package org.apache.pulsar.utils.auth.tokens;

import com.beust.jcommander.DefaultUsageFormatter;
import com.beust.jcommander.JCommander;
import com.beust.jcommander.Parameter;
import com.beust.jcommander.ParameterException;
import com.beust.jcommander.Parameters;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.io.Decoders;
import io.jsonwebtoken.io.Encoders;
import io.jsonwebtoken.security.Keys;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Paths;
import java.security.Key;
import java.security.KeyPair;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import org.apache.pulsar.broker.authentication.utils.AuthTokenUtils;
import org.apache.pulsar.common.util.RelativeTimeUtil;
import org.apache.pulsar.docs.tools.CmdGenerateDocs;

/* loaded from: input_file:org/apache/pulsar/utils/auth/tokens/TokensCliUtils.class */
public class TokensCliUtils {

    /* loaded from: input_file:org/apache/pulsar/utils/auth/tokens/TokensCliUtils$Arguments.class */
    public static class Arguments {

        @Parameter(names = {"-h", "--help"}, description = "Show this help message")
        private boolean help = false;
    }

    @Parameters(commandDescription = "Create a new or pair of keys public/private")
    /* loaded from: input_file:org/apache/pulsar/utils/auth/tokens/TokensCliUtils$CommandCreateKeyPair.class */
    public static class CommandCreateKeyPair {

        @Parameter(names = {"-a", "--signature-algorithm"}, description = "The signature algorithm for the new key pair.")
        SignatureAlgorithm algorithm = SignatureAlgorithm.RS256;

        @Parameter(names = {"--output-private-key"}, description = "File where to write the private key", required = true)
        String privateKeyFile;

        @Parameter(names = {"--output-public-key"}, description = "File where to write the public key", required = true)
        String publicKeyFile;

        public void run() throws IOException {
            KeyPair keyPairFor = Keys.keyPairFor(this.algorithm);
            Files.write(Paths.get(this.publicKeyFile, new String[0]), keyPairFor.getPublic().getEncoded(), new OpenOption[0]);
            Files.write(Paths.get(this.privateKeyFile, new String[0]), keyPairFor.getPrivate().getEncoded(), new OpenOption[0]);
        }
    }

    @Parameters(commandDescription = "Create a new secret key")
    /* loaded from: input_file:org/apache/pulsar/utils/auth/tokens/TokensCliUtils$CommandCreateSecretKey.class */
    public static class CommandCreateSecretKey {

        @Parameter(names = {"-o", "--output"}, description = "Write the secret key to a file instead of stdout")
        String outputFile;

        @Parameter(names = {"-a", "--signature-algorithm"}, description = "The signature algorithm for the new secret key.")
        SignatureAlgorithm algorithm = SignatureAlgorithm.HS256;

        @Parameter(names = {"-b", "--base64"}, description = "Encode the key in base64")
        boolean base64 = false;

        public void run() throws IOException {
            byte[] encoded = AuthTokenUtils.createSecretKey(this.algorithm).getEncoded();
            if (this.base64) {
                encoded = ((String) Encoders.BASE64.encode(encoded)).getBytes();
            }
            if (this.outputFile != null) {
                Files.write(Paths.get(this.outputFile, new String[0]), encoded, new OpenOption[0]);
            } else {
                System.out.write(encoded);
            }
        }
    }

    @Parameters(commandDescription = "Create a new token")
    /* loaded from: input_file:org/apache/pulsar/utils/auth/tokens/TokensCliUtils$CommandCreateToken.class */
    public static class CommandCreateToken {

        @Parameter(names = {"-a", "--signature-algorithm"}, description = "The signature algorithm for the new key pair.")
        SignatureAlgorithm algorithm = SignatureAlgorithm.RS256;

        @Parameter(names = {"-s", "--subject"}, description = "Specify the 'subject' or 'principal' associate with this token", required = true)
        private String subject;

        @Parameter(names = {"-e", "--expiry-time"}, description = "Relative expiry time for the token (eg: 1h, 3d, 10y). (m=minutes) Default: no expiration")
        private String expiryTime;

