package com.scalar.dl.client.config;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import com.scalar.dl.ledger.config.AuthenticationMethod;
import com.scalar.dl.ledger.config.ConfigUtils;
import com.scalar.dl.ledger.config.GrpcClientConfig;
import com.scalar.dl.ledger.config.TargetConfig;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.util.Objects;
import java.util.Properties;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.annotation.concurrent.Immutable;

@SuppressFBWarnings({"JCIP_FIELD_ISNT_FINAL_IN_IMMUTABLE_CLASS"})
@Immutable
/* loaded from: input_file:com/scalar/dl/client/config/ClientConfig.class */
public class ClientConfig {

    @VisibleForTesting
    static final String DEFAULT_SERVER_HOST = "localhost";

    @VisibleForTesting
    static final int DEFAULT_SERVER_PORT = 50051;

    @VisibleForTesting
    static final int DEFAULT_SERVER_PRIVILEGED_PORT = 50052;

    @VisibleForTesting
    static final int DEFAULT_CERT_VERSION = 1;

    @VisibleForTesting
    static final int DEFAULT_SECRET_KEY_VERSION = 1;

    @VisibleForTesting
    static final boolean DEFAULT_TLS_ENABLED = false;

    @VisibleForTesting
    static final long DEFAULT_DEADLINE_DURATION_MILLIS = 60000;

    @VisibleForTesting
    static final boolean DEFAULT_AUDITOR_ENABLED = false;

    @VisibleForTesting
    static final String DEFAULT_AUDITOR_HOST = "localhost";

    @VisibleForTesting
    static final int DEFAULT_AUDITOR_PORT = 40051;

    @VisibleForTesting
    static final int DEFAULT_AUDITOR_PRIVILEGED_PORT = 40052;

    @VisibleForTesting
    static final boolean DEFAULT_AUDITOR_TLS_ENABLED = false;

    @VisibleForTesting
    static final String DEFAULT_AUDITOR_LINEARIZABLE_VALIDATION_CONTRACT_ID = "validate-ledger";
    private static final String PREFIX = "scalar.dl.client.";
    public static final String SERVER_HOST = "scalar.dl.client.server.host";
    public static final String SERVER_PORT = "scalar.dl.client.server.port";
    public static final String SERVER_PRIVILEGED_PORT = "scalar.dl.client.server.privileged_port";

    @Deprecated
    public static final String CERT_HOLDER_ID = "scalar.dl.client.cert_holder_id";

    @Deprecated
    public static final String CERT_VERSION = "scalar.dl.client.cert_version";

    @Deprecated
    public static final String CERT_PATH = "scalar.dl.client.cert_path";

    @Deprecated
    public static final String CERT_PEM = "scalar.dl.client.cert_pem";

    @Deprecated
    public static final String PRIVATE_KEY_PATH = "scalar.dl.client.private_key_path";

