package org.wildfly.security.tool;

import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Paths;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.commons.cli.CommandLine;
import org.apache.commons.cli.CommandLineParser;
import org.apache.commons.cli.DefaultParser;
import org.apache.commons.cli.HelpFormatter;
import org.apache.commons.cli.Option;
import org.apache.commons.cli.OptionGroup;
import org.apache.commons.cli.Options;
import org.wildfly.security.auth.server.IdentityCredentials;
import org.wildfly.security.credential.Credential;
import org.wildfly.security.credential.PasswordCredential;
import org.wildfly.security.credential.store.CredentialStore;
import org.wildfly.security.credential.store.impl.KeyStoreCredentialStore;
import org.wildfly.security.password.interfaces.ClearPassword;
import org.wildfly.security.x500.cert.acme.Acme;

/* loaded from: input_file:org/wildfly/security/tool/CredentialStoreCommand.class */
class CredentialStoreCommand extends Command {
    public static final String CREDENTIAL_STORE_COMMAND = "credential-store";
    public static final String STORE_LOCATION_PARAM = "location";
    public static final String IMPLEMENTATION_PROPERTIES_PARAM = "properties";
    public static final String CREDENTIAL_STORE_PASSWORD_PARAM = "password";
    public static final String CREDENTIAL_STORE_TYPE_PARAM = "type";
    public static final String SALT_PARAM = "salt";
    public static final String ITERATION_PARAM = "iteration";
    public static final String PASSWORD_CREDENTIAL_VALUE_PARAM = "secret";
    public static final String ADD_ALIAS_PARAM = "add";
    public static final String CHECK_ALIAS_PARAM = "exists";
    public static final String ALIASES_PARAM = "aliases";
    public static final String REMOVE_ALIAS_PARAM = "remove";
    public static final String CREATE_CREDENTIAL_STORE_PARAM = "create";
    public static final String HELP_PARAM = "help";
    public static final String PRINT_SUMMARY_PARAM = "summary";
    public static final String ENTRY_TYPE_PARAM = "entry-type";
    public static final String OTHER_PROVIDERS_PARAM = "other-providers";
    public static final String DEBUG_PARAM = "debug";
    public static final String CUSTOM_CREDENTIAL_STORE_PROVIDER_PARAM = "credential-store-provider";
    public static int ACTION_NOT_DEFINED = 5;
    public static int ALIAS_NOT_FOUND = 6;
    public static int GENERAL_CONFIGURATION_ERROR = 7;
    private static final List<String> filebasedKeystoreTypes = Collections.unmodifiableList(Arrays.asList("JKS", "JCEKS", "PKCS12"));
    private CommandLineParser parser = new DefaultParser();
    private CommandLine cmdLine = null;
    private final Options options = new Options();

