package org.xipki.cmpclient.shell;

import com.alibaba.fastjson.JSON;
import java.math.BigInteger;
import java.util.Set;
import org.apache.karaf.shell.api.action.Command;
import org.apache.karaf.shell.api.action.Completion;
import org.apache.karaf.shell.api.action.Option;
import org.apache.karaf.shell.api.action.lifecycle.Service;
import org.apache.karaf.shell.support.completers.FileCompleter;
import org.bouncycastle.asn1.ASN1Integer;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.cert.X509CRLHolder;
import org.xipki.cmpclient.CmpClientException;
import org.xipki.cmpclient.PkiErrorException;
import org.xipki.cmpclient.shell.Actions;
import org.xipki.cmpclient.shell.CmpClientCompleters;
import org.xipki.security.util.X509Util;
import org.xipki.shell.CmdFailure;
import org.xipki.shell.Completers;
import org.xipki.shell.IllegalCmdParamException;
import org.xipki.util.HealthCheckResult;
import org.xipki.util.ReqRespDebug;
import org.xipki.util.StringUtil;

/* loaded from: input_file:org/xipki/cmpclient/shell/CrlActions.class */
public class CrlActions {

    @Service
    @Command(scope = "xi", name = "cmp-gen-crl", description = "generate CRL")
    /* loaded from: input_file:org/xipki/cmpclient/shell/CrlActions$CmpGenCrl.class */
    public static class CmpGenCrl extends CrlAction {
        @Override // org.xipki.cmpclient.shell.CrlActions.CrlAction
        protected X509CRLHolder retrieveCrl() throws CmpClientException, PkiErrorException {
            ReqRespDebug reqRespDebug = getReqRespDebug();
            try {
                return this.client.generateCrl(this.caName, reqRespDebug);
            } finally {
                saveRequestResponse(reqRespDebug);
            }
        }
    }

    @Service
    @Command(scope = "xi", name = "cmp-get-crl", description = "download CRL")
    /* loaded from: input_file:org/xipki/cmpclient/shell/CrlActions$CmpGetCrl.class */
    public static class CmpGetCrl extends CrlAction {

        @Option(name = "--with-basecrl", description = "whether to retrieve the baseCRL if the current CRL is a delta CRL")
        private Boolean withBaseCrl = Boolean.FALSE;

        @Option(name = "--basecrl-out", description = "where to save the baseCRL\n(defaults to <out>-baseCRL)")
        @Completion(FileCompleter.class)
        private String baseCrlOut;

        @Override // org.xipki.cmpclient.shell.CrlActions.CrlAction
        protected X509CRLHolder retrieveCrl() throws CmpClientException, PkiErrorException {
            ReqRespDebug reqRespDebug = getReqRespDebug();
            try {
                return this.client.downloadCrl(this.caName, reqRespDebug);
            } finally {
                saveRequestResponse(reqRespDebug);
            }
        }

        @Override // org.xipki.cmpclient.shell.CrlActions.CrlAction
        protected Object execute0() throws Exception {
            byte[] coreExtValue;
            if (this.caName != null) {
                this.caName = this.caName.toLowerCase();
            }
            Set caNames = this.client.getCaNames();
            if (isEmpty(caNames)) {
                throw new IllegalCmdParamException("no CA is configured");
            }
            if (this.caName != null && !caNames.contains(this.caName)) {
                throw new IllegalCmdParamException("CA " + this.caName + " is not within the configured CAs " + caNames);
            }
            if (this.caName == null) {
                if (caNames.size() != 1) {
                    throw new IllegalCmdParamException("no CA is specified, one of " + caNames + " is required");
                }
                this.caName = (String) caNames.iterator().next();
            }
            try {
                X509CRLHolder retrieveCrl = retrieveCrl();
                if (retrieveCrl == null) {
                    throw new CmdFailure("received no CRL from server");
                }
                saveVerbose("saved CRL to file", this.outFile, encodeCrl(retrieveCrl.getEncoded(), this.outform));
                if (!this.withBaseCrl.booleanValue() || (coreExtValue = X509Util.getCoreExtValue(retrieveCrl.getExtensions(), Extension.deltaCRLIndicator)) == null) {
                    return null;
                }
                if (this.baseCrlOut == null) {
                    this.baseCrlOut = this.outFile + "-baseCRL";
                }
                BigInteger positiveValue = ASN1Integer.getInstance(coreExtValue).getPositiveValue();
                ReqRespDebug reqRespDebug = getReqRespDebug();
                try {
                    try {
                        X509CRLHolder downloadCrl = this.client.downloadCrl(this.caName, positiveValue, reqRespDebug);
                        saveRequestResponse(reqRespDebug);
                        if (downloadCrl == null) {
                            throw new CmdFailure("received no baseCRL from server");
                        }
                        saveVerbose("saved baseCRL to file", this.baseCrlOut, encodeCrl(downloadCrl.getEncoded(), this.outform));
                        return null;
                    } catch (PkiErrorException e) {
                        throw new CmdFailure("received no baseCRL from server: " + e.getMessage());
                    }
                } catch (Throwable th) {
                    saveRequestResponse(reqRespDebug);
                    throw th;
                }
            } catch (PkiErrorException e2) {
                throw new CmdFailure("received no CRL from server: " + e2.getMessage());
            }
        }
    }

