package org.elasticsearch.xpack.core.security.authc.oidc;

import java.net.URI;
import java.net.URISyntaxException;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import org.apache.http.HttpHost;
import org.elasticsearch.common.settings.SecureString;
import org.elasticsearch.common.settings.Setting;
import org.elasticsearch.common.util.set.Sets;
import org.elasticsearch.core.TimeValue;
import org.elasticsearch.xpack.core.inference.results.StreamingUnifiedChatCompletionResults;
import org.elasticsearch.xpack.core.rollup.job.GroupConfig;
import org.elasticsearch.xpack.core.security.authc.RealmSettings;
import org.elasticsearch.xpack.core.security.authc.support.ClaimSetting;
import org.elasticsearch.xpack.core.security.authc.support.DelegatedAuthorizationSettings;
import org.elasticsearch.xpack.core.ssl.SSLConfigurationSettings;

/* loaded from: input_file:org/elasticsearch/xpack/core/security/authc/oidc/OpenIdConnectRealmSettings.class */
public class OpenIdConnectRealmSettings {
    public static final List<String> SUPPORTED_SIGNATURE_ALGORITHMS = List.of((Object[]) new String[]{"HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512"});
    private static final List<String> RESPONSE_TYPES = List.of("code", "id_token", "id_token token");
    public static final List<String> CLIENT_AUTH_METHODS = List.of("client_secret_basic", "client_secret_post", "client_secret_jwt");
    public static final List<String> SUPPORTED_CLIENT_AUTH_JWT_ALGORITHMS = List.of("HS256", "HS384", "HS512");
    public static final String TYPE = "oidc";
    public static final Setting.AffixSetting<String> RP_CLIENT_ID = RealmSettings.simpleString(TYPE, "rp.client_id", Setting.Property.NodeScope);
    public static final Setting.AffixSetting<SecureString> RP_CLIENT_SECRET = RealmSettings.secureString(TYPE, "rp.client_secret");
    public static final Setting.AffixSetting<String> RP_REDIRECT_URI = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "rp.redirect_uri", str -> {
        return Setting.simpleString(str, str -> {
            try {
                new URI(str);
            } catch (URISyntaxException e) {
                throw new IllegalArgumentException("Invalid value [" + str + "] for [" + str + "]. Not a valid URI.", e);
            }
        }, new Setting.Property[]{Setting.Property.NodeScope});
    }, new Setting.AffixSettingDependency[0]);
    public static final Setting.AffixSetting<String> RP_POST_LOGOUT_REDIRECT_URI = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "rp.post_logout_redirect_uri", str -> {
        return Setting.simpleString(str, str -> {
            try {
                new URI(str);
            } catch (URISyntaxException e) {
                throw new IllegalArgumentException("Invalid value [" + str + "] for [" + str + "]. Not a valid URI.", e);
            }
        }, new Setting.Property[]{Setting.Property.NodeScope});
    }, new Setting.AffixSettingDependency[0]);
    public static final Setting.AffixSetting<String> RP_RESPONSE_TYPE = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "rp.response_type", str -> {
        return Setting.simpleString(str, str -> {
            if (!RESPONSE_TYPES.contains(str)) {
                throw new IllegalArgumentException("Invalid value [" + str + "] for [" + str + "]. Allowed values are " + String.valueOf(RESPONSE_TYPES));
            }
        }, new Setting.Property[]{Setting.Property.NodeScope});
    }, new Setting.AffixSettingDependency[0]);
    public static final Setting.AffixSetting<String> RP_SIGNATURE_ALGORITHM = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "rp.signature_algorithm", str -> {
        return Setting.simpleString(str, "RS256", str -> {
            if (!SUPPORTED_SIGNATURE_ALGORITHMS.contains(str)) {