    /* JADX INFO: Access modifiers changed from: package-private */
    public CredentialStoreCommand() {
        Option option = new Option("l", "location", true, ElytronToolMessages.msg.cmdLineStoreLocationDesc());
        option.setArgName("loc");
        option.setOptionalArg(false);
        this.options.addOption(option);
        this.options.addOption(new Option("u", IMPLEMENTATION_PROPERTIES_PARAM, true, ElytronToolMessages.msg.cmdLineImplementationPropertiesDesc()));
        Option option2 = new Option("p", CREDENTIAL_STORE_PASSWORD_PARAM, true, ElytronToolMessages.msg.cmdLineCredentialStorePassword());
        option2.setArgName("pwd");
        this.options.addOption(option2);
        this.options.addOption("s", "salt", true, ElytronToolMessages.msg.cmdLineSaltDesc());
        this.options.addOption("i", "iteration", true, ElytronToolMessages.msg.cmdLineIterationCountDesc());
        Option option3 = new Option(Acme.X_COORDINATE, PASSWORD_CREDENTIAL_VALUE_PARAM, true, ElytronToolMessages.msg.cmdLinePasswordCredentialValueDesc());
        option3.setArgName("secret to store");
        option3.setOptionalArg(true);
        this.options.addOption(option3);
        Option option4 = new Option(Acme.MODULUS, ENTRY_TYPE_PARAM, true, ElytronToolMessages.msg.cmdLineEntryTypeDesc());
        option4.setArgName("type");
        option4.setOptionalArg(true);
        this.options.addOption(option4);
        Option option5 = new Option("o", OTHER_PROVIDERS_PARAM, true, ElytronToolMessages.msg.cmdLineOtherProvidersDesc());
        option5.setArgName("providers");
        option5.setOptionalArg(true);
        this.options.addOption(option5);
        Option option6 = new Option("q", CUSTOM_CREDENTIAL_STORE_PROVIDER_PARAM, true, ElytronToolMessages.msg.cmdLineCustomCredentialStoreProviderDesc());
        option6.setArgName("cs-provider");
        option6.setOptionalArg(true);
        this.options.addOption(option6);
        this.options.addOption("c", CREATE_CREDENTIAL_STORE_PARAM, false, ElytronToolMessages.msg.cmdLineCreateCredentialStoreDesc());
        Option option7 = new Option("t", "type", true, ElytronToolMessages.msg.cmdLineCredentialStoreTypeDesc());
        option7.setArgName("type");
        this.options.addOption(option7);
        this.options.addOption("f", "summary", false, ElytronToolMessages.msg.cmdLinePrintSummary());
        OptionGroup optionGroup = new OptionGroup();
        Option option8 = new Option("a", ADD_ALIAS_PARAM, true, ElytronToolMessages.msg.cmdLineAddAliasDesc());
        option8.setArgName(VaultCommand.ALIAS_PARAM);
        Option option9 = new Option(Acme.EXPONENT, CHECK_ALIAS_PARAM, true, ElytronToolMessages.msg.cmdLineCheckAliasDesc());
        option9.setArgName(VaultCommand.ALIAS_PARAM);
        Option option10 = new Option("r", REMOVE_ALIAS_PARAM, true, ElytronToolMessages.msg.cmdLineRemoveAliasDesc());
        option10.setArgName(VaultCommand.ALIAS_PARAM);
        Option option11 = new Option("v", ALIASES_PARAM, false, ElytronToolMessages.msg.cmdLineAliasesDesc());
        Option option12 = new Option("h", "help", false, ElytronToolMessages.msg.cmdLineHelp());
        Option option13 = new Option("d", "debug", false, ElytronToolMessages.msg.cmdLineDebug());
        optionGroup.addOption(option8);
        optionGroup.addOption(option9);
        optionGroup.addOption(option10);
        optionGroup.addOption(option11);
        this.options.addOptionGroup(optionGroup);
        this.options.addOption(option12);
        this.options.addOption(option13);
    }