        @Parameter(names = {"-sk", "--secret-key"}, description = "Pass the secret key for signing the token. This can either be: data:, file:, etc..")
        private String secretKey;

        @Parameter(names = {"-pk", "--private-key"}, description = "Pass the private key for signing the token. This can either be: data:, file:, etc..")
        private String privateKey;

        public void run() throws Exception {
            if (this.secretKey == null && this.privateKey == null) {
                System.err.println("Either --secret-key or --private-key needs to be passed for signing a token");
                System.exit(1);
            } else if (this.secretKey != null && this.privateKey != null) {
                System.err.println("Only one of --secret-key and --private-key needs to be passed for signing a token");
                System.exit(1);
            }
            Key decodePrivateKey = this.privateKey != null ? AuthTokenUtils.decodePrivateKey(AuthTokenUtils.readKeyFromUrl(this.privateKey), this.algorithm) : AuthTokenUtils.decodeSecretKey(AuthTokenUtils.readKeyFromUrl(this.secretKey));
            Optional empty = Optional.empty();
            if (this.expiryTime != null) {
                try {
                    empty = Optional.of(new Date(System.currentTimeMillis() + TimeUnit.SECONDS.toMillis(RelativeTimeUtil.parseRelativeTimeInSeconds(this.expiryTime))));
                } catch (IllegalArgumentException e) {
                    throw new ParameterException(e.getMessage());
                }
            }
            System.out.println(AuthTokenUtils.createToken(decodePrivateKey, this.subject, empty));
        }
    }

    @Parameters(commandDescription = "Show the content of token")
    /* loaded from: input_file:org/apache/pulsar/utils/auth/tokens/TokensCliUtils$CommandShowToken.class */
    public static class CommandShowToken {

        @Parameter(description = "The token string", arity = 1)
        private List<String> args;

        @Parameter(names = {"-i", "--stdin"}, description = "Read token from standard input")
        private Boolean stdin = false;

        @Parameter(names = {"-f", "--token-file"}, description = "Read token from a file")
        private String tokenFile;

        public void run() throws Exception {
            String str;
            if (this.args != null) {
                str = this.args.get(0);
            } else if (this.stdin.booleanValue()) {
                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(System.in));
                try {
                    str = bufferedReader.readLine();
                } finally {
                    if (Collections.singletonList(bufferedReader).get(0) != null) {
                        bufferedReader.close();
                    }
                }
            } else if (this.tokenFile != null) {
                str = new String(Files.readAllBytes(Paths.get(this.tokenFile, new String[0])), StandardCharsets.UTF_8);
            } else {
                if (System.getenv("TOKEN") == null) {
                    System.err.println("Token needs to be either passed as an argument or through `--stdin`, `--token-file` or by the `TOKEN` environment variable");
                    System.exit(1);
                    return;
                }
                str = System.getenv("TOKEN");
            }
            String[] split = str.split("\\.");
            System.out.println(new String((byte[]) Decoders.BASE64URL.decode(split[0])));
            System.out.println("---");
            System.out.println(new String((byte[]) Decoders.BASE64URL.decode(split[1])));
        }
    }

    @Parameters(commandDescription = "Validate a token against a key")
    /* loaded from: input_file:org/apache/pulsar/utils/auth/tokens/TokensCliUtils$CommandValidateToken.class */
    public static class CommandValidateToken {

        @Parameter(description = "The token string", arity = 1)
        private List<String> args;

        @Parameter(names = {"-f", "--token-file"}, description = "Read token from a file")
        private String tokenFile;

        @Parameter(names = {"-sk", "--secret-key"}, description = "Pass the secret key for validating the token. This can either be: data:, file:, etc..")
        private String secretKey;

        @Parameter(names = {"-pk", "--public-key"}, description = "Pass the public key for validating the token. This can either be: data:, file:, etc..")
        private String publicKey;

        @Parameter(names = {"-a", "--signature-algorithm"}, description = "The signature algorithm for the key pair if using public key.")
        SignatureAlgorithm algorithm = SignatureAlgorithm.RS256;

