package io.helidon.security;

import io.helidon.common.CollectionsHelper;
import io.helidon.config.Config;
import io.helidon.security.AuditEvent;
import io.helidon.security.SecurityContext;
import io.helidon.security.SecurityEnvironment;
import io.helidon.security.internal.SecurityAuditEvent;
import io.helidon.security.spi.AuditProvider;
import io.helidon.security.spi.AuthenticationProvider;
import io.helidon.security.spi.AuthorizationProvider;
import io.helidon.security.spi.OutboundSecurityProvider;
import io.helidon.security.spi.ProviderSelectionPolicy;
import io.helidon.security.spi.SecurityProvider;
import io.helidon.security.spi.SecurityProviderService;
import io.helidon.security.spi.SubjectMappingProvider;
import io.opentracing.Tracer;
import java.lang.annotation.Annotation;
import java.lang.reflect.Constructor;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.IdentityHashMap;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.ServiceLoader;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.atomic.AtomicReference;
import java.util.function.Consumer;
import java.util.function.Function;
import java.util.function.Supplier;
import java.util.logging.Logger;
import java.util.stream.Collectors;
import java.util.stream.Stream;

/* loaded from: input_file:io/helidon/security/Security.class */
public final class Security {
    public static final String HEADER_ORIG_URI = "X_ORIG_URI_HEADER";
    private static final Set<String> RESERVED_PROVIDER_KEYS = CollectionsHelper.setOf(new String[]{"name", "class", "is-authentication-provider", "is-authorization-provider", "is-client-security-provider", "is-audit-provider"});
    private static final Set<String> CONFIG_INTERNAL_PREFIXES = CollectionsHelper.setOf(new String[]{"provider-policy", "providers", "environment"});
    private static final Logger LOGGER = Logger.getLogger(Security.class.getName());
    private final Collection<Class<? extends Annotation>> annotations;
    private final List<Consumer<AuditProvider.TracedAuditEvent>> auditors;
    private final Optional<SubjectMappingProvider> subjectMappingProvider;
    private final String instanceUuid;
    private final ProviderSelectionPolicy providerSelectionPolicy;
    private final Tracer securityTracer;
    private final SecurityTime serverTime;
    private final Supplier<ExecutorService> executorService;
    private final Config securityConfig;

    /* loaded from: input_file:io/helidon/security/Security$Builder.class */
    public static final class Builder implements io.helidon.common.Builder<Security> {
        private final Set<AuditProvider> auditProviders;
        private final List<NamedProvider<AuthenticationProvider>> atnProviders;
        private final List<NamedProvider<AuthorizationProvider>> atzProviders;
        private final List<NamedProvider<OutboundSecurityProvider>> outboundProviders;
        private final Map<SecurityProvider, Boolean> allProviders;
        private NamedProvider<AuthenticationProvider> authnProvider;
        private NamedProvider<AuthorizationProvider> authzProvider;
        private SubjectMappingProvider subjectMappingProvider;
        private Config config;
        private Function<ProviderSelectionPolicy.Providers, ProviderSelectionPolicy> providerSelectionPolicy;
        private Tracer tracer;
        private boolean tracingEnabled;
        private SecurityTime serverTime;
        private Supplier<ExecutorService> executorService;

        private Builder() {
            this.auditProviders = new LinkedHashSet();
            this.atnProviders = new LinkedList();
            this.atzProviders = new LinkedList();
            this.outboundProviders = new LinkedList();
            this.allProviders = new IdentityHashMap();
            this.config = Config.empty();
            this.providerSelectionPolicy = FirstProviderSelectionPolicy::new;
            this.tracingEnabled = true;
            this.serverTime = SecurityTime.builder().m26build();
            this.executorService = ThreadPoolSupplier.builder().m30build();
        }

        public Builder providerSelectionPolicy(Function<ProviderSelectionPolicy.Providers, ProviderSelectionPolicy> function) {
            this.providerSelectionPolicy = function;
            return this;
        }

        public Builder serverTime(SecurityTime securityTime) {
            this.serverTime = securityTime;
            return this;
        }

