package org.elasticsearch.xpack.core.security.authc.oidc;

import java.net.URI;
import java.net.URISyntaxException;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.function.Function;
import org.elasticsearch.common.settings.SecureString;
import org.elasticsearch.common.settings.Setting;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.common.util.set.Sets;
import org.elasticsearch.search.suggest.completion.context.ContextMapping;
import org.elasticsearch.xpack.core.rollup.job.GroupConfig;
import org.elasticsearch.xpack.core.security.authc.RealmConfig;
import org.elasticsearch.xpack.core.security.authc.RealmSettings;
import org.elasticsearch.xpack.core.security.authc.support.DelegatedAuthorizationSettings;
import org.elasticsearch.xpack.core.ssl.SSLConfigurationSettings;

/* loaded from: input_file:lib/org.elasticsearch.xpack.core-7.3.0.jar:org/elasticsearch/xpack/core/security/authc/oidc/OpenIdConnectRealmSettings.class */
public class OpenIdConnectRealmSettings {
    private static final List<String> SUPPORTED_SIGNATURE_ALGORITHMS = Collections.unmodifiableList(Arrays.asList("HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512"));
    private static final List<String> RESPONSE_TYPES = Arrays.asList("code", "id_token", "id_token token");
    public static final String TYPE = "oidc";
    public static final Setting.AffixSetting<String> RP_CLIENT_ID = RealmSettings.simpleString(TYPE, "rp.client_id", Setting.Property.NodeScope);
    public static final Setting.AffixSetting<SecureString> RP_CLIENT_SECRET = RealmSettings.secureString(TYPE, "rp.client_secret");
    public static final Setting.AffixSetting<String> RP_REDIRECT_URI = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "rp.redirect_uri", str -> {
        return Setting.simpleString(str, (Setting.Validator<String>) str -> {
            try {
                new URI(str);
            } catch (URISyntaxException e) {
                throw new IllegalArgumentException("Invalid value [" + str + "] for [" + str + "]. Not a valid URI.", e);
            }
        }, Setting.Property.NodeScope);
    }, new Setting.AffixSetting[0]);
    public static final Setting.AffixSetting<String> RP_POST_LOGOUT_REDIRECT_URI = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "rp.post_logout_redirect_uri", str -> {
        return Setting.simpleString(str, (Setting.Validator<String>) str -> {
            try {
                new URI(str);
            } catch (URISyntaxException e) {
                throw new IllegalArgumentException("Invalid value [" + str + "] for [" + str + "]. Not a valid URI.", e);
            }
        }, Setting.Property.NodeScope);
    }, new Setting.AffixSetting[0]);
    public static final Setting.AffixSetting<String> RP_RESPONSE_TYPE = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "rp.response_type", str -> {
        return Setting.simpleString(str, (Setting.Validator<String>) str -> {
            if (!RESPONSE_TYPES.contains(str)) {
                throw new IllegalArgumentException("Invalid value [" + str + "] for [" + str + "]. Allowed values are " + RESPONSE_TYPES + "");
            }
        }, Setting.Property.NodeScope);
    }, new Setting.AffixSetting[0]);
    public static final Setting.AffixSetting<String> RP_SIGNATURE_ALGORITHM = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "rp.signature_algorithm", str -> {
        return new Setting(str, "RS256", Function.identity(), str -> {
            if (!SUPPORTED_SIGNATURE_ALGORITHMS.contains(str)) {
                throw new IllegalArgumentException("Invalid value [" + str + "] for [" + str + "]. Allowed values are " + SUPPORTED_SIGNATURE_ALGORITHMS + "}]");
            }
        }, Setting.Property.NodeScope);
    }, new Setting.AffixSetting[0]);
    public static final Setting.AffixSetting<List<String>> RP_REQUESTED_SCOPES = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "rp.requested_scopes", str -> {
        return Setting.listSetting(str, (List<String>) Collections.singletonList("openid"), Function.identity(), Setting.Property.NodeScope);
    }, new Setting.AffixSetting[0]);
    public static final Setting.AffixSetting<String> OP_AUTHORIZATION_ENDPOINT = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "op.authorization_endpoint", str -> {
        return Setting.simpleString(str, (Setting.Validator<String>) str -> {
            try {
                new URI(str);
            } catch (URISyntaxException e) {
                throw new IllegalArgumentException("Invalid value [" + str + "] for [" + str + "]. Not a valid URI.", e);
