package com.floragunn.searchguard.authc.session.backend;

import com.floragunn.codova.config.templates.Template;
import com.floragunn.codova.documents.DocNode;
import com.floragunn.codova.documents.Parser;
import com.floragunn.codova.documents.patch.PatchableDocument;
import com.floragunn.codova.validation.ConfigValidationException;
import com.floragunn.codova.validation.ValidatingDocNode;
import com.floragunn.codova.validation.ValidatingFunction;
import com.floragunn.codova.validation.ValidationErrors;
import com.floragunn.codova.validation.ValidationResult;
import com.floragunn.codova.validation.VariableResolvers;
import com.floragunn.codova.validation.errors.ValidationError;
import com.floragunn.searchguard.authc.LoginPrivileges;
import com.floragunn.searchguard.configuration.CType;
import com.floragunn.searchguard.configuration.ConfigurationRepository;
import com.floragunn.searchguard.configuration.variables.ConfigVarService;
import com.floragunn.searchguard.configuration.variables.ConfigVarServiceNotYetAvailableException;
import com.floragunn.searchguard.support.JoseParsers;
import com.floragunn.searchsupport.cstate.metrics.MetricsLevel;
import com.google.common.collect.ImmutableList;
import java.time.Duration;
import java.time.temporal.TemporalAmount;
import java.util.List;
import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;

/* loaded from: input_file:com/floragunn/searchguard/authc/session/backend/SessionServiceConfig.class */
public class SessionServiceConfig implements PatchableDocument<SessionServiceConfig> {
    public static CType<SessionServiceConfig> TYPE = new CType<>("sessions", "Sessions", 10011, SessionServiceConfig.class, (v0, v1) -> {
        return parse(v0, v1);
    }, CType.Storage.OPTIONAL, CType.Arity.SINGLE);
    static final String SIGNING_KEY_SECRET = "sessions_signing_key";
    private boolean enabled;
    private JsonWebKey jwtSigningKey;
    private JsonWebKey jwtEncryptionKey;
    private TemporalAmount maxValidity;
    private Duration inactivityTimeout = Duration.ofHours(1);
    private int maxSessionsPerUser = 1000;
    private List<String> requiredLoginPrivileges;
    private DocNode source;
    private boolean refreshSessionActivityIndex;
    private Template<String> jwtAudience;
    private MetricsLevel metricsLevel;

    public boolean isEnabled() {
        return this.enabled;
    }

    public JsonWebKey getJwtSigningKey() {
        return this.jwtSigningKey;
    }

    public JsonWebKey getJwtEncryptionKey() {
        return this.jwtEncryptionKey;
    }

    public TemporalAmount getMaxValidity() {
        return this.maxValidity;
    }

    public void setEnabled(boolean z) {
        this.enabled = z;
    }

    public void setJwtSigningKey(JsonWebKey jsonWebKey) {
        this.jwtSigningKey = jsonWebKey;
    }

    public void setJwtEncryptionKey(JsonWebKey jsonWebKey) {
        this.jwtEncryptionKey = jsonWebKey;
    }

    public void setMaxValidity(TemporalAmount temporalAmount) {
        this.maxValidity = temporalAmount;
    }

    public static SessionServiceConfig getDefault(ConfigVarService configVarService) throws ConfigValidationException {
        try {
            SessionServiceConfig sessionServiceConfig = new SessionServiceConfig();
            String asString = configVarService.getAsString(SIGNING_KEY_SECRET);
            if (asString == null) {
                return null;
            }
            sessionServiceConfig.enabled = true;
            sessionServiceConfig.requiredLoginPrivileges = ImmutableList.of(LoginPrivileges.SESSION);
            sessionServiceConfig.jwtSigningKey = JoseParsers.parseJwkHs512SigningKey(asString);
            sessionServiceConfig.jwtAudience = new Template<>("sg_session_${cluster.name}", str -> {
                return str;
            });
            sessionServiceConfig.source = DocNode.EMPTY;
            sessionServiceConfig.metricsLevel = MetricsLevel.BASIC;
            return sessionServiceConfig;
        } catch (ConfigVarServiceNotYetAvailableException e) {
            return null;
        }
    }

