package org.elasticsearch.xpack.core;

import com.unboundid.util.ssl.SSLUtil;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Locale;
import java.util.function.Function;
import javax.crypto.Cipher;
import javax.crypto.SecretKeyFactory;
import org.elasticsearch.common.network.NetworkModule;
import org.elasticsearch.common.settings.Setting;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.xpack.core.security.SecurityField;
import org.elasticsearch.xpack.core.security.authc.support.Hasher;
import org.elasticsearch.xpack.core.ssl.SSLClientAuth;
import org.elasticsearch.xpack.core.ssl.SSLConfigurationSettings;
import org.elasticsearch.xpack.core.ssl.VerificationMode;

/* loaded from: input_file:lib/org.elasticsearch.xpack.core-6.5.0.jar:org/elasticsearch/xpack/core/XPackSettings.class */
public class XPackSettings {
    public static final Setting<Boolean> CCR_ENABLED_SETTING = Setting.boolSetting("xpack.ccr.enabled", true, Setting.Property.NodeScope);
    public static final Setting<Boolean> SECURITY_ENABLED = Setting.boolSetting("xpack.security.enabled", true, Setting.Property.NodeScope);
    public static final Setting<Boolean> MONITORING_ENABLED = Setting.boolSetting("xpack.monitoring.enabled", (Function<Settings, String>) settings -> {
        return String.valueOf((XPackClientActionPlugin.isTribeNode(settings) || XPackClientActionPlugin.isTribeClientNode(settings)) ? false : true);
    }, Setting.Property.NodeScope);
    public static final Setting<Boolean> WATCHER_ENABLED = Setting.boolSetting("xpack.watcher.enabled", true, Setting.Property.NodeScope);
    public static final Setting<Boolean> GRAPH_ENABLED = Setting.boolSetting("xpack.graph.enabled", true, Setting.Property.NodeScope);
    public static final Setting<Boolean> MACHINE_LEARNING_ENABLED = Setting.boolSetting("xpack.ml.enabled", true, Setting.Property.NodeScope);
    public static final Setting<Boolean> ROLLUP_ENABLED = Setting.boolSetting("xpack.rollup.enabled", true, Setting.Property.NodeScope);
    public static final Setting<Boolean> AUDIT_ENABLED = Setting.boolSetting("xpack.security.audit.enabled", false, Setting.Property.NodeScope);
    public static final Setting<Boolean> DLS_FLS_ENABLED = Setting.boolSetting("xpack.security.dls_fls.enabled", true, Setting.Property.NodeScope);
    public static final Setting<Boolean> LOGSTASH_ENABLED = Setting.boolSetting("xpack.logstash.enabled", true, Setting.Property.NodeScope);
    public static final Setting<Boolean> BEATS_ENABLED = Setting.boolSetting("xpack.beats.enabled", true, Setting.Property.NodeScope);
    public static final Setting<Boolean> TRANSPORT_SSL_ENABLED = Setting.boolSetting("xpack.security.transport.ssl.enabled", false, Setting.Property.NodeScope);
    public static final Setting<Boolean> HTTP_SSL_ENABLED = Setting.boolSetting("xpack.security.http.ssl.enabled", false, Setting.Property.NodeScope);
    public static final Setting<Boolean> RESERVED_REALM_ENABLED_SETTING = Setting.boolSetting("xpack.security.authc.reserved_realm.enabled", true, Setting.Property.NodeScope);
    public static final Setting<Boolean> TOKEN_SERVICE_ENABLED_SETTING = Setting.boolSetting("xpack.security.authc.token.enabled", (Function<Settings, String>) settings -> {
        return NetworkModule.HTTP_ENABLED.get(settings).booleanValue() ? HTTP_SSL_ENABLED.getRaw(settings) : Boolean.TRUE.toString();
    }, Setting.Property.NodeScope);
    public static final Setting<Boolean> FIPS_MODE_ENABLED = Setting.boolSetting("xpack.security.fips_mode.enabled", false, Setting.Property.NodeScope);
    public static final Setting<Boolean> SQL_ENABLED = Setting.boolSetting("xpack.sql.enabled", true, Setting.Property.NodeScope);
    public static final List<String> DEFAULT_CIPHERS;
    public static final Setting<String> PASSWORD_HASHING_ALGORITHM;
    public static final List<String> DEFAULT_SUPPORTED_PROTOCOLS;
    public static final SSLClientAuth CLIENT_AUTH_DEFAULT;
    public static final SSLClientAuth HTTP_CLIENT_AUTH_DEFAULT;
    public static final VerificationMode VERIFICATION_MODE_DEFAULT;
    public static final String GLOBAL_SSL_PREFIX = "xpack.ssl.";
    private static final SSLConfigurationSettings GLOBAL_SSL;
    public static final String HTTP_SSL_PREFIX;
    private static final SSLConfigurationSettings HTTP_SSL;
    public static final String TRANSPORT_SSL_PREFIX;
    private static final SSLConfigurationSettings TRANSPORT_SSL;

