package com.daml.ledger.api.auth;

import com.daml.jwt.JwtSigner$Error$;
import com.daml.jwt.JwtSigner$RSA256$;
import com.daml.jwt.KeyUtils$;
import com.daml.jwt.domain.DecodedJwt;
import com.daml.jwt.domain.Jwt;
import com.daml.ledger.api.auth.Main;
import java.io.File;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.security.interfaces.RSAPrivateKey;
import java.time.Instant;
import scala.Console$;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Predef$;
import scala.Predef$ArrowAssoc$;
import scala.Some;
import scala.collection.Seq;
import scala.collection.TraversableOnce;
import scala.collection.immutable.List;
import scala.collection.immutable.List$;
import scala.runtime.BoxedUnit;
import scala.runtime.BoxesRunTime;
import scala.runtime.Nothing$;
import scalaz.syntax.package$;
import scopt.OptionDef;
import scopt.OptionParser;
import scopt.Read$;

/* compiled from: Main.scala */
/* loaded from: input_file:com/daml/ledger/api/auth/Main$.class */
public final class Main$ {
    public static Main$ MODULE$;
    private final OptionParser<Main.Config> configParser;

    static {
        new Main$();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String defaultKeyId(File file) {
        String name = file.getName();
        int lastIndexOf = name.lastIndexOf(".");
        return (lastIndexOf <= 0 || lastIndexOf >= name.length() - 1) ? name : name.substring(0, lastIndexOf);
    }

