package org.elasticsearch.xpack.ssl;

import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import java.util.function.Function;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManagerFactory;
import org.elasticsearch.common.settings.SecureSetting;
import org.elasticsearch.common.settings.SecureString;
import org.elasticsearch.common.settings.Setting;

/* loaded from: input_file:org/elasticsearch/xpack/ssl/SSLConfigurationSettings.class */
public class SSLConfigurationSettings {
    public final Setting<List<String>> ciphers;
    public final Setting<List<String>> supportedProtocols;
    public final Setting<Optional<String>> keystorePath;
    public final Setting<SecureString> keystorePassword;
    public final Setting<String> keystoreAlgorithm;
    public final Setting<SecureString> keystoreKeyPassword;
    public final Setting<Optional<String>> truststorePath;
    public final Setting<SecureString> truststorePassword;
    public final Setting<String> truststoreAlgorithm;
    public final Setting<Optional<String>> keyPath;
    public final Setting<SecureString> keyPassword;
    public final Setting<Optional<String>> cert;
    public final Setting<List<String>> caPaths;
    public final Setting<Optional<SSLClientAuth>> clientAuth;
    public final Setting<Optional<VerificationMode>> verificationMode;
    final Setting<SecureString> legacyKeystorePassword;
    final Setting<SecureString> legacyKeystoreKeyPassword;
    final Setting<SecureString> legacyTruststorePassword;
    final Setting<SecureString> legacyKeyPassword;
    private final List<Setting<?>> allSettings;
    static final /* synthetic */ boolean $assertionsDisabled;

    private SSLConfigurationSettings(String str) {
        if (!$assertionsDisabled && str == null) {
            throw new AssertionError("Prefix cannot be null (but can be blank)");
        }
        this.ciphers = Setting.listSetting(str + "cipher_suites", Collections.emptyList(), Function.identity(), new Setting.Property[]{Setting.Property.NodeScope, Setting.Property.Filtered});
        this.supportedProtocols = Setting.listSetting(str + "supported_protocols", Collections.emptyList(), Function.identity(), new Setting.Property[]{Setting.Property.NodeScope, Setting.Property.Filtered});
        this.keystorePath = new Setting<>(str + "keystore.path", settings -> {
            return null;
        }, (v0) -> {
            return Optional.ofNullable(v0);
        }, new Setting.Property[]{Setting.Property.NodeScope, Setting.Property.Filtered});
        this.legacyKeystorePassword = new Setting<>(str + "keystore.password", "", SecureString::new, new Setting.Property[]{Setting.Property.Deprecated, Setting.Property.Filtered, Setting.Property.NodeScope});
        this.keystorePassword = SecureSetting.secureString(str + "keystore.secure_password", this.legacyKeystorePassword, new Setting.Property[0]);
        this.legacyKeystoreKeyPassword = new Setting<>(str + "keystore.key_password", "", SecureString::new, new Setting.Property[]{Setting.Property.Deprecated, Setting.Property.Filtered, Setting.Property.NodeScope});
        this.keystoreKeyPassword = SecureSetting.secureString(str + "keystore.secure_key_password", this.legacyKeystoreKeyPassword, new Setting.Property[0]);
        this.truststorePath = new Setting<>(str + "truststore.path", settings2 -> {
            return null;
        }, (v0) -> {
            return Optional.ofNullable(v0);
        }, new Setting.Property[]{Setting.Property.NodeScope, Setting.Property.Filtered});
        this.legacyTruststorePassword = new Setting<>(str + "truststore.password", "", SecureString::new, new Setting.Property[]{Setting.Property.Deprecated, Setting.Property.Filtered, Setting.Property.NodeScope});
        this.truststorePassword = SecureSetting.secureString(str + "truststore.secure_password", this.legacyTruststorePassword, new Setting.Property[0]);
        this.keystoreAlgorithm = new Setting<>(str + "keystore.algorithm", settings3 -> {
            return KeyManagerFactory.getDefaultAlgorithm();
        }, Function.identity(), new Setting.Property[]{Setting.Property.NodeScope, Setting.Property.Filtered});
        this.truststoreAlgorithm = new Setting<>(str + "truststore.algorithm", settings4 -> {
            return TrustManagerFactory.getDefaultAlgorithm();
        }, Function.identity(), new Setting.Property[]{Setting.Property.NodeScope, Setting.Property.Filtered});
        this.keyPath = new Setting<>(str + "key", settings5 -> {
            return null;
        }, (v0) -> {
            return Optional.ofNullable(v0);
        }, new Setting.Property[]{Setting.Property.NodeScope, Setting.Property.Filtered});
        this.legacyKeyPassword = new Setting<>(str + "key_passphrase", "", SecureString::new, new Setting.Property[]{Setting.Property.Deprecated, Setting.Property.Filtered, Setting.Property.NodeScope});
        this.keyPassword = SecureSetting.secureString(str + "secure_key_passphrase", this.legacyKeyPassword, new Setting.Property[0]);
        this.cert = new Setting<>(str + "certificate", settings6 -> {
            return null;
        }, (v0) -> {
            return Optional.ofNullable(v0);
        }, new Setting.Property[]{Setting.Property.NodeScope, Setting.Property.Filtered});
        this.caPaths = Setting.listSetting(str + "certificate_authorities", Collections.emptyList(), Function.identity(), new Setting.Property[]{Setting.Property.NodeScope, Setting.Property.Filtered});
        this.clientAuth = new Setting<>(str + "client_authentication", (String) null, str2 -> {
            return str2 == null ? Optional.empty() : Optional.of(SSLClientAuth.parse(str2));
        }, new Setting.Property[]{Setting.Property.NodeScope, Setting.Property.Filtered});
        this.verificationMode = new Setting<>(str + "verification_mode", (String) null, str3 -> {
            return str3 == null ? Optional.empty() : Optional.of(VerificationMode.parse(str3));
        }, new Setting.Property[]{Setting.Property.NodeScope, Setting.Property.Filtered});
        this.allSettings = Arrays.asList(this.ciphers, this.supportedProtocols, this.keystorePath, this.keystorePassword, this.keystoreAlgorithm, this.keystoreKeyPassword, this.truststorePath, this.truststorePassword, this.truststoreAlgorithm, this.keyPath, this.keyPassword, this.cert, this.caPaths, this.clientAuth, this.verificationMode, this.legacyKeystorePassword, this.legacyKeystoreKeyPassword, this.legacyKeyPassword, this.legacyTruststorePassword);
    }

    public List<Setting<?>> getAllSettings() {
        return this.allSettings;
    }

    public static SSLConfigurationSettings withoutPrefix() {
        return new SSLConfigurationSettings("");
    }

    public static SSLConfigurationSettings withPrefix(String str) {
        if ($assertionsDisabled || str.endsWith("ssl.")) {
            return new SSLConfigurationSettings(str);
        }
        throw new AssertionError("The ssl config prefix (" + str + ") should end in 'ssl.'");
    }

    static {
        $assertionsDisabled = !SSLConfigurationSettings.class.desiredAssertionStatus();
    }
}
