package com.floragunn.searchguard.tools.tlstool;

import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.dataformat.yaml.YAMLFactory;
import com.floragunn.searchguard.tools.tlstool.Config;
import com.floragunn.searchguard.tools.tlstool.tasks.CreateCa;
import com.floragunn.searchguard.tools.tlstool.tasks.CreateClientCertificate;
import com.floragunn.searchguard.tools.tlstool.tasks.CreateClientCsr;
import com.floragunn.searchguard.tools.tlstool.tasks.CreateNodeCertificate;
import com.floragunn.searchguard.tools.tlstool.tasks.CreateNodeCsr;
import com.floragunn.searchguard.tools.tlstool.tasks.LoadCa;
import com.floragunn.searchguard.tools.tlstool.tasks.Task;
import com.floragunn.searchguard.tools.tlstool.tasks.Validate;
import com.google.common.base.Strings;
import java.io.File;
import java.io.IOException;
import java.security.Security;
import java.util.ArrayList;
import java.util.Iterator;
import net.bytebuddy.implementation.auxiliary.TypeProxy;
import org.apache.commons.cli.CommandLine;
import org.apache.commons.cli.DefaultParser;
import org.apache.commons.cli.HelpFormatter;
import org.apache.commons.cli.Option;
import org.apache.commons.cli.Options;
import org.apache.commons.cli.ParseException;
import org.apache.logging.log4j.Level;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.core.LoggerContext;
import org.apache.logging.log4j.core.config.Configurator;

/* loaded from: input_file:com/floragunn/searchguard/tools/tlstool/SearchGuardTlsTool.class */
public class SearchGuardTlsTool {
    private static final ObjectMapper objectMapper = new ObjectMapper(new YAMLFactory());
    private static final Logger log = LogManager.getLogger((Class<?>) SearchGuardTlsTool.class);
    private static Options options;
    private CommandLine commandLine;

    public static void main(String[] strArr) {
        objectMapper.configure(DeserializationFeature.ACCEPT_SINGLE_VALUE_AS_ARRAY, true);
        try {
            new SearchGuardTlsTool(parseOptions(strArr)).run();
        } catch (ToolException e) {
            log.error(e.getMessage());
            log.info("No files have been written");
            log.debug("Exception: ", (Throwable) e);
            System.exit(1);
        }
    }

    private static CommandLine parseOptions(String[] strArr) {
        options = new Options();
        options.addOption(Option.builder("ca").longOpt("create-ca").desc("Create a new certificate authority").build());
        options.addOption(Option.builder("crt").longOpt("create-cert").desc("Create certificates using an existing or newly created local certificate authority").build());
        options.addOption(Option.builder("csr").longOpt("create-csr").desc("Create certificate signing requests").build());
        options.addOption(Option.builder("c").longOpt(LoggerContext.PROPERTY_CONFIG).hasArg().desc("Path to the config file").build());
        options.addOption(Option.builder("t").longOpt(TypeProxy.INSTANCE_FIELD).hasArg().desc("Path to the target directory").build());
        options.addOption(Option.builder("o").longOpt("overwrite").desc("Overwrite existing files").build());
        options.addOption(Option.builder("v").longOpt("verbose").desc("Enable detailed output").build());
        options.addOption(Option.builder("f").longOpt("force").desc("Force certificate generation despite of validation errors").build());
        try {
            return new DefaultParser().parse(options, strArr);
        } catch (ParseException e) {
            new HelpFormatter().printHelp("sgtlstool.sh", options, true);
            System.exit(1);
            return null;
        }
    }

    SearchGuardTlsTool(CommandLine commandLine) {
        this.commandLine = commandLine;
    }

    private Config getConfig() throws ToolException {
        try {
            String optionValue = this.commandLine.getOptionValue(LoggerContext.PROPERTY_CONFIG);
            if (Strings.isNullOrEmpty(optionValue)) {
                throw new ToolException("No config specified. In order to use this tool, you always need to specify a config file using the -c option. To create a config file, copy the file config/template.yml and edit it to match your needs.");
            }
            File file = new File(optionValue);
            if (!file.exists()) {
                throw new ToolException("Config file does not exist: " + file);
            }
            Config config = (Config) objectMapper.readValue(file, Config.class);
            config.applyDefaults();
            return config;
        } catch (IOException e) {
            throw new ToolException(e);
        }
    }