    public void main(String[] strArr) {
        Main.Config config;
        boolean z = false;
        Some some = null;
        Option<Main.Config> parseConfig = parseConfig(Predef$.MODULE$.wrapRefArray(strArr));
        if (parseConfig instanceof Some) {
            z = true;
            some = (Some) parseConfig;
            Main.Config config2 = (Main.Config) some.value();
            if (config2 != null) {
                Some command = config2.command();
                if (command instanceof Some) {
                    Main.Command command2 = (Main.Command) command.value();
                    if (command2 instanceof Main.GenerateJwks) {
                        Main.GenerateJwks generateJwks = (Main.GenerateJwks) command2;
                        Some output = generateJwks.output();
                        List<File> publicKeys = generateJwks.publicKeys();
                        if (output instanceof Some) {
                            Files.write(((File) output.value()).toPath(), KeyUtils$.MODULE$.generateJwks(((TraversableOnce) publicKeys.map(file -> {
                                return Predef$ArrowAssoc$.MODULE$.$minus$greater$extension(Predef$.MODULE$.ArrowAssoc(MODULE$.defaultKeyId(file)), KeyUtils$.MODULE$.readRSAPublicKeyFromCrt(file).fold(th -> {
                                    return MODULE$.handleGenerateTokensError("Error loading RSA public key from a X509 certificate file.", th.getMessage());
                                }, rSAPublicKey -> {
                                    return rSAPublicKey;
                                }));
                            }, List$.MODULE$.canBuildFrom())).toMap(Predef$.MODULE$.$conforms())).getBytes(StandardCharsets.UTF_8), new OpenOption[0]);
                            BoxedUnit boxedUnit = BoxedUnit.UNIT;
                            return;
                        }
                    }
                }
            }
        }
        if (z && (config = (Main.Config) some.value()) != null) {
            Some command3 = config.command();
            if (command3 instanceof Some) {
                Main.Command command4 = (Main.Command) command3.value();
                if (command4 instanceof Main.GenerateToken) {
                    Main.GenerateToken generateToken = (Main.GenerateToken) command4;
                    Some output2 = generateToken.output();
                    Some signingKey = generateToken.signingKey();
                    Option<String> ledgerId = generateToken.ledgerId();
                    Option<String> applicationId = generateToken.applicationId();
                    Option<Instant> exp = generateToken.exp();
                    Option<String> kid = generateToken.kid();
                    List<String> parties = generateToken.parties();
                    boolean admin = generateToken.admin();
                    if (output2 instanceof Some) {
                        File file2 = (File) output2.value();
                        if (signingKey instanceof Some) {
                            File file3 = (File) signingKey.value();
                            String str = (String) kid.getOrElse(() -> {
                                return MODULE$.defaultKeyId(file3);
                            });
                            AuthServiceJWTPayload authServiceJWTPayload = new AuthServiceJWTPayload(ledgerId, None$.MODULE$, applicationId, exp, admin, parties, parties);
                            RSAPrivateKey rSAPrivateKey = (RSAPrivateKey) KeyUtils$.MODULE$.readRSAPrivateKeyFromDer(file3).fold(th -> {
                                return MODULE$.handleGenerateTokensError("Error loading RSA private key from a PKCS8/DER file. Use the following command to convert a PEM encoded private key: openssl pkcs8 -topk8 -inform PEM -outform DER -in private-key.pem -nocrypt > private-key.der.", th.getMessage());
                            }, rSAPrivateKey2 -> {
                                return rSAPrivateKey2;
                            });
                            String compactPrint = AuthServiceJWTCodec$.MODULE$.compactPrint(authServiceJWTPayload);
                            String sb = new StringBuilder(41).append("{\"alg\": \"RS256\", \"typ\": \"JWT\", \"kid\": \"").append(str).append("\"}").toString();
                            Jwt jwt = (Jwt) JwtSigner$RSA256$.MODULE$.sign(new DecodedJwt(sb, compactPrint), rSAPrivateKey).valueOr(error -> {
                                return MODULE$.handleGenerateTokensError("Error signing JWT token", package$.MODULE$.show().ToShowOps(error, JwtSigner$Error$.MODULE$.showInstance()).shows());
                            });
                            Files.write(file2.toPath(), jwt.value().getBytes(StandardCharsets.UTF_8), new OpenOption[0]);
                            Files.write(changeExtension$1(file2, "-bearer.txt").toPath(), jwt.value().getBytes(StandardCharsets.UTF_8), new OpenOption[0]);
                            Files.write(changeExtension$1(file2, "-payload.json").toPath(), compactPrint.getBytes(StandardCharsets.UTF_8), new OpenOption[0]);
                            Files.write(changeExtension$1(file2, "-header.json").toPath(), sb.getBytes(StandardCharsets.UTF_8), new OpenOption[0]);
                            BoxedUnit boxedUnit2 = BoxedUnit.UNIT;
                            return;
                        }
                    }
                }
            }
        }
        if (z) {
            configParser().showUsage();
            throw scala.sys.package$.MODULE$.exit(Main$ErrorCodes$.MODULE$.InvalidUsage());
        }
        if (!None$.MODULE$.equals(parseConfig)) {
            throw new MatchError(parseConfig);
        }
        throw scala.sys.package$.MODULE$.exit(Main$ErrorCodes$.MODULE$.InvalidUsage());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Nothing$ handleGenerateTokensError(String str, String str2) {
        Console$.MODULE$.println(new StringBuilder(11).append(str).append(". Details: ").append(str2).toString());
        return scala.sys.package$.MODULE$.exit(Main$ErrorCodes$.MODULE$.GenerateTokensError());
    }

    private Option<Main.Config> parseConfig(Seq<String> seq) {
        return configParser().parse(seq, new Main.Config(Main$Config$.MODULE$.apply$default$1()));
    }

    private OptionParser<Main.Config> configParser() {
        return this.configParser;
    }

    private static final File changeExtension$1(File file, String str) {
        String name = file.getName();
        String substring = name.contains(".") ? name.substring(0, name.lastIndexOf(46)) : name;
        return new File(file.getParentFile(), new StringBuilder(0).append(name).append(str).toString());
    }

