package org.xipki.ca.mgmt.shell;

import java.io.File;
import java.nio.charset.StandardCharsets;
import java.nio.file.Paths;
import java.time.Instant;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import org.apache.karaf.shell.api.action.Argument;
import org.apache.karaf.shell.api.action.Command;
import org.apache.karaf.shell.api.action.Completion;
import org.apache.karaf.shell.api.action.Option;
import org.apache.karaf.shell.api.action.lifecycle.Reference;
import org.apache.karaf.shell.api.action.lifecycle.Service;
import org.apache.karaf.shell.support.completers.FileCompleter;
import org.xipki.ca.api.CaUris;
import org.xipki.ca.api.NameId;
import org.xipki.ca.api.mgmt.CaManager;
import org.xipki.ca.api.mgmt.CaMgmtException;
import org.xipki.ca.api.mgmt.CaStatus;
import org.xipki.ca.api.mgmt.CrlControl;
import org.xipki.ca.api.mgmt.CtlogControl;
import org.xipki.ca.api.mgmt.Permissions;
import org.xipki.ca.api.mgmt.RevokeSuspendedControl;
import org.xipki.ca.api.mgmt.ValidityMode;
import org.xipki.ca.api.mgmt.entry.CaEntry;
import org.xipki.ca.api.mgmt.entry.CaHasRequestorEntry;
import org.xipki.ca.api.mgmt.entry.ChangeCaEntry;
import org.xipki.ca.api.mgmt.entry.PublisherEntry;
import org.xipki.ca.mgmt.shell.CaCompleters;
import org.xipki.security.CertRevocationInfo;
import org.xipki.security.CrlReason;
import org.xipki.security.SecurityFactory;
import org.xipki.security.X509Cert;
import org.xipki.security.util.X509Util;
import org.xipki.shell.CmdFailure;
import org.xipki.shell.Completers;
import org.xipki.shell.IllegalCmdParamException;
import org.xipki.shell.XiAction;
import org.xipki.util.Args;
import org.xipki.util.CollectionUtil;
import org.xipki.util.ConfPairs;
import org.xipki.util.DateUtil;
import org.xipki.util.IoUtil;
import org.xipki.util.StringUtil;
import org.xipki.util.Validity;

/* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions.class */
public class CaActions {

    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$CaAction.class */
    public static abstract class CaAction extends XiAction {

        @Reference
        protected CaManager caManager;

        @Reference
        protected SecurityFactory securityFactory;

        /* JADX INFO: Access modifiers changed from: protected */
        public static Instant parseDate(String str) {
            if (StringUtil.isBlank(str)) {
                return null;
            }
            return DateUtil.parseUtcTimeyyyyMMddhhmmss(str);
        }

        protected static String toString(Collection<?> collection) {
            if (collection == null) {
                return "null";
            }
            StringBuilder append = new StringBuilder().append("{");
            int size = collection.size();
            int i = 0;
            Iterator<?> it = collection.iterator();
            while (it.hasNext()) {
                append.append(it.next());
                if (i < size - 1) {
                    append.append(", ");
                }
                i++;
            }
            append.append("}");
            return append.toString();
        }

        /* JADX INFO: Access modifiers changed from: protected */
        public void printCaNames(StringBuilder sb, Set<String> set, String str) throws CaMgmtException {
            if (set.isEmpty()) {
                sb.append(str).append("-\n");
                return;
            }
            for (String str2 : set) {
                Set aliasesForCa = this.caManager.getAliasesForCa(str2);
                sb.append(str).append(str2);
                if (!CollectionUtil.isEmpty(aliasesForCa)) {
                    sb.append(" (aliases ").append(aliasesForCa).append(")");
                }
                sb.append("\n");
            }
        }

        /* JADX INFO: Access modifiers changed from: protected */
        /* JADX WARN: Multi-variable type inference failed */
        /* JADX WARN: Type inference failed for: r0v19, types: [java.util.Set] */
        public Set<String> getPublisherNamesForCa(String str) throws CaMgmtException {
            HashSet hashSet;
            try {
                hashSet = this.caManager.getPublisherNamesForCa(str);
            } catch (CaMgmtException e) {
                List publishersForCa = this.caManager.getPublishersForCa(str);
                hashSet = new HashSet();
                if (publishersForCa != null) {
                    Iterator it = publishersForCa.iterator();
                    while (it.hasNext()) {
                        hashSet.add(((PublisherEntry) it.next()).getIdent().getName());
                    }
                }
            }
            return hashSet == null ? Collections.emptySet() : hashSet;
        }
    }

