package org.elasticsearch.xpack.core.ssl;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Locale;
import java.util.Optional;
import java.util.function.Function;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.net.ssl.TrustManagerFactory;
import org.elasticsearch.common.settings.SecureSetting;
import org.elasticsearch.common.settings.SecureString;
import org.elasticsearch.common.settings.Setting;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.ssl.SslConfigurationKeys;
import org.elasticsearch.common.util.CollectionUtils;
import org.elasticsearch.xpack.core.XPackSettings;
import org.elasticsearch.xpack.core.security.authc.saml.SamlRealmSettings;

/* loaded from: input_file:lib/x-pack-core-6.8.15.jar:org/elasticsearch/xpack/core/ssl/SSLConfigurationSettings.class */
public class SSLConfigurationSettings {
    final X509KeyPairSettings x509KeyPair;
    public final Setting<List<String>> ciphers;
    public final Setting<List<String>> supportedProtocols;
    public final Setting<Optional<String>> truststorePath;
    public final Setting<SecureString> truststorePassword;
    public final Setting<String> truststoreAlgorithm;
    public final Setting<Optional<String>> truststoreType;
    public final Setting<Optional<String>> trustRestrictionsPath;
    public final Setting<List<String>> caPaths;
    public final Setting<Optional<SSLClientAuth>> clientAuth;
    public final Setting<Optional<VerificationMode>> verificationMode;
    public final Setting<SecureString> legacyTruststorePassword;
    private final List<Setting<?>> allSettings;
    private static final String DEFAULT_KEYSTORE_TYPE = "jks";
    private static final String PKCS12_KEYSTORE_TYPE = "PKCS12";
    private static final Function<String, Setting<List<String>>> CIPHERS_SETTING_TEMPLATE;
    public static final Setting<List<String>> CIPHERS_SETTING_PROFILES;
    static final Function<String, Setting<List<String>>> SUPPORTED_PROTOCOLS_TEMPLATE;
    public static final Setting<List<String>> SUPPORTED_PROTOCOLS_PROFILES;
    public static final Setting<Optional<String>> KEYSTORE_PATH_PROFILES;
    public static final Setting<SecureString> LEGACY_KEYSTORE_PASSWORD_PROFILES;
    public static final Setting<SecureString> KEYSTORE_PASSWORD_PROFILES;
    public static final Setting<SecureString> LEGACY_KEYSTORE_KEY_PASSWORD_PROFILES;
    public static final Setting<SecureString> KEYSTORE_KEY_PASSWORD_PROFILES;
    private static final Function<String, Setting<Optional<String>>> TRUST_STORE_PATH_TEMPLATE;
    public static final Setting<Optional<String>> TRUST_STORE_PATH_PROFILES;
    public static final Setting<Optional<String>> KEY_PATH_PROFILES;
    private static final Function<String, Setting<SecureString>> LEGACY_TRUSTSTORE_PASSWORD_TEMPLATE;
    public static final Setting<SecureString> LEGACY_TRUSTSTORE_PASSWORD_PROFILES;
    private static final Function<String, Setting<SecureString>> TRUSTSTORE_PASSWORD_TEMPLATE;
    public static final Setting<SecureString> TRUSTSTORE_PASSWORD_PROFILES;
    public static final Setting<String> KEY_STORE_ALGORITHM_PROFILES;
    private static final Function<String, Setting<String>> TRUST_STORE_ALGORITHM_TEMPLATE;
    public static final Setting<String> TRUST_STORE_ALGORITHM_PROFILES;
    public static final Setting<Optional<String>> KEY_STORE_TYPE_PROFILES;
    private static final Function<String, Setting<Optional<String>>> TRUST_STORE_TYPE_TEMPLATE;
    public static final Setting<Optional<String>> TRUST_STORE_TYPE_PROFILES;
    private static final Function<String, Setting<Optional<String>>> TRUST_RESTRICTIONS_TEMPLATE;
    public static final Setting<Optional<String>> TRUST_RESTRICTIONS_PROFILES;
    public static final Setting<SecureString> LEGACY_KEY_PASSWORD_PROFILES;
    public static final Setting<SecureString> KEY_PASSWORD_PROFILES;
    public static final Setting<Optional<String>> CERT_PROFILES;
    private static final Function<String, Setting<List<String>>> CAPATH_SETTING_TEMPLATE;
    public static final Setting<List<String>> CAPATH_SETTING_PROFILES;
    private static final Function<String, Setting<Optional<SSLClientAuth>>> CLIENT_AUTH_SETTING_TEMPLATE;
    public static final Setting<Optional<SSLClientAuth>> CLIENT_AUTH_SETTING_PROFILES;
    private static final Function<String, Setting<Optional<VerificationMode>>> VERIFICATION_MODE_SETTING_TEMPLATE;
    public static final Setting<Optional<VerificationMode>> VERIFICATION_MODE_SETTING_PROFILES;
    static final /* synthetic */ boolean $assertionsDisabled;

