package org.xipki.ca.mgmt.shell;

import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.apache.karaf.shell.api.action.Argument;
import org.apache.karaf.shell.api.action.Command;
import org.apache.karaf.shell.api.action.Completion;
import org.apache.karaf.shell.api.action.Option;
import org.apache.karaf.shell.api.action.lifecycle.Service;
import org.apache.karaf.shell.support.completers.FileCompleter;
import org.xipki.ca.api.NameId;
import org.xipki.ca.api.mgmt.CaMgmtException;
import org.xipki.ca.api.mgmt.entry.CaHasRequestorEntry;
import org.xipki.ca.api.mgmt.entry.RequestorEntry;
import org.xipki.ca.mgmt.shell.CaActions;
import org.xipki.ca.mgmt.shell.CaCompleters;
import org.xipki.security.HashAlgo;
import org.xipki.security.util.X509Util;
import org.xipki.shell.CmdFailure;
import org.xipki.shell.Completers;
import org.xipki.util.Base64;
import org.xipki.util.IoUtil;
import org.xipki.util.StringUtil;

/* loaded from: input_file:org/xipki/ca/mgmt/shell/RequestorCaActions.class */
public class RequestorCaActions {

    @Service
    @Command(scope = "ca", name = "careq-add", description = "add requestor to CA")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/RequestorCaActions$CareqAdd.class */
    public static class CareqAdd extends CaActions.CaAction {

        @Option(name = "--ca", required = true, description = "CA name")
        @Completion(CaCompleters.CaNameCompleter.class)
        private String caName;

        @Option(name = "--requestor", required = true, description = "requestor name")
        @Completion(CaCompleters.RequestorNameCompleter.class)
        private String requestorName;

        @Option(name = "--ra", description = "whether as RA")
        @Completion(Completers.YesNoCompleter.class)
        private String raS = "no";

        @Option(name = "--permission", required = true, multiValued = true, description = "permission")
        @Completion(CaCompleters.PermissionCompleter.class)
        private Set<String> permissions;

        @Option(name = "--profile", multiValued = true, description = "profile name or 'all' for all profiles")
        @Completion(CaCompleters.ProfileNameAndAllCompleter.class)
        private Set<String> profiles;

        protected Object execute0() throws Exception {
            boolean isEnabled = isEnabled(this.raS, false, "ra");
            CaHasRequestorEntry caHasRequestorEntry = new CaHasRequestorEntry(new NameId((Integer) null, this.requestorName));
            caHasRequestorEntry.setRa(isEnabled);
            caHasRequestorEntry.setProfiles(this.profiles);
            caHasRequestorEntry.setPermission(ShellUtil.getPermission(this.permissions));
            String str = "requestor " + this.requestorName + " to CA " + this.caName;
            try {
                this.caManager.addRequestorToCa(caHasRequestorEntry, this.caName);
                println("added " + str);
                return null;
            } catch (CaMgmtException e) {
                throw new CmdFailure("could not add " + str + ", error: " + e.getMessage(), e);
            }
        }
    }

    @Service
    @Command(scope = "ca", name = "careq-info", description = "show information of requestor in CA")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/RequestorCaActions$CareqInfo.class */
    public static class CareqInfo extends CaActions.CaAction {

        @Option(name = "--ca", required = true, description = "CA name")
        @Completion(CaCompleters.CaNameCompleter.class)
        private String caName;

        protected Object execute0() throws Exception {
            if (this.caManager.getCa(this.caName) == null) {
                throw new CmdFailure("could not find CA '" + this.caName + "'");
            }
            StringBuilder sb = new StringBuilder();
            Set requestorsForCa = this.caManager.getRequestorsForCa(this.caName);
            if (isNotEmpty(requestorsForCa)) {
                sb.append("requestors trusted by CA " + this.caName).append("\n");
                Iterator it = requestorsForCa.iterator();
                while (it.hasNext()) {
                    sb.append("----------\n").append((CaHasRequestorEntry) it.next()).append("\n");
                }
            } else {
                sb.append("no requestor for CA " + this.caName + " is configured");
            }
            println(sb.toString());
            return null;
        }
    }

    @Service
    @Command(scope = "ca", name = "careq-rm", description = "remove requestor from CA")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/RequestorCaActions$CareqRm.class */
    public static class CareqRm extends CaActions.CaAction {

        @Option(name = "--ca", required = true, description = "CA name")
        @Completion(CaCompleters.CaNameCompleter.class)
        private String caName;

        @Option(name = "--requestor", required = true, multiValued = true, description = "requestor name")
        @Completion(CaCompleters.RequestorNameCompleter.class)
        private List<String> requestorNames;

        @Option(name = "--force", aliases = {"-f"}, description = "without prompt")
        private Boolean force = Boolean.FALSE;

        protected Object execute0() throws Exception {
            for (String str : this.requestorNames) {
                String str2 = "requestor " + str + " from CA " + this.caName;
                if (this.force.booleanValue() || confirm("Do you want to remove " + str2, 3)) {
                    try {
                        this.caManager.removeRequestorFromCa(str, this.caName);
                        println("removed " + str2);
                    } catch (CaMgmtException e) {
                        throw new CmdFailure("could not remove " + str2 + ", error: " + e.getMessage(), e);
                    }
                }
            }
            return null;
        }
    }

