package org.elasticsearch.xpack.core;

import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.function.Function;
import javax.crypto.SecretKeyFactory;
import org.elasticsearch.common.settings.Setting;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.ssl.SslClientAuthenticationMode;
import org.elasticsearch.common.ssl.SslVerificationMode;
import org.elasticsearch.core.Strings;
import org.elasticsearch.transport.RemoteClusterPortSettings;
import org.elasticsearch.xpack.core.security.SecurityField;
import org.elasticsearch.xpack.core.security.authc.RealmSettings;
import org.elasticsearch.xpack.core.security.authc.support.Hasher;
import org.elasticsearch.xpack.core.ssl.SSLConfigurationSettings;

/* loaded from: input_file:org/elasticsearch/xpack/core/XPackSettings.class */
public class XPackSettings {
    public static final Setting<Boolean> CCR_ENABLED_SETTING = Setting.boolSetting("xpack.ccr.enabled", true, new Setting.Property[]{Setting.Property.NodeScope});
    public static final Setting<Boolean> SECURITY_ENABLED = Setting.boolSetting("xpack.security.enabled", true, new Setting.Validator<Boolean>() { // from class: org.elasticsearch.xpack.core.XPackSettings.1
        public void validate(Boolean bool) {
        }

        public void validate(Boolean bool, Map<Setting<?>, Object> map, boolean z) {
            if (((Boolean) map.get(RemoteClusterPortSettings.REMOTE_CLUSTER_SERVER_ENABLED)).booleanValue() && false == bool.booleanValue()) {
                throw new IllegalArgumentException(Strings.format("Security [%s] must be enabled to use the remote cluster server feature", new Object[]{XPackSettings.SECURITY_ENABLED.getKey()}));
            }
        }

        public Iterator<Setting<?>> settings() {
            return List.of(RemoteClusterPortSettings.REMOTE_CLUSTER_SERVER_ENABLED).iterator();
        }

