package io.trino.plugin.base.ldap;

import com.google.common.base.Strings;
import io.airlift.configuration.Config;
import io.airlift.configuration.ConfigDescription;
import io.airlift.configuration.ConfigSecuritySensitive;
import io.airlift.configuration.LegacyConfig;
import io.airlift.units.Duration;
import jakarta.validation.constraints.AssertTrue;
import jakarta.validation.constraints.NotNull;
import jakarta.validation.constraints.Pattern;
import java.io.File;
import java.util.Optional;

/* loaded from: input_file:io/trino/plugin/base/ldap/LdapClientConfig.class */
public class LdapClientConfig {
    private String ldapUrl;
    private boolean allowInsecure;
    private File keystorePath;
    private String keystorePassword;
    private File trustStorePath;
    private String truststorePassword;
    private boolean ignoreReferrals;
    private Optional<Duration> ldapConnectionTimeout = Optional.empty();
    private Optional<Duration> ldapReadTimeout = Optional.empty();

    @Pattern(regexp = "^ldaps?://.*", message = "Invalid LDAP server URL. Expected ldap:// or ldaps://")
    @NotNull
    public String getLdapUrl() {
        return this.ldapUrl;
    }

    @ConfigDescription("URL of the LDAP server")
    @Config("ldap.url")
    public LdapClientConfig setLdapUrl(String str) {
        this.ldapUrl = str;
        return this;
    }

    public boolean isAllowInsecure() {
        return this.allowInsecure;
    }

    @ConfigDescription("Allow insecure connection to the LDAP server")
    @Config("ldap.allow-insecure")
    public LdapClientConfig setAllowInsecure(boolean z) {
        this.allowInsecure = z;
        return this;
    }

    @AssertTrue(message = "Connecting to the LDAP server without SSL enabled requires `ldap.allow-insecure=true`")
    public boolean isUrlConfigurationValid() {
        return Strings.nullToEmpty(this.ldapUrl).startsWith("ldaps://") || this.allowInsecure;
    }

    public Optional<File> getKeystorePath() {
        return Optional.ofNullable(this.keystorePath);
    }

    @ConfigDescription("Path to the PEM or JKS key store")
    @Config("ldap.ssl.keystore.path")
    public LdapClientConfig setKeystorePath(File file) {
        this.keystorePath = file;
        return this;
    }

    public Optional<String> getKeystorePassword() {
        return Optional.ofNullable(this.keystorePassword);
    }

    @ConfigSecuritySensitive
    @ConfigDescription("Password for the key store")
    @Config("ldap.ssl.keystore.password")
    public LdapClientConfig setKeystorePassword(String str) {
        this.keystorePassword = str;
        return this;
    }

    public Optional<File> getTrustStorePath() {
        return Optional.ofNullable(this.trustStorePath);
    }

    @LegacyConfig({"ldap.ssl-trust-certificate"})
    @ConfigDescription("Path to the PEM or JKS trust store")
    @Config("ldap.ssl.truststore.path")
    public LdapClientConfig setTrustStorePath(File file) {
        this.trustStorePath = file;
        return this;
    }

    public Optional<String> getTruststorePassword() {
        return Optional.ofNullable(this.truststorePassword);
    }

    @ConfigSecuritySensitive
    @ConfigDescription("Password for the trust store")
    @Config("ldap.ssl.truststore.password")
    public LdapClientConfig setTruststorePassword(String str) {
        this.truststorePassword = str;
        return this;
    }

    public boolean isIgnoreReferrals() {
        return this.ignoreReferrals;
    }

    @ConfigDescription("Referrals allow finding entries across multiple LDAP servers. Ignore them to only search within 1 LDAP server")
    @Config("ldap.ignore-referrals")
    public LdapClientConfig setIgnoreReferrals(boolean z) {
        this.ignoreReferrals = z;
        return this;
    }

    public Optional<Duration> getLdapConnectionTimeout() {
        return this.ldapConnectionTimeout;
    }

    @ConfigDescription("Timeout for establishing a connection")
    @Config("ldap.timeout.connect")
    public LdapClientConfig setLdapConnectionTimeout(Duration duration) {
        this.ldapConnectionTimeout = Optional.ofNullable(duration);
        return this;
    }

    public Optional<Duration> getLdapReadTimeout() {
        return this.ldapReadTimeout;
    }

    @ConfigDescription("Timeout for reading data from LDAP")
    @Config("ldap.timeout.read")
    public LdapClientConfig setLdapReadTimeout(Duration duration) {
        this.ldapReadTimeout = Optional.ofNullable(duration);
        return this;
    }
}
