package org.xipki.ca.mgmt.shell;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.math.BigInteger;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Paths;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.karaf.shell.api.action.Argument;
import org.apache.karaf.shell.api.action.Command;
import org.apache.karaf.shell.api.action.Completion;
import org.apache.karaf.shell.api.action.Option;
import org.apache.karaf.shell.api.action.lifecycle.Reference;
import org.apache.karaf.shell.api.action.lifecycle.Service;
import org.apache.karaf.shell.support.completers.FileCompleter;
import org.xipki.ca.api.CaUris;
import org.xipki.ca.api.NameId;
import org.xipki.ca.api.mgmt.CaConfs;
import org.xipki.ca.api.mgmt.CaManager;
import org.xipki.ca.api.mgmt.CaMgmtException;
import org.xipki.ca.api.mgmt.CaStatus;
import org.xipki.ca.api.mgmt.CaSystemStatus;
import org.xipki.ca.api.mgmt.CmpControl;
import org.xipki.ca.api.mgmt.CrlControl;
import org.xipki.ca.api.mgmt.CtLogControl;
import org.xipki.ca.api.mgmt.MgmtEntry;
import org.xipki.ca.api.mgmt.PermissionConstants;
import org.xipki.ca.api.mgmt.ProtocolSupport;
import org.xipki.ca.api.mgmt.ScepControl;
import org.xipki.ca.api.mgmt.ValidityMode;
import org.xipki.ca.mgmt.shell.CaCompleters;
import org.xipki.password.PasswordResolver;
import org.xipki.security.CertRevocationInfo;
import org.xipki.security.CrlReason;
import org.xipki.security.HashAlgo;
import org.xipki.security.SecurityFactory;
import org.xipki.security.util.X509Util;
import org.xipki.shell.CmdFailure;
import org.xipki.shell.Completers;
import org.xipki.shell.IllegalCmdParamException;
import org.xipki.shell.XiAction;
import org.xipki.util.Args;
import org.xipki.util.Base64;
import org.xipki.util.CollectionUtil;
import org.xipki.util.ConfPairs;
import org.xipki.util.DateUtil;
import org.xipki.util.IoUtil;
import org.xipki.util.StringUtil;
import org.xipki.util.Validity;

/* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions.class */
public class CaActions {

    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$CaAction.class */
    public static abstract class CaAction extends XiAction {

        @Reference
        protected CaManager caManager;

        @Reference
        protected SecurityFactory securityFactory;

        protected static String getRealString(String str) {
            if ("null".equalsIgnoreCase(str)) {
                return null;
            }
            return str;
        }

        protected static String toString(Collection<? extends Object> collection) {
            if (collection == null) {
                return "null";
            }
            StringBuilder sb = new StringBuilder();
            sb.append("{");
            int size = collection.size();
            int i = 0;
            Iterator<? extends Object> it = collection.iterator();
            while (it.hasNext()) {
                sb.append(it.next());
                if (i < size - 1) {
                    sb.append(", ");
                }
                i++;
            }
            sb.append("}");
            return sb.toString();
        }

        protected void printCaNames(StringBuilder sb, Set<String> set, String str) throws CaMgmtException {
            if (set.isEmpty()) {
                sb.append(str).append("-\n");
                return;
            }
            for (String str2 : set) {
                Set aliasesForCa = this.caManager.getAliasesForCa(str2);
                if (CollectionUtil.isEmpty(aliasesForCa)) {
                    sb.append(str).append(str2);
                } else {
                    sb.append(str).append(str2 + " (aliases " + aliasesForCa + ")");
                }
                sb.append("\n");
            }
        }
    }

    @Service
    @Command(scope = "ca", name = "ca-add", description = "add CA")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$CaAdd.class */
    public static class CaAdd extends CaAddOrGenAction {

        @Option(name = "--cert", description = "CA certificate file")
        @Completion(FileCompleter.class)
        private String certFile;

        @Option(name = "--certchain", multiValued = true, description = "certificate chain of CA certificate")
        @Completion(FileCompleter.class)
        private List<String> issuerCertFiles;

        protected Object execute0() throws Exception {
            MgmtEntry.Ca caEntry = getCaEntry();
            if (this.certFile != null) {
                caEntry.setCert(X509Util.parseCert(new File(this.certFile)));
            }
            if (CollectionUtil.isNonEmpty(this.issuerCertFiles)) {
                ArrayList arrayList = new ArrayList(this.issuerCertFiles.size());
                Iterator<String> it = this.issuerCertFiles.iterator();
                while (it.hasNext()) {
                    arrayList.add(X509Util.parseCert(Paths.get(it.next(), new String[0]).toFile()));
                }
                caEntry.setCertchain(arrayList);
            }
            String str = "CA " + caEntry.getIdent().getName();
            try {
                this.caManager.addCa(caEntry);
                println("added " + str);
                return null;
            } catch (CaMgmtException e) {
                throw new CmdFailure("could not add " + str + ", error: " + e.getMessage(), e);
            }
        }
    }

    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$CaAddOrGenAction.class */
    public static abstract class CaAddOrGenAction extends CaAction {

        @Option(name = "--name", aliases = {"-n"}, required = true, description = "CA name")
        private String caName;

        @Option(name = "--ca-cert-uri", multiValued = true, description = "CA certificate URI")
        private List<String> caCertUris;

        @Option(name = "--ocsp-uri", multiValued = true, description = "OCSP URI")
        private List<String> ocspUris;

        @Option(name = "--crl-uri", multiValued = true, description = "CRL distribution point")
        private List<String> crlUris;

        @Option(name = "--deltacrl-uri", multiValued = true, description = "CRL distribution point")
        private List<String> deltaCrlUris;

        @Option(name = "--permission", required = true, multiValued = true, description = "permission")
        @Completion(CaCompleters.PermissionCompleter.class)
        private Set<String> permissions;

        @Option(name = "--next-crl-no", required = true, description = "CRL number for the next CRL")
        private Long nextCrlNumber;

        @Option(name = "--max-validity", required = true, description = "maximal validity")
        private String maxValidity;

        @Option(name = "--crl-signer", description = "CRL signer name")
        @Completion(CaCompleters.SignerNameCompleter.class)
        private String crlSignerName;

        @Option(name = "--cmp-responder", description = "CMP responder name")
        @Completion(CaCompleters.SignerNameCompleter.class)
        private String cmpResponderName;

        @Option(name = "--scep-responder", description = "SCEP responder name")
        @Completion(CaCompleters.SignerNameCompleter.class)
        private String scepResponderName;

        @Option(name = "--cmp-control", description = "CMP control")
        private String cmpControl;

        @Option(name = "--crl-control", description = "CRL control")
        private String crlControl;

        @Option(name = "--scep-control", description = "SCEP control")
        private String scepControl;

        @Option(name = "--ctlog-control", description = "CT log control")
        private String ctLogControl;

        @Option(name = "--signer-type", required = true, description = "CA signer type")
        @Completion(CaCompleters.SignerTypeCompleter.class)
        private String signerType;

        @Option(name = "--signer-conf", required = true, description = "CA signer configuration")
        private String signerConf;

        @Option(name = "--extra-control", description = "extra control")
        private String extraControl;

        @Reference
        private PasswordResolver passwordResolver;

        @Option(name = "--status", description = "CA status")
        @Completion(CaCompleters.CaStatusCompleter.class)
        private String caStatus = "active";

        @Option(name = "--rest-status", description = "REST API status")
        @Completion(CaCompleters.CaStatusCompleter.class)
        private String restStatus = "inactive";

        @Option(name = "--sn-bitlen", description = "number of bits of the serial number, between 71 and 159")
        private int snBitLen = 127;

        @Option(name = "--keep-expired-certs", description = "days to keep expired certificates")
        private Integer keepExpiredCertInDays = -1;

        @Option(name = "--num-crls", description = "number of CRLs to be kept in database")
        private Integer numCrls = 30;

        @Option(name = "--expiration-period", description = "days before expiration time of CA to issue certificates")
        private Integer expirationPeriod = 365;

        @Option(name = "--duplicate-key", description = "whether duplicate key is permitted")
        @Completion(Completers.YesNoCompleter.class)
        private String duplicateKeyS = "yes";

        @Option(name = "--duplicate-subject", description = "whether duplicate subject is permitted")
        @Completion(Completers.YesNoCompleter.class)
        private String duplicateSubjectS = "yes";

        @Option(name = "--support-cmp", description = "whether the CMP protocol is supported")
        @Completion(Completers.YesNoCompleter.class)
        private String supportCmpS = "no";

        @Option(name = "--support-rest", description = "whether the REST protocol is supported")
        @Completion(Completers.YesNoCompleter.class)
        private String supportRestS = "no";

        @Option(name = "--support-scep", description = "whether the SCEP protocol is supported")
        @Completion(Completers.YesNoCompleter.class)
        private String supportScepS = "no";

        @Option(name = "--save-req", description = "whether the request is saved")
        @Completion(Completers.YesNoCompleter.class)
        private String saveReqS = "no";

