package org.opends.server.admin.client.cli;

import com.forgerock.opendj.cli.Argument;
import com.forgerock.opendj.cli.ArgumentException;
import com.forgerock.opendj.cli.ArgumentParser;
import com.forgerock.opendj.cli.BooleanArgument;
import com.forgerock.opendj.cli.CliConstants;
import com.forgerock.opendj.cli.CommonArguments;
import com.forgerock.opendj.cli.FileBasedArgument;
import com.forgerock.opendj.cli.IntegerArgument;
import com.forgerock.opendj.cli.ReturnCode;
import com.forgerock.opendj.cli.StringArgument;
import com.forgerock.opendj.cli.Utils;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.InetAddress;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import org.forgerock.i18n.LocalizableMessage;
import org.forgerock.i18n.LocalizableMessageBuilder;
import org.forgerock.i18n.LocalizableMessageDescriptor;
import org.forgerock.i18n.slf4j.LocalizedLogger;
import org.forgerock.opendj.config.server.ConfigException;
import org.forgerock.opendj.server.config.server.FileBasedTrustManagerProviderCfg;
import org.forgerock.opendj.server.config.server.RootCfg;
import org.forgerock.opendj.server.config.server.TrustManagerProviderCfg;
import org.glassfish.grizzly.ssl.SSLContextConfigurator;
import org.opends.admin.ads.util.ApplicationTrustManager;
import org.opends.messages.AdminToolMessages;
import org.opends.messages.ToolMessages;
import org.opends.server.core.DirectoryServer;

/* loaded from: input_file:org/opends/server/admin/client/cli/SecureConnectionCliArgs.class */
public final class SecureConnectionCliArgs {
    private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass();
    private StringArgument hostNameArg;
    private IntegerArgument portArg;
    private StringArgument bindDnArg;
    private StringArgument adminUidArg;
    private FileBasedArgument bindPasswordFileArg;
    private StringArgument bindPasswordArg;
    private BooleanArgument trustAllArg;
    private StringArgument trustStorePathArg;
    private StringArgument trustStorePasswordArg;
    private FileBasedArgument trustStorePasswordFileArg;
    private StringArgument keyStorePathArg;
    private StringArgument keyStorePasswordArg;
    private FileBasedArgument keyStorePasswordFileArg;
    private StringArgument certNicknameArg;
    private BooleanArgument useSSLArg;
    private BooleanArgument useStartTLSArg;
    private StringArgument saslOptionArg;
    private IntegerArgument connectTimeoutArg;
    private Set<Argument> argList;
    private ApplicationTrustManager trustManager;
    private boolean configurationInitialized;
    private final boolean alwaysUseSSL;

    public SecureConnectionCliArgs(boolean z) {
        this.alwaysUseSSL = z;
    }

    public boolean argumentsPresent() {
        if (this.argList == null) {
            return false;
        }
        Iterator<Argument> it = this.argList.iterator();
        while (it.hasNext()) {
            if (it.next().isPresent()) {
                return true;
            }
        }
        return false;
    }

    public String getAdministratorUID() {
        return getValueOrDefault(this.adminUidArg);
    }

    public String getBindDN() {
        return getValueOrDefault(this.bindDnArg);
    }

    public Set<Argument> createGlobalArguments() throws ArgumentException {
        this.argList = new LinkedHashSet();
        this.useSSLArg = CommonArguments.useSSLArgument();
        if (this.alwaysUseSSL) {
            this.useSSLArg.setPresent(true);
        } else {
            this.argList.add(this.useSSLArg);
        }
        this.useStartTLSArg = CommonArguments.startTLSArgument();
        if (!this.alwaysUseSSL) {
            this.argList.add(this.useStartTLSArg);
        }
        this.hostNameArg = CommonArguments.hostNameArgument(getDefaultHostName());
        this.argList.add(this.hostNameArg);
        this.portArg = createPortArgument(4444);
        this.argList.add(this.portArg);
        this.bindDnArg = CommonArguments.bindDNArgument("cn=Directory Manager");
        this.argList.add(this.bindDnArg);
        this.adminUidArg = CommonArguments.adminUidHiddenArgument(AdminToolMessages.INFO_DESCRIPTION_ADMIN_UID.get());
        this.bindPasswordArg = CommonArguments.bindPasswordArgument();
        this.argList.add(this.bindPasswordArg);
        this.bindPasswordFileArg = CommonArguments.bindPasswordFileArgument();
        this.argList.add(this.bindPasswordFileArg);
        this.saslOptionArg = CommonArguments.saslArgument();
        this.argList.add(this.saslOptionArg);
        this.trustAllArg = CommonArguments.trustAllArgument();
        this.argList.add(this.trustAllArg);
        this.trustStorePathArg = CommonArguments.trustStorePathArgument();
        this.argList.add(this.trustStorePathArg);
        this.trustStorePasswordArg = CommonArguments.trustStorePasswordArgument();
        this.argList.add(this.trustStorePasswordArg);
        this.trustStorePasswordFileArg = CommonArguments.trustStorePasswordFileArgument();
        this.argList.add(this.trustStorePasswordFileArg);
        this.keyStorePathArg = CommonArguments.keyStorePathArgument();
        this.argList.add(this.keyStorePathArg);
        this.keyStorePasswordArg = CommonArguments.keyStorePasswordArgument();
        this.argList.add(this.keyStorePasswordArg);
        this.keyStorePasswordFileArg = CommonArguments.keyStorePasswordFileArgument();
        this.argList.add(this.keyStorePasswordFileArg);
        this.certNicknameArg = CommonArguments.certNickNameArgument();
        this.argList.add(this.certNicknameArg);
        this.connectTimeoutArg = CommonArguments.connectTimeOutArgument();
        this.argList.add(this.connectTimeoutArg);
        return this.argList;
    }

