package org.mule.runtime.core.api.extension.provider;

import org.mule.metadata.api.model.MetadataType;
import org.mule.runtime.api.meta.Category;
import org.mule.runtime.api.meta.ExpressionSupport;
import org.mule.runtime.api.meta.model.ModelProperty;
import org.mule.runtime.api.meta.model.XmlDslModel;
import org.mule.runtime.api.meta.model.declaration.fluent.ConstructDeclarer;
import org.mule.runtime.api.meta.model.declaration.fluent.ExtensionDeclarer;
import org.mule.runtime.api.meta.model.declaration.fluent.NestedComponentDeclarer;
import org.mule.runtime.api.meta.model.declaration.fluent.OptionalParameterDeclarer;
import org.mule.runtime.api.meta.model.declaration.fluent.ParameterDeclarer;
import org.mule.runtime.api.meta.model.declaration.fluent.ParameterGroupDeclarer;
import org.mule.runtime.api.meta.model.display.DisplayModel;
import org.mule.runtime.api.meta.model.display.LayoutModel;
import org.mule.runtime.api.meta.model.display.PathModel;
import org.mule.runtime.core.internal.extension.CustomBuildingDefinitionProviderModelProperty;
import org.mule.runtime.extension.api.ExtensionConstants;
import org.mule.runtime.internal.dsl.DslConstants;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/mule/runtime/core/api/extension/provider/TlsExtensionModelDeclarer.class */
public class TlsExtensionModelDeclarer {
    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    public ExtensionDeclarer createExtensionModel() {
        ExtensionDeclarer withXmlDsl = new ExtensionDeclarer().named("tls").describedAs("Mule Runtime and Integration Platform: TLS components").onVersion(MuleExtensionModelProvider.MULE_VERSION).fromVendor(MuleExtensionModelProvider.MULESOFT_VENDOR).supportingJavaVersions(ExtensionConstants.ALL_SUPPORTED_JAVA_VERSIONS).withCategory(Category.COMMUNITY).withModelProperty((ModelProperty) new CustomBuildingDefinitionProviderModelProperty()).withXmlDsl(XmlDslModel.builder().setPrefix("tls").setNamespace(MuleExtensionModelProvider.MULE_TLS_NAMESPACE).setSchemaVersion(MuleExtensionModelProvider.MULE_VERSION).setXsdFileName("tls.xsd").setSchemaLocation("http://www.mulesoft.org/schema/mule/tls/current/mule-tls.xsd").build());
        ConstructDeclarer allowingTopLevelDefinition = ((ConstructDeclarer) withXmlDsl.withConstruct(DslConstants.TLS_CONTEXT_ELEMENT_IDENTIFIER).describedAs("Reusable configuration element for TLS. A TLS context optionally defines a key store and a trust store.\nThe key store contains the private and public keys of this server/client. The trust store contains\ncertificates of the trusted servers/clients.")).allowingTopLevelDefinition();
        ParameterGroupDeclarer onDefaultParameterGroup = allowingTopLevelDefinition.onDefaultParameterGroup();
        stringParam(onDefaultParameterGroup, "name", "Reusable configuration element for TLS. A TLS context optionally defines a key store and a trust store.\nThe key store contains the private and public keys of this server/client.\nThe trust store contains certificates of the trusted servers/clients.").asComponentId();
        optionalStringParam(onDefaultParameterGroup, "enabledProtocols", "A comma separated list of protocols enabled for this context.");
        optionalStringParam(onDefaultParameterGroup, "enabledCipherSuites", "A comma separated list of cipher suites enabled for this context.");
        declareTrustStore(allowingTopLevelDefinition);
        declareKeyStore(allowingTopLevelDefinition);
        declareRevocationCheck(allowingTopLevelDefinition);
        return withXmlDsl;
    }

    private void declareRevocationCheck(ConstructDeclarer constructDeclarer) {
        NestedComponentDeclarer describedAs = constructDeclarer.withOptionalComponent("revocationCheck").describedAs("Enable certificate revocation checking.");
        ParameterGroupDeclarer withDslInlineRepresentation = describedAs.onParameterGroup("standardRevocationCheck").withDslInlineRepresentation(true);
        booleanParam(withDslInlineRepresentation, "onlyEndEntities", "Only check the revocation status of end-entity certificates.");
        booleanParam(withDslInlineRepresentation, "preferCrls", "Prefer CRLs to OCSP. The default behavior is to prefer OCSP.");
        booleanParam(withDslInlineRepresentation, "noFallback", "Disable the fallback mechanism (the alternative algorithm, for instance if CRLs are selected it would be OCSP)");
        booleanParam(withDslInlineRepresentation, "softFail", "Allow revocation check to succeed if the revocation status cannot be determined because of network or server errors. This is a possible security risk.");
        configurePathParameter(optionalStringParam(describedAs.onParameterGroup("crlFile").withDslInlineRepresentation(true), "path", "The path to a CRL (Certificate Revocation List) file to be used for this trust store. A certificate mentioned there will not be accepted for authentication."));
        ParameterGroupDeclarer withDslInlineRepresentation2 = describedAs.onParameterGroup("customOcspResponder").withDslInlineRepresentation(true);
        optionalStringParam(withDslInlineRepresentation2, "url", "URL that identifies the location of the OCSP responder. This is used instead of the corresponding field in the certificate extension.");
        optionalStringParam(withDslInlineRepresentation2, "certAlias", "Alias of the certificate that signs the OCSP response, instead of the corresponding CA. Must be present in the trust store.");
    }

