package org.xipki.qa.shell;

import java.io.File;
import java.rmi.UnexpectedException;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import org.apache.karaf.shell.api.action.Command;
import org.apache.karaf.shell.api.action.Completion;
import org.apache.karaf.shell.api.action.Option;
import org.apache.karaf.shell.api.action.lifecycle.Reference;
import org.apache.karaf.shell.api.action.lifecycle.Service;
import org.apache.karaf.shell.support.completers.FileCompleter;
import org.apache.karaf.shell.support.completers.StringsCompleter;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.ASN1Set;
import org.bouncycastle.asn1.pkcs.Attribute;
import org.bouncycastle.asn1.pkcs.CertificationRequestInfo;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.Extensions;
import org.xipki.ca.api.mgmt.CaProfileEntry;
import org.xipki.ca.api.mgmt.CrlControl;
import org.xipki.ca.api.mgmt.Permissions;
import org.xipki.ca.api.mgmt.entry.CaEntry;
import org.xipki.ca.api.mgmt.entry.CaHasRequestorEntry;
import org.xipki.ca.api.mgmt.entry.CertprofileEntry;
import org.xipki.ca.api.mgmt.entry.ChangeCaEntry;
import org.xipki.ca.api.mgmt.entry.PublisherEntry;
import org.xipki.ca.api.mgmt.entry.RequestorEntry;
import org.xipki.ca.api.mgmt.entry.SignerEntry;
import org.xipki.ca.mgmt.shell.CaActions;
import org.xipki.ca.mgmt.shell.CaCompleters;
import org.xipki.ca.mgmt.shell.ProfileActions;
import org.xipki.ca.mgmt.shell.PublisherActions;
import org.xipki.ca.mgmt.shell.RequestorActions;
import org.xipki.ca.mgmt.shell.SignerActions;
import org.xipki.qa.ValidationIssue;
import org.xipki.qa.ValidationResult;
import org.xipki.qa.ca.CaEnrollBenchEntry;
import org.xipki.qa.ca.CaEnrollBenchKeyEntry;
import org.xipki.qa.ca.CaEnrollBenchmark;
import org.xipki.qa.ca.CaQaSystemManager;
import org.xipki.qa.ca.CertprofileQa;
import org.xipki.qa.ca.IssuerInfo;
import org.xipki.qa.shell.QaCompleters;
import org.xipki.security.EdECConstants;
import org.xipki.security.X509Cert;
import org.xipki.security.util.AlgorithmUtil;
import org.xipki.security.util.X509Util;
import org.xipki.shell.CmdFailure;
import org.xipki.shell.Completers;
import org.xipki.shell.IllegalCmdParamException;
import org.xipki.shell.XiAction;
import org.xipki.util.Base64;
import org.xipki.util.CollectionUtil;
import org.xipki.util.ConfPairs;
import org.xipki.util.IoUtil;
import org.xipki.util.StringUtil;

/* loaded from: input_file:org/xipki/qa/shell/QaCaActions.class */
public class QaCaActions {

    /* loaded from: input_file:org/xipki/qa/shell/QaCaActions$AbstractBenchmarkEnroll.class */
    private static abstract class AbstractBenchmarkEnroll extends XiAction {

        @Option(name = "--ca", required = true, description = "CA name")
        @Completion(CaCompleters.CaNameCompleter.class)
        protected String caName;

        @Option(name = "--profile", aliases = {"-p"}, required = true, description = "certificate profile that allows duplication of public key")
        protected String certprofile;

        @Option(name = "--subject", aliases = {"-s"}, required = true, description = "subject template")
        protected String subjectTemplate;

        @Option(name = "--random-dn", description = "DN name to be incremented")
        @Completion(value = StringsCompleter.class, values = {"GIVENNAME", "SURNAME", "STREET", "POSTALCODE", "O", "OU", "CN"})
        protected String randomDnStr = "O";

        @Option(name = "--duration", description = "duration")
        protected String duration = "30s";

        @Option(name = "--thread", description = "number of threads")
        protected Integer numThreads = 5;

