package oracle.kv.impl.util;

import java.io.File;
import java.util.Arrays;
import oracle.kv.impl.admin.client.CommandUtils;
import oracle.kv.impl.admin.param.BootstrapParams;
import oracle.kv.impl.admin.param.SecurityParams;
import oracle.kv.impl.param.ParameterMap;
import oracle.kv.impl.security.PasswordManager;
import oracle.kv.impl.security.PasswordStoreException;
import oracle.kv.impl.security.util.SecurityUtils;
import oracle.kv.impl.topo.StorageNodeId;
import oracle.kv.impl.util.SecurityConfigCreator;
import oracle.kv.util.shell.CommandWithSubs;
import oracle.kv.util.shell.Shell;
import oracle.kv.util.shell.ShellException;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:oracle/kv/impl/util/SecurityConfigCommand.class */
public class SecurityConfigCommand extends CommandWithSubs {
    static final String ROOT_FLAG = "-root";
    static final String PWDMGR_FLAG = "-pwdmgr";
    static final String PASSMGR_WALLET = "wallet";
    static final String PASSMGR_PWDFILE = "pwdfile";
    static final String KEYSTORE_PASSWORD_FLAG = "-kspwd";
    static final String SECURITY_DIR_FLAG = "-secdir";
    static final String CERT_MODE_FLAG = "-certmode";
    static final String SECURITY_PARAM_FLAG = "-security-param";
    static final String PARAM_FLAG = "-param";
    static final String EXTERNAL_AUTH_FLAG = "-external-auth";
    static final String CONFIG_FLAG = "-config";
    static final String SOURCE_ROOT_FLAG = "-source-root";
    static final String SOURCE_SECURITY_DIR_FLAG = "-source-secdir";
    static final String KRB_CONF_FLAG = "-krb-conf";
    static final String KRB_INSTANCE_NAME = "-instance-name";
    static final String KRB_KADMIN_PATH = "-kadmin-path";
    static final String KRB_KADMIN_KEYTAB = "-kadmin-keytab";
    static final String KRB_KADMIN_CCACHE = "-kadmin-ccache";
    static final String KRB_ADMIN_PRINC = "-admin-principal";
    static final String KRB_PRINC_CONF_PARAM = "-princ-conf-param";
    static final String KRB_RENEW_KEYTAB = "-renew-keytab";
    static final String KRB_KEYSALT_LIST = "-keysalt";
    private static final String BASIC_CREATE_COMMAND_ARGS = "[-secdir <security dir>] [-pwdmgr {pwdfile | wallet | <class-name>}] \n\t[-kspwd <password>] \n\t[-external-auth {kerberos}]\n\t  [-krb-conf <kerberos configuration>] \n\t  [-kadmin-path <kadmin utility path>] \n\t  [-instance-name <database instance name>] \n\t  [-admin-principal <kerberos admin principal name>] \n\t  [-kadmin-keytab <keytab file>] \n\t  [-kadmin-ccache <credential cache file>] \n\t  [-princ-conf-param <param=value>]* ";
    private static final String CREATE_COMMAND_ARGS = "-root <secroot> \n\t[-secdir <security dir>] [-pwdmgr {pwdfile | wallet | <class-name>}] \n\t[-kspwd <password>] \n\t[-external-auth {kerberos}]\n\t  [-krb-conf <kerberos configuration>] \n\t  [-kadmin-path <kadmin utility path>] \n\t  [-instance-name <database instance name>] \n\t  [-admin-principal <kerberos admin principal name>] \n\t  [-kadmin-keytab <keytab file>] \n\t  [-kadmin-ccache <credential cache file>] \n\t  [-princ-conf-param <param=value>]* \n\t[-param <param=value>]* ";
    private static final String OTHER_ARGS = " [-certmode { shared | server }] ";
    private static final String ADD_SECURITY_COMMAND_ARGS = "-root <kvroot> [-secdir <security dir>] [-config <config.xml>]";
    private static final String REMOVE_SECURITY_COMMAND_ARGS = "-root <kvroot> [-config <config.xml>]";
    private static final String MERGE_TRUST_COMMAND_ARGS = "-root <secroot> [-secdir <security dir>] -source-root <source secroot> [-source-secdir <source secdir>]";
    private static final String UPDATE_SECURITY_COMMAND_ARGS = "-secdir <security dir> [-param <param=value>]*";
    private static final String VERIFY_SECURITY_COMMAND_ARGS = "-secdir <security dir>";
    private static final String SHOW_SECURITY_COMMAND_ARGS = "-secdir <security dir>";
    private static final String ADD_KERBEROS_COMMAND_ARGS = "-root <secroot> [-secdir <security dir>] \n\t[-krb-conf <kerberos configuration>] \n\t[-kadmin-path <kadmin utility path>]\n\t[-instance-name <database instance name>] \n\t[-admin-principal <kerberos admin principal name>]\n\t[-kadmin-keytab <keytab file>] \n\t[-kadmin-ccache <credential cache file>] \n\t[-princ-conf-param <param=value>]* \n\t[-param <param=value>]*";
    private static final String RENEW_KEYTAB_COMMAND_ARGS = "-root <secroot> [-secdir <security dir>] \n\t[-keysalt <enc:salt[,enc:salt,..]>] \n\t[-kadmin-path <kadmin utility path>]\n\t[-admin-principal <kerberos admin principal name>]\n\t[-kadmin-keytab <keytab file>] \n\t[-kadmin-ccache <credential cache file>] ";