    @Override // org.wildfly.security.tool.Command
    public void execute(String[] strArr) throws Exception {
        CredentialStore credentialStore;
        setStatus(GENERAL_CONFIGURATION_ERROR);
        this.cmdLine = this.parser.parse(this.options, strArr, false);
        setEnableDebug(this.cmdLine.hasOption("debug"));
        if (this.cmdLine.hasOption("help")) {
            help();
            setStatus(ElytronTool.ElytronToolExitStatus_OK);
            return;
        }
        printDuplicatesWarning(this.cmdLine);
        String optionValue = this.cmdLine.getOptionValue("location");
        if ((this.cmdLine.hasOption(ALIASES_PARAM) || this.cmdLine.hasOption(CHECK_ALIAS_PARAM)) && optionValue != null && !Files.exists(Paths.get(optionValue, new String[0]), new LinkOption[0])) {
            setStatus(GENERAL_CONFIGURATION_ERROR);
            throw ElytronToolMessages.msg.storageFileDoesNotExist(optionValue);
        }
        String optionValue2 = this.cmdLine.getOptionValue(CREDENTIAL_STORE_PASSWORD_PARAM);
        String str = optionValue2 == null ? "" : optionValue2;
        String optionValue3 = this.cmdLine.getOptionValue("salt");
        String optionValue4 = this.cmdLine.getOptionValue("type", KeyStoreCredentialStore.KEY_STORE_CREDENTIAL_STORE);
        int argumentAsInt = getArgumentAsInt(this.cmdLine.getOptionValue("iteration"));
        String optionValue5 = this.cmdLine.getOptionValue(ENTRY_TYPE_PARAM);
        String optionValue6 = this.cmdLine.getOptionValue(OTHER_PROVIDERS_PARAM);
        String optionValue7 = this.cmdLine.getOptionValue(CUSTOM_CREDENTIAL_STORE_PROVIDER_PARAM);
        boolean hasOption = this.cmdLine.hasOption(CREATE_CREDENTIAL_STORE_PARAM);
        if (hasOption && this.cmdLine.getArgs().length > 0) {
            setStatus(GENERAL_CONFIGURATION_ERROR);
            throw ElytronToolMessages.msg.noArgumentOption(CREATE_CREDENTIAL_STORE_PARAM);
        }
        boolean hasOption2 = this.cmdLine.hasOption("summary");
        String optionValue8 = this.cmdLine.getOptionValue(PASSWORD_CREDENTIAL_VALUE_PARAM);
        Map<String, String> parseCredentialStoreProperties = parseCredentialStoreProperties(this.cmdLine.getOptionValue(IMPLEMENTATION_PROPERTIES_PARAM));
        if (optionValue7 != null) {
            credentialStore = CredentialStore.getInstance(optionValue4, optionValue7, getProvidersSupplier(optionValue7));
        } else {
            try {
                credentialStore = CredentialStore.getInstance(optionValue4);
            } catch (NoSuchAlgorithmException e) {
                credentialStore = CredentialStore.getInstance(optionValue4, getProvidersSupplier(null));
            }
        }
        parseCredentialStoreProperties.put("location", optionValue);
        parseCredentialStoreProperties.putIfAbsent("modifiable", Boolean.TRUE.toString());
        parseCredentialStoreProperties.putIfAbsent(CREATE_CREDENTIAL_STORE_PARAM, Boolean.valueOf(hasOption).toString());
        if (optionValue4.equals(KeyStoreCredentialStore.KEY_STORE_CREDENTIAL_STORE)) {
            parseCredentialStoreProperties.putIfAbsent("keyStoreType", "JCEKS");
        }
        String str2 = parseCredentialStoreProperties.get("keyStoreType");
        if (optionValue == null && str2 != null && filebasedKeystoreTypes.contains(str2.toUpperCase(Locale.ENGLISH))) {
            throw ElytronToolMessages.msg.filebasedKeystoreLocationMissing(str2);
        }
        CredentialStore.CredentialSourceProtectionParameter credentialSourceProtectionParameter = null;
        if (optionValue2 == null) {
            optionValue2 = prompt(false, ElytronToolMessages.msg.credentialStorePasswordPrompt(), true, ElytronToolMessages.msg.credentialStorePasswordPromptConfirm());
            if (optionValue2 == null) {
                setStatus(GENERAL_CONFIGURATION_ERROR);
                throw ElytronToolMessages.msg.optionNotSpecified(CREDENTIAL_STORE_PASSWORD_PARAM);
            }
        }
        if (optionValue2 != null) {
            credentialSourceProtectionParameter = new CredentialStore.CredentialSourceProtectionParameter(IdentityCredentials.NONE.withCredential(new PasswordCredential(ClearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR, optionValue2.startsWith("MASK-") ? MaskCommand.decryptMasked(optionValue2) : optionValue2.toCharArray()))));
        }
        credentialStore.initialize(parseCredentialStoreProperties, credentialSourceProtectionParameter, getProvidersSupplier(optionValue6).get());
        if (optionValue2 != null && !optionValue2.startsWith("MASK-") && optionValue3 != null && argumentAsInt > -1) {
            str = MaskCommand.computeMasked(optionValue2, optionValue3, argumentAsInt);
        }
        if (this.cmdLine.hasOption(ADD_ALIAS_PARAM)) {
            String optionValue9 = this.cmdLine.getOptionValue(ADD_ALIAS_PARAM);
            if (optionValue9.length() == 0) {
                setStatus(GENERAL_CONFIGURATION_ERROR);
                throw ElytronToolMessages.msg.optionNotSpecified(ADD_ALIAS_PARAM);
            }
            if (optionValue8 == null) {
                optionValue8 = prompt(false, ElytronToolMessages.msg.secretToStorePrompt(), true, ElytronToolMessages.msg.secretToStorePromptConfirm());
                if (optionValue8 == null) {
