package io.confluent.ksql.rest.server;

import com.google.common.annotations.VisibleForTesting;
import io.confluent.ksql.configdef.ConfigValidators;
import io.confluent.ksql.rest.DefaultErrorMessages;
import io.confluent.ksql.rest.ErrorMessages;
import io.confluent.ksql.util.KsqlConfig;
import io.confluent.ksql.util.KsqlException;
import io.confluent.ksql.util.KsqlServerException;
import io.vertx.core.http.ClientAuth;
import java.net.InetAddress;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.UnknownHostException;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.function.Function;
import org.apache.kafka.common.config.AbstractConfig;
import org.apache.kafka.common.config.ConfigDef;
import org.apache.kafka.common.config.ConfigException;
import org.apache.kafka.common.config.SslConfigs;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/confluent/ksql/rest/server/KsqlRestConfig.class */
public class KsqlRestConfig extends AbstractConfig {
    public static final String AUTHENTICATION_SKIP_PATHS_DEFAULT = "";
    protected static final String ACCESS_CONTROL_ALLOW_ORIGIN_DEFAULT = "";
    public static final String AUTHENTICATION_METHOD_NONE = "NONE";
    protected static final String SSL_KEYSTORE_LOCATION_DEFAULT = "";
    protected static final String SSL_KEYSTORE_PASSWORD_DEFAULT = "";
    protected static final String SSL_KEY_PASSWORD_DEFAULT = "";
    protected static final String SSL_TRUSTSTORE_LOCATION_DEFAULT = "";
    protected static final String SSL_TRUSTSTORE_PASSWORD_DEFAULT = "";
    public static final String SSL_CLIENT_AUTHENTICATION_NONE = "NONE";
    protected static final boolean SSL_KEYSTORE_RELOAD_DEFAULT = false;
    protected static final String SSL_KEYSTORE_WATCH_LOCATION_DEFAULT = "";
    private static final String KSQL_CONFIG_PREFIX = "ksql.";
    public static final String COMMAND_CONSUMER_PREFIX = "ksql.server.command.consumer.";
    public static final String COMMAND_PRODUCER_PREFIX = "ksql.server.command.producer.";
    public static final int DEFAULT_WORKER_POOL_SIZE = 100;
    public static final int DEFAULT_MAX_PUSH_QUERIES = 100;
    public static final String KSQL_LOCAL_COMMANDS_LOCATION_DEFAULT = "";
    private static final boolean KSQL_ENDPOINT_LOGGING_LOG_QUERIES_DEFAULT = false;
    public static final String KSQL_ENDPOINT_LOGGING_IGNORED_PATHS_REGEX_DEFAULT = "";
    public static final boolean KSQL_SERVER_SNI_CHECK_ENABLE_DEFAULT = false;
    public static final double KSQL_COMMAND_TOPIC_RATE_LIMIT_CONFIG_DEFAULT = Double.MAX_VALUE;
    public static final String KSQL_COMMAND_TOPIC_MIGRATION_NONE = "NONE";
    private static final Logger log = LoggerFactory.getLogger(KsqlRestConfig.class);
    private static final Logger LOGGER = LoggerFactory.getLogger(KsqlRestConfig.class);
    protected static final List<String> ACCESS_CONTROL_ALLOW_METHODS_DEFAULT = Collections.emptyList();
    protected static final List<String> ACCESS_CONTROL_ALLOW_HEADERS_DEFAULT = Collections.emptyList();
    public static final String AUTHENTICATION_METHOD_BASIC = "BASIC";
    public static final ConfigDef.ValidString AUTHENTICATION_METHOD_VALIDATOR = ConfigDef.ValidString.in(new String[]{"NONE", AUTHENTICATION_METHOD_BASIC});
    public static final List<String> AUTHENTICATION_ROLES_DEFAULT = Collections.singletonList("*");
    public static final String SSL_STORE_TYPE_JKS = "JKS";
    public static final String SSL_STORE_TYPE_PKCS12 = "PKCS12";
    public static final ConfigDef.ValidString SSL_STORE_TYPE_VALIDATOR = ConfigDef.ValidString.in(new String[]{SSL_STORE_TYPE_JKS, SSL_STORE_TYPE_PKCS12});
    public static final String SSL_CLIENT_AUTHENTICATION_REQUESTED = "REQUESTED";
    public static final String SSL_CLIENT_AUTHENTICATION_REQUIRED = "REQUIRED";
    public static final ConfigDef.ValidString SSL_CLIENT_AUTHENTICATION_VALIDATOR = ConfigDef.ValidString.in(new String[]{"NONE", SSL_CLIENT_AUTHENTICATION_REQUESTED, SSL_CLIENT_AUTHENTICATION_REQUIRED});
    private static final String KSQL_SERVER_ERRORS_DOC = "A class the implementing " + ErrorMessages.class.getSimpleName() + " interface.This allows the KSQL server to return pluggable error messages.";
    public static final int DEFAULT_VERTICLE_INSTANCES = 2 * Runtime.getRuntime().availableProcessors();
    public static final String KSQL_AUTHENTICATION_PLUGIN_DEFAULT = null;
    public static final String KSQL_COMMAND_TOPIC_MIGRATION_MIGRATOR = "MIGRATOR";
    public static final String KSQL_COMMAND_TOPIC_MIGRATION_MIGRATING = "MIGRATING";
    public static final ConfigDef.ValidString KSQL_COMMAND_TOPIC_MIGRATION_VALIDATOR = ConfigDef.ValidString.in(new String[]{"NONE", KSQL_COMMAND_TOPIC_MIGRATION_MIGRATOR, KSQL_COMMAND_TOPIC_MIGRATION_MIGRATING});
    public static final String AUTHENTICATION_SKIP_PATHS_CONFIG = "authentication.skip.paths";
    public static final String AUTHENTICATION_SKIP_PATHS_DOC = "Comma separated list of paths that can be accessed without authentication";
    public static final String AUTHENTICATION_METHOD_CONFIG = "authentication.method";