        @Option(name = "-n", description = "number of certificates to be requested in one request")
        protected Integer num = 1;

        @Option(name = "--max-num", description = "maximal number of requests\n0 for unlimited")
        protected Integer maxRequests = 0;

        private AbstractBenchmarkEnroll() {
        }
    }

    @Service
    @Command(scope = "xiqa", name = "benchmark-enroll-serverkeygen", description = "Enroll certificate (CA generates keypairs, benchmark)")
    /* loaded from: input_file:org/xipki/qa/shell/QaCaActions$BenchmarkCaGenEnroll.class */
    public static class BenchmarkCaGenEnroll extends AbstractBenchmarkEnroll {
        protected Object execute0() throws Exception {
            if (this.numThreads.intValue() < 1) {
                throw new IllegalCmdParamException("invalid number of threads " + this.numThreads);
            }
            String concatObjectsCap = StringUtil.concatObjectsCap(200, "subjectTemplate: ", new Object[]{this.subjectTemplate, "\nprofile: ", this.certprofile, "\nmaxRequests: ", this.maxRequests});
            CaEnrollBenchEntry.RandomDn randomDn = null;
            if (this.randomDnStr != null) {
                randomDn = (CaEnrollBenchEntry.RandomDn) Optional.ofNullable(CaEnrollBenchEntry.RandomDn.getInstance(this.randomDnStr)).orElseThrow(() -> {
                    return new IllegalCmdParamException("invalid randomDn " + this.randomDnStr);
                });
            }
            new CaEnrollBenchmark(this.caName, new CaEnrollBenchEntry(this.certprofile, (CaEnrollBenchKeyEntry) null, this.subjectTemplate, randomDn), this.maxRequests.intValue(), this.num.intValue(), concatObjectsCap).setDuration(this.duration).setThreads(this.numThreads.intValue()).execute();
            return null;
        }
    }

    @Service
    @Command(scope = "xiqa", name = "benchmark-enroll", description = "Enroll certificate (benchmark)")
    /* loaded from: input_file:org/xipki/qa/shell/QaCaActions$BenchmarkEnroll.class */
    public static class BenchmarkEnroll extends AbstractBenchmarkEnroll {

        @Option(name = "--curve", description = "EC curve name or OID of EC key")
        @Completion(Completers.ECCurveNameCompleter.class)
        private String curveName;

        @Completion(value = StringsCompleter.class, values = {"RSA", "EC", "DSA"})
        @Option(name = "--key-type", description = "key type to be requested")
        private String keyType = "RSA";

        @Option(name = "--key-size", description = "modulus length of RSA key or p length of DSA key")
        private Integer keysize = 2048;

        @Option(name = "--new-key", description = "Generate different keypair for each certificate")
        private boolean newKey = false;

        protected Object execute0() throws Exception {
            CaEnrollBenchKeyEntry.ECKeyEntry dSAKeyEntry;
            if (this.numThreads.intValue() < 1) {
                throw new IllegalCmdParamException("invalid number of threads " + this.numThreads);
            }
            if ("EC".equalsIgnoreCase(this.keyType) && StringUtil.isBlank(this.curveName)) {
                throw new IllegalCmdParamException("curveName is not specified");
            }
            String concatObjectsCap = StringUtil.concatObjectsCap(200, "subjectTemplate: ", new Object[]{this.subjectTemplate, "\nprofile: ", this.certprofile, "\nkeyType: ", this.keyType, "\nmaxRequests: ", this.maxRequests});
            CaEnrollBenchEntry.RandomDn randomDn = null;
            if (this.randomDnStr != null) {
                randomDn = (CaEnrollBenchEntry.RandomDn) Optional.ofNullable(CaEnrollBenchEntry.RandomDn.getInstance(this.randomDnStr)).orElseThrow(() -> {
                    return new IllegalCmdParamException("invalid randomDn " + this.randomDnStr);
                });
            }
            if ("EC".equalsIgnoreCase(this.keyType)) {
                ASN1ObjectIdentifier curveOid = EdECConstants.getCurveOid(this.curveName);
                if (curveOid == null) {
                    curveOid = AlgorithmUtil.getCurveOidForCurveNameOrOid(this.curveName);
                }
                dSAKeyEntry = new CaEnrollBenchKeyEntry.ECKeyEntry(curveOid, !this.newKey);
            } else if ("RSA".equalsIgnoreCase(this.keyType)) {
                dSAKeyEntry = new CaEnrollBenchKeyEntry.RSAKeyEntry(this.keysize.intValue(), !this.newKey);
            } else {
                if (!"DSA".equalsIgnoreCase(this.keyType)) {
                    throw new IllegalCmdParamException("invalid keyType " + this.keyType);
                }
                dSAKeyEntry = new CaEnrollBenchKeyEntry.DSAKeyEntry(this.keysize.intValue(), !this.newKey);
            }
            new CaEnrollBenchmark(this.caName, new CaEnrollBenchEntry(this.certprofile, dSAKeyEntry, this.subjectTemplate, randomDn), this.maxRequests.intValue(), this.num.intValue(), concatObjectsCap).setDuration(this.duration).setThreads(this.numThreads.intValue()).execute();
            return null;
        }
    }

