package com.gentics.mesh.etc.config;

import com.fasterxml.jackson.annotation.JsonIgnore;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.annotation.JsonPropertyDescription;
import com.gentics.mesh.MeshEnv;
import com.gentics.mesh.doc.GenerateDocumentation;
import com.gentics.mesh.etc.config.env.EnvironmentVariable;
import com.gentics.mesh.etc.config.env.Option;
import io.vertx.core.json.JsonObject;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors;

@GenerateDocumentation
/* loaded from: input_file:com/gentics/mesh/etc/config/AuthenticationOptions.class */
public class AuthenticationOptions implements Option {
    public static final String DEFAULT_ALGORITHM = "HS256";
    public static final int DEFAULT_TOKEN_EXPIRATION_TIME = 3600;
    public static final String DEFAULT_KEYSTORE_PATH = MeshEnv.CONFIG_FOLDERNAME + "/keystore.jceks";
    public static final String DEFAULT_PUBLIC_KEYS_PATH = MeshEnv.CONFIG_FOLDERNAME + "/public-keys.json";
    public static final String MESH_AUTH_TOKEN_EXP_ENV = "MESH_AUTH_TOKEN_EXP";
    public static final String MESH_AUTH_KEYSTORE_PASS_ENV = "MESH_AUTH_KEYSTORE_PASS";
    public static final String MESH_AUTH_KEYSTORE_PATH_ENV = "MESH_AUTH_KEYSTORE_PATH";
    public static final String MESH_AUTH_JWT_ALGO_ENV = "MESH_AUTH_JWT_ALGO";
    public static final String MESH_AUTH_ANONYMOUS_ENABLED_ENV = "MESH_AUTH_ANONYMOUS_ENABLED";
    public static final String MESH_AUTH_PUBLIC_KEYS_PATH_ENV = "MESH_AUTH_PUBLIC_KEYS_PATH";

    @EnvironmentVariable(name = MESH_AUTH_TOKEN_EXP_ENV, description = "Override the configured JWT expiration time.")
    @JsonProperty(required = true)
    @JsonPropertyDescription("Time in minutes which an issued token stays valid.")
    private int tokenExpirationTime = DEFAULT_TOKEN_EXPIRATION_TIME;

    @EnvironmentVariable(name = MESH_AUTH_KEYSTORE_PASS_ENV, description = "Override the configured keystore password.")
    @JsonProperty(required = true)
    @JsonPropertyDescription("The Java keystore password for the keystore file.")
    private String keystorePassword = null;

    @EnvironmentVariable(name = MESH_AUTH_KEYSTORE_PATH_ENV, description = "Override the configured keystore path.")
    @JsonProperty(required = true)
    @JsonPropertyDescription("Path to the java keystore file which will be used to store cryptographic keys.")
    private String keystorePath = DEFAULT_KEYSTORE_PATH;

    @EnvironmentVariable(name = MESH_AUTH_JWT_ALGO_ENV, description = "Override the configured algorithm which is used to sign the JWT.")
    @JsonProperty(required = true)
    @JsonPropertyDescription("Algorithm which is used to verify and sign JWT.")
    private String algorithm = DEFAULT_ALGORITHM;

    @EnvironmentVariable(name = MESH_AUTH_ANONYMOUS_ENABLED_ENV, description = "Override the configured anonymous enabled flag.")
    @JsonProperty(required = false)
    @JsonPropertyDescription("Flag which indicates whether anonymous access should be enabled.")
    private boolean enableAnonymousAccess = true;

    @EnvironmentVariable(name = MESH_AUTH_PUBLIC_KEYS_PATH_ENV, description = "Override the configured public keys file path.")
    @JsonProperty(required = false)
    @JsonPropertyDescription("Path to the public keys file which contains a list of additional JWK formatted public keys which will be used to verify JWTs.")
    private String publicKeysPath = DEFAULT_PUBLIC_KEYS_PATH;

    @JsonIgnore
    private List<JsonObject> publicKeys = new ArrayList();

    public List<JsonObject> getPublicKeys() {
        return this.publicKeys;
    }

    public AuthenticationOptions setPublicKeys(Collection<JsonObject> collection) {
        this.publicKeys = (List) collection.stream().collect(Collectors.toList());
        return this;
    }

    public AuthenticationOptions setPublicKey(JsonObject jsonObject) {
        this.publicKeys = Arrays.asList(jsonObject);
        return this;
    }

    public String getPublicKeysPath() {
        return this.publicKeysPath;
    }

    public AuthenticationOptions setPublicKeysPath(String str) {
        this.publicKeysPath = str;
        return this;
    }

    public int getTokenExpirationTime() {
        return this.tokenExpirationTime;
    }

    public AuthenticationOptions setTokenExpirationTime(int i) {
        this.tokenExpirationTime = i;
        return this;
    }

    public String getKeystorePassword() {
        return this.keystorePassword;
    }

    public AuthenticationOptions setKeystorePassword(String str) {
        this.keystorePassword = str;
        return this;
    }

    public String getKeystorePath() {
        return this.keystorePath;
    }

    public AuthenticationOptions setKeystorePath(String str) {
        this.keystorePath = str;
        return this;
    }

    public String getAlgorithm() {
        return this.algorithm;
    }

    public AuthenticationOptions setAlgorithm(String str) {
        this.algorithm = str;
        return this;
    }

    public boolean isEnableAnonymousAccess() {
        return this.enableAnonymousAccess;
    }

    public AuthenticationOptions setEnableAnonymousAccess(boolean z) {
        this.enableAnonymousAccess = z;
        return this;
    }

    @Override // com.gentics.mesh.etc.config.env.Option
    public void validate(MeshOptions meshOptions) {
        Objects.requireNonNull(getKeystorePassword(), "The keystore password was not specified.");
        Objects.requireNonNull(this.keystorePath, "The keystore path cannot be null.");
        if (this.keystorePath.trim().isEmpty()) {
            throw new IllegalArgumentException("The keystore path cannot be empty");
        }
        if (this.publicKeys != null) {
            Iterator<JsonObject> it = this.publicKeys.iterator();
            while (it.hasNext()) {
                Objects.requireNonNull(it.next().getString("kty"), "The provided JWK has no kty (type).");
            }
        }
    }
}