        public Builder tracer(Tracer tracer) {
            this.tracer = tracer;
            tracingEnabled(null != tracer);
            return this;
        }

        public Builder tracingEnabled(boolean z) {
            this.tracingEnabled = z;
            return this;
        }

        public Builder disableTracing() {
            return tracingEnabled(false);
        }

        public Builder addProvider(SecurityProvider securityProvider) {
            return addProvider(securityProvider, securityProvider.getClass().getSimpleName());
        }

        public Builder addProvider(io.helidon.common.Builder<? extends SecurityProvider> builder) {
            return addProvider((SecurityProvider) builder.build());
        }

        public Builder addProvider(SecurityProvider securityProvider, String str) {
            Objects.requireNonNull(securityProvider);
            if (securityProvider instanceof AuthenticationProvider) {
                addAuthenticationProvider((AuthenticationProvider) securityProvider, str);
            }
            if (securityProvider instanceof AuthorizationProvider) {
                addAuthorizationProvider((AuthorizationProvider) securityProvider, str);
            }
            if (securityProvider instanceof OutboundSecurityProvider) {
                addOutboundSecurityProvider((OutboundSecurityProvider) securityProvider, str);
            }
            if (securityProvider instanceof AuditProvider) {
                addAuditProvider((AuditProvider) securityProvider);
            }
            if (securityProvider instanceof SubjectMappingProvider) {
                subjectMappingProvider((SubjectMappingProvider) securityProvider);
            }
            return this;
        }

        public Builder addProvider(io.helidon.common.Builder<? extends SecurityProvider> builder, String str) {
            return addProvider((SecurityProvider) builder.build(), str);
        }

        public Builder authenticationProvider(AuthenticationProvider authenticationProvider) {
            this.authnProvider = new NamedProvider<>(authenticationProvider.getClass().getSimpleName(), authenticationProvider);
            return addAuthenticationProvider(authenticationProvider, authenticationProvider.getClass().getSimpleName());
        }

        public Builder authenticationProvider(io.helidon.common.Builder<? extends AuthenticationProvider> builder) {
            return authenticationProvider((AuthenticationProvider) builder.build());
        }

        public Builder authorizationProvider(AuthorizationProvider authorizationProvider) {
            this.authzProvider = new NamedProvider<>(authorizationProvider.getClass().getSimpleName(), authorizationProvider);
            return addAuthorizationProvider(authorizationProvider, authorizationProvider.getClass().getSimpleName());
        }

        public Builder authorizationProvider(io.helidon.common.Builder<? extends AuthorizationProvider> builder) {
            return authorizationProvider((AuthorizationProvider) builder.build());
        }

        public Builder addAuthenticationProvider(AuthenticationProvider authenticationProvider) {
            return addAuthenticationProvider(authenticationProvider, authenticationProvider.getClass().getSimpleName());
        }

        public Builder addAuthenticationProvider(io.helidon.common.Builder<? extends AuthenticationProvider> builder) {
            return addAuthenticationProvider((AuthenticationProvider) builder.build());
        }

        public Builder addAuthenticationProvider(AuthenticationProvider authenticationProvider, String str) {
            Objects.requireNonNull(authenticationProvider);
            NamedProvider<AuthenticationProvider> namedProvider = new NamedProvider<>(str, authenticationProvider);
            if (null == this.authnProvider) {
                this.authnProvider = namedProvider;
            }
            this.atnProviders.add(namedProvider);
            this.allProviders.put(authenticationProvider, true);
            return this;
        }

        public Builder addAuthenticationProvider(io.helidon.common.Builder<? extends AuthenticationProvider> builder, String str) {
            return addAuthenticationProvider((AuthenticationProvider) builder.build(), str);
        }

        public Builder addAuthorizationProvider(AuthorizationProvider authorizationProvider) {
            return addAuthorizationProvider(authorizationProvider, authorizationProvider.getClass().getSimpleName());
        }

        public Builder addAuthorizationProvider(io.helidon.common.Builder<? extends AuthorizationProvider> builder) {
            return addAuthorizationProvider((AuthorizationProvider) builder.build());
        }