    public static final String AUTHENTICATION_METHOD_DOC = "Method of authentication. Must be BASIC to enable authentication. For BASIC, you must supply a valid JAAS config file for the 'java.security.auth.login.config' system property for the appropriate authentication provider";
    public static final String AUTHENTICATION_REALM_CONFIG = "authentication.realm";
    public static final String AUTHENTICATION_REALM_DOC = "Security realm to be used in authentication.";
    public static final String AUTHENTICATION_ROLES_CONFIG = "authentication.roles";
    public static final String AUTHENTICATION_ROLES_DOC = "Valid roles to authenticate against.";
    public static final String LISTENERS_CONFIG = "listeners";
    protected static final String LISTENERS_DEFAULT = "http://0.0.0.0:8088";
    protected static final String LISTENERS_DOC = "List of listeners. http and https are supported. Each listener must include the protocol, hostname, and port. For example: http://myhost:8080, https://0.0.0.0:8081";
    public static final String ACCESS_CONTROL_ALLOW_ORIGIN_CONFIG = "access.control.allow.origin";
    protected static final String ACCESS_CONTROL_ALLOW_ORIGIN_DOC = "Set value for Access-Control-Allow-Origin header";
    public static final String ACCESS_CONTROL_ALLOW_METHODS = "access.control.allow.methods";
    protected static final String ACCESS_CONTROL_ALLOW_METHODS_DOC = "Set value to Access-Control-Allow-Origin header for specified methods";
    public static final String ACCESS_CONTROL_ALLOW_HEADERS = "access.control.allow.headers";
    protected static final String ACCESS_CONTROL_ALLOW_HEADERS_DOC = "Set value to Access-Control-Allow-Origin header for specified headers. Leave blank to use default.";
    public static final String SSL_KEYSTORE_TYPE_CONFIG = "ssl.keystore.type";
    protected static final String SSL_KEYSTORE_TYPE_DOC = "The type of keystore file. Must be either 'JKS' or 'PKCS12'.";
    public static final String SSL_KEYSTORE_RELOAD_CONFIG = "ssl.keystore.reload";
    protected static final String SSL_KEYSTORE_RELOAD_DOC = "Enable auto reload of ssl keystore.";
    public static final String SSL_KEYSTORE_WATCH_LOCATION_CONFIG = "ssl.keystore.watch.location";
    protected static final String SSL_KEYSTORE_WATCH_LOCATION_DOC = "Location to watch for keystore file changes, if different from keystore location.";
    public static final String SSL_TRUSTSTORE_TYPE_CONFIG = "ssl.truststore.type";
    protected static final String SSL_TRUSTSTORE_TYPE_DOC = "The type of trust store file. Must be either 'JKS' or 'PKCS12'.";
    public static final String SSL_CLIENT_AUTHENTICATION_CONFIG = "ssl.client.authentication";
    protected static final String SSL_CLIENT_AUTHENTICATION_DOC = "SSL mutual auth. Set to NONE to disable SSL client authentication, set to REQUESTED to request but not require SSL client authentication, and set to REQUIRED to require SSL client authentication.";
    public static final String SSL_CLIENT_AUTH_CONFIG = "ssl.client.auth";
    public static final String KSQL_INTERNAL_SSL_CLIENT_AUTHENTICATION_CONFIG = "ksql.internal.ssl.client.authentication";
    protected static final String KSQL_INTERNAL_SSL_CLIENT_AUTHENTICATION_DOC = "SSL mutual auth for internal requests. Set to NONE to disable SSL client authentication, set to REQUESTED to request but not require SSL client authentication, and set to REQUIRED to require SSL for internal client authentication.";
    public static final String KSQL_SSL_KEYSTORE_ALIAS_EXTERNAL_CONFIG = "ksql.ssl.keystore.alias.external";
    private static final String KSQL_SSL_KEYSTORE_ALIAS_EXTERNAL_DOC = "The key store certificate alias to be used for external client requests. If not set, the system will fall back on the Vert.x default choice";
    public static final String KSQL_SSL_KEYSTORE_ALIAS_INTERNAL_CONFIG = "ksql.ssl.keystore.alias.internal";
    private static final String KSQL_SSL_KEYSTORE_ALIAS_INTERNAL_DOC = "The key store certificate alias to be used for internal client requests. If not set, the system will fall back on the Vert.x default choice";
    public static final String SSL_ENABLED_PROTOCOLS_CONFIG = "ssl.enabled.protocols";
    protected static final String SSL_ENABLED_PROTOCOLS_DOC = "The list of protocols enabled for SSL connections. Comma-separated list. If blank, the default from the Apache Kafka SslConfigs.java file will be used (see 'DEFAULT_SSL_ENABLED_PROTOCOLS' in https://github.com/apache/kafka/blob/trunk/clients/src/main/java/org/apache/kafka/common/config/SslConfigs.java).";
    public static final String SSL_CIPHER_SUITES_CONFIG = "ssl.cipher.suites";
    protected static final String SSL_CIPHER_SUITES_DOC = "A list of SSL cipher suites. If blank, the JVM default will be used.";
    public static final String ADVERTISED_LISTENER_CONFIG = "ksql.advertised.listener";
    private static final String ADVERTISED_LISTENER_DOC = "The listener this node will share with other ksqlDB nodes in the cluster for internal communication. In IaaS environments, this may need to be different from the interface to which the server binds. If this is not set, the advertised listener will either default to ksql.internal.listener, if set, or else the first value from listeners will be used. It is not valid to use the 0.0.0.0 (IPv4) or [::] (IPv6) wildcard addresses.";