    @Service
    @Command(scope = "xi", name = "cmp-health", description = "check healty status of CA")
    /* loaded from: input_file:org/xipki/cmpclient/shell/CrlActions$CmpHealth.class */
    public static class CmpHealth extends Actions.ClientAction {

        @Option(name = "--ca", description = "CA name\n(required if multiple CAs are configured)")
        @Completion(CmpClientCompleters.CaNameCompleter.class)
        private String caName;

        @Option(name = "--verbose", aliases = {"-v"}, description = "show status verbosely")
        private Boolean verbose = Boolean.FALSE;

        protected Object execute0() throws Exception {
            if (this.caName != null) {
                this.caName = this.caName.toLowerCase();
            }
            Set caNames = this.client.getCaNames();
            if (isEmpty(caNames)) {
                throw new IllegalCmdParamException("no CA is configured");
            }
            if (this.caName != null && !caNames.contains(this.caName)) {
                throw new IllegalCmdParamException("CA " + this.caName + " is not within the configured CAs " + caNames);
            }
            if (this.caName == null) {
                if (caNames.size() != 1) {
                    throw new IllegalCmdParamException("no CA is specified, one of " + caNames + " is required");
                }
                this.caName = (String) caNames.iterator().next();
            }
            HealthCheckResult healthCheckResult = this.client.getHealthCheckResult(this.caName);
            String[] strArr = new String[3];
            strArr[0] = this.caName;
            strArr[1] = ": ";
            strArr[2] = healthCheckResult.isHealthy() ? "healthy" : "not healthy";
            String concat = StringUtil.concat("healthy status for CA ", strArr);
            if (this.verbose.booleanValue()) {
                concat = StringUtil.concat(concat, new String[]{"\n", JSON.toJSONString(healthCheckResult, true)});
            }
            System.out.println(concat);
            return null;
        }
    }

    /* loaded from: input_file:org/xipki/cmpclient/shell/CrlActions$CrlAction.class */
    public static abstract class CrlAction extends Actions.ClientAction {

        @Option(name = "--ca", description = "CA name\n(required if multiple CAs are configured)")
        @Completion(CmpClientCompleters.CaNameCompleter.class)
        protected String caName;

        @Option(name = "--outform", description = "output format of the CRL")
        @Completion(Completers.DerPemCompleter.class)
        protected String outform = "der";

        @Option(name = "--out", aliases = {"-o"}, required = true, description = "where to save the CRL")
        @Completion(FileCompleter.class)
        protected String outFile;

        protected abstract X509CRLHolder retrieveCrl() throws CmpClientException, PkiErrorException;

        protected Object execute0() throws Exception {
            if (this.caName != null) {
                this.caName = this.caName.toLowerCase();
            }
            Set caNames = this.client.getCaNames();
            if (isEmpty(caNames)) {
                throw new CmdFailure("no CA is configured");
            }
            if (this.caName != null && !caNames.contains(this.caName)) {
                throw new IllegalCmdParamException("CA " + this.caName + " is not within the configured CAs " + caNames);
            }
            if (this.caName == null) {
                if (caNames.size() != 1) {
                    throw new IllegalCmdParamException("no CA is specified, one of " + caNames + " is required");
                }
                this.caName = (String) caNames.iterator().next();
            }
            try {
                X509CRLHolder retrieveCrl = retrieveCrl();
                if (retrieveCrl == null) {
                    throw new CmdFailure("received no CRL from server");
                }
                saveVerbose("saved CRL to file", this.outFile, encodeCrl(retrieveCrl.getEncoded(), this.outform));
                return null;
            } catch (PkiErrorException e) {
                throw new CmdFailure("received no CRL from server: " + e.getMessage());
            }
        }
    }
}