    private Main$() {
        MODULE$ = this;
        this.configParser = new OptionParser<Main.Config>() { // from class: com.daml.ledger.api.auth.Main$$anon$1
            public static final /* synthetic */ Main.Config $anonfun$new$21(boolean z, Main.Config config) {
                return config.copy(config.command().map(command -> {
                    Main.GenerateToken generateToken = (Main.GenerateToken) command;
                    return generateToken.copy(generateToken.copy$default$1(), generateToken.copy$default$2(), generateToken.copy$default$3(), generateToken.copy$default$4(), generateToken.copy$default$5(), generateToken.copy$default$6(), generateToken.copy$default$7(), generateToken.copy$default$8(), z);
                }));
            }

            public static final /* synthetic */ Main.Config $anonfun$new$23(boolean z, Main.Config config) {
                return config.copy(config.command().map(command -> {
                    Main.GenerateToken generateToken = (Main.GenerateToken) command;
                    return generateToken.copy(generateToken.copy$default$1(), generateToken.copy$default$2(), generateToken.copy$default$3(), generateToken.copy$default$4(), generateToken.copy$default$5(), generateToken.copy$default$6(), generateToken.copy$default$7(), generateToken.copy$default$8(), z);
                }));
            }

            {
                cmd("generate-jwks").text("Generate a JWKS JSON object for the given set of RSA public keys").action((boxedUnit, config) -> {
                    return config.copy(new Some(new Main.GenerateJwks(Main$GenerateJwks$.MODULE$.apply$default$1(), Main$GenerateJwks$.MODULE$.apply$default$2())));
                }).children(Predef$.MODULE$.wrapRefArray(new OptionDef[]{opt("output", Read$.MODULE$.fileRead()).required().text("The output file").valueName("<paths>").action((file, config2) -> {
                    return config2.copy(config2.command().map(command -> {
                        Main.GenerateJwks generateJwks = (Main.GenerateJwks) command;
                        return generateJwks.copy(new Some(file), generateJwks.copy$default$2());
                    }));
                }), opt("keys", Read$.MODULE$.seqRead(Read$.MODULE$.fileRead())).required().text("List of RSA certificates (.crt)").valueName("<paths>").action((seq, config3) -> {
                    return config3.copy(config3.command().map(command -> {
                        Main.GenerateJwks generateJwks = (Main.GenerateJwks) command;
                        return generateJwks.copy(generateJwks.copy$default$1(), seq.toList());
                    }));
                })}));
                cmd("generate-token").text("Generate a signed access token for the DAML ledger API").action((boxedUnit2, config4) -> {
                    return config4.copy(new Some(new Main.GenerateToken(Main$GenerateToken$.MODULE$.apply$default$1(), Main$GenerateToken$.MODULE$.apply$default$2(), Main$GenerateToken$.MODULE$.apply$default$3(), Main$GenerateToken$.MODULE$.apply$default$4(), Main$GenerateToken$.MODULE$.apply$default$5(), Main$GenerateToken$.MODULE$.apply$default$6(), Main$GenerateToken$.MODULE$.apply$default$7(), Main$GenerateToken$.MODULE$.apply$default$8(), Main$GenerateToken$.MODULE$.apply$default$9())));
                }).children(Predef$.MODULE$.wrapRefArray(new OptionDef[]{opt("output", Read$.MODULE$.fileRead()).required().text("The output file").valueName("<paths>").action((file2, config5) -> {
                    return config5.copy(config5.command().map(command -> {
                        Main.GenerateToken generateToken = (Main.GenerateToken) command;
                        return generateToken.copy(new Some(file2), generateToken.copy$default$2(), generateToken.copy$default$3(), generateToken.copy$default$4(), generateToken.copy$default$5(), generateToken.copy$default$6(), generateToken.copy$default$7(), generateToken.copy$default$8(), generateToken.copy$default$9());
                    }));
                }), opt("key", Read$.MODULE$.fileRead()).required().text("The RSA private key (.der)").valueName("<path>").action((file3, config6) -> {
                    return config6.copy(config6.command().map(command -> {
                        Main.GenerateToken generateToken = (Main.GenerateToken) command;