    @Service
    @Command(scope = "caqa", name = "caalias-check", description = "check CA aliases (QA)")
    /* loaded from: input_file:org/xipki/qa/shell/QaCaActions$CaAliasCheck.class */
    public static class CaAliasCheck extends CaActions.CaAction {

        @Option(name = "--ca", required = true, description = "CA name")
        @Completion(CaCompleters.CaNameCompleter.class)
        private String caName;

        @Option(name = "--alias", required = true, description = "alias name")
        private String aliasName;

        protected Object execute0() throws Exception {
            println("checking CA alias='" + this.aliasName + "', CA='" + this.caName + "'");
            QaCaActions.assertEquals("CA name", this.caName, (String) Optional.ofNullable(this.caManager.getCaNameForAlias(this.aliasName)).orElseThrow(() -> {
                return new CmdFailure("alias '" + this.aliasName + "' is not configured");
            }));
            println(" checked CA alias='" + this.aliasName + "', CA='" + this.caName + "'");
            return null;
        }
    }

    @Service
    @Command(scope = "caqa", name = "ca-check", description = "check information of CAs (QA)")
    /* loaded from: input_file:org/xipki/qa/shell/QaCaActions$CaCheck.class */
    public static class CaCheck extends CaActions.CaUp {
        protected Object execute0() throws Exception {
            ChangeCaEntry changeCaEntry = getChangeCaEntry();
            String name = changeCaEntry.getIdent().getName();
            println("checking CA " + name);
            CaEntry caEntry = (CaEntry) Optional.ofNullable(this.caManager.getCa(name)).orElseThrow(() -> {
                return new CmdFailure("could not find CA '" + name + "'");
            });
            if (changeCaEntry.getCaUris() != null) {
                QaCaActions.assertObjEquals("CA URIs", changeCaEntry.getCaUris(), caEntry.getCaUris());
            }
            if (changeCaEntry.getEncodedCert() != null && !QaCaActions.certEquals(changeCaEntry.getEncodedCert(), caEntry.getCert().getEncoded())) {
                throw new CmdFailure("CA cert is not as expected");
            }
            if (changeCaEntry.getEncodedCertchain() != null) {
                List encodedCertchain = changeCaEntry.getEncodedCertchain();
                List certchain = caEntry.getCertchain();
                int size = encodedCertchain == null ? 0 : encodedCertchain.size();
                int size2 = certchain == null ? 0 : certchain.size();
                if (size != size2) {
                    if (CollectionUtil.isNotEmpty(caEntry.getCertchain())) {
                        throw new CmdFailure("Length of CA certchain " + size2 + " is not as expected " + size);
                    }
                } else if (size != 0) {
                    for (int i = 0; i < size; i++) {
                        if (!QaCaActions.certEquals((byte[]) encodedCertchain.get(i), ((X509Cert) certchain.get(i)).getEncoded())) {
                            throw new CmdFailure("CA cert chain[" + i + "] is not as expected");
                        }
                    }
                }
            }
            if (changeCaEntry.getSerialNoLen() != null) {
                QaCaActions.assertObjEquals("serial number length", changeCaEntry.getSerialNoLen(), Integer.valueOf(caEntry.getSnSize()));
            }
            if (changeCaEntry.getCrlControl() != null) {