        @Option(name = "--validity-mode", description = "mode of valditity")
        @Completion(CaCompleters.ValidityModeCompleter.class)
        private String validityModeS = "STRICT";

        protected MgmtEntry.Ca getCaEntry() throws Exception {
            Args.range(this.snBitLen, "sn-bitlen", 71, 159);
            if (this.nextCrlNumber.longValue() < 1) {
                throw new IllegalCmdParamException("invalid CRL number: " + this.nextCrlNumber);
            }
            if (this.numCrls.intValue() < 0) {
                throw new IllegalCmdParamException("invalid numCrls: " + this.numCrls);
            }
            if (this.expirationPeriod.intValue() < 0) {
                throw new IllegalCmdParamException("invalid expirationPeriod: " + this.expirationPeriod);
            }
            if ("PKCS12".equalsIgnoreCase(this.signerType) || "JKS".equalsIgnoreCase(this.signerType)) {
                this.signerConf = ShellUtil.canonicalizeSignerConf(this.signerType, this.signerConf, this.passwordResolver, this.securityFactory);
            }
            MgmtEntry.Ca ca = new MgmtEntry.Ca(new NameId((Integer) null, this.caName), this.snBitLen, this.nextCrlNumber.longValue(), this.signerType, this.signerConf, new CaUris(this.caCertUris, this.ocspUris, this.crlUris, this.deltaCrlUris), this.numCrls.intValue(), this.expirationPeriod.intValue());
            ca.setKeepExpiredCertInDays(this.keepExpiredCertInDays.intValue());
            ca.setDuplicateKeyPermitted(isEnabled(this.duplicateKeyS, true, "duplicate-key"));
            ca.setDuplicateSubjectPermitted(isEnabled(this.duplicateSubjectS, true, "duplicate-subject"));
            ca.setProtocolSupport(new ProtocolSupport(isEnabled(this.supportCmpS, false, "support-cmp"), isEnabled(this.supportRestS, false, "support-rest"), isEnabled(this.supportScepS, false, "support-scep")));
            ca.setSaveRequest(isEnabled(this.saveReqS, false, "save-req"));
            ca.setValidityMode(ValidityMode.forName(this.validityModeS));
            ca.setStatus(CaStatus.forName(this.caStatus));
            if (this.cmpControl != null) {
                ca.setCmpControl(new CmpControl(this.cmpControl));
            }
            if (this.crlControl != null) {
                ca.setCrlControl(new CrlControl(this.crlControl));
            }
            if (this.scepControl != null) {
                ca.setScepControl(new ScepControl(this.scepControl));
            }
            if (this.ctLogControl != null) {
                ca.setCtLogControl(new CtLogControl(this.ctLogControl));
            }
            if (this.cmpResponderName != null) {
                ca.setCmpResponderName(this.cmpResponderName);
            }
            if (this.scepResponderName != null) {
                ca.setCmpResponderName(this.scepResponderName);
            }
            if (this.crlSignerName != null) {
                ca.setCrlSignerName(this.crlSignerName);
            }
            ca.setMaxValidity(Validity.getInstance(this.maxValidity));
            ca.setKeepExpiredCertInDays(this.keepExpiredCertInDays.intValue());
            ca.setPermission(ShellUtil.getPermission(this.permissions));
            if (this.extraControl != null) {
                this.extraControl = this.extraControl.trim();
            }
            if (StringUtil.isNotBlank(this.extraControl)) {
                ca.setExtraControl(new ConfPairs(this.extraControl).unmodifiable());
            }
            return ca;
        }
    }

    @Service
    @Command(scope = "ca", name = "ca-info", description = "show information of CA")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$CaInfo.class */
    public static class CaInfo extends CaAction {

        @Argument(index = 0, name = "name", description = "CA name")
        @Completion(CaCompleters.CaNameCompleter.class)
        private String name;

        @Option(name = "--verbose", aliases = {"-v"}, description = "show CA information verbosely")
        private Boolean verbose = Boolean.FALSE;

        protected Object execute0() throws Exception {
            StringBuilder sb = new StringBuilder();
            if (this.name == null) {
                sb.append("successful CAs:\n");
                printCaNames(sb, this.caManager.getSuccessfulCaNames(), "  ");
                sb.append("failed CAs:\n");
                printCaNames(sb, this.caManager.getFailedCaNames(), "  ");
                sb.append("inactive CAs:\n");
                printCaNames(sb, this.caManager.getInactiveCaNames(), "  ");
            } else {
                MgmtEntry.Ca ca = this.caManager.getCa(this.name);
                if (ca == null) {
                    throw new CmdFailure("could not find CA '" + this.name + "'");
                }
                if (CaStatus.ACTIVE == ca.getStatus()) {
                    sb.append("started: ").append(this.caManager.getSuccessfulCaNames().contains(ca.getIdent().getName())).append("\n");
                }
                sb.append("aliases: ").append(toString(this.caManager.getAliasesForCa(this.name))).append("\n");
                sb.append(ca.toString(this.verbose.booleanValue()));
            }
            println(sb.toString());
            return null;
        }
    }

    @Service
    @Command(scope = "ca", name = "ca-revoke", description = "revoke CA")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$CaRevoke.class */
    public static class CaRevoke extends CaAction {
        public static final List<CrlReason> PERMITTED_REASONS = Collections.unmodifiableList(Arrays.asList(CrlReason.UNSPECIFIED, CrlReason.KEY_COMPROMISE, CrlReason.CA_COMPROMISE, CrlReason.AFFILIATION_CHANGED, CrlReason.SUPERSEDED, CrlReason.CESSATION_OF_OPERATION, CrlReason.CERTIFICATE_HOLD, CrlReason.PRIVILEGE_WITHDRAWN));

        @Argument(index = 0, name = "name", description = "CA name", required = true)
        @Completion(CaCompleters.CaNameCompleter.class)
        private String caName;

        @Option(name = "--reason", required = true, description = "CRL reason")
        @Completion(CaCompleters.CaCrlReasonCompleter.class)
        private String reason;

        @Option(name = "--rev-date", valueToShowInHelp = "current time", description = "revocation date, UTC time of format yyyyMMddHHmmss")
        private String revocationDateS;

        @Option(name = "--inv-date", description = "invalidity date, UTC time of format yyyyMMddHHmmss")
        private String invalidityDateS;

        protected Object execute0() throws Exception {
            CrlReason forNameOrText = CrlReason.forNameOrText(this.reason);
            if (!PERMITTED_REASONS.contains(forNameOrText)) {
                throw new IllegalCmdParamException("reason " + this.reason + " is not permitted");
            }
            if (!this.caManager.getCaNames().contains(this.caName)) {
                throw new IllegalCmdParamException("invalid CA name " + this.caName);
            }
            Date parseUtcTimeyyyyMMddhhmmss = isNotBlank(this.revocationDateS) ? DateUtil.parseUtcTimeyyyyMMddhhmmss(this.revocationDateS) : new Date();
            Date date = null;
            if (isNotBlank(this.invalidityDateS)) {
                date = DateUtil.parseUtcTimeyyyyMMddhhmmss(this.invalidityDateS);
            }
            CertRevocationInfo certRevocationInfo = new CertRevocationInfo(forNameOrText, parseUtcTimeyyyyMMddhhmmss, date);
            String str = "CA " + this.caName;
            try {
                this.caManager.revokeCa(this.caName, certRevocationInfo);
                println("revoked " + str);
                return null;
            } catch (CaMgmtException e) {
                throw new CmdFailure("could not revoke " + str + ", error: " + e.getMessage(), e);
            }
        }
    }

    @Service
    @Command(scope = "ca", name = "ca-rm", description = "remove CA")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$CaRm.class */
    public static class CaRm extends CaAction {

        @Argument(index = 0, name = "name", required = true, description = "CA name")
        @Completion(CaCompleters.CaNameCompleter.class)
        private String name;

        @Option(name = "--force", aliases = {"-f"}, description = "without prompt")
        private Boolean force = Boolean.FALSE;

        protected Object execute0() throws Exception {
            String str = "CA " + this.name;
            if (!this.force.booleanValue() && !confirm("Do you want to remove " + str, 3)) {
                return null;
            }
            try {
                this.caManager.removeCa(this.name);
                println("removed " + str);
                return null;
            } catch (CaMgmtException e) {
                throw new CmdFailure("could not remove " + str + ", error: " + e.getMessage(), e);
            }
        }
    }

    @Service
    @Command(scope = "ca", name = "ca-unrevoke", description = "unrevoke CA")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$CaUnrevoke.class */
    public static class CaUnrevoke extends CaAction {

        @Argument(index = 0, name = "name", required = true, description = "CA name")
        @Completion(CaCompleters.CaNameCompleter.class)
        private String caName;

        protected Object execute0() throws Exception {
            if (!this.caManager.getCaNames().contains(this.caName)) {
                throw new IllegalCmdParamException("invalid CA name " + this.caName);
            }
            String str = "CA " + this.caName;
            try {
                this.caManager.unrevokeCa(this.caName);
                println("unrevoked " + str);
                return null;
            } catch (CaMgmtException e) {
                throw new CmdFailure("could not unrevoke " + str + ", error: " + e.getMessage(), e);
            }
        }
    }

    @Service
    @Command(scope = "ca", name = "ca-up", description = "update CA")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$CaUp.class */
    public static class CaUp extends CaAction {

        @Option(name = "--name", aliases = {"-n"}, required = true, description = "CA name")
        @Completion(CaCompleters.CaNameCompleter.class)
        private String caName;

        @Option(name = "--sn-bitlen", description = "number of bits of the serial number, between 71 and 159")
        private Integer snBitLen;

        @Option(name = "--status", description = "CA status")
        @Completion(CaCompleters.CaStatusCompleter.class)
        private String caStatus;

        @Option(name = "--ca-cert-uri", multiValued = true, description = "CA certificate URI")
        private List<String> caCertUris;

        @Option(name = "--ocsp-uri", multiValued = true, description = "OCSP URI or 'null'")
        private List<String> ocspUris;

        @Option(name = "--crl-uri", multiValued = true, description = "CRL distribution point URI or 'null'")
        private List<String> crlUris;

        @Option(name = "--deltacrl-uri", multiValued = true, description = "delta CRL distribution point URI or 'null'")
        private List<String> deltaCrlUris;

        @Option(name = "--permission", multiValued = true, description = "permission")
        @Completion(CaCompleters.PermissionCompleter.class)
        private Set<String> permissions;

        @Option(name = "--max-validity", description = "maximal validity")
        private String maxValidity;

        @Option(name = "--expiration-period", description = "days before expiration time of CA to issue certificates")
        private Integer expirationPeriod;