    private SSLConfigurationSettings(String str) {
        if (!$assertionsDisabled && str == null) {
            throw new AssertionError("Prefix cannot be null (but can be blank)");
        }
        this.x509KeyPair = new X509KeyPairSettings(str, true);
        this.ciphers = CIPHERS_SETTING_TEMPLATE.apply(str + SslConfigurationKeys.CIPHERS);
        this.supportedProtocols = SUPPORTED_PROTOCOLS_TEMPLATE.apply(str + SslConfigurationKeys.PROTOCOLS);
        this.truststorePath = TRUST_STORE_PATH_TEMPLATE.apply(str + SslConfigurationKeys.TRUSTSTORE_PATH);
        this.legacyTruststorePassword = LEGACY_TRUSTSTORE_PASSWORD_TEMPLATE.apply(str + SslConfigurationKeys.TRUSTSTORE_LEGACY_PASSWORD);
        this.truststorePassword = TRUSTSTORE_PASSWORD_TEMPLATE.apply(str + SslConfigurationKeys.TRUSTSTORE_SECURE_PASSWORD);
        this.truststoreAlgorithm = TRUST_STORE_ALGORITHM_TEMPLATE.apply(str + SslConfigurationKeys.TRUSTSTORE_ALGORITHM);
        this.truststoreType = TRUST_STORE_TYPE_TEMPLATE.apply(str + SslConfigurationKeys.TRUSTSTORE_TYPE);
        this.trustRestrictionsPath = TRUST_RESTRICTIONS_TEMPLATE.apply(str + "trust_restrictions.path");
        this.caPaths = CAPATH_SETTING_TEMPLATE.apply(str + SslConfigurationKeys.CERTIFICATE_AUTHORITIES);
        this.clientAuth = CLIENT_AUTH_SETTING_TEMPLATE.apply(str + SslConfigurationKeys.CLIENT_AUTH);
        this.verificationMode = VERIFICATION_MODE_SETTING_TEMPLATE.apply(str + SslConfigurationKeys.VERIFICATION_MODE);
        ArrayList arrayAsArrayList = CollectionUtils.arrayAsArrayList(this.ciphers, this.supportedProtocols, this.truststorePath, this.truststorePassword, this.truststoreAlgorithm, this.truststoreType, this.trustRestrictionsPath, this.caPaths, this.clientAuth, this.verificationMode, this.legacyTruststorePassword);
        arrayAsArrayList.addAll(this.x509KeyPair.getAllSettings());
        this.allSettings = Collections.unmodifiableList(arrayAsArrayList);
    }