    /* loaded from: input_file:oracle/kv/impl/util/SecurityConfigCommand$ConfigParserHelper.class */
    static class ConfigParserHelper {
        private final CommandParser parser;
        private final SecurityConfigCreator.ParsedConfig config = new SecurityConfigCreator.ParsedConfig();

        public ConfigParserHelper(CommandParser commandParser) {
            this.parser = commandParser;
        }

        public boolean checkArg(String str) {
            if (str.equals(SecurityConfigCommand.PWDMGR_FLAG)) {
                this.config.setPwdmgr(this.parser.nextArg(str));
                return true;
            }
            if (str.equals(SecurityConfigCommand.KEYSTORE_PASSWORD_FLAG)) {
                this.config.setKeystorePassword(this.parser.nextArg(str).toCharArray());
                return true;
            }
            if (str.equals("-secdir")) {
                this.config.setSecurityDir(this.parser.nextArg(str));
                return true;
            }
            if (str.equals(SecurityConfigCommand.CERT_MODE_FLAG)) {
                this.config.setCertMode(this.parser.nextArg(str));
                return true;
            }
            if (str.equals(SecurityConfigCommand.EXTERNAL_AUTH_FLAG)) {
                this.config.setUserExternalAuth(this.parser.nextArg(str));
                return true;
            }
            if (str.equals(SecurityConfigCommand.KRB_CONF_FLAG)) {
                this.config.setKrbConf(this.parser.nextArg(str));
                return true;
            }
            if (str.equals(SecurityConfigCommand.KRB_INSTANCE_NAME)) {
                this.config.setInstanceName(this.parser.nextArg(str));
                return true;
            }
            if (str.equals(SecurityConfigCommand.KRB_KADMIN_PATH)) {
                this.config.setKadminPath(this.parser.nextArg(str));
                return true;
            }
            if (str.equals(SecurityConfigCommand.KRB_KADMIN_KEYTAB)) {
                this.config.setKadminKeytab(this.parser.nextArg(str));
                return true;
            }
            if (str.equals(SecurityConfigCommand.KRB_KADMIN_CCACHE)) {
                this.config.setKadminCcache(this.parser.nextArg(str));
                return true;
            }
            if (str.equals(SecurityConfigCommand.KRB_ADMIN_PRINC)) {
                this.config.setAdminPrinc(this.parser.nextArg(str));
                return true;
            }
            if (str.equals(SecurityConfigCommand.SECURITY_PARAM_FLAG)) {
                try {
                    this.config.addParam(this.parser.nextArg(str));
                    return true;
                } catch (IllegalArgumentException e) {
                    this.parser.usage("invalid argument usage for " + str + " - " + e.getMessage());
                    return true;
                }
            }
            if (!str.equals(SecurityConfigCommand.KRB_PRINC_CONF_PARAM)) {
                return false;
            }
            try {
                this.config.addKrbProperty(this.parser.nextArg(str));
                return true;
            } catch (IllegalArgumentException e2) {
                this.parser.usage("invalid argument usage for " + str + " - " + e2.getMessage());
                return true;
            }
        }

        public SecurityConfigCreator.ParsedConfig getConfig() {
            return this.config;
        }

        public static String getConfigUsage() {
            return "[-secdir <security dir>] [-pwdmgr {pwdfile | wallet | <class-name>}] \n\t[-kspwd <password>] \n\t[-external-auth {kerberos}]\n\t  [-krb-conf <kerberos configuration>] \n\t  [-kadmin-path <kadmin utility path>] \n\t  [-instance-name <database instance name>] \n\t  [-admin-principal <kerberos admin principal name>] \n\t  [-kadmin-keytab <keytab file>] \n\t  [-kadmin-ccache <credential cache file>] \n\t  [-princ-conf-param <param=value>]* \n\t[-security-param <param=value>]*";
        }
    }

    /* loaded from: input_file:oracle/kv/impl/util/SecurityConfigCommand$SecurityConfigAddKerberos.class */
    private static final class SecurityConfigAddKerberos extends CommandWithSubs.SubCommand {
        private static final String ADD_KRB_COMMAND_NAME = "add-kerberos";
        private static final String ADD_KRB_COMMAND_DESC = "Add Kerberos to an existing security configuration or a new server principal to an existing Kerberos configuration.";

        private SecurityConfigAddKerberos() {
            super(ADD_KRB_COMMAND_NAME, 8);
        }

