package org.wildfly.security.tool;

import java.io.Closeable;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.InvalidParameterException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.crypto.SecretKey;
import org.apache.commons.cli.CommandLine;
import org.apache.commons.cli.CommandLineParser;
import org.apache.commons.cli.DefaultParser;
import org.apache.commons.cli.HelpFormatter;
import org.apache.commons.cli.Option;
import org.apache.commons.cli.OptionGroup;
import org.apache.commons.cli.Options;
import org.apache.sshd.client.config.keys.ClientIdentity;
import org.apache.sshd.common.config.keys.FilePasswordProvider;
import org.apache.sshd.common.config.keys.PublicKeyEntry;
import org.wildfly.common.iteration.CodePointIterator;
import org.wildfly.security.auth.server.IdentityCredentials;
import org.wildfly.security.auth.util.ElytronFilePasswordProvider;
import org.wildfly.security.credential.Credential;
import org.wildfly.security.credential.KeyPairCredential;
import org.wildfly.security.credential.PasswordCredential;
import org.wildfly.security.credential.SecretKeyCredential;
import org.wildfly.security.credential.store.CredentialStore;
import org.wildfly.security.credential.store.impl.KeyStoreCredentialStore;
import org.wildfly.security.credential.store.impl.PropertiesCredentialStore;
import org.wildfly.security.encryption.CipherUtil;
import org.wildfly.security.encryption.SecretKeyUtil;
import org.wildfly.security.password.interfaces.ClearPassword;
import org.wildfly.security.pem.Pem;

/* loaded from: input_file:org/wildfly/security/tool/CredentialStoreCommand.class */
class CredentialStoreCommand extends Command {
    public static final String RSA_ALGORITHM = "RSA";
    public static final String DSA_ALGORITHM = "DSA";
    public static final String EC_ALGORITHM = "EC";
    public static final String CREDENTIAL_STORE_COMMAND = "credential-store";
    public static final String STORE_LOCATION_PARAM = "location";
    public static final String IMPLEMENTATION_PROPERTIES_PARAM = "properties";
    public static final String CREDENTIAL_STORE_PASSWORD_PARAM = "password";
    public static final String CREDENTIAL_STORE_TYPE_PARAM = "type";
    public static final String SALT_PARAM = "salt";
    public static final String ITERATION_PARAM = "iteration";
    public static final String PASSWORD_CREDENTIAL_VALUE_PARAM = "secret";
    public static final String ADD_ALIAS_PARAM = "add";
    public static final String ALIAS_ARGUMENT = "alias";
    public static final String CHECK_ALIAS_PARAM = "exists";
    public static final String ALIASES_PARAM = "aliases";
    public static final String REMOVE_ALIAS_PARAM = "remove";
    public static final String CREATE_CREDENTIAL_STORE_PARAM = "create";
    public static final String HELP_PARAM = "help";
    public static final String PRINT_SUMMARY_PARAM = "summary";
    public static final String ENTRY_TYPE_PARAM = "entry-type";
    public static final String OTHER_PROVIDERS_PARAM = "other-providers";
    public static final String DEBUG_PARAM = "debug";
    public static final String CUSTOM_CREDENTIAL_STORE_PROVIDER_PARAM = "credential-store-provider";
    public static final String SIZE_PARAM = "size";
    public static final String GENERATE_KEY_PAIR_PARAM = "generate-key-pair";
    public static final String ALGORITHM_PARAM = "algorithm";
    public static final String EXPORT_KEY_PAIR_PUBLIC_KEY_PARAM = "export-key-pair-public-key";
    public static final String IMPORT_KEY_PAIR_PARAM = "import-key-pair";
    public static final String PRIVATE_KEY_LOCATION_PARAM = "private-key-location";
    public static final String PUBLIC_KEY_LOCATION_PARAM = "public-key-location";
    public static final String PRIVATE_KEY_STRING_PARAM = "private-key-string";
    public static final String PUBLIC_KEY_STRING_PARAM = "public-key-string";
    public static final String KEY_PASSPHRASE_PARAM = "key-passphrase";
    public static final String GENERATE_SECRET_KEY = "generate-secret-key";
    public static final String EXPORT_SECRET_KEY = "export-secret-key";
    public static final String IMPORT_SECRET_KEY = "import-secret-key";
    public static final String KEY_PARAM = "key";
    public static final String ENCRYPT = "encrypt";
    public static final String CLEAR_TEXT = "clear-text";
    public static int ACTION_NOT_DEFINED = 5;
    public static int ALIAS_NOT_FOUND = 6;
    public static int GENERAL_CONFIGURATION_ERROR = 7;
    private static final List<String> filebasedKeystoreTypes = Collections.unmodifiableList(Arrays.asList("JKS", "JCEKS", "PKCS12"));
    private CommandLineParser parser = new DefaultParser();
    private CommandLine cmdLine = null;
    private final Options options = new Options();