                QaCaActions.assertObjEquals("CRL control", new CrlControl(changeCaEntry.getCrlControl()), caEntry.getCrlControl());
            }
            if (changeCaEntry.getCrlSignerName() != null) {
                QaCaActions.assertEquals("CRL signer name", changeCaEntry.getCrlSignerName(), caEntry.getCrlSignerName());
            }
            if (changeCaEntry.getExpirationPeriod() != null) {
                QaCaActions.assertObjEquals("Expiration period", changeCaEntry.getExpirationPeriod(), Integer.valueOf(caEntry.getExpirationPeriod()));
            }
            if (changeCaEntry.getExtraControl() != null) {
                QaCaActions.assertObjEquals("Extra control", changeCaEntry.getExtraControl(), caEntry.getExtraControl());
            }
            if (changeCaEntry.getMaxValidity() != null) {
                QaCaActions.assertObjEquals("Max validity", changeCaEntry.getMaxValidity(), caEntry.getMaxValidity());
            }
            if (changeCaEntry.getKeepExpiredCertDays() != null) {
                QaCaActions.assertObjEquals("keepExpiredCertDays", changeCaEntry.getKeepExpiredCertDays(), Integer.valueOf(caEntry.getKeepExpiredCertDays()));
            }
            if (changeCaEntry.getNumCrls() != null) {
                QaCaActions.assertObjEquals("num CRLs", changeCaEntry.getNumCrls(), Integer.valueOf(caEntry.getNumCrls()));
            }
            if (changeCaEntry.getPermission() != null) {
                QaCaActions.assertObjEquals("permission", new Permissions(changeCaEntry.getPermission()), caEntry.getPermissions());
            }
            if (changeCaEntry.getSignerType() != null) {
                QaCaActions.assertTypeEquals("signer type", changeCaEntry.getSignerType(), caEntry.getSignerType());
            }
            if (changeCaEntry.getSignerConf() != null) {
                ConfPairs confPairs = new ConfPairs(changeCaEntry.getSignerConf());
                confPairs.removePair("keystore");
                ConfPairs confPairs2 = new ConfPairs(caEntry.getSignerConf());
                confPairs2.removePair("keystore");
                QaCaActions.assertObjEquals("signer conf", confPairs, confPairs2);
            }
            if (changeCaEntry.getStatus() != null) {
                QaCaActions.assertObjEquals("status", changeCaEntry.getStatus(), caEntry.getStatus());
            }
            if (changeCaEntry.getValidityMode() != null) {
                QaCaActions.assertObjEquals("validity mode", changeCaEntry.getValidityMode(), caEntry.getValidityMode());
            }
            println(" checked CA" + name);
            return null;
        }
    }

    @Service
    @Command(scope = "caqa", name = "careq-check", description = "check information of requestors in CA (QA)")
    /* loaded from: input_file:org/xipki/qa/shell/QaCaActions$CaReqCheck.class */
    public static class CaReqCheck extends CaActions.CaAction {

        @Option(name = "--ca", required = true, description = "CA name")
        @Completion(CaCompleters.CaNameCompleter.class)
        private String caName;

        @Option(name = "--requestor", required = true, description = "requestor name")
        @Completion(CaCompleters.RequestorNameCompleter.class)
        private String requestorName;

        @Option(name = "--permission", multiValued = true, description = "permission")
        @Completion(CaCompleters.PermissionCompleter.class)
        private Set<String> permissions;