        @Override // oracle.kv.util.shell.ShellCommand
        public String execute(String[] strArr, Shell shell) throws ShellException {
            Shell.checkHelp(strArr, this);
            SecurityConfigCreator.ParsedConfig parsedConfig = new SecurityConfigCreator.ParsedConfig();
            String str = null;
            int i = 1;
            while (i < strArr.length) {
                String str2 = strArr[i];
                if ("-root".equals(str2)) {
                    int i2 = i;
                    i++;
                    str = Shell.nextArg(strArr, i2, this);
                } else if ("-secdir".equals(str2)) {
                    int i3 = i;
                    i++;
                    parsedConfig.setSecurityDir(Shell.nextArg(strArr, i3, this));
                } else if (SecurityConfigCommand.PARAM_FLAG.equals(str2)) {
                    try {
                        int i4 = i;
                        i++;
                        parsedConfig.addParam(Shell.nextArg(strArr, i4, this));
                    } catch (IllegalArgumentException e) {
                        shell.badArgUsage(str2, e.getMessage(), this);
                    }
                } else if (SecurityConfigCommand.KRB_CONF_FLAG.equals(str2)) {
                    int i5 = i;
                    i++;
                    parsedConfig.setKrbConf(Shell.nextArg(strArr, i5, this));
                } else if (SecurityConfigCommand.KRB_INSTANCE_NAME.equals(str2)) {
                    int i6 = i;
                    i++;
                    parsedConfig.setInstanceName(Shell.nextArg(strArr, i6, this));
                } else if (SecurityConfigCommand.KRB_KADMIN_PATH.equals(str2)) {
                    int i7 = i;
                    i++;
                    parsedConfig.setKadminPath(Shell.nextArg(strArr, i7, this));
                } else if (SecurityConfigCommand.KRB_KADMIN_KEYTAB.equals(str2)) {
                    int i8 = i;
                    i++;
                    parsedConfig.setKadminKeytab(Shell.nextArg(strArr, i8, this));
                } else if (SecurityConfigCommand.KRB_KADMIN_CCACHE.equals(str2)) {
                    int i9 = i;
                    i++;
                    parsedConfig.setKadminCcache(Shell.nextArg(strArr, i9, this));
                } else if (SecurityConfigCommand.KRB_ADMIN_PRINC.equals(str2)) {
                    int i10 = i;
                    i++;
                    parsedConfig.setAdminPrinc(Shell.nextArg(strArr, i10, this));
                } else if (SecurityConfigCommand.KRB_PRINC_CONF_PARAM.equals(str2)) {
                    try {
                        int i11 = i;
                        i++;
                        parsedConfig.addKrbProperty(Shell.nextArg(strArr, i11, this));
                    } catch (IllegalArgumentException e2) {
                        shell.badArgUsage(str2, e2.getMessage(), this);
                    }
                } else {
                    shell.unknownArgument(str2, this);
                }
                i++;
            }
            if (str == null) {
                shell.requiredArg("-root", this);
            }
            return doAdd(str, parsedConfig, shell);
        }

        private String doAdd(String str, SecurityConfigCreator.ParsedConfig parsedConfig, Shell shell) throws ShellException {
            if (parsedConfig.getSecurityDir() == null) {
                parsedConfig.setSecurityDir("security");
            }
            try {
                return new SecurityConfigCreator(str, parsedConfig, new SecurityConfigCreator.ShellIOHelper(shell)).addKerberosConfig() ? "Updated Kerberos configuration" : "Failed";
            } catch (Exception e) {
                throw new ShellException("Unknown error: " + e.getMessage(), e);
            }
        }

        @Override // oracle.kv.util.shell.ShellCommand
        public String getCommandSyntax() {
            return "config add-kerberos -root <secroot> [-secdir <security dir>] \n\t[-krb-conf <kerberos configuration>] \n\t[-kadmin-path <kadmin utility path>]\n\t[-instance-name <database instance name>] \n\t[-admin-principal <kerberos admin principal name>]\n\t[-kadmin-keytab <keytab file>] \n\t[-kadmin-ccache <credential cache file>] \n\t[-princ-conf-param <param=value>]* \n\t[-param <param=value>]*";
        }

        @Override // oracle.kv.util.shell.ShellCommand
        public String getCommandDescription() {
            return ADD_KRB_COMMAND_DESC;
        }
    }

    /* loaded from: input_file:oracle/kv/impl/util/SecurityConfigCommand$SecurityConfigAddSecurity.class */
    private static final class SecurityConfigAddSecurity extends CommandWithSubs.SubCommand {
        private static final String ADD_SECURITY_COMMAND_NAME = "add-security";
        private static final String ADD_SECURITY_COMMAND_DESC = "Updates a Storage Node configuration to incorporate a security configuration.";

        private SecurityConfigAddSecurity() {
            super(ADD_SECURITY_COMMAND_NAME, 7);
        }

        @Override // oracle.kv.util.shell.ShellCommand
        public String execute(String[] strArr, Shell shell) throws ShellException {
            Shell.checkHelp(strArr, this);
            String str = null;
            String str2 = null;
            String str3 = null;
            int i = 1;
            while (i < strArr.length) {
                String str4 = strArr[i];
                if ("-root".equals(str4)) {
                    int i2 = i;
                    i++;
                    str = Shell.nextArg(strArr, i2, this);
                } else if ("-secdir".equals(str4)) {
                    int i3 = i;
                    i++;
                    str3 = Shell.nextArg(strArr, i3, this);
                } else if ("-config".equals(str4)) {
                    int i4 = i;
                    i++;
                    str2 = Shell.nextArg(strArr, i4, this);
                } else {
                    shell.unknownArgument(str4, this);
                }
                i++;
            }
            if (str == null) {
                shell.requiredArg("-root", this);
            }
            return doAddSecurity(str, str2, str3);
        }

        private String doAddSecurity(String str, String str2, String str3) throws ShellException {
            if (str2 == null) {
                str2 = "config.xml";
            }
            if (str3 == null) {
                str3 = "security";
            }
            File file = new File(str);
            File file2 = new File(str2);
            File file3 = new File(str3);
            if (!file.exists()) {
                throw new ShellException("The -root argument " + file + " does not exist.");
            }
            if (!file.isDirectory()) {
                throw new ShellException("The -root argument " + file + " is not a directory.");
            }
            if (file2.isAbsolute()) {
                throw new ShellException("The -config argument must be a relative file name.");
            }
            File file4 = new File(file, str2);
            if (!file4.exists()) {
                throw new ShellException("The file " + str2 + " does not exist in " + str);
            }
            if (!file4.isFile()) {
                throw new ShellException(file4.toString() + " is not a file.");
            }
            if (file3.isAbsolute()) {
                throw new ShellException("The -secdir argument must be a relative file name.");
            }
            File file5 = new File(file, str3);
            if (!file5.exists()) {
                throw new ShellException("The file " + str3 + " does not exist in " + str);
            }
            if (!file5.isDirectory()) {
                throw new ShellException(file5.toString() + " is not a directory.");
            }
            SecurityConfigCommand.checkSecurityDirContents(file5);
            updateConfigFile(file4, file3, file);
            return "Configuration updated.";
        }

