package org.wildfly.security.tool;

import java.net.URI;
import java.security.GeneralSecurityException;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.commons.cli.CommandLine;
import org.apache.commons.cli.CommandLineParser;
import org.apache.commons.cli.DefaultParser;
import org.apache.commons.cli.HelpFormatter;
import org.apache.commons.cli.Option;
import org.apache.commons.cli.OptionGroup;
import org.apache.commons.cli.Options;
import org.wildfly.security.auth.server.IdentityCredentials;
import org.wildfly.security.credential.Credential;
import org.wildfly.security.credential.PasswordCredential;
import org.wildfly.security.credential.store.CredentialStore;
import org.wildfly.security.credential.store.impl.KeyStoreCredentialStore;
import org.wildfly.security.password.interfaces.ClearPassword;
import org.wildfly.security.util.Alphabet;
import org.wildfly.security.util.PasswordBasedEncryptionUtil;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/wildfly/security/tool/CredentialStoreCommand.class */
public class CredentialStoreCommand extends Command {
    public static int ACTION_NOT_DEFINED = 5;
    public static int ALIAS_NOT_FOUND = 6;
    public static int GENERAL_CONFIGURATION_ERROR = 7;
    public static final String CREDENTIAL_STORE_COMMAND = "credential-store";
    static final String DEFAULT_ALGORITHM = "PBEWithMD5AndDES";
    static final String DEFAULT_PICKETBOX_INITIAL_KEY_MATERIAL = "somearbitrarycrazystringthatdoesnotmatter";
    public static final String STORE_LOCATION_PARAM = "location";
    public static final String CONFIGURATION_URI_PARAM = "uri";
    public static final String CREDENTIAL_STORE_PASSWORD_PARAM = "password";
    public static final String CREDENTIAL_STORE_TYPE_PARAM = "type";
    public static final String SALT_PARAM = "salt";
    public static final String ITERATION_PARAM = "iteration";
    public static final String PASSWORD_CREDENTIAL_VALUE_PARAM = "secret";
    public static final String ADD_ALIAS_PARAM = "add";
    public static final String CHECK_ALIAS_PARAM = "exists";
    public static final String ALIASES_PARAM = "aliases";
    public static final String REMOVE_ALIAS_PARAM = "remove";
    public static final String CREATE_CREDENTIAL_STORE_PARAM = "create";
    public static final String HELP_PARAM = "help";
    public static final String PRINT_SUMMARY_PARAM = "summary";
    private CommandLineParser parser = new DefaultParser();
    private CommandLine cmdLine = null;
    private Map<String, String> credentialStoreConfigurationOptions = new HashMap();
    private String storageFile = null;
    private final Options options = new Options();

    /* JADX INFO: Access modifiers changed from: package-private */
    public CredentialStoreCommand() {
        this.options.addOption("l", STORE_LOCATION_PARAM, true, ElytronToolMessages.msg.cmdLineStoreLocationDesc());
        this.options.addOption("u", "uri", true, ElytronToolMessages.msg.cmdLineURIDesc());
        this.options.addOption("p", CREDENTIAL_STORE_PASSWORD_PARAM, true, ElytronToolMessages.msg.cmdLineCredentialStorePassword());
        this.options.addOption("s", SALT_PARAM, true, ElytronToolMessages.msg.cmdLineSaltDesc());
        this.options.addOption("i", ITERATION_PARAM, true, ElytronToolMessages.msg.cmdLineIterationCountDesc());
        this.options.addOption("x", PASSWORD_CREDENTIAL_VALUE_PARAM, true, ElytronToolMessages.msg.cmdLinePasswordCredentialValueDesc());
        this.options.addOption("c", CREATE_CREDENTIAL_STORE_PARAM, false, ElytronToolMessages.msg.cmdLineCreateCredentialStoreDesc());
        this.options.addOption("t", CREDENTIAL_STORE_TYPE_PARAM, true, ElytronToolMessages.msg.cmdLineCredentialStoreTypeDesc());
        this.options.addOption("f", PRINT_SUMMARY_PARAM, false, ElytronToolMessages.msg.cmdLinePrintSummary());
        OptionGroup optionGroup = new OptionGroup();
        Option option = new Option("a", ADD_ALIAS_PARAM, true, ElytronToolMessages.msg.cmdLineAddAliasDesc());
        Option option2 = new Option("e", CHECK_ALIAS_PARAM, true, ElytronToolMessages.msg.cmdLineCheckAliasDesc());
        Option option3 = new Option("r", REMOVE_ALIAS_PARAM, true, ElytronToolMessages.msg.cmdLineRemoveAliasDesc());
        Option option4 = new Option("v", ALIASES_PARAM, false, ElytronToolMessages.msg.cmdLineAliasesDesc());
        Option option5 = new Option("h", HELP_PARAM, false, ElytronToolMessages.msg.cmdLineHelp());
        optionGroup.addOption(option);
        optionGroup.addOption(option2);
        optionGroup.addOption(option3);
        optionGroup.addOption(option5);
        optionGroup.addOption(option4);
        optionGroup.setRequired(true);
        this.options.addOptionGroup(optionGroup);
    }