        @Option(name = "--profile", multiValued = true, description = "profile name or 'all' for all profiles, and 'null' for no profiles")
        @Completion(CaCompleters.ProfileNameAndAllCompleter.class)
        private Set<String> profiles;

        protected Object execute0() throws Exception {
            println("checking CA requestor CA='" + this.caName + "', requestor='" + this.requestorName + "'");
            if (this.caManager.getCa(this.caName) == null) {
                throw new UnexpectedException("could not find CA '" + this.caName + "'");
            }
            Set requestorsForCa = this.caManager.getRequestorsForCa(this.caName);
            CaHasRequestorEntry caHasRequestorEntry = null;
            String lowerCase = this.requestorName.toLowerCase();
            Iterator it = requestorsForCa.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                CaHasRequestorEntry caHasRequestorEntry2 = (CaHasRequestorEntry) it.next();
                if (caHasRequestorEntry2.getRequestorIdent().getName().equals(lowerCase)) {
                    caHasRequestorEntry = caHasRequestorEntry2;
                    break;
                }
            }
            if (caHasRequestorEntry == null) {
                throw new CmdFailure("CA is not associated with requestor '" + this.requestorName + "'");
            }
            if (this.permissions != null) {
                Permissions permissions = new Permissions(this.permissions);
                if (permissions.getValue() != caHasRequestorEntry.getPermissions().getValue()) {
                    throw new CmdFailure("permissions: is '" + caHasRequestorEntry.getPermissions().getValue() + "', but expected '" + permissions.getValue() + "'");
                }
            }
            if (this.profiles != null) {
                if (this.profiles.size() == 1 && "null".equalsIgnoreCase(this.profiles.iterator().next())) {
                    this.profiles = Collections.emptySet();
                }
                if (!this.profiles.equals(caHasRequestorEntry.getProfiles())) {
                    throw new CmdFailure("profiles: is '" + caHasRequestorEntry.getProfiles() + "', but expected '" + this.profiles + "'");
                }
            }
            println(" checked CA requestor CA='" + this.caName + "', requestor='" + this.requestorName + "'");
            return null;
        }
    }

    @Service
    @Command(scope = "caqa", name = "caprofile-check", description = "check information of certificate profiles in given CA (QA)")
    /* loaded from: input_file:org/xipki/qa/shell/QaCaActions$CaprofileCheck.class */
    public static class CaprofileCheck extends CaActions.CaAction {

        @Option(name = "--ca", required = true, description = "CA name")
        @Completion(CaCompleters.CaNameCompleter.class)
        private String caName;

        @Option(name = "--profile", required = true, description = "profile name and aliases, <name>[:<\",\"-separated aliases>]")
        @Completion(CaCompleters.ProfileNameCompleter.class)
        private String profileNameAliases;

        protected Object execute0() throws Exception {
            println("checking CA profile CA='" + this.caName + "', profile='" + this.profileNameAliases + "'");
            if (this.caManager.getCa(this.caName) == null) {
                throw new CmdFailure("could not find CA '" + this.caName + "'");
            }
            CaProfileEntry decode = CaProfileEntry.decode(this.profileNameAliases);
            CaProfileEntry caProfileEntry = null;
            Iterator it = this.caManager.getCertprofilesForCa(this.caName).iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                CaProfileEntry caProfileEntry2 = (CaProfileEntry) it.next();
                if (caProfileEntry2.getProfileName().equals(decode.getProfileName())) {
                    caProfileEntry = caProfileEntry2;
                    break;
                }
            }
            if (caProfileEntry == null) {
                throw new CmdFailure("CA is not associated with profile '" + decode.getProfileName() + "'");
            }
            if (!decode.equals(caProfileEntry)) {
                throw new CmdFailure("CA-Profile unmatch, expected=" + decode + ", but received=" + caProfileEntry);
            }
            println(" checked CA profile CA='" + this.caName + "', profile='" + this.profileNameAliases + "'");
            return null;
        }
    }

    @Service
    @Command(scope = "caqa", name = "capub-check", description = "check information of publishers in given CA (QA)")
    /* loaded from: input_file:org/xipki/qa/shell/QaCaActions$CapubCheck.class */
    public static class CapubCheck extends CaActions.CaAction {

