package org.neo4j.kernel.configuration.ssl;

import java.io.File;
import java.util.Arrays;
import java.util.List;
import org.neo4j.configuration.Description;
import org.neo4j.configuration.Internal;
import org.neo4j.configuration.LoadableConfig;
import org.neo4j.graphdb.config.Setting;
import org.neo4j.kernel.configuration.Group;
import org.neo4j.kernel.configuration.GroupSettingSupport;
import org.neo4j.kernel.configuration.Settings;
import org.neo4j.ssl.ClientAuth;

@Group("dbms.ssl.policy")
/* loaded from: input_file:org/neo4j/kernel/configuration/ssl/SslPolicyConfig.class */
public class SslPolicyConfig implements LoadableConfig {
    public static final List<String> TLS_VERSION_DEFAULTS = Arrays.asList("TLSv1.2");
    public static final List<String> CIPHER_SUITES_DEFAULTS = null;

    @Description("The mandatory base directory for cryptographic objects of this policy. It is also possible to override each individual configuration with absolute paths.")
    public final Setting<File> base_directory;

    @Description("Allows the generation of a private key and associated self-signed certificate. Only performed when both objects cannot be found.")
    public final Setting<Boolean> allow_key_generation;

    @Description("Makes this policy trust all remote parties. Enabling this is not recommended and the trusted directory will be ignored.")
    public final Setting<Boolean> trust_all;

    @Description("Private PKCS#8 key in PEM format.")
    public final Setting<File> private_key;

    @Description("The password for the private key.")
    @Internal
    public final Setting<String> private_key_password;

    @Description("X.509 certificate (chain) of this server in PEM format.")
    public final Setting<File> public_certificate;

    @Description("Path to directory of X.509 certificates in PEM format for trusted parties.")
    public final Setting<File> trusted_dir;

    @Description("Path to directory of CRLs (Certificate Revocation Lists) in PEM format.")
    public final Setting<File> revoked_dir;

    @Description("Client authentication stance.")
    public final Setting<ClientAuth> client_auth;

    @Description("Restrict allowed TLS protocol versions.")
    public final Setting<List<String>> tls_versions;

    @Description("Restrict allowed ciphers.")
    public final Setting<List<String>> ciphers;

    public SslPolicyConfig() {
        this("<policyname>");
    }

    public SslPolicyConfig(String str) {
        GroupSettingSupport groupSettingSupport = new GroupSettingSupport((Class<?>) SslPolicyConfig.class, str);
        this.base_directory = groupSettingSupport.scope(Settings.pathSetting("base_directory", Settings.NO_DEFAULT));
        this.allow_key_generation = groupSettingSupport.scope(Settings.setting("allow_key_generation", Settings.BOOLEAN, Settings.FALSE));
        this.trust_all = groupSettingSupport.scope(Settings.setting("trust_all", Settings.BOOLEAN, Settings.FALSE));
        this.private_key = groupSettingSupport.scope(derivedDefault("private_key", this.base_directory, "private.key"));
        this.public_certificate = groupSettingSupport.scope(derivedDefault("public_certificate", this.base_directory, "public.crt"));
        this.trusted_dir = groupSettingSupport.scope(derivedDefault("trusted_dir", this.base_directory, "trusted"));
        this.revoked_dir = groupSettingSupport.scope(derivedDefault("revoked_dir", this.base_directory, "revoked"));
        this.private_key_password = groupSettingSupport.scope(Settings.setting("private_key_password", Settings.STRING, Settings.NO_DEFAULT));
        this.client_auth = groupSettingSupport.scope(Settings.setting("client_auth", Settings.options(ClientAuth.class, true), ClientAuth.REQUIRE.name()));
        this.tls_versions = groupSettingSupport.scope(Settings.setting("tls_versions", Settings.STRING_LIST, joinList(TLS_VERSION_DEFAULTS)));
        this.ciphers = groupSettingSupport.scope(Settings.setting("ciphers", Settings.STRING_LIST, joinList(CIPHER_SUITES_DEFAULTS)));
    }

    private Setting<File> derivedDefault(String str, Setting<File> setting, String str2) {
        return Settings.derivedSetting(str, setting, file -> {
            return new File(file, str2);
        }, Settings.PATH);
    }

    private String joinList(List<String> list) {
        if (list == null) {
            return null;
        }
        return String.join(Settings.SEPARATOR, list);
    }
}