    public String getHostName() {
        return getValueOrDefault(this.hostNameArg);
    }

    public String getDefaultHostName() {
        try {
            return InetAddress.getLocalHost().getHostName();
        } catch (Exception e) {
            return "localhost";
        }
    }

    public String getPort() {
        return getValueOrDefault(this.portArg);
    }

    private String getValueOrDefault(Argument argument) {
        return argument.isPresent() ? argument.getValue() : argument.getDefaultValue();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int validateGlobalOptions(LocalizableMessageBuilder localizableMessageBuilder) {
        ArrayList arrayList = new ArrayList();
        Utils.addErrorMessageIfArgumentsConflict(arrayList, this.bindPasswordArg, this.bindPasswordFileArg);
        Utils.addErrorMessageIfArgumentsConflict(arrayList, this.trustAllArg, this.trustStorePathArg);
        Utils.addErrorMessageIfArgumentsConflict(arrayList, this.trustAllArg, this.trustStorePasswordArg);
        Utils.addErrorMessageIfArgumentsConflict(arrayList, this.trustAllArg, this.trustStorePasswordFileArg);
        Utils.addErrorMessageIfArgumentsConflict(arrayList, this.trustStorePasswordArg, this.trustStorePasswordFileArg);
        Utils.addErrorMessageIfArgumentsConflict(arrayList, this.useStartTLSArg, this.useSSLArg);
        checkIfPathArgumentIsReadable(arrayList, this.trustStorePathArg, ToolMessages.ERR_CANNOT_READ_TRUSTSTORE);
        checkIfPathArgumentIsReadable(arrayList, this.keyStorePathArg, ToolMessages.ERR_CANNOT_READ_KEYSTORE);
        if (arrayList.isEmpty()) {
            return ReturnCode.SUCCESS.get();
        }
        for (LocalizableMessage localizableMessage : arrayList) {
            if (localizableMessageBuilder.length() > 0) {
                localizableMessageBuilder.append((CharSequence) Utils.LINE_SEPARATOR);
            }
            localizableMessageBuilder.append(localizableMessage);
        }
        return ReturnCode.CONFLICTING_ARGS.get();
    }

    private void checkIfPathArgumentIsReadable(List<LocalizableMessage> list, StringArgument stringArgument, LocalizableMessageDescriptor.Arg1<Object> arg1) {
        if (!stringArgument.isPresent() || canRead(stringArgument.getValue())) {
            return;
        }
        list.add(arg1.get(stringArgument.getValue()));
    }

    public boolean alwaysUseSsl() {
        return this.alwaysUseSSL;
    }

    public ApplicationTrustManager getTrustManager() {
        if (this.trustManager == null) {
            if (this.trustAllArg.isPresent()) {
                return null;
            }
            if (this.trustStorePathArg.isPresent()) {
                String str = null;
                if (this.trustStorePasswordArg.isPresent()) {
                    str = this.trustStorePasswordArg.getValue();
                } else if (this.trustStorePasswordFileArg.isPresent()) {
                    str = this.trustStorePasswordFileArg.getValue();
                }
                if (str == null) {
                    str = System.getProperty(SSLContextConfigurator.TRUST_STORE_PASSWORD);
                }
                char[] charArray = str != null ? str.toCharArray() : null;
                KeyStore keyStore = null;
                try {
                    FileInputStream fileInputStream = new FileInputStream(this.trustStorePathArg.getValue());
                    try {
                        keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                        keyStore.load(fileInputStream, charArray);
                        fileInputStream.close();
                    } finally {
                    }
                } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                    logger.warn(LocalizableMessage.raw("Error with the truststore", new Object[0]), e);
                }
                this.trustManager = new ApplicationTrustManager(keyStore);
            }
        }
        return this.trustManager;
    }

    private boolean canRead(String str) {
        File file = new File(str);
        return file.exists() && file.canRead();
    }