        @Option(name = "--keep-expired-certs", description = "days to keep expired certificates")
        private Integer keepExpiredCertInDays;

        @Option(name = "--crl-signer", description = "CRL signer name or 'null'")
        @Completion(CaCompleters.SignerNamePlusNullCompleter.class)
        private String crlSignerName;

        @Option(name = "--cmp-responder", description = "CMP responder name or 'null'")
        @Completion(CaCompleters.SignerNamePlusNullCompleter.class)
        private String cmpResponderName;

        @Option(name = "--scep-responder", description = "SCEP responder name or 'null'")
        @Completion(CaCompleters.SignerNamePlusNullCompleter.class)
        private String scepResponderName;

        @Option(name = "--cmp-control", description = "CMP control or 'null'")
        private String cmpControl;

        @Option(name = "--crl-control", description = "CRL control or 'null'")
        private String crlControl;

        @Option(name = "--scep-control", description = "SCEP control or 'null'")
        private String scepControl;

        @Option(name = "--ctlog-control", description = "CT log control")
        private String ctLogControl;

        @Option(name = "--num-crls", description = "number of CRLs to be kept in database")
        private Integer numCrls;

        @Option(name = "--cert", description = "CA certificate file")
        @Completion(FileCompleter.class)
        private String certFile;

        @Option(name = "--certchain", multiValued = true, description = "certificate chain of CA certificate")
        @Completion(FileCompleter.class)
        private List<String> issuerCertFiles;

        @Option(name = "--signer-type", description = "CA signer type")
        @Completion(CaCompleters.SignerTypeCompleter.class)
        private String signerType;

        @Option(name = "--signer-conf", description = "CA signer configuration or 'null'")
        private String signerConf;

        @Option(name = "--duplicate-key", description = "whether duplicate key is permitted")
        @Completion(Completers.YesNoCompleter.class)
        private String duplicateKeyS;

        @Option(name = "--duplicate-subject", description = "whether duplicate subject is permitted")
        @Completion(Completers.YesNoCompleter.class)
        private String duplicateSubjectS;

        @Option(name = "--support-cmp", description = "whether the CMP protocol is supported")
        @Completion(Completers.YesNoCompleter.class)
        private String supportCmpS;

        @Option(name = "--support-rest", description = "whether the REST protocol is supported")
        @Completion(Completers.YesNoCompleter.class)
        private String supportRestS;

        @Option(name = "--support-scep", description = "whether the SCEP protocol is supported")
        @Completion(Completers.YesNoCompleter.class)
        private String supportScepS;

        @Option(name = "--save-req", description = "whether the request is saved")
        @Completion(Completers.YesNoCompleter.class)
        private String saveReqS;

        @Option(name = "--validity-mode", description = "mode of valditity")
        @Completion(CaCompleters.ValidityModeCompleter.class)
        private String validityModeS;

        @Option(name = "--extra-control", description = "extra control")
        private String extraControl;

        @Reference
        private PasswordResolver passwordResolver;

        protected MgmtEntry.ChangeCa getChangeCaEntry() throws Exception {
            MgmtEntry.ChangeCa changeCa = new MgmtEntry.ChangeCa(new NameId((Integer) null, this.caName));
            if (this.snBitLen != null) {
                Args.range(this.snBitLen.intValue(), "sn-bitlen", 71, 159);
                changeCa.setSerialNoBitLen(this.snBitLen);
            }
            if (this.caStatus != null) {
                changeCa.setStatus(CaStatus.forName(this.caStatus));
            }
            if (this.expirationPeriod != null && this.expirationPeriod.intValue() < 0) {
                throw new IllegalCmdParamException("invalid expirationPeriod: " + this.expirationPeriod);
            }
            changeCa.setExpirationPeriod(this.expirationPeriod);
            if (this.keepExpiredCertInDays != null) {
                changeCa.setKeepExpiredCertInDays(this.keepExpiredCertInDays);
            }
            if (this.certFile != null) {
                changeCa.setEncodedCert(IoUtil.read(this.certFile));
            }
            if (CollectionUtil.isNonEmpty(this.issuerCertFiles)) {
                ArrayList arrayList = new ArrayList(this.issuerCertFiles.size());
                Iterator<String> it = this.issuerCertFiles.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    String next = it.next();
                    if ("null".equalsIgnoreCase(next)) {
                        arrayList.clear();
                        break;
                    }
                    arrayList.add(X509Util.parseCert(Paths.get(next, new String[0]).toFile()).getEncoded());
                }
                changeCa.setEncodedCertchain(arrayList);
            }
            if (this.signerConf != null) {
                String str = this.signerType;
                if (str == null) {
                    MgmtEntry.Ca ca = this.caManager.getCa(this.caName);
                    if (ca == null) {
                        throw new IllegalCmdParamException("please specify the signerType");
                    }
                    str = ca.getSignerType();
                }
                this.signerConf = ShellUtil.canonicalizeSignerConf(str, this.signerConf, this.passwordResolver, this.securityFactory);
                changeCa.setSignerConf(this.signerConf);
            }
            if (this.duplicateKeyS != null) {
                changeCa.setDuplicateKeyPermitted(Boolean.valueOf(isEnabled(this.duplicateKeyS, true, "duplicate-key")));
            }
            if (this.duplicateSubjectS != null) {
                changeCa.setDuplicateSubjectPermitted(Boolean.valueOf(isEnabled(this.duplicateSubjectS, true, "duplicate-subject")));
            }
            if (this.supportCmpS != null) {
                changeCa.setSupportCmp(Boolean.valueOf(isEnabled(this.supportCmpS, false, "support-cmp")));
            }
            if (this.supportRestS != null) {
                changeCa.setSupportRest(Boolean.valueOf(isEnabled(this.supportRestS, false, "support-rest")));
            }
            if (this.supportScepS != null) {
                changeCa.setSupportScep(Boolean.valueOf(isEnabled(this.supportScepS, false, "support-scep")));
            }
            if (this.saveReqS != null) {
                changeCa.setSaveRequest(Boolean.valueOf(isEnabled(this.saveReqS, true, "save-req")));
            }
            if (CollectionUtil.isNonEmpty(this.permissions)) {
                changeCa.setPermission(Integer.valueOf(ShellUtil.getPermission(this.permissions)));
            }
            changeCa.setCaUris(new CaUris(getUris(this.caCertUris), getUris(this.ocspUris), getUris(this.crlUris), getUris(this.deltaCrlUris)));
            if (this.validityModeS != null) {
                changeCa.setValidityMode(ValidityMode.forName(this.validityModeS));
            }
            if (this.maxValidity != null) {
                changeCa.setMaxValidity(Validity.getInstance(this.maxValidity));
            }
            if (this.cmpControl != null) {
                changeCa.setCmpControl(this.cmpControl);
            }
            if (this.crlControl != null) {
                changeCa.setCrlControl(this.crlControl);
            }
            if (this.scepControl != null) {
                changeCa.setScepControl(this.scepControl);
            }
            if (this.ctLogControl != null) {
                changeCa.setCtLogControl(this.ctLogControl);
            }
            if (this.cmpResponderName != null) {
                changeCa.setCmpResponderName(this.cmpResponderName);
            }
            if (this.scepResponderName != null) {
                changeCa.setScepResponderName(this.scepResponderName);
            }
            if (this.crlSignerName != null) {
                changeCa.setCrlSignerName(this.crlSignerName);
            }
            if (this.extraControl != null) {
                changeCa.setExtraControl(new ConfPairs(this.extraControl).unmodifiable());
            }
            if (this.numCrls != null) {
                changeCa.setNumCrls(this.numCrls);
            }
            return changeCa;
        }

        protected Object execute0() throws Exception {
            String str = "CA " + this.caName;
            try {
                this.caManager.changeCa(getChangeCaEntry());
                println("updated " + str);
                return null;
            } catch (CaMgmtException e) {
                throw new CmdFailure("could not update " + str + ", error: " + e.getMessage(), e);
            }
        }

        private static List<String> getUris(List<String> list) {
            if (list == null) {
                return null;
            }
            boolean z = false;
            Iterator<String> it = list.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if ("null".equalsIgnoreCase(it.next())) {
                    z = true;
                    break;
                }
            }
            return z ? Collections.emptyList() : new ArrayList(list);
        }
    }

    @Service
    @Command(scope = "ca", name = "caalias-add", description = "add CA alias")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$CaaliasAdd.class */
    public static class CaaliasAdd extends CaAction {

        @Option(name = "--ca", required = true, description = "CA name")
        @Completion(CaCompleters.CaNameCompleter.class)
        private String caName;

        @Option(name = "--alias", required = true, description = "CA alias")
        private String caAlias;

        protected Object execute0() throws Exception {
            String str = "CA alias " + this.caAlias + " associated with CA " + this.caName;
            try {
                this.caManager.addCaAlias(this.caAlias, this.caName);
                println("added " + str);
                return null;
            } catch (CaMgmtException e) {
                throw new CmdFailure("could not add " + str + ", error: " + e.getMessage(), e);
            }
        }
    }

    @Service
    @Command(scope = "ca", name = "caalias-info", description = "show information of CA alias")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$CaaliasInfo.class */
    public static class CaaliasInfo extends CaAction {

        @Argument(index = 0, name = "alias", description = "CA alias")
        @Completion(CaCompleters.CaAliasCompleter.class)
        private String caAlias;

        protected Object execute0() throws Exception {
            Set caAliasNames = this.caManager.getCaAliasNames();
            StringBuilder sb = new StringBuilder();
            if (this.caAlias == null) {
                int size = caAliasNames.size();
                if (size == 0 || size == 1) {
                    sb.append(size == 0 ? "no" : "1");
                    sb.append(" CA alias is configured\n");
                } else {
                    sb.append(size).append(" CA aliases are configured:\n");
                }
                ArrayList arrayList = new ArrayList(caAliasNames);
                Collections.sort(arrayList);
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    sb.append("\t").append((String) it.next()).append("\n");
                }
            } else {
                if (!caAliasNames.contains(this.caAlias)) {
                    throw new CmdFailure("could not find CA alias '" + this.caAlias + "'");
                }
                sb.append(this.caAlias).append("\n\t").append(this.caManager.getCaNameForAlias(this.caAlias));
            }
            println(sb.toString());
            return null;
        }
    }

