package org.elasticsearch.xpack.core.ssl;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Locale;
import java.util.Optional;
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.net.ssl.TrustManagerFactory;
import org.elasticsearch.common.settings.SecureSetting;
import org.elasticsearch.common.settings.SecureString;
import org.elasticsearch.common.settings.Setting;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.ssl.SslConfigException;
import org.elasticsearch.common.ssl.SslConfigurationKeys;
import org.elasticsearch.common.util.CollectionUtils;
import org.elasticsearch.xpack.core.ml.process.writer.RecordWriter;
import org.elasticsearch.xpack.core.security.authc.RealmSettings;
import org.elasticsearch.xpack.core.security.authc.saml.SamlRealmSettings;

/* loaded from: input_file:lib/x-pack-core-7.17.14.jar:org/elasticsearch/xpack/core/ssl/SSLConfigurationSettings.class */
public class SSLConfigurationSettings {
    final X509KeyPairSettings x509KeyPair;
    public final Setting<List<String>> ciphers;
    public final Setting<List<String>> supportedProtocols;
    public final Setting<Optional<String>> truststorePath;
    public final Setting<SecureString> truststorePassword;
    public final Setting<String> truststoreAlgorithm;
    public final Setting<Optional<String>> truststoreType;
    public final Setting<Optional<String>> trustRestrictionsPath;
    public final Setting<List<String>> trustRestrictionsX509Fields;
    public final Setting<List<String>> caPaths;
    public final Setting<Optional<SSLClientAuth>> clientAuth;
    public final Setting<Optional<VerificationMode>> verificationMode;
    public final Setting<SecureString> legacyTruststorePassword;
    private final List<Setting<?>> allSettings;
    private static final String DEFAULT_KEYSTORE_TYPE = "jks";
    private static final String PKCS12_KEYSTORE_TYPE = "PKCS12";
    private static final Function<String, Setting<List<String>>> CIPHERS_SETTING_TEMPLATE;
    public static final Setting<List<String>> CIPHERS_SETTING_PROFILES;
    public static final Function<String, Setting.AffixSetting<List<String>>> CIPHERS_SETTING_REALM;
    private static final Function<String, Setting<List<String>>> SUPPORTED_PROTOCOLS_TEMPLATE;
    public static final Setting<List<String>> SUPPORTED_PROTOCOLS_PROFILES;
    public static final Function<String, Setting.AffixSetting<List<String>>> SUPPORTED_PROTOCOLS_REALM;
    static final Setting<Optional<String>> KEYSTORE_PATH_PROFILES;
    static final Function<String, Setting.AffixSetting<Optional<String>>> KEYSTORE_PATH_REALM;
    public static final Setting<SecureString> LEGACY_KEYSTORE_PASSWORD_PROFILES;
    public static final Function<String, Setting.AffixSetting<SecureString>> LEGACY_KEYSTORE_PASSWORD_REALM;
    public static final Setting<SecureString> KEYSTORE_PASSWORD_PROFILES;
    public static final Function<String, Setting.AffixSetting<SecureString>> KEYSTORE_PASSWORD_REALM;
    public static final Setting<SecureString> LEGACY_KEYSTORE_KEY_PASSWORD_PROFILES;
    public static final Function<String, Setting.AffixSetting<SecureString>> LEGACY_KEYSTORE_KEY_PASSWORD_REALM;
    public static final Setting<SecureString> KEYSTORE_KEY_PASSWORD_PROFILES;
    public static final Function<String, Setting.AffixSetting<SecureString>> KEYSTORE_KEY_PASSWORD_REALM;