                        return generateToken.copy(generateToken.copy$default$1(), new Some(file3), generateToken.copy$default$3(), generateToken.copy$default$4(), generateToken.copy$default$5(), generateToken.copy$default$6(), generateToken.copy$default$7(), generateToken.copy$default$8(), generateToken.copy$default$9());
                    }));
                }), opt("parties", Read$.MODULE$.seqRead(Read$.MODULE$.stringRead())).required().text("Parties to generate tokens for").valueName("<list of parties>").action((seq2, config7) -> {
                    return config7.copy(config7.command().map(command -> {
                        Main.GenerateToken generateToken = (Main.GenerateToken) command;
                        return generateToken.copy(generateToken.copy$default$1(), generateToken.copy$default$2(), generateToken.copy$default$3(), generateToken.copy$default$4(), generateToken.copy$default$5(), generateToken.copy$default$6(), seq2.toList(), generateToken.copy$default$8(), generateToken.copy$default$9());
                    }));
                }), opt("ledgerId", Read$.MODULE$.stringRead()).optional().text("Restrict validity of the token to this ledger ID. Default: None, token is valid for all ledgers.").action((str, config8) -> {
                    return config8.copy(config8.command().map(command -> {
                        Main.GenerateToken generateToken = (Main.GenerateToken) command;
                        return generateToken.copy(generateToken.copy$default$1(), generateToken.copy$default$2(), new Some(str), generateToken.copy$default$4(), generateToken.copy$default$5(), generateToken.copy$default$6(), generateToken.copy$default$7(), generateToken.copy$default$8(), generateToken.copy$default$9());
                    }));
                }), opt("applicationId", Read$.MODULE$.stringRead()).optional().text("Restrict validity of the token to this application ID. Default: None, token is valid for all applications.").action((str2, config9) -> {
                    return config9.copy(config9.command().map(command -> {
                        Main.GenerateToken generateToken = (Main.GenerateToken) command;
                        return generateToken.copy(generateToken.copy$default$1(), generateToken.copy$default$2(), generateToken.copy$default$3(), new Some(str2), generateToken.copy$default$5(), generateToken.copy$default$6(), generateToken.copy$default$7(), generateToken.copy$default$8(), generateToken.copy$default$9());
                    }));
                }), opt("exp", Read$.MODULE$.stringRead()).optional().text("Token expiration date, in ISO 8601 format. Default: no expiration date.").action((str3, config10) -> {
                    return config10.copy(config10.command().map(command -> {
                        Main.GenerateToken generateToken = (Main.GenerateToken) command;
                        return generateToken.copy(generateToken.copy$default$1(), generateToken.copy$default$2(), generateToken.copy$default$3(), generateToken.copy$default$4(), new Some(Instant.parse(str3)), generateToken.copy$default$6(), generateToken.copy$default$7(), generateToken.copy$default$8(), generateToken.copy$default$9());
                    }));
                }), opt("kid", Read$.MODULE$.stringRead()).optional().text("The key id, as used in JWKS. Default: the file name of the RSA private key.").action((str4, config11) -> {
                    return config11.copy(config11.command().map(command -> {
                        Main.GenerateToken generateToken = (Main.GenerateToken) command;
                        return generateToken.copy(generateToken.copy$default$1(), generateToken.copy$default$2(), generateToken.copy$default$3(), generateToken.copy$default$4(), new Some(Instant.parse(str4)), generateToken.copy$default$6(), generateToken.copy$default$7(), generateToken.copy$default$8(), generateToken.copy$default$9());
                    }));
                }), opt("admin", Read$.MODULE$.booleanRead()).optional().text("If set, authorizes the bearer to use admin endpoints. Default: false").action((obj, config12) -> {
                    return $anonfun$new$21(BoxesRunTime.unboxToBoolean(obj), config12);
                }), opt("readonly", Read$.MODULE$.booleanRead()).optional().text("If set, prevents the bearer from acting on the ledger. Default: false").action((obj2, config13) -> {
                    return $anonfun$new$23(BoxesRunTime.unboxToBoolean(obj2), config13);
                })}));
            }
        };
    }
}