    @Service
    @Command(scope = "ca", name = "caalias-rm", description = "remove CA alias")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$CaaliasRm.class */
    public static class CaaliasRm extends CaAction {

        @Argument(index = 0, name = "alias", description = "CA alias", required = true)
        @Completion(CaCompleters.CaAliasCompleter.class)
        private String caAlias;

        @Option(name = "--force", aliases = {"-f"}, description = "without prompt")
        private Boolean force = Boolean.FALSE;

        protected Object execute0() throws Exception {
            String str = "CA alias " + this.caAlias;
            if (!this.force.booleanValue() && !confirm("Do you want to remove " + str, 3)) {
                return null;
            }
            try {
                this.caManager.removeCaAlias(this.caAlias);
                println("removed " + str);
                return null;
            } catch (CaMgmtException e) {
                throw new CmdFailure("could not remove " + str + ", error: " + e.getMessage(), e);
            }
        }
    }

    @Service
    @Command(scope = "ca", name = "caprofile-add", description = "add certificate profile to CA")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$CaprofileAdd.class */
    public static class CaprofileAdd extends CaAction {

        @Option(name = "--ca", required = true, description = "CA name")
        @Completion(CaCompleters.CaNameCompleter.class)
        private String caName;

        @Option(name = "--profile", required = true, multiValued = true, description = "profile name")
        @Completion(CaCompleters.ProfileNameCompleter.class)
        private List<String> profileNames;

        protected Object execute0() throws Exception {
            for (String str : this.profileNames) {
                String concat = StringUtil.concat("certificate profile ", new String[]{str, " to CA ", this.caName});
                try {
                    this.caManager.addCertprofileToCa(str, this.caName);
                    println("associated " + concat);
                } catch (CaMgmtException e) {
                    throw new CmdFailure("could not associate " + concat + ", error: " + e.getMessage(), e);
                }
            }
            return null;
        }
    }

    @Service
    @Command(scope = "ca", name = "caprofile-info", description = "show information of certificate profile in given CA")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$CaprofileInfo.class */
    public static class CaprofileInfo extends CaAction {

        @Option(name = "--ca", required = true, description = "CA name")
        @Completion(CaCompleters.CaNameCompleter.class)
        private String caName;

        protected Object execute0() throws Exception {
            if (this.caManager.getCa(this.caName) == null) {
                throw new CmdFailure("could not find CA '" + this.caName + "'");
            }
            StringBuilder sb = new StringBuilder();
            Set certprofilesForCa = this.caManager.getCertprofilesForCa(this.caName);
            if (CollectionUtil.isNonEmpty(certprofilesForCa)) {
                sb.append("certificate Profiles supported by CA " + this.caName).append("\n");
                Iterator it = certprofilesForCa.iterator();
                while (it.hasNext()) {
                    sb.append("\t").append((String) it.next()).append("\n");
                }
            } else {
                sb.append("\tno profile for CA " + this.caName + " is configured");
            }
            println(sb.toString());
            return null;
        }
    }

    @Service
    @Command(scope = "ca", name = "caprofile-rm", description = "remove certificate profile from CA")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$CaprofileRm.class */
    public static class CaprofileRm extends CaAction {

        @Option(name = "--ca", required = true, description = "CA name")
        @Completion(CaCompleters.CaNameCompleter.class)
        private String caName;

        @Option(name = "--profile", required = true, multiValued = true, description = "certificate profile name")
        @Completion(CaCompleters.ProfileNameCompleter.class)
        private List<String> profileNames;

        @Option(name = "--force", aliases = {"-f"}, description = "without prompt")
        private Boolean force = Boolean.FALSE;

        protected Object execute0() throws Exception {
            for (String str : this.profileNames) {
                String concat = StringUtil.concat("certificate profile ", new String[]{str, " from CA ", this.caName});
                if (this.force.booleanValue() || confirm("Do you want to remove " + concat, 3)) {
                    try {
                        this.caManager.removeCertprofileFromCa(str, this.caName);
                        println("removed " + concat);
                    } catch (CaMgmtException e) {
                        throw new CmdFailure("could not remove " + concat + ", error: " + e.getMessage(), e);
                    }
                }
            }
            return null;
        }
    }

    @Service
    @Command(scope = "ca", name = "capub-add", description = "add publisher to CA")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$CapubAdd.class */
    public static class CapubAdd extends CaAction {

        @Option(name = "--ca", required = true, description = "CA name")
        @Completion(CaCompleters.CaNameCompleter.class)
        private String caName;

        @Option(name = "--publisher", required = true, multiValued = true, description = "publisher name")
        @Completion(CaCompleters.PublisherNameCompleter.class)
        private List<String> publisherNames;

        protected Object execute0() throws Exception {
            for (String str : this.publisherNames) {
                String str2 = "publisher " + str + " to CA " + this.caName;
                try {
                    this.caManager.addPublisherToCa(str, this.caName);
                    println("added " + str2);
                } catch (CaMgmtException e) {
                    throw new CmdFailure("could not add " + str2 + ", error: " + e.getMessage(), e);
                }
            }
            return null;
        }
    }

    @Service
    @Command(scope = "ca", name = "capub-info", description = "show information of publisher in given CA")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$CapubInfo.class */
    public static class CapubInfo extends CaAction {

        @Option(name = "--ca", required = true, description = "CA name")
        @Completion(CaCompleters.CaNameCompleter.class)
        private String caName;

        protected Object execute0() throws Exception {
            if (this.caManager.getCa(this.caName) == null) {
                throw new CmdFailure("could not find CA '" + this.caName + "'");
            }
            List publishersForCa = this.caManager.getPublishersForCa(this.caName);
            if (!isNotEmpty(publishersForCa)) {
                println(StringUtil.concat("no publisher for CA ", new String[]{this.caName, " is configured"}));
                return null;
            }
            StringBuilder sb = new StringBuilder();
            sb.append("publishers for CA ").append(this.caName).append("\n");
            Iterator it = publishersForCa.iterator();
            while (it.hasNext()) {
                sb.append("\t").append(((MgmtEntry.Publisher) it.next()).getIdent().getName()).append("\n");
            }
            println(sb.toString());
            return null;
        }
    }

    @Service
    @Command(scope = "ca", name = "capub-rm", description = "remove publisher from CA")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$CapubRm.class */
    public static class CapubRm extends CaAction {

        @Option(name = "--ca", required = true, description = "CA name")
        @Completion(CaCompleters.CaNameCompleter.class)
        private String caName;

        @Option(name = "--publisher", required = true, multiValued = true, description = "publisher name")
        @Completion(CaCompleters.PublisherNameCompleter.class)
        private List<String> publisherNames;

        @Option(name = "--force", aliases = {"-f"}, description = "without prompt")
        private Boolean force = Boolean.FALSE;

        protected Object execute0() throws Exception {
            for (String str : this.publisherNames) {
                String str2 = "publisher " + str + " from CA " + this.caName;
                if (this.force.booleanValue() || confirm("Do you want to remove " + str2, 3)) {
                    try {
                        this.caManager.removePublisherFromCa(str, this.caName);
                        println("removed " + str2);
                    } catch (CaMgmtException e) {
                        throw new CmdFailure("could not remove " + str2 + ", error: " + e.getMessage(), e);
                    }
                }
            }
            return null;
        }
    }

    @Service
    @Command(scope = "ca", name = "careq-add", description = "add requestor to CA")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$CareqAdd.class */
    public static class CareqAdd extends CaAction {

        @Option(name = "--ca", required = true, description = "CA name")
        @Completion(CaCompleters.CaNameCompleter.class)
        private String caName;

        @Option(name = "--requestor", required = true, description = "requestor name")
        @Completion(CaCompleters.RequestorNameCompleter.class)
        private String requestorName;

        @Option(name = "--ra", description = "whether as RA")
        @Completion(Completers.YesNoCompleter.class)
        private String raS = "no";

        @Option(name = "--permission", required = true, multiValued = true, description = "permission")
        @Completion(CaCompleters.PermissionCompleter.class)
        private Set<String> permissions;

        @Option(name = "--profile", multiValued = true, description = "profile name or 'all' for all profiles")
        @Completion(CaCompleters.ProfileNameAndAllCompleter.class)
        private Set<String> profiles;

        protected Object execute0() throws Exception {
            boolean isEnabled = isEnabled(this.raS, false, "ra");
            MgmtEntry.CaHasRequestor caHasRequestor = new MgmtEntry.CaHasRequestor(new NameId((Integer) null, this.requestorName));
            caHasRequestor.setRa(isEnabled);
            caHasRequestor.setProfiles(this.profiles);
            caHasRequestor.setPermission(ShellUtil.getPermission(this.permissions));
            String str = "requestor " + this.requestorName + " to CA " + this.caName;
            try {
                this.caManager.addRequestorToCa(caHasRequestor, this.caName);
                println("added " + str);
                return null;
            } catch (CaMgmtException e) {
                throw new CmdFailure("could not add " + str + ", error: " + e.getMessage(), e);
            }
        }
    }

    @Service
    @Command(scope = "ca", name = "careq-info", description = "show information of requestor in CA")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$CareqInfo.class */
    public static class CareqInfo extends CaAction {