    @Service
    @Command(scope = "ca", name = "ca-add", description = "add CA")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$CaAdd.class */
    public static class CaAdd extends CaAddOrGenAction {

        @Option(name = "--cert", description = "CA certificate file")
        @Completion(FileCompleter.class)
        private String certFile;

        @Option(name = "--certchain", multiValued = true, description = "certificate chain of CA certificate")
        @Completion(FileCompleter.class)
        private List<String> issuerCertFiles;

        protected Object execute0() throws Exception {
            CaEntry caEntry = getCaEntry();
            if (this.certFile != null) {
                caEntry.setCert(X509Util.parseCert(new File(this.certFile)));
            }
            if (CollectionUtil.isNotEmpty(this.issuerCertFiles)) {
                ArrayList arrayList = new ArrayList(this.issuerCertFiles.size());
                Iterator<String> it = this.issuerCertFiles.iterator();
                while (it.hasNext()) {
                    arrayList.add(X509Util.parseCert(Paths.get(it.next(), new String[0]).toFile()));
                }
                caEntry.setCertchain(arrayList);
            }
            String str = "CA " + caEntry.getIdent().getName();
            try {
                this.caManager.addCa(caEntry);
                println("added " + str);
                return null;
            } catch (CaMgmtException e) {
                throw new CmdFailure("could not add " + str + ", error: " + e.getMessage(), e);
            }
        }
    }

    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$CaAddOrGenAction.class */
    public static abstract class CaAddOrGenAction extends CaAction {

        @Option(name = "--name", aliases = {"-n"}, required = true, description = "CA name")
        private String caName;

        @Option(name = "--ca-cert-uri", multiValued = true, description = "CA certificate URI")
        private List<String> caCertUris;

        @Option(name = "--ocsp-uri", multiValued = true, description = "OCSP URI")
        private List<String> ocspUris;

        @Option(name = "--crl-uri", multiValued = true, description = "CRL distribution point")
        private List<String> crlUris;

        @Option(name = "--deltacrl-uri", multiValued = true, description = "Delta CRL distribution point")
        private List<String> deltaCrlUris;

        @Option(name = "--permission", required = true, multiValued = true, description = "permission")
        @Completion(CaCompleters.PermissionCompleter.class)
        private Set<String> permissions;

        @Option(name = "--next-crl-no", required = true, description = "CRL number for the next CRL")
        private Long nextCrlNumber;

        @Option(name = "--max-validity", required = true, description = "maximal validity")
        private String maxValidity;

        @Option(name = "--crl-signer", description = "CRL signer name")
        @Completion(CaCompleters.SignerNameCompleter.class)
        private String crlSignerName;

        @Option(name = "--keypair-gen", multiValued = true, description = "(ordered) keypair generation names")
        @Completion(CaCompleters.KeypairGenNameCompleter.class)
        private List<String> keypairGenNames;

        @Option(name = "--crl-control", description = "CRL control")
        private String crlControl;

        @Option(name = "--ctlog-control", description = "CT log control")
        private String ctlogControl;

        @Option(name = "--revoke-suspended-control", description = "Revoke suspended certificates control")
        private String revokeSuspendedControl;

        @Option(name = "--signer-type", required = true, description = "CA signer type")
        @Completion(CaCompleters.SignerTypeCompleter.class)
        private String signerType;

        @Option(name = "--signer-conf", required = true, description = "CA signer configuration")
        private String signerConf;

        @Option(name = "--extra-control", description = "extra control")
        private String extraControl;

        @Option(name = "--status", description = "CA status")
        @Completion(CaCompleters.CaStatusCompleter.class)
        private String caStatus = "active";

        @Option(name = "--sn-len", description = "number of bytes of the serial number, between 1 and 20")
        private int snLen = 20;

        @Option(name = "--keep-expired-certs", description = "days to keep expired certificates")
        private Integer keepExpiredCertDays = -1;

        @Option(name = "--num-crls", description = "number of CRLs to be kept in database")
        private Integer numCrls = 30;