        private void updateConfigFile(File file, File file2, File file3) throws ShellException {
            try {
                BootstrapParams bootstrapParams = ConfigUtils.getBootstrapParams(file);
                if (bootstrapParams == null) {
                    throw new ShellException("The file " + file + " does not contain a bootstrap configuration.");
                }
                try {
                    bootstrapParams.setSecurityDir(file2.getPath());
                    String storeName = bootstrapParams.getStoreName();
                    File file4 = null;
                    if (storeName != null && !storeName.isEmpty()) {
                        file4 = FileNames.getSNAConfigFile(file3.toString(), storeName, new StorageNodeId(bootstrapParams.getId()));
                    }
                    String registeredESCluster = getRegisteredESCluster(file4);
                    if (registeredESCluster != null && !registeredESCluster.isEmpty()) {
                        throw new ShellException("The configuration cannot be enabled in a store with registered ES cluster " + registeredESCluster + ", please first deregister the ES cluster from the non-secure store,and reconfigure.");
                    }
                    ConfigUtils.createBootstrapConfig(bootstrapParams, file);
                } catch (IllegalArgumentException e) {
                    throw new ShellException("The configuration will not work in a secure  environment. Please adjust the configuration before  enabling security. (" + e.getMessage() + ")");
                }
            } catch (IllegalStateException e2) {
                throw new ShellException("Failed to load or parse " + file + ": " + e2.getMessage());
            }
        }

        private String getRegisteredESCluster(File file) {
            if (file == null) {
                return null;
            }
            return ConfigUtils.getStorageNodeParams(file, null).getSearchClusterName();
        }

        @Override // oracle.kv.util.shell.ShellCommand
        public String getCommandSyntax() {
            return "config add-security -root <kvroot> [-secdir <security dir>] [-config <config.xml>]";
        }

        @Override // oracle.kv.util.shell.ShellCommand
        public String getCommandDescription() {
            return ADD_SECURITY_COMMAND_DESC;
        }
    }

    /* loaded from: input_file:oracle/kv/impl/util/SecurityConfigCommand$SecurityConfigCreate.class */
    private static final class SecurityConfigCreate extends CommandWithSubs.SubCommand {
        private static final String CREATE_COMMAND_NAME = "create";
        private static final String CREATE_COMMAND_DESC = "Creates a new security configuration.";

        private SecurityConfigCreate() {
            super(CREATE_COMMAND_NAME, 3);
        }

        @Override // oracle.kv.util.shell.ShellCommand
        public String execute(String[] strArr, Shell shell) throws ShellException {
            Shell.checkHelp(strArr, this);
            SecurityConfigCreator.ParsedConfig parsedConfig = new SecurityConfigCreator.ParsedConfig();
            String str = null;
            int i = 1;
            while (i < strArr.length) {
                String str2 = strArr[i];
                if (SecurityConfigCommand.PWDMGR_FLAG.equals(str2)) {
                    int i2 = i;
                    i++;
                    parsedConfig.setPwdmgr(Shell.nextArg(strArr, i2, this));
                } else if (SecurityConfigCommand.KEYSTORE_PASSWORD_FLAG.equals(str2)) {
                    int i3 = i;
                    i++;
                    parsedConfig.setKeystorePassword(Shell.nextArg(strArr, i3, this).toCharArray());
                } else if ("-root".equals(str2)) {
                    int i4 = i;
                    i++;
                    str = Shell.nextArg(strArr, i4, this);
                } else if ("-secdir".equals(str2)) {
                    int i5 = i;
                    i++;
                    parsedConfig.setSecurityDir(Shell.nextArg(strArr, i5, this));
                } else if (SecurityConfigCommand.CERT_MODE_FLAG.equals(str2)) {
                    int i6 = i;
                    i++;
                    parsedConfig.setCertMode(Shell.nextArg(strArr, i6, this));
                } else if (SecurityConfigCommand.PARAM_FLAG.equals(str2)) {
                    try {
                        int i7 = i;
                        i++;
                        parsedConfig.addParam(Shell.nextArg(strArr, i7, this));
                    } catch (IllegalArgumentException e) {
                        shell.badArgUsage(str2, e.getMessage(), this);
                    }
                } else if (SecurityConfigCommand.EXTERNAL_AUTH_FLAG.equals(str2)) {
                    int i8 = i;
                    i++;
                    parsedConfig.setUserExternalAuth(Shell.nextArg(strArr, i8, this));
                } else if (SecurityConfigCommand.KRB_CONF_FLAG.equals(str2)) {
                    int i9 = i;
                    i++;
                    parsedConfig.setKrbConf(Shell.nextArg(strArr, i9, this));
                } else if (SecurityConfigCommand.KRB_INSTANCE_NAME.equals(str2)) {
                    int i10 = i;
                    i++;
                    parsedConfig.setInstanceName(Shell.nextArg(strArr, i10, this));
                } else if (SecurityConfigCommand.KRB_KADMIN_PATH.equals(str2)) {
                    int i11 = i;
                    i++;
                    parsedConfig.setKadminPath(Shell.nextArg(strArr, i11, this));
                } else if (SecurityConfigCommand.KRB_KADMIN_KEYTAB.equals(str2)) {
                    int i12 = i;
                    i++;
                    parsedConfig.setKadminKeytab(Shell.nextArg(strArr, i12, this));
                } else if (SecurityConfigCommand.KRB_KADMIN_CCACHE.equals(str2)) {
                    int i13 = i;
                    i++;
                    parsedConfig.setKadminCcache(Shell.nextArg(strArr, i13, this));
                } else if (SecurityConfigCommand.KRB_ADMIN_PRINC.equals(str2)) {
                    int i14 = i;
                    i++;
                    parsedConfig.setAdminPrinc(Shell.nextArg(strArr, i14, this));
                } else if (SecurityConfigCommand.KRB_PRINC_CONF_PARAM.equals(str2)) {
                    try {
                        int i15 = i;
                        i++;
                        parsedConfig.addKrbProperty(Shell.nextArg(strArr, i15, this));
                    } catch (IllegalArgumentException e2) {
                        shell.badArgUsage(str2, e2.getMessage(), this);
                    }
                } else {
                    shell.unknownArgument(str2, this);
                }
                i++;
            }
            if (str == null) {
                shell.requiredArg("-root", this);
            }
            return doCreate(str, parsedConfig, shell);
        }

