityConfig$StsClientConfig.class */
    public interface StsClientConfig {
        @WssConfigurationConstant(key = "security.sts.client", transformer = WssConfigurationConstant.Transformer.beanRef)
        @WithParentName
        Optional<String> client();

        Optional<String> wsdl();

        Optional<String> serviceName();

        Optional<String> endpointName();

        @WssConfigurationConstant(key = "security.username")
        Optional<String> username();

        @WssConfigurationConstant(key = "security.password")
        Optional<String> password();

        @WssConfigurationConstant(key = "security.encryption.username")
        @WithName("encryption.username")
        Optional<String> encryptionUsername();

        @WssConfigurationConstant(key = "security.encryption.properties", transformer = WssConfigurationConstant.Transformer.properties)
        @WithName("encryption.properties")
        Map<String, String> encryptionProperties();

        @WssConfigurationConstant(key = "security.encryption.crypto", transformer = WssConfigurationConstant.Transformer.beanRef)
        @WithName("encryption.crypto")
        Optional<String> encryptionCrypto();

        @WssConfigurationConstant(key = "security.sts.token.crypto", transformer = WssConfigurationConstant.Transformer.beanRef)
        @WithName("token.crypto")
        Optional<String> tokenCrypto();

        @WssConfigurationConstant(key = "security.sts.token.properties", transformer = WssConfigurationConstant.Transformer.properties)
        @WithName("token.properties")
        Map<String, String> tokenProperties();

        @WssConfigurationConstant(key = "security.sts.token.username")
        @WithName("token.username")
        Optional<String> tokenUsername();

        @WssConfigurationConstant(key = "security.sts.token.usecert")
        @WithName("token.usecert")
        @WithDefault("false")
        boolean tokenUsecert();

        @WssConfigurationConstant(key = "security.sts.client-soap12-binding")
        @WithName("soap12-binding")
        @WithDefault("false")
        boolean soap12Binding();
    }

    /* loaded from: input_file:io/quarkiverse/cxf/ws/security/CxfWsSecurityConfig$ValidatorConfig.class */
    public interface ValidatorConfig {
        @WssConfigurationConstant(key = "ws-security.ut.validator", transformer = WssConfigurationConstant.Transformer.beanRef)
        @WithName("ut.validator")
        Optional<String> usernameTokenValidator();

        @WssConfigurationConstant(key = "ws-security.saml1.validator", transformer = WssConfigurationConstant.Transformer.beanRef)
        @WithName("saml1.validator")
        Optional<String> saml1TokenValidator();

        @WssConfigurationConstant(key = "ws-security.saml2.validator", transformer = WssConfigurationConstant.Transformer.beanRef)
        @WithName("saml2.validator")
        Optional<String> saml2TokenValidator();

        @WssConfigurationConstant(key = "ws-security.timestamp.validator", transformer = WssConfigurationConstant.Transformer.beanRef)
        @WithName("timestamp.validator")
        Optional<String> timestampTokenValidator();

        @WssConfigurationConstant(key = "ws-security.signature.validator", transformer = WssConfigurationConstant.Transformer.beanRef)
        @WithName("signature.validator")
        Optional<String> signatureTokenValidator();

        @WssConfigurationConstant(key = "ws-security.bst.validator", transformer = WssConfigurationConstant.Transformer.beanRef)
        @WithName("bst.validator")
        Optional<String> bstTokenValidator();

        @WssConfigurationConstant(key = "ws-security.sct.validator", transformer = WssConfigurationConstant.Transformer.beanRef)
        @WithName("sct.validator")
        Optional<String> sctTokenValidator();

        @WssConfigurationConstant(key = "ws-security.policy.validator.map", transformer = WssConfigurationConstant.Transformer.beanRef)
        @WithName("policy.validator.map")
        Optional<String> policyValidatorMap();
    }

    @WithName("client")
    Map<String, ClientConfig> clients();

    @WithName("endpoint")
    Map<String, EndpointConfig> endpoints();
}