    public static final String INTERNAL_LISTENER_CONFIG = "ksql.internal.listener";
    private static final String INTERNAL_LISTENER_DOC = "The listener used for inter-node communication, if different to the 'listeners' config. The ksql.advertised.listener config can be set to provide an externally routable name for this listener, if required. This listener can be used to bind a separate port or network interface for the internal endpoints, separate from the external client endpoints, and provide a layer of security at the network level.";
    public static final String STREAMED_QUERY_DISCONNECT_CHECK_MS_CONFIG = "query.stream.disconnect.check";
    private static final String STREAMED_QUERY_DISCONNECT_CHECK_MS_DOC = "How often to send an empty line as part of the response while streaming queries as JSON; this helps proactively determine if the connection has been terminated in order to avoid keeping the created streams job alive longer than necessary";
    public static final String DISTRIBUTED_COMMAND_RESPONSE_TIMEOUT_MS_CONFIG = "ksql.server.command.response.timeout.ms";
    protected static final String DISTRIBUTED_COMMAND_RESPONSE_TIMEOUT_MS_DOC = "How long to wait for a distributed command to be executed by the local node before returning a response";
    public static final String INSTALL_DIR_CONFIG = "ksql.server.install.dir";
    private static final String INSTALL_DIR_DOC = "The directory that ksql is installed in. This is set in the ksql-server-start script.";
    static final String KSQL_WEBSOCKETS_NUM_THREADS = "ksql.server.websockets.num.threads";
    private static final String KSQL_WEBSOCKETS_NUM_THREADS_DOC = "The number of websocket threads to handle query results";
    public static final String KSQL_SERVER_PRECONDITIONS = "ksql.server.preconditions";
    private static final String KSQL_SERVER_PRECONDITIONS_DOC = "A comma separated list of classes implementing KsqlServerPrecondition. The KSQL server will not start serving requests until all preconditions are satisfied. Until that time, requests will return a 503 error";
    public static final String KSQL_SERVER_ENABLE_UNCAUGHT_EXCEPTION_HANDLER = "ksql.server.exception.uncaught.handler.enable";
    private static final String KSQL_SERVER_UNCAUGHT_EXCEPTION_HANDLER_DOC = "Whether or not to set KsqlUncaughtExceptionHandler as the UncaughtExceptionHandler for all threads in the application (this can be overridden). Default is false.";
    public static final String KSQL_HEALTHCHECK_INTERVAL_MS_CONFIG = "ksql.healthcheck.interval.ms";
    private static final String KSQL_HEALTHCHECK_INTERVAL_MS_DOC = "Minimum time between consecutive health check evaluations. Health check queries before the interval has elapsed will receive cached responses.";
    static final String KSQL_COMMAND_RUNNER_BLOCKED_THRESHHOLD_ERROR_MS = "ksql.server.command.blocked.threshold.error.ms";
    private static final String KSQL_COMMAND_RUNNER_BLOCKED_THRESHHOLD_ERROR_MS_DOC = "How long to wait for the command runner to process a command from the command topic before reporting an error metric.";
    static final String KSQL_SERVER_ERROR_MESSAGES = "ksql.server.error.messages";
    public static final String KSQL_HEARTBEAT_ENABLE_CONFIG = "ksql.heartbeat.enable";
    private static final String KSQL_HEARTBEAT_ENABLE_DOC = "Whether the heartheat mechanism is enabled or not. It is disabled by default.";
    public static final String KSQL_HEARTBEAT_SEND_INTERVAL_MS_CONFIG = "ksql.heartbeat.send.interval.ms";
    private static final String KSQL_HEARTBEAT_SEND_INTERVAL_MS_DOC = "Interval at which heartbeats are broadcasted to servers.";
    public static final String KSQL_HEARTBEAT_CHECK_INTERVAL_MS_CONFIG = "ksql.heartbeat.check.interval.ms";
    private static final String KSQL_HEARTBEAT_CHECK_INTERVAL_MS_DOC = "Interval at which server processes received heartbeats.";
    public static final String KSQL_HEARTBEAT_WINDOW_MS_CONFIG = "ksql.heartbeat.window.ms";
    private static final String KSQL_HEARTBEAT_WINDOW_MS_DOC = "Size of time window across which to count missed heartbeats.";
    public static final String KSQL_HEARTBEAT_MISSED_THRESHOLD_CONFIG = "ksql.heartbeat.missed.threshold.ms";
    private static final String KSQL_HEARTBEAT_MISSED_THRESHOLD_DOC = "Minimum number of consecutive missed heartbeats that flag a server as down.";
    public static final String KSQL_HEARTBEAT_DISCOVER_CLUSTER_MS_CONFIG = "ksql.heartbeat.discover.interval.ms";
    private static final String KSQL_HEARTBEAT_DISCOVER_CLUSTER_MS_DOC = "Interval at which server attempts to discover what other ksql servers exist in the cluster.";
    public static final String KSQL_HEARTBEAT_THREAD_POOL_SIZE_CONFIG = "ksql.heartbeat.thread.pool.size";
    private static final String KSQL_HEARTBEAT_THREAD_POOL_SIZE_CONFIG_DOC = "Size of thread pool used for sending / processing heartbeats and cluster discovery.";
    public static final String KSQL_LAG_REPORTING_ENABLE_CONFIG = "ksql.lag.reporting.enable";