        public /* bridge */ /* synthetic */ void validate(Object obj, Map map, boolean z) {
            validate((Boolean) obj, (Map<Setting<?>, Object>) map, z);
        }
    }, new Setting.Property[]{Setting.Property.NodeScope});
    public static final Setting<Boolean> WATCHER_ENABLED = Setting.boolSetting("xpack.watcher.enabled", true, new Setting.Property[]{Setting.Property.NodeScope});
    public static final Setting<Boolean> GRAPH_ENABLED = Setting.boolSetting("xpack.graph.enabled", true, new Setting.Property[]{Setting.Property.NodeScope});
    public static final Setting<Boolean> MACHINE_LEARNING_ENABLED = Setting.boolSetting("xpack.ml.enabled", true, new Setting.Property[]{Setting.Property.NodeScope});
    public static final Setting<Boolean> PROFILING_ENABLED = Setting.boolSetting("xpack.profiling.enabled", true, new Setting.Property[]{Setting.Property.NodeScope});
    public static final Setting<Boolean> APM_DATA_ENABLED = Setting.boolSetting("xpack.apm_data.enabled", false, new Setting.Property[]{Setting.Property.NodeScope});
    public static final Setting<Boolean> ENTERPRISE_SEARCH_ENABLED = Setting.boolSetting("xpack.ent_search.enabled", true, new Setting.Property[]{Setting.Property.NodeScope});
    public static final Setting<Boolean> AUDIT_ENABLED = Setting.boolSetting("xpack.security.audit.enabled", false, new Setting.Property[]{Setting.Property.NodeScope});
    public static final Setting<Boolean> DLS_FLS_ENABLED = Setting.boolSetting("xpack.security.dls_fls.enabled", true, new Setting.Property[]{Setting.Property.NodeScope});
    public static final Setting<Boolean> TRANSPORT_SSL_ENABLED = Setting.boolSetting("xpack.security.transport.ssl.enabled", false, new Setting.Property[]{Setting.Property.NodeScope});
    public static final Setting<Boolean> HTTP_SSL_ENABLED = Setting.boolSetting("xpack.security.http.ssl.enabled", false, new Setting.Property[]{Setting.Property.NodeScope});
    public static final Setting<Boolean> RESERVED_REALM_ENABLED_SETTING = Setting.boolSetting("xpack.security.authc.reserved_realm.enabled", true, new Setting.Property[]{Setting.Property.NodeScope});
    public static final Setting<Boolean> TOKEN_SERVICE_ENABLED_SETTING = Setting.boolSetting("xpack.security.authc.token.enabled", HTTP_SSL_ENABLED, new Setting.Property[]{Setting.Property.NodeScope});
    public static final Setting<Boolean> API_KEY_SERVICE_ENABLED_SETTING = Setting.boolSetting("xpack.security.authc.api_key.enabled", true, new Setting.Property[]{Setting.Property.NodeScope});
    public static final Setting<Boolean> FIPS_MODE_ENABLED = Setting.boolSetting("xpack.security.fips_mode.enabled", false, new Setting.Property[]{Setting.Property.NodeScope});
    public static final Setting<List<String>> FIPS_REQUIRED_PROVIDERS = Setting.stringListSetting("xpack.security.fips_mode.required_providers", new Setting.Property[]{Setting.Property.NodeScope});
    public static final Setting<Boolean> ENROLLMENT_ENABLED = Setting.boolSetting("xpack.security.enrollment.enabled", false, new Setting.Property[]{Setting.Property.NodeScope});
    public static final Setting<Boolean> SECURITY_AUTOCONFIGURATION_ENABLED = Setting.boolSetting("xpack.security.autoconfiguration.enabled", true, new Setting.Property[]{Setting.Property.NodeScope});
    private static final List<String> JDK12_CIPHERS = List.of((Object[]) new String[]{"TLS_AES_256_GCM_SHA384", "TLS_AES_128_GCM_SHA256", "TLS_CHACHA20_POLY1305_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", "TLS_RSA_WITH_AES_256_GCM_SHA384", "TLS_RSA_WITH_AES_128_GCM_SHA256", "TLS_RSA_WITH_AES_256_CBC_SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA256", "TLS_RSA_WITH_AES_256_CBC_SHA", "TLS_RSA_WITH_AES_128_CBC_SHA"});
    public static final List<String> DEFAULT_CIPHERS = JDK12_CIPHERS;
    public static final Setting<String> PASSWORD_HASHING_ALGORITHM = defaultStoredHashAlgorithmSetting("xpack.security.authc.password_hashing.algorithm", settings -> {
        return ((Boolean) FIPS_MODE_ENABLED.get(settings)).booleanValue() ? Hasher.PBKDF2_STRETCH.name() : Hasher.BCRYPT.name();
    });
    public static final Setting<String> SERVICE_TOKEN_HASHING_ALGORITHM = defaultStoredHashAlgorithmSetting("xpack.security.authc.service_token_hashing.algorithm", settings -> {
        return Hasher.PBKDF2_STRETCH.name();
    });
    public static final List<String> DEFAULT_SUPPORTED_PROTOCOLS = Arrays.asList("TLSv1.3", "TLSv1.2", "TLSv1.1");
    public static final SslClientAuthenticationMode CLIENT_AUTH_DEFAULT = SslClientAuthenticationMode.REQUIRED;
    public static final SslClientAuthenticationMode HTTP_CLIENT_AUTH_DEFAULT = SslClientAuthenticationMode.NONE;
    public static final SslClientAuthenticationMode REMOTE_CLUSTER_CLIENT_AUTH_DEFAULT = SslClientAuthenticationMode.NONE;
    public static final SslVerificationMode VERIFICATION_MODE_DEFAULT = SslVerificationMode.FULL;
    public static final String HTTP_SSL_PREFIX = SecurityField.setting("http.ssl.");
    private static final SSLConfigurationSettings HTTP_SSL = SSLConfigurationSettings.withPrefix(HTTP_SSL_PREFIX, true);
    public static final String TRANSPORT_SSL_PREFIX = SecurityField.setting("transport.ssl.");
    private static final SSLConfigurationSettings TRANSPORT_SSL = SSLConfigurationSettings.withPrefix(TRANSPORT_SSL_PREFIX, true);
    public static final String REMOTE_CLUSTER_SERVER_SSL_PREFIX = SecurityField.setting("remote_cluster_server.ssl.");
    public static final String REMOTE_CLUSTER_CLIENT_SSL_PREFIX = SecurityField.setting("remote_cluster_client.ssl.");
    private static final SSLConfigurationSettings REMOTE_CLUSTER_SERVER_SSL = SSLConfigurationSettings.withPrefix(REMOTE_CLUSTER_SERVER_SSL_PREFIX, false);
    private static final SSLConfigurationSettings REMOTE_CLUSTER_CLIENT_SSL = SSLConfigurationSettings.withPrefix(REMOTE_CLUSTER_CLIENT_SSL_PREFIX, false);
    public static final Setting<Boolean> REMOTE_CLUSTER_SERVER_SSL_ENABLED = Setting.boolSetting(REMOTE_CLUSTER_SERVER_SSL_PREFIX + "enabled", true, new Setting.Property[]{Setting.Property.NodeScope});
    public static final Setting<Boolean> REMOTE_CLUSTER_CLIENT_SSL_ENABLED = Setting.boolSetting(REMOTE_CLUSTER_CLIENT_SSL_PREFIX + "enabled", true, new Setting.Property[]{Setting.Property.NodeScope});