        private String doCreate(String str, SecurityConfigCreator.ParsedConfig parsedConfig, Shell shell) throws ShellException {
            try {
                return new SecurityConfigCreator(str, parsedConfig, new SecurityConfigCreator.ShellIOHelper(shell)).createConfig() ? "Created" : "Failed";
            } catch (PasswordStoreException e) {
                throw new ShellException("PasswordStore error: " + e.getMessage(), e);
            } catch (Exception e2) {
                throw new ShellException("Unknown error: " + e2.getMessage(), e2);
            }
        }

        @Override // oracle.kv.util.shell.ShellCommand
        public String getCommandSyntax() {
            return "config create -root <secroot> \n\t[-secdir <security dir>] [-pwdmgr {pwdfile | wallet | <class-name>}] \n\t[-kspwd <password>] \n\t[-external-auth {kerberos}]\n\t  [-krb-conf <kerberos configuration>] \n\t  [-kadmin-path <kadmin utility path>] \n\t  [-instance-name <database instance name>] \n\t  [-admin-principal <kerberos admin principal name>] \n\t  [-kadmin-keytab <keytab file>] \n\t  [-kadmin-ccache <credential cache file>] \n\t  [-princ-conf-param <param=value>]* \n\t[-param <param=value>]* ";
        }

        @Override // oracle.kv.util.shell.ShellCommand
        public String getCommandDescription() {
            return CREATE_COMMAND_DESC;
        }
    }

    /* loaded from: input_file:oracle/kv/impl/util/SecurityConfigCommand$SecurityConfigMergeTrust.class */
    private static final class SecurityConfigMergeTrust extends CommandWithSubs.SubCommand {
        private static final String MERGE_TRUST_COMMAND_NAME = "merge-trust";
        private static final String MERGE_TRUST_COMMAND_DESC = "Merges trust information from a source security directory into a security configuration.";

        private SecurityConfigMergeTrust() {
            super(MERGE_TRUST_COMMAND_NAME, 3);
        }

        @Override // oracle.kv.util.shell.ShellCommand
        public String execute(String[] strArr, Shell shell) throws ShellException {
            Shell.checkHelp(strArr, this);
            String str = null;
            String str2 = null;
            String str3 = null;
            String str4 = null;
            int i = 1;
            while (i < strArr.length) {
                String str5 = strArr[i];
                if ("-root".equals(str5)) {
                    int i2 = i;
                    i++;
                    str = Shell.nextArg(strArr, i2, this);
                } else if ("-secdir".equals(str5)) {
                    int i3 = i;
                    i++;
                    str2 = Shell.nextArg(strArr, i3, this);
                } else if (SecurityConfigCommand.SOURCE_ROOT_FLAG.equals(str5)) {
                    int i4 = i;
                    i++;
                    str3 = Shell.nextArg(strArr, i4, this);
                } else if (SecurityConfigCommand.SOURCE_SECURITY_DIR_FLAG.equals(str5)) {
                    int i5 = i;
                    i++;
                    str4 = Shell.nextArg(strArr, i5, this);
                } else {
                    shell.unknownArgument(str5, this);
                }
                i++;
            }
            if (str == null) {
                shell.requiredArg("-root", this);
            }
            if (str3 == null) {
                shell.requiredArg(SecurityConfigCommand.SOURCE_ROOT_FLAG, this);
            }
            return doMergeTrust(str, str2, str3, str4);
        }

        private String doMergeTrust(String str, String str2, String str3, String str4) throws ShellException {
            if (str2 == null) {
                str2 = "security";
            }
            if (str4 == null) {
                str4 = "security";
            }
            File file = new File(str);
            File file2 = new File(str2);
            File file3 = new File(str3);
            File file4 = new File(str4);
            if (!file.exists()) {
                throw new ShellException("The -root argument " + file + " does not exist.");
            }
            if (!file.isDirectory()) {
                throw new ShellException("The -root argument " + file + " is not a directory.");
            }
            if (file2.isAbsolute()) {
                throw new ShellException("The -secdir argument must be a relative file name.");
            }
            File file5 = new File(file, str2);
            if (!file5.exists()) {
                throw new ShellException("The file " + str2 + " does not exist in " + str);
            }
            if (!file5.isDirectory()) {
                throw new ShellException(file5.toString() + " is not a directory.");
            }
            if (!file3.exists()) {
                throw new ShellException("The -source-root argument " + file3 + " does not exist.");
            }
            if (!file3.isDirectory()) {
                throw new ShellException("The -source-root argument " + file3 + " is not a directory.");
            }
            if (file4.isAbsolute()) {
                throw new ShellException("The -source-secdir argument must be a relative file name.");
            }
            File file6 = new File(file3, str4);
            if (!file6.exists()) {
                throw new ShellException("The file " + str4 + " does not exist in " + str3);
            }
            if (!file6.isDirectory()) {
                throw new ShellException(file6.toString() + " is not a directory.");
            }
            SecurityUtils.mergeTrust(file6, file5);
            return "Configuration updated.";
        }