            }
        }, Setting.Property.NodeScope);
    }, new Setting.AffixSetting[0]);
    public static final Setting.AffixSetting<String> OP_TOKEN_ENDPOINT = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "op.token_endpoint", str -> {
        return Setting.simpleString(str, (Setting.Validator<String>) str -> {
            try {
                new URI(str);
            } catch (URISyntaxException e) {
                throw new IllegalArgumentException("Invalid value [" + str + "] for [" + str + "]. Not a valid URI.", e);
            }
        }, Setting.Property.NodeScope);
    }, new Setting.AffixSetting[0]);
    public static final Setting.AffixSetting<String> OP_USERINFO_ENDPOINT = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "op.userinfo_endpoint", str -> {
        return Setting.simpleString(str, (Setting.Validator<String>) str -> {
            try {
                new URI(str);
            } catch (URISyntaxException e) {
                throw new IllegalArgumentException("Invalid value [" + str + "] for [" + str + "]. Not a valid URI.", e);
            }
        }, Setting.Property.NodeScope);
    }, new Setting.AffixSetting[0]);
    public static final Setting.AffixSetting<String> OP_ENDSESSION_ENDPOINT = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "op.endsession_endpoint", str -> {
        return Setting.simpleString(str, (Setting.Validator<String>) str -> {
            try {
                new URI(str);
            } catch (URISyntaxException e) {
                throw new IllegalArgumentException("Invalid value [" + str + "] for [" + str + "]. Not a valid URI.", e);
            }
        }, Setting.Property.NodeScope);
    }, new Setting.AffixSetting[0]);
    public static final Setting.AffixSetting<String> OP_ISSUER = RealmSettings.simpleString(TYPE, "op.issuer", Setting.Property.NodeScope);
    public static final Setting.AffixSetting<String> OP_JWKSET_PATH = RealmSettings.simpleString(TYPE, "op.jwkset_path", Setting.Property.NodeScope);
    public static final Setting.AffixSetting<TimeValue> ALLOWED_CLOCK_SKEW = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "allowed_clock_skew", str -> {
        return Setting.timeSetting(str, TimeValue.timeValueSeconds(60L), Setting.Property.NodeScope);
    }, new Setting.AffixSetting[0]);
    public static final Setting.AffixSetting<Boolean> POPULATE_USER_METADATA = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "populate_user_metadata", str -> {
        return Setting.boolSetting(str, true, Setting.Property.NodeScope);
    }, new Setting.AffixSetting[0]);
    private static final TimeValue DEFAULT_TIMEOUT = TimeValue.timeValueSeconds(5);
    public static final Setting.AffixSetting<TimeValue> HTTP_CONNECT_TIMEOUT = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "http.connect_timeout", str -> {
        return Setting.timeSetting(str, DEFAULT_TIMEOUT, Setting.Property.NodeScope);
    }, new Setting.AffixSetting[0]);
    public static final Setting.AffixSetting<TimeValue> HTTP_CONNECTION_READ_TIMEOUT = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "http.connection_read_timeout", str -> {
        return Setting.timeSetting(str, DEFAULT_TIMEOUT, Setting.Property.NodeScope);
    }, new Setting.AffixSetting[0]);
    public static final Setting.AffixSetting<TimeValue> HTTP_SOCKET_TIMEOUT = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "http.socket_timeout", str -> {
        return Setting.timeSetting(str, DEFAULT_TIMEOUT, Setting.Property.NodeScope);
    }, new Setting.AffixSetting[0]);
    public static final Setting.AffixSetting<Integer> HTTP_MAX_CONNECTIONS = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "http.max_connections", str -> {
        return Setting.intSetting(str, 200, Setting.Property.NodeScope);
    }, new Setting.AffixSetting[0]);
    public static final Setting.AffixSetting<Integer> HTTP_MAX_ENDPOINT_CONNECTIONS = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "http.max_endpoint_connections", str -> {
        return Setting.intSetting(str, 200, Setting.Property.NodeScope);
    }, new Setting.AffixSetting[0]);
    public static final ClaimSetting PRINCIPAL_CLAIM = new ClaimSetting("principal");
    public static final ClaimSetting GROUPS_CLAIM = new ClaimSetting(GroupConfig.NAME);
    public static final ClaimSetting NAME_CLAIM = new ClaimSetting(ContextMapping.FIELD_NAME);
    public static final ClaimSetting DN_CLAIM = new ClaimSetting("dn");
    public static final ClaimSetting MAIL_CLAIM = new ClaimSetting("mail");

