package org.infinispan.server.configuration.endpoint;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import org.infinispan.commons.configuration.Builder;
import org.infinispan.commons.configuration.attributes.AttributeSet;
import org.infinispan.rest.configuration.RestServerConfigurationBuilder;
import org.infinispan.server.Server;
import org.infinispan.server.configuration.ServerConfigurationBuilder;
import org.infinispan.server.configuration.security.KerberosSecurityFactoryConfiguration;
import org.infinispan.server.core.configuration.ProtocolServerConfiguration;
import org.infinispan.server.core.configuration.ProtocolServerConfigurationBuilder;
import org.infinispan.server.hotrod.configuration.HotRodServerConfigurationBuilder;
import org.infinispan.server.security.ServerSecurityRealm;

/* loaded from: input_file:org/infinispan/server/configuration/endpoint/EndpointsConfigurationBuilder.class */
public class EndpointsConfigurationBuilder implements Builder<EndpointsConfiguration> {
    private final ServerConfigurationBuilder serverConfigurationBuilder;
    private final List<ProtocolServerConfigurationBuilder<?, ?>> connectorBuilders = new ArrayList(2);
    private final SinglePortServerConfigurationBuilder singlePortBuilder = new SinglePortServerConfigurationBuilder();
    private final AttributeSet attributes = EndpointsConfiguration.attributeDefinitionSet();

    public EndpointsConfigurationBuilder(ServerConfigurationBuilder serverConfigurationBuilder) {
        this.serverConfigurationBuilder = serverConfigurationBuilder;
    }

    public EndpointsConfigurationBuilder socketBinding(String str) {
        this.attributes.attribute(EndpointsConfiguration.SOCKET_BINDING).set(str);
        this.serverConfigurationBuilder.applySocketBinding(str, this.singlePortBuilder);
        return this;
    }

    public EndpointsConfigurationBuilder securityRealm(String str) {
        this.attributes.attribute(EndpointsConfiguration.SECURITY_REALM).set(str);
        this.singlePortBuilder.securityRealm(this.serverConfigurationBuilder.getSecurityRealm(str));
        return this;
    }

    public EndpointsConfigurationBuilder implicitConnectorSecurity(boolean z) {
        this.attributes.attribute(EndpointsConfiguration.IMPLICIT_CONNECTOR_SECURITY).set(Boolean.valueOf(z));
        return this;
    }

    public List<ProtocolServerConfigurationBuilder<?, ?>> connectors() {
        return this.connectorBuilders;
    }

    public SinglePortServerConfigurationBuilder singlePort() {
        return this.singlePortBuilder;
    }

    public <T extends ProtocolServerConfigurationBuilder<?, ?>> T addConnector(Class<T> cls) {
        try {
            T newInstance = cls.getConstructor(new Class[0]).newInstance(new Object[0]);
            this.connectorBuilders.add(newInstance);
            this.singlePortBuilder.applyConfigurationToProtocol(newInstance);
            return newInstance;
        } catch (Exception e) {
            throw Server.log.cannotInstantiateProtocolServerConfigurationBuilder(cls, e);
        }
    }

    public void validate() {
        ((Map) this.connectorBuilders.stream().collect(Collectors.groupingBy((v0) -> {
            return v0.getClass();
        }))).entrySet().stream().filter(entry -> {
            return ((List) entry.getValue()).size() > 1;
        }).findFirst().ifPresent(entry2 -> {
            throw Server.log.multipleEndpointsSameTypeFound((String) ((List) entry2.getValue()).stream().map((v0) -> {
                return v0.name();
            }).collect(Collectors.joining(",")));
        });
    }

    /* renamed from: create, reason: merged with bridge method [inline-methods] */
    public EndpointsConfiguration m28create() {
        boolean z = ((Boolean) this.attributes.attribute(EndpointsConfiguration.IMPLICIT_CONNECTOR_SECURITY).get()).booleanValue() && this.singlePortBuilder.securityRealm() != null;
        ArrayList arrayList = new ArrayList(this.connectorBuilders.size());
        for (ProtocolServerConfigurationBuilder<?, ?> protocolServerConfigurationBuilder : this.connectorBuilders) {
            if (z) {
                if (protocolServerConfigurationBuilder instanceof HotRodServerConfigurationBuilder) {
                    enableImplicitAuthentication(this.singlePortBuilder.securityRealm(), (HotRodServerConfigurationBuilder) protocolServerConfigurationBuilder);
                } else if (protocolServerConfigurationBuilder instanceof RestServerConfigurationBuilder) {
                    enableImplicitAuthentication(this.singlePortBuilder.securityRealm(), (RestServerConfigurationBuilder) protocolServerConfigurationBuilder);
                }
            }
            arrayList.add((ProtocolServerConfiguration) protocolServerConfigurationBuilder.create());
        }
        return new EndpointsConfiguration(this.attributes.protect(), arrayList, this.singlePortBuilder.m31create());
    }