    private XPackSettings() {
        throw new IllegalStateException("Utility class should not be instantiated");
    }

    public static List<Setting<?>> getAllSettings() {
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(GLOBAL_SSL.getAllSettings());
        arrayList.addAll(HTTP_SSL.getAllSettings());
        arrayList.addAll(TRANSPORT_SSL.getAllSettings());
        arrayList.add(SECURITY_ENABLED);
        arrayList.add(MONITORING_ENABLED);
        arrayList.add(GRAPH_ENABLED);
        arrayList.add(MACHINE_LEARNING_ENABLED);
        arrayList.add(AUDIT_ENABLED);
        arrayList.add(WATCHER_ENABLED);
        arrayList.add(DLS_FLS_ENABLED);
        arrayList.add(LOGSTASH_ENABLED);
        arrayList.add(TRANSPORT_SSL_ENABLED);
        arrayList.add(HTTP_SSL_ENABLED);
        arrayList.add(RESERVED_REALM_ENABLED_SETTING);
        arrayList.add(TOKEN_SERVICE_ENABLED_SETTING);
        arrayList.add(SQL_ENABLED);
        arrayList.add(SecurityField.USER_SETTING);
        arrayList.add(ROLLUP_ENABLED);
        arrayList.add(PASSWORD_HASHING_ALGORITHM);
        return Collections.unmodifiableList(arrayList);
    }

    static {
        List<String> asList = Arrays.asList("TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA");
        try {
            if (Cipher.getMaxAllowedKeyLength("AES") > 128) {
                ArrayList arrayList = new ArrayList(asList.size() * 2);
                arrayList.addAll(Arrays.asList("TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "TLS_RSA_WITH_AES_256_CBC_SHA256", "TLS_RSA_WITH_AES_256_CBC_SHA"));
                arrayList.addAll(asList);
                asList = arrayList;
            }
        } catch (NoSuchAlgorithmException e) {
        }
        DEFAULT_CIPHERS = asList;
        PASSWORD_HASHING_ALGORITHM = new Setting<>("xpack.security.authc.password_hashing.algorithm", "bcrypt", Function.identity(), (str, map) -> {
            if (!Hasher.getAvailableAlgoStoredHash().contains(str.toLowerCase(Locale.ROOT))) {
                throw new IllegalArgumentException("Invalid algorithm: " + str + ". Valid values for password hashing are " + Hasher.getAvailableAlgoStoredHash().toString());
            }
            if (str.regionMatches(true, 0, "pbkdf2", 0, "pbkdf2".length())) {
                try {
                    SecretKeyFactory.getInstance("PBKDF2withHMACSHA512");
                } catch (NoSuchAlgorithmException e2) {
                    throw new IllegalArgumentException("Support for PBKDF2WithHMACSHA512 must be available in order to use any of the PBKDF2 algorithms for the [xpack.security.authc.password_hashing.algorithm] setting.", e2);
                }
            }
        }, Setting.Property.NodeScope);
        DEFAULT_SUPPORTED_PROTOCOLS = Arrays.asList(SSLUtil.SSL_PROTOCOL_TLS_1_2, SSLUtil.SSL_PROTOCOL_TLS_1_1, SSLUtil.SSL_PROTOCOL_TLS_1);
        CLIENT_AUTH_DEFAULT = SSLClientAuth.REQUIRED;
        HTTP_CLIENT_AUTH_DEFAULT = SSLClientAuth.NONE;
        VERIFICATION_MODE_DEFAULT = VerificationMode.FULL;
        GLOBAL_SSL = SSLConfigurationSettings.withPrefix(GLOBAL_SSL_PREFIX);
        HTTP_SSL_PREFIX = SecurityField.setting("http.ssl.");
        HTTP_SSL = SSLConfigurationSettings.withPrefix(HTTP_SSL_PREFIX);
        TRANSPORT_SSL_PREFIX = SecurityField.setting("transport.ssl.");
        TRANSPORT_SSL = SSLConfigurationSettings.withPrefix(TRANSPORT_SSL_PREFIX);
    }
}