        @Option(name = "--expiration-period", description = "days before expiration time of CA to issue certificates")
        private Integer expirationPeriod = 365;

        @Option(name = "--save-cert", description = "whether to save the certificate")
        @Completion(Completers.YesNoCompleter.class)
        private String saveCertS = "yes";

        @Option(name = "--save-keypair", description = "whether to save the keypair generated by the CA")
        @Completion(Completers.YesNoCompleter.class)
        private String saveKeypairS = "no";

        @Option(name = "--validity-mode", description = "mode of valditity")
        @Completion(CaCompleters.ValidityModeCompleter.class)
        private String validityModeS = "STRICT";

        protected CaEntry getCaEntry() throws Exception {
            Args.range(this.snLen, "snLen", 1, 20);
            if (this.nextCrlNumber.longValue() < 1) {
                throw new IllegalCmdParamException("invalid CRL number: " + this.nextCrlNumber);
            }
            if (this.numCrls.intValue() < 0) {
                throw new IllegalCmdParamException("invalid numCrls: " + this.numCrls);
            }
            if (this.expirationPeriod.intValue() < 0) {
                throw new IllegalCmdParamException("invalid expirationPeriod: " + this.expirationPeriod);
            }
            if (StringUtil.orEqualsIgnoreCase(this.signerType, new String[]{"PKCS12", "JCEKS"})) {
                this.signerConf = ShellUtil.canonicalizeSignerConf(this.signerType, this.signerConf, this.securityFactory);
            }
            CaUris caUris = new CaUris(this.caCertUris, this.ocspUris, this.crlUris, this.deltaCrlUris);
            CaEntry caEntry = new CaEntry(new NameId((Integer) null, this.caName));
            caEntry.setSnSize(this.snLen);
            caEntry.setNextCrlNo(this.nextCrlNumber.longValue());
            caEntry.setSignerType(this.signerType);
            caEntry.setSignerConf(this.signerConf);
            caEntry.setCaUris(caUris);
            caEntry.setNumCrls(this.numCrls.intValue());
            caEntry.setExpirationPeriod(this.expirationPeriod.intValue());
            caEntry.setKeepExpiredCertDays(this.keepExpiredCertDays.intValue());
            caEntry.setSaveCert(isEnabled(this.saveCertS, true, "save-cert"));
            caEntry.setSaveKeypair(isEnabled(this.saveKeypairS, false, "save-keypair"));
            caEntry.setValidityMode(ValidityMode.forName(this.validityModeS));
            caEntry.setStatus(CaStatus.forName(this.caStatus));
            if (this.crlControl != null) {
                caEntry.setCrlControl(new CrlControl(this.crlControl));
            }
            if (this.ctlogControl != null) {
                caEntry.setCtlogControl(new CtlogControl(this.ctlogControl));
            }
            if (this.revokeSuspendedControl != null) {
                caEntry.setRevokeSuspendedControl(new RevokeSuspendedControl(new ConfPairs(this.revokeSuspendedControl)));
            }
            if (this.crlSignerName != null) {
                caEntry.setCrlSignerName(this.crlSignerName);
            }
            if (CollectionUtil.isNotEmpty(this.keypairGenNames)) {
                caEntry.setKeypairGenNames(this.keypairGenNames);
            }
            caEntry.setMaxValidity(Validity.getInstance(this.maxValidity));
            caEntry.setKeepExpiredCertDays(this.keepExpiredCertDays.intValue());
            caEntry.setPermissions(new Permissions(this.permissions));
            if (this.extraControl != null) {
                this.extraControl = this.extraControl.trim();
            }
            if (StringUtil.isNotBlank(this.extraControl)) {
                caEntry.setExtraControl(new ConfPairs(this.extraControl).unmodifiable());
            }
            return caEntry;
        }
    }

    @Service
    @Command(scope = "ca", name = "cacert", description = "get CA's certificate")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$CaCert.class */
    public static class CaCert extends CaAction {

        @Argument(name = "name", required = true, description = "CA name")
        @Completion(CaCompleters.CaNameCompleter.class)
        private String name;

        @Option(name = "--outform", description = "output format of the certificate")
        @Completion(Completers.DerPemCompleter.class)
        protected String outform = "der";