    @Service
    @Command(scope = "ca", name = "requestor-add", description = "add requestor")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/RequestorCaActions$RequestorAdd.class */
    public static class RequestorAdd extends CaActions.CaAction {

        @Option(name = "--name", aliases = {"-n"}, required = true, description = "requestor name")
        private String name;

        @Option(name = "--cert", description = "requestor certificate file(exactly one of cert and password must be specified).")
        @Completion(FileCompleter.class)
        private String certFile;

        @Option(name = "--password", description = "Passord for PBM (Password based MAC)")
        private String password;

        /* JADX WARN: Type inference failed for: r1v6, types: [byte[], byte[][]] */
        protected Object execute0() throws Exception {
            RequestorEntry requestorEntry;
            if (!((this.certFile == null) ^ (this.password == null))) {
                throw new CmdFailure("exactly one of cert and password must be specified");
            }
            if (this.certFile != null) {
                requestorEntry = new RequestorEntry(new NameId((Integer) null, this.name), "cert", Base64.encodeToString(X509Util.parseCert(IoUtil.read(this.certFile)).getEncoded()));
            } else {
                requestorEntry = new RequestorEntry(new NameId((Integer) null, this.name), "pbm", this.password);
                println("The key ID is " + HashAlgo.SHA1.hexHash((byte[][]) new byte[]{StringUtil.toUtf8Bytes(requestorEntry.getIdent().getName())}));
            }
            String str = "CMP requestor " + this.name;
            try {
                this.caManager.addRequestor(requestorEntry);
                println("added " + str);
                return null;
            } catch (CaMgmtException e) {
                throw new CmdFailure("could not add " + str + ", error: " + e.getMessage(), e);
            }
        }
    }

    @Service
    @Command(scope = "ca", name = "requestor-info", description = "show information of requestor")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/RequestorCaActions$RequestorInfo.class */
    public static class RequestorInfo extends CaActions.CaAction {

        @Argument(index = 0, name = "name", description = "requestor name")
        @Completion(CaCompleters.RequestorNameCompleter.class)
        private String name;

        @Option(name = "--verbose", aliases = {"-v"}, description = "show requestor information verbosely")
        private Boolean verbose = Boolean.FALSE;

        protected Object execute0() throws Exception {
            StringBuilder sb = new StringBuilder();
            if (this.name == null) {
                Set requestorNames = this.caManager.getRequestorNames();
                int size = requestorNames.size();
                if (size == 0 || size == 1) {
                    sb.append(size == 0 ? "no" : "1");
                    sb.append(" CMP requestor is configured\n");
                } else {
                    sb.append(size).append(" CMP requestors are configured:\n");
                }
                ArrayList arrayList = new ArrayList(requestorNames);
                Collections.sort(arrayList);
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    sb.append("\t").append((String) it.next()).append("\n");
                }
            } else {
                RequestorEntry requestor = this.caManager.getRequestor(this.name);
                if (requestor == null) {
                    throw new CmdFailure("could not find CMP requestor '" + this.name + "'");
                }
                sb.append(requestor.toString(this.verbose.booleanValue()));
            }
            println(sb.toString());
            return null;
        }
    }

    @Service
    @Command(scope = "ca", name = "requestor-rm", description = "remove requestor")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/RequestorCaActions$RequestorRm.class */
    public static class RequestorRm extends CaActions.CaAction {

        @Argument(index = 0, name = "name", required = true, description = "requestor name")
        @Completion(CaCompleters.RequestorNameCompleter.class)
        private String name;

        @Option(name = "--force", aliases = {"-f"}, description = "without prompt")
        private Boolean force = Boolean.FALSE;

        protected Object execute0() throws Exception {
            String str = "CMP requestor " + this.name;
            if (!this.force.booleanValue() && !confirm("Do you want to remove " + str, 3)) {
                return null;
            }
            try {
                this.caManager.removeRequestor(this.name);
                println("removed " + str);
                return null;
            } catch (CaMgmtException e) {
                throw new CmdFailure("could not remove " + str + ", error: " + e.getMessage(), e);
            }
        }
    }

    @Service
    @Command(scope = "ca", name = "requestor-up", description = "update requestor")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/RequestorCaActions$RequestorUp.class */
    public static class RequestorUp extends CaActions.CaAction {

        @Option(name = "--name", aliases = {"-n"}, required = true, description = "requestor name")
        @Completion(CaCompleters.RequestorNameCompleter.class)
        protected String name;

        @Option(name = "--cert", description = "requestor certificate file\n(exactly one of cert and password must be specified).")
        @Completion(FileCompleter.class)
        protected String certFile;

        @Option(name = "--password", description = "Passord for PBM (Password based MAC)")
        protected String password;

        protected Object execute0() throws Exception {
            String str;
            String str2;
            String str3 = "CMP requestor " + this.name;
            if (this.certFile != null) {
                str = "cert";
                str2 = Base64.encodeToString(X509Util.parseCert(IoUtil.read(this.certFile)).getEncoded());
            } else {
                str = "pbm";
                str2 = this.password;
            }
            try {
                this.caManager.changeRequestor(this.name, str, str2);
                println("updated " + str3);
                return null;
            } catch (CaMgmtException e) {
                throw new CmdFailure("could not update " + str3 + ", error: " + e.getMessage(), e);
            }
        }
    }
}