    private static final String KSQL_LAG_REPORTING_ENABLE_DOC = "Whether lag reporting is enabled or not. It is disabled by default.";
    public static final String KSQL_LAG_REPORTING_SEND_INTERVAL_MS_CONFIG = "ksql.lag.reporting.send.interval.ms";
    private static final String KSQL_LAG_REPORTING_SEND_INTERVAL_MS_DOC = "Interval at which lag reports are broadcasted to servers.";
    public static final String VERTICLE_INSTANCES = "ksql.verticle.instances";
    public static final String VERTICLE_INSTANCES_DOC = "The number of server verticle instances to start per listener. Usually you want at least many instances as there are cores you want to use, as each instance is single threaded.";
    public static final String IDLE_CONNECTION_TIMEOUT_SECONDS = "ksql.idle.connection.timeout.seconds";
    public static final int DEFAULT_IDLE_CONNECTION_TIMEOUT_SECONDS = 86400;
    public static final String IDLE_CONNECTION_TIMEOUT_SECONDS_DOC = "The timeout for idle connections. A connection is idle if there is no data in either direction on that connection for the duration of the timeout. This includes connections where the client only makes occasional requests as well as connections where the server takes a long time to send back any data. An example of the latter case is when there is a long period with no new results to send back in response to a streaming query. You can decrease this timeout to close connections more aggressively and save server resources, or make it longer to be more tolerant of low data volume use cases. Note: even though the server's idle connection timeout is set to a high value, you may have firewalls or proxies that enforce their own idle connection timeouts.";
    public static final String WORKER_POOL_SIZE = "ksql.worker.pool.size";
    public static final String WORKER_POOL_DOC = "Max number of worker threads for executing blocking code";
    public static final String MAX_PUSH_QUERIES = "ksql.max.push.queries";
    public static final String MAX_PUSH_QUERIES_DOC = "The maximum number of push queries allowed on the server at any one time";
    public static final String KSQL_AUTHENTICATION_PLUGIN_CLASS = "ksql.authentication.plugin.class";
    public static final String KSQL_AUTHENTICATION_PLUGIN_DOC = "An extension class that allows  custom authentication to be plugged in.";
    public static final String KSQL_LOGGING_SERVER_RATE_LIMITED_RESPONSE_CODES_CONFIG = "ksql.logging.server.rate.limited.response.codes";
    private static final String KSQL_LOGGING_SERVER_RATE_LIMITED_RESPONSE_CODES_DOC = "A list of code:rate_limit pairs, to rate limit the server request logging";
    public static final String KSQL_LOGGING_SERVER_RATE_LIMITED_REQUEST_PATHS_CONFIG = "ksql.logging.server.rate.limited.request.paths";
    private static final String KSQL_LOGGING_SERVER_RATE_LIMITED_REQUEST_PATHS_DOC = "A list of path:rate_limit pairs, to rate limit the server request logging";
    public static final String KSQL_LOCAL_COMMANDS_LOCATION_CONFIG = "ksql.local.commands.location";
    public static final String KSQL_LOCAL_COMMANDS_LOCATION_DOC = "Specify the directory where KSQL tracks local commands, e.g. transient queries";
    public static final String KSQL_ENDPOINT_LOGGING_IGNORED_PATHS_REGEX_CONFIG = "ksql.endpoint.logging.ignored.paths.regex";
    public static final String KSQL_ENDPOINT_LOGGING_IGNORED_PATHS_REGEX_DOC = "A regex that allows users to filter out logging from certain endpoints. Without this filter, all endpoints are logged. An example usage of this configuration would be to disable heartbeat logging (e.g. ksql.endpoint.logging.log.queries =.*heartbeat.* ) which can otherwise be verbose. Note that this works on the entire URI, respecting the ksql.endpoint.logging.log.queries configuration";
    public static final String KSQL_ENDPOINT_LOGGING_LOG_QUERIES_CONFIG = "ksql.endpoint.logging.log.queries";
    private static final String KSQL_ENDPOINT_LOGGING_LOG_QUERIES_DOC = "Whether or not to log the query portion of the URI when logging endpoints. Note that enabling this may log sensitive information.";
    public static final String KSQL_INTERNAL_HTTP2_MAX_POOL_SIZE_CONFIG = "ksql.internal.http2.max.pool.size";
    public static final int KSQL_INTERNAL_HTTP2_MAX_POOL_SIZE_DEFAULT = 3000;
    public static final String KSQL_INTERNAL_HTTP2_MAX_POOL_SIZE_DOC = "The maximum connection pool size used by Vertx for http2 internal connections";
    public static final String KSQL_SERVER_SNI_CHECK_ENABLE = "ksql.server.sni.check.enable";
    private static final String KSQL_SERVER_SNI_CHECK_ENABLE_DOC = "Whether or not to check the SNI against the Host header. If the values don't match, returns a 421 mis-directed response. (NOTE: this check should not be enabled if ksqlDB servers have mutual TLS enabled)";
    public static final String KSQL_COMMAND_TOPIC_RATE_LIMIT_CONFIG = "ksql.server.command.topic.rate.limit";
    private static final String KSQL_COMMAND_TOPIC_RATE_LIMIT_CONFIG_DEFAULT_DOC = "Sets the number of statements that can be executed against the command topic per second";
