package io.helidon.common.tls;

import io.helidon.builder.api.Option;
import io.helidon.builder.api.Prototype;
import io.helidon.common.pki.Keys;
import io.helidon.common.tls.spi.TlsManagerProvider;
import io.helidon.config.metadata.Configured;
import io.helidon.config.metadata.ConfiguredOption;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.util.List;
import java.util.Optional;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;

/* JADX INFO: Access modifiers changed from: package-private */
@Prototype.Blueprint(decorator = TlsConfigDecorator.class)
@Configured
/* loaded from: input_file:io/helidon/common/tls/TlsConfigBlueprint.class */
public interface TlsConfigBlueprint extends Prototype.Factory<Tls> {
    public static final String DEFAULT_PROTOCOL = "TLS";

    @Prototype.FactoryMethod
    static Optional<PrivateKey> createPrivateKey(Keys keys) {
        return keys.privateKey();
    }

    @Prototype.FactoryMethod
    static List<X509Certificate> createPrivateKeyCertChain(Keys keys) {
        return keys.certChain();
    }

    @Prototype.FactoryMethod
    static List<X509Certificate> createTrust(Keys keys) {
        return keys.certs();
    }

    Optional<SSLContext> sslContext();

    @ConfiguredOption
    Optional<PrivateKey> privateKey();

    @Option.Singular
    @ConfiguredOption(key = "private-key")
    List<X509Certificate> privateKeyCertChain();

    @Option.Singular
    @ConfiguredOption
    List<X509Certificate> trust();

    @ConfiguredOption(provider = true, providerType = TlsManagerProvider.class, providerDiscoverServices = false)
    TlsManager manager();

    Optional<SecureRandom> secureRandom();

    Optional<SSLParameters> sslParameters();

    @ConfiguredOption
    Optional<String> secureRandomProvider();

    @ConfiguredOption
    Optional<String> secureRandomAlgorithm();

    @ConfiguredOption
    Optional<String> keyManagerFactoryAlgorithm();

    Optional<String> keyManagerFactoryProvider();

    @ConfiguredOption
    Optional<String> trustManagerFactoryAlgorithm();

    Optional<String> trustManagerFactoryProvider();

    @Option.Singular
    List<String> applicationProtocols();

    @ConfiguredOption(Tls.ENDPOINT_IDENTIFICATION_HTTPS)
    String endpointIdentificationAlgorithm();

    @ConfiguredOption("true")
    boolean enabled();

    @ConfiguredOption("false")
    boolean trustAll();

    @ConfiguredOption(Tls.ENDPOINT_IDENTIFICATION_NONE)
    TlsClientAuth clientAuth();

    @ConfiguredOption(DEFAULT_PROTOCOL)
    String protocol();

    @ConfiguredOption
    Optional<String> provider();

    @ConfiguredOption(key = "cipher-suite")
    @Option.Singular("enabledCipherSuite")
    List<String> enabledCipherSuites();

    @ConfiguredOption(key = "protocols")
    @Option.Singular
    List<String> enabledProtocols();

    @ConfiguredOption("1024")
    int sessionCacheSize();

    @ConfiguredOption("PT30M")
    Duration sessionTimeout();

    @ConfiguredOption
    Optional<String> internalKeystoreType();

    @ConfiguredOption
    Optional<String> internalKeystoreProvider();
}