        public Builder addAuthorizationProvider(AuthorizationProvider authorizationProvider, String str) {
            Objects.requireNonNull(authorizationProvider);
            NamedProvider<AuthorizationProvider> namedProvider = new NamedProvider<>(str, authorizationProvider);
            if (null == this.authzProvider) {
                this.authzProvider = namedProvider;
            }
            this.atzProviders.add(namedProvider);
            this.allProviders.put(authorizationProvider, true);
            return this;
        }

        public Builder addAuthorizationProvider(io.helidon.common.Builder<? extends AuthorizationProvider> builder, String str) {
            return addAuthorizationProvider((AuthorizationProvider) builder.build(), str);
        }

        public Builder addOutboundSecurityProvider(OutboundSecurityProvider outboundSecurityProvider) {
            return addOutboundSecurityProvider(outboundSecurityProvider, outboundSecurityProvider.getClass().getSimpleName());
        }

        public Builder addOutboundSecurityProvider(io.helidon.common.Builder<? extends OutboundSecurityProvider> builder) {
            return addOutboundSecurityProvider((OutboundSecurityProvider) builder.build());
        }

        public Builder addOutboundSecurityProvider(io.helidon.common.Builder<? extends OutboundSecurityProvider> builder, String str) {
            return addOutboundSecurityProvider((OutboundSecurityProvider) builder.build(), str);
        }

        public Builder addOutboundSecurityProvider(OutboundSecurityProvider outboundSecurityProvider, String str) {
            Objects.requireNonNull(outboundSecurityProvider);
            Objects.requireNonNull(str);
            this.outboundProviders.add(new NamedProvider<>(str, outboundSecurityProvider));
            this.allProviders.put(outboundSecurityProvider, true);
            return this;
        }

        public Builder addAuditProvider(AuditProvider auditProvider) {
            this.auditProviders.add(auditProvider);
            this.allProviders.put(auditProvider, true);
            return this;
        }

        public Builder subjectMappingProvider(SubjectMappingProvider subjectMappingProvider) {
            this.subjectMappingProvider = subjectMappingProvider;
            this.allProviders.put(subjectMappingProvider, true);
            return this;
        }

        public Builder addAuditProvider(io.helidon.common.Builder<? extends AuditProvider> builder) {
            return addAuditProvider((AuditProvider) builder.build());
        }

        public Builder config(Config config) {
            this.config = config;
            return this;
        }

        /* renamed from: build, reason: merged with bridge method [inline-methods] */
        public Security m20build() {
            if (this.allProviders.isEmpty()) {
                Security.LOGGER.warning("Security component is NOT configured with any security providers.");
            }
            if (this.auditProviders.isEmpty()) {
                addAuditProvider((DefaultAuditProvider) this.config.map(DefaultAuditProvider::fromConfig));
            }
            if (this.atnProviders.isEmpty()) {
                addAuthenticationProvider(providerRequest -> {
                    return CompletableFuture.completedFuture(AuthenticationResponse.success(SecurityContext.ANONYMOUS));
                }, "default");
            }
            if (this.atzProviders.isEmpty()) {
                addAuthorizationProvider(providerRequest2 -> {
                    return CompletableFuture.completedFuture(AuthorizationResponse.permit());
                }, "default");
            }
            return new Security(this);
        }