        @Option(name = "--ca", required = true, description = "CA name")
        @Completion(CaCompleters.CaNameCompleter.class)
        private String caName;

        protected Object execute0() throws Exception {
            if (this.caManager.getCa(this.caName) == null) {
                throw new CmdFailure("could not find CA '" + this.caName + "'");
            }
            StringBuilder sb = new StringBuilder();
            Set requestorsForCa = this.caManager.getRequestorsForCa(this.caName);
            if (isNotEmpty(requestorsForCa)) {
                sb.append("requestors trusted by CA " + this.caName).append("\n");
                Iterator it = requestorsForCa.iterator();
                while (it.hasNext()) {
                    sb.append("----------\n").append((MgmtEntry.CaHasRequestor) it.next()).append("\n");
                }
            } else {
                sb.append("no requestor for CA " + this.caName + " is configured");
            }
            println(sb.toString());
            return null;
        }
    }

    @Service
    @Command(scope = "ca", name = "careq-rm", description = "remove requestor from CA")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$CareqRm.class */
    public static class CareqRm extends CaAction {

        @Option(name = "--ca", required = true, description = "CA name")
        @Completion(CaCompleters.CaNameCompleter.class)
        private String caName;

        @Option(name = "--requestor", required = true, multiValued = true, description = "requestor name")
        @Completion(CaCompleters.RequestorNameCompleter.class)
        private List<String> requestorNames;

        @Option(name = "--force", aliases = {"-f"}, description = "without prompt")
        private Boolean force = Boolean.FALSE;

        protected Object execute0() throws Exception {
            for (String str : this.requestorNames) {
                String str2 = "requestor " + str + " from CA " + this.caName;
                if (this.force.booleanValue() || confirm("Do you want to remove " + str2, 3)) {
                    try {
                        this.caManager.removeRequestorFromCa(str, this.caName);
                        println("removed " + str2);
                    } catch (CaMgmtException e) {
                        throw new CmdFailure("could not remove " + str2 + ", error: " + e.getMessage(), e);
                    }
                }
            }
            return null;
        }
    }

    @Service
    @Command(scope = "ca", name = "causer-add", description = "add user to CA")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$CauserAdd.class */
    public static class CauserAdd extends CaAction {

        @Option(name = "--ca", required = true, description = "CA name")
        @Completion(CaCompleters.CaNameCompleter.class)
        private String caName;

        @Option(name = "--user", required = true, description = "user name")
        private String userName;

        @Option(name = "--permission", required = true, multiValued = true, description = "permission")
        @Completion(CaCompleters.PermissionCompleter.class)
        private Set<String> permissions;

        @Option(name = "--profile", required = true, multiValued = true, description = "profile name or 'all' for all profiles")
        @Completion(CaCompleters.ProfileNameAndAllCompleter.class)
        private Set<String> profiles;

        protected Object execute0() throws Exception {
            MgmtEntry.CaHasUser caHasUser = new MgmtEntry.CaHasUser(new NameId((Integer) null, this.userName));
            caHasUser.setProfiles(this.profiles);
            caHasUser.setPermission(ShellUtil.getPermission(this.permissions));
            String str = "user " + this.userName + " to CA " + this.caName;
            try {
                this.caManager.addUserToCa(caHasUser, this.caName);
                println("added " + str);
                return null;
            } catch (CaMgmtException e) {
                throw new CmdFailure("could not add " + str + ", error: " + e.getMessage(), e);
            }
        }
    }

    @Service
    @Command(scope = "ca", name = "causer-rm", description = "remove user from CA")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$CauserRm.class */
    public static class CauserRm extends CaAction {

        @Option(name = "--ca", required = true, description = "CA name")
        @Completion(CaCompleters.CaNameCompleter.class)
        private String caName;

        @Option(name = "--user", required = true, description = "user name")
        private String userName;

        @Option(name = "--force", aliases = {"-f"}, description = "without prompt")
        private Boolean force = Boolean.FALSE;

        protected Object execute0() throws Exception {
            String str = "user " + this.userName + " from CA " + this.caName;
            if (!this.force.booleanValue() && !confirm("Do you want to remove " + str, 3)) {
                return null;
            }
            try {
                this.caManager.removeUserFromCa(this.userName, this.caName);
                println("removed " + str);
                return null;
            } catch (CaMgmtException e) {
                throw new CmdFailure("could not remove " + str + ", error: " + e.getMessage(), e);
            }
        }
    }

    @Service
    @Command(scope = "ca", name = "clear-publishqueue", description = "clear publish queue")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$ClearPublishqueue.class */
    public static class ClearPublishqueue extends CaAction {

        @Option(name = "--ca", required = true, description = "CA name or 'all' for all CAs")
        @Completion(CaCompleters.CaNamePlusAllCompleter.class)
        private String caName;

        @Option(name = "--publisher", required = true, multiValued = true, description = "publisher name or 'all' for all publishers")
        @Completion(CaCompleters.PublisherNamePlusAllCompleter.class)
        private List<String> publisherNames;

        protected Object execute0() throws Exception {
            if (this.publisherNames == null) {
                throw new IllegalStateException("should not reach here");
            }
            boolean z = false;
            Iterator<String> it = this.publisherNames.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if ("all".equalsIgnoreCase(it.next())) {
                    z = true;
                    break;
                }
            }
            if (z) {
                this.publisherNames = null;
            }
            if ("all".equalsIgnoreCase(this.caName)) {
                this.caName = null;
            }
            String str = "publish queue of CA " + this.caName + " for publishers " + toString(this.publisherNames);
            try {
                this.caManager.clearPublishQueue(this.caName, this.publisherNames);
                println("cleared " + str);
                return null;
            } catch (CaMgmtException e) {
                throw new CmdFailure("could not clear " + str + ", error: " + e.getMessage(), e);
            }
        }
    }

    @Service
    @Command(scope = "ca", name = "export-conf", description = "export configuration to zip file")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$ExportConf.class */
    public static class ExportConf extends CaAction {

        @Option(name = "--conf-file", required = true, description = "zip file that saves the exported configuration")
        @Completion(FileCompleter.class)
        private String confFile;

        @Option(name = "--ca", multiValued = true, description = "CAs whose configuration should be exported. Empty list means all CAs")
        @Completion(CaCompleters.CaNameCompleter.class)
        private List<String> caNames;

        protected Object execute0() throws Exception {
            String str = "configuration to file " + this.confFile;
            try {
                save(new File(this.confFile), IoUtil.read(this.caManager.exportConf(this.caNames)));
                println("exported " + str);
                return null;
            } catch (CaMgmtException e) {
                throw new CmdFailure("could not export " + str + ", error: " + e.getMessage(), e);
            }
        }
    }

    @Service
    @Command(scope = "ca", name = "gen-rootca", description = "generate selfsigned CA")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$GenRootca.class */
    public static class GenRootca extends CaAddOrGenAction {

        @Option(name = "--csr", required = true, description = "CSR of the Root CA")
        @Completion(FileCompleter.class)
        private String csrFile;

        @Option(name = "--profile", required = true, description = "profile of the Root CA")
        private String rootcaProfile;

        @Option(name = "--serial", description = "profile of the Root CA")
        private String serialS;

        @Option(name = "--outform", description = "output format of the certificate")
        @Completion(Completers.DerPemCompleter.class)
        protected String outform = "der";

        @Option(name = "--out", aliases = {"-o"}, description = "where to save the generated CA certificate")
        @Completion(FileCompleter.class)
        private String rootcaCertOutFile;

        protected Object execute0() throws Exception {
            MgmtEntry.Ca caEntry = getCaEntry();
            byte[] read = IoUtil.read(this.csrFile);
            BigInteger bigInteger = null;
            if (this.serialS != null) {
                bigInteger = toBigInt(this.serialS);
            }
            X509Certificate generateRootCa = this.caManager.generateRootCa(caEntry, this.rootcaProfile, read, bigInteger);
            if (this.rootcaCertOutFile != null) {
                saveVerbose("saved root certificate to file", this.rootcaCertOutFile, encodeCert(generateRootCa.getEncoded(), this.outform));
            }
            println("generated root CA " + caEntry.getIdent().getName());
            return null;
        }
    }

    @Service
    @Command(scope = "ca", name = "load-conf", description = "load configuration")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$LoadConf.class */
    public static class LoadConf extends CaAction {

        @Option(name = "--conf-file", description = "CA system configuration file (XML or zip file")
        @Completion(FileCompleter.class)
        private String confFile;

        @Option(name = "--outform", description = "output format of the root certificates")
        @Completion(Completers.DerPemCompleter.class)
        protected String outform = "der";

        @Option(name = "--out-dir", description = "directory to save the root certificates")
        @Completion(FileCompleter.class)
        private String outDir = ".";

        protected Object execute0() throws Exception {
            String str = "configuration " + this.confFile;
            try {
                Map loadConf = this.caManager.loadConf(this.confFile.endsWith(".json") ? CaConfs.convertFileConfToZip(this.confFile) : Files.newInputStream(Paths.get(this.confFile, new String[0]), new OpenOption[0]));
                if (CollectionUtil.isEmpty(loadConf)) {
                    println("loaded " + str);
                    return null;
                }
                println("loaded " + str);
                for (String str2 : loadConf.keySet()) {
                    saveVerbose("saved certificate of root CA " + str2 + " to", new File(this.outDir, "ca-" + str2 + ".crt"), encodeCert(((X509Certificate) loadConf.get(str2)).getEncoded(), this.outform));
                }
                return null;
            } catch (CaMgmtException e) {
                throw new CmdFailure("could not load " + str + ", error: " + e.getMessage(), e);
            }
        }
    }

    @Service
    @Command(scope = "ca", name = "notify-change", description = "notify the change of CA system")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$NotifyChange.class */
    public static class NotifyChange extends CaAction {
        protected Object execute0() throws Exception {
            try {
                this.caManager.notifyCaChange();
                println("notified the change of CA system");
                return null;
            } catch (CaMgmtException e) {
                throw new CmdFailure("could not notify the change of CA system, error: " + e.getMessage(), e);
            }
        }
    }

    @Service
    @Command(scope = "ca", name = "profile-add", description = "add certificate profile")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$ProfileAdd.class */
    public static class ProfileAdd extends CaAction {