    public static String getKeyStoreType(Setting<Optional<String>> setting, Settings settings, String str) {
        return setting.get(settings).orElseGet(() -> {
            return inferKeyStoreType(str);
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String inferKeyStoreType(String str) {
        String lowerCase = str == null ? "" : str.toLowerCase(Locale.ROOT);
        return (lowerCase.endsWith(".p12") || lowerCase.endsWith(".pfx") || lowerCase.endsWith(".pkcs12")) ? PKCS12_KEYSTORE_TYPE : DEFAULT_KEYSTORE_TYPE;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Setting.Property[] propertiesFromKey(String str) {
        return str.startsWith(XPackSettings.GLOBAL_SSL_PREFIX) ? new Setting.Property[]{Setting.Property.NodeScope, Setting.Property.Filtered, Setting.Property.Deprecated} : new Setting.Property[]{Setting.Property.NodeScope, Setting.Property.Filtered};
    }

    public List<Setting<?>> getAllSettings() {
        return this.allSettings;
    }

    public static SSLConfigurationSettings withoutPrefix() {
        return new SSLConfigurationSettings("");
    }

    public static SSLConfigurationSettings withPrefix(String str) {
        if ($assertionsDisabled || str.endsWith(SamlRealmSettings.SSL_PREFIX)) {
            return new SSLConfigurationSettings(str);
        }
        throw new AssertionError("The ssl config prefix (" + str + ") should end in 'ssl.'");
    }

    public static Collection<Setting<?>> getProfileSettings() {
        return Arrays.asList(CIPHERS_SETTING_PROFILES, SUPPORTED_PROTOCOLS_PROFILES, KEYSTORE_PATH_PROFILES, LEGACY_KEYSTORE_PASSWORD_PROFILES, KEYSTORE_PASSWORD_PROFILES, LEGACY_KEYSTORE_KEY_PASSWORD_PROFILES, KEYSTORE_KEY_PASSWORD_PROFILES, TRUST_STORE_PATH_PROFILES, LEGACY_TRUSTSTORE_PASSWORD_PROFILES, TRUSTSTORE_PASSWORD_PROFILES, KEY_STORE_ALGORITHM_PROFILES, TRUST_STORE_ALGORITHM_PROFILES, KEY_STORE_TYPE_PROFILES, TRUST_STORE_TYPE_PROFILES, TRUST_RESTRICTIONS_PROFILES, KEY_PATH_PROFILES, LEGACY_KEY_PASSWORD_PROFILES, KEY_PASSWORD_PROFILES, CERT_PROFILES, CAPATH_SETTING_PROFILES, CLIENT_AUTH_SETTING_PROFILES, VERIFICATION_MODE_SETTING_PROFILES);
    }

    public List<Setting<SecureString>> getSecureSettingsInUse(Settings settings) {
        return (List) Stream.of((Object[]) new Setting[]{this.truststorePassword, this.x509KeyPair.keystorePassword, this.x509KeyPair.keystoreKeyPassword, this.x509KeyPair.keyPassword}).filter(setting -> {
            return setting.exists(settings);
        }).collect(Collectors.toList());
    }