    public static final String KSQL_PRECONDITION_CHECKER_BACK_OFF_TIME_MS = "ksql.server.precondition.max.backoff.ms";
    protected static final String KSQL_PRECONDITION_CHECKER_BACK_OFF_TIME_MS_DOC = "The maximum amount of time to wait before checking the KSQL server preconditions again.";
    public static final String KSQL_COMMAND_TOPIC_MIGRATION_CONFIG = "ksql.server.command.topic.migration.enabled";
    protected static final String KSQL_COMMAND_TOPIC_MIGRATION_DOC = "Whether or not to migrate the command topic to another Kafka cluster. If the command topic doesn't exist on the Kafka the command producer/consumer are reading from or exists, but is empty, the server then checks for the existence of the command topic on the broker that the server is connected to in the bootstrap.servers config. If it exists, it recreates the command topic on the new broker, then issues a new command to the old command topic to mark it as degraded for other servers that may be running in the cluster. One server should be designated as the MIGRATOR server while the rest of the servers should be set as MIGRATING. Servers that are MIGRATING will wait until the main MIGRATOR has completed the migration.";
    private static final ConfigDef CONFIG_DEF = new ConfigDef().define(AUTHENTICATION_SKIP_PATHS_CONFIG, ConfigDef.Type.LIST, "", ConfigDef.Importance.LOW, AUTHENTICATION_SKIP_PATHS_DOC).define(AUTHENTICATION_METHOD_CONFIG, ConfigDef.Type.STRING, "NONE", AUTHENTICATION_METHOD_VALIDATOR, ConfigDef.Importance.LOW, AUTHENTICATION_METHOD_DOC).define(AUTHENTICATION_REALM_CONFIG, ConfigDef.Type.STRING, "", ConfigDef.Importance.LOW, AUTHENTICATION_REALM_DOC).define(AUTHENTICATION_ROLES_CONFIG, ConfigDef.Type.LIST, AUTHENTICATION_ROLES_DEFAULT, ConfigDef.Importance.LOW, AUTHENTICATION_ROLES_DOC).define(LISTENERS_CONFIG, ConfigDef.Type.LIST, LISTENERS_DEFAULT, ConfigDef.Importance.HIGH, LISTENERS_DOC).define(ACCESS_CONTROL_ALLOW_ORIGIN_CONFIG, ConfigDef.Type.STRING, "", ConfigDef.Importance.LOW, ACCESS_CONTROL_ALLOW_ORIGIN_DOC).define(ACCESS_CONTROL_ALLOW_METHODS, ConfigDef.Type.LIST, ACCESS_CONTROL_ALLOW_METHODS_DEFAULT, ConfigDef.Importance.LOW, ACCESS_CONTROL_ALLOW_METHODS_DOC).define(ACCESS_CONTROL_ALLOW_HEADERS, ConfigDef.Type.LIST, ACCESS_CONTROL_ALLOW_HEADERS_DEFAULT, ConfigDef.Importance.LOW, ACCESS_CONTROL_ALLOW_HEADERS_DOC).define("ssl.keystore.location", ConfigDef.Type.STRING, "", ConfigDef.Importance.HIGH, "The location of the key store file. This is optional for client and can be used for two-way authentication for client.").define("ssl.keystore.password", ConfigDef.Type.PASSWORD, "", ConfigDef.Importance.HIGH, "The store password for the key store file. This is optional for client and only needed if 'ssl.keystore.location' is configured. Key store password is not supported for PEM format.").define("ssl.key.password", ConfigDef.Type.PASSWORD, "", ConfigDef.Importance.HIGH, "The password of the private key in the key store file or the PEM key specified in 'ssl.keystore.key'.").define(SSL_KEYSTORE_TYPE_CONFIG, ConfigDef.Type.STRING, SSL_STORE_TYPE_JKS, SSL_STORE_TYPE_VALIDATOR, ConfigDef.Importance.MEDIUM, SSL_KEYSTORE_TYPE_DOC).define(SSL_KEYSTORE_RELOAD_CONFIG, ConfigDef.Type.BOOLEAN, false, ConfigDef.Importance.LOW, SSL_KEYSTORE_RELOAD_DOC).define(SSL_KEYSTORE_WATCH_LOCATION_CONFIG, ConfigDef.Type.STRING, "", ConfigDef.Importance.LOW, SSL_KEYSTORE_WATCH_LOCATION_DOC).define("ssl.truststore.location", ConfigDef.Type.STRING, "", ConfigDef.Importance.HIGH, "The location of the trust store file.").define("ssl.truststore.password", ConfigDef.Type.PASSWORD, "", ConfigDef.Importance.HIGH, "The password for the trust store file. If a password is not set, trust store file configured will still be used, but integrity checking is disabled. Trust store password is not supported for PEM format.").define(SSL_TRUSTSTORE_TYPE_CONFIG, ConfigDef.Type.STRING, SSL_STORE_TYPE_JKS, SSL_STORE_TYPE_VALIDATOR, ConfigDef.Importance.MEDIUM, SSL_TRUSTSTORE_TYPE_DOC).define(SSL_CLIENT_AUTHENTICATION_CONFIG, ConfigDef.Type.STRING, "NONE", SSL_CLIENT_AUTHENTICATION_VALIDATOR, ConfigDef.Importance.MEDIUM, SSL_CLIENT_AUTHENTICATION_DOC).define(SSL_CLIENT_AUTH_CONFIG, ConfigDef.Type.BOOLEAN, false, ConfigDef.Importance.MEDIUM, "").define(KSQL_INTERNAL_SSL_CLIENT_AUTHENTICATION_CONFIG, ConfigDef.Type.STRING, "NONE", SSL_CLIENT_AUTHENTICATION_VALIDATOR, ConfigDef.Importance.MEDIUM, KSQL_INTERNAL_SSL_CLIENT_AUTHENTICATION_DOC).define(KSQL_SSL_KEYSTORE_ALIAS_EXTERNAL_CONFIG, ConfigDef.Type.STRING, "", ConfigDef.Importance.MEDIUM, KSQL_SSL_KEYSTORE_ALIAS_EXTERNAL_DOC).define(KSQL_SSL_KEYSTORE_ALIAS_INTERNAL_CONFIG, ConfigDef.Type.STRING, "", ConfigDef.Importance.MEDIUM, KSQL_SSL_KEYSTORE_ALIAS_INTERNAL_DOC).define(SSL_ENABLED_PROTOCOLS_CONFIG, ConfigDef.Type.LIST, SslConfigs.DEFAULT_SSL_ENABLED_PROTOCOLS, ConfigDef.Importance.MEDIUM, SSL_ENABLED_PROTOCOLS_DOC).define(SSL_CIPHER_SUITES_CONFIG, ConfigDef.Type.LIST, "", ConfigDef.Importance.LOW, SSL_CIPHER_SUITES_DOC).define(ADVERTISED_LISTENER_CONFIG, ConfigDef.Type.STRING, (Object) null, ConfigValidators.nullsAllowed(ConfigValidators.validUrl()), ConfigDef.Importance.HIGH, ADVERTISED_LISTENER_DOC).define(INTERNAL_LISTENER_CONFIG, ConfigDef.Type.STRING, (Object) null, ConfigValidators.nullsAllowed(ConfigValidators.validUrl()), ConfigDef.Importance.HIGH, INTERNAL_LISTENER_DOC).define(STREAMED_QUERY_DISCONNECT_CHECK_MS_CONFIG, ConfigDef.Type.LONG, 