package org.xipki.cmp.client.shell;

import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.NoSuchAlgorithmException;
import java.util.List;
import org.apache.karaf.shell.api.action.Command;
import org.apache.karaf.shell.api.action.Completion;
import org.apache.karaf.shell.api.action.Option;
import org.apache.karaf.shell.api.action.lifecycle.Reference;
import org.apache.karaf.shell.api.action.lifecycle.Service;
import org.apache.karaf.shell.support.completers.FileCompleter;
import org.xipki.cmp.client.CmpClient;
import org.xipki.cmp.client.Requestor;
import org.xipki.security.HashAlgo;
import org.xipki.security.SecurityFactory;
import org.xipki.security.SignAlgo;
import org.xipki.security.SignatureAlgoControl;
import org.xipki.security.SignerConf;
import org.xipki.security.X509Cert;
import org.xipki.security.util.X509Util;
import org.xipki.shell.CmdFailure;
import org.xipki.shell.Completers;
import org.xipki.shell.IllegalCmdParamException;
import org.xipki.shell.XiAction;
import org.xipki.util.CollectionUtil;
import org.xipki.util.ConfPairs;
import org.xipki.util.Hex;
import org.xipki.util.IoUtil;
import org.xipki.util.ReqRespDebug;
import org.xipki.util.StringUtil;
import org.xipki.util.exception.ObjectCreationException;

/* loaded from: input_file:org/xipki/cmp/client/shell/Actions.class */
public class Actions {

    /* loaded from: input_file:org/xipki/cmp/client/shell/Actions$AuthClientAction.class */
    public static abstract class AuthClientAction extends ClientAction {

        @Reference
        protected SecurityFactory securityFactory;

        @Option(name = "--signer-p12", description = "Signer PKCS#12 file")
        @Completion(FileCompleter.class)
        private String signerP12File;

        @Option(name = "--signer-p12-algo", description = "Signature algorithm of the PKCS#12 signer")
        @Completion(Completers.SigAlgCompleter.class)
        private String signerP12SigAlgo;

        @Option(name = "--signer-keyid", multiValued = true, description = "User, text key ID, or prefix 0x for hex-encoded key ID")
        private String signerKeyId;

        @Option(name = "--signer-password", description = "Signer password")
        private String signerPassword;

        /* JADX INFO: Access modifiers changed from: protected */
        public Requestor getRequestor() throws IllegalCmdParamException, ObjectCreationException, IOException {
            SignerConf signerConf;
            if ((this.signerP12File == null) == (this.signerKeyId == null)) {
                throw new IllegalCmdParamException("Exactly one of signer-p12 and signer-keyid must be specified");
            }
            if (this.signerP12File == null) {
                if (this.signerPassword == null) {
                    this.signerPassword = new String(readPassword("Enter the password for the user/keyID " + this.signerKeyId));
                }
                return new Requestor.PbmMacCmpRequestor(this.signerPassword.toCharArray(), StringUtil.startsWithIgnoreCase(this.signerKeyId, "0x") ? Hex.decode(this.signerKeyId) : this.signerKeyId.getBytes(StandardCharsets.UTF_8), HashAlgo.SHA256, 2048, SignAlgo.HMAC_SHA256);
            }
            if (this.signerPassword == null) {
                this.signerPassword = new String(readPassword("Enter the password for " + this.signerP12File));
            }
            ConfPairs confPairs = new ConfPairs();
            confPairs.putPair("password", this.signerPassword);
            confPairs.putPair("keystore", "file:" + this.signerP12File);
            if (this.signerP12SigAlgo == null) {
                signerConf = new SignerConf(confPairs.getEncoded(), HashAlgo.SHA256, new SignatureAlgoControl());
            } else {
                confPairs.putPair("algo", this.signerP12SigAlgo);
                signerConf = new SignerConf(confPairs.getEncoded());
            }
            return new Requestor.SignatureCmpRequestor(this.securityFactory.createSigner("PKCS12", signerConf, (X509Cert) null));
        }
    }

    /* loaded from: input_file:org/xipki/cmp/client/shell/Actions$ClientAction.class */
    public static abstract class ClientAction extends XiAction {

        @Reference
        protected SecurityFactory securityFactory;

        @Reference
        protected CmpClient client;

        @Option(name = "--ca", required = true, description = "CA name")
        protected String caName;

        @Option(name = "--req-out", description = "where to save the request")
        @Completion(FileCompleter.class)
        private String reqout;