    /* JADX INFO: Access modifiers changed from: package-private */
    public CredentialStoreCommand() {
        Option option = new Option("l", "location", true, ElytronToolMessages.msg.cmdLineStoreLocationDesc());
        option.setArgName("loc");
        option.setOptionalArg(false);
        this.options.addOption(option);
        this.options.addOption(new Option("u", IMPLEMENTATION_PROPERTIES_PARAM, true, ElytronToolMessages.msg.cmdLineImplementationPropertiesDesc()));
        Option option2 = new Option("p", CREDENTIAL_STORE_PASSWORD_PARAM, true, ElytronToolMessages.msg.cmdLineCredentialStorePassword());
        option2.setArgName("pwd");
        this.options.addOption(option2);
        this.options.addOption("s", "salt", true, ElytronToolMessages.msg.cmdLineSaltDesc());
        this.options.addOption("i", "iteration", true, ElytronToolMessages.msg.cmdLineIterationCountDesc());
        Option option3 = new Option("x", PASSWORD_CREDENTIAL_VALUE_PARAM, true, ElytronToolMessages.msg.cmdLinePasswordCredentialValueDesc());
        option3.setArgName("secret to store");
        option3.setOptionalArg(true);
        this.options.addOption(option3);
        Option option4 = new Option("n", ENTRY_TYPE_PARAM, true, ElytronToolMessages.msg.cmdLineEntryTypeDesc());
        option4.setArgName(CREDENTIAL_STORE_TYPE_PARAM);
        option4.setOptionalArg(true);
        this.options.addOption(option4);
        Option option5 = new Option("o", OTHER_PROVIDERS_PARAM, true, ElytronToolMessages.msg.cmdLineOtherProvidersDesc());
        option5.setArgName("providers");
        option5.setOptionalArg(true);
        this.options.addOption(option5);
        Option option6 = new Option("q", CUSTOM_CREDENTIAL_STORE_PROVIDER_PARAM, true, ElytronToolMessages.msg.cmdLineCustomCredentialStoreProviderDesc());
        option6.setArgName("cs-provider");
        option6.setOptionalArg(true);
        this.options.addOption(option6);
        this.options.addOption("c", CREATE_CREDENTIAL_STORE_PARAM, false, ElytronToolMessages.msg.cmdLineCreateCredentialStoreDesc());
        Option option7 = new Option("t", CREDENTIAL_STORE_TYPE_PARAM, true, ElytronToolMessages.msg.cmdLineCredentialStoreTypeDesc());
        option7.setArgName(CREDENTIAL_STORE_TYPE_PARAM);
        this.options.addOption(option7);
        this.options.addOption("f", "summary", false, ElytronToolMessages.msg.cmdLinePrintSummary());
        this.options.addOption("j", SIZE_PARAM, true, ElytronToolMessages.msg.cmdLineKeySizeDesc());
        this.options.addOption("k", ALGORITHM_PARAM, true, ElytronToolMessages.msg.cmdLineKeyAlgorithmDesc());
        this.options.addOption("kp", KEY_PASSPHRASE_PARAM, true, ElytronToolMessages.msg.cmdLineKeyPassphraseDesc());
        OptionGroup optionGroup = new OptionGroup();
        Option option8 = new Option("pvk", PRIVATE_KEY_STRING_PARAM, true, ElytronToolMessages.msg.cmdLinePrivateKeyStringDesc());
        Option option9 = new Option("pvl", PRIVATE_KEY_LOCATION_PARAM, true, ElytronToolMessages.msg.cmdLinePrivateKeyLocationDesc());
        optionGroup.addOption(option8);
        optionGroup.addOption(option9);
        this.options.addOptionGroup(optionGroup);
        OptionGroup optionGroup2 = new OptionGroup();
        Option option10 = new Option("pbk", PUBLIC_KEY_STRING_PARAM, true, ElytronToolMessages.msg.cmdLinePublicKeyStringDesc());
        Option option11 = new Option("pbl", PUBLIC_KEY_LOCATION_PARAM, true, ElytronToolMessages.msg.cmdLinePublicKeyLocationDesc());
        optionGroup2.addOption(option10);
        optionGroup2.addOption(option11);
        this.options.addOptionGroup(optionGroup2);
        this.options.addOption(Option.builder().longOpt(SIZE_PARAM).hasArg().argName(SIZE_PARAM).desc(ElytronToolMessages.msg.keySize()).build());
        this.options.addOption(Option.builder().longOpt(KEY_PARAM).hasArg().argName(KEY_PARAM).desc(ElytronToolMessages.msg.key()).build());
        this.options.addOption(Option.builder().longOpt(CLEAR_TEXT).hasArg().argName("clear text").desc(ElytronToolMessages.msg.clearText()).build());
        OptionGroup optionGroup3 = new OptionGroup();
        Option option12 = new Option("a", ADD_ALIAS_PARAM, true, ElytronToolMessages.msg.cmdLineAddAliasDesc());
        option12.setArgName("alias");
        Option option13 = new Option("e", CHECK_ALIAS_PARAM, true, ElytronToolMessages.msg.cmdLineCheckAliasDesc());
        option13.setArgName("alias");
        Option option14 = new Option("r", REMOVE_ALIAS_PARAM, true, ElytronToolMessages.msg.cmdLineRemoveAliasDesc());
        option14.setArgName("alias");
        Option option15 = new Option("v", ALIASES_PARAM, false, ElytronToolMessages.msg.cmdLineAliasesDesc());
        Option option16 = new Option("g", GENERATE_KEY_PAIR_PARAM, true, ElytronToolMessages.msg.cmdLineGenerateKeyPairDesc());
        option16.setOptionalArg(false);
        option16.setArgName("alias");
        Option option17 = new Option("xp", EXPORT_KEY_PAIR_PUBLIC_KEY_PARAM, true, ElytronToolMessages.msg.cmdLineExportPublicKeyDesc());
        option17.setOptionalArg(false);
        option17.setArgName("alias");
        Option option18 = new Option("ikp", IMPORT_KEY_PAIR_PARAM, true, ElytronToolMessages.msg.cmdLineImportKeyPairDesc());
        option18.setOptionalArg(false);
        option18.setArgName("alias");
        optionGroup3.addOption(option12);
        optionGroup3.addOption(option13);
        optionGroup3.addOption(option14);
        optionGroup3.addOption(option15);
        optionGroup3.addOption(option16);
        optionGroup3.addOption(option17);
        optionGroup3.addOption(option18);
        optionGroup3.addOption(Option.builder().longOpt(GENERATE_SECRET_KEY).hasArg().argName("alias").desc(ElytronToolMessages.msg.generateSecretKey()).build());
        optionGroup3.addOption(Option.builder().longOpt(EXPORT_SECRET_KEY).hasArg().argName("alias").desc(ElytronToolMessages.msg.exportSecretKey()).build());
        optionGroup3.addOption(Option.builder().longOpt(IMPORT_SECRET_KEY).hasArg().argName("alias").desc(ElytronToolMessages.msg.importSecretKey()).build());
        optionGroup3.addOption(Option.builder().longOpt(ENCRYPT).hasArg().argName("alias").desc(ElytronToolMessages.msg.encrypt()).build());
        Option option19 = new Option("h", "help", false, ElytronToolMessages.msg.cmdLineHelp());
        Option option20 = new Option("d", "debug", false, ElytronToolMessages.msg.cmdLineDebug());
        this.options.addOptionGroup(optionGroup3);
        this.options.addOption(option19);
        this.options.addOption(option20);
    }