    static {
        $assertionsDisabled = !SSLConfigurationSettings.class.desiredAssertionStatus();
        CIPHERS_SETTING_TEMPLATE = str -> {
            return Setting.listSetting(str, (List<String>) Collections.emptyList(), Function.identity(), propertiesFromKey(str));
        };
        CIPHERS_SETTING_PROFILES = Setting.affixKeySetting("transport.profiles.", "xpack.security.ssl.cipher_suites", CIPHERS_SETTING_TEMPLATE, new Setting.AffixSetting[0]);
        SUPPORTED_PROTOCOLS_TEMPLATE = str2 -> {
            return Setting.listSetting(str2, (List<String>) Collections.emptyList(), Function.identity(), propertiesFromKey(str2));
        };
        SUPPORTED_PROTOCOLS_PROFILES = Setting.affixKeySetting("transport.profiles.", "xpack.security.ssl.supported_protocols", SUPPORTED_PROTOCOLS_TEMPLATE, new Setting.AffixSetting[0]);
        KEYSTORE_PATH_PROFILES = Setting.affixKeySetting("transport.profiles.", "xpack.security.ssl.keystore.path", X509KeyPairSettings.KEYSTORE_PATH_TEMPLATE, new Setting.AffixSetting[0]);
        LEGACY_KEYSTORE_PASSWORD_PROFILES = Setting.affixKeySetting("transport.profiles.", "xpack.security.ssl.keystore.password", X509KeyPairSettings.LEGACY_KEYSTORE_PASSWORD_TEMPLATE, new Setting.AffixSetting[0]);
        KEYSTORE_PASSWORD_PROFILES = Setting.affixKeySetting("transport.profiles.", "xpack.security.ssl.keystore.secure_password", X509KeyPairSettings.KEYSTORE_PASSWORD_TEMPLATE, new Setting.AffixSetting[0]);
        LEGACY_KEYSTORE_KEY_PASSWORD_PROFILES = Setting.affixKeySetting("transport.profiles.", "xpack.security.ssl.keystore.key_password", X509KeyPairSettings.LEGACY_KEYSTORE_KEY_PASSWORD_TEMPLATE, new Setting.AffixSetting[0]);
        KEYSTORE_KEY_PASSWORD_PROFILES = Setting.affixKeySetting("transport.profiles.", "xpack.security.ssl.keystore.secure_key_password", X509KeyPairSettings.KEYSTORE_KEY_PASSWORD_TEMPLATE, new Setting.AffixSetting[0]);
        TRUST_STORE_PATH_TEMPLATE = str3 -> {
            return new Setting(str3, (Function<Settings, String>) settings -> {
                return null;
            }, (v0) -> {
                return Optional.ofNullable(v0);
            }, propertiesFromKey(str3));
        };
        TRUST_STORE_PATH_PROFILES = Setting.affixKeySetting("transport.profiles.", "xpack.security.ssl.truststore.path", TRUST_STORE_PATH_TEMPLATE, new Setting.AffixSetting[0]);
        KEY_PATH_PROFILES = Setting.affixKeySetting("transport.profiles.", "xpack.security.ssl.key", X509KeyPairSettings.KEY_PATH_TEMPLATE, new Setting.AffixSetting[0]);
        LEGACY_TRUSTSTORE_PASSWORD_TEMPLATE = str4 -> {
            return new Setting(str4, "", SecureString::new, Setting.Property.Deprecated, Setting.Property.Filtered, Setting.Property.NodeScope);
        };
        LEGACY_TRUSTSTORE_PASSWORD_PROFILES = Setting.affixKeySetting("transport.profiles.", "xpack.security.ssl.truststore.password", LEGACY_TRUSTSTORE_PASSWORD_TEMPLATE, new Setting.AffixSetting[0]);
        TRUSTSTORE_PASSWORD_TEMPLATE = str5 -> {
            return SecureSetting.secureString(str5, LEGACY_TRUSTSTORE_PASSWORD_TEMPLATE.apply(str5.replace(SslConfigurationKeys.TRUSTSTORE_SECURE_PASSWORD, SslConfigurationKeys.TRUSTSTORE_LEGACY_PASSWORD)), str5.startsWith(XPackSettings.GLOBAL_SSL_PREFIX) ? new Setting.Property[]{Setting.Property.Deprecated} : new Setting.Property[0]);
        };
        TRUSTSTORE_PASSWORD_PROFILES = Setting.affixKeySetting("transport.profiles.", "xpack.security.ssl.truststore.secure_password", TRUSTSTORE_PASSWORD_TEMPLATE, new Setting.AffixSetting[0]);
