package org.xipki.scep.client.shell;

import java.io.File;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import org.apache.karaf.shell.api.action.Command;
import org.apache.karaf.shell.api.action.Completion;
import org.apache.karaf.shell.api.action.Option;
import org.apache.karaf.shell.api.action.lifecycle.Service;
import org.apache.karaf.shell.support.completers.FileCompleter;
import org.apache.karaf.shell.support.completers.StringsCompleter;
import org.bouncycastle.asn1.pkcs.CertificationRequest;
import org.xipki.scep.client.EnrolmentResponse;
import org.xipki.scep.client.ScepClient;
import org.xipki.security.util.X509Util;
import org.xipki.shell.CmdFailure;
import org.xipki.shell.completer.DerPemCompleter;
import org.xipki.util.StringUtil;

@Service
@Command(scope = "xi", name = "scep-enroll", description = "enroll certificate")
/* loaded from: input_file:org/xipki/scep/client/shell/EnrollCertAction.class */
public class EnrollCertAction extends ClientAction {

    @Option(name = "--csr", required = true, description = "CSR file")
    @Completion(FileCompleter.class)
    private String csrFile;

    @Option(name = "--outform", description = "output format of the certificate")
    @Completion(DerPemCompleter.class)
    protected String outform = "der";

    @Option(name = "--out", aliases = {"-o"}, required = true, description = "where to save the certificate")
    @Completion(FileCompleter.class)
    private String outputFile;

    @Option(name = "--method", description = "method to enroll the certificate.")
    @Completion(value = StringsCompleter.class, values = {"pkcs", "renewal", "update"})
    private String method;

    protected Object execute0() throws Exception {
        EnrolmentResponse scepUpdateReq;
        ScepClient scepClient = getScepClient();
        CertificationRequest parseCsr = X509Util.parseCsr(new File(this.csrFile));
        PrivateKey identityKey = getIdentityKey();
        X509Certificate identityCert = getIdentityCert();
        if (StringUtil.isBlank(this.method)) {
            scepUpdateReq = scepClient.scepEnrol(parseCsr, identityKey, identityCert);
        } else if ("pkcs".equalsIgnoreCase(this.method)) {
            scepUpdateReq = scepClient.scepPkcsReq(parseCsr, identityKey, identityCert);
        } else if ("renewal".equalsIgnoreCase(this.method)) {
            scepUpdateReq = scepClient.scepRenewalReq(parseCsr, identityKey, identityCert);
        } else {
            if (!"update".equalsIgnoreCase(this.method)) {
                throw new CmdFailure("invalid enroll method");
            }
            scepUpdateReq = scepClient.scepUpdateReq(parseCsr, identityKey, identityCert);
        }
        if (scepUpdateReq.isFailure()) {
            throw new CmdFailure("server returned 'failure'");
        }
        if (scepUpdateReq.isPending()) {
            throw new CmdFailure("server returned 'pending'");
        }
        saveVerbose("saved enrolled certificate to file", new File(this.outputFile), derPemEncodeCert(((X509Certificate) scepUpdateReq.getCertificates().get(0)).getEncoded(), this.outform));
        return null;
    }
}
