package org.xipki.ca.server.mgmt.qa.shell;

import org.apache.karaf.shell.api.action.Command;
import org.apache.karaf.shell.api.action.lifecycle.Service;
import org.xipki.ca.api.profile.CertValidity;
import org.xipki.ca.server.mgmt.api.CaStatus;
import org.xipki.ca.server.mgmt.api.ValidityMode;
import org.xipki.ca.server.mgmt.api.x509.X509CaEntry;
import org.xipki.ca.server.mgmt.api.x509.X509ChangeCaEntry;
import org.xipki.ca.server.mgmt.shell.CaUpdateCmd;
import org.xipki.common.ConfPairs;
import org.xipki.console.karaf.CmdFailure;

@Service
@Command(scope = "caqa", name = "ca-check", description = "check information of CAs (QA)")
/* loaded from: input_file:org/xipki/ca/server/mgmt/qa/shell/CaCheckCmd.class */
public class CaCheckCmd extends CaUpdateCmd {
    protected Object execute0() throws Exception {
        int intValue;
        int permission;
        int intValue2;
        int numCrls;
        boolean booleanValue;
        boolean isDuplicateSubjectPermitted;
        boolean booleanValue2;
        boolean isDuplicateKeyPermitted;
        X509ChangeCaEntry changeCaEntry = getChangeCaEntry();
        String name = changeCaEntry.ident().name();
        println("checking CA" + name);
        X509CaEntry ca = this.caManager.getCa(name);
        if (ca == null) {
            throw new CmdFailure("could not find CA '" + name + "'");
        }
        if (!(ca instanceof X509CaEntry)) {
            throw new CmdFailure("CA '" + name + "' is not an X509-CA");
        }
        X509CaEntry x509CaEntry = ca;
        if (changeCaEntry.caCertUris() != null) {
            MgmtQaShellUtil.assertEquals("CA cert URIs", changeCaEntry.caCertUris(), x509CaEntry.cacertUris());
        }
        if (changeCaEntry.cert() != null && !changeCaEntry.cert().equals(x509CaEntry.certificate())) {
            throw new CmdFailure("CA cert is not as expected");
        }
        if (changeCaEntry.serialNoBitLen() != null) {
            Integer serialNoBitLen = changeCaEntry.serialNoBitLen();
            int serialNoBitLen2 = x509CaEntry.serialNoBitLen();
            if (!serialNoBitLen.equals(Integer.valueOf(serialNoBitLen2))) {
                throw buildUnexpectedException("serial number bit length", Integer.valueOf(serialNoBitLen2), serialNoBitLen);
            }
        }
        if (changeCaEntry.cmpControlName() != null) {
            MgmtQaShellUtil.assertEquals("CMP control name", changeCaEntry.cmpControlName(), x509CaEntry.cmpControlName());
        }
        if (changeCaEntry.crlSignerName() != null) {
            MgmtQaShellUtil.assertEquals("CRL signer name", changeCaEntry.crlSignerName(), x509CaEntry.crlSignerName());
        }
        if (changeCaEntry.crlUris() != null) {
            MgmtQaShellUtil.assertEquals("CRL URIs", changeCaEntry.crlUris(), x509CaEntry.crlUris());
        }
        if (changeCaEntry.deltaCrlUris() != null) {
            MgmtQaShellUtil.assertEquals("Delta CRL URIs", changeCaEntry.deltaCrlUris(), x509CaEntry.deltaCrlUris());
        }
        if (changeCaEntry.duplicateKeyPermitted() != null && (booleanValue2 = changeCaEntry.duplicateKeyPermitted().booleanValue()) != (isDuplicateKeyPermitted = x509CaEntry.isDuplicateKeyPermitted())) {
            throw buildUnexpectedException("Duplicate key permitted", Boolean.valueOf(isDuplicateKeyPermitted), Boolean.valueOf(booleanValue2));
        }
        if (changeCaEntry.duplicateSubjectPermitted() != null && (booleanValue = changeCaEntry.duplicateSubjectPermitted().booleanValue()) != (isDuplicateSubjectPermitted = x509CaEntry.isDuplicateSubjectPermitted())) {
            throw buildUnexpectedException("Duplicate subject mode", Boolean.valueOf(isDuplicateSubjectPermitted), Boolean.valueOf(booleanValue));
        }
        if (changeCaEntry.expirationPeriod() != null) {
            Integer expirationPeriod = changeCaEntry.expirationPeriod();