    private static void readAttributesForView(Path path, String str, String str2, Map<String, Object> map) {
        try {
            Map<String, Object> readAttributes = Files.readAttributes(path, str2, new LinkOption[0]);
            if (readAttributes != null) {
                for (Map.Entry<String, Object> entry : readAttributes.entrySet()) {
                    map.put(str + entry.getKey(), entry.getValue());
                }
            }
        } catch (Exception e) {
        }
    }

    public static Map<String, Object> readAttributesForPreservation(Path path) throws IOException {
        HashMap hashMap = new HashMap();
        if (Files.exists(path, new LinkOption[0])) {
            Set<String> supportedFileAttributeViews = path.getFileSystem().supportedFileAttributeViews();
            if (supportedFileAttributeViews.contains("posix")) {
                readAttributesForView(path, "posix:", "posix:permissions", hashMap);
            }
            if (supportedFileAttributeViews.contains("dos")) {
                readAttributesForView(path, "dos:", "dos:readonly,hidden,archive,system", hashMap);
            }
            if (supportedFileAttributeViews.contains("acl")) {
                readAttributesForView(path, "acl:", "acl:acl", hashMap);
            }
        }
        return hashMap;
    }

    public static void setAttributesForPreservation(Path path, Map<String, Object> map) throws IOException {
        if (map == null || !Files.exists(path, new LinkOption[0])) {
            return;
        }
        for (Map.Entry<String, Object> entry : map.entrySet()) {
            Files.setAttribute(path, entry.getKey(), entry.getValue(), new LinkOption[0]);
        }
    }

