package org.keycloak.client.admin.cli.commands;

import java.io.File;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.net.URL;
import org.jboss.aesh.cl.CommandDefinition;
import org.jboss.aesh.console.command.CommandException;
import org.jboss.aesh.console.command.CommandResult;
import org.jboss.aesh.console.command.invocation.CommandInvocation;
import org.keycloak.client.admin.cli.config.ConfigData;
import org.keycloak.client.admin.cli.config.RealmConfigData;
import org.keycloak.client.admin.cli.util.AuthUtil;
import org.keycloak.client.admin.cli.util.ConfigUtil;
import org.keycloak.client.admin.cli.util.IoUtil;
import org.keycloak.client.admin.cli.util.OsUtil;

@CommandDefinition(name = "credentials", description = "--server SERVER_URL --realm REALM [ARGUMENTS]")
/* loaded from: input_file:org/keycloak/client/admin/cli/commands/ConfigCredentialsCmd.class */
public class ConfigCredentialsCmd extends AbstractAuthOptionsCmd {
    private int sigLifetime = 600;

    public void init(ConfigData configData) {
        if (this.server == null) {
            this.server = configData.getServerUrl();
        }
        if (this.realm == null) {
            this.realm = configData.getRealm();
        }
        if (this.trustStore == null) {
            this.trustStore = configData.getTruststore();
        }
        RealmConfigData realmConfigData = configData.getRealmConfigData(this.server, this.realm);
        if (realmConfigData != null && this.clientId == null) {
            this.clientId = realmConfigData.getClientId();
        }
    }

    @Override // org.jboss.aesh.console.command.Command
    public CommandResult execute(CommandInvocation commandInvocation) throws CommandException, InterruptedException {
        try {
            try {
                if (printHelp()) {
                    return this.help ? CommandResult.SUCCESS : CommandResult.FAILURE;
                }
                processGlobalOptions();
                CommandResult process = process(commandInvocation);
                commandInvocation.stop();
                return process;
            } catch (IllegalArgumentException e) {
                throw new IllegalArgumentException(e.getMessage() + suggestHelp(), e);
            }
        } finally {
            commandInvocation.stop();
        }
    }

    @Override // org.keycloak.client.admin.cli.commands.AbstractGlobalOptionsCmd
    protected boolean nothingToDo() {
        return noOptions();
    }

    public CommandResult process(CommandInvocation commandInvocation) throws CommandException, InterruptedException {
        if (this.server == null) {
            throw new IllegalArgumentException("Required option not specified: --server");
        }
        try {
            new URL(this.server);
            if (this.realm == null) {
                throw new IllegalArgumentException("Required option not specified: --realm");
            }
            String str = null;
            boolean z = this.clientId != null;
            applyDefaultOptionValues();
            if (this.user != null) {
                IoUtil.printErr("Logging into " + this.server + " as user " + this.user + " of realm " + this.realm);
                if (this.password == null) {
                    this.password = IoUtil.readSecret("Enter password: ", commandInvocation);
                }
                if ("-".equals(this.secret) && this.keystore == null) {
                    this.secret = IoUtil.readSecret("Enter client secret: ", commandInvocation);
                }
            } else if (this.keystore != null || this.secret != null || z) {
                IoUtil.printErr("Logging into " + this.server + " as service-account-" + this.clientId + " of realm " + this.realm);
                if (this.keystore == null && this.secret == null) {
                    this.secret = IoUtil.readSecret("Enter client secret: ", commandInvocation);
                }
            }
            if (this.keystore != null) {
                if (this.secret != null) {
                    throw new IllegalArgumentException("Can't use both --keystore and --secret");
                }
                if (!new File(this.keystore).isFile()) {
                    throw new RuntimeException("No such keystore file: " + this.keystore);
                }
                if (this.storePass == null) {
                    this.storePass = IoUtil.readSecret("Enter keystore password: ", commandInvocation);
                    this.keyPass = IoUtil.readSecret("Enter key password: ", commandInvocation);
                }
                if (this.keyPass == null) {
                    this.keyPass = this.storePass;
                }
                if (this.alias == null) {
                    this.alias = this.clientId;
                }
                str = AuthUtil.getSignedRequestToken(this.keystore, this.storePass, this.keyPass, this.alias, this.sigLifetime, this.clientId, this.server + "/realms/" + this.realm);
            }
            if (this.user == null && this.secret == null && this.keystore == null) {
                ConfigUtil.getHandler().saveMergeConfig(configData -> {
                    configData.setServerUrl(this.server);
                    configData.setRealm(this.realm);
                });
                return CommandResult.SUCCESS;
            }
            setupTruststore(copyWithServerInfo(ConfigUtil.loadConfig()), commandInvocation);
            ConfigUtil.saveTokens(str != null ? AuthUtil.getAuthTokensByJWT(this.server, this.realm, this.user, this.password, this.clientId, str) : this.secret != null ? AuthUtil.getAuthTokensBySecret(this.server, this.realm, this.user, this.password, this.clientId, this.secret) : AuthUtil.getAuthTokens(this.server, this.realm, this.user, this.password, this.clientId), this.server, this.realm, this.clientId, str, str == null ? null : Long.valueOf(System.currentTimeMillis() + (this.sigLifetime * 1000)), this.secret);
            return CommandResult.SUCCESS;
        } catch (Exception e) {
            throw new RuntimeException("Invalid server endpoint url: " + this.server, e);
        }
    }

    protected String suggestHelp() {
        return OsUtil.EOL + "Try '" + OsUtil.CMD + " help config credentials' for more information";
    }