        @Option(name = "--out", aliases = {"-o"}, required = true, description = "where to save the certificate file")
        @Completion(FileCompleter.class)
        protected String outFile;

        protected Object execute0() throws Exception {
            List caCerts = this.caManager.getCaCerts(this.name);
            if ("der".equalsIgnoreCase(this.outform)) {
                IoUtil.save(this.outFile, ((X509Cert) caCerts.get(0)).getEncoded());
                return null;
            }
            if (!"pem".equalsIgnoreCase(this.outform)) {
                throw new IllegalCmdParamException("invalid outform " + this.outform);
            }
            IoUtil.save(this.outFile, X509Util.toPemCert((X509Cert) caCerts.get(0)).getBytes(StandardCharsets.UTF_8));
            return null;
        }
    }

    @Service
    @Command(scope = "ca", name = "cacerts", description = "get CA's certificate chain")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$CaCerts.class */
    public static class CaCerts extends CaAction {

        @Argument(name = "name", required = true, description = "CA name")
        @Completion(CaCompleters.CaNameCompleter.class)
        private String name;

        @Option(name = "--out", aliases = {"-o"}, required = true, description = "where to save the certificate chain (PEM file)")
        @Completion(FileCompleter.class)
        protected String outFile;

        protected Object execute0() throws Exception {
            IoUtil.save(this.outFile, X509Util.encodeCertificates((X509Cert[]) this.caManager.getCaCerts(this.name).toArray(new X509Cert[0])).getBytes(StandardCharsets.UTF_8));
            return null;
        }
    }

    @Service
    @Command(scope = "ca", name = "ca-info", description = "show information of CA")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$CaInfo.class */
    public static class CaInfo extends CaAction {

        @Argument(index = 0, name = "name", description = "CA name")
        @Completion(CaCompleters.CaNameCompleter.class)
        private String name;

        @Option(name = "--verbose", aliases = {"-v"}, description = "show CA information verbosely")
        private Boolean verbose = Boolean.FALSE;

        protected Object execute0() throws Exception {
            StringBuilder sb = new StringBuilder();
            if (this.name == null) {
                sb.append("successful CAs:\n");
                printCaNames(sb, this.caManager.getSuccessfulCaNames(), "  ");
                sb.append("failed CAs:\n");
                printCaNames(sb, this.caManager.getFailedCaNames(), "  ");
                sb.append("inactive CAs:\n");
                printCaNames(sb, this.caManager.getInactiveCaNames(), "  ");
            } else {
                CaEntry caEntry = (CaEntry) Optional.ofNullable(this.caManager.getCa(this.name)).orElseThrow(() -> {
                    return new CmdFailure("could not find CA '" + this.name + "'");
                });
                if (CaStatus.active == caEntry.getStatus()) {
                    sb.append("started:              ").append(this.caManager.getSuccessfulCaNames().contains(caEntry.getIdent().getName())).append("\n");
                }
                sb.append("aliases:              ").append(toString(this.caManager.getAliasesForCa(this.name))).append("\n");
                sb.append(caEntry.toString(this.verbose.booleanValue()));
                Set<String> publisherNamesForCa = getPublisherNamesForCa(this.name);
                sb.append("\nAssociated publishers:");
                if (CollectionUtil.isEmpty(publisherNamesForCa)) {
                    sb.append(" -");
                } else {
                    ArrayList arrayList = new ArrayList(publisherNamesForCa);
                    Collections.sort(arrayList);
                    sb.append(" ").append(arrayList);
                }
                Set certprofilesForCa = this.caManager.getCertprofilesForCa(this.name);
                sb.append("\nAssociated certificate profiles:");
                if (CollectionUtil.isEmpty(certprofilesForCa)) {
                    sb.append(" -");
                } else {
                    sb.append(" ").append(certprofilesForCa).append("");
                }
                Set<CaHasRequestorEntry> requestorsForCa = this.caManager.getRequestorsForCa(this.name);
                sb.append("\nAssociated requestors:");
                if (CollectionUtil.isEmpty(requestorsForCa)) {
                    sb.append(" -");
                } else {
                    for (CaHasRequestorEntry caHasRequestorEntry : requestorsForCa) {
                        sb.append("\n\t").append(caHasRequestorEntry.getRequestorIdent().getName()).append(", permissions=").append(caHasRequestorEntry.getPermissions()).append(", profiles=").append(caHasRequestorEntry.getProfiles());
                    }
                }
            }
            println(sb.toString());
            return null;
        }
    }

