package org.xipki.security.shell;

import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Paths;
import java.security.Key;
import java.security.KeyStore;
import java.util.Enumeration;
import java.util.List;
import javax.crypto.SecretKey;
import org.apache.karaf.shell.api.action.Command;
import org.apache.karaf.shell.api.action.Completion;
import org.apache.karaf.shell.api.action.Option;
import org.apache.karaf.shell.api.action.lifecycle.Reference;
import org.apache.karaf.shell.api.action.lifecycle.Service;
import org.apache.karaf.shell.support.completers.FileCompleter;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.util.Arrays;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.security.ConcurrentContentSigner;
import org.xipki.security.EdECConstants;
import org.xipki.security.HashAlgo;
import org.xipki.security.SignatureAlgoControl;
import org.xipki.security.SignerConf;
import org.xipki.security.X509Cert;
import org.xipki.security.XiSecurityException;
import org.xipki.security.pkcs11.P11CryptService;
import org.xipki.security.pkcs11.P11CryptServiceFactory;
import org.xipki.security.pkcs11.P11IdentityId;
import org.xipki.security.pkcs11.P11Module;
import org.xipki.security.pkcs11.P11ObjectIdentifier;
import org.xipki.security.pkcs11.P11Slot;
import org.xipki.security.pkcs11.P11SlotIdentifier;
import org.xipki.security.pkcs11.P11TokenException;
import org.xipki.security.pkcs11.P11UnsupportedMechanismException;
import org.xipki.security.shell.Actions;
import org.xipki.security.shell.SecurityCompleters;
import org.xipki.security.util.AlgorithmUtil;
import org.xipki.security.util.X509Util;
import org.xipki.shell.CmdFailure;
import org.xipki.shell.Completers;
import org.xipki.shell.IllegalCmdParamException;
import org.xipki.util.Args;
import org.xipki.util.CollectionUtil;
import org.xipki.util.ConfPairs;
import org.xipki.util.Hex;
import org.xipki.util.IoUtil;
import org.xipki.util.StringUtil;

/* loaded from: input_file:org/xipki/security/shell/P11Actions.class */
public class P11Actions {

    @Service
    @Command(scope = "xi", name = "add-cert-p11", description = "add certificate to PKCS#11 device")
    /* loaded from: input_file:org/xipki/security/shell/P11Actions$AddCertP11.class */
    public static class AddCertP11 extends P11SecurityAction {

        @Option(name = "--id", description = "id (hex) of the PKCS#11 objects")
        private String id;

        @Option(name = "--label", description = "label of the PKCS#11 objects.")
        protected String label;

        @Option(name = "--cert", required = true, description = "certificate file")
        @Completion(FileCompleter.class)
        private String certFile;

        protected Object execute0() throws Exception {
            byte[] decode = this.id == null ? null : Hex.decode(this.id);
            X509Cert parseCert = X509Util.parseCert(new File(this.certFile));
            if (this.label == null) {
                this.label = X509Util.getCommonName(parseCert.getSubject());
            }
            println("added certificate under " + getSlot().addCert(parseCert, new P11Slot.P11NewObjectControl(decode, this.label)));
            return null;
        }
    }

    @Service
    @Command(scope = "xi", name = "csr-p11", description = "generate CSR request with PKCS#11 device")
    /* loaded from: input_file:org/xipki/security/shell/P11Actions$CsrP11.class */
    public static class CsrP11 extends Actions.CsrGenAction {

        @Option(name = "--id", description = "id (hex) of the private key in the PKCS#11 device\neither keyId or keyLabel must be specified")
        private String id;

        @Option(name = "--label", description = "label of the private key in the PKCS#11 device\neither keyId or keyLabel must be specified")
        private String label;

        @Option(name = "--slot", description = "slot index")
        private int slotIndex = 0;

        @Option(name = "--module", description = "name of the PKCS#11 module")
        @Completion(SecurityCompleters.P11ModuleNameCompleter.class)
        private String moduleName = "default";

