package co.cask.cdap.security.tools;

import co.cask.cdap.common.utils.UsageException;
import co.cask.cdap.security.server.ExternalAuthenticationServer;
import com.google.common.io.ByteStreams;
import com.google.gson.JsonArray;
import com.google.gson.JsonElement;
import com.google.gson.JsonParser;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.PrintStream;
import java.io.PrintWriter;
import java.net.URI;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.Random;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.cli.BasicParser;
import org.apache.commons.cli.CommandLine;
import org.apache.commons.cli.HelpFormatter;
import org.apache.commons.cli.Options;
import org.apache.commons.cli.ParseException;
import org.apache.commons.codec.binary.Base64;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.scheme.SchemeSocketFactory;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.impl.conn.BasicClientConnectionManager;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;

/* loaded from: input_file:co/cask/cdap/security/tools/AccessTokenClient.class */
public class AccessTokenClient {
    public static boolean debug;
    private static final int SSL_PORT = 10443;
    private static final int NO_SSL_PORT = 10000;
    private String host;
    private String username;
    private String password;
    private String filePath;
    private Options options;
    private boolean help = false;
    private int port = NO_SSL_PORT;
    private boolean useSsl = false;
    private boolean disableCertCheck = false;

    /* loaded from: input_file:co/cask/cdap/security/tools/AccessTokenClient$ConfigurableOptions.class */
    private static final class ConfigurableOptions {
        private static final String HOST = "host";
        private static final String PORT = "port";
        private static final String USER_NAME = "username";
        private static final String PASSWORD = "password";
        private static final String FILE = "file";
        private static final String HELP = "help";
        private static final String SSL = "ssl";
        private static final String DISABLE_CERT_CHECK = "disable-cert-check";

        private ConfigurableOptions() {
        }
    }

    void usage(boolean z) {
        PrintStream printStream = z ? System.err : System.out;
        String replaceAll = System.getProperty("script") != null ? System.getProperty("script").replaceAll("[./]", "") : "accesstoken-client";
        printStream.println("Usage: ");
        printStream.println("  " + replaceAll + " [ --host <host> ] [ --username <username> ] [ --file <outputfile> ]");
        printStream.println();
        printOptions(z);
    }

    private void printOptions(boolean z) {
        PrintWriter printWriter = z ? new PrintWriter(System.err) : new PrintWriter(System.out);
        printWriter.println("Options:\n");
        new HelpFormatter().printOptions(printWriter, 100, this.options, 0, 10);
        printWriter.flush();
        printWriter.close();
        if (z) {
            throw new UsageException();
        }
    }

    private void buildOptions() {
        this.options = new Options();
        this.options.addOption((String) null, "host", true, "To specify the host of gateway");
        this.options.addOption((String) null, "port", true, "To specify the port of gateway. " + String.format("Defaults to %d if router is not SSL enabled and %d if it is.", Integer.valueOf(NO_SSL_PORT), Integer.valueOf(SSL_PORT)));
        this.options.addOption((String) null, "username", true, "To specify the user to login as");
        this.options.addOption((String) null, "password", true, "To specify the user password");
        this.options.addOption((String) null, "file", true, "To specify the access token file");
        this.options.addOption((String) null, "help", false, "To print this message");
        this.options.addOption((String) null, "ssl", false, "To specify that SSL is enabled");
        this.options.addOption((String) null, "disable-cert-check", false, "To specify whether to check for properly signed certificates");
    }

    void usage(String str) {
        if (str != null) {
            System.err.println("Error: " + str);
        }
        usage(true);
    }

    void parseArguments(String[] strArr) {
        CommandLine commandLine = null;
        try {
            commandLine = new BasicParser().parse(this.options, strArr);
        } catch (ParseException e) {
            System.err.println("Could not parse arguments correctly.");
            usage(true);
        }
        if (commandLine.hasOption("help")) {
            usage(false);
            this.help = true;
            return;
        }
        this.useSsl = commandLine.hasOption("ssl");
        this.disableCertCheck = commandLine.hasOption("disable-cert-check");
        this.host = commandLine.getOptionValue("host", "localhost");
        if (commandLine.hasOption("port")) {
            try {
                this.port = Integer.parseInt(commandLine.getOptionValue("port"));
            } catch (NumberFormatException e2) {
                usage("--port must be an integer value");
            }
        } else {
            this.port = this.useSsl ? SSL_PORT : NO_SSL_PORT;
        }
        this.username = commandLine.getOptionValue("username", System.getProperty("user.name"));
        if (this.username == null) {
            usage("Specify --username to login as a user.");
        }
        this.password = commandLine.getOptionValue("password");
        if (this.password == null) {
            this.password = String.valueOf(System.console().readPassword(String.format("Password for %s: ", this.username), new Object[0]));
        }
        if (commandLine.hasOption("file")) {
            this.filePath = commandLine.getOptionValue("file");
        } else {
            usage("Specify --file to save to file");
        }
        if (commandLine.getArgs().length > 0) {
            usage(true);
        }
    }