    public String getTruststoreFileFromConfig() throws ConfigException {
        String str = null;
        if (this.configurationInitialized || initializeConfiguration()) {
            RootCfg rootConfig = DirectoryServer.getInstance().getServerContext().getRootConfig();
            TrustManagerProviderCfg trustManagerProvider = rootConfig.getTrustManagerProvider(rootConfig.getAdministrationConnector().getTrustManagerProvider());
            if (trustManagerProvider instanceof FileBasedTrustManagerProviderCfg) {
                String trustStoreFile = ((FileBasedTrustManagerProviderCfg) trustManagerProvider).getTrustStoreFile();
                str = trustStoreFile.startsWith(File.separator) ? trustStoreFile : DirectoryServer.getInstanceRoot() + File.separator + trustStoreFile;
                File file = new File(str);
                if (file.exists() && file.canRead() && !file.isDirectory()) {
                    try {
                        str = file.getCanonicalPath();
                    } catch (Throwable th) {
                    }
                } else {
                    str = null;
                }
            }
        }
        return str;
    }

    public int getAdminPortFromConfig() throws ConfigException {
        if (this.configurationInitialized || initializeConfiguration()) {
            return DirectoryServer.getInstance().getServerContext().getRootConfig().getAdministrationConnector().getListenPort();
        }
        return 4444;
    }

    private boolean initializeConfiguration() {
        try {
            DirectoryServer.getInstance().getServerContext().getRootConfig().getAdministrationConnector();
        } catch (Throwable th) {
            try {
                DirectoryServer.bootstrapClient();
                DirectoryServer.initializeJMX();
                DirectoryServer.getInstance().initializeConfiguration();
            } catch (Exception e) {
                return false;
            }
        }
        this.configurationInitialized = true;
        return true;
    }

    public int getPortFromConfig() {
        if (!alwaysUseSsl()) {
            return CliConstants.DEFAULT_SSL_PORT;
        }
        try {
            return getAdminPortFromConfig();
        } catch (ConfigException e) {
            return 4444;
        }
    }

    public void initArgumentsWithConfiguration(ArgumentParser argumentParser) {
        try {
            this.portArg = createPortArgument(getPortFromConfig());
            this.trustStorePathArg = CommonArguments.trustStorePathArgument(getTruststoreFileFromConfig());
            argumentParser.replaceArgument(this.portArg);
            argumentParser.replaceArgument(this.trustStorePathArg);
        } catch (ArgumentException | ConfigException e) {
            logger.error(LocalizableMessage.raw("Internal error while reading arguments of this program from configuration", new Object[0]), e);
        }
    }

    public void createVisibleAdminUidArgument(LocalizableMessage localizableMessage) {
        try {
            this.adminUidArg = CommonArguments.adminUid(localizableMessage);
        } catch (ArgumentException e) {
            throw new RuntimeException("Unexpected");
        }
    }

    private IntegerArgument createPortArgument(int i) throws ArgumentException {
        return CommonArguments.portArgument(i, this.alwaysUseSSL ? ToolMessages.INFO_DESCRIPTION_ADMIN_PORT.get() : ToolMessages.INFO_DESCRIPTION_PORT.get());
    }

    public StringArgument getKeyStorePathArg() {
        return this.keyStorePathArg;
    }

    public StringArgument getHostNameArg() {
        return this.hostNameArg;
    }

    public IntegerArgument getPortArg() {
        return this.portArg;
    }

    public StringArgument getBindDnArg() {
        return this.bindDnArg;
    }

    public StringArgument getAdminUidArg() {
        return this.adminUidArg;
    }

    public FileBasedArgument getBindPasswordFileArg() {
        return this.bindPasswordFileArg;
    }

    public StringArgument getBindPasswordArg() {
        return this.bindPasswordArg;
    }

    public BooleanArgument getTrustAllArg() {
        return this.trustAllArg;
    }

    public StringArgument getTrustStorePathArg() {
        return this.trustStorePathArg;
    }

    public StringArgument getTrustStorePasswordArg() {
        return this.trustStorePasswordArg;
    }

    public FileBasedArgument getTrustStorePasswordFileArg() {
        return this.trustStorePasswordFileArg;
    }

    public StringArgument getKeyStorePasswordArg() {
        return this.keyStorePasswordArg;
    }

    public FileBasedArgument getKeyStorePasswordFileArg() {
        return this.keyStorePasswordFileArg;
    }

    public StringArgument getCertNicknameArg() {
        return this.certNicknameArg;
    }

    public BooleanArgument getUseSSLArg() {
        return this.useSSLArg;
    }

    public BooleanArgument getUseStartTLSArg() {
        return this.useStartTLSArg;
    }

    public StringArgument getSaslOptionArg() {
        return this.saslOptionArg;
    }

    public IntegerArgument getConnectTimeoutArg() {
        return this.connectTimeoutArg;
    }

    public void setBindDnArgDescription(LocalizableMessage localizableMessage) {
        try {
            this.bindDnArg = CommonArguments.bindDNArgument("cn=Directory Manager", localizableMessage);
        } catch (ArgumentException e) {
            throw new RuntimeException("unexpected");
        }
    }

    public void setBindPasswordArgument(StringArgument stringArgument) {
        this.bindPasswordArg = stringArgument;
    }

    public void setBindPasswordFileArgument(FileBasedArgument fileBasedArgument) {
        this.bindPasswordFileArg = fileBasedArgument;
    }
}
