package io.airlift.http.server;

import com.google.common.base.Splitter;
import com.google.common.collect.ImmutableList;
import io.airlift.configuration.Config;
import io.airlift.configuration.ConfigDescription;
import io.airlift.configuration.ConfigSecuritySensitive;
import io.airlift.units.Duration;
import io.airlift.units.MinDuration;
import jakarta.validation.constraints.AssertTrue;
import jakarta.validation.constraints.Min;
import java.util.List;
import java.util.Objects;
import java.util.concurrent.TimeUnit;
import org.eclipse.jetty.util.ssl.SslContextFactory;

/* loaded from: input_file:io/airlift/http/server/HttpsConfig.class */
public class HttpsConfig {
    private String keystorePath;
    private String keystorePassword;
    private String keyManagerPassword;
    private String trustStorePath;
    private String trustStorePassword;
    private String secureRandomAlgorithm;
    private String automaticHttpsSharedSecret;
    private int httpsPort = 8443;
    private List<String> includedCipherSuites = ImmutableList.of();
    private Duration sslContextRefreshTime = new Duration(1.0d, TimeUnit.MINUTES);
    private List<String> excludedCipherSuites = ImmutableList.copyOf(new SslContextFactory.Server().getExcludeCipherSuites());
    private Duration sslSessionTimeout = new Duration(4.0d, TimeUnit.HOURS);
    private int sslSessionCacheSize = 10000;

    public int getHttpsPort() {
        return this.httpsPort;
    }

    @Config("http-server.https.port")
    public HttpsConfig setHttpsPort(int i) {
        this.httpsPort = i;
        return this;
    }

    @MinDuration("1s")
    public Duration getSslSessionTimeout() {
        return this.sslSessionTimeout;
    }

    @Config("http-server.https.ssl-session-timeout")
    public HttpsConfig setSslSessionTimeout(Duration duration) {
        this.sslSessionTimeout = duration;
        return this;
    }

    @Min(1)
    public int getSslSessionCacheSize() {
        return this.sslSessionCacheSize;
    }

    @Config("http-server.https.ssl-session-cache-size")
    public HttpsConfig setSslSessionCacheSize(int i) {
        this.sslSessionCacheSize = i;
        return this;
    }

    public String getKeystorePath() {
        return this.keystorePath;
    }

    @Config("http-server.https.keystore.path")
    public HttpsConfig setKeystorePath(String str) {
        this.keystorePath = str;
        return this;
    }

    public String getKeystorePassword() {
        return this.keystorePassword;
    }

    @ConfigSecuritySensitive
    @Config("http-server.https.keystore.key")
    public HttpsConfig setKeystorePassword(String str) {
        this.keystorePassword = str;
        return this;
    }

    @AssertTrue(message = "Keystore path or automatic HTTPS shared secret must be provided when HTTPS is enabled")
    public boolean isHttpsConfigurationValid() {
        return (getKeystorePath() == null && getAutomaticHttpsSharedSecret() == null) ? false : true;
    }

    public String getKeyManagerPassword() {
        return this.keyManagerPassword;
    }

    @ConfigSecuritySensitive
    @Config("http-server.https.keymanager.password")
    public HttpsConfig setKeyManagerPassword(String str) {
        this.keyManagerPassword = str;
        return this;
    }

    public String getTrustStorePath() {
        return this.trustStorePath;
    }

    @Config("http-server.https.truststore.path")
    public HttpsConfig setTrustStorePath(String str) {
        this.trustStorePath = str;
        return this;
    }

    public String getTrustStorePassword() {
        return this.trustStorePassword;
    }

    @ConfigSecuritySensitive
    @Config("http-server.https.truststore.key")
    public HttpsConfig setTrustStorePassword(String str) {
        this.trustStorePassword = str;
        return this;
    }

    public String getSecureRandomAlgorithm() {
        return this.secureRandomAlgorithm;
    }

    @Config("http-server.https.secure-random-algorithm")
    public HttpsConfig setSecureRandomAlgorithm(String str) {
        this.secureRandomAlgorithm = str;
        return this;
    }

    public List<String> getHttpsIncludedCipherSuites() {
        return this.includedCipherSuites;
    }

    @Config("http-server.https.included-cipher")
    public HttpsConfig setHttpsIncludedCipherSuites(String str) {
        this.includedCipherSuites = Splitter.on(',').trimResults().omitEmptyStrings().splitToList((CharSequence) Objects.requireNonNull(str, "includedCipherSuites is null"));
        return this;
    }

    public List<String> getHttpsExcludedCipherSuites() {
        return this.excludedCipherSuites;
    }

    @ConfigDescription("Setting this config property overwrites Jetty's default excluded cipher suites")
    @Config("http-server.https.excluded-cipher")
    public HttpsConfig setHttpsExcludedCipherSuites(String str) {
        this.excludedCipherSuites = Splitter.on(',').trimResults().omitEmptyStrings().splitToList((CharSequence) Objects.requireNonNull(str, "excludedCipherSuites is null"));
        return this;
    }

    @MinDuration("1s")
    public Duration getSslContextRefreshTime() {
        return this.sslContextRefreshTime;
    }

    @Config("http-server.https.ssl-context.refresh-time")
    public HttpsConfig setSslContextRefreshTime(Duration duration) {
        this.sslContextRefreshTime = duration;
        return this;
    }

    public String getAutomaticHttpsSharedSecret() {
        return this.automaticHttpsSharedSecret;
    }

    @ConfigSecuritySensitive
    @Config("http-server.https.automatic-shared-secret")
    public HttpsConfig setAutomaticHttpsSharedSecret(String str) {
        this.automaticHttpsSharedSecret = str;
        return this;
    }
}