    @Override // org.wildfly.security.tool.Command
    public void execute(String[] strArr) throws Exception {
        CredentialStore credentialStore;
        setStatus(GENERAL_CONFIGURATION_ERROR);
        this.cmdLine = this.parser.parse(this.options, strArr, false);
        setEnableDebug(this.cmdLine.hasOption("debug"));
        if (this.cmdLine.hasOption("help")) {
            help();
            setStatus(ElytronTool.ElytronToolExitStatus_OK);
            return;
        }
        printDuplicatesWarning(this.cmdLine);
        String optionValue = this.cmdLine.getOptionValue("location");
        if ((this.cmdLine.hasOption(ALIASES_PARAM) || this.cmdLine.hasOption(CHECK_ALIAS_PARAM)) && optionValue != null && !Files.exists(Paths.get(optionValue, new String[0]), new LinkOption[0])) {
            setStatus(GENERAL_CONFIGURATION_ERROR);
            throw ElytronToolMessages.msg.storageFileDoesNotExist(optionValue);
        }
        String optionValue2 = this.cmdLine.getOptionValue(CREDENTIAL_STORE_PASSWORD_PARAM);
        String str = optionValue2 == null ? ClientIdentity.ID_FILE_SUFFIX : optionValue2;
        String optionValue3 = this.cmdLine.getOptionValue("salt");
        String optionValue4 = this.cmdLine.getOptionValue(CREDENTIAL_STORE_TYPE_PARAM, KeyStoreCredentialStore.KEY_STORE_CREDENTIAL_STORE);
        int argumentAsInt = getArgumentAsInt(this.cmdLine.getOptionValue("iteration"));
        String optionValue5 = this.cmdLine.getOptionValue(ENTRY_TYPE_PARAM);
        String optionValue6 = this.cmdLine.getOptionValue(OTHER_PROVIDERS_PARAM);
        String optionValue7 = this.cmdLine.getOptionValue(CUSTOM_CREDENTIAL_STORE_PROVIDER_PARAM);
        boolean hasOption = this.cmdLine.hasOption(CREATE_CREDENTIAL_STORE_PARAM);
        if (hasOption && this.cmdLine.getArgs().length > 0) {
            setStatus(GENERAL_CONFIGURATION_ERROR);
            throw ElytronToolMessages.msg.noArgumentOption(CREATE_CREDENTIAL_STORE_PARAM);
        }
        boolean hasOption2 = this.cmdLine.hasOption("summary");
        String optionValue8 = this.cmdLine.getOptionValue(PASSWORD_CREDENTIAL_VALUE_PARAM);
        String optionValue9 = this.cmdLine.getOptionValue(KEY_PARAM);
        int argumentAsInt2 = getArgumentAsInt(this.cmdLine.getOptionValue(SIZE_PARAM), 256);
        Map<String, String> parseCredentialStoreProperties = parseCredentialStoreProperties(this.cmdLine.getOptionValue(IMPLEMENTATION_PROPERTIES_PARAM));
        if (optionValue7 != null) {
            credentialStore = CredentialStore.getInstance(optionValue4, optionValue7, getProvidersSupplier(optionValue7));
        } else {
            try {
                credentialStore = CredentialStore.getInstance(optionValue4);
            } catch (NoSuchAlgorithmException e) {
                credentialStore = CredentialStore.getInstance(optionValue4, getProvidersSupplier(null));
            }
        }
        parseCredentialStoreProperties.put("location", optionValue);
        parseCredentialStoreProperties.putIfAbsent("modifiable", Boolean.TRUE.toString());
        parseCredentialStoreProperties.putIfAbsent(CREATE_CREDENTIAL_STORE_PARAM, Boolean.valueOf(hasOption).toString());
        if (optionValue4.equals(KeyStoreCredentialStore.KEY_STORE_CREDENTIAL_STORE)) {
            parseCredentialStoreProperties.putIfAbsent("keyStoreType", "JCEKS");
        }
        String str2 = parseCredentialStoreProperties.get("keyStoreType");
        if (optionValue == null && str2 != null && filebasedKeystoreTypes.contains(str2.toUpperCase(Locale.ENGLISH))) {
            throw ElytronToolMessages.msg.filebasedKeystoreLocationMissing(str2);
        }
        CredentialStore.CredentialSourceProtectionParameter credentialSourceProtectionParameter = null;
        if (optionValue2 == null && !PropertiesCredentialStore.NAME.equals(optionValue4)) {
            optionValue2 = prompt(false, ElytronToolMessages.msg.credentialStorePasswordPrompt(), hasOption, ElytronToolMessages.msg.credentialStorePasswordPromptConfirm());
            if (optionValue2 == null) {
                setStatus(GENERAL_CONFIGURATION_ERROR);
                throw ElytronToolMessages.msg.optionNotSpecified(CREDENTIAL_STORE_PASSWORD_PARAM);
            }
        }
        if (optionValue2 != null) {
            credentialSourceProtectionParameter = new CredentialStore.CredentialSourceProtectionParameter(IdentityCredentials.NONE.withCredential(new PasswordCredential(ClearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR, optionValue2.startsWith("MASK-") ? MaskCommand.decryptMasked(optionValue2) : optionValue2.toCharArray()))));
        }
        credentialStore.initialize(parseCredentialStoreProperties, credentialSourceProtectionParameter, getProvidersSupplier(optionValue6).get());
        if (optionValue2 != null && !optionValue2.startsWith("MASK-") && optionValue3 != null && argumentAsInt > -1) {
            str = MaskCommand.computeMasked(optionValue2, optionValue3, argumentAsInt);
        }
        String str3 = null;
        if (this.cmdLine.hasOption(ADD_ALIAS_PARAM)) {
            addAlias(optionValue8, credentialStore, optionValue5, optionValue);
        } else if (this.cmdLine.hasOption(REMOVE_ALIAS_PARAM)) {
            removeAlias(credentialStore, optionValue5, optionValue4);
        } else if (this.cmdLine.hasOption(CHECK_ALIAS_PARAM)) {
            checkAlias(credentialStore, optionValue5, optionValue4);
        } else if (this.cmdLine.hasOption(ALIASES_PARAM)) {
            aliases(credentialStore);
        } else if (this.cmdLine.hasOption(GENERATE_KEY_PAIR_PARAM)) {
            generateKeyPair(credentialStore);
        } else if (this.cmdLine.hasOption(EXPORT_KEY_PAIR_PUBLIC_KEY_PARAM)) {
            exportKeyPairPublicKey(credentialStore, optionValue5);
        } else if (this.cmdLine.hasOption(IMPORT_KEY_PAIR_PARAM)) {
            importKeyPair(credentialStore);
        } else if (this.cmdLine.hasOption(GENERATE_SECRET_KEY)) {
            generateSecretKey(credentialStore, optionValue5, argumentAsInt2);
        } else if (this.cmdLine.hasOption(EXPORT_SECRET_KEY)) {
            exportSecretKey(credentialStore);
        } else if (this.cmdLine.hasOption(IMPORT_SECRET_KEY)) {
            importSecretKey(credentialStore, optionValue5, optionValue9);
        } else if (this.cmdLine.hasOption(ENCRYPT)) {
            str3 = encrypt(credentialStore);
        } else {
            if (!this.cmdLine.hasOption(CREATE_CREDENTIAL_STORE_PARAM)) {
                setStatus(ACTION_NOT_DEFINED);
                throw ElytronToolMessages.msg.actionToPerformNotDefined();
            }
            createCredentialStore(credentialStore);
        }
        if (hasOption2) {
            StringBuilder sb = new StringBuilder();
            if (this.cmdLine.hasOption(ADD_ALIAS_PARAM)) {
                if (parseCredentialStoreProperties.get(CREATE_CREDENTIAL_STORE_PARAM) != null && parseCredentialStoreProperties.get(CREATE_CREDENTIAL_STORE_PARAM).equals("true")) {
                    getCreateDefaultSummary(parseCredentialStoreProperties, sb, str);
                    sb.append("\n");
                }
                sb.append("/subsystem=elytron/credential-store=test:add-alias(alias=");
                sb.append(this.cmdLine.getOptionValue(ADD_ALIAS_PARAM));
                if (optionValue5 != null) {
                    sb.append(",entry-type=\"").append(optionValue5).append("\"");
                }
                sb.append(",secret-value=\"");
                sb.append(optionValue8);
                sb.append("\")");
            } else if (this.cmdLine.hasOption(REMOVE_ALIAS_PARAM)) {
                sb.append("/subsystem=elytron/credential-store=test:remove-alias(alias=");
                sb.append(this.cmdLine.getOptionValue(REMOVE_ALIAS_PARAM));
                sb.append(")");
            } else if (this.cmdLine.hasOption(ALIASES_PARAM) || this.cmdLine.hasOption(CHECK_ALIAS_PARAM)) {
                sb.append("/subsystem=elytron/credential-store=test:read-aliases()");
            } else if (this.cmdLine.hasOption(ENCRYPT)) {
                getUseExpressionExample(sb, str3);
            } else if (this.cmdLine.hasOption(CREATE_CREDENTIAL_STORE_PARAM)) {
                if (PropertiesCredentialStore.NAME.equals(optionValue4)) {
                    getCreatePropertiesCredentialStoreSummary(sb, optionValue);
                } else {
                    getCreateDefaultSummary(parseCredentialStoreProperties, sb, str);
                }
            }
            System.out.println(ElytronToolMessages.msg.commandSummary(sb.toString()));
        }
    }