        @Override // org.xipki.security.shell.Actions.CsrGenAction
        protected ConcurrentContentSigner getSigner(SignatureAlgoControl signatureAlgoControl) throws Exception {
            Args.notNull(signatureAlgoControl, "signatureAlgoControl");
            byte[] bArr = null;
            if (this.id != null) {
                bArr = Hex.decode(this.id);
            }
            return this.securityFactory.createSigner("PKCS11", getPkcs11SignerConf(this.moduleName, this.slotIndex, this.label, bArr, 1, HashAlgo.getNonNullInstance(this.hashAlgo), signatureAlgoControl), (X509Cert[]) null);
        }

        public static SignerConf getPkcs11SignerConf(String str, int i, String str2, byte[] bArr, int i2, HashAlgo hashAlgo, SignatureAlgoControl signatureAlgoControl) {
            Args.positive(i2, "parallelism");
            Args.notNull(hashAlgo, "hashAlgo");
            if (bArr == null && str2 == null) {
                throw new IllegalArgumentException("at least one of keyId and keyLabel may not be null");
            }
            ConfPairs confPairs = new ConfPairs();
            confPairs.putPair("parallelism", Integer.toString(i2));
            if (str != null && str.length() > 0) {
                confPairs.putPair("module", str);
            }
            confPairs.putPair("slot", Integer.toString(i));
            if (bArr != null) {
                confPairs.putPair("key-id", Hex.encode(bArr));
            }
            if (str2 != null) {
                confPairs.putPair("key-label", str2);
            }
            return new SignerConf(confPairs.getEncoded(), hashAlgo, signatureAlgoControl);
        }
    }

    @Service
    @Command(scope = "xi", name = "delete-cert-p11", description = "remove certificate from PKCS#11 device")
    /* loaded from: input_file:org/xipki/security/shell/P11Actions$DeleteCertP11.class */
    public static class DeleteCertP11 extends P11SecurityAction {

        @Option(name = "--id", required = true, description = "id (hex) of the certificate in the PKCS#11 device")
        private String id;

        @Option(name = "--force", aliases = {"-f"}, description = "without prompt")
        private Boolean force = Boolean.FALSE;

        protected Object execute0() throws Exception {
            if (!this.force.booleanValue() && !confirm("Do you want to remove PKCS#11 certificate object with id 0x" + this.id, 3)) {
                return null;
            }
            P11Slot slot = getSlot();
            P11ObjectIdentifier objectId = slot.getObjectId(Hex.decode(this.id), (String) null);
            if (objectId == null) {
                println("unkown certificates");
                return null;
            }
            slot.removeCerts(objectId);
            println("deleted certificates");
            return null;
        }
    }

    @Service
    @Command(scope = "xi", name = "delete-key-p11", description = "delete key and cert in PKCS#11 device")
    /* loaded from: input_file:org/xipki/security/shell/P11Actions$DeleteKeyP11.class */
    public static class DeleteKeyP11 extends P11SecurityAction {

        @Option(name = "--id", description = "id (hex) of the private key in the PKCS#11 device\neither keyId or keyLabel must be specified")
        protected String id;

        @Option(name = "--label", description = "label of the private key in the PKCS#11 device\neither keyId or keyLabel must be specified")
        protected String label;

        @Option(name = "--force", aliases = {"-f"}, description = "remove identifies without prompt")
        private Boolean force = Boolean.FALSE;

        protected Object execute0() throws Exception {
            P11Slot slot = getSlot();
            P11ObjectIdentifier objectIdentifier = getObjectIdentifier(this.id, this.label);
            if (objectIdentifier == null) {
                println("unkown identity");
                return null;
            }
            if (!this.force.booleanValue() && !confirm("Do you want to remove the identity " + objectIdentifier, 3)) {
                return null;
            }
            slot.removeIdentityByKeyId(objectIdentifier);
            println("deleted identity " + objectIdentifier);
            return null;
        }
    }

    @Service
    @Command(scope = "xi", name = "delete-objects-p11", description = "delete objects in PKCS#11 device")
    /* loaded from: input_file:org/xipki/security/shell/P11Actions$DeleteObjectsP11.class */
    public static class DeleteObjectsP11 extends P11SecurityAction {

        @Option(name = "--id", description = "id (hex) of the objects in the PKCS#11 device\nat least one of id and label must be specified")
        private String id;

        @Option(name = "--label", description = "label of the objects in the PKCS#11 device\nat least one of id and label must be specified")
        private String label;

        @Option(name = "--force", aliases = {"-f"}, description = "remove identifies without prompt")
        private Boolean force = Boolean.FALSE;

        protected Object execute0() throws Exception {
            if (!this.force.booleanValue() && !confirm("Do you want to remove the PKCS#11 objects (id = " + this.id + ", label = " + this.label + ")", 3)) {
                return null;
            }
            P11Slot slot = getSlot();
            byte[] bArr = null;
            if (this.id != null) {
                bArr = Hex.decode(this.id);
            }
            println("deleted " + slot.removeObjects(bArr, this.label) + " objects");
            return null;
        }
    }