1000L, ConfigDef.Importance.LOW, STREAMED_QUERY_DISCONNECT_CHECK_MS_DOC).define(DISTRIBUTED_COMMAND_RESPONSE_TIMEOUT_MS_CONFIG, ConfigDef.Type.LONG, 5000L, ConfigDef.Importance.LOW, DISTRIBUTED_COMMAND_RESPONSE_TIMEOUT_MS_DOC).define(INSTALL_DIR_CONFIG, ConfigDef.Type.STRING, "", ConfigDef.Importance.LOW, INSTALL_DIR_DOC).define(KSQL_WEBSOCKETS_NUM_THREADS, ConfigDef.Type.INT, 5, ConfigDef.Importance.LOW, KSQL_WEBSOCKETS_NUM_THREADS_DOC).define(KSQL_SERVER_PRECONDITIONS, ConfigDef.Type.LIST, "", ConfigDef.Importance.LOW, KSQL_SERVER_PRECONDITIONS_DOC).define(KSQL_SERVER_ENABLE_UNCAUGHT_EXCEPTION_HANDLER, ConfigDef.Type.BOOLEAN, false, ConfigDef.Importance.LOW, KSQL_SERVER_UNCAUGHT_EXCEPTION_HANDLER_DOC).define(KSQL_HEALTHCHECK_INTERVAL_MS_CONFIG, ConfigDef.Type.LONG, 5000L, ConfigDef.Importance.LOW, KSQL_HEALTHCHECK_INTERVAL_MS_DOC).define(KSQL_COMMAND_RUNNER_BLOCKED_THRESHHOLD_ERROR_MS, ConfigDef.Type.LONG, 15000L, ConfigDef.Importance.LOW, KSQL_COMMAND_RUNNER_BLOCKED_THRESHHOLD_ERROR_MS_DOC).define(KSQL_SERVER_ERROR_MESSAGES, ConfigDef.Type.CLASS, DefaultErrorMessages.class, ConfigDef.Importance.LOW, KSQL_SERVER_ERRORS_DOC).define(KSQL_HEARTBEAT_ENABLE_CONFIG, ConfigDef.Type.BOOLEAN, false, ConfigDef.Importance.MEDIUM, KSQL_HEARTBEAT_ENABLE_DOC).define(KSQL_HEARTBEAT_SEND_INTERVAL_MS_CONFIG, ConfigDef.Type.LONG, 100L, ConfigDef.Importance.MEDIUM, KSQL_HEARTBEAT_SEND_INTERVAL_MS_DOC).define(KSQL_HEARTBEAT_CHECK_INTERVAL_MS_CONFIG, ConfigDef.Type.LONG, 200L, ConfigDef.Importance.MEDIUM, KSQL_HEARTBEAT_CHECK_INTERVAL_MS_DOC).define(KSQL_HEARTBEAT_WINDOW_MS_CONFIG, ConfigDef.Type.LONG, 2000L, ConfigDef.Importance.MEDIUM, KSQL_HEARTBEAT_WINDOW_MS_DOC).define(KSQL_HEARTBEAT_MISSED_THRESHOLD_CONFIG, ConfigDef.Type.LONG, 3L, ConfigDef.Importance.MEDIUM, KSQL_HEARTBEAT_MISSED_THRESHOLD_DOC).define(KSQL_HEARTBEAT_DISCOVER_CLUSTER_MS_CONFIG, ConfigDef.Type.LONG, 2000L, ConfigDef.Importance.MEDIUM, KSQL_HEARTBEAT_DISCOVER_CLUSTER_MS_DOC).define(KSQL_HEARTBEAT_THREAD_POOL_SIZE_CONFIG, ConfigDef.Type.INT, 3, ConfigDef.Importance.MEDIUM, KSQL_HEARTBEAT_THREAD_POOL_SIZE_CONFIG_DOC).define(KSQL_LAG_REPORTING_ENABLE_CONFIG, ConfigDef.Type.BOOLEAN, false, ConfigDef.Importance.MEDIUM, KSQL_LAG_REPORTING_ENABLE_DOC).define(KSQL_LAG_REPORTING_SEND_INTERVAL_MS_CONFIG, ConfigDef.Type.LONG, 5000L, ConfigDef.Importance.MEDIUM, KSQL_LAG_REPORTING_SEND_INTERVAL_MS_DOC).define(VERTICLE_INSTANCES, ConfigDef.Type.INT, Integer.valueOf(DEFAULT_VERTICLE_INSTANCES), ConfigValidators.oneOrMore(), ConfigDef.Importance.MEDIUM, VERTICLE_INSTANCES_DOC).define(IDLE_CONNECTION_TIMEOUT_SECONDS, ConfigDef.Type.INT, Integer.valueOf(DEFAULT_IDLE_CONNECTION_TIMEOUT_SECONDS), ConfigValidators.oneOrMore(), ConfigDef.Importance.LOW, IDLE_CONNECTION_TIMEOUT_SECONDS_DOC).define(WORKER_POOL_SIZE, ConfigDef.Type.INT, 100, ConfigValidators.zeroOrPositive(), ConfigDef.Importance.MEDIUM, WORKER_POOL_DOC).define(MAX_PUSH_QUERIES, ConfigDef.Type.INT, 100, ConfigValidators.zeroOrPositive(), ConfigDef.Importance.MEDIUM, MAX_PUSH_QUERIES_DOC).define(KSQL_AUTHENTICATION_PLUGIN_CLASS, ConfigDef.Type.CLASS, KSQL_AUTHENTICATION_PLUGIN_DEFAULT, ConfigDef.Importance.LOW, KSQL_AUTHENTICATION_PLUGIN_DOC).define(KSQL_LOGGING_SERVER_RATE_LIMITED_RESPONSE_CODES_CONFIG, ConfigDef.Type.STRING, "", ConfigValidators.mapWithIntKeyDoubleValue(), ConfigDef.Importance.LOW, KSQL_LOGGING_SERVER_RATE_LIMITED_RESPONSE_CODES_DOC).define(KSQL_LOGGING_SERVER_RATE_LIMITED_REQUEST_PATHS_CONFIG, ConfigDef.Type.STRING, "", ConfigValidators.mapWithDoubleValue(), ConfigDef.Importance.LOW, KSQL_LOGGING_SERVER_RATE_LIMITED_REQUEST_PATHS_DOC).define(KSQL_LOCAL_COMMANDS_LOCATION_CONFIG, ConfigDef.Type.STRING, "", ConfigDef.Importance.LOW, KSQL_LOCAL_COMMANDS_LOCATION_DOC).define(KSQL_ENDPOINT_LOGGING_IGNORED_PATHS_REGEX_CONFIG, ConfigDef.Type.STRING, "", ConfigDef.Importance.LOW, KSQL_ENDPOINT_LOGGING_IGNORED_PATHS_REGEX_DOC).define(KSQL_ENDPOINT_LOGGING_LOG_QUERIES_CONFIG, ConfigDef.Type.BOOLEAN, false, ConfigDef.Importance.LOW, KSQL_ENDPOINT_LOGGING_LOG_QUERIES_DOC).define(KSQL_INTERNAL_HTTP2_MAX_POOL_SIZE_CONFIG, ConfigDef.Type.INT, Integer.valueOf(KSQL_INTERNAL_HTTP2_MAX_POOL_SIZE_DEFAULT), ConfigDef.Importance.LOW, KSQL_INTERNAL_HTTP2_MAX_POOL_SIZE_DOC).define(KSQL_SERVER_SNI_CHECK_ENABLE, ConfigDef.Type.BOOLEAN, false, ConfigDef.Importance.LOW, KSQL_SERVER_SNI_CHECK_ENABLE_DOC).define(KSQL_COMMAND_TOPIC_RATE_LIMIT_CONFIG, ConfigDef.Type.DOUBLE, Double.valueOf(Double.MAX_VALUE), ConfigDef.Importance.LOW, KSQL_COMMAND_TOPIC_RATE_LIMIT_CONFIG_DEFAULT_DOC).define(KSQL_PRECONDITION_CHECKER_BACK_OFF_TIME_MS, ConfigDef.Type.LONG, 5000L, ConfigDef.Importance.MEDIUM, KSQL_PRECONDITION_CHECKER_BACK_OFF_TIME_MS_DOC).define(KSQL_COMMAND_TOPIC_MIGRATION_CONFIG, ConfigDef.Type.STRING, "NONE", KSQL_COMMAND_TOPIC_MIGRATION_VALIDATOR, ConfigDef.Importance.MEDIUM, KSQL_COMMAND_TOPIC_MIGRATION_DOC);

