package org.elasticsearch.xpack.core.security.authc.saml;

import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.function.Function;
import org.elasticsearch.common.settings.Setting;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.common.util.set.Sets;
import org.elasticsearch.xpack.core.ssl.SSLConfigurationSettings;
import org.elasticsearch.xpack.core.ssl.X509KeyPairSettings;

/* loaded from: input_file:org/elasticsearch/xpack/core/security/authc/saml/SamlRealmSettings.class */
public class SamlRealmSettings {
    public static final String TYPE = "saml";
    private static final String TRANSIENT_NAMEID_FORMAT = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient";
    private static final String IDP_METADATA_SETTING_PREFIX = "idp.metadata.";
    public static final Setting<String> IDP_ENTITY_ID = Setting.simpleString("idp.entity_id", new Setting.Property[]{Setting.Property.NodeScope});
    public static final Setting<String> IDP_METADATA_PATH = Setting.simpleString("idp.metadata.path", new Setting.Property[]{Setting.Property.NodeScope});
    public static final Setting<TimeValue> IDP_METADATA_HTTP_REFRESH = Setting.timeSetting("idp.metadata.http.refresh", TimeValue.timeValueHours(1), new Setting.Property[]{Setting.Property.NodeScope});
    public static final Setting<Boolean> IDP_SINGLE_LOGOUT = Setting.boolSetting("idp.use_single_logout", true, new Setting.Property[]{Setting.Property.NodeScope});
    public static final Setting<String> SP_ENTITY_ID = Setting.simpleString("sp.entity_id", new Setting.Property[]{Setting.Property.NodeScope});
    public static final Setting<String> SP_ACS = Setting.simpleString("sp.acs", new Setting.Property[]{Setting.Property.NodeScope});
    public static final Setting<String> SP_LOGOUT = Setting.simpleString("sp.logout", new Setting.Property[]{Setting.Property.NodeScope});
    public static final Setting<String> NAMEID_FORMAT = new Setting<>("nameid_format", settings -> {
        return TRANSIENT_NAMEID_FORMAT;
    }, Function.identity(), new Setting.Property[]{Setting.Property.NodeScope});
    public static final Setting<Boolean> FORCE_AUTHN = Setting.boolSetting("force_authn", false, new Setting.Property[]{Setting.Property.NodeScope});
    public static final Setting<Boolean> POPULATE_USER_METADATA = Setting.boolSetting("populate_user_metadata", true, new Setting.Property[]{Setting.Property.NodeScope});
    public static final AttributeSetting PRINCIPAL_ATTRIBUTE = new AttributeSetting("principal");
    public static final AttributeSetting GROUPS_ATTRIBUTE = new AttributeSetting("groups");
    public static final AttributeSetting DN_ATTRIBUTE = new AttributeSetting("dn");
    public static final AttributeSetting NAME_ATTRIBUTE = new AttributeSetting("name");
    public static final AttributeSetting MAIL_ATTRIBUTE = new AttributeSetting("mail");
    public static final X509KeyPairSettings ENCRYPTION_SETTINGS = new X509KeyPairSettings("encryption.", false);
    public static final Setting<String> ENCRYPTION_KEY_ALIAS = new Setting<>("encryption.keystore.alias", "key", Function.identity(), new Setting.Property[]{Setting.Property.NodeScope});
    public static final X509KeyPairSettings SIGNING_SETTINGS = new X509KeyPairSettings("signing.", false);
    public static final Setting<String> SIGNING_KEY_ALIAS = new Setting<>("signing.keystore.alias", "key", Function.identity(), new Setting.Property[]{Setting.Property.NodeScope});
    public static final Setting<List<String>> SIGNING_MESSAGE_TYPES = Setting.listSetting("signing.saml_messages", Collections.singletonList("*"), Function.identity(), new Setting.Property[]{Setting.Property.NodeScope});
    public static final Setting<TimeValue> CLOCK_SKEW = Setting.positiveTimeSetting("allowed_clock_skew", TimeValue.timeValueMinutes(3), new Setting.Property[]{Setting.Property.NodeScope});
    public static final String SSL_PREFIX = "ssl.";

    /* loaded from: input_file:org/elasticsearch/xpack/core/security/authc/saml/SamlRealmSettings$AttributeSetting.class */
    public static final class AttributeSetting {
        public static final String ATTRIBUTES_PREFIX = "attributes.";
        public static final String ATTRIBUTE_PATTERNS_PREFIX = "attribute_patterns.";
        private final Setting<String> attribute;
        private final Setting<String> pattern;

        public AttributeSetting(String str) {
            this.attribute = Setting.simpleString(ATTRIBUTES_PREFIX + str, new Setting.Property[]{Setting.Property.NodeScope});
            this.pattern = Setting.simpleString(ATTRIBUTE_PATTERNS_PREFIX + str, new Setting.Property[]{Setting.Property.NodeScope});
        }

        public Collection<Setting<?>> settings() {
            return Arrays.asList(getAttribute(), getPattern());
        }

        public String name() {
            return getAttribute().getKey();
        }

        public Setting<String> getAttribute() {
            return this.attribute;
        }

        public Setting<String> getPattern() {
            return this.pattern;
        }
    }

    private SamlRealmSettings() {
    }

    public static Set<Setting<?>> getSettings() {
        HashSet newHashSet = Sets.newHashSet(new Setting[]{IDP_ENTITY_ID, IDP_METADATA_PATH, SP_ENTITY_ID, SP_ACS, SP_LOGOUT, NAMEID_FORMAT, FORCE_AUTHN, CLOCK_SKEW, ENCRYPTION_KEY_ALIAS, SIGNING_KEY_ALIAS, SIGNING_MESSAGE_TYPES});
        newHashSet.addAll(ENCRYPTION_SETTINGS.getAllSettings());
        newHashSet.addAll(SIGNING_SETTINGS.getAllSettings());
        newHashSet.addAll(SSLConfigurationSettings.withPrefix(SSL_PREFIX).getAllSettings());
        newHashSet.addAll(PRINCIPAL_ATTRIBUTE.settings());
        newHashSet.addAll(GROUPS_ATTRIBUTE.settings());
        newHashSet.addAll(DN_ATTRIBUTE.settings());
        newHashSet.addAll(NAME_ATTRIBUTE.settings());
        newHashSet.addAll(MAIL_ATTRIBUTE.settings());
        return newHashSet;
    }
}