        @Option(name = "--name", aliases = {"-n"}, required = true, description = "profile name")
        private String name;

        @Option(name = "--type", required = true, description = "profile type")
        @Completion(CaCompleters.ProfileTypeCompleter.class)
        private String type;

        @Option(name = "--conf", description = "certificate profile configuration")
        private String conf;

        @Option(name = "--conf-file", description = "certificate profile configuration file")
        @Completion(FileCompleter.class)
        private String confFile;

        protected Object execute0() throws Exception {
            if (this.conf == null && this.confFile != null) {
                this.conf = new String(IoUtil.read(this.confFile));
            }
            MgmtEntry.Certprofile certprofile = new MgmtEntry.Certprofile(new NameId((Integer) null, this.name), this.type, this.conf);
            String str = "certificate profile " + this.name;
            try {
                this.caManager.addCertprofile(certprofile);
                println("added " + str);
                return null;
            } catch (CaMgmtException e) {
                throw new CmdFailure("could not add " + str + ", error: " + e.getMessage(), e);
            }
        }
    }

    @Service
    @Command(scope = "ca", name = "profile-export", description = "export certificate profile configuration")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$ProfileExport.class */
    public static class ProfileExport extends CaAction {

        @Option(name = "--name", aliases = {"-n"}, required = true, description = "profile name")
        @Completion(CaCompleters.ProfileNameCompleter.class)
        private String name;

        @Option(name = "--out", aliases = {"-o"}, required = true, description = "where to save the profile configuration")
        @Completion(FileCompleter.class)
        private String confFile;

        protected Object execute0() throws Exception {
            MgmtEntry.Certprofile certprofile = this.caManager.getCertprofile(this.name);
            if (certprofile == null) {
                throw new IllegalCmdParamException("no certificate profile named " + this.name + " is defined");
            }
            if (StringUtil.isBlank(certprofile.getConf())) {
                println("cert profile does not have conf");
                return null;
            }
            saveVerbose("saved cert profile configuration to", this.confFile, StringUtil.toUtf8Bytes(certprofile.getConf()));
            return null;
        }
    }

    @Service
    @Command(scope = "ca", name = "profile-info", description = "show information of certificate profile")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$ProfileInfo.class */
    public static class ProfileInfo extends CaAction {

        @Argument(index = 0, name = "name", description = "certificate profile name")
        @Completion(CaCompleters.ProfileNameCompleter.class)
        private String name;

        @Option(name = "--verbose", aliases = {"-v"}, description = "show certificate profile information verbosely")
        private Boolean verbose = Boolean.FALSE;

        protected Object execute0() throws Exception {
            StringBuilder sb = new StringBuilder();
            if (this.name == null) {
                Set certprofileNames = this.caManager.getCertprofileNames();
                int size = certprofileNames.size();
                if (size == 0 || size == 1) {
                    sb.append(size == 0 ? "no" : "1");
                    sb.append(" profile is configured\n");
                } else {
                    sb.append(size).append(" profiles are configured:\n");
                }
                ArrayList arrayList = new ArrayList(certprofileNames);
                Collections.sort(arrayList);
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    sb.append("\t").append((String) it.next()).append("\n");
                }
            } else {
                MgmtEntry.Certprofile certprofile = this.caManager.getCertprofile(this.name);
                if (certprofile == null) {
                    throw new CmdFailure("\tno certificate profile named '" + this.name + "' is configured");
                }
                sb.append(certprofile.toString(this.verbose.booleanValue()));
            }
            println(sb.toString());
            return null;
        }
    }

    @Service
    @Command(scope = "ca", name = "profile-rm", description = "remove certificate profile")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$ProfileRm.class */
    public static class ProfileRm extends CaAction {

        @Argument(index = 0, name = "name", required = true, description = "certificate profile name")
        @Completion(CaCompleters.ProfileNameCompleter.class)
        private String name;

        @Option(name = "--force", aliases = {"-f"}, description = "without prompt")
        private Boolean force = Boolean.FALSE;

        protected Object execute0() throws Exception {
            String str = "certificate profile " + this.name;
            if (!this.force.booleanValue() && !confirm("Do you want to remove " + str, 3)) {
                return null;
            }
            try {
                this.caManager.removeCertprofile(this.name);
                println("removed " + str);
                return null;
            } catch (CaMgmtException e) {
                throw new CmdFailure("could not remove " + str + ", error: " + e.getMessage(), e);
            }
        }
    }

    @Service
    @Command(scope = "ca", name = "profile-up", description = "update certificate profile")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$ProfileUp.class */
    public static class ProfileUp extends CaAction {

        @Option(name = "--name", aliases = {"-n"}, required = true, description = "profile name")
        @Completion(CaCompleters.ProfileNameCompleter.class)
        protected String name;

        @Option(name = "--type", description = "profile type")
        @Completion(CaCompleters.ProfileTypeCompleter.class)
        protected String type;

        @Option(name = "--conf", description = "certificate profile configuration or 'null'")
        protected String conf;

        @Option(name = "--conf-file", description = "certificate profile configuration file")
        @Completion(FileCompleter.class)
        protected String confFile;

        protected Object execute0() throws Exception {
            if (this.type == null && this.conf == null && this.confFile == null) {
                throw new IllegalCmdParamException("nothing to update");
            }
            if (this.conf == null && this.confFile != null) {
                this.conf = new String(IoUtil.read(this.confFile));
            }
            String str = "certificate profile " + this.name;
            try {
                this.caManager.changeCertprofile(this.name, this.type, this.conf);
                println("updated " + str);
                return null;
            } catch (CaMgmtException e) {
                throw new CmdFailure("could not update " + str + ", error: " + e.getMessage(), e);
            }
        }
    }

    @Service
    @Command(scope = "ca", name = "publisher-add", description = "add publisher")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$PublisherAdd.class */
    public static class PublisherAdd extends CaAction {

        @Option(name = "--name", aliases = {"-n"}, required = true, description = "publisher Name")
        private String name;

        @Option(name = "--type", required = true, description = "publisher type")
        @Completion(CaCompleters.PublisherTypeCompleter.class)
        private String type;

        @Option(name = "--conf", description = "publisher configuration")
        private String conf;

        @Option(name = "--conf-file", description = "publisher configuration file")
        @Completion(FileCompleter.class)
        private String confFile;

        protected Object execute0() throws Exception {
            if (this.conf == null && this.confFile != null) {
                this.conf = new String(IoUtil.read(this.confFile));
            }
            MgmtEntry.Publisher publisher = new MgmtEntry.Publisher(new NameId((Integer) null, this.name), this.type, this.conf);
            String str = "publisher " + this.name;
            try {
                this.caManager.addPublisher(publisher);
                println("added " + str);
                return null;
            } catch (CaMgmtException e) {
                throw new CmdFailure("could not add " + str + ", error: " + e.getMessage(), e);
            }
        }
    }

    @Service
    @Command(scope = "ca", name = "publisher-export", description = "export publisher configuration")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$PublisherExport.class */
    public static class PublisherExport extends CaAction {

        @Option(name = "--name", aliases = {"-n"}, required = true, description = "publisher name")
        @Completion(CaCompleters.PublisherNameCompleter.class)
        private String name;

        @Option(name = "--out", aliases = {"-o"}, required = true, description = "where to save the publisher configuration")
        @Completion(FileCompleter.class)
        private String confFile;

        protected Object execute0() throws Exception {
            MgmtEntry.Publisher publisher = this.caManager.getPublisher(this.name);
            if (publisher == null) {
                throw new IllegalCmdParamException("no publisher named " + this.name + " is defined");
            }
            if (StringUtil.isBlank(publisher.getConf())) {
                println("publisher does not have conf");
                return null;
            }
            saveVerbose("saved publisher configuration to", this.confFile, StringUtil.toUtf8Bytes(publisher.getConf()));
            return null;
        }
    }

    @Service
    @Command(scope = "ca", name = "publisher-info", description = "show information of publisher")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$PublisherInfo.class */
    public static class PublisherInfo extends CaAction {

        @Argument(index = 0, name = "name", description = "publisher name")
        @Completion(CaCompleters.PublisherNameCompleter.class)
        private String name;

        protected Object execute0() throws Exception {
            if (this.name != null) {
                MgmtEntry.Publisher publisher = this.caManager.getPublisher(this.name);
                if (publisher == null) {
                    throw new CmdFailure("\tno publisher named '" + this.name + "' is configured");
                }
                println(publisher.toString());
                return null;
            }
            Set publisherNames = this.caManager.getPublisherNames();
            int size = publisherNames.size();
            StringBuilder sb = new StringBuilder();
            if (size == 0 || size == 1) {
                sb.append(size == 0 ? "no" : "1");
                sb.append(" publisher is configured\n");
            } else {
                sb.append(size).append(" publishers are configured:\n");
            }
            ArrayList arrayList = new ArrayList(publisherNames);
            Collections.sort(arrayList);
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                sb.append("\t").append((String) it.next()).append("\n");
            }
            println(sb.toString());
            return null;
        }
    }

    @Service
    @Command(scope = "ca", name = "publisher-rm", description = "remove publisher")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$PublisherRm.class */
    public static class PublisherRm extends CaAction {

        @Argument(index = 0, name = "name", required = true, description = "publisher name")
        @Completion(CaCompleters.PublisherNameCompleter.class)
        private String name;

        @Option(name = "--force", aliases = {"-f"}, description = "without prompt")
        private Boolean force = Boolean.FALSE;

        protected Object execute0() throws Exception {
            String str = "publisher " + this.name;
            if (!this.force.booleanValue() && !confirm("Do you want to remove " + str, 3)) {
                return null;
            }
            try {
                this.caManager.removePublisher(this.name);
                println("removed " + str);
                return null;
            } catch (CaMgmtException e) {
                throw new CmdFailure("could not remove " + str + ", error: " + e.getMessage(), e);
            }
        }
    }