            Object valueOf = Integer.valueOf(x509CaEntry.expirationPeriod());
            if (!expirationPeriod.equals(valueOf)) {
                throw buildUnexpectedException("Expiration period", valueOf, expirationPeriod);
            }
        }
        if (changeCaEntry.extraControl() != null) {
            String extraControl = changeCaEntry.extraControl();
            Object extraControl2 = x509CaEntry.extraControl();
            if (!extraControl.equals(extraControl2)) {
                throw buildUnexpectedException("Extra control", extraControl2, extraControl);
            }
        }
        if (changeCaEntry.maxValidity() != null) {
            CertValidity maxValidity = changeCaEntry.maxValidity();
            Object maxValidity2 = x509CaEntry.maxValidity();
            if (!maxValidity.equals(maxValidity2)) {
                throw buildUnexpectedException("Max validity", maxValidity2, maxValidity);
            }
        }
        if (changeCaEntry.keepExpiredCertInDays() != null) {
            Integer keepExpiredCertInDays = changeCaEntry.keepExpiredCertInDays();
            int keepExpiredCertInDays2 = x509CaEntry.keepExpiredCertInDays();
            if (keepExpiredCertInDays.intValue() != keepExpiredCertInDays2) {
                throw buildUnexpectedException("keepExiredCertInDays", Integer.valueOf(keepExpiredCertInDays2), keepExpiredCertInDays);
            }
        }
        if (changeCaEntry.numCrls() != null && (intValue2 = changeCaEntry.numCrls().intValue()) != (numCrls = x509CaEntry.numCrls())) {
            throw buildUnexpectedException("num CRLs", Integer.valueOf(numCrls), Integer.valueOf(intValue2));
        }
        if (changeCaEntry.ocspUris() != null) {
            MgmtQaShellUtil.assertEquals("OCSP URIs", changeCaEntry.ocspUris(), x509CaEntry.ocspUris());
        }
        if (changeCaEntry.permission() != null && (intValue = changeCaEntry.permission().intValue()) != (permission = x509CaEntry.permission())) {
            throw buildUnexpectedException("permission", Integer.valueOf(permission), Integer.valueOf(intValue));
        }
        if (changeCaEntry.responderName() != null) {
            MgmtQaShellUtil.assertEquals("responder name", changeCaEntry.responderName(), x509CaEntry.responderName());
        }
        if (changeCaEntry.signerType() != null) {
            MgmtQaShellUtil.assertEquals("signer type", changeCaEntry.signerType(), x509CaEntry.signerType());
        }
        if (changeCaEntry.signerConf() != null) {
            ConfPairs confPairs = new ConfPairs(changeCaEntry.signerConf());
            confPairs.removePair("keystore");
            ConfPairs confPairs2 = new ConfPairs(x509CaEntry.signerConf());
            confPairs2.removePair("keystore");
            if (!confPairs.equals(confPairs2)) {
                throw buildUnexpectedException("signer conf", confPairs2, confPairs);
            }
        }
        if (changeCaEntry.status() != null) {
            CaStatus status = changeCaEntry.status();
            Object status2 = x509CaEntry.status();
            if (!status.equals(status2)) {
                throw buildUnexpectedException("status", status2, status);
            }
        }
        if (changeCaEntry.validityMode() != null) {
            ValidityMode validityMode = changeCaEntry.validityMode();
            Object validityMode2 = x509CaEntry.validityMode();
            if (!validityMode.equals(validityMode2)) {
                throw buildUnexpectedException("validity mode", validityMode2, validityMode);
            }
        }
        println(" checked CA" + name);
        return null;
    }

    private CmdFailure buildUnexpectedException(String str, Object obj, Object obj2) {
        return new CmdFailure(str + ": is '" + obj + "', but expected '" + obj2 + "'");
    }
}
