package org.apache.brooklyn.rest;

import org.apache.brooklyn.api.location.PortRange;
import org.apache.brooklyn.config.ConfigKey;
import org.apache.brooklyn.config.ConfigMap;
import org.apache.brooklyn.core.config.ConfigKeys;
import org.apache.brooklyn.core.config.ConfigPredicates;
import org.apache.brooklyn.rest.security.provider.ExplicitUsersSecurityProvider;
import org.apache.brooklyn.rest.security.provider.SecurityProvider;

/* loaded from: input_file:org/apache/brooklyn/rest/BrooklynWebConfig.class */
public class BrooklynWebConfig {
    public static final String BASE_NAME = "brooklyn.webconsole";
    public static final String BASE_NAME_SECURITY = "brooklyn.webconsole.security";
    public static final String REMOTE_ADDRESS_SESSION_ATTRIBUTE = "request.remoteAddress";
    public static final ConfigKey<String> SECURITY_PROVIDER_CLASSNAME = ConfigKeys.newStringConfigKey("brooklyn.webconsole.security.provider", "class name of a Brooklyn SecurityProvider", ExplicitUsersSecurityProvider.class.getCanonicalName());
    public static final ConfigKey<SecurityProvider> SECURITY_PROVIDER_INSTANCE = ConfigKeys.newConfigKey(SecurityProvider.class, SECURITY_PROVIDER_CLASSNAME.getName() + ".internal.instance", "instance of a pre-configured security provider");
    public static final ConfigKey<String> USERS = ConfigKeys.newStringConfigKey("brooklyn.webconsole.security.users");
    public static final ConfigKey<String> LDAP_URL = ConfigKeys.newStringConfigKey("brooklyn.webconsole.security.ldap.url");
    public static final ConfigKey<String> LDAP_REALM = ConfigKeys.newStringConfigKey("brooklyn.webconsole.security.ldap.realm");
    public static final ConfigKey<String> LDAP_OU = ConfigKeys.newStringConfigKey("brooklyn.webconsole.security.ldap.ou");
    public static final ConfigKey<Boolean> HTTPS_REQUIRED = ConfigKeys.newBooleanConfigKey("brooklyn.webconsole.security.https.required", "Whether HTTPS is required; false here can be overridden by CLI option", false);
    public static final ConfigKey<PortRange> WEB_CONSOLE_PORT = ConfigKeys.newConfigKey(PortRange.class, "brooklyn.webconsole.port", "Port/range for the web console to listen on; can be overridden by CLI option");
    public static final ConfigKey<String> KEYSTORE_URL = ConfigKeys.newStringConfigKey("brooklyn.webconsole.security.keystore.url", "Keystore from which to take the certificate to present when running HTTPS; note that normally the password is also required, and an alias for the certificate if the keystore has more than one");
    public static final ConfigKey<String> KEYSTORE_PASSWORD = ConfigKeys.newStringConfigKey("brooklyn.webconsole.security.keystore.password", "Password for the " + KEYSTORE_URL);
    public static final ConfigKey<String> KEYSTORE_CERTIFICATE_ALIAS = ConfigKeys.newStringConfigKey("brooklyn.webconsole.security.keystore.certificate.alias", "Alias in " + KEYSTORE_URL + " for the certificate to use; defaults to the first if not supplied");
    public static final ConfigKey<String> TRANSPORT_PROTOCOLS = ConfigKeys.newStringConfigKey("brooklyn.webconsole.security.transport.protocols", "SSL/TLS protocol versions to use for web console connections", "TLSv1, TLSv1.1, TLSv1.2");
    public static final ConfigKey<String> TRANSPORT_CIPHERS = ConfigKeys.newStringConfigKey("brooklyn.webconsole.security.transport.ciphers", "SSL/TLS cipher suites to use for web console connections", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,TLS_SRP_SHA_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,TLS_SRP_SHA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256,SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384,SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,SSL_DHE_RSA_WITH_AES_128_GCM_SHA256,SSL_DHE_DSS_WITH_AES_128_GCM_SHA256,SSL_DHE_DSS_WITH_AES_256_GCM_SHA384,SSL_DHE_RSA_WITH_AES_256_GCM_SHA384,SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256,SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA,SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384,SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA,SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,SSL_DHE_RSA_WITH_AES_128_CBC_SHA256,SSL_DHE_RSA_WITH_AES_128_CBC_SHA,SSL_DHE_DSS_WITH_AES_128_CBC_SHA256,SSL_DHE_RSA_WITH_AES_256_CBC_SHA256,SSL_DHE_DSS_WITH_AES_256_CBC_SHA,SSL_DHE_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_AES_128_GCM_SHA256,SSL_RSA_WITH_AES_256_GCM_SHA384,SSL_RSA_WITH_AES_128_CBC_SHA256,SSL_RSA_WITH_AES_256_CBC_SHA256,SSL_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_AES_256_CBC_SHA,SSL_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,SSL_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,SSL_SRP_SHA_WITH_AES_256_CBC_SHA,SSL_DHE_DSS_WITH_AES_256_CBC_SHA256,SSL_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,SSL_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,SSL_SRP_SHA_WITH_AES_128_CBC_SHA,SSL_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,SSL_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,SSL_RSA_WITH_CAMELLIA_256_CBC_SHA,SSL_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,SSL_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,SSL_RSA_WITH_CAMELLIA_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA");

    public static final ConfigKey<String> PASSWORD_FOR_USER(String str) {
        return ConfigKeys.newStringConfigKey("brooklyn.webconsole.security.user." + str + ".password");
    }

    public static final ConfigKey<String> SALT_FOR_USER(String str) {
        return ConfigKeys.newStringConfigKey("brooklyn.webconsole.security.user." + str + ".salt");
    }

    public static final ConfigKey<String> SHA256_FOR_USER(String str) {
        return ConfigKeys.newStringConfigKey("brooklyn.webconsole.security.user." + str + ".sha256");
    }

    public static final boolean hasNoSecurityOptions(ConfigMap configMap) {
        return configMap.findKeys(ConfigPredicates.nameStartsWith(BASE_NAME_SECURITY)).isEmpty();
    }
}
