package org.elasticsearch.xpack.core.security.authc.pki;

import java.util.HashSet;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import java.util.regex.Pattern;
import org.elasticsearch.common.settings.SecureString;
import org.elasticsearch.common.settings.Setting;
import org.elasticsearch.core.TimeValue;
import org.elasticsearch.xpack.core.security.authc.RealmSettings;
import org.elasticsearch.xpack.core.security.authc.support.DelegatedAuthorizationSettings;
import org.elasticsearch.xpack.core.security.authc.support.mapper.CompositeRoleMapperSettings;
import org.elasticsearch.xpack.core.ssl.SSLConfigurationSettings;

/* loaded from: input_file:lib/x-pack-core-7.17.13.jar:org/elasticsearch/xpack/core/security/authc/pki/PkiRealmSettings.class */
public final class PkiRealmSettings {
    public static final String DEFAULT_USERNAME_PATTERN = "CN=(.*?)(?:,|$)";
    private static final int DEFAULT_MAX_USERS = 100000;
    public static final Setting.AffixSetting<Optional<String>> TRUST_STORE_PATH;
    public static final Setting.AffixSetting<Optional<String>> TRUST_STORE_TYPE;
    public static final Setting.AffixSetting<SecureString> TRUST_STORE_PASSWORD;
    public static final Setting.AffixSetting<SecureString> LEGACY_TRUST_STORE_PASSWORD;
    public static final Setting.AffixSetting<String> TRUST_STORE_ALGORITHM;
    public static final Setting.AffixSetting<List<String>> CAPATH_SETTING;
    public static final String TYPE = "pki";
    public static final Setting.AffixSetting<Pattern> USERNAME_PATTERN_SETTING = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "username_pattern", str -> {
        return new Setting(str, DEFAULT_USERNAME_PATTERN, str -> {
            return Pattern.compile(str, 2);
        }, Setting.Property.NodeScope);
    }, new Setting.AffixSettingDependency[0]);
    private static final TimeValue DEFAULT_TTL = TimeValue.timeValueMinutes(20);
    public static final Setting.AffixSetting<TimeValue> CACHE_TTL_SETTING = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "cache.ttl", str -> {
        return Setting.timeSetting(str, DEFAULT_TTL, Setting.Property.NodeScope);
    }, new Setting.AffixSettingDependency[0]);
    public static final Setting.AffixSetting<Integer> CACHE_MAX_USERS_SETTING = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "cache.max_users", str -> {
        return Setting.intSetting(str, 100000, Setting.Property.NodeScope);
    }, new Setting.AffixSettingDependency[0]);
    public static final Setting.AffixSetting<Boolean> DELEGATION_ENABLED_SETTING = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "delegation.enabled", str -> {
        return Setting.boolSetting(str, false, Setting.Property.NodeScope);
    }, new Setting.AffixSettingDependency[0]);

    private PkiRealmSettings() {
    }

    public static Set<Setting.AffixSetting<?>> getSettings() {
        HashSet hashSet = new HashSet();
        hashSet.add(USERNAME_PATTERN_SETTING);
        hashSet.add(CACHE_TTL_SETTING);
        hashSet.add(CACHE_MAX_USERS_SETTING);
        hashSet.add(DELEGATION_ENABLED_SETTING);
        hashSet.add(TRUST_STORE_PATH);
        hashSet.add(TRUST_STORE_PASSWORD);
        hashSet.add(LEGACY_TRUST_STORE_PASSWORD);
        hashSet.add(TRUST_STORE_ALGORITHM);
        hashSet.add(CAPATH_SETTING);
        hashSet.addAll(DelegatedAuthorizationSettings.getSettings(TYPE));
        hashSet.addAll(CompositeRoleMapperSettings.getSettings(TYPE));
        hashSet.addAll(RealmSettings.getStandardSettings(TYPE));
        return hashSet;
    }

    static {
        SSLConfigurationSettings withoutPrefix = SSLConfigurationSettings.withoutPrefix();
        TRUST_STORE_PATH = Setting.affixKeySetting("xpack.security.authc.realms.pki.", withoutPrefix.truststorePath.getKey(), SSLConfigurationSettings.TRUST_STORE_PATH_TEMPLATE, new Setting.AffixSettingDependency[0]);
        TRUST_STORE_TYPE = Setting.affixKeySetting("xpack.security.authc.realms.pki.", withoutPrefix.truststoreType.getKey(), SSLConfigurationSettings.TRUST_STORE_TYPE_TEMPLATE, new Setting.AffixSettingDependency[0]);
        TRUST_STORE_PASSWORD = Setting.affixKeySetting("xpack.security.authc.realms.pki.", withoutPrefix.truststorePassword.getKey(), SSLConfigurationSettings.TRUSTSTORE_PASSWORD_TEMPLATE, new Setting.AffixSettingDependency[0]);
        LEGACY_TRUST_STORE_PASSWORD = Setting.affixKeySetting("xpack.security.authc.realms.pki.", withoutPrefix.legacyTruststorePassword.getKey(), SSLConfigurationSettings.LEGACY_TRUSTSTORE_PASSWORD_TEMPLATE, new Setting.AffixSettingDependency[0]);
        TRUST_STORE_ALGORITHM = Setting.affixKeySetting("xpack.security.authc.realms.pki.", withoutPrefix.truststoreAlgorithm.getKey(), SSLConfigurationSettings.TRUST_STORE_ALGORITHM_TEMPLATE, new Setting.AffixSettingDependency[0]);
        CAPATH_SETTING = Setting.affixKeySetting("xpack.security.authc.realms.pki.", withoutPrefix.caPaths.getKey(), SSLConfigurationSettings.CAPATH_SETTING_TEMPLATE, new Setting.AffixSettingDependency[0]);
    }
}
