package com.sun.identity.federation.cli;

import com.sun.identity.cli.AuthenticatedCommand;
import com.sun.identity.cli.CLIException;
import com.sun.identity.cli.ExitCodes;
import com.sun.identity.cli.RequestContext;
import com.sun.identity.federation.meta.IDFFMetaException;
import com.sun.identity.federation.meta.IDFFMetaManager;
import com.sun.identity.federation.meta.IDFFMetaSecurityUtils;
import com.sun.identity.federation.meta.IDFFMetaUtils;
import com.sun.identity.saml2.common.SAML2Exception;
import com.sun.identity.saml2.meta.SAML2MetaManager;
import com.sun.identity.saml2.meta.SAML2MetaSecurityUtils;
import com.sun.identity.saml2.meta.SAML2MetaUtils;
import com.sun.identity.wsfederation.meta.WSFederationMetaException;
import com.sun.identity.wsfederation.meta.WSFederationMetaManager;
import com.sun.identity.wsfederation.meta.WSFederationMetaSecurityUtils;
import com.sun.identity.wsfederation.meta.WSFederationMetaUtils;
import java.text.MessageFormat;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.logging.Level;
import org.forgerock.openam.utils.CollectionUtils;

/* loaded from: input_file:com/sun/identity/federation/cli/UpdateMetadataKeyInfo.class */
public class UpdateMetadataKeyInfo extends AuthenticatedCommand {
    private static final String NULL_ALIAS = "null";
    private String realm;
    private String entityID;
    private boolean sign;
    private List<String> spSigningAliases;
    private List<String> idpSigningAliases;
    private String attrqSigningAlias;
    private String attraSigningAlias;
    private String authnaSigningAlias;
    private String pepSigningAlias;
    private String pdpSigningAlias;
    private List<String> spEncryptionAliases;
    private List<String> idpEncryptionAliases;
    private String attrqEncryptionAlias;
    private String attraEncryptionAlias;
    private String authnaEncryptionAlias;
    private String pepEncryptionAlias;
    private String pdpEncryptionAlias;
    private boolean isWebBase;

    @Override // com.sun.identity.cli.AuthenticatedCommand, com.sun.identity.cli.CLICommandBase, com.sun.identity.cli.CLICommand
    public void handleRequest(RequestContext requestContext) throws CLIException {
        super.handleRequest(requestContext);
        ldapLogin();
        this.realm = getStringOptionValue("realm", "/");
        this.entityID = getStringOptionValue(FedCLIConstants.ARGUMENT_ENTITY_ID);
        this.spSigningAliases = requestContext.getOption(FedCLIConstants.ARGUMENT_SP_S_CERT_ALIAS);
        this.idpSigningAliases = requestContext.getOption(FedCLIConstants.ARGUMENT_IDP_S_CERT_ALIAS);
        this.spEncryptionAliases = requestContext.getOption(FedCLIConstants.ARGUMENT_SP_E_CERT_ALIAS);
        this.idpEncryptionAliases = requestContext.getOption(FedCLIConstants.ARGUMENT_IDP_E_CERT_ALIAS);
        validateOptions();
        String webEnabledURL = getCommandManager().getWebEnabledURL();
        this.isWebBase = webEnabledURL != null && webEnabledURL.trim().length() > 0;
        String iDFFSubCommandSpecification = FederationManager.getIDFFSubCommandSpecification(requestContext);
        String[] strArr = {this.realm, this.entityID, Objects.toString(this.spSigningAliases), Objects.toString(this.idpSigningAliases), Objects.toString(this.spEncryptionAliases), Objects.toString(this.idpEncryptionAliases), iDFFSubCommandSpecification};
        writeLog(0, Level.INFO, "ATTEMPT_UPDATE_ENTITY_KEYINFO", strArr);
        try {
            if (iDFFSubCommandSpecification.equals(FedCLIConstants.SAML2_SPECIFICATION)) {
                handleSAML2Request(requestContext);
                writeLog(0, Level.INFO, "SUCCEEDED_UPDATE_ENTITY_KEYINFO", strArr);
            } else if (iDFFSubCommandSpecification.equals(FedCLIConstants.IDFF_SPECIFICATION)) {
                handleIDFFRequest(requestContext);
                writeLog(0, Level.INFO, "SUCCEEDED_UPDATE_ENTITY_KEYINFO", strArr);
            } else {
                if (!iDFFSubCommandSpecification.equals(FedCLIConstants.WSFED_SPECIFICATION)) {
                    throw new CLIException(getResourceString("unsupported-specification"), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
                }
                handleWSFedRequest(requestContext);
                writeLog(0, Level.INFO, "SUCCEEDED_UPDATE_ENTITY_KEYINFO", strArr);
            }
        } catch (CLIException e) {
            writeLog(1, Level.INFO, "FAILED_UPDATE_ENTITY_KEYINFO", this.realm, this.entityID, Objects.toString(this.spSigningAliases), Objects.toString(this.idpSigningAliases), Objects.toString(this.spEncryptionAliases), Objects.toString(this.idpEncryptionAliases), iDFFSubCommandSpecification, e.getMessage());
            throw e;
        }
    }