                    setStatus(GENERAL_CONFIGURATION_ERROR);
                    throw ElytronToolMessages.msg.optionNotSpecified(PASSWORD_CREDENTIAL_VALUE_PARAM);
                }
            }
            credentialStore.store(optionValue9, createCredential(optionValue8, optionValue5));
            credentialStore.flush();
            if (optionValue5 != null) {
                System.out.println(ElytronToolMessages.msg.aliasStored(optionValue9, optionValue5));
            } else {
                System.out.println(ElytronToolMessages.msg.aliasStored(optionValue9));
            }
            setStatus(ElytronTool.ElytronToolExitStatus_OK);
        } else if (this.cmdLine.hasOption(REMOVE_ALIAS_PARAM)) {
            String optionValue10 = this.cmdLine.getOptionValue(REMOVE_ALIAS_PARAM);
            if (credentialStore.exists(optionValue10, entryTypeToCredential(optionValue5))) {
                credentialStore.remove(optionValue10, entryTypeToCredential(optionValue5));
                credentialStore.flush();
                if (optionValue5 != null) {
                    System.out.println(ElytronToolMessages.msg.aliasRemoved(optionValue10, optionValue5));
                } else {
                    System.out.println(ElytronToolMessages.msg.aliasRemoved(optionValue10));
                }
                setStatus(ElytronTool.ElytronToolExitStatus_OK);
            } else {
                if (optionValue5 != null) {
                    System.out.println(ElytronToolMessages.msg.aliasDoesNotExist(optionValue10, optionValue5));
                } else {
                    System.out.println(ElytronToolMessages.msg.aliasDoesNotExist(optionValue10));
                }
                setStatus(ALIAS_NOT_FOUND);
            }
        } else if (this.cmdLine.hasOption(CHECK_ALIAS_PARAM)) {
            String optionValue11 = this.cmdLine.getOptionValue(CHECK_ALIAS_PARAM);
            if (credentialStore.exists(optionValue11, entryTypeToCredential(optionValue5))) {
                setStatus(ElytronTool.ElytronToolExitStatus_OK);
                System.out.println(ElytronToolMessages.msg.aliasExists(optionValue11));
            } else {
                setStatus(ALIAS_NOT_FOUND);
                if (optionValue5 != null) {
                    System.out.println(ElytronToolMessages.msg.aliasDoesNotExist(optionValue11, optionValue5));
                } else {
                    System.out.println(ElytronToolMessages.msg.aliasDoesNotExist(optionValue11));
                }
            }
        } else if (this.cmdLine.hasOption(ALIASES_PARAM)) {
            Set<String> aliases = credentialStore.getAliases();
            if (aliases.size() != 0) {
                StringBuilder sb = new StringBuilder();
                Iterator<String> it = aliases.iterator();
                while (it.hasNext()) {
                    sb.append(it.next()).append(HelpFormatter.DEFAULT_LONG_OPT_SEPARATOR);
                }
                System.out.println(ElytronToolMessages.msg.aliases(sb.toString()));
            } else {
                System.out.println(ElytronToolMessages.msg.noAliases());
            }
            setStatus(ElytronTool.ElytronToolExitStatus_OK);
        } else {
            if (!this.cmdLine.hasOption(CREATE_CREDENTIAL_STORE_PARAM)) {
                setStatus(ACTION_NOT_DEFINED);
                throw ElytronToolMessages.msg.actionToPerformNotDefined();
            }
            credentialStore.flush();
            System.out.println(ElytronToolMessages.msg.credentialStoreCreated());
            setStatus(ElytronTool.ElytronToolExitStatus_OK);
        }
        if (hasOption2) {
            StringBuilder sb2 = new StringBuilder();
            if (this.cmdLine.hasOption(ADD_ALIAS_PARAM)) {
                if (parseCredentialStoreProperties.get(CREATE_CREDENTIAL_STORE_PARAM) != null && parseCredentialStoreProperties.get(CREATE_CREDENTIAL_STORE_PARAM).equals("true")) {
                    getCreateSummary(parseCredentialStoreProperties, sb2, str);
                    sb2.append("\n");
                }
                sb2.append("/subsystem=elytron/credential-store=test:add-alias(alias=");
                sb2.append(this.cmdLine.getOptionValue(ADD_ALIAS_PARAM));
                if (optionValue5 != null) {
                    sb2.append(",entry-type=\"").append(optionValue5).append("\"");
                }
                sb2.append(",secret-value=\"");
                sb2.append(optionValue8);
                sb2.append("\")");
            } else if (this.cmdLine.hasOption(REMOVE_ALIAS_PARAM)) {
                sb2.append("/subsystem=elytron/credential-store=test:remove-alias(alias=");
                sb2.append(this.cmdLine.getOptionValue(REMOVE_ALIAS_PARAM));
                sb2.append(")");
            } else if (this.cmdLine.hasOption(ALIASES_PARAM) || this.cmdLine.hasOption(CHECK_ALIAS_PARAM)) {
                sb2.append("/subsystem=elytron/credential-store=test:read-aliases()");
            } else if (this.cmdLine.hasOption(CREATE_CREDENTIAL_STORE_PARAM)) {
                getCreateSummary(parseCredentialStoreProperties, sb2, str);
            }
            System.out.println(ElytronToolMessages.msg.commandSummary(sb2.toString()));
        }
    }