        @Parameter(names = {"-i", "--stdin"}, description = "Read token from standard input")
        private Boolean stdin = false;

        public void run() throws Exception {
            String str;
            if (this.secretKey == null && this.publicKey == null) {
                System.err.println("Either --secret-key or --public-key needs to be passed for signing a token");
                System.exit(1);
            } else if (this.secretKey != null && this.publicKey != null) {
                System.err.println("Only one of --secret-key and --public-key needs to be passed for signing a token");
                System.exit(1);
            }
            if (this.args != null) {
                str = this.args.get(0);
            } else if (this.stdin.booleanValue()) {
                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(System.in));
                try {
                    str = bufferedReader.readLine();
                } finally {
                    if (Collections.singletonList(bufferedReader).get(0) != null) {
                        bufferedReader.close();
                    }
                }
            } else if (this.tokenFile != null) {
                str = new String(Files.readAllBytes(Paths.get(this.tokenFile, new String[0])), StandardCharsets.UTF_8);
            } else {
                if (System.getenv("TOKEN") == null) {
                    System.err.println("Token needs to be either passed as an argument or through `--stdin`, `--token-file` or by the `TOKEN` environment variable");
                    System.exit(1);
                    return;
                }
                str = System.getenv("TOKEN");
            }
            System.out.println(Jwts.parserBuilder().setSigningKey(this.publicKey != null ? AuthTokenUtils.decodePublicKey(AuthTokenUtils.readKeyFromUrl(this.publicKey), this.algorithm) : AuthTokenUtils.decodeSecretKey(AuthTokenUtils.readKeyFromUrl(this.secretKey))).build().parse(str).getBody());
        }
    }

    public static void main(String[] strArr) throws Exception {
        Arguments arguments = new Arguments();
        JCommander jCommander = new JCommander(arguments);
        DefaultUsageFormatter defaultUsageFormatter = new DefaultUsageFormatter(jCommander);
        CommandCreateSecretKey commandCreateSecretKey = new CommandCreateSecretKey();
        jCommander.addCommand("create-secret-key", commandCreateSecretKey);
        CommandCreateKeyPair commandCreateKeyPair = new CommandCreateKeyPair();
        jCommander.addCommand("create-key-pair", commandCreateKeyPair);
        CommandCreateToken commandCreateToken = new CommandCreateToken();
        jCommander.addCommand("create", commandCreateToken);
        CommandShowToken commandShowToken = new CommandShowToken();
        jCommander.addCommand("show", commandShowToken);
        CommandValidateToken commandValidateToken = new CommandValidateToken();
        jCommander.addCommand("validate", commandValidateToken);
        jCommander.addCommand("gen-doc", new Object());
        try {
            jCommander.parse(strArr);
            if (arguments.help || jCommander.getParsedCommand() == null) {
                jCommander.usage();
                System.exit(1);
            }
        } catch (Exception e) {
            System.err.println(e);
            defaultUsageFormatter.usage(jCommander.getParsedCommand());
            System.exit(1);
        }
        String parsedCommand = jCommander.getParsedCommand();
        if (parsedCommand.equals("create-secret-key")) {
            commandCreateSecretKey.run();
            return;
        }
        if (parsedCommand.equals("create-key-pair")) {
            commandCreateKeyPair.run();
            return;
        }
        if (parsedCommand.equals("create")) {
            commandCreateToken.run();
            return;
        }
        if (parsedCommand.equals("show")) {
            commandShowToken.run();
            return;
        }
        if (parsedCommand.equals("validate")) {
            commandValidateToken.run();
            return;
        }
        if (!parsedCommand.equals("gen-doc")) {
            System.err.println("Invalid command: " + parsedCommand);
            System.exit(1);
        } else {
            CmdGenerateDocs cmdGenerateDocs = new CmdGenerateDocs("pulsar");
            cmdGenerateDocs.addCommand("tokens", jCommander);
            cmdGenerateDocs.run((String[]) null);
        }
    }
}