        Builder fromConfig(Config config) {
            this.config = config.get(AuditEvent.SECURITY_TYPE_PREFIX);
            config.get("security.environment.server-time").asOptional(SecurityTime.class).ifPresent(this::serverTime);
            executorSupplier(ThreadPoolSupplier.from(config));
            HashMap hashMap = new HashMap();
            HashMap hashMap2 = new HashMap();
            String loadProviderServices = loadProviderServices(hashMap, hashMap2);
            config.get("security.tracing.enabled").asOptional(Boolean.class).ifPresent((v1) -> {
                tracingEnabled(v1);
            });
            config.get("security.providers").asList(Config.class).forEach(config2 -> {
                AtomicReference<SecurityProviderService> atomicReference = new AtomicReference<>();
                AtomicReference<Config> atomicReference2 = new AtomicReference<>();
                String str = (String) config2.get("class").value().orElse(null);
                if (null == str) {
                    findProviderService(hashMap, loadProviderServices, config2, atomicReference, atomicReference2);
                } else {
                    SecurityProviderService securityProviderService = (SecurityProviderService) hashMap2.get(str);
                    if (null == securityProviderService) {
                        findProviderSpecificConfig(config2, atomicReference2);
                    } else {
                        atomicReference.set(securityProviderService);
                        atomicReference2.set(config2.get(securityProviderService.providerConfigKey()));
                    }
                }
                Config config2 = atomicReference2.get();
                SecurityProviderService securityProviderService2 = atomicReference.get();
                if (null == str && null == securityProviderService2) {
                    throw new SecurityException("Each configured provider MUST have a \"class\" configuration property defined or a custom configuration section mapped to that provider, supported keys: " + loadProviderServices);
                }
                String resolveProviderName = resolveProviderName(config2, str, config2, securityProviderService2);
                boolean asBoolean = config2.get("is-authentication-provider").asBoolean(true);
                boolean asBoolean2 = config2.get("is-authorization-provider").asBoolean(true);
                boolean asBoolean3 = config2.get("is-client-security-provider").asBoolean(true);
                boolean asBoolean4 = config2.get("is-audit-provider").asBoolean(true);
                boolean asBoolean5 = config2.get("is-subject-mapper").asBoolean(true);
                SecurityProvider providerInstance = null == securityProviderService2 ? (SecurityProvider) SecurityUtil.instantiate(str, SecurityProvider.class, config2) : securityProviderService2.getProviderInstance(config2);
                if (asBoolean && (providerInstance instanceof AuthenticationProvider)) {
                    addAuthenticationProvider((AuthenticationProvider) providerInstance, resolveProviderName);
                }
                if (asBoolean2 && (providerInstance instanceof AuthorizationProvider)) {
                    addAuthorizationProvider((AuthorizationProvider) providerInstance, resolveProviderName);
                }
                if (asBoolean3 && (providerInstance instanceof OutboundSecurityProvider)) {
                    addOutboundSecurityProvider((OutboundSecurityProvider) providerInstance, resolveProviderName);
                }
                if (asBoolean4 && (providerInstance instanceof AuditProvider)) {
                    addAuditProvider((AuditProvider) providerInstance);
                }
                if (asBoolean5 && (providerInstance instanceof SubjectMappingProvider)) {
                    subjectMappingProvider((SubjectMappingProvider) providerInstance);
                }
            });
            if (this.allProviders.isEmpty()) {
                throw new SecurityException("Security is not configured. At least one security provider MUST be present.");
            }
            String asString = config.get("security.default-authentication-provider").asString((String) null);
            if (null != asString) {
                authenticationProvider((AuthenticationProvider) this.atnProviders.stream().filter(namedProvider -> {
                    return namedProvider.getName().equals(asString);
                }).findFirst().map((v0) -> {
                    return v0.getProvider();
                }).orElseThrow(() -> {
                    return new SecurityException("Authentication provider named \"" + asString + "\" is set as default, yet no provider configuration exists");
                }));
            }
            String asString2 = config.get("security.default-authorization-provider").asString((String) null);
            if (null != asString2) {
                authorizationProvider((AuthorizationProvider) this.atzProviders.stream().filter(namedProvider2 -> {
                    return namedProvider2.getName().equals(asString2);
                }).findFirst().map((v0) -> {
                    return v0.getProvider();
                }).orElseThrow(() -> {
                    return new SecurityException("Authorization provider named \"" + asString2 + "\" is set as default, yet no provider configuration exists");
                }));
            }
            Config config3 = config.get("security.provider-policy");
            ProviderSelectionPolicyType providerSelectionPolicyType = (ProviderSelectionPolicyType) config3.get("type").map(ProviderSelectionPolicyType::from, ProviderSelectionPolicyType.FIRST);
            switch (providerSelectionPolicyType) {
                case FIRST:
                    this.providerSelectionPolicy = FirstProviderSelectionPolicy::new;
                    break;
                case COMPOSITE:
                    this.providerSelectionPolicy = CompositeProviderSelectionPolicy.fromConfig(config3);
                    break;
                case CLASS:
                    this.providerSelectionPolicy = findProviderSelectionPolicy(config3);
                    break;
                default:
                    throw new IllegalStateException("Invalid enum option: " + providerSelectionPolicyType + ", probably version mis-match");
            }
            return this;
        }