        @Override // oracle.kv.util.shell.ShellCommand
        public String getCommandSyntax() {
            return "config merge-trust -root <secroot> [-secdir <security dir>] -source-root <source secroot> [-source-secdir <source secdir>]";
        }

        @Override // oracle.kv.util.shell.ShellCommand
        public String getCommandDescription() {
            return MERGE_TRUST_COMMAND_DESC;
        }
    }

    /* loaded from: input_file:oracle/kv/impl/util/SecurityConfigCommand$SecurityConfigRemoveSecurity.class */
    private static final class SecurityConfigRemoveSecurity extends CommandWithSubs.SubCommand {
        private static final String REMOVE_SECURITY_COMMAND_NAME = "remove-security";
        private static final String REMOVE_SECURITY_COMMAND_DESC = "Updates a Storage Node configuration to remove the security configuartion.";

        private SecurityConfigRemoveSecurity() {
            super(REMOVE_SECURITY_COMMAND_NAME, 3);
        }

        @Override // oracle.kv.util.shell.ShellCommand
        public String execute(String[] strArr, Shell shell) throws ShellException {
            Shell.checkHelp(strArr, this);
            String str = null;
            String str2 = null;
            int i = 1;
            while (i < strArr.length) {
                String str3 = strArr[i];
                if ("-root".equals(str3)) {
                    int i2 = i;
                    i++;
                    str = Shell.nextArg(strArr, i2, this);
                } else if ("-config".equals(str3)) {
                    int i3 = i;
                    i++;
                    str2 = Shell.nextArg(strArr, i3, this);
                } else {
                    shell.unknownArgument(str3, this);
                }
                i++;
            }
            if (str == null) {
                shell.requiredArg("-root", this);
            }
            return doRemoveSecurity(str, str2);
        }

        private String doRemoveSecurity(String str, String str2) throws ShellException {
            if (str2 == null) {
                str2 = "config.xml";
            }
            File file = new File(str);
            File file2 = new File(str2);
            if (!file.exists()) {
                throw new ShellException("The -root argument " + file + " does not exist.");
            }
            if (!file.isDirectory()) {
                throw new ShellException("The -root argument " + file + " is not a directory.");
            }
            if (file2.isAbsolute()) {
                throw new ShellException("The -config argument must be a relative file name.");
            }
            File file3 = new File(file, str2);
            if (!file3.exists()) {
                throw new ShellException("The file " + str2 + " does not exist in " + str);
            }
            if (!file3.isFile()) {
                throw new ShellException(file3.toString() + " is not a file.");
            }
            updateConfigFile(file3);
            return "Configuration updated.";
        }

        private void updateConfigFile(File file) throws ShellException {
            try {
                BootstrapParams bootstrapParams = ConfigUtils.getBootstrapParams(file);
                if (bootstrapParams == null) {
                    throw new ShellException("The file " + file + " does not contain a bootstrap configuration.");
                }
                if (bootstrapParams.getSecurityDir() == null) {
                    throw new ShellException("The file " + file + " does not currently have security configured.");
                }
                bootstrapParams.setSecurityDir(null);
                ConfigUtils.createBootstrapConfig(bootstrapParams, file);
            } catch (IllegalStateException e) {
                throw new ShellException("Failed to load or parse " + file + ": " + e.getMessage());
            }
        }

        @Override // oracle.kv.util.shell.ShellCommand
        public String getCommandSyntax() {
            return "config remove-security -root <kvroot> [-config <config.xml>]";
        }

        @Override // oracle.kv.util.shell.ShellCommand
        public String getCommandDescription() {
            return REMOVE_SECURITY_COMMAND_DESC;
        }
    }

    /* loaded from: input_file:oracle/kv/impl/util/SecurityConfigCommand$SecurityConfigShowConfig.class */
    private static final class SecurityConfigShowConfig extends CommandWithSubs.SubCommand {
        private static final String SHOW_COMMAND_NAME = "show";
        private static final String SHOW_COMMAND_DESC = "Print out all security configuration information.";

        private SecurityConfigShowConfig() {
            super("show", 3);
        }

        @Override // oracle.kv.util.shell.ShellCommand
        public String execute(String[] strArr, Shell shell) throws ShellException {
            Shell.checkHelp(strArr, this);
            String str = null;
            int i = 1;
            while (i < strArr.length) {
                String str2 = strArr[i];
                if ("-secdir".equals(str2)) {
                    int i2 = i;
                    i++;
                    str = Shell.nextArg(strArr, i2, this);
                } else {
                    shell.unknownArgument(str2, this);
                }
                i++;
            }
            if (str == null) {
                shell.requiredArg("-secdir", this);
            }
            return doShowConfig(str);
        }

        private String doShowConfig(String str) throws ShellException {
            File file = new File(str);
            if (!file.exists()) {
                throw new ShellException("The -secDir argument " + file + " does not exist.");
            }
            if (!file.isDirectory()) {
                throw new ShellException("The -secDir argument " + file + " is not a directory.");
            }
            SecurityConfigCommand.checkSecurityDirContents(file);
            StringBuilder sb = new StringBuilder();
            SecurityParams loadSecurityParams = SecurityUtils.loadSecurityParams(file);
            ParameterMap map = loadSecurityParams.getMap();
            sb.append("Security parameters:\n");
            sb.append(CommandUtils.formatParams(map, false, null));
            for (ParameterMap parameterMap : loadSecurityParams.getTransportMaps()) {
                sb.append("\n" + parameterMap.getName() + " Transport parameters:");
                sb.append("\n" + CommandUtils.formatParams(parameterMap, true, null));
            }
            String printKeystores = SecurityUtils.printKeystores(file);
            if (printKeystores != null) {
                sb.append("\n" + printKeystores);
            } else {
                sb.append("\nCannot print out keystore information");
            }
            return sb.toString();
        }