    public EndpointsConfigurationBuilder read(EndpointsConfiguration endpointsConfiguration) {
        this.attributes.read(endpointsConfiguration.attributes());
        return this;
    }

    private void enableImplicitAuthentication(ServerSecurityRealm serverSecurityRealm, HotRodServerConfigurationBuilder hotRodServerConfigurationBuilder) {
        hotRodServerConfigurationBuilder.authentication().enable().securityRealm(serverSecurityRealm.getName());
        String str = null;
        Iterator<KerberosSecurityFactoryConfiguration> it = serverSecurityRealm.getServerIdentities().kerberosConfigurations().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            KerberosSecurityFactoryConfiguration next = it.next();
            if (next.getPrincipal().startsWith("hotrod/")) {
                hotRodServerConfigurationBuilder.authentication().addMechanisms(new String[]{"GS2-KRB5", "GSSAPI"});
                str = next.getPrincipal();
                break;
            }
            Server.log.debugf("Enabled Kerberos mechanisms for Hot Rod using principal '%s'", next.getPrincipal());
        }
        if (serverSecurityRealm.hasFeature(ServerSecurityRealm.Feature.TOKEN)) {
            hotRodServerConfigurationBuilder.authentication().addMechanisms(new String[]{"OAUTHBEARER"});
            Server.log.debug("Enabled OAUTHBEARER mechanism for Hot Rod");
        }
        if (serverSecurityRealm.hasFeature(ServerSecurityRealm.Feature.TRUST)) {
            hotRodServerConfigurationBuilder.authentication().addMechanisms(new String[]{"EXTERNAL"});
            Server.log.debug("Enabled EXTERNAL mechanism for Hot Rod");
        }
        if (serverSecurityRealm.hasFeature(ServerSecurityRealm.Feature.PASSWORD)) {
            hotRodServerConfigurationBuilder.authentication().addMechanisms(new String[]{"SCRAM-SHA-512", "SCRAM-SHA-384", "SCRAM-SHA-256", "SCRAM-SHA-1", "DIGEST-SHA-512", "DIGEST-SHA-384", "DIGEST-SHA-256", "DIGEST-SHA", "CRAM-MD5", "DIGEST-MD5"});
            Server.log.debug("Enabled SCRAM, DIGEST and CRAM mechanisms for Hot Rod");
        }
        if (this.singlePortBuilder.ssl().isEnabled()) {
            hotRodServerConfigurationBuilder.authentication().addMechanisms(new String[]{"PLAIN"});
            Server.log.debug("Enabled PLAIN mechanism for Hot Rod");
        }
        hotRodServerConfigurationBuilder.authentication().serverAuthenticationProvider(serverSecurityRealm.getSASLAuthenticationProvider(str));
    }

    private void enableImplicitAuthentication(ServerSecurityRealm serverSecurityRealm, RestServerConfigurationBuilder restServerConfigurationBuilder) {
        restServerConfigurationBuilder.authentication().enable().securityRealm(serverSecurityRealm.getName());
        String str = null;
        for (KerberosSecurityFactoryConfiguration kerberosSecurityFactoryConfiguration : serverSecurityRealm.getServerIdentities().kerberosConfigurations()) {
            if (kerberosSecurityFactoryConfiguration.getPrincipal().startsWith("HTTP/")) {
                restServerConfigurationBuilder.authentication().addMechanisms(new String[]{"SPNEGO"});
                str = kerberosSecurityFactoryConfiguration.getPrincipal();
            }
            Server.log.debugf("Enabled SPNEGO authentication for HTTP using principal '%s'", kerberosSecurityFactoryConfiguration.getPrincipal());
        }
        if (serverSecurityRealm.hasFeature(ServerSecurityRealm.Feature.TOKEN)) {
            restServerConfigurationBuilder.authentication().addMechanisms(new String[]{"BEARER_TOKEN"});
            Server.log.debug("Enabled BEARER_TOKEN for HTTP");
        }
        if (serverSecurityRealm.hasFeature(ServerSecurityRealm.Feature.TRUST)) {
            restServerConfigurationBuilder.authentication().addMechanisms(new String[]{"CLIENT_CERT"});
            Server.log.debug("Enabled CLIENT_CERT for HTTP");
        }
        if (serverSecurityRealm.hasFeature(ServerSecurityRealm.Feature.PASSWORD)) {
            restServerConfigurationBuilder.authentication().addMechanisms(new String[]{"DIGEST"});
            Server.log.debug("Enabled DIGEST for HTTP");
        }
        if (this.singlePortBuilder.ssl().isEnabled()) {
            restServerConfigurationBuilder.authentication().addMechanisms(new String[]{"BASIC"});
            Server.log.debug("Enabled BASIC for HTTP");
        }
        restServerConfigurationBuilder.authentication().authenticator(serverSecurityRealm.getHTTPAuthenticationProvider(str));
    }
}