        @Option(name = "--ca", required = true, description = "CA name")
        @Completion(CaCompleters.CaNameCompleter.class)
        private String caName;

        @Option(name = "--publisher", required = true, description = "publisher name")
        @Completion(CaCompleters.PublisherNameCompleter.class)
        private String publisherName;

        protected Object execute0() throws Exception {
            println("checking CA publisher CA='" + this.caName + "', publisher='" + this.publisherName + "'");
            if (this.caManager.getCa(this.caName) == null) {
                throw new CmdFailure("could not find CA '" + this.caName + "'");
            }
            List publishersForCa = this.caManager.getPublishersForCa(this.caName);
            String lowerCase = this.publisherName.toLowerCase();
            Iterator it = publishersForCa.iterator();
            while (it.hasNext()) {
                if (((PublisherEntry) it.next()).getIdent().getName().equals(lowerCase)) {
                    println(" checked CA publisher CA='" + this.caName + "', publisher='" + this.publisherName + "'");
                    return null;
                }
            }
            throw new CmdFailure("CA is not associated with publisher '" + this.publisherName + "'");
        }
    }

    @Service
    @Command(scope = "caqa", name = "check-cert", description = "check the certificate")
    /* loaded from: input_file:org/xipki/qa/shell/QaCaActions$CheckCert.class */
    public static class CheckCert extends XiAction {

        @Option(name = "--cert", aliases = {"-c"}, required = true, description = "certificate file")
        @Completion(FileCompleter.class)
        private String certFile;

        @Option(name = "--issuer", description = "issuer name\n(required if multiple issuers are configured)")
        @Completion(QaCompleters.IssuerNameCompleter.class)
        private String issuerName;

        @Option(name = "--csr", required = true, description = "CSR file")
        @Completion(FileCompleter.class)
        private String csrFile;

        @Option(name = "--profile", aliases = {"-p"}, required = true, description = "certificate profile")
        @Completion(QaCompleters.CertprofileNameCompleter.class)
        private String profileName;

        @Option(name = "--verbose", aliases = {"-v"}, description = "show status verbosely")
        private Boolean verbose = Boolean.FALSE;

        @Reference
        private CaQaSystemManager qaSystemManager;

        protected Object execute0() throws Exception {
            Set issuerNames = this.qaSystemManager.getIssuerNames();
            if (isEmpty(issuerNames)) {
                throw new IllegalCmdParamException("no issuer is configured");
            }
            if (this.issuerName == null) {
                if (issuerNames.size() != 1) {
                    throw new IllegalCmdParamException("no issuer is specified");
                }
                this.issuerName = (String) issuerNames.iterator().next();
            }
            if (!issuerNames.contains(this.issuerName)) {
                throw new IllegalCmdParamException("issuer " + this.issuerName + " is not within the configured issuers " + issuerNames);
            }
            IssuerInfo issuer = this.qaSystemManager.getIssuer(this.issuerName);
            CertprofileQa certprofileQa = (CertprofileQa) Optional.ofNullable(this.qaSystemManager.getCertprofile(this.profileName)).orElseThrow(() -> {
                return new IllegalCmdParamException("found no certificate profile named '" + this.profileName + "'");
            });
            Extensions extensions = null;
            CertificationRequestInfo certificationRequestInfo = X509Util.parseCsr(new File(this.csrFile)).getCertificationRequestInfo();
            ASN1Set attributes = certificationRequestInfo.getAttributes();
            for (int i = 0; i < attributes.size(); i++) {
                Attribute attribute = Attribute.getInstance(attributes.getObjectAt(i));
                if (PKCSObjectIdentifiers.pkcs_9_at_extensionRequest.equals(attribute.getAttrType())) {
                    extensions = Extensions.getInstance(attribute.getAttributeValues()[0]);
                }
            }
            ValidationResult checkCert = certprofileQa.checkCert(IoUtil.read(this.certFile), issuer, certificationRequestInfo.getSubject(), certificationRequestInfo.getSubjectPublicKeyInfo(), extensions);
            StringBuilder sb = new StringBuilder();
            sb.append(this.certFile).append(" (certprofile ").append(this.profileName).append(")\n");
            sb.append("\tcertificate is ");
            sb.append(checkCert.isAllSuccessful() ? "valid" : "invalid");
            if (this.verbose.booleanValue()) {
                for (ValidationIssue validationIssue : checkCert.getValidationIssues()) {
                    sb.append("\n");
                    format(validationIssue, "    ", sb);
                }
            } else {
                for (ValidationIssue validationIssue2 : checkCert.getValidationIssues()) {
                    if (validationIssue2.isFailed()) {
                        sb.append("\n");
                        format(validationIssue2, "    ", sb);
                    }
                }
            }
            println(sb.toString());
            if (checkCert.isAllSuccessful()) {
                return null;
            }
            throw new CmdFailure("certificate is invalid");
        }

