package convex.cli.key;

import convex.cli.CLIError;
import convex.cli.mixins.KeyMixin;
import convex.core.crypto.AKeyPair;
import convex.core.crypto.PEMTools;
import convex.core.util.FileUtils;
import java.io.IOException;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import picocli.CommandLine;

@CommandLine.Command(name = "export", mixinStandardHelpOptions = false, description = {"Export a private key from the keystore. Use with caution."})
/* loaded from: input_file:convex/cli/key/KeyExport.class */
public class KeyExport extends AKeyCommand {
    private static final Logger log = LoggerFactory.getLogger(KeyExport.class);

    @CommandLine.ParentCommand
    protected Key keyParent;

    @CommandLine.Mixin
    protected KeyMixin keyMixin;

    @CommandLine.Option(names = {"-o", "--output-file"}, description = {"Output file for the private key. Use '-' for STDOUT (default)."})
    private String outputFilename;

    @CommandLine.Option(names = {"--export-password"}, description = {"Password for the exported key, if applicable"})
    private String exportPassword;

    @CommandLine.Option(names = {"--type"}, description = {"Type of file exported. Supports: pem, seed (default)."})
    private String type;

    private void ensureExportPassword() {
        if (this.exportPassword == null && cli().isInteractive()) {
            this.exportPassword = new String(cli().readPassword("Enter passphrase for exported key: "));
        }
        if (this.exportPassword == null || this.exportPassword.length() == 0) {
            if (cli().isParanoid()) {
                throw new CLIError("Strict security: attempting to export PEM with no passphrase.");
            }
            log.warn("No export passphrase '--export-password' provided: Defaulting to blank.");
            this.exportPassword = "";
        }
    }

    @Override // convex.cli.ACommand
    public void execute() {
        String hexString;
        String publicKey = this.keyMixin.getPublicKey();
        if (publicKey == null || publicKey.isEmpty()) {
            if (this.outputFilename == null) {
                cli().inform("You must provide a --key parameter");
                showUsage();
                return;
            }
            publicKey = cli().prompt("Enter public key to export: ");
        }
        AKeyPair loadKeyFromStore = this.storeMixin.loadKeyFromStore(publicKey, this.keyMixin.getKeyPassword());
        if (loadKeyFromStore == null) {
            throw new CLIError("Key pair not found for key: " + publicKey);
        }
        if (this.type == null) {
            if (cli().isParanoid()) {
                throw new CLIError("Strict security: must specifiy key export type, e.g. --type=seed");
            }
            this.type = "seed";
        }
        if ("pem".equals(this.type)) {
            ensureExportPassword();
            try {
                hexString = PEMTools.encryptPrivateKeyToPEM(loadKeyFromStore, this.exportPassword.toCharArray());
            } catch (GeneralSecurityException e) {
                throw new CLIError("Cannot encrypt PEM", e);
            }
        } else {
            if (!"seed".equals(this.type)) {
                throw new CLIError("Export type not recognised: " + this.type);
            }
            paranoia("Raw seed export forbidden in strict mode.");
            hexString = loadKeyFromStore.getSeed().toHexString();
        }
        if (this.outputFilename == null || "-".equals(this.outputFilename.trim())) {
            println(hexString);
            return;
        }
        try {
            FileUtils.writeFileAsString(Paths.get(this.outputFilename, new String[0]), hexString);
        } catch (IOException e2) {
            throw new CLIError("Failed to write output file: " + e2.getMessage());
        }
    }
}