    private String getAuthenticationServerAddress() throws IOException {
        DefaultHttpClient defaultHttpClient = new DefaultHttpClient();
        Object obj = "http";
        if (this.useSsl) {
            obj = "https";
            if (this.disableCertCheck) {
                try {
                    defaultHttpClient = getHTTPClient();
                } catch (Exception e) {
                    errorDebugExit("Could not create HTTP Client with SSL enabled", e);
                    System.exit(1);
                }
            }
        }
        HttpResponse execute = defaultHttpClient.execute(new HttpGet(String.format("%s://%s:%d", obj, this.host, Integer.valueOf(this.port))));
        if (execute.getStatusLine().getStatusCode() == 200) {
            System.out.println("Security is not enabled. No Access Token may be acquired");
            System.exit(0);
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ByteStreams.copy(execute.getEntity().getContent(), byteArrayOutputStream);
        String byteArrayOutputStream2 = byteArrayOutputStream.toString("UTF-8");
        byteArrayOutputStream.close();
        JsonArray asJsonArray = new JsonParser().parse(byteArrayOutputStream2).get("auth_uri").getAsJsonArray();
        ArrayList arrayList = new ArrayList();
        Iterator it = asJsonArray.iterator();
        while (it.hasNext()) {
            arrayList.add(((JsonElement) it.next()).getAsString());
        }
        return (String) arrayList.get(new Random().nextInt(arrayList.size()));
    }

    protected DefaultHttpClient getHTTPClient() throws Exception {
        SSLContext sSLContext = SSLContext.getInstance("SSL");
        sSLContext.init(null, new TrustManager[]{new X509TrustManager() { // from class: co.cask.cdap.security.tools.AccessTokenClient.1
            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            }
        }}, new SecureRandom());
        Scheme scheme = new Scheme("https", 10101, (SchemeSocketFactory) new SSLSocketFactory(sSLContext));
        SchemeRegistry schemeRegistry = new SchemeRegistry();
        schemeRegistry.register(scheme);
        return new DefaultHttpClient((ClientConnectionManager) new BasicClientConnectionManager(schemeRegistry));
    }

    public String execute0(String[] strArr) {
        buildOptions();
        parseArguments(strArr);
        if (this.help) {
            return "";
        }
        try {
            String authenticationServerAddress = getAuthenticationServerAddress();
            System.out.println(String.format("Authentication server address is: %s", authenticationServerAddress));
            System.out.println(String.format("Authenticating as: %s", this.username));
            DefaultHttpClient defaultHttpClient = new DefaultHttpClient();
            if (this.useSsl && this.disableCertCheck) {
                try {
                    defaultHttpClient = getHTTPClient();
                } catch (Exception e) {
                    errorDebugExit("Could not create HTTP Client with SSL enabled", e);
                    return null;
                }
            }
            try {
                URI.create(authenticationServerAddress);
                HttpGet httpGet = new HttpGet(authenticationServerAddress);
                httpGet.addHeader("Authorization", String.format("Basic %s", Base64.encodeBase64String(String.format("%s:%s", this.username, this.password).getBytes()).replaceAll("(\r|\n)", "")));
                try {
                    HttpResponse execute = defaultHttpClient.execute(httpGet);
                    if (execute.getStatusLine().getStatusCode() != 200) {
                        System.out.println("Authentication failed. Please ensure that the username and password provided are correct.");
                        return null;
                    }
                    try {
                        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                        ByteStreams.copy(execute.getEntity().getContent(), byteArrayOutputStream);
                        String byteArrayOutputStream2 = byteArrayOutputStream.toString("UTF-8");
                        byteArrayOutputStream.close();
                        String asString = new JsonParser().parse(byteArrayOutputStream2).get(ExternalAuthenticationServer.ResponseFields.ACCESS_TOKEN).getAsString();
                        PrintWriter printWriter = new PrintWriter(this.filePath, "UTF-8");
                        printWriter.write(asString);
                        printWriter.close();
                        System.out.println("Your Access Token is:" + asString);
                        System.out.println("Access Token saved to file " + this.filePath);
                        defaultHttpClient.getConnectionManager().shutdown();
                        return "OK.";
                    } catch (Exception e2) {
                        System.err.println("Could not parse response contents.");
                        e2.printStackTrace(System.err);
                        return null;
                    }
                } catch (IOException e3) {
                    errorDebugExit("Error sending HTTP request: " + e3.getMessage(), e3);
                    return null;
                }
            } catch (IllegalArgumentException e4) {
                System.err.println("Invalid base URL '" + authenticationServerAddress + "'. Check the validity of --host or --port arguments.");
                return null;
            }
        } catch (IOException e5) {
            errorDebugExit("Could not find Authentication service to connect to.", e5);
            return null;
        }
    }

    private void errorDebugExit(String str, Exception exc) {
        System.err.println(str);
        if (debug) {
            exc.printStackTrace();
        }
        System.exit(1);
    }

    public String execute(String[] strArr) {
        try {
            return execute0(strArr);
        } catch (UsageException e) {
            if (!debug) {
                return null;
            }
            System.err.println("Exception for arguments: " + Arrays.toString(strArr) + ". Exception: " + e);
            e.printStackTrace(System.err);
            return null;
        }
    }

    public static void main(String[] strArr) {
        if (new AccessTokenClient().execute(strArr) == null) {
            System.exit(1);
        }
    }

    static {
        Logger.getRootLogger().setLevel(Level.OFF);
        debug = false;
    }
}
