package org.elasticsearch.xpack.core.security.authc.saml;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.elasticsearch.common.settings.Setting;
import org.elasticsearch.common.settings.SettingsException;
import org.elasticsearch.common.util.set.Sets;
import org.elasticsearch.core.TimeValue;
import org.elasticsearch.xpack.core.rollup.job.GroupConfig;
import org.elasticsearch.xpack.core.security.authc.RealmConfig;
import org.elasticsearch.xpack.core.security.authc.RealmSettings;
import org.elasticsearch.xpack.core.security.authc.support.DelegatedAuthorizationSettings;
import org.elasticsearch.xpack.core.security.authc.support.SecuritySettingsUtil;
import org.elasticsearch.xpack.core.ssl.SSLConfigurationSettings;
import org.elasticsearch.xpack.core.ssl.X509KeyPairSettings;

/* loaded from: input_file:org/elasticsearch/xpack/core/security/authc/saml/SamlRealmSettings.class */
public class SamlRealmSettings {
    private static final String IDP_METADATA_SETTING_PREFIX = "idp.metadata.";
    public static final String ENCRYPTION_SETTING_KEY = "encryption.";
    public static final String SIGNING_SETTING_KEY = "signing.";
    public static final String SSL_PREFIX = "ssl.";
    public static final String TYPE = "saml";
    public static final Setting.AffixSetting<String> IDP_ENTITY_ID = RealmSettings.simpleString(TYPE, "idp.entity_id", Setting.Property.NodeScope);
    public static final Setting.AffixSetting<String> IDP_METADATA_PATH = RealmSettings.simpleString(TYPE, "idp.metadata.path", Setting.Property.NodeScope);
    public static final Setting.AffixSetting<TimeValue> IDP_METADATA_HTTP_REFRESH = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "idp.metadata.http.refresh", str -> {
        return Setting.timeSetting(str, TimeValue.timeValueHours(1L), new Setting.Property[]{Setting.Property.NodeScope});
    }, new Setting.AffixSettingDependency[0]);
    public static final Setting.AffixSetting<TimeValue> IDP_METADATA_HTTP_MIN_REFRESH = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "idp.metadata.http.minimum_refresh", str -> {
        return Setting.timeSetting(str, TimeValue.timeValueMinutes(5L), TimeValue.timeValueMillis(500L), new Setting.Property[]{Setting.Property.NodeScope});
    }, new Setting.AffixSettingDependency[0]);
    public static final Setting.AffixSetting<Boolean> IDP_METADATA_HTTP_FAIL_ON_ERROR = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "idp.metadata.http.fail_on_error", str -> {
        return Setting.boolSetting(str, false, new Setting.Property[]{Setting.Property.NodeScope});
    }, new Setting.AffixSettingDependency[0]);
    public static final Setting.AffixSetting<Boolean> IDP_SINGLE_LOGOUT = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "idp.use_single_logout", str -> {
        return Setting.boolSetting(str, true, new Setting.Property[]{Setting.Property.NodeScope});
    }, new Setting.AffixSettingDependency[0]);
    public static final Setting.AffixSetting<String> SP_ENTITY_ID = RealmSettings.simpleString(TYPE, "sp.entity_id", Setting.Property.NodeScope);
    public static final Setting.AffixSetting<String> SP_ACS = RealmSettings.simpleString(TYPE, "sp.acs", Setting.Property.NodeScope);
    public static final Setting.AffixSetting<String> SP_LOGOUT = RealmSettings.simpleString(TYPE, "sp.logout", Setting.Property.NodeScope);
    public static final Setting.AffixSetting<String> NAMEID_FORMAT = RealmSettings.simpleString(TYPE, "nameid_format", Setting.Property.NodeScope);
    public static final Setting.AffixSetting<Boolean> NAMEID_ALLOW_CREATE = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "nameid.allow_create", str -> {
        return Setting.boolSetting(str, false, new Setting.Property[]{Setting.Property.NodeScope});
    }, new Setting.AffixSettingDependency[0]);
    public static final Setting.AffixSetting<String> NAMEID_SP_QUALIFIER = RealmSettings.simpleString(TYPE, "nameid.sp_qualifier", Setting.Property.NodeScope);
    public static final Setting.AffixSetting<Boolean> FORCE_AUTHN = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "force_authn", str -> {
        return Setting.boolSetting(str, false, new Setting.Property[]{Setting.Property.NodeScope});
    }, new Setting.AffixSettingDependency[0]);
    public static final Setting.AffixSetting<Boolean> POPULATE_USER_METADATA = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "populate_user_metadata", str -> {
        return Setting.boolSetting(str, true, new Setting.Property[]{Setting.Property.NodeScope});
    }, new Setting.AffixSettingDependency[0]);
    public static final AttributeSetting PRINCIPAL_ATTRIBUTE = new AttributeSetting("principal");
    public static final AttributeSettingWithDelimiter GROUPS_ATTRIBUTE = new AttributeSettingWithDelimiter(GroupConfig.NAME);
    public static final AttributeSetting DN_ATTRIBUTE = new AttributeSetting("dn");
    public static final AttributeSetting NAME_ATTRIBUTE = new AttributeSetting("name");
    public static final AttributeSetting MAIL_ATTRIBUTE = new AttributeSetting("mail");
    public static final Setting.AffixSetting<String> ENCRYPTION_KEY_ALIAS = RealmSettings.simpleString(TYPE, "encryption.keystore.alias", Setting.Property.NodeScope);
    public static final Setting.AffixSetting<String> SIGNING_KEY_ALIAS = RealmSettings.simpleString(TYPE, "signing.keystore.alias", Setting.Property.NodeScope);
    public static final Setting.AffixSetting<List<String>> SIGNING_MESSAGE_TYPES = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "signing.saml_messages", str -> {
        return Setting.stringListSetting(str, List.of("*"), new Setting.Property[]{Setting.Property.NodeScope});
    }, new Setting.AffixSettingDependency[0]);
    public static final Setting.AffixSetting<List<String>> REQUESTED_AUTHN_CONTEXT_CLASS_REF = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "req_authn_context_class_ref", str -> {
        return Setting.stringListSetting(str, new Setting.Property[]{Setting.Property.NodeScope});
    }, new Setting.AffixSettingDependency[0]);
    public static final Setting.AffixSetting<TimeValue> CLOCK_SKEW = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "allowed_clock_skew", str -> {
        return Setting.positiveTimeSetting(str, TimeValue.timeValueMinutes(3L), new Setting.Property[]{Setting.Property.NodeScope});
    }, new Setting.AffixSettingDependency[0]);
    public static final Setting.AffixSetting<List<String>> EXCLUDE_ROLES = Setting.affixKeySetting(RealmSettings.realmSettingPrefix(TYPE), "exclude_roles", str -> {
        return Setting.stringListSetting(str, new Setting.Validator<List<String>>() { // from class: org.elasticsearch.xpack.core.security.authc.saml.SamlRealmSettings.1
            public void validate(List<String> list) {
                String str = str;
                list.forEach(str2 -> {
                    SecuritySettingsUtil.verifyNonNullNotEmpty(str, str2);
                });
            }

