package org.xipki.cmp.client.shell;

import java.io.File;
import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.CertificateException;
import java.util.Date;
import org.apache.karaf.shell.api.action.Command;
import org.apache.karaf.shell.api.action.Completion;
import org.apache.karaf.shell.api.action.Option;
import org.apache.karaf.shell.api.action.lifecycle.Service;
import org.apache.karaf.shell.support.completers.FileCompleter;
import org.xipki.cmp.client.CertIdOrError;
import org.xipki.cmp.client.Requestor;
import org.xipki.cmp.client.shell.Actions;
import org.xipki.security.CrlReason;
import org.xipki.security.X509Cert;
import org.xipki.security.util.X509Util;
import org.xipki.shell.CmdFailure;
import org.xipki.shell.Completers;
import org.xipki.shell.IllegalCmdParamException;
import org.xipki.util.DateUtil;
import org.xipki.util.ReqRespDebug;

/* loaded from: input_file:org/xipki/cmp/client/shell/UnRevokeCertActions.class */
public class UnRevokeCertActions {

    @Service
    @Command(scope = "xi", name = "cmp-revoke", description = "revoke certificate")
    /* loaded from: input_file:org/xipki/cmp/client/shell/UnRevokeCertActions$CmpRevoke.class */
    public static class CmpRevoke extends UnRevokeCertAction {

        @Option(name = "--reason", aliases = {"-r"}, required = true, description = "CRL reason")
        @Completion(Completers.ClientCrlReasonCompleter.class)
        private String reason;

        @Option(name = "--inv-date", description = "invalidity date, UTC time of format yyyyMMddHHmmss")
        private String invalidityDateS;

        protected Object execute0() throws Exception {
            if ((this.certFile == null) == (getSerialNumber() == null)) {
                throw new IllegalCmdParamException("exactly one of cert and serial must be specified");
            }
            CrlReason forNameOrText = CrlReason.forNameOrText(this.reason);
            if (!CrlReason.PERMITTED_CLIENT_CRLREASONS.contains(forNameOrText)) {
                throw new IllegalCmdParamException("reason " + this.reason + " is not permitted");
            }
            Date date = null;
            if (isNotBlank(this.invalidityDateS)) {
                date = DateUtil.parseUtcTimeyyyyMMddhhmmss(this.invalidityDateS);
            }
            ReqRespDebug reqRespDebug = getReqRespDebug();
            try {
                Requestor requestor = getRequestor();
                X509Cert caCert = getCaCert();
                CertIdOrError revokeCert = this.certFile != null ? this.client.revokeCert(this.caName, requestor, caCert, X509Util.parseCert(new File(this.certFile)), forNameOrText.getCode(), date, reqRespDebug) : this.client.revokeCert(this.caName, requestor, caCert, getSerialNumber(), forNameOrText.getCode(), date, reqRespDebug);
                if (revokeCert.getError() != null) {
                    throw new CmdFailure("revocation failed: " + revokeCert.getError());
                }
                println("revoked certificate");
                return null;
            } finally {
                saveRequestResponse(reqRespDebug);
            }
        }
    }

    @Service
    @Command(scope = "xi", name = "cmp-unsuspend", description = "unsuspend certificate")
    /* loaded from: input_file:org/xipki/cmp/client/shell/UnRevokeCertActions$CmpUnsuspend.class */
    public static class CmpUnsuspend extends UnRevokeCertAction {
        protected Object execute0() throws Exception {
            if ((this.certFile == null) == (getSerialNumber() == null)) {
                throw new IllegalCmdParamException("exactly one of cert and serial must be specified");
            }
            ReqRespDebug reqRespDebug = getReqRespDebug();
            try {
                Requestor requestor = getRequestor();
                X509Cert caCert = getCaCert();
                CertIdOrError unsuspendCert = this.certFile != null ? this.client.unsuspendCert(this.caName, requestor, caCert, X509Util.parseCert(new File(this.certFile)), reqRespDebug) : this.client.unsuspendCert(this.caName, requestor, caCert, getSerialNumber(), reqRespDebug);
                if (unsuspendCert.getError() != null) {
                    throw new CmdFailure("releasing revocation failed: " + unsuspendCert.getError());
                }
                println("unsuspended certificate");
                return null;
            } finally {
                saveRequestResponse(reqRespDebug);
            }
        }
    }

    /* loaded from: input_file:org/xipki/cmp/client/shell/UnRevokeCertActions$UnRevokeCertAction.class */
    public static abstract class UnRevokeCertAction extends Actions.AuthClientAction {

        @Option(name = "--ca-cert", required = true, description = "certificate file")
        @Completion(FileCompleter.class)
        private String caCertFile;

        @Option(name = "--cert", aliases = {"-c"}, description = "certificate file (either cert or serial must be specified)")
        @Completion(FileCompleter.class)
        protected String certFile;

        @Option(name = "--serial", aliases = {"-s"}, description = "serial number (either cert or serial must be specified)")
        private String serialNumberS;
        private BigInteger serialNumber;

        protected X509Cert getCaCert() throws CertificateException, IOException {
            return X509Util.parseCert(new File(this.caCertFile));
        }

        protected BigInteger getSerialNumber() {
            if (this.serialNumber == null && isNotBlank(this.serialNumberS)) {
                this.serialNumber = toBigInt(this.serialNumberS);
            }
            return this.serialNumber;
        }
    }
}