    public static final Function<String, Setting<Optional<String>>> TRUST_STORE_PATH_TEMPLATE;
    public static final Setting<Optional<String>> TRUST_STORE_PATH_PROFILES;
    public static final Function<String, Setting.AffixSetting<Optional<String>>> TRUST_STORE_PATH_REALM;
    public static final Setting<Optional<String>> KEY_PATH_PROFILES;
    public static final Function<String, Setting.AffixSetting<Optional<String>>> KEY_PATH_REALM;
    public static final Function<String, Setting<SecureString>> LEGACY_TRUSTSTORE_PASSWORD_TEMPLATE;
    public static final Setting<SecureString> LEGACY_TRUSTSTORE_PASSWORD_PROFILES;
    public static final Function<String, Setting.AffixSetting<SecureString>> LEGACY_TRUST_STORE_PASSWORD_REALM;
    public static final Function<String, Setting<SecureString>> TRUSTSTORE_PASSWORD_TEMPLATE;
    public static final Setting<SecureString> TRUSTSTORE_PASSWORD_PROFILES;
    public static final Function<String, Setting.AffixSetting<SecureString>> TRUST_STORE_PASSWORD_REALM;
    public static final Setting<String> KEY_STORE_ALGORITHM_PROFILES;
    public static final Function<String, Setting.AffixSetting<String>> KEY_STORE_ALGORITHM_REALM;
    public static final Function<String, Setting<String>> TRUST_STORE_ALGORITHM_TEMPLATE;
    public static final Setting<String> TRUST_STORE_ALGORITHM_PROFILES;
    public static final Function<String, Setting.AffixSetting<String>> TRUST_STORE_ALGORITHM_REALM;
    public static final Setting<Optional<String>> KEY_STORE_TYPE_PROFILES;
    public static final Function<String, Setting.AffixSetting<Optional<String>>> KEY_STORE_TYPE_REALM;
    public static final Function<String, Setting<Optional<String>>> TRUST_STORE_TYPE_TEMPLATE;
    public static final Setting<Optional<String>> TRUST_STORE_TYPE_PROFILES;
    public static final Function<String, Setting.AffixSetting<Optional<String>>> TRUST_STORE_TYPE_REALM;
    private static final Function<String, Setting<Optional<String>>> TRUST_RESTRICTIONS_TEMPLATE;
    public static final Setting<Optional<String>> TRUST_RESTRICTIONS_PROFILES;
    public static final Function<String, Setting.AffixSetting<Optional<String>>> TRUST_RESTRICTIONS_REALM;
    public static final Function<String, Setting<List<String>>> TRUST_RESTRICTIONS_X509_FIELDS_TEMPLATE;
    public static final Setting<SecureString> LEGACY_KEY_PASSWORD_PROFILES;
    public static final Function<String, Setting.AffixSetting<SecureString>> LEGACY_KEY_PASSWORD_REALM;
    public static final Setting<SecureString> KEY_PASSWORD_PROFILES;
    public static final Function<String, Setting.AffixSetting<SecureString>> KEY_PASSWORD_REALM;
    public static final Setting<Optional<String>> CERT_PROFILES;
    public static final Function<String, Setting.AffixSetting<Optional<String>>> CERT_REALM;
    public static final Function<String, Setting<List<String>>> CAPATH_SETTING_TEMPLATE;
    public static final Setting<List<String>> CAPATH_SETTING_PROFILES;
    public static final Function<String, Setting.AffixSetting<List<String>>> CAPATH_SETTING_REALM;
    private static final Function<String, Setting<Optional<SSLClientAuth>>> CLIENT_AUTH_SETTING_TEMPLATE;
    public static final Setting<Optional<SSLClientAuth>> CLIENT_AUTH_SETTING_PROFILES;