                throw new IllegalArgumentException("Invalid value [" + str + "] for [" + str + "]. Allowed values are " + String.valueOf(SUPPORTED_SIGNATURE_ALGORITHMS) + "}]");
            }
        }, new Setting.Property[]{Setting.Property.NodeScope});
    }, new Setting.AffixSettingDependency[0]);
    public static final Setting.AffixSetting<List<String>> RP_REQUESTED_SCOPES = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "rp.requested_scopes", str -> {
        return Setting.stringListSetting(str, List.of("openid"), new Setting.Property[]{Setting.Property.NodeScope});
    }, new Setting.AffixSettingDependency[0]);
    public static final Setting.AffixSetting<String> RP_CLIENT_AUTH_METHOD = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "rp.client_auth_method", str -> {
        return Setting.simpleString(str, "client_secret_basic", str -> {
            if (!CLIENT_AUTH_METHODS.contains(str)) {
                throw new IllegalArgumentException("Invalid value [" + str + "] for [" + str + "]. Allowed values are " + String.valueOf(CLIENT_AUTH_METHODS) + "}]");
            }
        }, new Setting.Property[]{Setting.Property.NodeScope});
    }, new Setting.AffixSettingDependency[0]);
    public static final Setting.AffixSetting<String> RP_CLIENT_AUTH_JWT_SIGNATURE_ALGORITHM = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "rp.client_auth_jwt_signature_algorithm", str -> {
        return Setting.simpleString(str, "HS384", str -> {
            if (!SUPPORTED_CLIENT_AUTH_JWT_ALGORITHMS.contains(str)) {
                throw new IllegalArgumentException("Invalid value [" + str + "] for [" + str + "]. Allowed values are " + String.valueOf(SUPPORTED_CLIENT_AUTH_JWT_ALGORITHMS) + "}]");
            }
        }, new Setting.Property[]{Setting.Property.NodeScope});
    }, new Setting.AffixSettingDependency[0]);
    public static final Setting.AffixSetting<String> OP_AUTHORIZATION_ENDPOINT = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "op.authorization_endpoint", str -> {
        return Setting.simpleString(str, str -> {
            try {
                new URI(str);
            } catch (URISyntaxException e) {
                throw new IllegalArgumentException("Invalid value [" + str + "] for [" + str + "]. Not a valid URI.", e);
            }
        }, new Setting.Property[]{Setting.Property.NodeScope});
    }, new Setting.AffixSettingDependency[0]);
    public static final Setting.AffixSetting<String> OP_TOKEN_ENDPOINT = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "op.token_endpoint", str -> {
        return Setting.simpleString(str, str -> {
            try {
                new URI(str);
            } catch (URISyntaxException e) {
                throw new IllegalArgumentException("Invalid value [" + str + "] for [" + str + "]. Not a valid URI.", e);
            }
        }, new Setting.Property[]{Setting.Property.NodeScope});
    }, new Setting.AffixSettingDependency[0]);
    public static final Setting.AffixSetting<String> OP_USERINFO_ENDPOINT = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "op.userinfo_endpoint", str -> {
        return Setting.simpleString(str, str -> {
            try {
                new URI(str);
            } catch (URISyntaxException e) {
                throw new IllegalArgumentException("Invalid value [" + str + "] for [" + str + "]. Not a valid URI.", e);
            }
        }, new Setting.Property[]{Setting.Property.NodeScope});
    }, new Setting.AffixSettingDependency[0]);
    public static final Setting.AffixSetting<String> OP_ENDSESSION_ENDPOINT = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "op.endsession_endpoint", str -> {
        return Setting.simpleString(str, str -> {
            try {
                new URI(str);
            } catch (URISyntaxException e) {
                throw new IllegalArgumentException("Invalid value [" + str + "] for [" + str + "]. Not a valid URI.", e);