        @Option(name = "--resp-out", description = "where to save the response")
        @Completion(FileCompleter.class)
        private String respout;

        /* JADX INFO: Access modifiers changed from: protected */
        public static HashAlgo getHashAlgo(String str) throws ObjectCreationException {
            try {
                return HashAlgo.getInstance(str);
            } catch (NoSuchAlgorithmException e) {
                throw new ObjectCreationException(e.getMessage(), e);
            }
        }

        /* JADX INFO: Access modifiers changed from: protected */
        public ReqRespDebug getReqRespDebug() {
            boolean isNotBlank = isNotBlank(this.reqout);
            boolean isNotBlank2 = isNotBlank(this.respout);
            if (isNotBlank || isNotBlank2) {
                return new ReqRespDebug(isNotBlank, isNotBlank2);
            }
            return null;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        public void saveRequestResponse(ReqRespDebug reqRespDebug) {
            byte[] response;
            byte[] request;
            boolean isNotBlank = isNotBlank(this.reqout);
            boolean isNotBlank2 = isNotBlank(this.respout);
            if ((!isNotBlank && !isNotBlank2) || reqRespDebug == null || reqRespDebug.size() == 0) {
                return;
            }
            int size = reqRespDebug.size();
            for (int i = 0; i < size; i++) {
                ReqRespDebug.ReqRespPair reqRespPair = reqRespDebug.get(i);
                if (isNotBlank && (request = reqRespPair.getRequest()) != null) {
                    try {
                        IoUtil.save(size == 1 ? this.reqout : appendIndex(this.reqout, i), request);
                    } catch (IOException e) {
                        System.err.println("IOException: " + e.getMessage());
                    }
                }
                if (isNotBlank2 && (response = reqRespPair.getResponse()) != null) {
                    try {
                        IoUtil.save(size == 1 ? this.respout : appendIndex(this.respout, i), response);
                    } catch (IOException e2) {
                        System.err.println("IOException: " + e2.getMessage());
                    }
                }
            }
        }

        private static String appendIndex(String str, int i) {
            int lastIndexOf = str.lastIndexOf(46);
            return (lastIndexOf == -1 || lastIndexOf == str.length() - 1) ? str + "-" + i : new StringBuilder(str).insert(lastIndexOf, i).insert(lastIndexOf, '-').toString();
        }
    }

    @Service
    @Command(scope = "xi", name = "cmp-cacert", description = "get CA certificate")
    /* loaded from: input_file:org/xipki/cmp/client/shell/Actions$CmpCacert.class */
    public static class CmpCacert extends ClientAction {

        @Option(name = "--outform", description = "output format of the certificate")
        @Completion(Completers.DerPemCompleter.class)
        private String outform = "der";

        @Option(name = "--out", aliases = {"-o"}, required = true, description = "where to save the CA certificate")
        @Completion(FileCompleter.class)
        private String outFile;

        protected Object execute0() throws Exception {
            try {
                X509Cert caCert = this.client.caCert(this.caName, getReqRespDebug());
                if (caCert == null) {
                    throw new CmdFailure("received no CA certificate");
                }
                saveVerbose("saved CA certificate to file", this.outFile, encodeCert(caCert.getEncoded(), this.outform));
                return null;
            } catch (Exception e) {
                throw new CmdFailure("Error while retrieving CA certificate: " + e.getMessage());
            }
        }
    }

    @Service
    @Command(scope = "xi", name = "cmp-cacerts", description = "get CA certificate chain")
    /* loaded from: input_file:org/xipki/cmp/client/shell/Actions$CmpCacertchain.class */
    public static class CmpCacertchain extends ClientAction {

        @Option(name = "--out", aliases = {"-o"}, required = true, description = "where to save the CA certificate chain")
        @Completion(FileCompleter.class)
        private String outFile;

        protected Object execute0() throws Exception {
            try {
                List caCerts = this.client.caCerts(this.caName, getReqRespDebug());
                if (CollectionUtil.isEmpty(caCerts)) {
                    throw new CmdFailure("received no CA certificate chain");
                }
                saveVerbose("saved CA certificate to file", this.outFile, StringUtil.toUtf8Bytes(X509Util.encodeCertificates((X509Cert[]) caCerts.toArray(new X509Cert[0]))));
                return null;
            } catch (Exception e) {
                throw new CmdFailure("Error while retrieving CA certificate chain: " + e.getMessage(), e);
            }
        }
    }
}
