package org.apache.flink.configuration;

import org.apache.flink.annotation.PublicEvolving;
import org.apache.flink.annotation.docs.ConfigGroup;
import org.apache.flink.annotation.docs.ConfigGroups;
import org.apache.flink.annotation.docs.Documentation;
import org.apache.flink.configuration.description.Description;
import org.apache.flink.configuration.description.LinkElement;

@ConfigGroups(groups = {@ConfigGroup(name = "Kerberos", keyPrefix = "security.kerberos"), @ConfigGroup(name = "ZooKeeper", keyPrefix = "zookeeper")})
@PublicEvolving
/* loaded from: input_file:org/apache/flink/configuration/SecurityOptions.class */
public class SecurityOptions {
    public static final ConfigOption<String> KERBEROS_LOGIN_PRINCIPAL = ConfigOptions.key("security.kerberos.login.principal").noDefaultValue().withDeprecatedKeys("security.principal").withDescription("Kerberos principal name associated with the keytab.");
    public static final ConfigOption<String> KERBEROS_LOGIN_KEYTAB = ConfigOptions.key("security.kerberos.login.keytab").noDefaultValue().withDeprecatedKeys("security.keytab").withDescription("Absolute path to a Kerberos keytab file that contains the user credentials.");
    public static final ConfigOption<Boolean> KERBEROS_LOGIN_USETICKETCACHE = ConfigOptions.key("security.kerberos.login.use-ticket-cache").defaultValue(true).withDescription("Indicates whether to read from your Kerberos ticket cache.");
    public static final ConfigOption<String> KERBEROS_LOGIN_CONTEXTS = ConfigOptions.key("security.kerberos.login.contexts").noDefaultValue().withDescription("A comma-separated list of login contexts to provide the Kerberos credentials to (for example, `Client,KafkaClient` to use the credentials for ZooKeeper authentication and for Kafka authentication)");
    public static final ConfigOption<Boolean> ZOOKEEPER_SASL_DISABLE = ConfigOptions.key(ConfigConstants.ZOOKEEPER_SASL_DISABLE).defaultValue(false);
    public static final ConfigOption<String> ZOOKEEPER_SASL_SERVICE_NAME = ConfigOptions.key(ConfigConstants.ZOOKEEPER_SASL_SERVICE_NAME).defaultValue("zookeeper");
    public static final ConfigOption<String> ZOOKEEPER_SASL_LOGIN_CONTEXT_NAME = ConfigOptions.key("zookeeper.sasl.login-context-name").defaultValue("Client");

    @Deprecated
    public static final ConfigOption<Boolean> SSL_ENABLED = ConfigOptions.key(ConfigConstants.SECURITY_SSL_ENABLED).defaultValue(false).withDescription("Turns on SSL for internal and external network communication.This can be overridden by 'security.ssl.internal.enabled', 'security.ssl.external.enabled'. Specific internal components (rpc, data transport, blob server) may optionally override this through their own settings.");

    @Documentation.CommonOption(position = 50)
    public static final ConfigOption<Boolean> SSL_INTERNAL_ENABLED = ConfigOptions.key("security.ssl.internal.enabled").defaultValue(false).withDescription("Turns on SSL for internal network communication. Optionally, specific components may override this through their own settings (rpc, data transport, REST, etc).");