    private XPackSettings() {
        throw new IllegalStateException("Utility class should not be instantiated");
    }

    public static Setting<String> defaultStoredHashAlgorithmSetting(String str, Function<Settings, String> function) {
        return new Setting<>(new Setting.SimpleKey(str), function, Function.identity(), str2 -> {
            if (!Hasher.getAvailableAlgoStoredHash().contains(str2.toLowerCase(Locale.ROOT))) {
                throw new IllegalArgumentException("Invalid algorithm: " + str2 + ". Valid values for password hashing are " + Hasher.getAvailableAlgoStoredHash().toString());
            }
            if (str2.regionMatches(true, 0, "pbkdf2", 0, "pbkdf2".length())) {
                try {
                    SecretKeyFactory.getInstance("PBKDF2withHMACSHA512");
                } catch (NoSuchAlgorithmException e) {
                    throw new IllegalArgumentException("Support for PBKDF2WithHMACSHA512 must be available in order to use any of the PBKDF2 algorithms for the [" + str + "] setting.", e);
                }
            }
        }, new Setting.Property[]{Setting.Property.NodeScope});
    }

    public static List<Setting<?>> getAllSettings() {
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(HTTP_SSL.getEnabledSettings());
        arrayList.addAll(TRANSPORT_SSL.getEnabledSettings());
        arrayList.addAll(REMOTE_CLUSTER_SERVER_SSL.getEnabledSettings());
        arrayList.addAll(REMOTE_CLUSTER_CLIENT_SSL.getEnabledSettings());
        arrayList.add(SECURITY_ENABLED);
        arrayList.add(GRAPH_ENABLED);
        arrayList.add(MACHINE_LEARNING_ENABLED);
        arrayList.add(PROFILING_ENABLED);
        arrayList.add(APM_DATA_ENABLED);
        arrayList.add(ENTERPRISE_SEARCH_ENABLED);
        arrayList.add(AUDIT_ENABLED);
        arrayList.add(WATCHER_ENABLED);
        arrayList.add(DLS_FLS_ENABLED);
        arrayList.add(TRANSPORT_SSL_ENABLED);
        arrayList.add(HTTP_SSL_ENABLED);
        arrayList.add(REMOTE_CLUSTER_SERVER_SSL_ENABLED);
        arrayList.add(REMOTE_CLUSTER_CLIENT_SSL_ENABLED);
        arrayList.add(RESERVED_REALM_ENABLED_SETTING);
        arrayList.add(TOKEN_SERVICE_ENABLED_SETTING);
        arrayList.add(API_KEY_SERVICE_ENABLED_SETTING);
        arrayList.add(SecurityField.USER_SETTING);
        arrayList.add(PASSWORD_HASHING_ALGORITHM);
        arrayList.add(ENROLLMENT_ENABLED);
        arrayList.add(SECURITY_AUTOCONFIGURATION_ENABLED);
        arrayList.add(RealmSettings.DOMAIN_TO_REALM_ASSOC_SETTING);
        arrayList.add(RealmSettings.DOMAIN_UID_LITERAL_USERNAME_SETTING);
        arrayList.add(RealmSettings.DOMAIN_UID_SUFFIX_SETTING);
        return Collections.unmodifiableList(arrayList);
    }
}