    private void addAlias(String str, CredentialStore credentialStore, String str2, String str3) throws Exception {
        String optionValue = this.cmdLine.getOptionValue(ADD_ALIAS_PARAM);
        if (optionValue.length() == 0) {
            setStatus(GENERAL_CONFIGURATION_ERROR);
            throw ElytronToolMessages.msg.optionNotSpecified(ADD_ALIAS_PARAM);
        }
        if (str == null) {
            str = prompt(false, ElytronToolMessages.msg.secretToStorePrompt(), true, ElytronToolMessages.msg.secretToStorePromptConfirm());
            if (str == null) {
                setStatus(GENERAL_CONFIGURATION_ERROR);
                throw ElytronToolMessages.msg.optionNotSpecified(PASSWORD_CREDENTIAL_VALUE_PARAM);
            }
        }
        Map<String, Object> readAttributesForPreservation = readAttributesForPreservation(Paths.get(str3, new String[0]));
        credentialStore.store(optionValue, createCredential(str, str2));
        credentialStore.flush();
        if (str2 != null) {
            System.out.println(ElytronToolMessages.msg.aliasStored(optionValue, str2));
        } else {
            System.out.println(ElytronToolMessages.msg.aliasStored(optionValue));
        }
        setStatus(ElytronTool.ElytronToolExitStatus_OK);
        setAttributesForPreservation(Paths.get(str3, new String[0]), readAttributesForPreservation);
    }

    private void removeAlias(CredentialStore credentialStore, String str, String str2) throws Exception {
        String optionValue = this.cmdLine.getOptionValue(REMOVE_ALIAS_PARAM);
        Class<? extends Credential> entryTypeToCredential = entryTypeToCredential(str, str2);
        if (!credentialStore.exists(optionValue, entryTypeToCredential)) {
            if (str != null) {
                System.out.println(ElytronToolMessages.msg.aliasDoesNotExist(optionValue, str));
            } else {
                System.out.println(ElytronToolMessages.msg.aliasDoesNotExist(optionValue));
            }
            setStatus(ALIAS_NOT_FOUND);
            return;
        }
        credentialStore.remove(optionValue, entryTypeToCredential);
        credentialStore.flush();
        if (str != null) {
            System.out.println(ElytronToolMessages.msg.aliasRemoved(optionValue, str));
        } else {
            System.out.println(ElytronToolMessages.msg.aliasRemoved(optionValue));
        }
        setStatus(ElytronTool.ElytronToolExitStatus_OK);
    }

    private void checkAlias(CredentialStore credentialStore, String str, String str2) throws Exception {
        String optionValue = this.cmdLine.getOptionValue(CHECK_ALIAS_PARAM);
        if (credentialStore.exists(optionValue, entryTypeToCredential(str, str2))) {
            setStatus(ElytronTool.ElytronToolExitStatus_OK);
            System.out.println(ElytronToolMessages.msg.aliasExists(optionValue));
            return;
        }
        setStatus(ALIAS_NOT_FOUND);
        if (str != null) {
            System.out.println(ElytronToolMessages.msg.aliasDoesNotExist(optionValue, str));
        } else {
            System.out.println(ElytronToolMessages.msg.aliasDoesNotExist(optionValue));
        }
    }

    private void aliases(CredentialStore credentialStore) throws Exception {
        Set<String> aliases = credentialStore.getAliases();
        if (aliases.size() != 0) {
            StringBuilder sb = new StringBuilder();
            Iterator<String> it = aliases.iterator();
            while (it.hasNext()) {
                sb.append(it.next()).append(HelpFormatter.DEFAULT_LONG_OPT_SEPARATOR);
            }
            System.out.println(ElytronToolMessages.msg.aliases(sb.toString()));
        } else {
            System.out.println(ElytronToolMessages.msg.noAliases());
        }
        setStatus(ElytronTool.ElytronToolExitStatus_OK);
    }

    private void generateKeyPair(CredentialStore credentialStore) throws Exception {
        String optionValue = this.cmdLine.getOptionValue(GENERATE_KEY_PAIR_PARAM);
        if (optionValue == null || optionValue.isEmpty()) {
            setStatus(GENERAL_CONFIGURATION_ERROR);
            throw ElytronToolMessages.msg.optionNotSpecified(GENERATE_KEY_PAIR_PARAM);
        }
        int argumentAsInt = getArgumentAsInt(this.cmdLine.getOptionValue(SIZE_PARAM));
        String optionValue2 = this.cmdLine.getOptionValue(ALGORITHM_PARAM);
        if (optionValue2 == null) {
            optionValue2 = "RSA";
        }
        credentialStore.store(optionValue, createKeyPairCredential(optionValue2, argumentAsInt));
        credentialStore.flush();
        System.out.println(ElytronToolMessages.msg.aliasStored(optionValue, KeyPairCredential.class.getName()));
        setStatus(ElytronTool.ElytronToolExitStatus_OK);
    }