    public static final Function<String, Setting.AffixSetting<Optional<SSLClientAuth>>> CLIENT_AUTH_SETTING_REALM;
    private static final Function<String, Setting<Optional<VerificationMode>>> VERIFICATION_MODE_SETTING_TEMPLATE;
    public static final Setting<Optional<VerificationMode>> VERIFICATION_MODE_SETTING_PROFILES;
    public static final Function<String, Setting.AffixSetting<Optional<VerificationMode>>> VERIFICATION_MODE_SETTING_REALM;
    static final /* synthetic */ boolean $assertionsDisabled;

    private SSLConfigurationSettings(String str) {
        if (!$assertionsDisabled && str == null) {
            throw new AssertionError("Prefix cannot be null (but can be blank)");
        }
        this.x509KeyPair = X509KeyPairSettings.withPrefix(str, true);
        this.ciphers = CIPHERS_SETTING_TEMPLATE.apply(str + SslConfigurationKeys.CIPHERS);
        this.supportedProtocols = SUPPORTED_PROTOCOLS_TEMPLATE.apply(str + SslConfigurationKeys.PROTOCOLS);
        this.truststorePath = TRUST_STORE_PATH_TEMPLATE.apply(str + SslConfigurationKeys.TRUSTSTORE_PATH);
        this.legacyTruststorePassword = LEGACY_TRUSTSTORE_PASSWORD_TEMPLATE.apply(str + SslConfigurationKeys.TRUSTSTORE_LEGACY_PASSWORD);
        this.truststorePassword = TRUSTSTORE_PASSWORD_TEMPLATE.apply(str + SslConfigurationKeys.TRUSTSTORE_SECURE_PASSWORD);
        this.truststoreAlgorithm = TRUST_STORE_ALGORITHM_TEMPLATE.apply(str + SslConfigurationKeys.TRUSTSTORE_ALGORITHM);
        this.truststoreType = TRUST_STORE_TYPE_TEMPLATE.apply(str + SslConfigurationKeys.TRUSTSTORE_TYPE);
        this.trustRestrictionsPath = TRUST_RESTRICTIONS_TEMPLATE.apply(str + "trust_restrictions.path");
        this.trustRestrictionsX509Fields = TRUST_RESTRICTIONS_X509_FIELDS_TEMPLATE.apply(str + "trust_restrictions.x509_fields");
        this.caPaths = CAPATH_SETTING_TEMPLATE.apply(str + SslConfigurationKeys.CERTIFICATE_AUTHORITIES);
        this.clientAuth = CLIENT_AUTH_SETTING_TEMPLATE.apply(str + SslConfigurationKeys.CLIENT_AUTH);
        this.verificationMode = VERIFICATION_MODE_SETTING_TEMPLATE.apply(str + SslConfigurationKeys.VERIFICATION_MODE);
        ArrayList arrayAsArrayList = CollectionUtils.arrayAsArrayList(this.ciphers, this.supportedProtocols, this.truststorePath, this.truststorePassword, this.truststoreAlgorithm, this.truststoreType, this.trustRestrictionsPath, this.trustRestrictionsX509Fields, this.caPaths, this.clientAuth, this.verificationMode, this.legacyTruststorePassword);
        arrayAsArrayList.addAll(this.x509KeyPair.getAllSettings());
        this.allSettings = Collections.unmodifiableList(arrayAsArrayList);
    }

    public static String getKeyStoreType(Setting<Optional<String>> setting, Settings settings, String str) {
        return setting.get(settings).orElseGet(() -> {
            return inferKeyStoreType(str);
        });
    }

    public static String inferKeyStoreType(String str) {
        String lowerCase = str == null ? "" : str.toLowerCase(Locale.ROOT);
        return (lowerCase.endsWith(".p12") || lowerCase.endsWith(".pfx") || lowerCase.endsWith(".pkcs12")) ? PKCS12_KEYSTORE_TYPE : DEFAULT_KEYSTORE_TYPE;
    }

    public List<Setting<?>> getAllSettings() {
        return this.allSettings;
    }