    @Override // org.wildfly.security.tool.Command
    public void execute(String[] strArr) throws Exception {
        setStatus(GENERAL_CONFIGURATION_ERROR);
        this.cmdLine = this.parser.parse(this.options, strArr, true);
        if (this.cmdLine.hasOption(HELP_PARAM)) {
            help();
            setStatus(ElytronTool.ElytronToolExitStatus_OK);
        }
        String optionValue = this.cmdLine.getOptionValue(STORE_LOCATION_PARAM);
        String optionValue2 = this.cmdLine.getOptionValue("uri");
        String optionValue3 = this.cmdLine.getOptionValue(CREDENTIAL_STORE_PASSWORD_PARAM);
        String optionValue4 = this.cmdLine.getOptionValue(SALT_PARAM);
        String optionValue5 = this.cmdLine.getOptionValue(CREDENTIAL_STORE_TYPE_PARAM, KeyStoreCredentialStore.KEY_STORE_CREDENTIAL_STORE);
        String optionValue6 = this.cmdLine.getOptionValue(ITERATION_PARAM);
        int i = -1;
        if (optionValue6 != null && !optionValue6.isEmpty()) {
            try {
                i = Integer.parseInt(optionValue6);
            } catch (NumberFormatException e) {
                setStatus(GENERAL_CONFIGURATION_ERROR);
                throw new Exception(e);
            }
        }
        boolean hasOption = this.cmdLine.hasOption(CREATE_CREDENTIAL_STORE_PARAM);
        boolean hasOption2 = this.cmdLine.hasOption(PRINT_SUMMARY_PARAM);
        if (optionValue2 != null) {
            parse(new URI(optionValue2));
        }
        if (optionValue == null) {
            optionValue = this.storageFile;
        }
        CredentialStore credentialStore = CredentialStore.getInstance(optionValue5);
        this.credentialStoreConfigurationOptions.putIfAbsent(STORE_LOCATION_PARAM, optionValue);
        this.credentialStoreConfigurationOptions.putIfAbsent("modifiable", Boolean.TRUE.toString());
        this.credentialStoreConfigurationOptions.putIfAbsent(CREATE_CREDENTIAL_STORE_PARAM, Boolean.valueOf(hasOption).toString());
        this.credentialStoreConfigurationOptions.putIfAbsent("keyStoreType", "JCEKS");
        if (optionValue3 != null) {
            credentialStore.initialize(this.credentialStoreConfigurationOptions, new CredentialStore.CredentialSourceProtectionParameter(IdentityCredentials.NONE.withCredential(new PasswordCredential(ClearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR, optionValue3.toCharArray())))));
        } else {
            credentialStore.initialize(this.credentialStoreConfigurationOptions);
        }
        if (this.cmdLine.hasOption(ADD_ALIAS_PARAM)) {
            String optionValue7 = this.cmdLine.getOptionValue(ADD_ALIAS_PARAM);
            credentialStore.store(optionValue7, createCredential(this.cmdLine.getOptionValue(PASSWORD_CREDENTIAL_VALUE_PARAM)));
            credentialStore.flush();
            System.out.println(ElytronToolMessages.msg.aliasStored(optionValue7));
            setStatus(ElytronTool.ElytronToolExitStatus_OK);
        } else if (this.cmdLine.hasOption(REMOVE_ALIAS_PARAM)) {
            String optionValue8 = this.cmdLine.getOptionValue(REMOVE_ALIAS_PARAM);
            credentialStore.remove(optionValue8, PasswordCredential.class);
            credentialStore.flush();
            System.out.println(ElytronToolMessages.msg.aliasRemoved(optionValue8));
            setStatus(ElytronTool.ElytronToolExitStatus_OK);
        } else if (this.cmdLine.hasOption(CHECK_ALIAS_PARAM)) {
            String optionValue9 = this.cmdLine.getOptionValue(CHECK_ALIAS_PARAM);
            if (credentialStore.exists(optionValue9, PasswordCredential.class)) {
                setStatus(ElytronTool.ElytronToolExitStatus_OK);
                System.out.println(ElytronToolMessages.msg.aliasExists(optionValue9));
            } else {
                setStatus(ALIAS_NOT_FOUND);
                System.out.println(ElytronToolMessages.msg.aliasDoesNotExist(optionValue9));
            }
        } else {
            if (!this.cmdLine.hasOption(ALIASES_PARAM)) {
                setStatus(ACTION_NOT_DEFINED);
                throw ElytronToolMessages.msg.actionToPerformNotDefined();
            }
            Set<String> aliases = credentialStore.getAliases();
            StringBuilder sb = new StringBuilder();
            Iterator<String> it = aliases.iterator();
            while (it.hasNext()) {
                sb.append(it.next()).append(HelpFormatter.DEFAULT_LONG_OPT_SEPARATOR);
            }
            System.out.println(ElytronToolMessages.msg.aliases(sb.toString()));
            setStatus(ElytronTool.ElytronToolExitStatus_OK);
        }
        if (hasOption2) {
            StringBuilder sb2 = new StringBuilder();
            sb2.append("/subsystem=elytron/credential-store=test:add(uri=\"");
            sb2.append(optionValue2).append("\"");
            sb2.append(",relative-to=jboss.server.data.dir,credential-reference={");
            sb2.append("clear-text=\"");
            if (optionValue3 != null && !optionValue3.startsWith("MASK-") && optionValue4 != null && i > -1) {
                sb2.append(computeMasked(optionValue3, optionValue4, i));
            } else if (optionValue3 != null) {
                sb2.append(optionValue3);
            }
            sb2.append("\"})");
            System.out.println(ElytronToolMessages.msg.commandSummary(sb2.toString()));
        }
    }