            public void validate(List<String> list, Map<Setting<?>, Object> map) {
                if (false == list.isEmpty()) {
                    String namespace = SamlRealmSettings.EXCLUDE_ROLES.getNamespace(SamlRealmSettings.EXCLUDE_ROLES.getConcreteSetting(str));
                    Setting concreteSettingForNamespace = DelegatedAuthorizationSettings.AUTHZ_REALMS.apply(SamlRealmSettings.TYPE).getConcreteSettingForNamespace(namespace);
                    List list2 = (List) map.get(concreteSettingForNamespace);
                    if (list2 != null && false == list2.isEmpty()) {
                        throw new SettingsException("Setting [" + SamlRealmSettings.EXCLUDE_ROLES.getConcreteSettingForNamespace(namespace).getKey() + "] is not permitted when setting [" + concreteSettingForNamespace.getKey() + "] is configured.");
                    }
                }
            }

            public Iterator<Setting<?>> settings() {
                return List.of(DelegatedAuthorizationSettings.AUTHZ_REALMS.apply(SamlRealmSettings.TYPE).getConcreteSettingForNamespace(SamlRealmSettings.EXCLUDE_ROLES.getNamespace(SamlRealmSettings.EXCLUDE_ROLES.getConcreteSetting(str)))).iterator();
            }

            public /* bridge */ /* synthetic */ void validate(Object obj, Map map) {
                validate((List<String>) obj, (Map<Setting<?>, Object>) map);
            }
        }, new Setting.Property[]{Setting.Property.NodeScope});
    }, new Setting.AffixSettingDependency[0]);