    @Service
    @Command(scope = "xi", name = "dsa-p11", description = "generate DSA keypair in PKCS#11 device")
    /* loaded from: input_file:org/xipki/security/shell/P11Actions$Dsa11.class */
    public static class Dsa11 extends P11KeyGenAction {

        @Option(name = "--plen", description = "bit length of the prime")
        private Integer plen = 2048;

        @Option(name = "--qlen", description = "bit length of the sub-prime")
        private Integer qlen;

        protected Object execute0() throws Exception {
            if (this.plen.intValue() % 1024 != 0) {
                throw new IllegalCmdParamException("plen is not multiple of 1024: " + this.plen);
            }
            if (this.qlen == null) {
                if (this.plen.intValue() <= 1024) {
                    this.qlen = 160;
                } else if (this.plen.intValue() <= 2048) {
                    this.qlen = 224;
                } else {
                    this.qlen = 256;
                }
            }
            finalize("DSA", getSlot().generateDSAKeypair(this.plen.intValue(), this.qlen.intValue(), getControl()));
            return null;
        }
    }

    @Service
    @Command(scope = "xi", name = "ec-p11", description = "generate EC keypair in PKCS#11 device")
    /* loaded from: input_file:org/xipki/security/shell/P11Actions$EcP11.class */
    public static class EcP11 extends P11KeyGenAction {

        @Option(name = "--curve", description = "EC curve name")
        @Completion(Completers.ECCurveNameCompleter.class)
        private String curveName = "secp256r1";

        protected Object execute0() throws Exception {
            P11Slot slot = getSlot();
            P11Slot.P11NewKeyControl control = getControl();
            ASN1ObjectIdentifier curveOid = EdECConstants.getCurveOid(this.curveName);
            finalize("EC", curveOid != null ? EdECConstants.isEdwardsCurve(curveOid) ? slot.generateECEdwardsKeypair(curveOid, control) : slot.generateECMontgomeryKeypair(curveOid, control) : slot.generateECKeypair(AlgorithmUtil.getCurveOidForCurveNameOrOid(this.curveName), control));
            return null;
        }
    }

    @Service
    @Command(scope = "xi", name = "export-cert-p11", description = "export certificate from PKCS#11 device")
    /* loaded from: input_file:org/xipki/security/shell/P11Actions$ExportCertP11.class */
    public static class ExportCertP11 extends P11SecurityAction {

        @Option(name = "--id", description = "id (hex) of the private key in the PKCS#11 device\neither keyId or keyLabel must be specified")
        protected String id;

        @Option(name = "--label", description = "label of the private key in the PKCS#11 device\neither keyId or keyLabel must be specified")
        protected String label;

        @Option(name = "--outform", description = "output format of the certificate")
        @Completion(Completers.DerPemCompleter.class)
        protected String outform = "der";

        @Option(name = "--out", aliases = {"-o"}, required = true, description = "where to save the certificate")
        @Completion(FileCompleter.class)
        private String outFile;

        protected Object execute0() throws Exception {
            P11Slot slot = getSlot();
            P11ObjectIdentifier objectIdentifier = getObjectIdentifier(this.id, this.label);
            X509Cert exportCert = slot.exportCert(objectIdentifier);
            if (exportCert == null) {
                throw new CmdFailure("could not export certificate " + objectIdentifier);
            }
            saveVerbose("saved certificate to file", this.outFile, encodeCert(exportCert.getEncoded(), this.outform));
            return null;
        }
    }

    @Service
    @Command(scope = "xi", name = "import-secretkey-p11", description = "import secret key with given value in PKCS#11 device")
    /* loaded from: input_file:org/xipki/security/shell/P11Actions$ImportSecretkeyP11.class */
    public static class ImportSecretkeyP11 extends P11KeyGenAction {

        @Option(name = "--key-type", required = true, description = "keytype, current only AES, DES3 and GENERIC are supported")
        @Completion(SecurityCompleters.SecretKeyTypeCompleter.class)
        private String keyType;

        @Option(name = "--keystore", required = true, description = "JCEKS keystore from which the key is imported")
        @Completion(FileCompleter.class)
        private String keyOutFile;

