package org.xipki.ca.server.mgmt.qa.shell;

import java.rmi.UnexpectedException;
import java.util.Collections;
import java.util.Iterator;
import java.util.Set;
import org.apache.karaf.shell.api.action.Command;
import org.apache.karaf.shell.api.action.Completion;
import org.apache.karaf.shell.api.action.Option;
import org.apache.karaf.shell.api.action.lifecycle.Service;
import org.xipki.ca.server.mgmt.api.CaHasRequestorEntry;
import org.xipki.ca.server.mgmt.shell.CaCommandSupport;
import org.xipki.ca.server.mgmt.shell.ShellUtil;
import org.xipki.ca.server.mgmt.shell.completer.CaNameCompleter;
import org.xipki.ca.server.mgmt.shell.completer.PermissionCompleter;
import org.xipki.ca.server.mgmt.shell.completer.ProfileNameAndAllCompleter;
import org.xipki.ca.server.mgmt.shell.completer.RequestorNameCompleter;
import org.xipki.console.karaf.CmdFailure;
import org.xipki.console.karaf.completer.YesNoCompleter;

@Service
@Command(scope = "xipki-caqa", name = "careq-check", description = "check information of requestors in CA (QA)")
/* loaded from: input_file:org/xipki/ca/server/mgmt/qa/shell/CaRequestorCheckCmd.class */
public class CaRequestorCheckCmd extends CaCommandSupport {

    @Option(name = "--ca", required = true, description = "CA name\n(required)")
    @Completion(CaNameCompleter.class)
    private String caName;

    @Option(name = "--requestor", required = true, description = "requestor name\n(required)")
    @Completion(RequestorNameCompleter.class)
    private String requestorName;

    @Option(name = "--ra", description = "whether as RA")
    @Completion(YesNoCompleter.class)
    private String raS = "no";

    @Option(name = "--permission", multiValued = true, description = "permission\n(multi-valued)")
    @Completion(PermissionCompleter.class)
    private Set<String> permissions;

    @Option(name = "--profile", multiValued = true, description = "profile name or 'ALL' for all profiles\n(multi-valued)")
    @Completion(ProfileNameAndAllCompleter.class)
    private Set<String> profiles;

    protected Object execute0() throws Exception {
        int permission;
        println("checking CA requestor CA='" + this.caName + "', requestor='" + this.requestorName + "'");
        if (this.caManager.getCa(this.caName) == null) {
            throw new UnexpectedException("could not find CA '" + this.caName + "'");
        }
        CaHasRequestorEntry caHasRequestorEntry = null;
        Iterator it = this.caManager.getRequestorsForCa(this.caName).iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            CaHasRequestorEntry caHasRequestorEntry2 = (CaHasRequestorEntry) it.next();
            if (caHasRequestorEntry2.requestorIdent().name().equals(this.requestorName)) {
                caHasRequestorEntry = caHasRequestorEntry2;
                break;
            }
        }
        if (caHasRequestorEntry == null) {
            throw new CmdFailure("CA is not associated with requestor '" + this.requestorName + "'");
        }
        boolean isEnabled = isEnabled(this.raS, false, "ra");
        boolean isRa = caHasRequestorEntry.isRa();
        if (isEnabled != isRa) {
            throw new CmdFailure("ra: is '" + isRa + "', expected '" + isEnabled + "'");
        }
        if (this.permissions != null && (permission = ShellUtil.getPermission(this.permissions)) != caHasRequestorEntry.permission()) {
            throw new CmdFailure("permissions: is '" + caHasRequestorEntry.permission() + "', but expected '" + permission + "'");
        }
        if (this.profiles != null) {
            if (this.profiles.size() == 1 && "NULL".equalsIgnoreCase(this.profiles.iterator().next())) {
                this.profiles = Collections.emptySet();
            }
            if (!this.profiles.equals(caHasRequestorEntry.profiles())) {
                throw new CmdFailure("profiles: is '" + caHasRequestorEntry.profiles() + "', but expected '" + this.profiles + "'");
            }
        }
        println(" checked CA requestor CA='" + this.caName + "', requestor='" + this.requestorName + "'");
        return null;
    }
}