    public static SSLConfigurationSettings withoutPrefix() {
        return new SSLConfigurationSettings("");
    }

    public static SSLConfigurationSettings withPrefix(String str) {
        if ($assertionsDisabled || str.endsWith(SamlRealmSettings.SSL_PREFIX)) {
            return new SSLConfigurationSettings(str);
        }
        throw new AssertionError("The ssl config prefix (" + str + ") should end in 'ssl.'");
    }

    public static Collection<Setting<?>> getProfileSettings() {
        return Arrays.asList(CIPHERS_SETTING_PROFILES, SUPPORTED_PROTOCOLS_PROFILES, KEYSTORE_PATH_PROFILES, LEGACY_KEYSTORE_PASSWORD_PROFILES, KEYSTORE_PASSWORD_PROFILES, LEGACY_KEYSTORE_KEY_PASSWORD_PROFILES, KEYSTORE_KEY_PASSWORD_PROFILES, TRUST_STORE_PATH_PROFILES, LEGACY_TRUSTSTORE_PASSWORD_PROFILES, TRUSTSTORE_PASSWORD_PROFILES, KEY_STORE_ALGORITHM_PROFILES, TRUST_STORE_ALGORITHM_PROFILES, KEY_STORE_TYPE_PROFILES, TRUST_STORE_TYPE_PROFILES, TRUST_RESTRICTIONS_PROFILES, KEY_PATH_PROFILES, LEGACY_KEY_PASSWORD_PROFILES, KEY_PASSWORD_PROFILES, CERT_PROFILES, CAPATH_SETTING_PROFILES, CLIENT_AUTH_SETTING_PROFILES, VERIFICATION_MODE_SETTING_PROFILES);
    }

    public static Collection<Setting.AffixSetting<?>> getRealmSettings(String str) {
        return (Collection) Stream.of((Object[]) new Function[]{CIPHERS_SETTING_REALM, SUPPORTED_PROTOCOLS_REALM, KEYSTORE_PATH_REALM, LEGACY_KEYSTORE_PASSWORD_REALM, KEYSTORE_PASSWORD_REALM, LEGACY_KEYSTORE_KEY_PASSWORD_REALM, KEYSTORE_KEY_PASSWORD_REALM, TRUST_STORE_PATH_REALM, LEGACY_TRUST_STORE_PASSWORD_REALM, TRUST_STORE_PASSWORD_REALM, KEY_STORE_ALGORITHM_REALM, TRUST_STORE_ALGORITHM_REALM, KEY_STORE_TYPE_REALM, TRUST_STORE_TYPE_REALM, TRUST_RESTRICTIONS_REALM, KEY_PATH_REALM, LEGACY_KEY_PASSWORD_REALM, KEY_PASSWORD_REALM, CERT_REALM, CAPATH_SETTING_REALM, CLIENT_AUTH_SETTING_REALM, VERIFICATION_MODE_SETTING_REALM}).map(function -> {
            return (Setting.AffixSetting) function.apply(str);
        }).collect(Collectors.toList());
    }

    public List<Setting<SecureString>> getSecureSettingsInUse(Settings settings) {
        return (List) Stream.of((Object[]) new Setting[]{this.truststorePassword, this.x509KeyPair.keystorePassword, this.x509KeyPair.keystoreKeyPassword, this.x509KeyPair.keyPassword}).filter(setting -> {
            return setting.exists(settings);
        }).collect(Collectors.toList());
    }

    static {
        $assertionsDisabled = !SSLConfigurationSettings.class.desiredAssertionStatus();
        CIPHERS_SETTING_TEMPLATE = str -> {
            return Setting.listSetting(str, (List<String>) Collections.emptyList(), Function.identity(), Setting.Property.NodeScope, Setting.Property.Filtered);
        };
        CIPHERS_SETTING_PROFILES = Setting.affixKeySetting("transport.profiles.", "xpack.security.ssl.cipher_suites", CIPHERS_SETTING_TEMPLATE, new Setting.AffixSettingDependency[0]);
        CIPHERS_SETTING_REALM = str2 -> {
            return Setting.affixKeySetting(RealmSettings.PREFIX + str2 + RecordWriter.CONTROL_FIELD_NAME, "ssl.cipher_suites", CIPHERS_SETTING_TEMPLATE, new Setting.AffixSettingDependency[0]);
        };
        SUPPORTED_PROTOCOLS_TEMPLATE = str3 -> {
            return Setting.listSetting(str3, (List<String>) Collections.emptyList(), Function.identity(), Setting.Property.NodeScope, Setting.Property.Filtered);