        @Override // oracle.kv.util.shell.ShellCommand
        public String getCommandSyntax() {
            return "config show -secdir <security dir>";
        }

        @Override // oracle.kv.util.shell.ShellCommand
        public String getCommandDescription() {
            return SHOW_COMMAND_DESC;
        }
    }

    /* loaded from: input_file:oracle/kv/impl/util/SecurityConfigCommand$SecurityConfigUpdate.class */
    private static final class SecurityConfigUpdate extends CommandWithSubs.SubCommand {
        private static final String UPDATE_COMMAND_NAME = "update";
        private static final String UPDATE_COMMAND_DESC = "Update the security parameters of a security configuration.";

        private SecurityConfigUpdate() {
            super(UPDATE_COMMAND_NAME, 3);
        }

        @Override // oracle.kv.util.shell.ShellCommand
        public String execute(String[] strArr, Shell shell) throws ShellException {
            Shell.checkHelp(strArr, this);
            SecurityConfigCreator.ParsedConfig parsedConfig = new SecurityConfigCreator.ParsedConfig();
            int i = 1;
            while (i < strArr.length) {
                String str = strArr[i];
                if ("-secdir".equals(str)) {
                    int i2 = i;
                    i++;
                    parsedConfig.setSecurityDir(Shell.nextArg(strArr, i2, this));
                } else if (SecurityConfigCommand.PARAM_FLAG.equals(str)) {
                    try {
                        int i3 = i;
                        i++;
                        parsedConfig.addParam(Shell.nextArg(strArr, i3, this));
                    } catch (IllegalArgumentException e) {
                        shell.badArgUsage(str, e.getMessage(), this);
                    }
                } else {
                    shell.unknownArgument(str, this);
                }
                i++;
            }
            if (parsedConfig.getSecurityDir() == null) {
                shell.requiredArg("-secdir", this);
            }
            return doUpdate(parsedConfig);
        }

        private String doUpdate(SecurityConfigCreator.ParsedConfig parsedConfig) throws ShellException {
            File file = new File(parsedConfig.getSecurityDir());
            if (!file.exists()) {
                throw new ShellException("The -secDir argument " + file + " does not exist.");
            }
            if (!file.isDirectory()) {
                throw new ShellException("The -secDir argument " + file + " is not a directory.");
            }
            SecurityConfigCommand.checkSecurityDirContents(file);
            SecurityUtils.updateSecurityParams(file, parsedConfig.getUserParams());
            return "Security parameters updated.";
        }

        @Override // oracle.kv.util.shell.ShellCommand
        public String getCommandSyntax() {
            return "config update -secdir <security dir> [-param <param=value>]*";
        }

        @Override // oracle.kv.util.shell.ShellCommand
        public String getCommandDescription() {
            return UPDATE_COMMAND_DESC;
        }
    }

    /* loaded from: input_file:oracle/kv/impl/util/SecurityConfigCommand$SecurityConfigVerify.class */
    private static final class SecurityConfigVerify extends CommandWithSubs.SubCommand {
        private static final String VERIFY_COMMAND_NAME = "verify";
        private static final String VERIFY_COMMAND_DESC = "Verify the consistency and correctness of a security configuration.";

        private SecurityConfigVerify() {
            super(VERIFY_COMMAND_NAME, 3);
        }

        @Override // oracle.kv.util.shell.ShellCommand
        public String execute(String[] strArr, Shell shell) throws ShellException {
            Shell.checkHelp(strArr, this);
            String str = null;
            int i = 1;
            while (i < strArr.length) {
                String str2 = strArr[i];
                if ("-secdir".equals(str2)) {
                    int i2 = i;
                    i++;
                    str = Shell.nextArg(strArr, i2, this);
                } else {
                    shell.unknownArgument(str2, this);
                }
                i++;
            }
            if (str == null) {
                shell.requiredArg("-secdir", this);
            }
            return doVerify(str);
        }

        private String doVerify(String str) throws ShellException {
            File file = new File(str);
            if (!file.exists()) {
                throw new ShellException("The -secDir argument " + file + " does not exist.");
            }
            if (!file.isDirectory()) {
                throw new ShellException("The -secDir argument " + file + " is not a directory.");
            }
            SecurityConfigCommand.checkSecurityDirContents(file);
            String verifyConfiguration = SecurityUtils.verifyConfiguration(file);
            return (verifyConfiguration == null || verifyConfiguration.equals("")) ? "Security configuration verification passed." : verifyConfiguration + "Security configuration verification failed.";
        }

        @Override // oracle.kv.util.shell.ShellCommand
        public String getCommandSyntax() {
            return "config verify -secdir <security dir>";
        }

        @Override // oracle.kv.util.shell.ShellCommand
        public String getCommandDescription() {
            return VERIFY_COMMAND_DESC;
        }
    }

    /* loaded from: input_file:oracle/kv/impl/util/SecurityConfigCommand$SecurityRenewKeytab.class */
    private static final class SecurityRenewKeytab extends CommandWithSubs.SubCommand {
        private static final String RENEW_KEYTAB_COMMAND_NAME = "renew-keytab";
        private static final String RENEW_KEYTAB_COMMAND_DESC = "Renew a keytab file in a security directory";

        private SecurityRenewKeytab() {
            super(RENEW_KEYTAB_COMMAND_NAME, 3);
        }

