package org.apache.nifi.toolkit.tls.service.server;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import org.apache.nifi.toolkit.tls.commandLine.CommandLineParseException;
import org.apache.nifi.toolkit.tls.configuration.TlsConfig;
import org.apache.nifi.toolkit.tls.service.BaseCertificateAuthorityCommandLine;
import org.apache.nifi.toolkit.tls.util.InputStreamFactory;
import org.apache.nifi.toolkit.tls.util.TlsHelper;
import org.apache.nifi.util.StringUtils;

/* loaded from: input_file:org/apache/nifi/toolkit/tls/service/server/TlsCertificateAuthorityServiceCommandLine.class */
public class TlsCertificateAuthorityServiceCommandLine extends BaseCertificateAuthorityCommandLine {
    public static final String DESCRIPTION = "Acts as a Certificate Authority that can be used by clients to get Certificates";
    public static final String NIFI_CA_KEYSTORE = "nifi-ca-keystore.";
    private final InputStreamFactory inputStreamFactory;

    public TlsCertificateAuthorityServiceCommandLine() {
        this(FileInputStream::new);
    }

    public TlsCertificateAuthorityServiceCommandLine(InputStreamFactory inputStreamFactory) {
        super(DESCRIPTION);
        this.inputStreamFactory = inputStreamFactory;
    }

    public static void main(String[] strArr) throws Exception {
        TlsHelper.addBouncyCastleProvider();
        TlsCertificateAuthorityServiceCommandLine tlsCertificateAuthorityServiceCommandLine = new TlsCertificateAuthorityServiceCommandLine();
        try {
            tlsCertificateAuthorityServiceCommandLine.parse(strArr);
        } catch (CommandLineParseException e) {
            System.exit(e.getExitCode());
        }
        new TlsCertificateAuthorityService().start(tlsCertificateAuthorityServiceCommandLine.createConfig(), tlsCertificateAuthorityServiceCommandLine.getConfigJson(), tlsCertificateAuthorityServiceCommandLine.differentPasswordForKeyAndKeystore());
        System.out.println("Server Started");
        System.out.flush();
    }

    public TlsConfig createConfig() throws IOException {
        if (!onlyUseConfigJson()) {
            TlsConfig tlsConfig = new TlsConfig();
            tlsConfig.setCaHostname(getCertificateAuthorityHostname());
            tlsConfig.setDn(getDn());
            tlsConfig.setToken(getToken());
            tlsConfig.setPort(getPort());
            tlsConfig.setKeyStore(NIFI_CA_KEYSTORE + getKeyStoreType().toLowerCase());
            tlsConfig.setKeyStoreType(getKeyStoreType());
            tlsConfig.setKeySize(getKeySize());
            tlsConfig.setKeyPairAlgorithm(getKeyAlgorithm());
            tlsConfig.setSigningAlgorithm(getSigningAlgorithm());
            tlsConfig.setDays(getDays());
            return tlsConfig;
        }
        InputStream create = this.inputStreamFactory.create(new File(getConfigJson()));
        Throwable th = null;
        try {
            TlsConfig tlsConfig2 = (TlsConfig) new ObjectMapper().readValue(create, TlsConfig.class);
            tlsConfig2.initDefaults();
            if (create != null) {
                if (0 != 0) {
                    try {
                        create.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    create.close();
                }
            }
            return tlsConfig2;
        } catch (Throwable th3) {
            if (create != null) {
                if (0 != 0) {
                    try {
                        create.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    create.close();
                }
            }
            throw th3;
        }
    }

    @Override // org.apache.nifi.toolkit.tls.service.BaseCertificateAuthorityCommandLine
    protected String getTokenDescription() {
        return "The token to use to prevent MITM (required and must be same as one used by clients)";
    }

    @Override // org.apache.nifi.toolkit.tls.service.BaseCertificateAuthorityCommandLine
    protected String getDnDescription() {
        return "The dn to use for the CA certificate";
    }

    @Override // org.apache.nifi.toolkit.tls.service.BaseCertificateAuthorityCommandLine
    protected String getPortDescription() {
        return "The port for the Certificate Authority to listen on";
    }

    @Override // org.apache.nifi.toolkit.tls.service.BaseCertificateAuthorityCommandLine
    protected String getDnHostname() {
        String certificateAuthorityHostname = getCertificateAuthorityHostname();
        return StringUtils.isEmpty(certificateAuthorityHostname) ? "YOUR_CA_HOSTNAME" : certificateAuthorityHostname;
    }
}