        };
        SUPPORTED_PROTOCOLS_PROFILES = Setting.affixKeySetting("transport.profiles.", "xpack.security.ssl.supported_protocols", SUPPORTED_PROTOCOLS_TEMPLATE, new Setting.AffixSettingDependency[0]);
        SUPPORTED_PROTOCOLS_REALM = str4 -> {
            return Setting.affixKeySetting(RealmSettings.PREFIX + str4 + RecordWriter.CONTROL_FIELD_NAME, "ssl.supported_protocols", SUPPORTED_PROTOCOLS_TEMPLATE, new Setting.AffixSettingDependency[0]);
        };
        KEYSTORE_PATH_PROFILES = Setting.affixKeySetting("transport.profiles.", "xpack.security.ssl.keystore.path", X509KeyPairSettings.KEYSTORE_PATH_TEMPLATE, new Setting.AffixSettingDependency[0]);
        KEYSTORE_PATH_REALM = str5 -> {
            return Setting.affixKeySetting(RealmSettings.PREFIX + str5 + RecordWriter.CONTROL_FIELD_NAME, "ssl.keystore.path", X509KeyPairSettings.KEYSTORE_PATH_TEMPLATE, new Setting.AffixSettingDependency[0]);
        };
        LEGACY_KEYSTORE_PASSWORD_PROFILES = Setting.affixKeySetting("transport.profiles.", "xpack.security.ssl.keystore.password", X509KeyPairSettings.LEGACY_KEYSTORE_PASSWORD_TEMPLATE, new Setting.AffixSettingDependency[0]);
        LEGACY_KEYSTORE_PASSWORD_REALM = str6 -> {
            return Setting.affixKeySetting(RealmSettings.PREFIX + str6 + RecordWriter.CONTROL_FIELD_NAME, "ssl.keystore.password", X509KeyPairSettings.LEGACY_KEYSTORE_PASSWORD_TEMPLATE, new Setting.AffixSettingDependency[0]);
        };
        KEYSTORE_PASSWORD_PROFILES = Setting.affixKeySetting("transport.profiles.", "xpack.security.ssl.keystore.secure_password", X509KeyPairSettings.KEYSTORE_PASSWORD_TEMPLATE, new Setting.AffixSettingDependency[0]);
        KEYSTORE_PASSWORD_REALM = str7 -> {
            return Setting.affixKeySetting(RealmSettings.PREFIX + str7 + RecordWriter.CONTROL_FIELD_NAME, "ssl.keystore.secure_password", X509KeyPairSettings.KEYSTORE_PASSWORD_TEMPLATE, new Setting.AffixSettingDependency[0]);
        };
        LEGACY_KEYSTORE_KEY_PASSWORD_PROFILES = Setting.affixKeySetting("transport.profiles.", "xpack.security.ssl.keystore.key_password", X509KeyPairSettings.LEGACY_KEYSTORE_KEY_PASSWORD_TEMPLATE, new Setting.AffixSettingDependency[0]);
        LEGACY_KEYSTORE_KEY_PASSWORD_REALM = str8 -> {
            return Setting.affixKeySetting(RealmSettings.PREFIX + str8 + RecordWriter.CONTROL_FIELD_NAME, "ssl.keystore.key_password", X509KeyPairSettings.LEGACY_KEYSTORE_KEY_PASSWORD_TEMPLATE, new Setting.AffixSettingDependency[0]);
        };
        KEYSTORE_KEY_PASSWORD_PROFILES = Setting.affixKeySetting("transport.profiles.", "xpack.security.ssl.keystore.secure_key_password", X509KeyPairSettings.KEYSTORE_KEY_PASSWORD_TEMPLATE, new Setting.AffixSettingDependency[0]);
        KEYSTORE_KEY_PASSWORD_REALM = str9 -> {
            return Setting.affixKeySetting(RealmSettings.PREFIX + str9 + RecordWriter.CONTROL_FIELD_NAME, "ssl.keystore.secure_key_password", X509KeyPairSettings.KEYSTORE_KEY_PASSWORD_TEMPLATE, new Setting.AffixSettingDependency[0]);
        };
        TRUST_STORE_PATH_TEMPLATE = str10 -> {
            return new Setting(str10, (Function<Settings, String>) settings -> {
                return null;
            }, (v0) -> {
                return Optional.ofNullable(v0);