    public KsqlRestConfig(Map<?, ?> map) {
        super(CONFIG_DEF, map);
        List list = getList(LISTENERS_CONFIG);
        if (list.isEmpty()) {
            throw new KsqlException("listeners must be supplied.  List of listeners. http and https are supported. Each listener must include the protocol, hostname, and port. For example: http://myhost:8080, https://0.0.0.0:8081");
        }
        list.forEach(str -> {
            ConfigValidators.validUrl().ensureValid(LISTENERS_CONFIG, str);
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Map<String, Object> getOriginals() {
        return originalsWithPrefix("");
    }

    private Map<String, Object> getPropertiesWithOverrides(String str) {
        Map<String, Object> originals = getOriginals();
        originals.putAll(originalsWithPrefix(str));
        return originals;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Map<String, Object> getCommandConsumerProperties() {
        return getPropertiesWithOverrides(COMMAND_CONSUMER_PREFIX);
    }

    public Map<String, Object> getCommandProducerProperties() {
        return getPropertiesWithOverrides(COMMAND_PRODUCER_PREFIX);
    }

    public Map<String, Object> getKsqlConfigProperties() {
        return getOriginals();
    }

    public URL getInterNodeListener(Function<URL, Integer> function) {
        return getInterNodeListener(function, LOGGER);
    }

    @VisibleForTesting
    URL getInterNodeListener(Function<URL, Integer> function, Logger logger) {
        return getString(ADVERTISED_LISTENER_CONFIG) == null ? getString(INTERNAL_LISTENER_CONFIG) == null ? getInterNodeListenerFromFirstListener(function, logger) : getInterNodeListenerFromInternalListener(function, logger) : getInterNodeListenerFromExplicitConfig(logger);
    }

    private URL getInterNodeListenerFromFirstListener(Function<URL, Integer> function, Logger logger) {
        List list = getList(LISTENERS_CONFIG);
        URL parseUrl = parseUrl((String) list.get(0), LISTENERS_CONFIG);
        InetAddress orElseThrow = parseInetAddress(parseUrl.getHost()).orElseThrow(() -> {
            return new ConfigException(LISTENERS_CONFIG, list, "Could not resolve first host");
        });
        URL sanitizeInterNodeListener = sanitizeInterNodeListener(parseUrl, function, orElseThrow.isAnyLocalAddress());
        logInterNodeListener(logger, sanitizeInterNodeListener, Optional.of(orElseThrow), "first 'listeners'");
        return sanitizeInterNodeListener;
    }