        private static void format(ValidationIssue validationIssue, String str, StringBuilder sb) {
            sb.append(str).append(validationIssue.getCode());
            sb.append(", ").append(validationIssue.getDescription());
            sb.append(", ").append(validationIssue.isFailed() ? "failed" : "successful");
            if (validationIssue.getFailureMessage() != null) {
                sb.append(", ").append(validationIssue.getFailureMessage());
            }
        }
    }

    @Service
    @Command(scope = "caqa", name = "init", description = "initialize the CA QA manager")
    /* loaded from: input_file:org/xipki/qa/shell/QaCaActions$Init.class */
    public static class Init extends XiAction {

        @Reference
        private CaQaSystemManager qaSystemManager;

        protected Object execute0() throws Exception {
            if (this.qaSystemManager.init()) {
                println("CA QA system initialized successfully");
                return null;
            }
            println("CA QA system initialization failed");
            return null;
        }
    }

    @Service
    @Command(scope = "caqa", name = "profile-check", description = "check information of profiles (QA)")
    /* loaded from: input_file:org/xipki/qa/shell/QaCaActions$ProfileCheck.class */
    public static class ProfileCheck extends ProfileActions.ProfileUp {
        protected Object execute0() throws Exception {
            println("checking profile " + this.name);
            if (this.type == null && this.conf == null && this.confFile == null) {
                System.out.println("nothing to update");
                return null;
            }
            if (this.conf == null && this.confFile != null) {
                this.conf = StringUtil.toUtf8String(IoUtil.read(this.confFile));
            }
            CertprofileEntry certprofileEntry = (CertprofileEntry) Optional.ofNullable(this.caManager.getCertprofile(this.name)).orElseThrow(() -> {
                return new CmdFailure("certificate profile named '" + this.name + "' is not configured");
            });
            QaCaActions.assertTypeEquals("type", this.type == null ? "xijson" : this.type, certprofileEntry.getType());
            QaCaActions.assertEquals("conf", this.conf, certprofileEntry.getConf());
            println(" checked profile " + this.name);
            return null;
        }
    }

    @Service
    @Command(scope = "caqa", name = "publisher-check", description = "check information of publishers (QA)")
    /* loaded from: input_file:org/xipki/qa/shell/QaCaActions$PublisherCheck.class */
    public static class PublisherCheck extends PublisherActions.PublisherUp {
        protected Object execute0() throws Exception {
            println("checking publisher " + this.name);
            PublisherEntry publisherEntry = (PublisherEntry) Optional.ofNullable(this.caManager.getPublisher(this.name)).orElseThrow(() -> {
                return new CmdFailure("publisher named '" + this.name + "' is not configured");
            });
            if (publisherEntry.getType() != null) {
                QaCaActions.assertTypeEquals("type", this.type, publisherEntry.getType());
            }
            if (publisherEntry.getConf() != null) {
                QaCaActions.assertEquals("signer conf", this.conf, publisherEntry.getConf());
            }
            println(" checked publisher " + this.name);
            return null;
        }
    }