        KEY_STORE_ALGORITHM_PROFILES = Setting.affixKeySetting("transport.profiles.", "xpack.security.ssl.keystore.algorithm", X509KeyPairSettings.KEY_STORE_ALGORITHM_TEMPLATE, new Setting.AffixSetting[0]);
        TRUST_STORE_ALGORITHM_TEMPLATE = str6 -> {
            return new Setting(str6, (Function<Settings, String>) settings -> {
                return TrustManagerFactory.getDefaultAlgorithm();
            }, Function.identity(), propertiesFromKey(str6));
        };
        TRUST_STORE_ALGORITHM_PROFILES = Setting.affixKeySetting("transport.profiles.", "xpack.security.ssl.truststore.algorithm", TRUST_STORE_ALGORITHM_TEMPLATE, new Setting.AffixSetting[0]);
        KEY_STORE_TYPE_PROFILES = Setting.affixKeySetting("transport.profiles.", "xpack.security.ssl.keystore.type", X509KeyPairSettings.KEY_STORE_TYPE_TEMPLATE, new Setting.AffixSetting[0]);
        TRUST_STORE_TYPE_TEMPLATE = X509KeyPairSettings.KEY_STORE_TYPE_TEMPLATE;
        TRUST_STORE_TYPE_PROFILES = Setting.affixKeySetting("transport.profiles.", "xpack.security.ssl.truststore.type", TRUST_STORE_TYPE_TEMPLATE, new Setting.AffixSetting[0]);
        TRUST_RESTRICTIONS_TEMPLATE = str7 -> {
            return new Setting(str7, (Function<Settings, String>) settings -> {
                return null;
            }, (v0) -> {
                return Optional.ofNullable(v0);
            }, propertiesFromKey(str7));
        };
        TRUST_RESTRICTIONS_PROFILES = Setting.affixKeySetting("transport.profiles.", "xpack.security.ssl.trust_restrictions", TRUST_RESTRICTIONS_TEMPLATE, new Setting.AffixSetting[0]);
        LEGACY_KEY_PASSWORD_PROFILES = Setting.affixKeySetting("transport.profiles.", "xpack.security.ssl.key_passphrase", X509KeyPairSettings.LEGACY_KEY_PASSWORD_TEMPLATE, new Setting.AffixSetting[0]);
        KEY_PASSWORD_PROFILES = Setting.affixKeySetting("transport.profiles.", "xpack.security.ssl.secure_key_passphrase", X509KeyPairSettings.KEY_PASSWORD_TEMPLATE, new Setting.AffixSetting[0]);
        CERT_PROFILES = Setting.affixKeySetting("transport.profiles.", "xpack.security.ssl.certificate", X509KeyPairSettings.CERT_TEMPLATE, new Setting.AffixSetting[0]);
        CAPATH_SETTING_TEMPLATE = str8 -> {
            return Setting.listSetting(str8, (List<String>) Collections.emptyList(), Function.identity(), propertiesFromKey(str8));
        };
        CAPATH_SETTING_PROFILES = Setting.affixKeySetting("transport.profiles.", "xpack.security.ssl.certificate_authorities", CAPATH_SETTING_TEMPLATE, new Setting.AffixSetting[0]);
        CLIENT_AUTH_SETTING_TEMPLATE = str9 -> {
            return new Setting(str9, (String) null, str9 -> {
                return str9 == null ? Optional.empty() : Optional.of(SSLClientAuth.parse(str9));
            }, propertiesFromKey(str9));
        };
        CLIENT_AUTH_SETTING_PROFILES = Setting.affixKeySetting("transport.profiles.", "xpack.security.ssl.client_authentication", CLIENT_AUTH_SETTING_TEMPLATE, new Setting.AffixSetting[0]);
        VERIFICATION_MODE_SETTING_TEMPLATE = str10 -> {
            return new Setting(str10, (String) null, str10 -> {
                return str10 == null ? Optional.empty() : Optional.of(VerificationMode.parse(str10));
            }, propertiesFromKey(str10));
        };
        VERIFICATION_MODE_SETTING_PROFILES = Setting.affixKeySetting("transport.profiles.", "xpack.security.ssl.verification_mode", VERIFICATION_MODE_SETTING_TEMPLATE, new Setting.AffixSetting[0]);
    }
}