        private void executorSupplier(Supplier<ExecutorService> supplier) {
            this.executorService = supplier;
        }

        private String resolveProviderName(Config config, String str, Config config2, SecurityProviderService securityProviderService) {
            return (String) config.get("name").value().orElseGet(() -> {
                if (null != config2) {
                    return config2.name();
                }
                if (null == str) {
                    return securityProviderService.getProviderClass().getSimpleName();
                }
                int indexOf = str.indexOf(46);
                return indexOf > -1 ? str.substring(indexOf + 1) : str;
            });
        }

        private void findProviderSpecificConfig(Config config, AtomicReference<Config> atomicReference) {
            config.asNodeList().stream().filter(this::notReservedProviderKey).forEach(config2 -> {
                if (!atomicReference.compareAndSet(null, config2)) {
                    throw new SecurityException("More than one provider configurations found, each provider can only have one provide specific config. Conflict: " + ((Config) atomicReference.get()).key() + " and " + config2.key());
                }
            });
        }

        private void findProviderService(Map<String, SecurityProviderService> map, String str, Config config, AtomicReference<SecurityProviderService> atomicReference, AtomicReference<Config> atomicReference2) {
            config.asNodeList().stream().filter(this::notReservedProviderKey).forEach(config2 -> {
                if (!atomicReference2.compareAndSet(null, config2)) {
                    throw new SecurityException("More than one provider configurations found, each provider can only have one provider specific config. Conflict: " + ((Config) atomicReference2.get()).key() + " and " + config2.key());
                }
                String name = config2.name();
                if (!map.containsKey(name)) {
                    throw new SecurityException("Configuration key " + config2.key() + " is not a valid provider configuration. Supported keys: " + str);
                }
                atomicReference.set((SecurityProviderService) map.get(name));
            });
        }

        private String loadProviderServices(Map<String, SecurityProviderService> map, Map<String, SecurityProviderService> map2) {
            HashSet hashSet = new HashSet();
            ServiceLoader.load(SecurityProviderService.class).forEach(securityProviderService -> {
                String providerConfigKey = securityProviderService.providerConfigKey();
                if (null != providerConfigKey) {
                    map.put(providerConfigKey, securityProviderService);
                    hashSet.add(providerConfigKey);
                }
                map2.put(securityProviderService.getProviderClass().getName(), securityProviderService);
            });
            return String.join(", ", hashSet);
        }

        private boolean notReservedProviderKey(Config config) {
            return !Security.RESERVED_PROVIDER_KEYS.contains(config.name());
        }

        private Function<ProviderSelectionPolicy.Providers, ProviderSelectionPolicy> findProviderSelectionPolicy(Config config) {
            Class cls = (Class) config.get("class-name").asOptional(Class.class).orElseThrow(() -> {
                return new java.lang.SecurityException("You have configured a CLASS provider selection without configuring class-name");
            });
            if (!ProviderSelectionPolicy.class.isAssignableFrom(cls)) {
                throw new SecurityException("Class " + cls.getName() + " does not implement ProviderSelectionPolicy");
            }
            try {
                Constructor constructor = cls.getConstructor(ProviderSelectionPolicy.Providers.class, Config.class);
                if (ReflectionUtil.canAccess(getClass(), constructor)) {
                    return providers -> {
                        try {
                            return (ProviderSelectionPolicy) constructor.newInstance(providers, config);
                        } catch (Exception e) {
                            throw new SecurityException("Failed to instantiate ProviderSelectionPolicy", e);
                        }
                    };
                }
                throw new SecurityException("Constructor " + constructor + " of class " + cls.getName() + " is not accessible");
            } catch (NoSuchMethodException e) {
                try {
                    Constructor constructor2 = cls.getConstructor(ProviderSelectionPolicy.Providers.class);
                    if (ReflectionUtil.canAccess(getClass(), constructor2)) {
                        return providers2 -> {
                            try {
                                return (ProviderSelectionPolicy) constructor2.newInstance(providers2);
                            } catch (Exception e2) {
                                throw new SecurityException("Failed to instantiate ProviderSelectionPolicy", e2);
                            }
                        };
                    }
                    throw new SecurityException("Constructor " + constructor2 + " of class " + cls.getName() + " is not accessible");
                } catch (NoSuchMethodException e2) {
                    throw new SecurityException("You have configured " + cls.getName() + " as provider selection policy class, yet it is missing public constructor with Providers or Providers and Config as parameters.", e2);
                }
            }
        }
    }