    @Override // org.keycloak.client.admin.cli.commands.AbstractGlobalOptionsCmd
    protected String help() {
        return usage();
    }

    public static String usage() {
        StringWriter stringWriter = new StringWriter();
        PrintWriter printWriter = new PrintWriter(stringWriter);
        printWriter.println("Usage: " + OsUtil.CMD + " config credentials --server SERVER_URL --realm REALM --user USER [--password PASSWORD] [ARGUMENTS]");
        printWriter.println("       " + OsUtil.CMD + " config credentials --server SERVER_URL --realm REALM --client CLIENT_ID [--secret SECRET] [ARGUMENTS]");
        printWriter.println("       " + OsUtil.CMD + " config credentials --server SERVER_URL --realm REALM --client CLIENT_ID [--keystore KEYSTORE] [ARGUMENTS]");
        printWriter.println();
        printWriter.println("Command to establish an authenticated client session with the server. There are many authentication");
        printWriter.println("options available, and it depends on server side client authentication configuration how client can or should authenticate.");
        printWriter.println("The information always required includes --server, and --realm. Then, --user and / or --client need to be used to authenticate.");
        printWriter.println("If --client is not provided it defaults to 'admin-cli'. The authentication options / requirements depend on how this client is configured.");
        printWriter.println();
        printWriter.println("If confidential client authentication is also configured, you may have to specify a client id, and client credentials in addition to");
        printWriter.println("user credentials. Client credentials are either a client secret, or a keystore information to use Signed JWT mechanism.");
        printWriter.println("If only client credentials are provided, and no user credentials, then the service account is used for login.");
        printWriter.println();
        printWriter.println("Arguments:");
        printWriter.println();
        printWriter.println("  Global options:");
        printWriter.println("    -x                      Print full stack trace when exiting with error");
        printWriter.println("    --config                Path to a config file (" + ConfigUtil.DEFAULT_CONFIG_FILE_STRING + " by default)");
        printWriter.println("    --truststore PATH       Path to a truststore containing trusted certificates");
        printWriter.println("    --trustpass PASSWORD    Truststore password (prompted for if not specified and --truststore is used)");
        printWriter.println();
        printWriter.println("  Command specific options:");
        printWriter.println("    --server SERVER_URL     Server endpoint url (e.g. 'http://localhost:8080/auth')");
        printWriter.println("    --realm REALM           Realm name to use");
        printWriter.println("    --user USER             Username to login with");
        printWriter.println("    --password PASSWORD     Password to login with (prompted for if not specified and --user is used)");
        printWriter.println("    --client CLIENT_ID      ClientId used by this client tool ('admin-cli' by default)");
        printWriter.println("    --secret SECRET         Secret to authenticate the client (prompted for if --client is specified, and no --keystore is specified)");
        printWriter.println("    --keystore PATH         Path to a keystore containing private key");
        printWriter.println("    --storepass PASSWORD    Keystore password (prompted for if not specified and --keystore is used)");
        printWriter.println("    --keypass PASSWORD      Key password (prompted for if not specified and --keystore is used without --storepass,");
        printWriter.println("                            otherwise defaults to keystore password)");
        printWriter.println("    --alias ALIAS           Alias of the key inside a keystore (defaults to the value of ClientId)");
        printWriter.println();
        printWriter.println();
        printWriter.println("Examples:");
        printWriter.println();
        printWriter.println("Login as 'admin' user of 'master' realm to a local Keycloak server running on default port.");
        printWriter.println("You will be prompted for a password:");
        printWriter.println("  " + OsUtil.PROMPT + " " + OsUtil.CMD + " config credentials --server http://localhost:8080/auth --realm master --user admin");
        printWriter.println();
        printWriter.println("Login to Keycloak server at non-default endpoint passing the password via standard input:");
        if (OsUtil.OS_ARCH.isWindows()) {
            printWriter.println("  " + OsUtil.PROMPT + " echo mypassword | " + OsUtil.CMD + " config credentials --server http://localhost:9080/auth --realm master --user admin");
        } else {
            printWriter.println("  " + OsUtil.PROMPT + " " + OsUtil.CMD + " config credentials --server http://localhost:9080/auth --realm master --user admin << EOF");
            printWriter.println("  mypassword");
            printWriter.println("  EOF");
        }
        printWriter.println();
        printWriter.println("Login specifying a password through command line:");
        printWriter.println("  " + OsUtil.PROMPT + " " + OsUtil.CMD + " config credentials --server http://localhost:9080/auth --realm master --user admin --password " + OsUtil.OS_ARCH.envVar("PASSWORD"));
        printWriter.println();
        printWriter.println("Login using a client service account of a custom client. You will be prompted for a client secret:");
        printWriter.println("  " + OsUtil.PROMPT + " " + OsUtil.CMD + " config credentials --server http://localhost:9080/auth --realm master --client reg-cli");
        printWriter.println();
        printWriter.println("Login using a client service account of a custom client, authenticating with signed JWT.");
        printWriter.println("You will be prompted for a keystore password, and a key password:");
        printWriter.println("  " + OsUtil.PROMPT + " " + OsUtil.CMD + " config credentials --server http://localhost:9080/auth --realm master --client reg-cli --keystore " + OsUtil.OS_ARCH.path("~/.keycloak/keystore.jks"));
        printWriter.println();
        printWriter.println("Login as 'user' while also authenticating a custom client with signed JWT.");
        printWriter.println("You will be prompted for a user password, a keystore password, and a key password:");
        printWriter.println("  " + OsUtil.PROMPT + " " + OsUtil.CMD + " config credentials --server http://localhost:9080/auth --realm master --user user --client reg-cli --keystore " + OsUtil.OS_ARCH.path("~/.keycloak/keystore.jks"));
        printWriter.println();
        printWriter.println();
        printWriter.println("Use '" + OsUtil.CMD + " help' for general information and a list of commands");
        return stringWriter.toString();
    }
}