            }
        }, new Setting.Property[]{Setting.Property.NodeScope});
    }, new Setting.AffixSettingDependency[0]);
    public static final Setting.AffixSetting<String> OP_ISSUER = RealmSettings.simpleString(TYPE, "op.issuer", Setting.Property.NodeScope);
    public static final Setting.AffixSetting<String> OP_JWKSET_PATH = RealmSettings.simpleString(TYPE, "op.jwkset_path", Setting.Property.NodeScope);
    public static final Setting.AffixSetting<TimeValue> ALLOWED_CLOCK_SKEW = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "allowed_clock_skew", str -> {
        return Setting.timeSetting(str, TimeValue.timeValueSeconds(60L), new Setting.Property[]{Setting.Property.NodeScope});
    }, new Setting.AffixSettingDependency[0]);
    public static final Setting.AffixSetting<Boolean> POPULATE_USER_METADATA = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "populate_user_metadata", str -> {
        return Setting.boolSetting(str, true, new Setting.Property[]{Setting.Property.NodeScope});
    }, new Setting.AffixSettingDependency[0]);
    private static final TimeValue DEFAULT_TIMEOUT = TimeValue.timeValueSeconds(5);
    public static final Setting.AffixSetting<TimeValue> HTTP_CONNECT_TIMEOUT = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "http.connect_timeout", str -> {
        return Setting.timeSetting(str, DEFAULT_TIMEOUT, new Setting.Property[]{Setting.Property.NodeScope});
    }, new Setting.AffixSettingDependency[0]);
    public static final Setting.AffixSetting<TimeValue> HTTP_CONNECTION_READ_TIMEOUT = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "http.connection_read_timeout", str -> {
        return Setting.timeSetting(str, DEFAULT_TIMEOUT, new Setting.Property[]{Setting.Property.NodeScope});
    }, new Setting.AffixSettingDependency[0]);
    public static final Setting.AffixSetting<TimeValue> HTTP_SOCKET_TIMEOUT = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "http.socket_timeout", str -> {
        return Setting.timeSetting(str, DEFAULT_TIMEOUT, new Setting.Property[]{Setting.Property.NodeScope});
    }, new Setting.AffixSettingDependency[0]);
    public static final Setting.AffixSetting<Integer> HTTP_MAX_CONNECTIONS = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "http.max_connections", str -> {
        return Setting.intSetting(str, 200, new Setting.Property[]{Setting.Property.NodeScope});
    }, new Setting.AffixSettingDependency[0]);
    public static final Setting.AffixSetting<Integer> HTTP_MAX_ENDPOINT_CONNECTIONS = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "http.max_endpoint_connections", str -> {
        return Setting.intSetting(str, 200, new Setting.Property[]{Setting.Property.NodeScope});
    }, new Setting.AffixSettingDependency[0]);
    public static final Setting.AffixSetting<Boolean> HTTP_TCP_KEEP_ALIVE = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "http.tcp.keep_alive", str -> {
        return Setting.boolSetting(str, true, new Setting.Property[]{Setting.Property.NodeScope});
    }, new Setting.AffixSettingDependency[0]);
    public static final Setting.AffixSetting<TimeValue> HTTP_CONNECTION_POOL_TTL = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "http.connection_pool_ttl", str -> {
        return Setting.timeSetting(str, new TimeValue(3L, TimeUnit.MINUTES), new Setting.Property[]{Setting.Property.NodeScope});
    }, new Setting.AffixSettingDependency[0]);
    public static final Setting.AffixSetting<String> HTTP_PROXY_HOST = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "http.proxy.host", str -> {
        return Setting.simpleString(str, new Setting.Validator<String>() { // from class: org.elasticsearch.xpack.core.security.authc.oidc.OpenIdConnectRealmSettings.1
            public void validate(String str) {
            }