    /* loaded from: input_file:lib/org.elasticsearch.xpack.core-7.3.0.jar:org/elasticsearch/xpack/core/security/authc/oidc/OpenIdConnectRealmSettings$ClaimSetting.class */
    public static final class ClaimSetting {
        public static final String CLAIMS_PREFIX = "claims.";
        public static final String CLAIM_PATTERNS_PREFIX = "claim_patterns.";
        private final Setting.AffixSetting<String> claim;
        private final Setting.AffixSetting<String> pattern;

        public ClaimSetting(String str) {
            this.claim = RealmSettings.simpleString(OpenIdConnectRealmSettings.TYPE, CLAIMS_PREFIX + str, Setting.Property.NodeScope);
            this.pattern = RealmSettings.simpleString(OpenIdConnectRealmSettings.TYPE, CLAIM_PATTERNS_PREFIX + str, Setting.Property.NodeScope);
        }

        public Collection<Setting.AffixSetting<?>> settings() {
            return Arrays.asList(getClaim(), getPattern());
        }

        public String name(RealmConfig realmConfig) {
            return getClaim().getConcreteSettingForNamespace(realmConfig.name()).getKey();
        }

        public Setting.AffixSetting<String> getClaim() {
            return this.claim;
        }

        public Setting.AffixSetting<String> getPattern() {
            return this.pattern;
        }
    }

    private OpenIdConnectRealmSettings() {
    }

    public static Set<Setting.AffixSetting<?>> getSettings() {
        HashSet newHashSet = Sets.newHashSet(RP_CLIENT_ID, RP_REDIRECT_URI, RP_RESPONSE_TYPE, RP_REQUESTED_SCOPES, RP_CLIENT_SECRET, RP_SIGNATURE_ALGORITHM, RP_POST_LOGOUT_REDIRECT_URI, OP_AUTHORIZATION_ENDPOINT, OP_TOKEN_ENDPOINT, OP_USERINFO_ENDPOINT, OP_ENDSESSION_ENDPOINT, OP_ISSUER, OP_JWKSET_PATH, HTTP_CONNECT_TIMEOUT, HTTP_CONNECTION_READ_TIMEOUT, HTTP_SOCKET_TIMEOUT, HTTP_MAX_CONNECTIONS, HTTP_MAX_ENDPOINT_CONNECTIONS, ALLOWED_CLOCK_SKEW);
        newHashSet.addAll(DelegatedAuthorizationSettings.getSettings(TYPE));
        newHashSet.addAll(RealmSettings.getStandardSettings(TYPE));
        newHashSet.addAll(SSLConfigurationSettings.getRealmSettings(TYPE));
        newHashSet.addAll(PRINCIPAL_CLAIM.settings());
        newHashSet.addAll(GROUPS_CLAIM.settings());
        newHashSet.addAll(DN_CLAIM.settings());
        newHashSet.addAll(NAME_CLAIM.settings());
        newHashSet.addAll(MAIL_CLAIM.settings());
        return newHashSet;
    }
}