    @Deprecated
    public static final String PRIVATE_KEY_PEM = "scalar.dl.client.private_key_pem";
    public static final String ENTITY_ID = "scalar.dl.client.entity.id";
    private static final String HMAC_IDENTITY_PREFIX = "scalar.dl.client.entity.identity.hmac.";
    public static final String HMAC_SECRET_KEY = "scalar.dl.client.entity.identity.hmac.secret_key";
    public static final String HMAC_SECRET_KEY_VERSION = "scalar.dl.client.entity.identity.hmac.secret_key_version";
    private static final String DS_IDENTITY_PREFIX = "scalar.dl.client.entity.identity.digital_signature.";
    public static final String DS_CERT_PATH = "scalar.dl.client.entity.identity.digital_signature.cert_path";
    public static final String DS_CERT_PEM = "scalar.dl.client.entity.identity.digital_signature.cert_pem";
    public static final String DS_CERT_VERSION = "scalar.dl.client.entity.identity.digital_signature.cert_version";
    public static final String DS_PRIVATE_KEY_PATH = "scalar.dl.client.entity.identity.digital_signature.private_key_path";
    public static final String DS_PRIVATE_KEY_PEM = "scalar.dl.client.entity.identity.digital_signature.private_key_pem";
    public static final String AUTHENTICATION_METHOD = "scalar.dl.client.authentication_method";
    public static final String TLS_ENABLED = "scalar.dl.client.tls.enabled";
    public static final String TLS_CA_ROOT_CERT_PATH = "scalar.dl.client.tls.ca_root_cert_path";
    public static final String TLS_CA_ROOT_CERT_PEM = "scalar.dl.client.tls.ca_root_cert_pem";
    public static final String TLS_OVERRIDE_AUTHORITY = "scalar.dl.client.tls.override_authority";
    public static final String AUTHORIZATION_CREDENTIAL = "scalar.dl.client.authorization.credential";
    public static final String GRPC_DEADLINE_DURATION_MILLIS = "scalar.dl.client.grpc.deadline_duration_millis";
    public static final String GRPC_MAX_INBOUND_MESSAGE_SIZE = "scalar.dl.client.grpc.max_inbound_message_size";
    public static final String GRPC_MAX_INBOUND_METADATA_SIZE = "scalar.dl.client.grpc.max_inbound_metadata_size";
    public static final String MODE = "scalar.dl.client.mode";
    public static final String AUDITOR_ENABLED = "scalar.dl.client.auditor.enabled";
    public static final String AUDITOR_HOST = "scalar.dl.client.auditor.host";
    public static final String AUDITOR_PORT = "scalar.dl.client.auditor.port";
    public static final String AUDITOR_PRIVILEGED_PORT = "scalar.dl.client.auditor.privileged_port";
    public static final String AUDITOR_TLS_ENABLED = "scalar.dl.client.auditor.tls.enabled";
    public static final String AUDITOR_TLS_CA_ROOT_CERT_PATH = "scalar.dl.client.auditor.tls.ca_root_cert_path";
    public static final String AUDITOR_TLS_CA_ROOT_CERT_PEM = "scalar.dl.client.auditor.tls.ca_root_cert_pem";
    public static final String AUDITOR_TLS_OVERRIDE_AUTHORITY = "scalar.dl.client.auditor.tls.override_authority";
    public static final String AUDITOR_AUTHORIZATION_CREDENTIAL = "scalar.dl.client.auditor.authorization.credential";
    public static final String AUDITOR_LINEARIZABLE_VALIDATION_CONTRACT_ID = "scalar.dl.client.auditor.linearizable_validation.contract_id";
    private final Properties props;
    private String serverHost;
    private int serverPort;
    private int serverPrivilegedPort;
    private String entityId;
    private int certVersion;
    private String cert;
    private String privateKey;
    private int secretKeyVersion;
    private String secretKey;
    private AuthenticationMethod authenticationMethod;
    private boolean isTlsEnabled;
    private String tlsCaRootCert;
    private String tlsOverrideAuthority;
    private String authorizationCredential;
    private GrpcClientConfig grpcClientConfig;
    private ClientMode clientMode;
    private boolean isAuditorEnabled;
    private String auditorHost;
    private int auditorPort;
    private int auditorPrivilegedPort;
    private boolean isAuditorTlsEnabled;
    private String auditorTlsCaRootCert;
    private String auditorTlsOverrideAuthority;
    private String auditorAuthorizationCredential;
    private String auditorLinearizableValidationContractId;
    private DigitalSignatureIdentityConfig digitalSignatureIdentityConfig;
    private HmacIdentityConfig hmacIdentityConfig;
    private TargetConfig ledgerTargetConfig;
    private TargetConfig auditorTargetConfig;

    @VisibleForTesting
    static final ClientMode DEFAULT_CLIENT_MODE = ClientMode.CLIENT;

    @VisibleForTesting
    static final AuthenticationMethod DEFAULT_AUTHENTICATION_METHOD = AuthenticationMethod.DIGITAL_SIGNATURE;

    public ClientConfig(File file) throws IOException {
        FileInputStream fileInputStream = new FileInputStream(file);
        Throwable th = null;
        try {
            try {
                this.props = new Properties();
                this.props.load(fileInputStream);
                if (0 != 0) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    fileInputStream.close();
                }
                load();
            } finally {
            }
        } catch (Throwable th3) {
            if (th != null) {
                try {
                    fileInputStream.close();
                } catch (Throwable th4) {
                    th.addSuppressed(th4);
                }
            } else {
                fileInputStream.close();
            }
            throw th3;
        }
    }

    public ClientConfig(InputStream inputStream) throws IOException {
        this.props = new Properties();
        this.props.load(inputStream);
        load();
    }

    public ClientConfig(Properties properties) throws IOException {
        this.props = new Properties();
        this.props.putAll(properties);
        load();
    }

    protected final void finalize() {
    }

    public AuthenticationMethod getAuthenticationMethod() {
        return this.authenticationMethod;
    }

    @Nullable
    public DigitalSignatureIdentityConfig getDigitalSignatureIdentityConfig() {
        return this.digitalSignatureIdentityConfig;
    }

    @Nullable
    public HmacIdentityConfig getHmacIdentityConfig() {
        return this.hmacIdentityConfig;
    }

    @Nonnull
    public TargetConfig getLedgerTargetConfig() {
        return this.ledgerTargetConfig;
    }