            public void validate(String str, Map<Setting<?>, Object> map) {
                String namespace = OpenIdConnectRealmSettings.HTTP_PROXY_HOST.getNamespace(OpenIdConnectRealmSettings.HTTP_PROXY_HOST.getConcreteSetting(str));
                Setting concreteSettingForNamespace = OpenIdConnectRealmSettings.HTTP_PROXY_PORT.getConcreteSettingForNamespace(namespace);
                Integer num = (Integer) map.get(concreteSettingForNamespace);
                Setting concreteSettingForNamespace2 = OpenIdConnectRealmSettings.HTTP_PROXY_SCHEME.getConcreteSettingForNamespace(namespace);
                String str2 = (String) map.get(concreteSettingForNamespace2);
                try {
                    new HttpHost(str, num.intValue(), str2);
                } catch (Exception e) {
                    throw new IllegalArgumentException("HTTP host for hostname [" + str + "] (from [" + str + "]), port [" + num + "] (from [" + concreteSettingForNamespace.getKey() + "]) and scheme [" + str2 + "] (from ([" + concreteSettingForNamespace2.getKey() + "]) is invalid");
                }
            }

            public Iterator<Setting<?>> settings() {
                String namespace = OpenIdConnectRealmSettings.HTTP_PROXY_HOST.getNamespace(OpenIdConnectRealmSettings.HTTP_PROXY_HOST.getConcreteSetting(str));
                return List.of(OpenIdConnectRealmSettings.HTTP_PROXY_PORT.getConcreteSettingForNamespace(namespace), OpenIdConnectRealmSettings.HTTP_PROXY_SCHEME.getConcreteSettingForNamespace(namespace)).iterator();
            }

            public /* bridge */ /* synthetic */ void validate(Object obj, Map map) {
                validate((String) obj, (Map<Setting<?>, Object>) map);
            }
        }, new Setting.Property[]{Setting.Property.NodeScope});
    }, new Setting.AffixSettingDependency[0]);
    public static final Setting.AffixSetting<Integer> HTTP_PROXY_PORT = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "http.proxy.port", str -> {
        return Setting.intSetting(str, 80, 1, 65535, new Setting.Property[]{Setting.Property.NodeScope});
    }, new Setting.AffixSettingDependency[]{() -> {
        return HTTP_PROXY_HOST;
    }});
    public static final Setting.AffixSetting<String> HTTP_PROXY_SCHEME = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "http.proxy.scheme", str -> {
        return Setting.simpleString(str, "http", str -> {
            if (!str.equals("http") && !str.equals("https")) {
                throw new IllegalArgumentException("Invalid value [" + str + "] for [" + str + "]. Only `http` or `https` are allowed.");
            }
        }, new Setting.Property[]{Setting.Property.NodeScope});
    }, new Setting.AffixSettingDependency[0]);
    public static final ClaimSetting PRINCIPAL_CLAIM = new ClaimSetting(TYPE, "principal");
    public static final ClaimSetting GROUPS_CLAIM = new ClaimSetting(TYPE, GroupConfig.NAME);
    public static final ClaimSetting NAME_CLAIM = new ClaimSetting(TYPE, StreamingUnifiedChatCompletionResults.FUNCTION_NAME_FIELD);
    public static final ClaimSetting DN_CLAIM = new ClaimSetting(TYPE, "dn");
    public static final ClaimSetting MAIL_CLAIM = new ClaimSetting(TYPE, "mail");

    private OpenIdConnectRealmSettings() {
    }

    public static Set<Setting.AffixSetting<?>> getSettings() {
        HashSet newHashSet = Sets.newHashSet(new Setting.AffixSetting[]{RP_CLIENT_ID, RP_REDIRECT_URI, RP_RESPONSE_TYPE, RP_REQUESTED_SCOPES, RP_CLIENT_SECRET, RP_SIGNATURE_ALGORITHM, RP_POST_LOGOUT_REDIRECT_URI, RP_CLIENT_AUTH_METHOD, RP_CLIENT_AUTH_JWT_SIGNATURE_ALGORITHM, OP_AUTHORIZATION_ENDPOINT, OP_TOKEN_ENDPOINT, OP_USERINFO_ENDPOINT, OP_ENDSESSION_ENDPOINT, OP_ISSUER, OP_JWKSET_PATH, POPULATE_USER_METADATA, HTTP_CONNECT_TIMEOUT, HTTP_CONNECTION_READ_TIMEOUT, HTTP_SOCKET_TIMEOUT, HTTP_MAX_CONNECTIONS, HTTP_MAX_ENDPOINT_CONNECTIONS, HTTP_TCP_KEEP_ALIVE, HTTP_CONNECTION_POOL_TTL, HTTP_PROXY_HOST, HTTP_PROXY_PORT, HTTP_PROXY_SCHEME, ALLOWED_CLOCK_SKEW});
        newHashSet.addAll(DelegatedAuthorizationSettings.getSettings(TYPE));
        newHashSet.addAll(RealmSettings.getStandardSettings(TYPE));
        newHashSet.addAll(SSLConfigurationSettings.getRealmSettings(TYPE));
        newHashSet.addAll(PRINCIPAL_CLAIM.settings());
        newHashSet.addAll(GROUPS_CLAIM.settings());
        newHashSet.addAll(DN_CLAIM.settings());
        newHashSet.addAll(NAME_CLAIM.settings());
        newHashSet.addAll(MAIL_CLAIM.settings());
        return newHashSet;
    }
}
