package org.apache.nifi.toolkit.tls.service.client;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.InetAddress;
import java.net.UnknownHostException;
import org.apache.commons.cli.CommandLine;
import org.apache.nifi.toolkit.tls.commandLine.BaseCommandLine;
import org.apache.nifi.toolkit.tls.commandLine.CommandLineParseException;
import org.apache.nifi.toolkit.tls.commandLine.ExitCode;
import org.apache.nifi.toolkit.tls.configuration.TlsClientConfig;
import org.apache.nifi.toolkit.tls.configuration.TlsConfig;
import org.apache.nifi.toolkit.tls.service.BaseCertificateAuthorityCommandLine;
import org.apache.nifi.toolkit.tls.util.InputStreamFactory;
import org.apache.nifi.toolkit.tls.util.TlsHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/nifi/toolkit/tls/service/client/TlsCertificateAuthorityClientCommandLine.class */
public class TlsCertificateAuthorityClientCommandLine extends BaseCertificateAuthorityCommandLine {
    public static final String DESCRIPTION = "Generates a private key and gets it signed by the certificate authority.";
    public static final String CERTIFICATE_DIRECTORY = "certificateDirectory";
    public static final String DEFAULT_CERTIFICATE_DIRECTORY = ".";
    private final Logger logger;
    private final InputStreamFactory inputStreamFactory;
    private String certificateDirectory;

    public TlsCertificateAuthorityClientCommandLine() {
        this(FileInputStream::new);
    }

    public TlsCertificateAuthorityClientCommandLine(InputStreamFactory inputStreamFactory) {
        super(DESCRIPTION);
        this.logger = LoggerFactory.getLogger(TlsCertificateAuthorityClientCommandLine.class);
        this.inputStreamFactory = inputStreamFactory;
        addOptionWithArg("C", CERTIFICATE_DIRECTORY, "The file to write the CA certificate to", DEFAULT_CERTIFICATE_DIRECTORY);
    }

    public static void main(String[] strArr) throws Exception {
        TlsHelper.addBouncyCastleProvider();
        TlsCertificateAuthorityClientCommandLine tlsCertificateAuthorityClientCommandLine = new TlsCertificateAuthorityClientCommandLine();
        try {
            tlsCertificateAuthorityClientCommandLine.parse(strArr);
        } catch (CommandLineParseException e) {
            System.exit(e.getExitCode());
        }
        new TlsCertificateAuthorityClient().generateCertificateAndGetItSigned(tlsCertificateAuthorityClientCommandLine.createClientConfig(), tlsCertificateAuthorityClientCommandLine.getCertificateDirectory(), tlsCertificateAuthorityClientCommandLine.getConfigJson(), tlsCertificateAuthorityClientCommandLine.differentPasswordForKeyAndKeystore());
        System.exit(ExitCode.SUCCESS.ordinal());
    }

    @Override // org.apache.nifi.toolkit.tls.commandLine.BaseCommandLine
    protected boolean shouldAddDaysArg() {
        return false;
    }

    @Override // org.apache.nifi.toolkit.tls.commandLine.BaseCommandLine
    protected boolean shouldAddSigningAlgorithmArg() {
        return false;
    }

    @Override // org.apache.nifi.toolkit.tls.service.BaseCertificateAuthorityCommandLine
    protected String getTokenDescription() {
        return "The token to use to prevent MITM (required and must be same as one used by CA)";
    }

    @Override // org.apache.nifi.toolkit.tls.service.BaseCertificateAuthorityCommandLine
    protected String getDnDescription() {
        return "The dn to use for the client certificate";
    }

    @Override // org.apache.nifi.toolkit.tls.service.BaseCertificateAuthorityCommandLine
    protected String getPortDescription() {
        return "The port to use to communicate with the Certificate Authority";
    }

    @Override // org.apache.nifi.toolkit.tls.service.BaseCertificateAuthorityCommandLine
    protected String getDnHostname() {
        try {
            return InetAddress.getLocalHost().getHostName();
        } catch (UnknownHostException e) {
            this.logger.warn("Unable to determine hostname", e);
            return TlsConfig.DEFAULT_HOSTNAME;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.nifi.toolkit.tls.service.BaseCertificateAuthorityCommandLine, org.apache.nifi.toolkit.tls.commandLine.BaseCommandLine
    public CommandLine doParse(String[] strArr) throws CommandLineParseException {
        CommandLine doParse = super.doParse(strArr);
        this.certificateDirectory = doParse.getOptionValue(CERTIFICATE_DIRECTORY, DEFAULT_CERTIFICATE_DIRECTORY);
        return doParse;
    }

    public String getCertificateDirectory() {
        return this.certificateDirectory;
    }

    public TlsClientConfig createClientConfig() throws IOException {
        if (!onlyUseConfigJson()) {
            TlsClientConfig tlsClientConfig = new TlsClientConfig();
            tlsClientConfig.setCaHostname(getCertificateAuthorityHostname());
            tlsClientConfig.setDn(getDn());
            tlsClientConfig.setToken(getToken());
            tlsClientConfig.setPort(getPort());
            tlsClientConfig.setKeyStore(BaseCommandLine.KEYSTORE + getKeyStoreType().toLowerCase());
            tlsClientConfig.setKeyStoreType(getKeyStoreType());
            tlsClientConfig.setTrustStore(BaseCommandLine.TRUSTSTORE + getKeyStoreType().toLowerCase());
            tlsClientConfig.setTrustStoreType(getKeyStoreType());
            tlsClientConfig.setKeySize(getKeySize());
            tlsClientConfig.setKeyPairAlgorithm(getKeyAlgorithm());
            tlsClientConfig.setSigningAlgorithm(getSigningAlgorithm());
            return tlsClientConfig;
        }
        InputStream create = this.inputStreamFactory.create(new File(getConfigJson()));
        Throwable th = null;
        try {
            TlsClientConfig tlsClientConfig2 = (TlsClientConfig) new ObjectMapper().readValue(create, TlsClientConfig.class);
            tlsClientConfig2.initDefaults();
            if (create != null) {
                if (0 != 0) {
                    try {
                        create.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    create.close();
                }
            }
            return tlsClientConfig2;
        } catch (Throwable th3) {
            if (create != null) {
                if (0 != 0) {
                    try {
                        create.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    create.close();
                }
            }
            throw th3;
        }
    }
}
