package org.apache.pulsar.utils.auth.tokens;

import com.google.common.annotations.VisibleForTesting;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.io.Decoders;
import io.jsonwebtoken.io.Encoders;
import io.jsonwebtoken.security.Keys;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Paths;
import java.security.KeyPair;
import java.util.Collections;
import java.util.Date;
import java.util.Optional;
import java.util.concurrent.Callable;
import org.apache.pulsar.broker.authentication.utils.AuthTokenUtils;
import org.apache.pulsar.cli.converters.picocli.TimeUnitToMillisConverter;
import org.apache.pulsar.docs.tools.CmdGenerateDocs;
import picocli.CommandLine;

@CommandLine.Command(name = "tokens", showDefaultValues = true, scope = CommandLine.ScopeType.INHERIT)
/* loaded from: input_file:org/apache/pulsar/utils/auth/tokens/TokensCliUtils.class */
public class TokensCliUtils {
    private final CommandLine commander = new CommandLine(this);

    @CommandLine.Option(names = {"-h", "--help"}, usageHelp = true, description = {"Show this help message"})
    private boolean help;

    @CommandLine.Command(description = {"Create a new or pair of keys public/private"})
    /* loaded from: input_file:org/apache/pulsar/utils/auth/tokens/TokensCliUtils$CommandCreateKeyPair.class */
    public static class CommandCreateKeyPair implements Callable<Integer> {

        @CommandLine.Option(names = {"-a", "--signature-algorithm"}, description = {"The signature algorithm for the new key pair."})
        SignatureAlgorithm algorithm = SignatureAlgorithm.RS256;

        @CommandLine.Option(names = {"--output-private-key"}, description = {"File where to write the private key"}, required = true)
        String privateKeyFile;

        @CommandLine.Option(names = {"--output-public-key"}, description = {"File where to write the public key"}, required = true)
        String publicKeyFile;

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.util.concurrent.Callable
        public Integer call() throws Exception {
            KeyPair keyPairFor = Keys.keyPairFor(this.algorithm);
            Files.write(Paths.get(this.publicKeyFile, new String[0]), keyPairFor.getPublic().getEncoded(), new OpenOption[0]);
            Files.write(Paths.get(this.privateKeyFile, new String[0]), keyPairFor.getPrivate().getEncoded(), new OpenOption[0]);
            return 0;
        }
    }

    @CommandLine.Command(description = {"Create a new secret key"})
    /* loaded from: input_file:org/apache/pulsar/utils/auth/tokens/TokensCliUtils$CommandCreateSecretKey.class */
    public static class CommandCreateSecretKey implements Callable<Integer> {

        @CommandLine.Option(names = {"-o", "--output"}, description = {"Write the secret key to a file instead of stdout"})
        String outputFile;

        @CommandLine.Option(names = {"-a", "--signature-algorithm"}, description = {"The signature algorithm for the new secret key."})
        SignatureAlgorithm algorithm = SignatureAlgorithm.HS256;

        @CommandLine.Option(names = {"-b", "--base64"}, description = {"Encode the key in base64"})
        boolean base64 = false;

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.util.concurrent.Callable
        public Integer call() throws Exception {
            byte[] encoded = AuthTokenUtils.createSecretKey(this.algorithm).getEncoded();
            if (this.base64) {
                encoded = ((String) Encoders.BASE64.encode(encoded)).getBytes();
            }
            if (this.outputFile != null) {
                Files.write(Paths.get(this.outputFile, new String[0]), encoded, new OpenOption[0]);
            } else {
                System.out.write(encoded);
            }
            return 0;
        }
    }

    @CommandLine.Command(description = {"Create a new token"})
    /* loaded from: input_file:org/apache/pulsar/utils/auth/tokens/TokensCliUtils$CommandCreateToken.class */
    public static class CommandCreateToken implements Callable<Integer> {

        @CommandLine.Option(names = {"-s", "--subject"}, description = {"Specify the 'subject' or 'principal' associate with this token"}, required = true)
        private String subject;

        @CommandLine.Option(names = {"-sk", "--secret-key"}, description = {"Pass the secret key for signing the token. This can either be: data:, file:, etc.."})
        private String secretKey;

        @CommandLine.Option(names = {"-pk", "--private-key"}, description = {"Pass the private key for signing the token. This can either be: data:, file:, etc.."})
        private String privateKey;

        @CommandLine.Option(names = {"-a", "--signature-algorithm"}, description = {"The signature algorithm for the new key pair."})
        SignatureAlgorithm algorithm = SignatureAlgorithm.RS256;

        @CommandLine.Option(names = {"-e", "--expiry-time"}, description = {"Relative expiry time for the token (eg: 1h, 3d, 10y). (m=minutes) Default: no expiration"}, converter = {TimeUnitToMillisConverter.class})
        private Long expiryTime = null;

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.util.concurrent.Callable
        public Integer call() throws Exception {
            if (this.secretKey == null && this.privateKey == null) {
                System.err.println("Either --secret-key or --private-key needs to be passed for signing a token");
                return 1;
            }
            if (this.secretKey != null && this.privateKey != null) {
                System.err.println("Only one of --secret-key and --private-key needs to be passed for signing a token");
                return 1;
            }
            System.out.println(AuthTokenUtils.createToken(this.privateKey != null ? AuthTokenUtils.decodePrivateKey(AuthTokenUtils.readKeyFromUrl(this.privateKey), this.algorithm) : AuthTokenUtils.decodeSecretKey(AuthTokenUtils.readKeyFromUrl(this.secretKey)), this.subject, this.expiryTime == null ? Optional.empty() : Optional.of(new Date(System.currentTimeMillis() + this.expiryTime.longValue()))));
            return 0;
        }
    }