    private void declareKeyStore(ConstructDeclarer constructDeclarer) {
        ParameterGroupDeclarer withDslInlineRepresentation = constructDeclarer.onParameterGroup("keyStore").withDslInlineRepresentation(true);
        declarePathParameter(withDslInlineRepresentation, "key store");
        declareStoreTypeParameter(withDslInlineRepresentation);
        optionalStringParam(withDslInlineRepresentation, "alias", "When the key store contains many private keys, this attribute indicates the alias of the key that should be used. If not defined, the first key in the file will be used by default.");
        optionalStringParam(withDslInlineRepresentation, "keyPassword", "The password used to protect the private key.").withLayout(LayoutModel.builder().asPassword().build());
        optionalStringParam(withDslInlineRepresentation, "password", "The password used to protect the key store.").withLayout(LayoutModel.builder().asPassword().build());
        optionalStringParam(withDslInlineRepresentation, "algorithm", "The algorithm used by the key store.");
    }

    private void declareTrustStore(ConstructDeclarer constructDeclarer) {
        ParameterGroupDeclarer withDslInlineRepresentation = constructDeclarer.onParameterGroup("trustStore").withDslInlineRepresentation(true);
        declarePathParameter(withDslInlineRepresentation, "trust store");
        optionalStringParam(withDslInlineRepresentation, "password", "The password used to protect the trust store.").withLayout(LayoutModel.builder().asPassword().build());
        declareStoreTypeParameter(withDslInlineRepresentation);
        optionalStringParam(withDslInlineRepresentation, "algorithm", "The algorithm used by the trust store.");
        booleanParam(withDslInlineRepresentation, "insecure", "If true, no certificate validations will be performed.");
    }

    private void declareStoreTypeParameter(ParameterGroupDeclarer parameterGroupDeclarer) {
        optionalStringParam(parameterGroupDeclarer, "type", "The type of store used.").withDisplayModel(DisplayModel.builder().example("jks, jceks, pkcs12 or other store type").build());
    }

    private void declarePathParameter(ParameterGroupDeclarer parameterGroupDeclarer, String str) {
        configurePathParameter(optionalStringParam(parameterGroupDeclarer, "path", "The location (which will be resolved relative to the current classpath and file system, if possible) of the " + str));
    }

    private void configurePathParameter(ParameterDeclarer parameterDeclarer) {
        parameterDeclarer.withDisplayModel(DisplayModel.builder().path(new PathModel(PathModel.Type.FILE, false, PathModel.Location.EMBEDDED, new String[0])).build());
    }

    private ParameterDeclarer stringParam(ParameterGroupDeclarer parameterGroupDeclarer, String str, String str2) {
        return parameterGroupDeclarer.withRequiredParameter(str).describedAs(str2).ofType(MuleExtensionModelProvider.STRING_TYPE).withExpressionSupport(ExpressionSupport.NOT_SUPPORTED);
    }

    private OptionalParameterDeclarer booleanParam(ParameterGroupDeclarer parameterGroupDeclarer, String str, String str2) {
        return optionalParam(parameterGroupDeclarer, str, str2, MuleExtensionModelProvider.BOOLEAN_TYPE).defaultingTo(false);
    }

    private OptionalParameterDeclarer optionalStringParam(ParameterGroupDeclarer parameterGroupDeclarer, String str, String str2) {
        return optionalParam(parameterGroupDeclarer, str, str2, MuleExtensionModelProvider.STRING_TYPE);
    }

    private OptionalParameterDeclarer optionalParam(ParameterGroupDeclarer parameterGroupDeclarer, String str, String str2, MetadataType metadataType) {
        return parameterGroupDeclarer.withOptionalParameter(str).describedAs(str2).ofType(metadataType).withExpressionSupport(ExpressionSupport.NOT_SUPPORTED);
    }
}
