package io.trino.plugin.kafka.security;

import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.inject.ConfigurationException;
import com.google.inject.spi.Message;
import io.airlift.configuration.Config;
import io.airlift.configuration.ConfigDescription;
import io.airlift.configuration.ConfigSecuritySensitive;
import java.util.Map;
import java.util.Optional;
import javax.annotation.PostConstruct;

/* loaded from: input_file:io/trino/plugin/kafka/security/KafkaSslConfig.class */
public class KafkaSslConfig {
    private String keystoreLocation;
    private String keystorePassword;
    private String truststoreLocation;
    private String truststorePassword;
    private String keyPassword;
    private KafkaKeystoreTruststoreType keystoreType = KafkaKeystoreTruststoreType.JKS;
    private KafkaKeystoreTruststoreType truststoreType = KafkaKeystoreTruststoreType.JKS;
    private KafkaEndpointIdentificationAlgorithm endpointIdentificationAlgorithm = KafkaEndpointIdentificationAlgorithm.HTTPS;

    public Optional<String> getKeystoreLocation() {
        return Optional.ofNullable(this.keystoreLocation);
    }

    @ConfigDescription("The location of the key store file. This can be used for two-way authentication for client")
    @Config("kafka.ssl.keystore.location")
    public KafkaSslConfig setKeystoreLocation(String str) {
        this.keystoreLocation = str;
        return this;
    }

    public Optional<String> getKeystorePassword() {
        return Optional.ofNullable(this.keystorePassword);
    }

    @ConfigSecuritySensitive
    @ConfigDescription("The store password for the key store file")
    @Config("kafka.ssl.keystore.password")
    public KafkaSslConfig setKeystorePassword(String str) {
        this.keystorePassword = str;
        return this;
    }

    public Optional<KafkaKeystoreTruststoreType> getKeystoreType() {
        return Optional.ofNullable(this.keystoreType);
    }

    @ConfigDescription("The file format of the key store file")
    @Config("kafka.ssl.keystore.type")
    public KafkaSslConfig setKeystoreType(KafkaKeystoreTruststoreType kafkaKeystoreTruststoreType) {
        this.keystoreType = kafkaKeystoreTruststoreType;
        return this;
    }

    public Optional<String> getTruststoreLocation() {
        return Optional.ofNullable(this.truststoreLocation);
    }

    @ConfigDescription("The location of the trust store file")
    @Config("kafka.ssl.truststore.location")
    public KafkaSslConfig setTruststoreLocation(String str) {
        this.truststoreLocation = str;
        return this;
    }

    public Optional<String> getTruststorePassword() {
        return Optional.ofNullable(this.truststorePassword);
    }

    @ConfigSecuritySensitive
    @ConfigDescription("The password for the trust store file")
    @Config("kafka.ssl.truststore.password")
    public KafkaSslConfig setTruststorePassword(String str) {
        this.truststorePassword = str;
        return this;
    }

    public Optional<KafkaKeystoreTruststoreType> getTruststoreType() {
        return Optional.ofNullable(this.truststoreType);
    }

    @ConfigDescription("The file format of the trust store file")
    @Config("kafka.ssl.truststore.type")
    public KafkaSslConfig setTruststoreType(KafkaKeystoreTruststoreType kafkaKeystoreTruststoreType) {
        this.truststoreType = kafkaKeystoreTruststoreType;
        return this;
    }

    public Optional<String> getKeyPassword() {
        return Optional.ofNullable(this.keyPassword);
    }

    @ConfigSecuritySensitive
    @ConfigDescription("The password of the private key in the key store file")
    @Config("kafka.ssl.key.password")
    public KafkaSslConfig setKeyPassword(String str) {
        this.keyPassword = str;
        return this;
    }

    public Optional<KafkaEndpointIdentificationAlgorithm> getEndpointIdentificationAlgorithm() {
        return Optional.ofNullable(this.endpointIdentificationAlgorithm);
    }

    @ConfigDescription("The endpoint identification algorithm to validate server hostname using server certificate")
    @Config("kafka.ssl.endpoint-identification-algorithm")
    public KafkaSslConfig setEndpointIdentificationAlgorithm(KafkaEndpointIdentificationAlgorithm kafkaEndpointIdentificationAlgorithm) {
        this.endpointIdentificationAlgorithm = kafkaEndpointIdentificationAlgorithm;
        return this;
    }

    public Map<String, Object> getKafkaClientProperties() {
        ImmutableMap.Builder builder = ImmutableMap.builder();
        getKeystoreLocation().ifPresent(str -> {
            builder.put("ssl.keystore.location", str);
        });
        getKeystorePassword().ifPresent(str2 -> {
            builder.put("ssl.keystore.password", str2);
        });
        getKeystoreType().ifPresent(kafkaKeystoreTruststoreType -> {
            builder.put("ssl.keystore.type", kafkaKeystoreTruststoreType.name());
        });
        getTruststoreLocation().ifPresent(str3 -> {
            builder.put("ssl.truststore.location", str3);
        });
        getTruststorePassword().ifPresent(str4 -> {
            builder.put("ssl.truststore.password", str4);
        });
        getTruststoreType().ifPresent(kafkaKeystoreTruststoreType2 -> {
            builder.put("ssl.truststore.type", kafkaKeystoreTruststoreType2.name());
        });
        getKeyPassword().ifPresent(str5 -> {
            builder.put("ssl.key.password", str5);
        });
        getEndpointIdentificationAlgorithm().ifPresent(kafkaEndpointIdentificationAlgorithm -> {
            builder.put("ssl.endpoint.identification.algorithm", kafkaEndpointIdentificationAlgorithm.getValue());
        });
        return builder.build();
    }

    @PostConstruct
    public void validate() {
        if (getKeystoreLocation().isPresent() && getKeystorePassword().isEmpty()) {
            throw new ConfigurationException(ImmutableList.of(new Message("kafka.ssl.keystore.password must set when kafka.ssl.keystore.location is given")));
        }
        if (getTruststoreLocation().isPresent() && getTruststorePassword().isEmpty()) {
            throw new ConfigurationException(ImmutableList.of(new Message("kafka.ssl.truststore.password must set when kafka.ssl.truststore.location is given")));
        }
    }
}