    private void validateOptions() throws CLIException {
        if (CollectionUtils.isEmpty(this.idpSigningAliases) && CollectionUtils.isEmpty(this.spSigningAliases) && CollectionUtils.isEmpty(this.idpEncryptionAliases) && CollectionUtils.isEmpty(this.spEncryptionAliases)) {
            throw new CLIException(getResourceString("update-meta-keyinfo-exception-alias-null"), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
        }
    }

    private void handleSAML2Request(RequestContext requestContext) throws CLIException {
        try {
            if (new SAML2MetaManager(this.ssoToken).getEntityDescriptor(this.realm, this.entityID) == null) {
                throw new CLIException(MessageFormat.format(getResourceString("update-meta-keyinfo-exception-entity-not-exist"), this.entityID, this.realm), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
            }
            if (!CollectionUtils.isEmpty(this.spSigningAliases)) {
                if (NULL_ALIAS.equals(CollectionUtils.getFirstItem(this.spSigningAliases))) {
                    SAML2MetaSecurityUtils.updateProviderKeyInfo(this.realm, this.entityID, (Set) null, true, false, (String) null, 0);
                } else {
                    SAML2MetaSecurityUtils.updateProviderKeyInfo(this.realm, this.entityID, new LinkedHashSet(this.spSigningAliases), true, false, (String) null, 0);
                }
            }
            if (!CollectionUtils.isEmpty(this.idpSigningAliases)) {
                if (NULL_ALIAS.equals(CollectionUtils.getFirstItem(this.idpSigningAliases))) {
                    SAML2MetaSecurityUtils.updateProviderKeyInfo(this.realm, this.entityID, (Set) null, true, true, (String) null, 0);
                } else {
                    SAML2MetaSecurityUtils.updateProviderKeyInfo(this.realm, this.entityID, new LinkedHashSet(this.idpSigningAliases), true, true, (String) null, 0);
                }
            }
            if (!CollectionUtils.isEmpty(this.spEncryptionAliases)) {
                if (NULL_ALIAS.equals(CollectionUtils.getFirstItem(this.spEncryptionAliases))) {
                    SAML2MetaSecurityUtils.updateProviderKeyInfo(this.realm, this.entityID, (Set) null, false, false, "http://www.w3.org/2001/04/xmlenc#aes128-cbc", 128);
                } else {
                    SAML2MetaSecurityUtils.updateProviderKeyInfo(this.realm, this.entityID, new LinkedHashSet(this.spEncryptionAliases), false, false, "http://www.w3.org/2001/04/xmlenc#aes128-cbc", 128);
                }
            }
            if (!CollectionUtils.isEmpty(this.idpEncryptionAliases)) {
                if (NULL_ALIAS.equals(CollectionUtils.getFirstItem(this.idpEncryptionAliases))) {
                    SAML2MetaSecurityUtils.updateProviderKeyInfo(this.realm, this.entityID, (Set) null, false, true, "http://www.w3.org/2001/04/xmlenc#aes128-cbc", 128);
                } else {
                    SAML2MetaSecurityUtils.updateProviderKeyInfo(this.realm, this.entityID, new LinkedHashSet(this.idpEncryptionAliases), false, true, "http://www.w3.org/2001/04/xmlenc#aes128-cbc", 128);
                }
            }
            getOutputWriter().printlnMessage(MessageFormat.format(getResourceString("update-keyinfo-succeeded"), this.entityID));
        } catch (SAML2Exception e) {
            SAML2MetaUtils.debug.error("UpdateMetaKey.handleSAML2Request", e);
            throw new CLIException(e.getMessage(), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
        }
    }