    private Credential createCredential(String str) {
        return new PasswordCredential(ClearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR, str.toCharArray()));
    }

    private String computeMasked(String str, String str2, int i) throws GeneralSecurityException {
        return "MASK-" + new PasswordBasedEncryptionUtil.Builder().alphabet(Alphabet.Base64Alphabet.PICKETBOX_COMPATIBILITY).keyAlgorithm(DEFAULT_ALGORITHM).password(DEFAULT_PICKETBOX_INITIAL_KEY_MATERIAL).salt(str2).iteration(i).encryptMode().build().encryptAndEncode(str.toCharArray()) + ";" + str2 + ";" + i;
    }

    @Override // org.wildfly.security.tool.Command
    protected Set<String> aliases() {
        return (Set) Stream.of((Object[]) new String[]{"cs", "credstore"}).collect(Collectors.toSet());
    }

    private void parse(URI uri) {
        String path = uri.getPath();
        if (path == null || path.length() <= 1) {
            this.storageFile = null;
        } else {
            this.storageFile = path.substring(1);
        }
        parseQueryParameter(uri.getQuery(), uri.toString());
    }

    private void parseQueryParameter(String str, String str2) {
        char c;
        if (str == null) {
            return;
        }
        int i = 0;
        boolean z = false;
        StringBuilder sb = new StringBuilder();
        String str3 = null;
        while (i < str.length()) {
            char charAt = str.charAt(i);
            if (!z) {
                if (charAt == '=') {
                    z = true;
                    str3 = sb.toString();
                    sb.setLength(0);
                } else {
                    sb.append(charAt);
                }
                i++;
            } else if (!z) {
                continue;
            } else if (charAt == '\'') {
                if (str.charAt(i - 1) != '=') {
                    throw ElytronToolMessages.msg.credentialStoreURIParameterOpeningQuote(str2);
                }
                int i2 = i + 1;
                char charAt2 = str.charAt(i2);
                while (true) {
                    c = charAt2;
                    if (i2 >= str.length() || c == '\'') {
                        break;
                    }
                    sb.append(c);
                    i2++;
                    charAt2 = str.charAt(i2);
                }
                if (c != '\'') {
                    throw ElytronToolMessages.msg.credentialStoreURIParameterUnexpectedEnd(str2);
                }
                i = i2 + 1;
                if (i < str.length() && str.charAt(i) != ';') {
                    throw ElytronToolMessages.msg.credentialStoreURIParameterClosingQuote(str2);
                }
            } else if (charAt == ';') {
                String sb2 = sb.toString();
                if (str3 == null) {
                    throw ElytronToolMessages.msg.credentialStoreURIParameterNameExpected(str2);
                }
                this.credentialStoreConfigurationOptions.put(str3, sb2);
                i++;
                str3 = null;
                sb.setLength(0);
                z = false;
            } else {
                sb.append(charAt);
                i++;
            }
        }
        if (str3 == null || sb.length() <= 0) {
            throw ElytronToolMessages.msg.credentialStoreURIParameterUnexpectedEnd(str2);
        }
        this.credentialStoreConfigurationOptions.put(str3, sb.toString());
    }

    @Override // org.wildfly.security.tool.Command
    public void help() {
        new HelpFormatter().printHelp("java -jar wildfly-elytron-tool.jar credential-store <sub-command> <options>", this.options, true);
    }
}
