package org.apache.hadoop.hdds.scm.cli.cert;

import com.fasterxml.jackson.core.JsonGenerator;
import com.fasterxml.jackson.databind.JsonSerializer;
import com.fasterxml.jackson.databind.SerializerProvider;
import com.fasterxml.jackson.databind.annotation.JsonSerialize;
import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import org.apache.hadoop.hdds.cli.HddsVersionProvider;
import org.apache.hadoop.hdds.protocol.SCMSecurityProtocol;
import org.apache.hadoop.hdds.protocol.proto.HddsProtos;
import org.apache.hadoop.hdds.security.x509.certificate.utils.CertificateCodec;
import org.apache.hadoop.hdds.server.JsonUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import picocli.CommandLine;

@CommandLine.Command(name = "list", description = {"List certificates"}, mixinStandardHelpOptions = true, versionProvider = HddsVersionProvider.class)
/* loaded from: input_file:org/apache/hadoop/hdds/scm/cli/cert/ListSubcommand.class */
public class ListSubcommand extends ScmCertSubcommand {
    private static final Logger LOG = LoggerFactory.getLogger(ListSubcommand.class);

    @CommandLine.Option(names = {"-s", "--start"}, description = {"Certificate serial id to start the iteration"}, defaultValue = "0", showDefaultValue = CommandLine.Help.Visibility.ALWAYS)
    private long startSerialId;

    @CommandLine.Option(names = {"-c", "--count"}, description = {"Maximum number of certificates to list"}, defaultValue = "20", showDefaultValue = CommandLine.Help.Visibility.ALWAYS)
    private int count;

    @CommandLine.Option(names = {"-r", "--role"}, description = {"Filter certificate by the role: om/datanode"}, defaultValue = "datanode", showDefaultValue = CommandLine.Help.Visibility.ALWAYS)
    private String role;

    @CommandLine.Option(names = {"-t", "--type"}, description = {"Filter certificate by the type: valid or revoked"}, defaultValue = "valid", showDefaultValue = CommandLine.Help.Visibility.ALWAYS)
    private String type;

    @CommandLine.Option(names = {"--json"}, defaultValue = "false", description = {"Format output as JSON"})
    private boolean json;

    /* loaded from: input_file:org/apache/hadoop/hdds/scm/cli/cert/ListSubcommand$BigIntJsonSerializer.class */
    private static class BigIntJsonSerializer extends JsonSerializer<BigInteger> {
        private BigIntJsonSerializer() {
        }

        public void serialize(BigInteger bigInteger, JsonGenerator jsonGenerator, SerializerProvider serializerProvider) throws IOException {
            jsonGenerator.writeNumber(String.format("%d", bigInteger));
        }
    }

    /* loaded from: input_file:org/apache/hadoop/hdds/scm/cli/cert/ListSubcommand$Certificate.class */
    private static class Certificate {
        private BigInteger serialNumber;
        private String validFrom;
        private String expiry;
        private Map<String, String> subjectDN = new LinkedHashMap();
        private Map<String, String> issuerDN = new LinkedHashMap();

        Certificate(X509Certificate x509Certificate) {
            this.serialNumber = x509Certificate.getSerialNumber();
            this.validFrom = x509Certificate.getNotBefore().toString();
            this.expiry = x509Certificate.getNotAfter().toString();
            parseDnInfo(x509Certificate.getSubjectDN().getName(), true);
            parseDnInfo(x509Certificate.getIssuerDN().getName(), false);
        }

        private void parseDnInfo(String str, boolean z) {
            String[] split = str.split(",");
            if (split.length == 0) {
                System.err.println("Invalid format of name: " + str);
                return;
            }
            for (String str2 : split) {
                String[] split2 = str2.split("=");
                if (split2.length == 2) {
                    (z ? this.subjectDN : this.issuerDN).put(split2[0], split2[1]);
                } else {
                    System.err.println("Invalid format of name: " + str);
                }
            }
        }

        @JsonSerialize(using = BigIntJsonSerializer.class)
        public BigInteger getSerialNumber() {
            return this.serialNumber;
        }

        public String getValidFrom() {
            return this.validFrom;
        }

        public String getExpiry() {
            return this.expiry;
        }

        public Map<String, String> getSubjectDN() {
            return this.subjectDN;
        }

        public Map<String, String> getIssuerDN() {
            return this.issuerDN;
        }
    }

    private HddsProtos.NodeType parseCertRole(String str) {
        return str.equalsIgnoreCase("om") ? HddsProtos.NodeType.OM : str.equalsIgnoreCase("scm") ? HddsProtos.NodeType.SCM : HddsProtos.NodeType.DATANODE;
    }

    @Override // org.apache.hadoop.hdds.scm.cli.cert.ScmCertSubcommand
    protected void execute(SCMSecurityProtocol sCMSecurityProtocol) throws IOException {
        List<String> listCertificate = sCMSecurityProtocol.listCertificate(parseCertRole(this.role), this.startSerialId, this.count, this.type.equalsIgnoreCase("revoked"));
        if (this.count == listCertificate.size()) {
            System.err.println("The certificate list could be longer than the batch size: " + this.count + ". Please use the \"-c\" option to see more certificates.");
        }
        if (!this.json) {
            LOG.info("Certificate list:(Type={}, BatchSize={}, CertCount={})", new Object[]{this.type.toUpperCase(), Integer.valueOf(this.count), Integer.valueOf(listCertificate.size())});
            printCertList(LOG, listCertificate);
            return;
        }
        System.err.println("Certificate list:(Type=" + this.type.toUpperCase() + ", BatchSize=" + this.count + ", CertCount=" + listCertificate.size() + ")");
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = listCertificate.iterator();
        while (it.hasNext()) {
            try {
                arrayList.add(new Certificate(CertificateCodec.getX509Certificate(it.next())));
            } catch (CertificateException e) {
                LOG.error("Failed to parse certificate.");
            }
        }
        System.out.println(JsonUtils.toJsonStringWithDefaultPrettyPrinter(arrayList));
    }
}
