package org.infinispan.cli.commands;

import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.Provider;
import java.security.spec.AlgorithmParameterSpec;
import java.util.HashMap;
import java.util.Iterator;
import org.aesh.command.CommandDefinition;
import org.aesh.command.CommandException;
import org.aesh.command.CommandResult;
import org.aesh.command.GroupCommandDefinition;
import org.aesh.command.impl.completer.FileOptionCompleter;
import org.aesh.command.option.Argument;
import org.aesh.command.option.Option;
import org.aesh.io.FileResource;
import org.aesh.io.Resource;
import org.infinispan.cli.impl.ContextAwareCommandInvocation;
import org.infinispan.cli.logging.Messages;
import org.wildfly.security.auth.server.IdentityCredentials;
import org.wildfly.security.credential.PasswordCredential;
import org.wildfly.security.credential.store.CredentialStore;
import org.wildfly.security.credential.store.CredentialStoreException;
import org.wildfly.security.credential.store.impl.KeyStoreCredentialStore;
import org.wildfly.security.password.interfaces.ClearPassword;

@GroupCommandDefinition(name = Credentials.CMD, description = "Credential store operations", groupCommands = {Add.class, Remove.class, Ls.class})
/* loaded from: input_file:org/infinispan/cli/commands/Credentials.class */
public class Credentials extends CliCommand {
    public static final String CMD = "credentials";
    public static final String STORE_TYPE = "pkcs12";
    public static final String CREDENTIALS_PATH = "credentials.pfx";

    @Option(shortName = 'h', hasValue = false, overrideRequired = true)
    protected boolean help;

    @CommandDefinition(name = "add", description = "Adds credentials to keystores.")
    /* loaded from: input_file:org/infinispan/cli/commands/Credentials$Add.class */
    public static class Add extends CliCommand {
        public static final String CMD = "add";

        @Argument(description = "Specifies an alias, or name, for the credential.", required = true)
        String alias;

        @Option(description = "Sets the path to a credential keystore and creates a new one if it does not exist.", completer = FileOptionCompleter.class, defaultValue = {Credentials.CREDENTIALS_PATH})
        Resource path;

        @Option(description = "Specifies a password to protect the credential keystore.", shortName = 'p')
        String password;

        @Option(description = "Sets the type of credential store. Values are either PKCS12, which is the default, or JCEKS.", shortName = 't', defaultValue = {Credentials.STORE_TYPE})
        String type;

        @Option(description = "Adds a credential to the keystore.", shortName = 'c')
        String credential;

        @Option(description = "Sets the path to the server root directory.", defaultValue = {"server"}, name = "server-root", shortName = 's')
        String serverRoot;

        @Option(shortName = 'h', hasValue = false, overrideRequired = true)
        protected boolean help;

        @Override // org.infinispan.cli.commands.CliCommand
        public boolean isHelp() {
            return this.help;
        }

        @Override // org.infinispan.cli.commands.CliCommand
        public CommandResult exec(ContextAwareCommandInvocation contextAwareCommandInvocation) throws CommandException {
            try {
                Path resourceToPath = Credentials.resourceToPath(this.path, this.serverRoot);
                if (this.password == null) {
                    this.password = contextAwareCommandInvocation.getPasswordInteractively(Messages.MSG.credentialToolPassword(), Files.exists(resourceToPath, new LinkOption[0]) ? null : Messages.MSG.credentialToolPasswordConfirm());
                }
                if (this.credential == null) {
                    this.credential = contextAwareCommandInvocation.getPasswordInteractively(Messages.MSG.credentialToolCredential(), Messages.MSG.credentialToolCredentialConfirm());
                }
                KeyStoreCredentialStore keyStoreCredentialStore = Credentials.getKeyStoreCredentialStore(resourceToPath, this.type, true, this.password.toCharArray());
                keyStoreCredentialStore.store(this.alias, new PasswordCredential(ClearPassword.createRaw(Clear.CMD, this.credential.toCharArray())), (CredentialStore.ProtectionParameter) null);
                keyStoreCredentialStore.flush();
                return CommandResult.SUCCESS;
            } catch (Exception e) {
                throw new CommandException(e);
            }
        }
    }

    @CommandDefinition(name = "ls", description = "Lists credential aliases in keystores.")
    /* loaded from: input_file:org/infinispan/cli/commands/Credentials$Ls.class */
    public static class Ls extends CliCommand {
        public static final String CMD = "ls";

        @Option(description = "Sets the path to a credential keystore.", completer = FileOptionCompleter.class, defaultValue = {Credentials.CREDENTIALS_PATH})
        Resource path;

        @Option(description = "Specifies the password that protects the credential keystore.", shortName = 'p')
        String password;

        @Option(description = "Sets the type of credential store. Values are either PKCS12, which is the default, or JCEKS.", shortName = 't', defaultValue = {Credentials.STORE_TYPE})
        String type;