    /* loaded from: input_file:org/elasticsearch/xpack/core/security/authc/saml/SamlRealmSettings$AttributeSetting.class */
    public static final class AttributeSetting {
        public static final String ATTRIBUTES_PREFIX = "attributes.";
        public static final String ATTRIBUTE_PATTERNS_PREFIX = "attribute_patterns.";
        private final Setting.AffixSetting<String> attribute;
        private final Setting.AffixSetting<String> pattern;

        public AttributeSetting(String str) {
            this.attribute = RealmSettings.simpleString(SamlRealmSettings.TYPE, "attributes." + str, Setting.Property.NodeScope);
            this.pattern = RealmSettings.simpleString(SamlRealmSettings.TYPE, "attribute_patterns." + str, Setting.Property.NodeScope);
        }

        public Collection<Setting.AffixSetting<?>> settings() {
            return Arrays.asList(getAttribute(), getPattern());
        }

        public String name(RealmConfig realmConfig) {
            return getAttribute().getConcreteSettingForNamespace(realmConfig.name()).getKey();
        }

        public Setting.AffixSetting<String> getAttribute() {
            return this.attribute;
        }

        public Setting.AffixSetting<String> getPattern() {
            return this.pattern;
        }
    }

    /* loaded from: input_file:org/elasticsearch/xpack/core/security/authc/saml/SamlRealmSettings$AttributeSettingWithDelimiter.class */
    public static final class AttributeSettingWithDelimiter {
        public static final String ATTRIBUTE_DELIMITERS_PREFIX = "attribute_delimiters.";
        private final Setting.AffixSetting<String> delimiter;
        private final AttributeSetting attributeSetting;

        public AttributeSetting getAttributeSetting() {
            return this.attributeSetting;
        }

        public AttributeSettingWithDelimiter(String str) {
            this.attributeSetting = new AttributeSetting(str);
            this.delimiter = RealmSettings.simpleString(SamlRealmSettings.TYPE, "attribute_delimiters." + str, Setting.Property.NodeScope);
        }

        public Setting.AffixSetting<String> getDelimiter() {
            return this.delimiter;
        }

        public Collection<Setting.AffixSetting<?>> settings() {
            ArrayList arrayList = new ArrayList(this.attributeSetting.settings());
            arrayList.add(getDelimiter());
            return arrayList;
        }
    }

    private SamlRealmSettings() {
    }

    public static Set<Setting.AffixSetting<?>> getSettings() {
        HashSet newHashSet = Sets.newHashSet(new Setting.AffixSetting[]{IDP_ENTITY_ID, IDP_METADATA_PATH, IDP_METADATA_HTTP_REFRESH, IDP_METADATA_HTTP_MIN_REFRESH, IDP_METADATA_HTTP_FAIL_ON_ERROR, IDP_SINGLE_LOGOUT, SP_ENTITY_ID, SP_ACS, SP_LOGOUT, NAMEID_FORMAT, NAMEID_ALLOW_CREATE, NAMEID_SP_QUALIFIER, FORCE_AUTHN, POPULATE_USER_METADATA, CLOCK_SKEW, ENCRYPTION_KEY_ALIAS, SIGNING_KEY_ALIAS, SIGNING_MESSAGE_TYPES, REQUESTED_AUTHN_CONTEXT_CLASS_REF});
        newHashSet.addAll(X509KeyPairSettings.affix(RealmSettings.realmSettingPrefix(TYPE), ENCRYPTION_SETTING_KEY, false));
        newHashSet.addAll(X509KeyPairSettings.affix(RealmSettings.realmSettingPrefix(TYPE), SIGNING_SETTING_KEY, false));
        newHashSet.addAll(SSLConfigurationSettings.getRealmSettings(TYPE));
        newHashSet.addAll(PRINCIPAL_ATTRIBUTE.settings());
        newHashSet.addAll(GROUPS_ATTRIBUTE.settings());
        newHashSet.addAll(DN_ATTRIBUTE.settings());
        newHashSet.addAll(NAME_ATTRIBUTE.settings());
        newHashSet.addAll(MAIL_ATTRIBUTE.settings());
        newHashSet.addAll(DelegatedAuthorizationSettings.getSettings(TYPE));
        newHashSet.addAll(RealmSettings.getStandardSettings(TYPE));
        return newHashSet;
    }
}