    @Service
    @Command(scope = "ca", name = "ca-revoke", description = "revoke CA")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$CaRevoke.class */
    public static class CaRevoke extends CaAction {
        public static final List<CrlReason> PERMITTED_REASONS = List.of(CrlReason.UNSPECIFIED, CrlReason.KEY_COMPROMISE, CrlReason.CA_COMPROMISE, CrlReason.AFFILIATION_CHANGED, CrlReason.SUPERSEDED, CrlReason.CESSATION_OF_OPERATION, CrlReason.CERTIFICATE_HOLD, CrlReason.PRIVILEGE_WITHDRAWN);

        @Argument(index = 0, name = "name", description = "CA name", required = true)
        @Completion(CaCompleters.CaNameCompleter.class)
        private String caName;

        @Option(name = "--reason", required = true, description = "CRL reason")
        @Completion(CaCompleters.CaCrlReasonCompleter.class)
        private String reason;

        @Option(name = "--rev-date", description = "revocation date, UTC time of format yyyyMMddHHmmss")
        private String revocationDateS;

        @Option(name = "--inv-date", description = "invalidity date, UTC time of format yyyyMMddHHmmss")
        private String invalidityDateS;

        protected Object execute0() throws Exception {
            CrlReason forNameOrText = CrlReason.forNameOrText(this.reason);
            if (!PERMITTED_REASONS.contains(forNameOrText)) {
                throw new IllegalCmdParamException("reason " + this.reason + " is not permitted");
            }
            if (!this.caManager.getCaNames().contains(this.caName)) {
                throw new IllegalCmdParamException("invalid CA name " + this.caName);
            }
            Instant parseUtcTimeyyyyMMddhhmmss = isNotBlank(this.revocationDateS) ? DateUtil.parseUtcTimeyyyyMMddhhmmss(this.revocationDateS) : Instant.now();
            Instant instant = null;
            if (isNotBlank(this.invalidityDateS)) {
                instant = DateUtil.parseUtcTimeyyyyMMddhhmmss(this.invalidityDateS);
            }
            try {
                this.caManager.revokeCa(this.caName, new CertRevocationInfo(forNameOrText, parseUtcTimeyyyyMMddhhmmss, instant));
                println("revoked CA " + this.caName);
                return null;
            } catch (CaMgmtException e) {
                throw new CmdFailure("could not revoke CA " + this.caName + ", error: " + e.getMessage(), e);
            }
        }
    }

    @Service
    @Command(scope = "ca", name = "ca-rm", description = "remove CA")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$CaRm.class */
    public static class CaRm extends CaAction {

        @Argument(index = 0, name = "name", required = true, description = "CA name")
        @Completion(CaCompleters.CaNameCompleter.class)
        private String name;

        @Option(name = "--force", aliases = {"-f"}, description = "without prompt")
        private Boolean force = Boolean.FALSE;

        protected Object execute0() throws Exception {
            String str = "CA " + this.name;
            if (!this.force.booleanValue() && !confirm("Do you want to remove " + str, 3)) {
                return null;
            }
            try {
                this.caManager.removeCa(this.name);
                println("removed " + str);
                return null;
            } catch (CaMgmtException e) {
                throw new CmdFailure("could not remove " + str + ", error: " + e.getMessage(), e);
            }
        }
    }

    @Service
    @Command(scope = "ca", name = "ca-unrevoke", description = "unrevoke CA")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$CaUnrevoke.class */
    public static class CaUnrevoke extends CaAction {

        @Argument(index = 0, name = "name", required = true, description = "CA name")
        @Completion(CaCompleters.CaNameCompleter.class)
        private String caName;

        protected Object execute0() throws Exception {
            if (!this.caManager.getCaNames().contains(this.caName)) {
                throw new IllegalCmdParamException("invalid CA name " + this.caName);
            }
            try {
                this.caManager.unrevokeCa(this.caName);
                println("unrevoked CA " + this.caName);
                return null;
            } catch (CaMgmtException e) {
                throw new CmdFailure("could not unrevoke CA " + this.caName + ", error: " + e.getMessage(), e);
            }
        }
    }