    private void exportKeyPairPublicKey(CredentialStore credentialStore, String str) throws Exception {
        String optionValue = this.cmdLine.getOptionValue(EXPORT_KEY_PAIR_PUBLIC_KEY_PARAM);
        if (optionValue == null || optionValue.isEmpty()) {
            setStatus(GENERAL_CONFIGURATION_ERROR);
            throw ElytronToolMessages.msg.optionNotSpecified(EXPORT_KEY_PAIR_PUBLIC_KEY_PARAM);
        }
        if (credentialStore.exists(optionValue, KeyPairCredential.class)) {
            System.out.println(PublicKeyEntry.toString(((KeyPairCredential) credentialStore.retrieve(optionValue, KeyPairCredential.class)).getKeyPair().getPublic()));
            setStatus(ElytronTool.ElytronToolExitStatus_OK);
        } else {
            setStatus(ALIAS_NOT_FOUND);
            if (str != null) {
                System.out.println(ElytronToolMessages.msg.aliasDoesNotExist(optionValue, str));
            } else {
                System.out.println(ElytronToolMessages.msg.aliasDoesNotExist(optionValue));
            }
        }
    }

    private void importKeyPair(CredentialStore credentialStore) throws Exception {
        String str;
        FileInputStream fileInputStream;
        String optionValue = this.cmdLine.getOptionValue(IMPORT_KEY_PAIR_PARAM);
        if (optionValue == null || optionValue.isEmpty()) {
            setStatus(GENERAL_CONFIGURATION_ERROR);
            throw ElytronToolMessages.msg.optionNotSpecified(IMPORT_KEY_PAIR_PARAM);
        }
        String optionValue2 = this.cmdLine.getOptionValue(KEY_PASSPHRASE_PARAM);
        if (optionValue2 == null || optionValue2.isEmpty()) {
            optionValue2 = prompt(false, ElytronToolMessages.msg.keyPassphrasePrompt(), true, ElytronToolMessages.msg.keyPassphrasePromptConfirm());
        }
        ElytronFilePasswordProvider elytronFilePasswordProvider = new ElytronFilePasswordProvider(createCredential(optionValue2, PasswordCredential.class.getName()));
        String str2 = null;
        String optionValue3 = this.cmdLine.getOptionValue(PRIVATE_KEY_STRING_PARAM);
        String optionValue4 = this.cmdLine.getOptionValue(PUBLIC_KEY_STRING_PARAM);
        String optionValue5 = this.cmdLine.getOptionValue(PRIVATE_KEY_LOCATION_PARAM);
        String optionValue6 = this.cmdLine.getOptionValue(PUBLIC_KEY_LOCATION_PARAM);
        if (optionValue5 != null) {
            if (!Files.exists(Paths.get(optionValue5, new String[0]), new LinkOption[0])) {
                setStatus(GENERAL_CONFIGURATION_ERROR);
                throw ElytronToolMessages.msg.keyFileDoesNotExist(optionValue5);
            }
            fileInputStream = new FileInputStream(new File(optionValue5));
            byte[] bArr = new byte[fileInputStream.available()];
            try {
                fileInputStream.read(bArr, 0, fileInputStream.available());
                safeClose(fileInputStream);
                str = new String(bArr);
            } finally {
            }
        } else {
            if (optionValue3 == null) {
                setStatus(GENERAL_CONFIGURATION_ERROR);
                throw ElytronToolMessages.msg.noPrivateKeySpecified();
            }
            str = optionValue3;
        }
        if (str.isEmpty()) {
            setStatus(GENERAL_CONFIGURATION_ERROR);
            throw ElytronToolMessages.msg.noPrivateKeySpecified();
        }
        if (optionValue6 != null) {
            if (!Files.exists(Paths.get(optionValue6, new String[0]), new LinkOption[0])) {
                setStatus(GENERAL_CONFIGURATION_ERROR);
                throw ElytronToolMessages.msg.keyFileDoesNotExist(optionValue6);
            }
            fileInputStream = new FileInputStream(new File(optionValue6));
            byte[] bArr2 = new byte[fileInputStream.available()];
            try {
                fileInputStream.read(bArr2, 0, fileInputStream.available());
                safeClose(fileInputStream);
                str2 = new String(bArr2);
            } finally {
            }
        } else if (optionValue4 != null) {
            str2 = optionValue4;
        }
        credentialStore.store(optionValue, parseKeyPairCredential(str, str2, elytronFilePasswordProvider));
        credentialStore.flush();
        System.out.println(ElytronToolMessages.msg.aliasStored(optionValue, KeyPairCredential.class.getName()));
        setStatus(ElytronTool.ElytronToolExitStatus_OK);
    }

    private void generateSecretKey(CredentialStore credentialStore, String str, int i) throws Exception {
        String optionValue = this.cmdLine.getOptionValue(GENERATE_SECRET_KEY);
        if (optionValue.length() == 0) {
            setStatus(GENERAL_CONFIGURATION_ERROR);
            throw ElytronToolMessages.msg.optionNotSpecified("alias");
        }
        try {
            credentialStore.store(optionValue, createCredential(SecretKeyUtil.generateSecretKey(i), str));
            credentialStore.flush();
            if (str != null) {
                System.out.println(ElytronToolMessages.msg.aliasStored(optionValue, str));
            } else {
                System.out.println(ElytronToolMessages.msg.aliasStored(optionValue));
            }
            setStatus(ElytronTool.ElytronToolExitStatus_OK);
        } catch (Exception e) {
            setStatus(GENERAL_CONFIGURATION_ERROR);
            throw e;
        }
    }