    @Nullable
    public TargetConfig getAuditorTargetConfig() {
        return this.auditorTargetConfig;
    }

    public ClientMode getClientMode() {
        return this.clientMode;
    }

    public boolean isAuditorEnabled() {
        return this.isAuditorEnabled;
    }

    public String getAuditorLinearizableValidationContractId() {
        return this.auditorLinearizableValidationContractId;
    }

    public GrpcClientConfig getGrpcClientConfig() {
        return this.grpcClientConfig;
    }

    private void load() {
        this.serverHost = ConfigUtils.getString(this.props, SERVER_HOST, "localhost");
        this.serverPort = ConfigUtils.getInt(this.props, SERVER_PORT, DEFAULT_SERVER_PORT);
        this.serverPrivilegedPort = ConfigUtils.getInt(this.props, SERVER_PRIVILEGED_PORT, DEFAULT_SERVER_PRIVILEGED_PORT);
        this.clientMode = ClientMode.valueOf(ConfigUtils.getString(this.props, MODE, DEFAULT_CLIENT_MODE.toString()).toUpperCase());
        if (this.clientMode.equals(ClientMode.CLIENT)) {
            this.entityId = ConfigUtils.getString(this.props, ENTITY_ID, (String) null);
            if (this.entityId == null) {
                this.entityId = ConfigUtils.getString(this.props, CERT_HOLDER_ID, (String) null);
            }
            Preconditions.checkArgument(this.entityId != null, "scalar.dl.client.entity.id or scalar.dl.client.cert_holder_id are missing but either is required.");
            this.certVersion = ConfigUtils.getInt(this.props, DS_CERT_VERSION, 0);
            if (this.certVersion <= 0) {
                this.certVersion = ConfigUtils.getInt(this.props, CERT_VERSION, 1);
            }
            this.cert = ConfigUtils.getString(this.props, DS_CERT_PEM, (String) null);
            if (this.cert == null) {
                this.cert = ConfigUtils.getStringFromFilePath(this.props, DS_CERT_PATH, (String) null);
            }
            if (this.cert == null) {
                this.cert = ConfigUtils.getString(this.props, CERT_PEM, (String) null);
            }
            if (this.cert == null) {
                this.cert = ConfigUtils.getStringFromFilePath(this.props, CERT_PATH, (String) null);
            }
            this.privateKey = ConfigUtils.getString(this.props, DS_PRIVATE_KEY_PEM, (String) null);
            if (this.privateKey == null) {
                this.privateKey = ConfigUtils.getStringFromFilePath(this.props, DS_PRIVATE_KEY_PATH, (String) null);
            }
            if (this.privateKey == null) {
                this.privateKey = ConfigUtils.getString(this.props, PRIVATE_KEY_PEM, (String) null);
            }
            if (this.privateKey == null) {
                this.privateKey = ConfigUtils.getStringFromFilePath(this.props, PRIVATE_KEY_PATH, (String) null);
            }
            this.secretKeyVersion = ConfigUtils.getInt(this.props, HMAC_SECRET_KEY_VERSION, 1);
            this.secretKey = ConfigUtils.getString(this.props, HMAC_SECRET_KEY, (String) null);
            this.authenticationMethod = AuthenticationMethod.get(((String) Objects.requireNonNull(ConfigUtils.getString(this.props, AUTHENTICATION_METHOD, DEFAULT_AUTHENTICATION_METHOD.getMethod()))).toLowerCase());
            validateAuthentication();
            if (this.authenticationMethod == AuthenticationMethod.DIGITAL_SIGNATURE) {
                this.digitalSignatureIdentityConfig = createDigitalSignatureIdentityConfig();
            } else {
                if (this.authenticationMethod != AuthenticationMethod.HMAC) {
                    throw new IllegalArgumentException("Authentication method must be either digital-signature or hmac for the client mode.");
                }
                this.hmacIdentityConfig = createHmacIdentityConfig();
            }
        } else {
            this.authenticationMethod = AuthenticationMethod.get(((String) Objects.requireNonNull(ConfigUtils.getString(this.props, AUTHENTICATION_METHOD, AuthenticationMethod.PASS_THROUGH.getMethod()))).toLowerCase());
            if (this.authenticationMethod != AuthenticationMethod.PASS_THROUGH) {
                throw new IllegalArgumentException("Authentication method must be pass-through for the intermediary mode.");
            }
        }
        this.isTlsEnabled = ConfigUtils.getBoolean(this.props, TLS_ENABLED, false);
        this.tlsCaRootCert = ConfigUtils.getString(this.props, TLS_CA_ROOT_CERT_PEM, (String) null);
        if (this.tlsCaRootCert == null) {
            this.tlsCaRootCert = ConfigUtils.getStringFromFilePath(this.props, TLS_CA_ROOT_CERT_PATH, (String) null);
        }
        this.tlsOverrideAuthority = ConfigUtils.getString(this.props, TLS_OVERRIDE_AUTHORITY, (String) null);
        this.authorizationCredential = ConfigUtils.getString(this.props, AUTHORIZATION_CREDENTIAL, (String) null);
        this.grpcClientConfig = GrpcClientConfig.newBuilder().deadlineDurationMillis(ConfigUtils.getLong(this.props, GRPC_DEADLINE_DURATION_MILLIS, DEFAULT_DEADLINE_DURATION_MILLIS)).maxInboundMessageSize(ConfigUtils.getInt(this.props, GRPC_MAX_INBOUND_MESSAGE_SIZE, 0)).maxInboundMetadataSize(ConfigUtils.getInt(this.props, GRPC_MAX_INBOUND_METADATA_SIZE, 0)).build();
        this.isAuditorEnabled = ConfigUtils.getBoolean(this.props, AUDITOR_ENABLED, false);
        if (this.isAuditorEnabled) {
            this.auditorHost = ConfigUtils.getString(this.props, AUDITOR_HOST, "localhost");
            this.auditorPort = ConfigUtils.getInt(this.props, AUDITOR_PORT, DEFAULT_AUDITOR_PORT);
            this.auditorPrivilegedPort = ConfigUtils.getInt(this.props, AUDITOR_PRIVILEGED_PORT, DEFAULT_AUDITOR_PRIVILEGED_PORT);
            this.isAuditorTlsEnabled = ConfigUtils.getBoolean(this.props, AUDITOR_TLS_ENABLED, false);
            this.auditorTlsCaRootCert = ConfigUtils.getString(this.props, AUDITOR_TLS_CA_ROOT_CERT_PEM, (String) null);
            if (this.auditorTlsCaRootCert == null) {
                this.auditorTlsCaRootCert = ConfigUtils.getStringFromFilePath(this.props, AUDITOR_TLS_CA_ROOT_CERT_PATH, (String) null);
            }
            this.auditorTlsOverrideAuthority = ConfigUtils.getString(this.props, AUDITOR_TLS_OVERRIDE_AUTHORITY, (String) null);
            this.auditorAuthorizationCredential = ConfigUtils.getString(this.props, AUDITOR_AUTHORIZATION_CREDENTIAL, (String) null);
            this.auditorLinearizableValidationContractId = ConfigUtils.getString(this.props, AUDITOR_LINEARIZABLE_VALIDATION_CONTRACT_ID, DEFAULT_AUDITOR_LINEARIZABLE_VALIDATION_CONTRACT_ID);
        }
        this.ledgerTargetConfig = createLedgerTargetConfig();
        this.auditorTargetConfig = createAuditorTargetConfig();
    }