        @Option(name = "--password", description = "password of the keystore file")
        private String password;

        protected Object execute0() throws Exception {
            long j;
            if ("AES".equalsIgnoreCase(this.keyType)) {
                j = 31;
            } else if ("DES3".equalsIgnoreCase(this.keyType)) {
                j = 21;
            } else {
                if (!"GENERIC".equalsIgnoreCase(this.keyType)) {
                    throw new IllegalCmdParamException("invalid keyType " + this.keyType);
                }
                j = 16;
            }
            KeyStore keyStore = KeyStore.getInstance("JCEKS");
            InputStream newInputStream = Files.newInputStream(Paths.get(IoUtil.expandFilepath(this.keyOutFile), new String[0]), new OpenOption[0]);
            char[] password = getPassword();
            try {
                keyStore.load(newInputStream, password);
                newInputStream.close();
                byte[] bArr = null;
                Enumeration<String> aliases = keyStore.aliases();
                while (true) {
                    if (!aliases.hasMoreElements()) {
                        break;
                    }
                    String nextElement = aliases.nextElement();
                    if (keyStore.isKeyEntry(nextElement)) {
                        Key key = keyStore.getKey(nextElement, password);
                        if (key instanceof SecretKey) {
                            bArr = ((SecretKey) key).getEncoded();
                            break;
                        }
                    }
                }
                if (bArr == null) {
                    throw new IllegalCmdParamException("keystore does not contain secret key");
                }
                println("imported " + this.keyType + " key " + getSlot().importSecretKey(j, bArr, getControl()));
                return null;
            } catch (Throwable th) {
                newInputStream.close();
                throw th;
            }
        }

        protected char[] getPassword() throws IOException {
            char[] readPasswordIfNotSet = readPasswordIfNotSet(this.password);
            if (readPasswordIfNotSet != null) {
                this.password = new String(readPasswordIfNotSet);
            }
            return readPasswordIfNotSet;
        }
    }

    /* loaded from: input_file:org/xipki/security/shell/P11Actions$P11KeyGenAction.class */
    public static abstract class P11KeyGenAction extends P11SecurityAction {

        @Option(name = "--id", description = "id (hex) of the PKCS#11 objects")
        private String id;

        @Option(name = "--label", required = true, description = "label of the PKCS#11 objects")
        protected String label;

        @Option(name = "--extractable", aliases = {"-x"}, description = "whether the key is extractable, valid values are yes|no|true|false")
        private String extractable;

        @Option(name = "--sensitive", description = "whether the key is sensitive, valid values are yes|no|true|false")
        private String sensitive;

        @Option(name = "--key-usage", multiValued = true, description = "key usage of the private key")
        @Completion(SecurityCompleters.P11KeyUsageCompleter.class)
        private List<String> keyusages;

        protected void finalize(String str, P11IdentityId p11IdentityId) throws Exception {
            Args.notNull(p11IdentityId, "identityId");
            println("generated " + str + " key \"" + p11IdentityId + "\"");
        }

        protected P11Slot.P11NewKeyControl getControl() throws IllegalCmdParamException {
            P11Slot.P11NewKeyControl p11NewKeyControl = new P11Slot.P11NewKeyControl(this.id == null ? null : Hex.decode(this.id), this.label);
            if (StringUtil.isNotBlank(this.extractable)) {
                p11NewKeyControl.setExtractable(Boolean.valueOf(isEnabled(this.extractable, false, "extractable")));
            }
            if (StringUtil.isNotBlank(this.sensitive)) {
                p11NewKeyControl.setSensitive(Boolean.valueOf(isEnabled(this.sensitive, false, "sensitive")));
            }
            if (CollectionUtil.isNotEmpty(this.keyusages)) {
                p11NewKeyControl.setUsages(SecurityCompleters.P11KeyUsageCompleter.parseUsages(this.keyusages));
            }
            return p11NewKeyControl;
        }
    }

    /* loaded from: input_file:org/xipki/security/shell/P11Actions$P11SecurityAction.class */
    public static abstract class P11SecurityAction extends Actions.SecurityAction {
        protected static final String DEFAULT_P11MODULE_NAME = "default";

        @Option(name = "--slot", description = "slot index")
        protected int slotIndex = 0;

        @Option(name = "--module", description = "name of the PKCS#11 module")
        @Completion(SecurityCompleters.P11ModuleNameCompleter.class)
        protected String moduleName = DEFAULT_P11MODULE_NAME;

