package org.keycloak.client.admin.cli.commands;

import java.io.PrintWriter;
import java.io.StringWriter;
import org.jboss.aesh.cl.CommandDefinition;
import org.jboss.aesh.cl.Option;
import org.jboss.aesh.console.command.CommandException;
import org.jboss.aesh.console.command.CommandResult;
import org.jboss.aesh.console.command.invocation.CommandInvocation;
import org.keycloak.client.admin.cli.config.ConfigData;
import org.keycloak.client.admin.cli.operations.UserOperations;
import org.keycloak.client.admin.cli.util.AuthUtil;
import org.keycloak.client.admin.cli.util.ConfigUtil;
import org.keycloak.client.admin.cli.util.IoUtil;
import org.keycloak.client.admin.cli.util.OsUtil;

@CommandDefinition(name = "set-password", description = "[ARGUMENTS]")
/* loaded from: input_file:org/keycloak/client/admin/cli/commands/SetPasswordCmd.class */
public class SetPasswordCmd extends AbstractAuthOptionsCmd {

    @Option(name = "username", description = "Username")
    String username;

    @Option(name = "userid", description = "User ID")
    String userid;

    @Option(shortName = 'p', name = "new-password", description = "New password")
    String pass;

    @Option(shortName = 't', name = "temporary", description = "is password temporary", hasValue = false)
    boolean temporary;

    @Override // org.jboss.aesh.console.command.Command
    public CommandResult execute(CommandInvocation commandInvocation) throws CommandException, InterruptedException {
        try {
            try {
                if (printHelp()) {
                    return this.help ? CommandResult.SUCCESS : CommandResult.FAILURE;
                }
                processGlobalOptions();
                CommandResult process = process(commandInvocation);
                commandInvocation.stop();
                return process;
            } catch (IllegalArgumentException e) {
                throw new IllegalArgumentException(e.getMessage() + suggestHelp(), e);
            }
        } finally {
            commandInvocation.stop();
        }
    }

    public CommandResult process(CommandInvocation commandInvocation) throws CommandException, InterruptedException {
        if (this.args != null && this.args.size() > 0) {
            throw new IllegalArgumentException("Invalid option: " + this.args.get(0));
        }
        if (this.userid == null && this.username == null) {
            throw new IllegalArgumentException("No user specified. Use --username or --userid to specify user");
        }
        if (this.userid != null && this.username != null) {
            throw new IllegalArgumentException("Options --userid and --username are mutually exclusive");
        }
        if (this.pass == null) {
            this.pass = IoUtil.readSecret("Enter password: ", commandInvocation);
        }
        ConfigData copyWithServerInfo = copyWithServerInfo(ConfigUtil.loadConfig());
        setupTruststore(copyWithServerInfo, commandInvocation);
        String str = null;
        ConfigData copyWithServerInfo2 = copyWithServerInfo(ensureAuthInfo(copyWithServerInfo, commandInvocation));
        if (ConfigUtil.credentialsAvailable(copyWithServerInfo2)) {
            str = AuthUtil.ensureToken(copyWithServerInfo2);
        }
        String str2 = str != null ? "Bearer " + str : null;
        String serverUrl = copyWithServerInfo2.getServerUrl();
        String targetRealm = getTargetRealm(copyWithServerInfo2);
        String composeAdminRoot = this.adminRestRoot != null ? this.adminRestRoot : composeAdminRoot(serverUrl);
        if (this.username != null) {
            this.userid = UserOperations.getIdFromUsername(composeAdminRoot, targetRealm, str2, this.username);
        }
        UserOperations.resetUserPassword(composeAdminRoot, targetRealm, str2, this.userid, this.pass, this.temporary);
        return CommandResult.SUCCESS;
    }

    @Override // org.keycloak.client.admin.cli.commands.AbstractGlobalOptionsCmd
    protected boolean nothingToDo() {
        return noOptions() && this.username == null && this.userid == null && this.pass == null;
    }

    protected String suggestHelp() {
        return OsUtil.EOL + "Try '" + OsUtil.CMD + " help set-password' for more information";
    }

    @Override // org.keycloak.client.admin.cli.commands.AbstractGlobalOptionsCmd
    protected String help() {
        return usage();
    }

    public static String usage() {
        StringWriter stringWriter = new StringWriter();
        PrintWriter printWriter = new PrintWriter(stringWriter);
        printWriter.println("Usage: " + OsUtil.CMD + " set-password (--username USERNAME | --userid ID) [--password PASSWORD] [ARGUMENTS]");
        printWriter.println();
        printWriter.println("Command to reset user's password.");
        printWriter.println();
        printWriter.println("Use `" + OsUtil.CMD + " config credentials` to establish an authenticated session, or use CREDENTIALS OPTIONS");
        printWriter.println("to perform one time authentication.");
        printWriter.println();
        printWriter.println("Arguments:");
        printWriter.println();
        printWriter.println("  Global options:");
        printWriter.println("    -x                    Print full stack trace when exiting with error");
        printWriter.println("    --config              Path to the config file (" + ConfigUtil.DEFAULT_CONFIG_FILE_STRING + " by default)");
        printWriter.println("    --truststore PATH     Path to a truststore containing trusted certificates");
        printWriter.println("    --trustpass PASSWORD  Truststore password (prompted for if not specified and --truststore is used)");
        printWriter.println("    CREDENTIALS OPTIONS   Same set of options as accepted by '" + OsUtil.CMD + " config credentials' in order to establish");
        printWriter.println("                          an authenticated sessions. This allows on-the-fly transient authentication that does");
        printWriter.println("                          not touch a config file.");
        printWriter.println();
        printWriter.println("  Command specific options:");
        printWriter.println("    --username USERNAME       Identify target user by 'username'");
        printWriter.println("    --userid ID               Identify target user by 'id'");
        printWriter.println("    -p, --new-password        New password to set. If not specified you will be prompted for it.");
        printWriter.println("    -t, --temporary           Make the new password temporary - user has to change it on next logon");
        printWriter.println("    -a, --admin-root URL      URL of Admin REST endpoint root if not default - e.g. http://localhost:8080/auth/admin");
        printWriter.println("    -r, --target-realm REALM  Target realm to issue requests against if not the one authenticated against");
        printWriter.println();
        printWriter.println("Examples:");
        printWriter.println();
        printWriter.println("Set new temporary password for the user:");
        printWriter.println("  " + OsUtil.PROMPT + " " + OsUtil.CMD + " set-password -r demorealm --username testuser --password NEWPASS -t");
        printWriter.println();
        printWriter.println();
        printWriter.println("Use '" + OsUtil.CMD + " help' for general information and a list of commands");
        return stringWriter.toString();
    }
}