    private void run() throws ToolException {
        if (!this.commandLine.hasOption("ca") && !this.commandLine.hasOption("crt") && !this.commandLine.hasOption("csr")) {
            System.out.println("In order to use sgtlstool, you have to use at least one of these parameters:\n\n--create-ca - Creates a new CA\n--create-cert - Creates new certificates\n--create-csr - Creates certificate signing requests.\n");
            if (!this.commandLine.hasOption("c")) {
                System.out.println("Furthermore, you need to specify a config file using the -c option. To create a config file, copy the file config/template.yml and edit it to match your needs.\n");
            }
            new HelpFormatter().printHelp("sgtlstool.sh", options, true);
            System.exit(1);
        }
        Config config = getConfig();
        Context context = new Context();
        context.setConfig(config);
        Security.addProvider(context.getSecurityProvider());
        ArrayList<Task> arrayList = new ArrayList();
        if (this.commandLine.hasOption("v")) {
            Configurator.setRootLevel(Level.DEBUG);
            Configurator.setLevel("STDOUT", Level.DEBUG);
        }
        File file = new File(this.commandLine.getOptionValue("t", "out"));
        if (!file.exists() && this.commandLine.getOptionValue("t") == null) {
            file.mkdir();
        }
        if (!file.exists()) {
            throw new ToolException("Target directory does not exist: " + file);
        }
        context.setTargetDirectory(file);
        if (this.commandLine.hasOption("o")) {
            context.setOverwrite(true);
        }
        if (!this.commandLine.hasOption("f")) {
            arrayList.add(new Validate(context));
        }
        if (this.commandLine.hasOption("ca")) {
            arrayList.add(new CreateCa(context, config.getCa()));
        } else if (this.commandLine.hasOption("crt")) {
            arrayList.add(new LoadCa(context, config.getCa()));
        }
        if (this.commandLine.hasOption("csr")) {
            if (config.getNodes() != null) {
                Iterator<Config.Node> it = config.getNodes().iterator();
                while (it.hasNext()) {
                    arrayList.add(new CreateNodeCsr(context, it.next()));
                }
            }
            if (config.getClients() != null) {
                Iterator<Config.Client> it2 = config.getClients().iterator();
                while (it2.hasNext()) {
                    arrayList.add(new CreateClientCsr(context, it2.next()));
                }
            }
        } else if (this.commandLine.hasOption("crt")) {
            if (config.getNodes() != null) {
                Iterator<Config.Node> it3 = config.getNodes().iterator();
                while (it3.hasNext()) {
                    arrayList.add(new CreateNodeCertificate(context, it3.next()));
                }
            }
            if (config.getClients() != null) {
                Iterator<Config.Client> it4 = config.getClients().iterator();
                while (it4.hasNext()) {
                    arrayList.add(new CreateClientCertificate(context, it4.next()));
                }
            }
        }
        for (Task task : arrayList) {
            log.debug("Executing: " + task);
            task.run();
        }
        context.getFileOutput().saveAllFiles();
        if (CreateNodeCertificate.getGeneratedCertificateCount() > 0) {
            log.info("Created " + CreateNodeCertificate.getGeneratedCertificateCount() + " node certificates.");
            if (CreateNodeCertificate.isPasswordAutoGenerated()) {
                log.info("Passwords for the private keys of the node certificates have been auto-generated. The passwords are stored in the config snippet files.");
            }
        }
        if (CreateNodeCsr.getGeneratedCsrCount() > 0) {
            log.info("Created " + CreateNodeCsr.getGeneratedCsrCount() + " node certificate signing requests.");
            if (CreateNodeCsr.isPasswordAutoGenerated()) {
                log.info("Passwords for the private keys of the node certificates have been auto-generated. The passwords are stored in the config snippet files.");
            }
        }
        if (CreateClientCertificate.getGeneratedCertificateCount() > 0) {
            log.info("Created " + CreateClientCertificate.getGeneratedCertificateCount() + " client certificates.");
            if (CreateClientCertificate.isPasswordAutoGenerated()) {
                log.info("Passwords for the private keys of the client certificates have been auto-generated. The passwords are stored in the file \"client-certificates.readme\"");
            }
        }
        if (CreateClientCsr.getGeneratedCsrCount() > 0) {
            log.info("Created " + CreateClientCsr.getGeneratedCsrCount() + " client certificate signing requests.");
            if (CreateClientCsr.isPasswordAutoGenerated()) {
                log.info("Passwords for the private keys of the client certificates have been auto-generated. The passwords are stored in the file \"client-certificates.readme\"");
            }
        }
    }
}