    @CommandLine.Command(description = {"Show the content of token"})
    /* loaded from: input_file:org/apache/pulsar/utils/auth/tokens/TokensCliUtils$CommandShowToken.class */
    public static class CommandShowToken implements Callable<Integer> {

        @CommandLine.Parameters(description = {"The token string"}, arity = "0..1")
        private String args;

        @CommandLine.Option(names = {"-i", "--stdin"}, description = {"Read token from standard input"})
        private Boolean stdin = false;

        @CommandLine.Option(names = {"-f", "--token-file"}, description = {"Read token from a file"})
        private String tokenFile;

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.util.concurrent.Callable
        public Integer call() throws Exception {
            String str;
            if (this.args != null) {
                str = this.args;
            } else if (this.stdin.booleanValue()) {
                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(System.in));
                try {
                    str = bufferedReader.readLine();
                } finally {
                    if (Collections.singletonList(bufferedReader).get(0) != null) {
                        bufferedReader.close();
                    }
                }
            } else if (this.tokenFile != null) {
                str = new String(Files.readAllBytes(Paths.get(this.tokenFile, new String[0])), StandardCharsets.UTF_8);
            } else {
                if (System.getenv("TOKEN") == null) {
                    System.err.println("Token needs to be either passed as an argument or through `--stdin`, `--token-file` or by the `TOKEN` environment variable");
                    return 1;
                }
                str = System.getenv("TOKEN");
            }
            String[] split = str.split("\\.");
            System.out.println(new String((byte[]) Decoders.BASE64URL.decode(split[0])));
            System.out.println("---");
            System.out.println(new String((byte[]) Decoders.BASE64URL.decode(split[1])));
            return 0;
        }
    }

    @CommandLine.Command(description = {"Validate a token against a key"})
    /* loaded from: input_file:org/apache/pulsar/utils/auth/tokens/TokensCliUtils$CommandValidateToken.class */
    public static class CommandValidateToken implements Callable<Integer> {

        @CommandLine.Parameters(description = {"The token string"}, arity = "0..1")
        private String args;

        @CommandLine.Option(names = {"-f", "--token-file"}, description = {"Read token from a file"})
        private String tokenFile;

        @CommandLine.Option(names = {"-sk", "--secret-key"}, description = {"Pass the secret key for validating the token. This can either be: data:, file:, etc.."})
        private String secretKey;

        @CommandLine.Option(names = {"-pk", "--public-key"}, description = {"Pass the public key for validating the token. This can either be: data:, file:, etc.."})
        private String publicKey;

        @CommandLine.Option(names = {"-a", "--signature-algorithm"}, description = {"The signature algorithm for the key pair if using public key."})
        SignatureAlgorithm algorithm = SignatureAlgorithm.RS256;

        @CommandLine.Option(names = {"-i", "--stdin"}, description = {"Read token from standard input"})
        private Boolean stdin = false;

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.util.concurrent.Callable
        public Integer call() throws Exception {
            String str;
            if (this.secretKey == null && this.publicKey == null) {
                System.err.println("Either --secret-key or --public-key needs to be passed for signing a token");
                return 1;
            }
            if (this.secretKey != null && this.publicKey != null) {
                System.err.println("Only one of --secret-key and --public-key needs to be passed for signing a token");
                return 1;
            }
            if (this.args != null) {
                str = this.args;
            } else if (this.stdin.booleanValue()) {
                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(System.in));
                try {
                    str = bufferedReader.readLine();
                } finally {
                    if (Collections.singletonList(bufferedReader).get(0) != null) {
                        bufferedReader.close();
                    }
                }
            } else if (this.tokenFile != null) {
                str = new String(Files.readAllBytes(Paths.get(this.tokenFile, new String[0])), StandardCharsets.UTF_8);
            } else {
                if (System.getenv("TOKEN") == null) {
                    System.err.println("Token needs to be either passed as an argument or through `--stdin`, `--token-file` or by the `TOKEN` environment variable");
                    return 1;
                }
                str = System.getenv("TOKEN");
            }
            System.out.println(Jwts.parserBuilder().setSigningKey(this.publicKey != null ? AuthTokenUtils.decodePublicKey(AuthTokenUtils.readKeyFromUrl(this.publicKey), this.algorithm) : AuthTokenUtils.decodeSecretKey(AuthTokenUtils.readKeyFromUrl(this.secretKey))).build().parse(str).getBody());
            return 0;
        }
    }

    @CommandLine.Command
    /* loaded from: input_file:org/apache/pulsar/utils/auth/tokens/TokensCliUtils$GenDoc.class */
    static class GenDoc implements Callable<Integer> {
        private final CommandLine rootCmd;

        public GenDoc(CommandLine commandLine) {
            this.rootCmd = commandLine;
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // java.util.concurrent.Callable
        public Integer call() throws Exception {
            CmdGenerateDocs cmdGenerateDocs = new CmdGenerateDocs("pulsar");
            cmdGenerateDocs.addCommand("tokens", this.rootCmd);
            cmdGenerateDocs.run((String[]) null);
            return 0;
        }
    }

    TokensCliUtils() {
        this.commander.addSubcommand("create-secret-key", CommandCreateSecretKey.class);
        this.commander.addSubcommand("create-key-pair", CommandCreateKeyPair.class);
        this.commander.addSubcommand("create", CommandCreateToken.class);
        this.commander.addSubcommand("show", CommandShowToken.class);
        this.commander.addSubcommand("validate", CommandValidateToken.class);
        this.commander.addSubcommand("gen-doc", new GenDoc(this.commander));
    }

    @VisibleForTesting
    int execute(String[] strArr) {
        return this.commander.execute(strArr);
    }

    public static void main(String[] strArr) throws Exception {
        System.exit(new TokensCliUtils().execute(strArr));
    }
}