        @Override // oracle.kv.util.shell.ShellCommand
        public String execute(String[] strArr, Shell shell) throws ShellException {
            Shell.checkHelp(strArr, this);
            String str = null;
            String str2 = null;
            String str3 = null;
            String str4 = null;
            String str5 = null;
            String str6 = null;
            String str7 = null;
            int i = 1;
            while (i < strArr.length) {
                String str8 = strArr[i];
                if ("-root".equals(str8)) {
                    int i2 = i;
                    i++;
                    str = Shell.nextArg(strArr, i2, this);
                } else if ("-secdir".equals(str8)) {
                    int i3 = i;
                    i++;
                    str2 = Shell.nextArg(strArr, i3, this);
                } else if (SecurityConfigCommand.KRB_KEYSALT_LIST.equals(str8)) {
                    int i4 = i;
                    i++;
                    str3 = Shell.nextArg(strArr, i4, this);
                } else if (SecurityConfigCommand.KRB_KADMIN_PATH.equals(str8)) {
                    int i5 = i;
                    i++;
                    str7 = Shell.nextArg(strArr, i5, this);
                } else if (SecurityConfigCommand.KRB_ADMIN_PRINC.equals(str8)) {
                    int i6 = i;
                    i++;
                    str4 = Shell.nextArg(strArr, i6, this);
                } else if (SecurityConfigCommand.KRB_KADMIN_KEYTAB.equals(str8)) {
                    int i7 = i;
                    i++;
                    str5 = Shell.nextArg(strArr, i7, this);
                } else if (SecurityConfigCommand.KRB_KADMIN_CCACHE.equals(str8)) {
                    int i8 = i;
                    i++;
                    str6 = Shell.nextArg(strArr, i8, this);
                } else {
                    shell.unknownArgument(str8, this);
                }
                i++;
            }
            if (str == null) {
                shell.requiredArg("-root", this);
            }
            SecurityUtils.KadminSetting krbAdminCcache = new SecurityUtils.KadminSetting().setKrbAdminPrinc(str4).setKrbAdminKeytab(str5).setKrbAdminCcache(str6);
            if (str7 != null) {
                krbAdminCcache.setKrbAdminPath(str7);
            }
            return doRenewKeytab(str, str2, str3, krbAdminCcache, shell);
        }

        private String doRenewKeytab(String str, String str2, String str3, SecurityUtils.KadminSetting kadminSetting, Shell shell) throws ShellException {
            if (str2 == null) {
                str2 = "security";
            }
            File file = new File(str);
            File file2 = new File(str2);
            if (!file.exists()) {
                throw new ShellException("The -root argument " + file + " does not exist.");
            }
            if (!file.isDirectory()) {
                throw new ShellException("The -root argument " + file + " is not a directory.");
            }
            if (file2.isAbsolute()) {
                throw new ShellException("The -secdir argument must be a relative file name.");
            }
            File file3 = new File(str, str2);
            if (!file3.exists()) {
                throw new ShellException("The file " + str2 + " does not exist in " + str);
            }
            if (!file3.isDirectory()) {
                throw new ShellException(file3.toString() + " is not a directory.");
            }
            try {
                kadminSetting.validateKadminSetting();
                SecurityUtils.renewKeytab(file3, str3, kadminSetting, new SecurityConfigCreator.ShellIOHelper(shell));
                return "Configuration updated.";
            } catch (IllegalArgumentException e) {
                throw new ShellException("kadmin configuration error, " + e.getMessage());
            }
        }

        @Override // oracle.kv.util.shell.ShellCommand
        public String getCommandSyntax() {
            return "config renew-keytab -root <secroot> [-secdir <security dir>] \n\t[-keysalt <enc:salt[,enc:salt,..]>] \n\t[-kadmin-path <kadmin utility path>]\n\t[-admin-principal <kerberos admin principal name>]\n\t[-kadmin-keytab <keytab file>] \n\t[-kadmin-ccache <credential cache file>] ";
        }

        @Override // oracle.kv.util.shell.ShellCommand
        public String getCommandDescription() {
            return RENEW_KEYTAB_COMMAND_DESC;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SecurityConfigCommand() {
        super(Arrays.asList(new SecurityConfigCreate(), new SecurityConfigAddKerberos(), new SecurityConfigAddSecurity(), new SecurityConfigRemoveSecurity(), new SecurityConfigMergeTrust(), new SecurityConfigUpdate(), new SecurityConfigVerify(), new SecurityConfigShowConfig(), new SecurityRenewKeytab()), "config", 4, 1);
    }

    @Override // oracle.kv.util.shell.CommandWithSubs
    public String getCommandOverview() {
        return "The config command allows configuration of security settings for a NoSQL installation.";
    }

    public static String getPwdmgrClass(String str) {
        return str == null ? PasswordManager.preferredManagerClass() : str.equals(PASSMGR_PWDFILE) ? PasswordManager.FILE_STORE_MANAGER_CLASS : str.equals(PASSMGR_WALLET) ? PasswordManager.WALLET_MANAGER_CLASS : str;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void checkSecurityDirContents(File file) throws ShellException {
        for (String str : new String[]{"security.xml", FileNames.TRUSTSTORE_FILE, FileNames.KEYSTORE_FILE}) {
            File file2 = new File(file, str);
            if (!file2.exists() || !file2.isFile()) {
                throw new ShellException("Security file not found in " + file.toString() + ": " + str);
            }
        }
    }
}