            }, Setting.Property.NodeScope, Setting.Property.Filtered);
        };
        TRUST_STORE_PATH_PROFILES = Setting.affixKeySetting("transport.profiles.", "xpack.security.ssl.truststore.path", TRUST_STORE_PATH_TEMPLATE, new Setting.AffixSettingDependency[0]);
        TRUST_STORE_PATH_REALM = str11 -> {
            return Setting.affixKeySetting(RealmSettings.PREFIX + str11 + RecordWriter.CONTROL_FIELD_NAME, "ssl.truststore.path", TRUST_STORE_PATH_TEMPLATE, new Setting.AffixSettingDependency[0]);
        };
        KEY_PATH_PROFILES = Setting.affixKeySetting("transport.profiles.", "xpack.security.ssl.key", X509KeyPairSettings.KEY_PATH_TEMPLATE, new Setting.AffixSettingDependency[0]);
        KEY_PATH_REALM = str12 -> {
            return Setting.affixKeySetting(RealmSettings.PREFIX + str12 + RecordWriter.CONTROL_FIELD_NAME, "ssl.key", X509KeyPairSettings.KEY_PATH_TEMPLATE, new Setting.AffixSettingDependency[0]);
        };
        LEGACY_TRUSTSTORE_PASSWORD_TEMPLATE = str13 -> {
            return new Setting(str13, "", SecureString::new, Setting.Property.DeprecatedWarning, Setting.Property.Filtered, Setting.Property.NodeScope);
        };
        LEGACY_TRUSTSTORE_PASSWORD_PROFILES = Setting.affixKeySetting("transport.profiles.", "xpack.security.ssl.truststore.password", LEGACY_TRUSTSTORE_PASSWORD_TEMPLATE, new Setting.AffixSettingDependency[0]);
        LEGACY_TRUST_STORE_PASSWORD_REALM = str14 -> {
            return Setting.affixKeySetting(RealmSettings.PREFIX + str14 + RecordWriter.CONTROL_FIELD_NAME, "ssl.truststore.password", LEGACY_TRUSTSTORE_PASSWORD_TEMPLATE, new Setting.AffixSettingDependency[0]);
        };
        TRUSTSTORE_PASSWORD_TEMPLATE = str15 -> {
            return SecureSetting.secureString(str15, LEGACY_TRUSTSTORE_PASSWORD_TEMPLATE.apply(str15.replace(SslConfigurationKeys.TRUSTSTORE_SECURE_PASSWORD, SslConfigurationKeys.TRUSTSTORE_LEGACY_PASSWORD)), new Setting.Property[0]);
        };
        TRUSTSTORE_PASSWORD_PROFILES = Setting.affixKeySetting("transport.profiles.", "xpack.security.ssl.truststore.secure_password", TRUSTSTORE_PASSWORD_TEMPLATE, new Setting.AffixSettingDependency[0]);
        TRUST_STORE_PASSWORD_REALM = str16 -> {
            return Setting.affixKeySetting(RealmSettings.PREFIX + str16 + RecordWriter.CONTROL_FIELD_NAME, "ssl.truststore.secure_password", TRUSTSTORE_PASSWORD_TEMPLATE, new Setting.AffixSettingDependency[0]);
        };
        KEY_STORE_ALGORITHM_PROFILES = Setting.affixKeySetting("transport.profiles.", "xpack.security.ssl.keystore.algorithm", X509KeyPairSettings.KEY_STORE_ALGORITHM_TEMPLATE, new Setting.AffixSettingDependency[0]);
        KEY_STORE_ALGORITHM_REALM = str17 -> {
            return Setting.affixKeySetting(RealmSettings.PREFIX + str17 + RecordWriter.CONTROL_FIELD_NAME, "ssl.keystore.algorithm", X509KeyPairSettings.KEY_STORE_ALGORITHM_TEMPLATE, new Setting.AffixSettingDependency[0]);
        };
        TRUST_STORE_ALGORITHM_TEMPLATE = str18 -> {
            return new Setting(str18, (Function<Settings, String>) settings -> {
                return TrustManagerFactory.getDefaultAlgorithm();
            }, Function.identity(), Setting.Property.NodeScope, Setting.Property.Filtered);
        };
