package io.helidon.common.tls;

import io.helidon.builder.api.Option;
import io.helidon.builder.api.Prototype;
import io.helidon.common.pki.Keys;
import io.helidon.common.tls.spi.TlsManagerProvider;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.util.List;
import java.util.Optional;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;

/* JADX INFO: Access modifiers changed from: package-private */
@Prototype.Blueprint(decorator = TlsConfigDecorator.class)
@Prototype.Configured
/* loaded from: input_file:io/helidon/common/tls/TlsConfigBlueprint.class */
public interface TlsConfigBlueprint extends Prototype.Factory<Tls> {
    public static final String DEFAULT_PROTOCOL = "TLS";
    public static final int DEFAULT_SESSION_CACHE_SIZE = 20480;
    public static final String DEFAULT_SESSION_TIMEOUT = "PT24H";

    @Prototype.FactoryMethod
    static Optional<PrivateKey> createPrivateKey(Keys keys) {
        return keys.privateKey();
    }

    @Prototype.FactoryMethod
    static List<X509Certificate> createPrivateKeyCertChain(Keys keys) {
        return keys.certChain();
    }

    @Prototype.FactoryMethod
    static List<X509Certificate> createTrust(Keys keys) {
        return keys.certs();
    }

    Optional<SSLContext> sslContext();

    @Option.Configured
    Optional<PrivateKey> privateKey();

    @Option.Singular
    @Option.Configured("private-key")
    List<X509Certificate> privateKeyCertChain();

    @Option.Singular
    @Option.Configured
    List<X509Certificate> trust();

    @Option.Configured
    @Option.Provider(value = TlsManagerProvider.class, discoverServices = false)
    TlsManager manager();

    Optional<SecureRandom> secureRandom();

    Optional<SSLParameters> sslParameters();

    @Option.Configured
    Optional<String> secureRandomProvider();

    @Option.Configured
    Optional<String> secureRandomAlgorithm();

    @Option.Configured
    Optional<String> keyManagerFactoryAlgorithm();

    Optional<String> keyManagerFactoryProvider();

    @Option.Configured
    Optional<String> trustManagerFactoryAlgorithm();

    Optional<String> trustManagerFactoryProvider();

    @Option.Singular
    List<String> applicationProtocols();

    @Option.Configured
    @Option.Default({Tls.ENDPOINT_IDENTIFICATION_HTTPS})
    String endpointIdentificationAlgorithm();

    @Option.Configured
    @Option.DefaultBoolean({true})
    boolean enabled();

    @Option.Configured
    @Option.DefaultBoolean({false})
    boolean trustAll();

    @Option.Configured
    @Option.Default({Tls.ENDPOINT_IDENTIFICATION_NONE})
    TlsClientAuth clientAuth();

    @Option.Configured
    @Option.Default({DEFAULT_PROTOCOL})
    String protocol();

    @Option.Configured
    Optional<String> provider();

    @Option.Singular("enabledCipherSuite")
    @Option.Configured("cipher-suite")
    List<String> enabledCipherSuites();

    @Option.Singular
    @Option.Configured("protocols")
    List<String> enabledProtocols();

    @Option.DefaultInt({DEFAULT_SESSION_CACHE_SIZE})
    @Option.Configured
    int sessionCacheSize();

    @Option.Configured
    @Option.Default({DEFAULT_SESSION_TIMEOUT})
    Duration sessionTimeout();

    @Option.Configured
    Optional<String> internalKeystoreType();

    @Option.Configured
    Optional<String> internalKeystoreProvider();

    @Option.Configured
    Optional<RevocationConfig> revocation();
}