        @Option(description = "Sets the path to the server root directory.", defaultValue = {"server"}, name = "server-root", shortName = 's')
        String serverRoot;

        @Option(shortName = 'h', hasValue = false, overrideRequired = true)
        protected boolean help;

        @Override // org.infinispan.cli.commands.CliCommand
        public boolean isHelp() {
            return this.help;
        }

        @Override // org.infinispan.cli.commands.CliCommand
        public CommandResult exec(ContextAwareCommandInvocation contextAwareCommandInvocation) throws CommandException {
            try {
                Path resourceToPath = Credentials.resourceToPath(this.path, this.serverRoot);
                if (Files.exists(resourceToPath, new LinkOption[0])) {
                    if (this.password == null) {
                        this.password = contextAwareCommandInvocation.getPasswordInteractively(Messages.MSG.credentialToolPassword(), null);
                    }
                    Iterator it = Credentials.getKeyStoreCredentialStore(resourceToPath, this.type, false, this.password.toCharArray()).getAliases().iterator();
                    while (it.hasNext()) {
                        contextAwareCommandInvocation.println((String) it.next());
                    }
                }
                return CommandResult.SUCCESS;
            } catch (Exception e) {
                throw new CommandException(e);
            }
        }
    }

    @CommandDefinition(name = "remove", description = "Deletes credentials from keystores.", aliases = {"rm"})
    /* loaded from: input_file:org/infinispan/cli/commands/Credentials$Remove.class */
    public static class Remove extends CliCommand {
        public static final String CMD = "remove";

        @Argument(description = "Specifies an alias, or name, for the credential.", required = true)
        String alias;

        @Option(description = "Sets the path to a credential keystore.", completer = FileOptionCompleter.class, defaultValue = {Credentials.CREDENTIALS_PATH})
        Resource path;

        @Option(description = "Specifies the password that protects the credential keystore.", shortName = 'p')
        String password;

        @Option(description = "Sets the type of credential store. Values are either PKCS12, which is the default, or JCEKS.", shortName = 't', defaultValue = {Credentials.STORE_TYPE})
        String type;

        @Option(description = "Sets the path to the server root directory.", defaultValue = {"server"}, name = "server-root", shortName = 's')
        String serverRoot;

        @Option(shortName = 'h', hasValue = false, overrideRequired = true)
        protected boolean help;

        @Override // org.infinispan.cli.commands.CliCommand
        public boolean isHelp() {
            return this.help;
        }

        @Override // org.infinispan.cli.commands.CliCommand
        public CommandResult exec(ContextAwareCommandInvocation contextAwareCommandInvocation) throws CommandException {
            try {
                Path resourceToPath = Credentials.resourceToPath(this.path, this.serverRoot);
                if (this.password == null) {
                    this.password = contextAwareCommandInvocation.getPasswordInteractively(Messages.MSG.credentialToolPassword(), null);
                }
                KeyStoreCredentialStore keyStoreCredentialStore = Credentials.getKeyStoreCredentialStore(resourceToPath, this.type, false, this.password.toCharArray());
                keyStoreCredentialStore.remove(this.alias, PasswordCredential.class, (String) null, (AlgorithmParameterSpec) null);
                keyStoreCredentialStore.flush();
                return CommandResult.SUCCESS;
            } catch (Exception e) {
                throw new CommandException(e);
            }
        }
    }

    @Override // org.infinispan.cli.commands.CliCommand
    public boolean isHelp() {
        return this.help;
    }

    @Override // org.infinispan.cli.commands.CliCommand
    public CommandResult exec(ContextAwareCommandInvocation contextAwareCommandInvocation) {
        contextAwareCommandInvocation.println(contextAwareCommandInvocation.getHelpInfo());
        return CommandResult.FAILURE;
    }

    static KeyStoreCredentialStore getKeyStoreCredentialStore(Path path, String str, boolean z, char[] cArr) throws CredentialStoreException {
        KeyStoreCredentialStore keyStoreCredentialStore = new KeyStoreCredentialStore();
        HashMap hashMap = new HashMap();
        hashMap.put("location", path.toAbsolutePath().toString());
        hashMap.put("keyStoreType", str);
        hashMap.put("create", Boolean.toString(z));
        keyStoreCredentialStore.initialize(hashMap, new CredentialStore.CredentialSourceProtectionParameter(IdentityCredentials.NONE.withCredential(new PasswordCredential(ClearPassword.createRaw(Clear.CMD, cArr)))), (Provider[]) null);
        return keyStoreCredentialStore;
    }

    static Path resourceToPath(Resource resource, String str) {
        if (((FileResource) resource).getFile().getParent() != null) {
            return Paths.get(resource.getAbsolutePath(), new String[0]);
        }
        String property = System.getProperty("infinispan.server.home.path");
        return (property == null ? Paths.get("", new String[0]) : Paths.get(property, new String[0])).resolve(str).resolve("conf").resolve(((FileResource) resource).getFile().getPath()).toAbsolutePath();
    }
}
