package io.streamthoughts.azkarra.http.security;

import io.streamthoughts.azkarra.api.config.Conf;
import io.streamthoughts.azkarra.api.config.ConfBuilder;
import io.streamthoughts.azkarra.api.config.Configurable;
import io.streamthoughts.azkarra.http.security.auth.AzkarraPrincipalBuilder;
import io.streamthoughts.azkarra.http.security.auth.UsersIdentityManager;
import io.streamthoughts.azkarra.http.security.authorizer.AuthorizationManager;
import io.streamthoughts.azkarra.http.security.authorizer.SimpleAuthorizationManager;
import java.util.Objects;

/* loaded from: input_file:io/streamthoughts/azkarra/http/security/SecurityConfig.class */
public class SecurityConfig {
    public static final String REST_AUTHENTICATION_MECHANISM_CONFIG = "rest.authentication.mechanism";
    public static final String REST_AUTHENTICATION_USERS_CONFIG = "rest.authentication.users";
    public static final String REST_AUTHENTICATION_BASIC_SILENT_CONFIG = "rest.authentication.basic.silent";
    public static final String HTTP_AUTH_PRINCIPAL_BUILDER_CLASS_CONFIG = "principal.builder.class";
    public static final String HTTP_AUTH_USER_IDENTITY_MANAGER_CLASS_CONFIG = "users.identity.manager.class";
    public static final String HTTP_RESTRICTED_ROLES_CONFIG = "auth.restricted.roles";
    public static final String HTTP_HEADLESS_CONFIG = "headless";
    public static final String SSL_ENABLE = "ssl.enable";
    public static final String SSL_IGNORE_HOSTNAME_VERIFICATION = "ssl.ignore.hostname.verification";
    public static final String SSL_TRUSTSTORE_LOCATION = "ssl.truststore.location";
    public static final String SSL_TRUSTSTORE_PASSWORD = "ssl.truststore.password";
    public static final String SSL_KEYSTORE_LOCATION = "ssl.keystore.location";
    public static final String SSL_KEYSTORE_PASSWORD = "ssl.keystore.password";
    public static final String SSL_KEY_PASSWORD_CONFIG = "ssl.key.password";
    private final Conf conf;
    public static final String HTTP_AUTHORIZATION_MANAGER_CLASS_CONFIG = "authorization.manager.class";
    public static final String REST_AUTHENTICATION_ROLES_CONFIG = "rest.authentication.roles";
    public static final String REST_AUTHENTICATION_REALM_CONFIG = "rest.authentication.realm";
    public static final String SSL_KEYSTORE_TYPE = "ssl.keystore.type";
    public static final String SSL_TRUSTSTORE_TYPE = "ssl.truststore.type";
    private static final Conf DEFAULT_CONF = ConfBuilder.newConf().with(HTTP_AUTHORIZATION_MANAGER_CLASS_CONFIG, SimpleAuthorizationManager.class.getName()).with(REST_AUTHENTICATION_ROLES_CONFIG, "*").with(REST_AUTHENTICATION_REALM_CONFIG, "AzkarraServer").with(SSL_KEYSTORE_TYPE, "PKCS12").with(SSL_TRUSTSTORE_TYPE, "PKCS12").build();

    public SecurityConfig(Conf conf) {
        Objects.requireNonNull(conf, "conf cannot be null");
        this.conf = conf.withFallback(DEFAULT_CONF);
    }

    public boolean isHostnameVerificationIgnored() {
        return ((Boolean) this.conf.getOptionalBoolean(SSL_IGNORE_HOSTNAME_VERIFICATION).orElse(false)).booleanValue();
    }

    public boolean isBasicAuthenticationSilent() {
        return ((Boolean) this.conf.getOptionalBoolean(REST_AUTHENTICATION_BASIC_SILENT_CONFIG).orElse(false)).booleanValue();
    }