    @Documentation.CommonOption(position = 50)
    public static final ConfigOption<Boolean> SSL_REST_ENABLED = ConfigOptions.key("security.ssl.rest.enabled").defaultValue(false).withDescription("Turns on SSL for external communication via the REST endpoints.");
    public static final ConfigOption<Boolean> SSL_REST_AUTHENTICATION_ENABLED = ConfigOptions.key("security.ssl.rest.authentication-enabled").defaultValue(false).withDescription("Turns on mutual SSL authentication for external communication via the REST endpoints.");
    public static final ConfigOption<String> SSL_KEYSTORE = ConfigOptions.key(ConfigConstants.SECURITY_SSL_KEYSTORE).noDefaultValue().withDescription("The Java keystore file to be used by the flink endpoint for its SSL Key and Certificate.");
    public static final ConfigOption<String> SSL_KEYSTORE_PASSWORD = ConfigOptions.key(ConfigConstants.SECURITY_SSL_KEYSTORE_PASSWORD).noDefaultValue().withDescription("The secret to decrypt the keystore file.");
    public static final ConfigOption<String> SSL_KEY_PASSWORD = ConfigOptions.key(ConfigConstants.SECURITY_SSL_KEY_PASSWORD).noDefaultValue().withDescription("The secret to decrypt the server key in the keystore.");
    public static final ConfigOption<String> SSL_TRUSTSTORE = ConfigOptions.key(ConfigConstants.SECURITY_SSL_TRUSTSTORE).noDefaultValue().withDescription("The truststore file containing the public CA certificates to be used by flink endpoints to verify the peer’s certificate.");
    public static final ConfigOption<String> SSL_TRUSTSTORE_PASSWORD = ConfigOptions.key(ConfigConstants.SECURITY_SSL_TRUSTSTORE_PASSWORD).noDefaultValue().withDescription("The secret to decrypt the truststore.");
    public static final ConfigOption<String> SSL_INTERNAL_KEYSTORE = ConfigOptions.key("security.ssl.internal.keystore").noDefaultValue().withDescription("The Java keystore file with SSL Key and Certificate, to be used Flink's internal endpoints (rpc, data transport, blob server).");
    public static final ConfigOption<String> SSL_INTERNAL_KEYSTORE_PASSWORD = ConfigOptions.key("security.ssl.internal.keystore-password").noDefaultValue().withDescription("The secret to decrypt the keystore file for Flink's for Flink's internal endpoints (rpc, data transport, blob server).");
    public static final ConfigOption<String> SSL_INTERNAL_KEY_PASSWORD = ConfigOptions.key("security.ssl.internal.key-password").noDefaultValue().withDescription("The secret to decrypt the key in the keystore for Flink's internal endpoints (rpc, data transport, blob server).");
    public static final ConfigOption<String> SSL_INTERNAL_TRUSTSTORE = ConfigOptions.key("security.ssl.internal.truststore").noDefaultValue().withDescription("The truststore file containing the public CA certificates to verify the peer for Flink's internal endpoints (rpc, data transport, blob server).");
    public static final ConfigOption<String> SSL_INTERNAL_TRUSTSTORE_PASSWORD = ConfigOptions.key("security.ssl.internal.truststore-password").noDefaultValue().withDescription("The password to decrypt the truststore for Flink's internal endpoints (rpc, data transport, blob server).");
    public static final ConfigOption<String> SSL_REST_KEYSTORE = ConfigOptions.key("security.ssl.rest.keystore").noDefaultValue().withDescription("The Java keystore file with SSL Key and Certificate, to be used Flink's external REST endpoints.");
    public static final ConfigOption<String> SSL_REST_KEYSTORE_PASSWORD = ConfigOptions.key("security.ssl.rest.keystore-password").noDefaultValue().withDescription("The secret to decrypt the keystore file for Flink's for Flink's external REST endpoints.");
    public static final ConfigOption<String> SSL_REST_KEY_PASSWORD = ConfigOptions.key("security.ssl.rest.key-password").noDefaultValue().withDescription("The secret to decrypt the key in the keystore for Flink's external REST endpoints.");
    public static final ConfigOption<String> SSL_REST_TRUSTSTORE = ConfigOptions.key("security.ssl.rest.truststore").noDefaultValue().withDescription("The truststore file containing the public CA certificates to verify the peer for Flink's external REST endpoints.");
    public static final ConfigOption<String> SSL_REST_TRUSTSTORE_PASSWORD = ConfigOptions.key("security.ssl.rest.truststore-password").noDefaultValue().withDescription("The password to decrypt the truststore for Flink's external REST endpoints.");
    public static final ConfigOption<String> SSL_PROTOCOL = ConfigOptions.key(ConfigConstants.SECURITY_SSL_PROTOCOL).defaultValue(ConfigConstants.DEFAULT_SECURITY_SSL_PROTOCOL).withDescription("The SSL protocol version to be supported for the ssl transport. Note that it doesn’t support comma separated list.");
    public static final ConfigOption<String> SSL_ALGORITHMS = ConfigOptions.key(ConfigConstants.SECURITY_SSL_ALGORITHMS).defaultValue(ConfigConstants.DEFAULT_SECURITY_SSL_ALGORITHMS).withDescription(Description.builder().text("The comma separated list of standard SSL algorithms to be supported. Read more %s", LinkElement.link("http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#ciphersuites", "here")).build());
    public static final ConfigOption<Boolean> SSL_VERIFY_HOSTNAME = ConfigOptions.key(ConfigConstants.SECURITY_SSL_VERIFY_HOSTNAME).defaultValue(true).withDescription("Flag to enable peer’s hostname verification during ssl handshake.");
    public static final ConfigOption<Integer> SSL_INTERNAL_SESSION_CACHE_SIZE = ConfigOptions.key("security.ssl.internal.session-cache-size").defaultValue(-1).withDescription("The size of the cache used for storing SSL session objects. According to https://github.com/netty/netty/issues/832, you should always set this to an appropriate number to not run into a bug with stalling IO threads during garbage collection. (-1 = use system default).").withDeprecatedKeys("security.ssl.session-cache-size");
    public static final ConfigOption<Integer> SSL_INTERNAL_SESSION_TIMEOUT = ConfigOptions.key("security.ssl.internal.session-timeout").defaultValue(-1).withDescription("The timeout (in ms) for the cached SSL session objects. (-1 = use system default)").withDeprecatedKeys("security.ssl.session-timeout");
    public static final ConfigOption<Integer> SSL_INTERNAL_HANDSHAKE_TIMEOUT = ConfigOptions.key("security.ssl.internal.handshake-timeout").defaultValue(-1).withDescription("The timeout (in ms) during SSL handshake. (-1 = use system default)").withDeprecatedKeys("security.ssl.handshake-timeout");
    public static final ConfigOption<Integer> SSL_INTERNAL_CLOSE_NOTIFY_FLUSH_TIMEOUT = ConfigOptions.key("security.ssl.internal.close-notify-flush-timeout").defaultValue(-1).withDescription("The timeout (in ms) for flushing the `close_notify` that was triggered by closing a channel. If the `close_notify` was not flushed in the given timeout the channel will be closed forcibly. (-1 = use system default)").withDeprecatedKeys("security.ssl.close-notify-flush-timeout");
}