    private void validateAuthentication() {
        if (this.authenticationMethod == AuthenticationMethod.DIGITAL_SIGNATURE && (this.cert == null || this.privateKey == null)) {
            throw new IllegalArgumentException("Both cert and private_key must be set to use digital signature.");
        }
        if (this.authenticationMethod == AuthenticationMethod.HMAC && this.secretKey == null) {
            throw new IllegalArgumentException("secret_key must be set to use HMAC authentication.");
        }
    }

    @Nonnull
    private DigitalSignatureIdentityConfig createDigitalSignatureIdentityConfig() {
        return DigitalSignatureIdentityConfig.newBuilder().entityId(this.entityId).certVersion(this.certVersion).cert(this.cert).privateKey(this.privateKey).build();
    }

    @Nonnull
    private HmacIdentityConfig createHmacIdentityConfig() {
        return HmacIdentityConfig.newBuilder().entityId(this.entityId).secretKeyVersion(this.secretKeyVersion).secretKey(this.secretKey).build();
    }

    @Nonnull
    private TargetConfig createLedgerTargetConfig() {
        return TargetConfig.newBuilder().host(this.serverHost).port(this.serverPort).privilegedPort(this.serverPrivilegedPort).tlsEnabled(this.isTlsEnabled).tlsCaRootCert(this.tlsCaRootCert).tlsOverrideAuthority(this.tlsOverrideAuthority).authorizationCredential(this.authorizationCredential).grpcClientConfig(this.grpcClientConfig).build();
    }

    @Nullable
    private TargetConfig createAuditorTargetConfig() {
        if (this.isAuditorEnabled) {
            return TargetConfig.newBuilder().host(this.auditorHost).port(this.auditorPort).privilegedPort(this.auditorPrivilegedPort).tlsEnabled(this.isAuditorTlsEnabled).tlsCaRootCert(this.auditorTlsCaRootCert).tlsOverrideAuthority(this.auditorTlsOverrideAuthority).authorizationCredential(this.auditorAuthorizationCredential).grpcClientConfig(this.grpcClientConfig).build();
        }
        return null;
    }
}