    private void handleIDFFRequest(RequestContext requestContext) throws CLIException {
        try {
            if (new IDFFMetaManager(this.ssoToken).getEntityDescriptor(this.realm, this.entityID) == null) {
                throw new CLIException(MessageFormat.format(getResourceString("update-meta-keyinfo-exception-entity-not-exist"), this.entityID, this.realm), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
            }
            if (!CollectionUtils.isEmpty(this.spSigningAliases)) {
                if (NULL_ALIAS.equals(CollectionUtils.getFirstItem(this.spSigningAliases))) {
                    IDFFMetaSecurityUtils.updateProviderKeyInfo(this.realm, this.entityID, (String) null, true, false, (String) null, 0);
                } else {
                    IDFFMetaSecurityUtils.updateProviderKeyInfo(this.realm, this.entityID, (String) CollectionUtils.getFirstItem(this.spSigningAliases), true, false, (String) null, 0);
                }
            }
            if (!CollectionUtils.isEmpty(this.idpSigningAliases)) {
                if (NULL_ALIAS.equals(CollectionUtils.getFirstItem(this.idpSigningAliases))) {
                    IDFFMetaSecurityUtils.updateProviderKeyInfo(this.realm, this.entityID, (String) null, true, true, (String) null, 0);
                } else {
                    IDFFMetaSecurityUtils.updateProviderKeyInfo(this.realm, this.entityID, (String) CollectionUtils.getFirstItem(this.idpSigningAliases), true, true, (String) null, 0);
                }
            }
            if (!CollectionUtils.isEmpty(this.spEncryptionAliases)) {
                if (NULL_ALIAS.equals(CollectionUtils.getFirstItem(this.spEncryptionAliases))) {
                    IDFFMetaSecurityUtils.updateProviderKeyInfo(this.realm, this.entityID, (String) null, false, false, "http://www.w3.org/2001/04/xmlenc#aes128-cbc", 128);
                } else {
                    IDFFMetaSecurityUtils.updateProviderKeyInfo(this.realm, this.entityID, (String) CollectionUtils.getFirstItem(this.spEncryptionAliases), false, false, "http://www.w3.org/2001/04/xmlenc#aes128-cbc", 128);
                }
            }
            if (!CollectionUtils.isEmpty(this.idpEncryptionAliases)) {
                if (NULL_ALIAS.equals(CollectionUtils.getFirstItem(this.idpEncryptionAliases))) {
                    IDFFMetaSecurityUtils.updateProviderKeyInfo(this.realm, this.entityID, (String) null, false, true, "http://www.w3.org/2001/04/xmlenc#aes128-cbc", 128);
                } else {
                    IDFFMetaSecurityUtils.updateProviderKeyInfo(this.realm, this.entityID, (String) CollectionUtils.getFirstItem(this.idpEncryptionAliases), false, true, "http://www.w3.org/2001/04/xmlenc#aes128-cbc", 128);
                }
            }
            getOutputWriter().printlnMessage(MessageFormat.format(getResourceString("update-keyinfo-succeeded"), this.entityID));
        } catch (IDFFMetaException e) {
            IDFFMetaUtils.debug.error("UpdateMetaKey.handleIDFFRequest", e);
            throw new CLIException(e.getMessage(), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
        }
    }

    private void handleWSFedRequest(RequestContext requestContext) throws CLIException {
        try {
            if (new WSFederationMetaManager(this.ssoToken).getEntityDescriptor(this.realm, this.entityID) == null) {
                throw new CLIException(MessageFormat.format(getResourceString("update-meta-keyinfo-exception-entity-not-exist"), this.entityID, this.realm), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
            }
            if (!CollectionUtils.isEmpty(this.spSigningAliases)) {
                if (NULL_ALIAS.equals(CollectionUtils.getFirstItem(this.spSigningAliases))) {
                    WSFederationMetaSecurityUtils.updateProviderKeyInfo(this.realm, this.entityID, (String) null, false);
                } else {
                    WSFederationMetaSecurityUtils.updateProviderKeyInfo(this.realm, this.entityID, (String) CollectionUtils.getFirstItem(this.spSigningAliases), false);
                }
            }
            if (!CollectionUtils.isEmpty(this.idpSigningAliases)) {
                if (NULL_ALIAS.equals(CollectionUtils.getFirstItem(this.idpSigningAliases))) {
                    WSFederationMetaSecurityUtils.updateProviderKeyInfo(this.realm, this.entityID, (String) null, true);
                } else {
                    WSFederationMetaSecurityUtils.updateProviderKeyInfo(this.realm, this.entityID, (String) CollectionUtils.getFirstItem(this.idpSigningAliases), true);
                }
            }
            if (!CollectionUtils.isEmpty(this.spEncryptionAliases)) {
                throw new CLIException(MessageFormat.format(getResourceString("update-meta-keyinfo-exception-invalid-option"), this.entityID, this.realm), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
            }
            if (!CollectionUtils.isEmpty(this.idpEncryptionAliases)) {
                throw new CLIException(MessageFormat.format(getResourceString("update-meta-keyinfo-exception-invalid-option"), this.entityID, this.realm), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
            }
            getOutputWriter().printlnMessage(MessageFormat.format(getResourceString("update-keyinfo-succeeded"), this.entityID));
        } catch (WSFederationMetaException e) {
            WSFederationMetaUtils.debug.error("UpdateMetaKey.handleIDFFRequest", e);
            throw new CLIException(e.getMessage(), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
        }
    }
}