    @Service
    @Command(scope = "ca", name = "ca-up", description = "update CA")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$CaUp.class */
    public static class CaUp extends CaAction {

        @Option(name = "--name", aliases = {"-n"}, required = true, description = "CA name")
        @Completion(CaCompleters.CaNameCompleter.class)
        private String caName;

        @Option(name = "--sn-len", description = "number of octets of the serial number, between 1 and 20")
        private Integer snLen;

        @Option(name = "--status", description = "CA status")
        @Completion(CaCompleters.CaStatusCompleter.class)
        private String caStatus;

        @Option(name = "--ca-cert-uri", multiValued = true, description = "CA certificate URI")
        private List<String> caCertUris;

        @Option(name = "--ocsp-uri", multiValued = true, description = "OCSP URI or 'null'")
        private List<String> ocspUris;

        @Option(name = "--crl-uri", multiValued = true, description = "CRL distribution point URI or 'null'")
        private List<String> crlUris;

        @Option(name = "--deltacrl-uri", multiValued = true, description = "delta CRL distribution point URI or 'null'")
        private List<String> deltaCrlUris;

        @Option(name = "--permission", multiValued = true, description = "permission")
        @Completion(CaCompleters.PermissionCompleter.class)
        private List<String> permissions;

        @Option(name = "--max-validity", description = "maximal validity")
        private String maxValidity;

        @Option(name = "--expiration-period", description = "days before expiration time of CA to issue certificates")
        private Integer expirationPeriod;

        @Option(name = "--keep-expired-certs", description = "days to keep expired certificates")
        private Integer keepExpiredCertDays;

        @Option(name = "--crl-signer", description = "CRL signer name or 'null'")
        @Completion(CaCompleters.SignerNamePlusNullCompleter.class)
        private String crlSignerName;

        @Option(name = "--keypair-gen", multiValued = true, description = "(ordered) Keypair generation name or 'null")
        @Completion(CaCompleters.KeypairGenNameCompleter.class)
        private List<String> keypairGenNames;

        @Option(name = "--crl-control", description = "CRL control or 'null'")
        private String crlControl;

        @Option(name = "--ctlog-control", description = "CT log control")
        private String ctlogControl;

        @Option(name = "--revoke-suspended-control", description = "Revoke suspended certificates control")
        private String revokeSuspendedControl;

        @Option(name = "--num-crls", description = "number of CRLs to be kept in database")
        private Integer numCrls;

        @Option(name = "--cert", description = "CA certificate file")
        @Completion(FileCompleter.class)
        private String certFile;

        @Option(name = "--certchain", multiValued = true, description = "certificate chain of CA certificate")
        @Completion(FileCompleter.class)
        private List<String> issuerCertFiles;

        @Option(name = "--signer-type", description = "CA signer type")
        @Completion(CaCompleters.SignerTypeCompleter.class)
        private String signerType;

        @Option(name = "--signer-conf", description = "CA signer configuration or 'null'")
        private String signerConf;

        @Option(name = "--save-cert", description = "whether to save the certificate")
        @Completion(Completers.YesNoCompleter.class)
        private String saveCertS;

        @Option(name = "--save-keypair", description = "whether to save the keypair generated by the CA")
        @Completion(Completers.YesNoCompleter.class)
        private String saveKeypairS;

        @Option(name = "--validity-mode", description = "mode of valditity")
        @Completion(CaCompleters.ValidityModeCompleter.class)
        private String validityModeS;

        @Option(name = "--extra-control", description = "extra control")
        private String extraControl;