    private URL getInterNodeListenerFromInternalListener(Function<URL, Integer> function, Logger logger) {
        String string = getString(INTERNAL_LISTENER_CONFIG);
        URL parseUrl = parseUrl(string, INTERNAL_LISTENER_CONFIG);
        InetAddress orElseThrow = parseInetAddress(parseUrl.getHost()).orElseThrow(() -> {
            return new ConfigException(INTERNAL_LISTENER_CONFIG, string, "Could not resolve internal host");
        });
        URL sanitizeInterNodeListener = sanitizeInterNodeListener(parseUrl, function, orElseThrow.isAnyLocalAddress());
        logInterNodeListener(logger, sanitizeInterNodeListener, Optional.of(orElseThrow), "'ksql.internal.listener'");
        return sanitizeInterNodeListener;
    }

    private URL getInterNodeListenerFromExplicitConfig(Logger logger) {
        String string = getString(ADVERTISED_LISTENER_CONFIG);
        URL parseUrl = parseUrl(string, ADVERTISED_LISTENER_CONFIG);
        if (parseUrl.getPort() <= 0) {
            throw new ConfigException(ADVERTISED_LISTENER_CONFIG, string, "Must have valid port");
        }
        Optional<InetAddress> parseInetAddress = parseInetAddress(parseUrl.getHost());
        parseInetAddress.ifPresent(inetAddress -> {
            if (inetAddress.isAnyLocalAddress()) {
                throw new ConfigException(ADVERTISED_LISTENER_CONFIG, string, "Can not be wildcard");
            }
        });
        URL sanitizeInterNodeListener = sanitizeInterNodeListener(parseUrl, url -> {
            return Integer.valueOf(parseUrl.getPort());
        }, false);
        logInterNodeListener(logger, sanitizeInterNodeListener, parseInetAddress, "'ksql.advertised.listener'");
        return sanitizeInterNodeListener;
    }

    private static void logInterNodeListener(Logger logger, URL url, Optional<InetAddress> optional, String str) {
        optional.ifPresent(inetAddress -> {
            if (inetAddress.isLoopbackAddress()) {
                logger.warn("{} config is set to a loopback address: {}. Intra-node communication will only work between nodes running on the same machine.", str, url);
            }
            if (inetAddress.isAnyLocalAddress()) {
                logger.warn("{} config uses wildcard address: {}. Intra-node communication will only work between nodes running on the same machine.", str, url);
            }
        });
        logger.info("Using {} config for intra-node communication: {}", str, url);
    }

    public ClientAuth getClientAuth() {
        String string = getString(SSL_CLIENT_AUTHENTICATION_CONFIG);
        if (originals().containsKey(SSL_CLIENT_AUTH_CONFIG)) {
            if (originals().containsKey(SSL_CLIENT_AUTHENTICATION_CONFIG)) {
                log.warn("The {} configuration is deprecated. Since a value has been supplied for the {} configuration, that will be used instead", SSL_CLIENT_AUTH_CONFIG, SSL_CLIENT_AUTHENTICATION_CONFIG);
            } else {
                log.warn("The configuration {} is deprecated and should be replaced with {}", SSL_CLIENT_AUTH_CONFIG, SSL_CLIENT_AUTHENTICATION_CONFIG);
                string = getBoolean(SSL_CLIENT_AUTH_CONFIG).booleanValue() ? SSL_CLIENT_AUTHENTICATION_REQUIRED : "NONE";
            }
        }
        return getClientAuth(string);
    }

    private ClientAuth getClientAuth(String str) {
        boolean z = -1;
        switch (str.hashCode()) {
            case -814438578:
                if (str.equals(SSL_CLIENT_AUTHENTICATION_REQUESTED)) {
                    z = true;
                    break;
                }
                break;
            case 2402104:
                if (str.equals("NONE")) {
                    z = false;
                    break;
                }
                break;
            case 389487519:
                if (str.equals(SSL_CLIENT_AUTHENTICATION_REQUIRED)) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case KSQL_SERVER_SNI_CHECK_ENABLE_DEFAULT /* 0 */:
                return ClientAuth.NONE;
            case true:
                return ClientAuth.REQUEST;
            case true:
                return ClientAuth.REQUIRED;
            default:
                throw new ConfigException("Unknown client auth: " + str);
        }
    }

    public ClientAuth getClientAuthInternal() {
        return getClientAuth(getString(KSQL_INTERNAL_SSL_CLIENT_AUTHENTICATION_CONFIG));
    }

    private static URL sanitizeInterNodeListener(URL url, Function<URL, Integer> function, boolean z) {
        try {
            return new URL(url.getProtocol(), z ? getLocalHostName() : url.getHost(), url.getPort() == 0 ? function.apply(url).intValue() : url.getPort(), "");
        } catch (MalformedURLException e) {
            throw new KsqlServerException("Resolved first listener to malformed URL", e);
        }
    }

    private static URL parseUrl(String str, String str2) {
        try {
            return new URL(str);
        } catch (MalformedURLException e) {
            throw new ConfigException(str2, str, e.getMessage());
        }
    }

    private static Optional<InetAddress> parseInetAddress(String str) {
        try {
            return Optional.of(InetAddress.getByName(str));
        } catch (UnknownHostException e) {
            return Optional.empty();
        }
    }

    private static String getLocalHostName() {
        try {
            return InetAddress.getLocalHost().getCanonicalHostName();
        } catch (UnknownHostException e) {
            throw new KsqlServerException("Failed to obtain local host info", e);
        }
    }

    public Map<String, String> getStringAsMap(String str) {
        return KsqlConfig.parseStringAsMap(str, getString(str).trim());
    }
}
