package org.xipki.scep.client.shell;

import java.io.File;
import java.math.BigInteger;
import java.security.cert.X509Certificate;
import java.util.List;
import org.apache.karaf.shell.api.action.Command;
import org.apache.karaf.shell.api.action.Completion;
import org.apache.karaf.shell.api.action.Option;
import org.apache.karaf.shell.api.action.lifecycle.Service;
import org.apache.karaf.shell.support.completers.FileCompleter;
import org.bouncycastle.asn1.x500.X500Name;
import org.xipki.scep.client.ScepClient;
import org.xipki.shell.CmdFailure;
import org.xipki.shell.completer.DerPemCompleter;

@Service
@Command(scope = "xi", name = "scep-getcert", description = "download certificate")
/* loaded from: input_file:org/xipki/scep/client/shell/GetCertAction.class */
public class GetCertAction extends ClientAction {

    @Option(name = "--serial", aliases = {"-s"}, required = true, description = "serial number")
    private String serialNumber;

    @Option(name = "--outform", description = "output format of the certificate")
    @Completion(DerPemCompleter.class)
    protected String outform = "der";

    @Option(name = "--out", aliases = {"-o"}, required = true, description = "where to save the certificate")
    @Completion(FileCompleter.class)
    private String outputFile;

    protected Object execute0() throws Exception {
        ScepClient scepClient = getScepClient();
        BigInteger bigInt = toBigInt(this.serialNumber);
        List scepGetCert = scepClient.scepGetCert(getIdentityKey(), getIdentityCert(), X500Name.getInstance(scepClient.getAuthorityCertStore().getCaCert().getSubjectX500Principal().getEncoded()), bigInt);
        if (scepGetCert == null || scepGetCert.isEmpty()) {
            throw new CmdFailure("received no certficate from server");
        }
        saveVerbose("saved certificate to file", new File(this.outputFile), derPemEncodeCert(((X509Certificate) scepGetCert.get(0)).getEncoded(), this.outform));
        return null;
    }
}