    private void exportSecretKey(CredentialStore credentialStore) throws Exception {
        String optionValue = this.cmdLine.getOptionValue(EXPORT_SECRET_KEY);
        if (optionValue.length() == 0) {
            setStatus(GENERAL_CONFIGURATION_ERROR);
            throw ElytronToolMessages.msg.optionNotSpecified("alias");
        }
        if (!credentialStore.exists(optionValue, SecretKeyCredential.class)) {
            setStatus(ALIAS_NOT_FOUND);
            System.out.println(ElytronToolMessages.msg.aliasDoesNotExist(optionValue));
        } else {
            System.out.println(ElytronToolMessages.msg.exportedSecretKey(optionValue, SecretKeyUtil.exportSecretKey(((SecretKeyCredential) credentialStore.retrieve(optionValue, SecretKeyCredential.class)).getSecretKey())));
            setStatus(ElytronTool.ElytronToolExitStatus_OK);
        }
    }

    private void importSecretKey(CredentialStore credentialStore, String str, String str2) throws Exception {
        String optionValue = this.cmdLine.getOptionValue(IMPORT_SECRET_KEY);
        if (optionValue.length() == 0) {
            setStatus(GENERAL_CONFIGURATION_ERROR);
            throw ElytronToolMessages.msg.optionNotSpecified("alias");
        }
        if (str2 == null) {
            str2 = prompt(true, ElytronToolMessages.msg.keyToImport(), false, null);
            if (str2 == null) {
                setStatus(GENERAL_CONFIGURATION_ERROR);
                throw ElytronToolMessages.msg.optionNotSpecified(KEY_PARAM);
            }
        }
        try {
            credentialStore.store(optionValue, createCredential(SecretKeyUtil.importSecretKey(str2), str));
            credentialStore.flush();
            if (str != null) {
                System.out.println(ElytronToolMessages.msg.aliasStored(optionValue, str));
            } else {
                System.out.println(ElytronToolMessages.msg.aliasStored(optionValue));
            }
            setStatus(ElytronTool.ElytronToolExitStatus_OK);
        } catch (Exception e) {
            setStatus(GENERAL_CONFIGURATION_ERROR);
            throw e;
        }
    }

    private String encrypt(CredentialStore credentialStore) throws Exception {
        String optionValue = this.cmdLine.getOptionValue(ENCRYPT);
        if (optionValue.length() == 0) {
            setStatus(GENERAL_CONFIGURATION_ERROR);
            throw ElytronToolMessages.msg.optionNotSpecified("alias");
        }
        String str = null;
        if (credentialStore.exists(optionValue, SecretKeyCredential.class)) {
            SecretKey secretKey = ((SecretKeyCredential) credentialStore.retrieve(optionValue, SecretKeyCredential.class)).getSecretKey();
            SecretKeyUtil.exportSecretKey(secretKey);
            String optionValue2 = this.cmdLine.getOptionValue(CLEAR_TEXT);
            if (optionValue2 == null) {
                optionValue2 = prompt(false, ElytronToolMessages.msg.clearTextToImport(), true, ElytronToolMessages.msg.clearTextToImportAgain());
            }
            str = CipherUtil.encrypt(optionValue2, secretKey);
            System.out.println(ElytronToolMessages.msg.encryptedToken(str, optionValue));
            setStatus(ElytronTool.ElytronToolExitStatus_OK);
        } else {
            setStatus(ALIAS_NOT_FOUND);
            System.out.println(ElytronToolMessages.msg.aliasDoesNotExist(optionValue));
        }
        return str;
    }

    private void createCredentialStore(CredentialStore credentialStore) throws Exception {
        credentialStore.flush();
        System.out.println(ElytronToolMessages.msg.credentialStoreCreated());
        setStatus(ElytronTool.ElytronToolExitStatus_OK);
    }

    private Credential createCredential(String str, String str2) {
        if (str2 == null || PasswordCredential.class.getSimpleName().equals(str2) || PasswordCredential.class.getName().equals(str2)) {
            return new PasswordCredential(ClearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR, str.toCharArray()));
        }
        throw ElytronToolMessages.msg.unknownEntryType(str2);
    }

    private KeyPairCredential createKeyPairCredential(String str, int i) throws NoSuchAlgorithmException {
        int i2;
        boolean z = -1;
        switch (str.hashCode()) {
            case 2206:
                if (str.equals("EC")) {
                    z = 2;
                    break;
                }
                break;
            case 67986:
                if (str.equals("DSA")) {
                    z = true;
                    break;
                }
                break;
            case 81440:
                if (str.equals("RSA")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                i2 = (512 > i || i > 16384) ? 2048 : i;
                break;
            case true:
                i2 = ((512 <= i && i <= 1024 && i % 64 == 0) || i == 2048 || i == 3072) ? i : 2048;
                break;
            case true:
                i2 = (112 > i || i > 571) ? 256 : i;
                break;
            default:
                str = "RSA";
                i2 = 2048;
                break;
        }
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str);
            try {
                keyPairGenerator.initialize(i2, new SecureRandom());
                return new KeyPairCredential(keyPairGenerator.generateKeyPair());
            } catch (InvalidParameterException e) {
                throw ElytronToolMessages.msg.invalidKeySize(e.getMessage());
            }
        } catch (NoSuchAlgorithmException e2) {
            throw ElytronToolMessages.msg.unknownKeyPairAlgorithm(str);
        }
    }

    private KeyPairCredential parseKeyPairCredential(String str, String str2, FilePasswordProvider filePasswordProvider) throws Exception {
        KeyPair keyPair;
        try {
            keyPair = (KeyPair) Pem.parsePemOpenSSHContent(CodePointIterator.ofString(str), filePasswordProvider).next().tryCast(KeyPair.class);
        } catch (IllegalArgumentException e) {
            if (str2 == null || str2.isEmpty()) {
                setStatus(GENERAL_CONFIGURATION_ERROR);
                throw ElytronToolMessages.msg.noPublicKeySpecified();
            }
            PrivateKey privateKey = (PrivateKey) Pem.parsePemContent(CodePointIterator.ofString(str)).next().tryCast(PrivateKey.class);
            if (privateKey == null) {
                throw ElytronToolMessages.msg.xmlNoPemContent();
            }
            PublicKey publicKey = (PublicKey) Pem.parsePemContent(CodePointIterator.ofString(str2)).next().tryCast(PublicKey.class);
            if (publicKey == null) {
                throw ElytronToolMessages.msg.xmlNoPemContent();
            }
            keyPair = new KeyPair(publicKey, privateKey);
        }
        if (keyPair == null) {
            throw ElytronToolMessages.msg.xmlNoPemContent();
        }
        return new KeyPairCredential(keyPair);
    }