    public String getAuthenticationMechanism() {
        return (String) this.conf.getOptionalString(REST_AUTHENTICATION_MECHANISM_CONFIG).orElse(null);
    }

    public String getAuthenticationUsers() {
        return (String) this.conf.getOptionalString(REST_AUTHENTICATION_USERS_CONFIG).orElse("");
    }

    public AuthorizationManager getAuthorizationManager() {
        AuthorizationManager authorizationManager = (AuthorizationManager) this.conf.getClass(HTTP_AUTHORIZATION_MANAGER_CLASS_CONFIG, AuthorizationManager.class);
        Configurable.mayConfigure(authorizationManager, this.conf);
        return authorizationManager;
    }

    public UsersIdentityManager getUserIdentityManager() {
        if (!this.conf.hasPath(HTTP_AUTH_USER_IDENTITY_MANAGER_CLASS_CONFIG)) {
            return null;
        }
        UsersIdentityManager usersIdentityManager = (UsersIdentityManager) this.conf.getClass(HTTP_AUTH_USER_IDENTITY_MANAGER_CLASS_CONFIG, UsersIdentityManager.class);
        Configurable.mayConfigure(usersIdentityManager, this.conf);
        return usersIdentityManager;
    }

    public AzkarraPrincipalBuilder getAuthenticationPrincipalBuilder() {
        if (!this.conf.hasPath(HTTP_AUTH_PRINCIPAL_BUILDER_CLASS_CONFIG)) {
            return null;
        }
        AzkarraPrincipalBuilder azkarraPrincipalBuilder = (AzkarraPrincipalBuilder) this.conf.getClass(HTTP_AUTH_PRINCIPAL_BUILDER_CLASS_CONFIG, AzkarraPrincipalBuilder.class);
        Configurable.mayConfigure(azkarraPrincipalBuilder, this.conf);
        return azkarraPrincipalBuilder;
    }

    public String getAuthenticationRealm() {
        return this.conf.getString(REST_AUTHENTICATION_REALM_CONFIG);
    }

    public String getAuthenticationRoles() {
        return this.conf.getString(REST_AUTHENTICATION_ROLES_CONFIG);
    }

    public String getAuthenticationRestricted() {
        return (String) this.conf.getOptionalString(HTTP_RESTRICTED_ROLES_CONFIG).orElse("");
    }

    public boolean isHeadless() {
        return ((Boolean) this.conf.getOptionalBoolean(HTTP_HEADLESS_CONFIG).orElse(false)).booleanValue();
    }

    public boolean isRestAuthenticationEnable() {
        return this.conf.hasPath(REST_AUTHENTICATION_MECHANISM_CONFIG);
    }

    public boolean isSslEnable() {
        return ((Boolean) this.conf.getOptionalBoolean(SSL_ENABLE).orElse(false)).booleanValue();
    }

    public String getKeystoreLocation() {
        return this.conf.getString(SSL_KEYSTORE_LOCATION);
    }

    public char[] getKeystorePassword() {
        return this.conf.getString(SSL_KEYSTORE_PASSWORD).toCharArray();
    }

    public String getKeystoreType() {
        return this.conf.getString(SSL_KEYSTORE_TYPE);
    }

    public char[] getKeyPassword() {
        return (char[]) this.conf.getOptionalString(SSL_KEY_PASSWORD_CONFIG).stream().map((v0) -> {
            return v0.toCharArray();
        }).findFirst().orElse(getKeystorePassword());
    }

    public String getTrustStoreLocation() {
        return (String) this.conf.getOptionalString(SSL_TRUSTSTORE_LOCATION).orElse(null);
    }

    public char[] getTruststorePassword() {
        return (char[]) this.conf.getOptionalString(SSL_TRUSTSTORE_PASSWORD).stream().map((v0) -> {
            return v0.toCharArray();
        }).findFirst().orElse(null);
    }

    public String getTruststoreType() {
        return this.conf.getString(SSL_TRUSTSTORE_TYPE);
    }
}