    @Service
    @Command(scope = "caqa", name = "requestor-check", description = "check information of requestors (QA)")
    /* loaded from: input_file:org/xipki/qa/shell/QaCaActions$RequestorCheck.class */
    public static class RequestorCheck extends RequestorActions.RequestorUp {
        protected Object execute0() throws Exception {
            println("checking requestor " + this.name);
            RequestorEntry requestorEntry = (RequestorEntry) Optional.ofNullable(this.caManager.getRequestor(this.name)).orElseThrow(() -> {
                return new CmdFailure("requestor named '" + this.name + "' is not configured");
            });
            byte[] read = IoUtil.read(this.certFile);
            if (!requestorEntry.getType().equals("cert")) {
                throw new CmdFailure("IdNameTypeConf type is not " + "cert");
            }
            if (!QaCaActions.certEquals(read, Base64.decode((String) Optional.ofNullable(requestorEntry.getConf()).orElseThrow(() -> {
                return new CmdFailure("CaCert: is not configured explicitly as expected");
            })))) {
                throw new CmdFailure("CaCert: the expected one and the actual one differ");
            }
            println(" checked requestor " + this.name);
            return null;
        }
    }

    @Service
    @Command(scope = "caqa", name = "signer-check", description = "check information of signer (QA)")
    /* loaded from: input_file:org/xipki/qa/shell/QaCaActions$SignerCheck.class */
    public static class SignerCheck extends SignerActions.SignerUp {
        protected Object execute0() throws Exception {
            println("checking signer " + this.name);
            SignerEntry signerEntry = (SignerEntry) Optional.ofNullable(this.caManager.getSigner(this.name)).orElseThrow(() -> {
                return new CmdFailure("signer named '" + this.name + "' is not configured");
            });
            if ("null".equalsIgnoreCase(this.certFile)) {
                if (signerEntry.base64Cert() != null) {
                    throw new CmdFailure("CaCert: is configured but expected is none");
                }
            } else if (this.certFile != null) {
                byte[] read = IoUtil.read(this.certFile);
                if (signerEntry.base64Cert() == null) {
                    throw new CmdFailure("CaCert: is not configured explicitly as expected");
                }
                if (!QaCaActions.certEquals(read, Base64.decode(signerEntry.base64Cert()))) {
                    throw new CmdFailure("CaCert: the expected one and the actual one differ");
                }
            }
            String signerConf = getSignerConf();
            if (signerConf != null) {
                ConfPairs confPairs = new ConfPairs(signerConf);
                if (confPairs.value("algo") != null) {
                    confPairs.putPair("algo", confPairs.value("algo").toUpperCase(Locale.ROOT));
                }
                QaCaActions.assertEquals("conf", confPairs.getEncoded(), signerEntry.getConf());
            }
            println(" checked signer " + this.name);
            return null;
        }
    }

    private static void assertTypeEquals(String str, String str2, String str3) throws CmdFailure {
        String str4 = str2;
        if ("null".equals(str4)) {
            str4 = null;
        }
        if (!(str4 == null ? str3 == null : str4.equalsIgnoreCase(str3))) {
            throw new CmdFailure(str + ": is '" + str3 + "', but expected '" + str4 + "'");
        }
    }

    private static void assertEquals(String str, String str2, String str3) throws CmdFailure {
        String str4 = "null".equals(str2) ? null : str2;
        if (!Objects.equals(str4, str3)) {
            throw new CmdFailure(str + ": is '" + str3 + "', but expected '" + str4 + "'");
        }
    }

    private static void assertObjEquals(String str, Object obj, Object obj2) throws CmdFailure {
        if (!Objects.equals(obj, obj2)) {
            throw new CmdFailure(str + ": is '" + obj2 + "', but expected '" + obj + "'");
        }
    }

    private static boolean certEquals(byte[] bArr, byte[] bArr2) {
        if (bArr == null && bArr2 == null) {
            return true;
        }
        if (bArr == null || bArr2 == null) {
            return false;
        }
        try {
            return Arrays.equals(X509Util.parseCert(bArr).getEncoded(), X509Util.parseCert(bArr2).getEncoded());
        } catch (Exception e) {
            return false;
        }
    }
}