    private Security(Builder builder) {
        this.annotations = new LinkedList();
        this.auditors = new LinkedList();
        this.instanceUuid = UUID.randomUUID().toString();
        this.serverTime = builder.serverTime;
        this.executorService = builder.executorService;
        this.annotations.addAll(SecurityUtil.getAnnotations(builder.allProviders));
        this.securityTracer = SecurityUtil.getTracer(builder.tracingEnabled, builder.tracer);
        this.subjectMappingProvider = Optional.ofNullable(builder.subjectMappingProvider);
        this.securityConfig = builder.config;
        final LinkedList linkedList = new LinkedList();
        final LinkedList linkedList2 = new LinkedList();
        final LinkedList linkedList3 = new LinkedList();
        linkedList.addAll(builder.atzProviders);
        linkedList2.addAll(builder.atnProviders);
        linkedList3.addAll(builder.outboundProviders);
        builder.auditProviders.forEach(auditProvider -> {
            this.auditors.add(auditProvider.getAuditConsumer());
        });
        audit(this.instanceUuid, SecurityAuditEvent.info("security.configure", "Security initialized. Providers: audit: \"%s\"; authn: \"%s\"; authz: \"%s\"; identity propagation: \"%s\";").addParam(AuditEvent.AuditParam.plain("auditProviders", SecurityUtil.forAudit(builder.auditProviders))).addParam(AuditEvent.AuditParam.plain("authenticationProvider", SecurityUtil.forAuditNamed(linkedList2))).addParam(AuditEvent.AuditParam.plain("authorizationProvider", SecurityUtil.forAuditNamed(linkedList))).addParam(AuditEvent.AuditParam.plain("identityPropagationProvider", SecurityUtil.forAuditNamed(linkedList3))));
        final NamedProvider namedProvider = builder.authnProvider;
        final NamedProvider namedProvider2 = builder.authzProvider;
        this.providerSelectionPolicy = (ProviderSelectionPolicy) builder.providerSelectionPolicy.apply(new ProviderSelectionPolicy.Providers() { // from class: io.helidon.security.Security.1
            @Override // io.helidon.security.spi.ProviderSelectionPolicy.Providers
            public <T extends SecurityProvider> List<NamedProvider<T>> getProviders(Class<T> cls) {
                if (cls.equals(AuthenticationProvider.class)) {
                    LinkedList linkedList4 = new LinkedList();
                    linkedList4.add(namedProvider);
                    Stream stream = linkedList2.stream();
                    NamedProvider namedProvider3 = namedProvider;
                    stream.filter(namedProvider4 -> {
                        return namedProvider4 != namedProvider3;
                    }).forEach(namedProvider5 -> {
                        linkedList4.add(namedProvider5);
                    });
                    return linkedList4;
                }
                if (!cls.equals(AuthorizationProvider.class)) {
                    if (!cls.equals(OutboundSecurityProvider.class)) {
                        throw new SecurityException("Security only supports AuthenticationProvider, AuthorizationProvider and OutboundSecurityProvider in provider selection policy, not " + cls.getName());
                    }
                    LinkedList linkedList5 = new LinkedList();
                    linkedList3.forEach(namedProvider6 -> {
                        linkedList5.add(namedProvider6);
                    });
                    return linkedList5;
                }
                LinkedList linkedList6 = new LinkedList();
                linkedList6.add(namedProvider2);
                Stream stream2 = linkedList.stream();
                NamedProvider namedProvider7 = namedProvider2;
                stream2.filter(namedProvider8 -> {
                    return namedProvider8 != namedProvider7;
                }).forEach(namedProvider9 -> {
                    linkedList6.add(namedProvider9);
                });
                return linkedList6;
            }
        });
    }

