package org.neo4j.server.security.enterprise.auth;

import java.util.List;
import org.neo4j.graphdb.config.Setting;
import org.neo4j.graphdb.factory.Description;
import org.neo4j.kernel.configuration.Settings;

@Description("Security configuration settings")
/* loaded from: input_file:org/neo4j/server/security/enterprise/auth/SecuritySettings.class */
public class SecuritySettings {

    @Description("Enable authentication via internal authentication provider.")
    public static final Setting<Boolean> internal_authentication_enabled = Settings.setting("dbms.security.realms.internal.authentication_enabled", Settings.BOOLEAN, "true");

    @Description("Enable authorization via internal authorization provider.")
    public static final Setting<Boolean> internal_authorization_enabled = Settings.setting("dbms.security.realms.internal.authorization_enabled", Settings.BOOLEAN, "true");

    @Description("Enable authentication via settings configurable LDAP authentication realm.")
    public static final Setting<Boolean> ldap_authentication_enabled = Settings.setting("dbms.security.realms.ldap.authentication_enabled", Settings.BOOLEAN, "false");

    @Description("Enable authotization via settings configurable LDAP authorization realm.")
    public static final Setting<Boolean> ldap_authorization_enabled = Settings.setting("dbms.security.realms.ldap.authorization_enabled", Settings.BOOLEAN, "false");

    @Description("Enable authentication via plugin authentication realms.")
    public static final Setting<Boolean> plugin_authentication_enabled = Settings.setting("dbms.security.realms.plugin.authentication_enabled", Settings.BOOLEAN, "false");

    @Description("Enable authotization via plugin authorization realms.")
    public static final Setting<Boolean> plugin_authorization_enabled = Settings.setting("dbms.security.realms.plugin.authorization_enabled", Settings.BOOLEAN, "false");

    @Description("URL of LDAP server (with protocol, hostname and port) to use for authentication and authorization. If no protocol is specified the default will be 'ldap://'. To use LDAPS, set the protocol and port, e.g. 'ldaps://ldap.example.com:636'")
    public static final Setting<String> ldap_server = Settings.setting("dbms.security.realms.ldap.host", Settings.STRING, "0.0.0.0:389");

    @Description("Use secure communication with the LDAP server using opportunistic TLS. First an initial insecure connection will be made with the LDAP server and a STARTTLS command will be issued to negotiate an upgrade of the connection to TLS before initiating authentication.")
    public static final Setting<Boolean> ldap_use_starttls = Settings.setting("dbms.security.realms.ldap.use_starttls", Settings.BOOLEAN, "false");

    @Description("LDAP authentication mechanism. This is one of `simple` or a SASL mechanism supported by JNDI, e.g. `DIGEST-MD5`. `simple` is basic username and password authentication and SASL is used for more advanced mechanisms. See RFC 2251 LDAPv3 documentation for more details.")
    public static final Setting<String> ldap_auth_mechanism = Settings.setting("dbms.security.realms.ldap.auth_mechanism", Settings.STRING, "simple");

    @Description("The LDAP referral behavior when creating a connection. This is one of `follow`, `ignore` or `throw`.\n* `follow` automatically follows any referrals\n* `ignore` ignores any referrals\n* `throw` throws a `javax.naming.ReferralException` exception, which will lead to authentication failure\n")
    public static final Setting<String> ldap_referral = Settings.setting("dbms.security.realms.ldap.referral", Settings.STRING, "follow");

    @Description("LDAP user DN template. An LDAP object is referenced by its distinguished name (DN), and a user DN is an LDAP fully-qualified unique user identifier. This setting is used to generate an LDAP DN that conforms with the LDAP directory's schema from the user principal that is submitted with the authentication token when logging in. The special token {0} is a placeholder where the user principal will be substituted into the DN string.")
    public static final Setting<String> ldap_user_dn_template = Settings.setting("dbms.security.realms.ldap.user_dn_template", Settings.STRING, "uid={0},ou=users,dc=example,dc=com");

    @Description("Perform LDAP search for authorization info using a system account.")
    public static final Setting<Boolean> ldap_authorization_use_system_account = Settings.setting("dbms.security.realms.ldap.authorization.use_system_account", Settings.BOOLEAN, "false");

    @Description("An LDAP system account username to use for authorization searches when `dbms.security.realms.ldap.authorization.use_system_account` is `true`. Note that the `dbms.security.realms.ldap.user_dn_template` will not be applied to this username, so you may have to specify a full DN.")
    public static final Setting<String> ldap_system_username = Settings.setting("dbms.security.realms.ldap.system_username", Settings.STRING, Settings.NO_DEFAULT);

    @Description("An LDAP system account password to use for authorization searches when `dbms.security.realms.ldap.authorization.use_system_account` is `true`.")
    public static final Setting<String> ldap_system_password = Settings.setting("dbms.security.realms.ldap.system_password", Settings.STRING, Settings.NO_DEFAULT);

    @Description("The name of the base object or named context to search for user objects when LDAP authorization is enabled.")
    public static Setting<String> ldap_authorization_user_search_base = Settings.setting("dbms.security.realms.ldap.authorization.user_search_base", Settings.STRING, Settings.NO_DEFAULT);

    @Description("The LDAP search filter to search for a user principal when LDAP authorization is enabled. The filter should contain the placeholder token {0} which will be substituted for the user principal.")
    public static Setting<String> ldap_authorization_user_search_filter = Settings.setting("dbms.security.realms.ldap.authorization.user_search_filter", Settings.STRING, "(&(objectClass=*)(uid={0}))");

    @Description("A list of attribute names on a user object that contains groups to be used for mapping to roles when LDAP authorization is enabled.")
    public static Setting<List<String>> ldap_authorization_group_membership_attribute_names = Settings.setting("dbms.security.realms.ldap.authorization.group_membership_attributes", Settings.STRING_LIST, "memberOf");

    @Description("An authorization mapping from LDAP group names to internal role names. The map should be formatted as semicolon separated list of key-value pairs, where the key is the LDAP group name and the value is a comma separated list of corresponding role names. E.g. group1=role1;group2=role2;group3=role3,role4,role5")
    public static Setting<String> ldap_authorization_group_to_role_mapping = Settings.setting("dbms.security.realms.ldap.authorization.group_to_role_mapping", Settings.STRING, Settings.NO_DEFAULT);

    @Description("The time to live (TTL) for cached authentication and authorization info. Setting the TTL to 0 will disable auth caching.")
    public static Setting<Long> auth_cache_ttl = Settings.setting("dbms.security.realms.auth_cache_ttl", Settings.DURATION, "10m");

    @Description("The maximum capacity for authentication and authorization caches (respectively).")
    public static Setting<Integer> auth_cache_max_capacity = Settings.setting("dbms.security.realms.auth_cache_max_capacity", Settings.INTEGER, "10000");
}