        @Reference(optional = true)
        protected P11CryptServiceFactory p11CryptServiceFactory;

        protected P11Slot getSlot() throws XiSecurityException, P11TokenException, IllegalCmdParamException {
            P11Module p11Module = getP11Module(this.moduleName);
            return p11Module.getSlot(p11Module.getSlotIdForIndex(this.slotIndex));
        }

        protected P11Module getP11Module(String str) throws XiSecurityException, P11TokenException, IllegalCmdParamException {
            P11CryptService p11CryptService = this.p11CryptServiceFactory.getP11CryptService(str);
            if (p11CryptService == null) {
                throw new IllegalCmdParamException("undefined module " + str);
            }
            return p11CryptService.getModule();
        }

        public P11ObjectIdentifier getObjectIdentifier(String str, String str2) throws IllegalCmdParamException, XiSecurityException, P11TokenException {
            P11ObjectIdentifier objectId;
            P11Slot slot = getSlot();
            if (str != null && str2 == null) {
                objectId = slot.getObjectId(Hex.decode(str), (String) null);
            } else {
                if (str != null || str2 == null) {
                    throw new IllegalCmdParamException("exactly one of keyId or keyLabel should be specified");
                }
                objectId = slot.getObjectId((byte[]) null, str2);
            }
            return objectId;
        }
    }

    @Service
    @Command(scope = "xi", name = "refresh-p11", description = "refresh PKCS#11 module")
    /* loaded from: input_file:org/xipki/security/shell/P11Actions$RefreshP11.class */
    public static class RefreshP11 extends Actions.SecurityAction {

        @Option(name = "--module", description = "name of the PKCS#11 module.")
        @Completion(SecurityCompleters.P11ModuleNameCompleter.class)
        private String moduleName = "default";

        @Reference
        P11CryptServiceFactory p11CryptServiceFactory;

        protected Object execute0() throws Exception {
            P11CryptService p11CryptService = this.p11CryptServiceFactory.getP11CryptService(this.moduleName);
            if (p11CryptService == null) {
                throw new IllegalCmdParamException("undefined module " + this.moduleName);
            }
            p11CryptService.refresh();
            println("refreshed module " + this.moduleName);
            return null;
        }
    }

    @Service
    @Command(scope = "xi", name = "rsa-p11", description = "generate RSA keypair in PKCS#11 device")
    /* loaded from: input_file:org/xipki/security/shell/P11Actions$RsaP11.class */
    public static class RsaP11 extends P11KeyGenAction {

        @Option(name = "--key-size", description = "keysize in bit")
        private Integer keysize = 2048;

        @Option(name = "-e", description = "public exponent")
        private String publicExponent = "0x10001";

        protected Object execute0() throws Exception {
            if (this.keysize.intValue() % 1024 != 0) {
                throw new IllegalCmdParamException("keysize is not multiple of 1024: " + this.keysize);
            }
            finalize("RSA", getSlot().generateRSAKeypair(this.keysize.intValue(), toBigInt(this.publicExponent), getControl()));
            return null;
        }
    }

    @Service
    @Command(scope = "xi", name = "secretkey-p11", description = "generate secret key in PKCS#11 device")
    /* loaded from: input_file:org/xipki/security/shell/P11Actions$SecretkeyP11.class */
    public static class SecretkeyP11 extends P11KeyGenAction {
        private static final Logger LOG = LoggerFactory.getLogger(SecretkeyP11.class);

        @Option(name = "--key-type", required = true, description = "keytype, current only AES, DES3 and GENERIC are supported")
        @Completion(SecurityCompleters.SecretKeyTypeCompleter.class)
        private String keyType;

        @Option(name = "--key-size", required = true, description = "keysize in bit")
        private Integer keysize;

        @Option(name = "--extern-if-gen-unsupported", description = "If set, if the generation mechanism is not supported by the PKCS#11 device, create in memory and then import it to the device")
        private Boolean createExternIfGenUnsupported = Boolean.FALSE;