    public static Security fromConfig(Config config) {
        Objects.requireNonNull(config, "Configuration must not be null");
        return builder().config(config).fromConfig(config).m20build();
    }

    public static Builder builderFromConfig(Config config) {
        Objects.requireNonNull(config, "Configuration must not be null");
        return builder().config(config).fromConfig(config);
    }

    public static Builder builder() {
        return new Builder();
    }

    public static Set<String> getRoles(Subject subject) {
        return (Set) subject.getGrants(Role.class).stream().map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toSet());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void audit(String str, AuditEvent auditEvent) {
        AuditProvider.AuditSource build = AuditProvider.AuditSource.build();
        Iterator<Consumer<AuditProvider.TracedAuditEvent>> it = this.auditors.iterator();
        while (it.hasNext()) {
            it.next().accept(SecurityUtil.wrapEvent(str, build, auditEvent));
        }
    }

    public SecurityTime getServerTime() {
        return this.serverTime;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Supplier<ExecutorService> getExecutorService() {
        return this.executorService;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ProviderSelectionPolicy getProviderSelectionPolicy() {
        return this.providerSelectionPolicy;
    }

    public SecurityContext.Builder contextBuilder(String str) {
        return new SecurityContext.Builder(this).id((null == str || str.isEmpty()) ? this.instanceUuid + ":?" : this.instanceUuid + ":" + str).executorService(this.executorService).tracingTracer(this.securityTracer).serverTime(this.serverTime);
    }

    public SecurityContext createContext(String str) {
        return contextBuilder(str).m23build();
    }

    public Tracer getTracer() {
        return this.securityTracer;
    }

    public Collection<Class<? extends Annotation>> getCustomAnnotations() {
        return this.annotations;
    }

    public Config getConfig(String str) {
        if (str.trim().isEmpty()) {
            throw new IllegalArgumentException("Root of security configuration is not available");
        }
        for (String str2 : CONFIG_INTERNAL_PREFIXES) {
            if (str.equals(str2) || str.startsWith(str2 + ".")) {
                throw new IllegalArgumentException("Security configuration for " + str2 + " is not available");
            }
        }
        return this.securityConfig.get(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Optional<? extends AuthenticationProvider> resolveAtnProvider(String str) {
        return resolveProvider(AuthenticationProvider.class, str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Optional<AuthorizationProvider> resolveAtzProvider(String str) {
        return resolveProvider(AuthorizationProvider.class, str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<? extends OutboundSecurityProvider> resolveOutboundProvider(String str) {
        return null != str ? (List) resolveProvider(OutboundSecurityProvider.class, str).map(outboundSecurityProvider -> {
            return CollectionsHelper.listOf(new OutboundSecurityProvider[]{outboundSecurityProvider});
        }).orElse(CollectionsHelper.listOf()) : this.providerSelectionPolicy.selectOutboundProviders();
    }

    private <T extends SecurityProvider> Optional<T> resolveProvider(Class<T> cls, String str) {
        if (null == str) {
            return this.providerSelectionPolicy.selectProvider(cls);
        }
        Optional<T> selectProvider = this.providerSelectionPolicy.selectProvider(cls, str);
        if (selectProvider.isPresent()) {
            return selectProvider;
        }
        throw new SecurityException("Named " + cls.getSimpleName() + " expected for name \"" + str + "\" yet none is configured for such a name");
    }

    public SecurityEnvironment.Builder environmentBuilder() {
        return SecurityEnvironment.builder(this.serverTime);
    }

    public Optional<SubjectMappingProvider> getSubjectMapper() {
        return this.subjectMappingProvider;
    }
}