        TRUST_STORE_ALGORITHM_PROFILES = Setting.affixKeySetting("transport.profiles.", "xpack.security.ssl.truststore.algorithm", TRUST_STORE_ALGORITHM_TEMPLATE, new Setting.AffixSettingDependency[0]);
        TRUST_STORE_ALGORITHM_REALM = str19 -> {
            return Setting.affixKeySetting(RealmSettings.PREFIX + str19 + RecordWriter.CONTROL_FIELD_NAME, "ssl.truststore.algorithm", TRUST_STORE_ALGORITHM_TEMPLATE, new Setting.AffixSettingDependency[0]);
        };
        KEY_STORE_TYPE_PROFILES = Setting.affixKeySetting("transport.profiles.", "xpack.security.ssl.keystore.type", X509KeyPairSettings.KEY_STORE_TYPE_TEMPLATE, new Setting.AffixSettingDependency[0]);
        KEY_STORE_TYPE_REALM = str20 -> {
            return Setting.affixKeySetting(RealmSettings.PREFIX + str20 + RecordWriter.CONTROL_FIELD_NAME, "ssl.keystore.type", X509KeyPairSettings.KEY_STORE_TYPE_TEMPLATE, new Setting.AffixSettingDependency[0]);
        };
        TRUST_STORE_TYPE_TEMPLATE = X509KeyPairSettings.KEY_STORE_TYPE_TEMPLATE;
        TRUST_STORE_TYPE_PROFILES = Setting.affixKeySetting("transport.profiles.", "xpack.security.ssl.truststore.type", TRUST_STORE_TYPE_TEMPLATE, new Setting.AffixSettingDependency[0]);
        TRUST_STORE_TYPE_REALM = str21 -> {
            return Setting.affixKeySetting(RealmSettings.PREFIX + str21 + RecordWriter.CONTROL_FIELD_NAME, "ssl.truststore.type", TRUST_STORE_TYPE_TEMPLATE, new Setting.AffixSettingDependency[0]);
        };
        TRUST_RESTRICTIONS_TEMPLATE = str22 -> {
            return new Setting(str22, (Function<Settings, String>) settings -> {
                return null;
            }, (v0) -> {
                return Optional.ofNullable(v0);
            }, Setting.Property.NodeScope, Setting.Property.Filtered);
        };
        TRUST_RESTRICTIONS_PROFILES = Setting.affixKeySetting("transport.profiles.", "xpack.security.ssl.trust_restrictions", TRUST_RESTRICTIONS_TEMPLATE, new Setting.AffixSettingDependency[0]);
        TRUST_RESTRICTIONS_REALM = str23 -> {
            return Setting.affixKeySetting(RealmSettings.PREFIX + str23 + RecordWriter.CONTROL_FIELD_NAME, "ssl.trust_restrictions", TRUST_RESTRICTIONS_TEMPLATE, new Setting.AffixSettingDependency[0]);
        };
        TRUST_RESTRICTIONS_X509_FIELDS_TEMPLATE = str24 -> {
            return Setting.listSetting(str24, (List<String>) org.elasticsearch.core.List.of(RestrictedTrustConfig.SAN_OTHER_COMMON), str24 -> {
                if (RestrictedTrustConfig.SUPPORTED_X_509_FIELDS.stream().filter(str24 -> {
                    return str24.equalsIgnoreCase(str24);
                }).findAny().isPresent()) {
                    return str24;
                }
                throw new SslConfigException(str24 + " is not a supported x509 field for trust restrictions. Recognised values are [" + String.join(",", RestrictedTrustConfig.SUPPORTED_X_509_FIELDS) + "]");
            }, Setting.Property.NodeScope, Setting.Property.Filtered);
        };
        LEGACY_KEY_PASSWORD_PROFILES = Setting.affixKeySetting("transport.profiles.", "xpack.security.ssl.key_passphrase", X509KeyPairSettings.LEGACY_KEY_PASSWORD_TEMPLATE, new Setting.AffixSettingDependency[0]);
        LEGACY_KEY_PASSWORD_REALM = str25 -> {