        protected ChangeCaEntry getChangeCaEntry() throws Exception {
            ChangeCaEntry changeCaEntry = new ChangeCaEntry(new NameId((Integer) null, this.caName));
            if (this.snLen != null) {
                Args.range(this.snLen.intValue(), "sn-len", 1, 20);
                changeCaEntry.setSerialNoLen(this.snLen);
            }
            if (this.caStatus != null) {
                changeCaEntry.setStatus(CaStatus.forName(this.caStatus));
            }
            if (this.expirationPeriod != null && this.expirationPeriod.intValue() < 0) {
                throw new IllegalCmdParamException("invalid expirationPeriod: " + this.expirationPeriod);
            }
            changeCaEntry.setExpirationPeriod(this.expirationPeriod);
            if (this.keepExpiredCertDays != null) {
                changeCaEntry.setKeepExpiredCertDays(this.keepExpiredCertDays);
            }
            if (this.certFile != null) {
                changeCaEntry.setEncodedCert(IoUtil.read(this.certFile));
            }
            if (CollectionUtil.isNotEmpty(this.issuerCertFiles)) {
                ArrayList arrayList = new ArrayList(this.issuerCertFiles.size());
                Iterator<String> it = this.issuerCertFiles.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    String next = it.next();
                    if ("null".equalsIgnoreCase(next)) {
                        arrayList.clear();
                        break;
                    }
                    arrayList.add(X509Util.parseCert(Paths.get(next, new String[0]).toFile()).getEncoded());
                }
                changeCaEntry.setEncodedCertchain(arrayList);
            }
            if (this.signerConf != null) {
                String str = this.signerType;
                if (str == null) {
                    str = ((CaEntry) Optional.ofNullable(this.caManager.getCa(this.caName)).orElseThrow(() -> {
                        return new IllegalCmdParamException("please specify the signerType");
                    })).getSignerType();
                }
                this.signerConf = ShellUtil.canonicalizeSignerConf(str, this.signerConf, this.securityFactory);
                changeCaEntry.setSignerConf(this.signerConf);
            }
            if (this.saveCertS != null) {
                changeCaEntry.setSaveCert(Boolean.valueOf(isEnabled(this.saveCertS, true, "save-cert")));
            }
            if (this.saveKeypairS != null) {
                changeCaEntry.setSaveKeypair(Boolean.valueOf(isEnabled(this.saveKeypairS, false, "save-keypair")));
            }
            if (CollectionUtil.isNotEmpty(this.permissions)) {
                changeCaEntry.setPermission(this.permissions);
            }
            changeCaEntry.setCaUris(new CaUris(getUris(this.caCertUris), getUris(this.ocspUris), getUris(this.crlUris), getUris(this.deltaCrlUris)));
            if (this.validityModeS != null) {
                changeCaEntry.setValidityMode(ValidityMode.forName(this.validityModeS));
            }
            if (this.maxValidity != null) {
                changeCaEntry.setMaxValidity(Validity.getInstance(this.maxValidity));
            }
            if (this.crlControl != null) {
                changeCaEntry.setCrlControl(this.crlControl);
            }
            if (this.ctlogControl != null) {
                changeCaEntry.setCtlogControl(this.ctlogControl);
            }
            if (this.revokeSuspendedControl != null) {
                changeCaEntry.setRevokeSuspendedControl(this.revokeSuspendedControl);
            }
            if (this.crlSignerName != null) {
                changeCaEntry.setCrlSignerName(this.crlSignerName);
            }
            if (CollectionUtil.isNotEmpty(this.keypairGenNames)) {
                if ("null".equalsIgnoreCase(this.keypairGenNames.get(0))) {
                    this.keypairGenNames.clear();
                }
                changeCaEntry.setKeypairGenNames(this.keypairGenNames);
            }
            if (this.extraControl != null) {
                changeCaEntry.setExtraControl(new ConfPairs(this.extraControl).getEncoded());
            }
            if (this.numCrls != null) {
                changeCaEntry.setNumCrls(this.numCrls);
            }
            return changeCaEntry;
        }

        protected Object execute0() throws Exception {
            try {
                this.caManager.changeCa(getChangeCaEntry());
                println("updated CA " + this.caName);
                return null;
            } catch (CaMgmtException e) {
                throw new CmdFailure("could not update CA " + this.caName + ", error: " + e.getMessage(), e);
            }
        }

        private static List<String> getUris(List<String> list) {
            if (list == null) {
                return null;
            }
            boolean z = false;
            Iterator<String> it = list.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if ("null".equalsIgnoreCase(it.next())) {
                    z = true;
                    break;
                }
            }
            return z ? Collections.emptyList() : new ArrayList(list);
        }
    }

    @Service
    @Command(scope = "ca", name = "caalias-add", description = "add CA alias")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$CaaliasAdd.class */
    public static class CaaliasAdd extends CaAction {

        @Option(name = "--ca", required = true, description = "CA name")
        @Completion(CaCompleters.CaNameCompleter.class)
        private String caName;