    private Credential createCredential(String str, String str2) {
        if (str2 == null || PasswordCredential.class.getName().equals(str2)) {
            return new PasswordCredential(ClearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR, str.toCharArray()));
        }
        throw ElytronToolMessages.msg.unknownEntryType(str2);
    }

    private Class<? extends Credential> entryTypeToCredential(String str) {
        if (str == null || PasswordCredential.class.getName().equals(str)) {
            return PasswordCredential.class;
        }
        throw ElytronToolMessages.msg.unknownEntryType(str);
    }

    @Override // org.wildfly.security.tool.Command
    protected Set<String> aliases() {
        return (Set) Stream.of((Object[]) new String[]{"cs", "credstore"}).collect(Collectors.toSet());
    }

    @Override // org.wildfly.security.tool.Command
    public void help() {
        HelpFormatter helpFormatter = new HelpFormatter();
        helpFormatter.setWidth(WIDTH);
        helpFormatter.printHelp(ElytronToolMessages.msg.cmdHelp(getToolCommand(), CREDENTIAL_STORE_COMMAND), ElytronToolMessages.msg.cmdLineCredentialStoreHelpHeader(), this.options, "", true);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Map<String, String> parseCredentialStoreProperties(String str) {
        HashMap hashMap = new HashMap();
        if (str != null) {
            for (String str2 : str.split(";")) {
                String[] split = str2.split("=");
                if (split[0] == null || split[0].isEmpty() || split[1] == null) {
                    throw ElytronToolMessages.msg.cannotParseProps();
                }
                hashMap.put(split[0], split[1]);
            }
        }
        return hashMap;
    }

    static String formatPropertiesForCli(Map<String, String> map) {
        if (map == null && map.isEmpty()) {
            return "";
        }
        map.remove(CREATE_CREDENTIAL_STORE_PARAM);
        map.remove("location");
        map.remove("modifiable");
        boolean z = true;
        StringBuilder sb = new StringBuilder("implementation-properties={");
        for (String str : map.keySet()) {
            if (z) {
                z = false;
            } else {
                sb.append(",");
            }
            sb.append("\"" + str + "\"=>\"" + map.get(str) + "\"");
        }
        sb.append("}");
        return sb.toString();
    }

    private int getArgumentAsInt(String str) throws Exception {
        if (str == null || str.isEmpty()) {
            return -1;
        }
        try {
            return Integer.parseInt(str);
        } catch (NumberFormatException e) {
            setStatus(GENERAL_CONFIGURATION_ERROR);
            throw new Exception(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void getCreateSummary(Map<String, String> map, StringBuilder sb, String str) {
        sb.append("/subsystem=elytron/credential-store=test:add(");
        sb.append("relative-to=jboss.server.data.dir,");
        if (map != null && !map.isEmpty()) {
            if (map.get(CREATE_CREDENTIAL_STORE_PARAM) != null) {
                sb.append("create=").append(map.get(CREATE_CREDENTIAL_STORE_PARAM)).append(",");
            }
            if (map.get("modifiable") != null) {
                sb.append("modifiable=").append(map.get("modifiable")).append(",");
            }
            if (map.get("location") != null) {
                sb.append("location=\"").append(map.get("location")).append("\",");
            }
            String formatPropertiesForCli = formatPropertiesForCli(map);
            if (!formatPropertiesForCli.isEmpty()) {
                sb.append(formatPropertiesForCli);
                sb.append(",");
            }
        }
        sb.append("credential-reference={");
        sb.append("clear-text=\"");
        sb.append(str);
        sb.append("\"})");
    }
}