    private Credential createCredential(SecretKey secretKey, String str) {
        if (str == null || SecretKeyCredential.class.getSimpleName().equals(str) || SecretKeyCredential.class.getName().equals(str)) {
            return new SecretKeyCredential(secretKey);
        }
        throw ElytronToolMessages.msg.unknownEntryType(str);
    }

    private Class<? extends Credential> entryTypeToCredential(String str, String str2) {
        if (str == null) {
            return defaultCredentialType(str2);
        }
        if (PasswordCredential.class.getSimpleName().equals(str) || PasswordCredential.class.getName().equals(str)) {
            return PasswordCredential.class;
        }
        if (KeyPairCredential.class.getName().equals(str)) {
            return KeyPairCredential.class;
        }
        if (SecretKeyCredential.class.getSimpleName().equals(str) || SecretKeyCredential.class.getName().equals(str)) {
            return SecretKeyCredential.class;
        }
        throw ElytronToolMessages.msg.unknownEntryType(str);
    }

    private static Class<? extends Credential> defaultCredentialType(String str) {
        return PropertiesCredentialStore.NAME.equals(str) ? SecretKeyCredential.class : PasswordCredential.class;
    }

    @Override // org.wildfly.security.tool.Command
    protected Set<String> aliases() {
        return (Set) Stream.of((Object[]) new String[]{"cs", "credstore"}).collect(Collectors.toSet());
    }

    @Override // org.wildfly.security.tool.Command
    public void help() {
        HelpFormatter helpFormatter = new HelpFormatter();
        helpFormatter.setWidth(WIDTH);
        helpFormatter.printHelp(ElytronToolMessages.msg.cmdHelp(getToolCommand(), CREDENTIAL_STORE_COMMAND), ElytronToolMessages.msg.cmdLineCredentialStoreHelpHeader().concat(ElytronToolMessages.msg.cmdLineActionsHelpHeader()), this.options, ClientIdentity.ID_FILE_SUFFIX, true);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Map<String, String> parseCredentialStoreProperties(String str) {
        HashMap hashMap = new HashMap();
        if (str != null) {
            for (String str2 : str.split(";")) {
                String[] split = str2.split("=");
                if (split[0] == null || split[0].isEmpty() || split[1] == null) {
                    throw ElytronToolMessages.msg.cannotParseProps();
                }
                hashMap.put(split[0], split[1]);
            }
        }
        return hashMap;
    }

    static String formatPropertiesForCli(Map<String, String> map) {
        if (map == null || map.isEmpty()) {
            return ClientIdentity.ID_FILE_SUFFIX;
        }
        map.remove(CREATE_CREDENTIAL_STORE_PARAM);
        map.remove("location");
        map.remove("modifiable");
        boolean z = true;
        StringBuilder sb = new StringBuilder("implementation-properties={");
        for (String str : map.keySet()) {
            if (z) {
                z = false;
            } else {
                sb.append(",");
            }
            sb.append("\"" + str + "\"=>\"" + map.get(str) + "\"");
        }
        sb.append("}");
        return sb.toString();
    }

    private int getArgumentAsInt(String str) throws Exception {
        return getArgumentAsInt(str, -1);
    }

    private int getArgumentAsInt(String str, int i) throws Exception {
        if (str == null || str.isEmpty()) {
            return i;
        }
        try {
            return Integer.parseInt(str);
        } catch (NumberFormatException e) {
            setStatus(GENERAL_CONFIGURATION_ERROR);
            throw new Exception(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void getCreateDefaultSummary(Map<String, String> map, StringBuilder sb, String str) {
        sb.append("/subsystem=elytron/credential-store=test:add(");
        sb.append("relative-to=jboss.server.data.dir,");
        if (map != null && !map.isEmpty()) {
            if (map.get(CREATE_CREDENTIAL_STORE_PARAM) != null) {
                sb.append("create=").append(map.get(CREATE_CREDENTIAL_STORE_PARAM)).append(",");
            }
            if (map.get("modifiable") != null) {
                sb.append("modifiable=").append(map.get("modifiable")).append(",");
            }
            if (map.get("location") != null) {
                sb.append("location=\"").append(map.get("location")).append("\",");
            }
            String formatPropertiesForCli = formatPropertiesForCli(map);
            if (!formatPropertiesForCli.isEmpty()) {
                sb.append(formatPropertiesForCli);
                sb.append(",");
            }
        }
        sb.append("credential-reference={");
        sb.append("clear-text=\"");
        sb.append(str);
        sb.append("\"})");
    }

    static void getCreatePropertiesCredentialStoreSummary(StringBuilder sb, String str) {
        sb.append("/subsystem=elytron/secret-key-credential-store=test:add(");
        sb.append("relative-to=jboss.server.data.dir,");
        sb.append("path=\"").append(str).append("\")");
    }

    static void getUseExpressionExample(StringBuilder sb, String str) {
        sb.append("/subsystem=example:write-attribute(");
        sb.append("name=example,");
        sb.append("value=\"${ENC::RESOLVER:").append(str).append("}\")");
    }

    private static void safeClose(Closeable closeable) {
        if (closeable != null) {
            try {
                closeable.close();
            } catch (Throwable th) {
            }
        }
    }
}