        protected Object execute0() throws Exception {
            long j;
            if (this.keysize.intValue() % 8 != 0) {
                throw new IllegalCmdParamException("keysize is not multiple of 8: " + this.keysize);
            }
            if ("AES".equalsIgnoreCase(this.keyType)) {
                j = 31;
            } else if ("DES3".equalsIgnoreCase(this.keyType)) {
                j = 21;
            } else {
                if (!"GENERIC".equalsIgnoreCase(this.keyType)) {
                    throw new IllegalCmdParamException("invalid keyType " + this.keyType);
                }
                j = 16;
            }
            P11Slot slot = getSlot();
            P11Slot.P11NewKeyControl control = getControl();
            try {
                finalize(this.keyType, slot.generateSecretKey(j, this.keysize.intValue(), control));
                return null;
            } catch (P11UnsupportedMechanismException e) {
                if (!this.createExternIfGenUnsupported.booleanValue()) {
                    throw e;
                }
                String str = "could not generate secret key ";
                if (control.getId() != null) {
                    str = str + "id=" + Hex.encode(control.getId());
                    if (control.getLabel() != null) {
                        str = str + " and ";
                    }
                }
                if (control.getLabel() != null) {
                    str = str + "label=" + control.getLabel();
                }
                if (LOG.isInfoEnabled()) {
                    LOG.info(str + e.getMessage());
                }
                if (LOG.isDebugEnabled()) {
                    LOG.debug(str, e);
                }
                byte[] bArr = new byte[this.keysize.intValue() / 8];
                this.securityFactory.getRandom4Key().nextBytes(bArr);
                P11ObjectIdentifier importSecretKey = slot.importSecretKey(j, bArr, control);
                Arrays.fill(bArr, (byte) 0);
                println("generated in memory and imported " + this.keyType + " key " + importSecretKey);
                return null;
            }
        }
    }

    @Service
    @Command(scope = "xi", name = "sm2-p11", description = "generate SM2 (curve sm2p256v1) keypair in PKCS#11 device")
    /* loaded from: input_file:org/xipki/security/shell/P11Actions$Sm2P11.class */
    public static class Sm2P11 extends P11KeyGenAction {
        protected Object execute0() throws Exception {
            finalize("SM2", getSlot().generateSM2Keypair(getControl()));
            return null;
        }
    }

    @Service
    @Command(scope = "xi", name = "token-info-p11", description = "list objects in PKCS#11 device")
    /* loaded from: input_file:org/xipki/security/shell/P11Actions$TokenInfoP11.class */
    public static class TokenInfoP11 extends Actions.SecurityAction {

        @Option(name = "--verbose", aliases = {"-v"}, description = "show object information verbosely")
        private Boolean verbose = Boolean.FALSE;

        @Option(name = "--module", description = "name of the PKCS#11 module.")
        @Completion(SecurityCompleters.P11ModuleNameCompleter.class)
        private String moduleName = "default";

        @Option(name = "--slot", description = "slot index")
        private Integer slotIndex;

        @Reference(optional = true)
        protected P11CryptServiceFactory p11CryptServiceFactory;

        protected Object execute0() throws Exception {
            P11CryptService p11CryptService = this.p11CryptServiceFactory.getP11CryptService(this.moduleName);
            if (p11CryptService == null) {
                throw new IllegalCmdParamException("undefined module " + this.moduleName);
            }
            P11Module module = p11CryptService.getModule();
            println("module: " + this.moduleName);
            println(module.getDescription());
            List<P11SlotIdentifier> slotIds = module.getSlotIds();
            if (this.slotIndex == null) {
                output(slotIds);
                return null;
            }
            P11Slot slot = module.getSlot(module.getSlotIdForIndex(this.slotIndex.intValue()));
            println("Details of slot");
            slot.showDetails(System.out, this.verbose.booleanValue());
            System.out.println();
            System.out.flush();
            return null;
        }

        private void output(List<P11SlotIdentifier> list) {
            int size = list.size();
            if (size == 0 || size == 1) {
                println((size == 0 ? "no" : "1") + " slot is configured");
            } else {
                println(size + " slots are configured");
            }
            for (P11SlotIdentifier p11SlotIdentifier : list) {
                println("\tslot[" + p11SlotIdentifier.getIndex() + "]: " + p11SlotIdentifier.getId());
            }
        }
    }

    @Service
    @Command(scope = "xi", name = "update-cert-p11", description = "update certificate in PKCS#11 device")
    /* loaded from: input_file:org/xipki/security/shell/P11Actions$UpdateCertP11.class */
    public static class UpdateCertP11 extends P11SecurityAction {

        @Option(name = "--id", description = "id (hex) of the private key in the PKCS#11 device\neither keyId or keyLabel must be specified")
        protected String id;

        @Option(name = "--label", description = "label of the private key in the PKCS#11 device\neither keyId or keyLabel must be specified")
        protected String label;

        @Option(name = "--cert", required = true, description = "certificate file")
        @Completion(FileCompleter.class)
        private String certFile;

        protected Object execute0() throws Exception {
            getSlot().updateCertificate(getObjectIdentifier(this.id, this.label), X509Util.parseCert(new File(this.certFile)));
            println("updated certificate");
            return null;
        }
    }
}