    public static ValidationResult<SessionServiceConfig> parse(DocNode docNode, Parser.Context context) {
        ValidationErrors validationErrors = new ValidationErrors();
        ValidatingDocNode validatingDocNode = new ValidatingDocNode(docNode, validationErrors, context);
        VariableResolvers variableResolvers = context.variableResolvers();
        SessionServiceConfig sessionServiceConfig = new SessionServiceConfig();
        sessionServiceConfig.enabled = validatingDocNode.get("enabled").withDefault(true).asBoolean();
        sessionServiceConfig.metricsLevel = validatingDocNode.get("metrics").withDefault(MetricsLevel.BASIC).asEnum(MetricsLevel.class);
        if (sessionServiceConfig.enabled) {
            if (validatingDocNode.hasNonNull("jwt_signing_key")) {
                sessionServiceConfig.jwtSigningKey = (JsonWebKey) ((ValidatingDocNode.Attribute) validatingDocNode.get("jwt_signing_key").expected("JSON Web Key")).byString(JoseParsers::parseJwkSigningKey);
            } else if (validatingDocNode.hasNonNull("jwt_signing_key_hs512")) {
                sessionServiceConfig.jwtSigningKey = (JsonWebKey) validatingDocNode.get("jwt_signing_key_hs512").byString(JoseParsers::parseJwkHs512SigningKey);
            } else {
                try {
                    Object apply = ((ValidatingFunction) variableResolvers.toMap().get("var")).apply(SIGNING_KEY_SECRET);
                    if (!(apply instanceof String)) {
                        throw new ConfigValidationException(new ValidationError("jwt_signing_key_hs512", "Unexpected variable value for sessions_signing_key"));
                    }
                    sessionServiceConfig.jwtSigningKey = JoseParsers.parseJwkHs512SigningKey((String) apply);
                } catch (ConfigValidationException e) {
                    validationErrors.add((String) null, e);
                } catch (Exception e2) {
                    validationErrors.add(new ValidationError((String) null, e2.getMessage()).cause(e2));
                }
            }
            if (validatingDocNode.hasNonNull("jwt_encryption_key")) {
                sessionServiceConfig.jwtEncryptionKey = (JsonWebKey) ((ValidatingDocNode.Attribute) validatingDocNode.get("jwt_encryption_key").expected("JSON Web Key")).byString(JoseParsers::parseJwkEcryptionKey);
            } else if (validatingDocNode.hasNonNull("jwt_encryption_key_a256kw")) {
                sessionServiceConfig.jwtEncryptionKey = (JsonWebKey) validatingDocNode.get("jwt_encryption_key_a256kw").byString(JoseParsers::parseJwkA256kwEncryptionKey);
            }
            sessionServiceConfig.jwtAudience = validatingDocNode.get("jwt_audience").withDefault("sg_session_${cluster.name}").asTemplate();
            sessionServiceConfig.maxValidity = validatingDocNode.get("max_validity").asTemporalAmount();
            sessionServiceConfig.inactivityTimeout = validatingDocNode.get("inactivity_timeout").withDefault(Duration.ofHours(1L)).asDuration();
            sessionServiceConfig.maxSessionsPerUser = validatingDocNode.get("max_sessions_per_user").withDefault(1000).asInt();
            sessionServiceConfig.requiredLoginPrivileges = validatingDocNode.get("required_login_privileges").withListDefault(new String[]{LoginPrivileges.SESSION}).ofStrings();
            sessionServiceConfig.refreshSessionActivityIndex = validatingDocNode.get("refresh_session_activity_index").withDefault(false).asBoolean();
        }
        sessionServiceConfig.source = docNode;
        return !validationErrors.hasErrors() ? new ValidationResult<>(sessionServiceConfig) : new ValidationResult<>(validationErrors);
    }

    public int getMaxSessionsPerUser() {
        return this.maxSessionsPerUser;
    }

    public void setMaxSessionsPerUser(int i) {
        this.maxSessionsPerUser = i;
    }

    public Duration getInactivityTimeout() {
        return this.inactivityTimeout;
    }

    public void setInactivityTimeout(Duration duration) {
        this.inactivityTimeout = duration;
    }

    public List<String> getRequiredLoginPrivileges() {
        return this.requiredLoginPrivileges;
    }

    public void setRequiredLoginPrivileges(List<String> list) {
        this.requiredLoginPrivileges = list;
    }

    public Object toBasicObject() {
        return this.source;
    }

    public boolean isRefreshSessionActivityIndex() {
        return this.refreshSessionActivityIndex;
    }

    public void setRefreshSessionActivityIndex(boolean z) {
        this.refreshSessionActivityIndex = z;
    }

    public Template<String> getJwtAudience() {
        return this.jwtAudience;
    }

    public void setJwtAudience(Template<String> template) {
        this.jwtAudience = template;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public MetricsLevel getMetricsLevel() {
        return this.metricsLevel;
    }

    /* renamed from: parseI, reason: merged with bridge method [inline-methods] */
    public SessionServiceConfig m100parseI(DocNode docNode, Parser.Context context) throws ConfigValidationException {
        return (SessionServiceConfig) parse(docNode, (ConfigurationRepository.Context) context).get();
    }
}