        @Option(name = "--alias", required = true, description = "CA alias")
        private String caAlias;

        protected Object execute0() throws Exception {
            String str = "CA alias " + this.caAlias + " associated with CA " + this.caName;
            try {
                this.caManager.addCaAlias(this.caAlias, this.caName);
                println("added " + str);
                return null;
            } catch (CaMgmtException e) {
                throw new CmdFailure("could not add " + str + ", error: " + e.getMessage(), e);
            }
        }
    }

    @Service
    @Command(scope = "ca", name = "caalias-info", description = "show information of CA alias")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$CaaliasInfo.class */
    public static class CaaliasInfo extends CaAction {

        @Argument(index = 0, name = "alias", description = "CA alias")
        @Completion(CaCompleters.CaAliasCompleter.class)
        private String caAlias;

        protected Object execute0() throws Exception {
            Set caAliasNames = this.caManager.getCaAliasNames();
            StringBuilder sb = new StringBuilder();
            if (this.caAlias == null) {
                int size = caAliasNames.size();
                if (size == 0 || size == 1) {
                    sb.append(size == 0 ? "no" : "1").append(" CA alias is configured\n");
                } else {
                    sb.append(size).append(" CA aliases are configured:\n");
                }
                ArrayList arrayList = new ArrayList(caAliasNames);
                Collections.sort(arrayList);
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    sb.append("\t").append((String) it.next()).append("\n");
                }
            } else {
                if (!caAliasNames.contains(this.caAlias)) {
                    throw new CmdFailure("could not find CA alias '" + this.caAlias + "'");
                }
                sb.append(this.caAlias).append("\n\t").append(this.caManager.getCaNameForAlias(this.caAlias));
            }
            println(sb.toString());
            return null;
        }
    }

    @Service
    @Command(scope = "ca", name = "caalias-rm", description = "remove CA alias")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$CaaliasRm.class */
    public static class CaaliasRm extends CaAction {

        @Argument(index = 0, name = "alias", description = "CA alias", required = true)
        @Completion(CaCompleters.CaAliasCompleter.class)
        private String caAlias;

        @Option(name = "--force", aliases = {"-f"}, description = "without prompt")
        private Boolean force = Boolean.FALSE;

        protected Object execute0() throws Exception {
            String str = "CA alias " + this.caAlias;
            if (!this.force.booleanValue() && !confirm("Do you want to remove " + str, 3)) {
                return null;
            }
            try {
                this.caManager.removeCaAlias(this.caAlias);
                println("removed " + str);
                return null;
            } catch (CaMgmtException e) {
                throw new CmdFailure("could not remove " + str + ", error: " + e.getMessage(), e);
            }
        }
    }

    @Service
    @Command(scope = "ca", name = "gen-rootca", description = "generate selfsigned CA")
    /* loaded from: input_file:org/xipki/ca/mgmt/shell/CaActions$GenRootca.class */
    public static class GenRootca extends CaAddOrGenAction {

        @Option(name = "--subject", required = true, description = "subject of the Root CA")
        private String subject;

        @Option(name = "--profile", required = true, description = "profile of the Root CA")
        private String rootcaProfile;

        @Option(name = "--serial", description = "serial number of the Root CA")
        private String serialS;

        @Option(name = "--not-before", description = "notBefore, UTC time of format yyyyMMddHHmmss")
        private String notBeforeS;

        @Option(name = "--not-after", description = "notAfter, UTC time of format yyyyMMddHHmmss")
        private String notAfterS;

        @Option(name = "--outform", description = "output format of the certificate")
        @Completion(Completers.DerPemCompleter.class)
        protected String outform = "der";

        @Option(name = "--out", aliases = {"-o"}, description = "where to save the generated CA certificate")
        @Completion(FileCompleter.class)
        private String rootcaCertOutFile;

        protected Object execute0() throws Exception {
            CaEntry caEntry = getCaEntry();
            X509Cert generateRootCa = this.caManager.generateRootCa(caEntry, this.rootcaProfile, this.subject, this.serialS, parseDate(this.notBeforeS), parseDate(this.notAfterS));
            if (this.rootcaCertOutFile != null) {
                saveVerbose("saved root certificate to file", this.rootcaCertOutFile, encodeCert(generateRootCa.getEncoded(), this.outform));
            }
            println("generated root CA " + caEntry.getIdent().getName());
            return null;
        }
    }
}