    @Service
    @Command(scope = "ca", name = "publisher-up", description = "update publisher")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$PublisherUp.class */
    public static class PublisherUp extends CaAction {

        @Option(name = "--name", aliases = {"-n"}, required = true, description = "publisher name")
        @Completion(CaCompleters.PublisherNameCompleter.class)
        protected String name;

        @Option(name = "--type", description = "publisher type")
        @Completion(CaCompleters.PublisherTypeCompleter.class)
        protected String type;

        @Option(name = "--conf", description = "publisher configuration or 'null'")
        protected String conf;

        @Option(name = "--conf-file", description = "profile configuration file")
        @Completion(FileCompleter.class)
        protected String confFile;

        protected Object execute0() throws Exception {
            if (this.type == null && this.conf == null && this.confFile == null) {
                throw new IllegalCmdParamException("nothing to update");
            }
            if (this.conf == null && this.confFile != null) {
                this.conf = new String(IoUtil.read(this.confFile));
            }
            String str = "publisher " + this.name;
            try {
                this.caManager.changePublisher(this.name, this.type, this.conf);
                println("updated " + str);
                return null;
            } catch (CaMgmtException e) {
                throw new CmdFailure("could not update " + str + ", error: " + e.getMessage(), e);
            }
        }
    }

    @Service
    @Command(scope = "ca", name = "refresh-token", description = "refresh token for signers")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$RefreshToken.class */
    public static class RefreshToken extends CaAction {

        @Option(name = "--type", required = true, description = "type of the signer")
        @Completion(CaCompleters.SignerTypeCompleter.class)
        protected String type;

        protected Object execute0() throws Exception {
            this.caManager.refreshTokenForSignerType(this.type);
            println("refreshed token for signer type " + this.type);
            return null;
        }
    }

    @Service
    @Command(scope = "ca", name = "republish", description = "republish certificates")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$Republish.class */
    public static class Republish extends CaAction {

        @Option(name = "--thread", description = "number of threads")
        private Integer numThreads = 5;

        @Option(name = "--ca", required = true, description = "CA name")
        @Completion(CaCompleters.CaNameCompleter.class)
        private String caName;

        @Option(name = "--publisher", required = true, multiValued = true, description = "publisher name or 'all' for all publishers")
        @Completion(CaCompleters.PublisherNamePlusAllCompleter.class)
        private List<String> publisherNames;

        protected Object execute0() throws Exception {
            if (this.publisherNames == null) {
                throw new IllegalStateException("should not reach here");
            }
            boolean z = false;
            Iterator<String> it = this.publisherNames.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if ("all".equalsIgnoreCase(it.next())) {
                    z = true;
                    break;
                }
            }
            if (z) {
                this.publisherNames = null;
            }
            if ("all".equalsIgnoreCase(this.caName)) {
                this.caName = null;
            }
            try {
                this.caManager.republishCertificates(this.caName, this.publisherNames, this.numThreads.intValue());
                println("republished certificates");
                return null;
            } catch (CaMgmtException e) {
                throw new CmdFailure("could not republish certificates, error: " + e.getMessage(), e);
            }
        }
    }

    @Service
    @Command(scope = "ca", name = "requestor-add", description = "add requestor")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$RequestorAdd.class */
    public static class RequestorAdd extends CaAction {

        @Option(name = "--name", aliases = {"-n"}, required = true, description = "requestor name")
        private String name;

        @Option(name = "--cert", description = "requestor certificate file\n(exactly one of cert and password must be specified).")
        @Completion(FileCompleter.class)
        private String certFile;

        @Option(name = "--password", description = "Passord for PBM (Password based MAC)")
        private String password;

        protected Object execute0() throws Exception {
            MgmtEntry.Requestor requestor;
            if (!((this.certFile == null) ^ (this.password == null))) {
                throw new CmdFailure("exactly one of cert and password must be specified");
            }
            if (this.certFile != null) {
                requestor = new MgmtEntry.Requestor(new NameId((Integer) null, this.name), "cert", Base64.encodeToString(X509Util.parseCert(IoUtil.read(this.certFile)).getEncoded()));
            } else {
                requestor = new MgmtEntry.Requestor(new NameId((Integer) null, this.name), "pbm", this.password);
                println("The key ID is " + HashAlgo.SHA1.hexHash(StringUtil.toUtf8Bytes(requestor.getIdent().getName())));
            }
            String str = "CMP requestor " + this.name;
            try {
                this.caManager.addRequestor(requestor);
                println("added " + str);
                return null;
            } catch (CaMgmtException e) {
                throw new CmdFailure("could not add " + str + ", error: " + e.getMessage(), e);
            }
        }
    }

    @Service
    @Command(scope = "ca", name = "requestor-info", description = "show information of requestor")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$RequestorInfo.class */
    public static class RequestorInfo extends CaAction {

        @Argument(index = 0, name = "name", description = "requestor name")
        @Completion(CaCompleters.RequestorNameCompleter.class)
        private String name;

        @Option(name = "--verbose", aliases = {"-v"}, description = "show requestor information verbosely")
        private Boolean verbose = Boolean.FALSE;

        protected Object execute0() throws Exception {
            StringBuilder sb = new StringBuilder();
            if (this.name == null) {
                Set requestorNames = this.caManager.getRequestorNames();
                int size = requestorNames.size();
                if (size == 0 || size == 1) {
                    sb.append(size == 0 ? "no" : "1");
                    sb.append(" CMP requestor is configured\n");
                } else {
                    sb.append(size).append(" CMP requestors are configured:\n");
                }
                ArrayList arrayList = new ArrayList(requestorNames);
                Collections.sort(arrayList);
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    sb.append("\t").append((String) it.next()).append("\n");
                }
            } else {
                MgmtEntry.Requestor requestor = this.caManager.getRequestor(this.name);
                if (requestor == null) {
                    throw new CmdFailure("could not find CMP requestor '" + this.name + "'");
                }
                sb.append(requestor.toString(this.verbose.booleanValue()));
            }
            println(sb.toString());
            return null;
        }
    }

    @Service
    @Command(scope = "ca", name = "requestor-rm", description = "remove requestor")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$RequestorRm.class */
    public static class RequestorRm extends CaAction {

        @Argument(index = 0, name = "name", required = true, description = "requestor name")
        @Completion(CaCompleters.RequestorNameCompleter.class)
        private String name;

        @Option(name = "--force", aliases = {"-f"}, description = "without prompt")
        private Boolean force = Boolean.FALSE;

        protected Object execute0() throws Exception {
            String str = "CMP requestor " + this.name;
            if (!this.force.booleanValue() && !confirm("Do you want to remove " + str, 3)) {
                return null;
            }
            try {
                this.caManager.removeRequestor(this.name);
                println("removed " + str);
                return null;
            } catch (CaMgmtException e) {
                throw new CmdFailure("could not remove " + str + ", error: " + e.getMessage(), e);
            }
        }
    }

    @Service
    @Command(scope = "ca", name = "requestor-up", description = "update requestor")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$RequestorUp.class */
    public static class RequestorUp extends CaAction {

        @Option(name = "--name", aliases = {"-n"}, required = true, description = "requestor name")
        @Completion(CaCompleters.RequestorNameCompleter.class)
        protected String name;

        @Option(name = "--cert", description = "requestor certificate file\n(exactly one of cert and password must be specified).")
        @Completion(FileCompleter.class)
        protected String certFile;

        @Option(name = "--password", description = "Passord for PBM (Password based MAC)")
        protected String password;

        protected Object execute0() throws Exception {
            String str;
            String str2;
            X509Util.parseCert(new ByteArrayInputStream(IoUtil.read(this.certFile)));
            String str3 = "CMP requestor " + this.name;
            if (this.certFile != null) {
                str = "cert";
                str2 = Base64.encodeToString(X509Util.parseCert(IoUtil.read(this.certFile)).getEncoded());
            } else {
                str = "pbm";
                str2 = this.password;
            }
            try {
                this.caManager.changeRequestor(this.name, str, str2);
                println("updated " + str3);
                return null;
            } catch (CaMgmtException e) {
                throw new CmdFailure("could not update " + str3 + ", error: " + e.getMessage(), e);
            }
        }
    }

    @Service
    @Command(scope = "ca", name = "restart", description = "restart CA system")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$Restart.class */
    public static class Restart extends CaAction {
        protected Object execute0() throws Exception {
            try {
                this.caManager.restartCaSystem();
                StringBuilder sb = new StringBuilder("restarted CA system\n");
                sb.append("  successful CAs:\n");
                printCaNames(sb, this.caManager.getSuccessfulCaNames(), "    ");
                sb.append("  failed CAs:\n");
                printCaNames(sb, this.caManager.getFailedCaNames(), "    ");
                sb.append("  inactive CAs:\n");
                printCaNames(sb, this.caManager.getInactiveCaNames(), "    ");
                print(sb.toString());
                return null;
            } catch (CaMgmtException e) {
                throw new CmdFailure("could not restart CA system, error: " + e.getMessage(), e);
            }
        }
    }

    @Service
    @Command(scope = "ca", name = "signer-add", description = "add signer")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$SignerAdd.class */
    public static class SignerAdd extends CaAction {

        @Option(name = "--name", aliases = {"-n"}, required = true, description = "signer name")
        private String name;

        @Option(name = "--type", required = true, description = "type of the signer")
        @Completion(CaCompleters.SignerTypeCompleter.class)
        private String type;

        @Option(name = "--conf", required = true, description = "conf of the signer")
        private String conf;

        @Option(name = "--cert", description = "signer certificate file")
        @Completion(FileCompleter.class)
        private String certFile;