            return Setting.affixKeySetting(RealmSettings.PREFIX + str25 + RecordWriter.CONTROL_FIELD_NAME, "ssl.key_passphrase", X509KeyPairSettings.LEGACY_KEY_PASSWORD_TEMPLATE, new Setting.AffixSettingDependency[0]);
        };
        KEY_PASSWORD_PROFILES = Setting.affixKeySetting("transport.profiles.", "xpack.security.ssl.secure_key_passphrase", X509KeyPairSettings.KEY_PASSWORD_TEMPLATE, new Setting.AffixSettingDependency[0]);
        KEY_PASSWORD_REALM = str26 -> {
            return Setting.affixKeySetting(RealmSettings.PREFIX + str26 + RecordWriter.CONTROL_FIELD_NAME, "ssl.secure_key_passphrase", X509KeyPairSettings.KEY_PASSWORD_TEMPLATE, new Setting.AffixSettingDependency[0]);
        };
        CERT_PROFILES = Setting.affixKeySetting("transport.profiles.", "xpack.security.ssl.certificate", X509KeyPairSettings.CERT_TEMPLATE, new Setting.AffixSettingDependency[0]);
        CERT_REALM = str27 -> {
            return Setting.affixKeySetting(RealmSettings.PREFIX + str27 + RecordWriter.CONTROL_FIELD_NAME, "ssl.certificate", X509KeyPairSettings.CERT_TEMPLATE, new Setting.AffixSettingDependency[0]);
        };
        CAPATH_SETTING_TEMPLATE = str28 -> {
            return Setting.listSetting(str28, (List<String>) Collections.emptyList(), Function.identity(), Setting.Property.NodeScope, Setting.Property.Filtered);
        };
        CAPATH_SETTING_PROFILES = Setting.affixKeySetting("transport.profiles.", "xpack.security.ssl.certificate_authorities", CAPATH_SETTING_TEMPLATE, new Setting.AffixSettingDependency[0]);
        CAPATH_SETTING_REALM = str29 -> {
            return Setting.affixKeySetting(RealmSettings.PREFIX + str29 + RecordWriter.CONTROL_FIELD_NAME, "ssl.certificate_authorities", CAPATH_SETTING_TEMPLATE, new Setting.AffixSettingDependency[0]);
        };
        CLIENT_AUTH_SETTING_TEMPLATE = str30 -> {
            return new Setting(str30, (String) null, str30 -> {
                return str30 == null ? Optional.empty() : Optional.of(SSLClientAuth.parse(str30));
            }, Setting.Property.NodeScope, Setting.Property.Filtered);
        };
        CLIENT_AUTH_SETTING_PROFILES = Setting.affixKeySetting("transport.profiles.", "xpack.security.ssl.client_authentication", CLIENT_AUTH_SETTING_TEMPLATE, new Setting.AffixSettingDependency[0]);
        CLIENT_AUTH_SETTING_REALM = str31 -> {
            return Setting.affixKeySetting(RealmSettings.PREFIX + str31 + RecordWriter.CONTROL_FIELD_NAME, "ssl.client_authentication", CLIENT_AUTH_SETTING_TEMPLATE, new Setting.AffixSettingDependency[0]);
        };
        VERIFICATION_MODE_SETTING_TEMPLATE = str32 -> {
            return new Setting(str32, (String) null, str32 -> {
                return str32 == null ? Optional.empty() : Optional.of(VerificationMode.parse(str32));
            }, Setting.Property.NodeScope, Setting.Property.Filtered);
        };
        VERIFICATION_MODE_SETTING_PROFILES = Setting.affixKeySetting("transport.profiles.", "xpack.security.ssl.verification_mode", VERIFICATION_MODE_SETTING_TEMPLATE, new Setting.AffixSettingDependency[0]);
        VERIFICATION_MODE_SETTING_REALM = str33 -> {
            return Setting.affixKeySetting(RealmSettings.PREFIX + str33 + RecordWriter.CONTROL_FIELD_NAME, "ssl.verification_mode", VERIFICATION_MODE_SETTING_TEMPLATE, new Setting.AffixSettingDependency[0]);
        };
    }
}