        @Reference
        private PasswordResolver passwordResolver;

        protected Object execute0() throws Exception {
            String str = null;
            if (this.certFile != null) {
                str = IoUtil.base64Encode(X509Util.parseCert(new File(this.certFile)).getEncoded(), false);
            }
            if ("PKCS12".equalsIgnoreCase(this.type) || "JKS".equalsIgnoreCase(this.type)) {
                this.conf = ShellUtil.canonicalizeSignerConf(this.type, this.conf, this.passwordResolver, this.securityFactory);
            }
            MgmtEntry.Signer signer = new MgmtEntry.Signer(this.name, this.type, this.conf, str);
            String str2 = "signer " + this.name;
            try {
                this.caManager.addSigner(signer);
                println("added " + str2);
                return null;
            } catch (CaMgmtException e) {
                throw new CmdFailure("could not add " + str2 + ", error: " + e.getMessage(), e);
            }
        }
    }

    @Service
    @Command(scope = "ca", name = "signer-info", description = "show information of signer")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$SignerInfo.class */
    public static class SignerInfo extends CaAction {

        @Argument(index = 0, name = "name", description = "signer name")
        @Completion(CaCompleters.SignerNameCompleter.class)
        private String name;

        @Option(name = "--verbose", aliases = {"-v"}, description = "show signer information verbosely")
        private Boolean verbose = Boolean.FALSE;

        protected Object execute0() throws Exception {
            StringBuilder sb = new StringBuilder();
            if (this.name == null) {
                Set signerNames = this.caManager.getSignerNames();
                int size = signerNames.size();
                if (size == 0 || size == 1) {
                    sb.append(size == 0 ? "no" : "1").append(" signer is configured\n");
                } else {
                    sb.append(size).append(" signers are configured:\n");
                }
                ArrayList arrayList = new ArrayList(signerNames);
                Collections.sort(arrayList);
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    sb.append("\t").append((String) it.next()).append("\n");
                }
            } else {
                MgmtEntry.Signer signer = this.caManager.getSigner(this.name);
                if (signer == null) {
                    throw new CmdFailure("could not find signer " + this.name);
                }
                sb.append(signer.toString(this.verbose.booleanValue()));
            }
            println(sb.toString());
            return null;
        }
    }

    @Service
    @Command(scope = "ca", name = "signer-rm", description = "remove signer")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$SignerRm.class */
    public static class SignerRm extends CaAction {

        @Argument(index = 0, name = "name", required = true, description = "signer name")
        @Completion(CaCompleters.SignerNameCompleter.class)
        private String name;

        @Option(name = "--force", aliases = {"-f"}, description = "without prompt")
        private Boolean force = Boolean.FALSE;

        protected Object execute0() throws Exception {
            String str = "signer " + this.name;
            if (!this.force.booleanValue() && !confirm("Do you want to remove " + str, 3)) {
                return null;
            }
            try {
                this.caManager.removeSigner(this.name);
                println("removed " + str);
                return null;
            } catch (CaMgmtException e) {
                throw new CmdFailure("could not remove " + str + ", error: " + e.getMessage(), e);
            }
        }
    }

    @Service
    @Command(scope = "ca", name = "signer-up", description = "update signer")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$SignerUp.class */
    public static class SignerUp extends CaAction {

        @Reference
        protected PasswordResolver passwordResolver;

        @Option(name = "--name", aliases = {"-n"}, required = true, description = "signer name")
        @Completion(CaCompleters.SignerNameCompleter.class)
        protected String name;

        @Option(name = "--type", description = "type of the signer")
        @Completion(CaCompleters.SignerTypeCompleter.class)
        protected String type;

        @Option(name = "--cert", description = "certificate file or 'null'")
        @Completion(FileCompleter.class)
        protected String certFile;

        @Option(name = "--conf", description = "conf of the signer or 'null'")
        private String conf;

        protected String getSignerConf() throws Exception {
            if (this.conf == null) {
                return null;
            }
            String str = this.type;
            if (str == null) {
                MgmtEntry.Signer signer = this.caManager.getSigner(this.name);
                if (signer == null) {
                    throw new IllegalCmdParamException("please specify the type");
                }
                str = signer.getType();
            }
            return ShellUtil.canonicalizeSignerConf(str, this.conf, this.passwordResolver, this.securityFactory);
        }

        protected Object execute0() throws Exception {
            String str = null;
            if ("null".equalsIgnoreCase(this.certFile)) {
                str = "null";
            } else if (this.certFile != null) {
                str = Base64.encodeToString(X509Util.parseBcCert(new File(this.certFile)).getEncoded());
            }
            String str2 = "signer " + this.name;
            try {
                this.caManager.changeSigner(this.name, this.type, getSignerConf(), str);
                println("updated " + str2);
                return null;
            } catch (CaMgmtException e) {
                throw new CmdFailure("could not update " + str2 + ", error: " + e.getMessage(), e);
            }
        }
    }

    @Service
    @Command(scope = "ca", name = "system-status", description = "show CA system status")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$SystemStatus.class */
    public static class SystemStatus extends CaAction {
        protected Object execute0() throws Exception {
            CaSystemStatus caSystemStatus = this.caManager.getCaSystemStatus();
            if (caSystemStatus == null) {
                throw new CmdFailure("status is null");
            }
            println(caSystemStatus.toString());
            return null;
        }
    }

    @Service
    @Command(scope = "ca", name = "unlock", description = "unlock CA system")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$Unlock.class */
    public static class Unlock extends CaAction {
        protected Object execute0() throws Exception {
            try {
                this.caManager.unlockCa();
                println("unlocked CA system, calling ca:restart to restart CA system");
                return null;
            } catch (CaMgmtException e) {
                throw new CmdFailure("could not unlock CA system, error: " + e.getMessage(), e);
            }
        }
    }

    @Service
    @Command(scope = "ca", name = "user-add", description = "add user")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$UserAdd.class */
    public static class UserAdd extends CaAction {

        @Option(name = "--name", aliases = {"-n"}, required = true, description = "user Name")
        private String name;

        @Option(name = "--password", description = "user password")
        private String password;

        @Option(name = "--inactive", description = "do not activate this user")
        private Boolean inactive = Boolean.FALSE;

        protected Object execute0() throws Exception {
            if (this.password == null) {
                this.password = new String(readPassword());
            }
            MgmtEntry.AddUser addUser = new MgmtEntry.AddUser(new NameId((Integer) null, this.name), !this.inactive.booleanValue(), this.password);
            String str = "user " + this.name;
            try {
                this.caManager.addUser(addUser);
                println("added " + str);
                return null;
            } catch (CaMgmtException e) {
                throw new CmdFailure("could not add " + str + ", error: " + e.getMessage(), e);
            }
        }
    }

    @Service
    @Command(scope = "ca", name = "user-info", description = "show information of user")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$UserInfo.class */
    public static class UserInfo extends CaAction {

        @Argument(index = 0, name = "name", required = true, description = "user name")
        private String name;

        protected Object execute0() throws Exception {
            MgmtEntry.User user = this.caManager.getUser(this.name);
            if (user == null) {
                throw new CmdFailure("no user named '" + this.name + "' is configured");
            }
            StringBuilder sb = new StringBuilder();
            sb.append(user);
            Map caHasUsersForUser = this.caManager.getCaHasUsersForUser(this.name);
            for (String str : caHasUsersForUser.keySet()) {
                MgmtEntry.CaHasUser caHasUser = (MgmtEntry.CaHasUser) caHasUsersForUser.get(str);
                sb.append("\n----- CA ").append(str).append("-----");
                sb.append("\nprofiles: ").append(caHasUser.getProfiles());
                sb.append("\npermission: ").append(PermissionConstants.permissionToString(caHasUser.getPermission()));
            }
            println(sb.toString());
            return null;
        }
    }

    @Service
    @Command(scope = "ca", name = "user-rm", description = "remove user")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$UserRm.class */
    public static class UserRm extends CaAction {

        @Option(name = "--name", aliases = {"-n"}, required = true, description = "user Name")
        private String name;

        @Option(name = "--force", aliases = {"-f"}, description = "without prompt")
        private Boolean force = Boolean.FALSE;

        protected Object execute0() throws Exception {
            String str = "user " + this.name;
            if (!this.force.booleanValue() && !confirm("Do you want to remove " + str, 3)) {
                return null;
            }
            try {
                this.caManager.removeUser(this.name);
                println("removed " + str);
                return null;
            } catch (CaMgmtException e) {
                throw new CmdFailure("could not remove " + str + ", error: " + e.getMessage(), e);
            }
        }
    }

    @Service
    @Command(scope = "ca", name = "user-up", description = "update user")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$UserUp.class */
    public static class UserUp extends CaAction {

        @Option(name = "--name", aliases = {"-n"}, required = true, description = "user Name")
        private String name;

        @Option(name = "--active", description = "activate this user")
        private Boolean active;

        @Option(name = "--inactive", description = "deactivate this user")
        private Boolean inactive;

        @Option(name = "--password", description = "user password, 'CONSOLE' to read from console")
        private String password;

        protected Object execute0() throws Exception {
            Boolean bool;
            if (this.active == null) {
                bool = this.inactive != null ? Boolean.FALSE : null;
            } else {
                if (this.inactive != null) {
                    throw new IllegalCmdParamException("maximal one of --active and --inactive can be set");
                }
                bool = Boolean.TRUE;
            }
            MgmtEntry.ChangeUser changeUser = new MgmtEntry.ChangeUser(new NameId((Integer) null, this.name));
            if (bool != null) {
                changeUser.setActive(bool);
            }
            if ("CONSOLE".equalsIgnoreCase(this.password)) {
                this.password = new String(readPassword());
            }
            if (this.password != null) {
                changeUser.setPassword(this.password);
            }
            String str = "user " + this.name;
            try {
                this.caManager.changeUser(changeUser);
                println("changed " + str);
                return null;
            } catch (CaMgmtException e) {
                throw new CmdFailure("could not change " + str + ", error: " + e.getMessage(), e);
            }
        }
    }
}
