package fish.payara.admin.servermgmt.cli;

import com.sun.enterprise.admin.cli.CLICommand;
import com.sun.enterprise.admin.servermgmt.KeystoreManager;
import com.sun.enterprise.security.auth.realm.certificate.CertificateRealm;
import java.io.File;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAKey;
import java.security.interfaces.RSAKey;
import java.util.Collection;
import java.util.concurrent.Callable;
import javax.security.auth.x500.X500Principal;
import org.glassfish.api.Param;
import org.glassfish.api.admin.CommandException;
import org.glassfish.api.admin.CommandValidationException;
import org.glassfish.hk2.api.PerLookup;
import org.jvnet.hk2.annotations.Service;

@Service(name = "print-certificate")
@PerLookup
/* loaded from: input_file:MICRO-INF/runtime/server-mgmt.jar:fish/payara/admin/servermgmt/cli/PrintCertificateCommand.class */
public class PrintCertificateCommand extends CLICommand {

    @Param(name = "file", primary = true)
    String file;

    @Param(name = "certificatealias", optional = true, defaultValue = "")
    String certificateAlias;

    @Param(name = "providerclass", optional = true)
    String providerClass;
    private Provider provider;
    private File derFile;
    private File keystoreFile;
    private char[] keystorePassword;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.sun.enterprise.admin.cli.CLICommand
    public void validate() throws CommandException, CommandValidationException {
        super.validate();
        if (!ok(this.file)) {
            throw new CommandValidationException("The file with the certificate must be specified.");
        }
        File file = new File(this.file);
        if (!file.canRead()) {
            throw new CommandValidationException("The file '" + this.file + "' with the certificate must exist and must be readable.");
        }
        if (ok(this.providerClass)) {
            try {
                this.provider = (Provider) Class.forName(this.providerClass).newInstance();
            } catch (ReflectiveOperationException e) {
                throw new CommandValidationException("The provider class was not found on classpath.", e);
            }
        }
        if (isDerEncodedFile()) {
            this.derFile = file;
        } else {
            if (!isKeystoreFile()) {
                throw new CommandValidationException("The file type is not supported by this command.");
            }
            this.keystoreFile = file;
            if (!ok(this.certificateAlias)) {
                throw new CommandValidationException("The certificate alias is mandatory for the keystore type.");
            }
            this.keystorePassword = getPassword("keystorePassword", "Keystore Password", null, false);
        }
    }

    @Override // com.sun.enterprise.admin.cli.CLICommand
    protected int executeCommand() throws CommandException {
        if (this.provider != null) {
            Security.insertProviderAt(this.provider, 1);
        }
        System.out.println("Found Certificate:\n" + toPayaraFormattedString(getCertificate()));
        return 0;
    }

    private String toPayaraFormattedString(X509Certificate x509Certificate) {
        StringBuilder sb = new StringBuilder(1024);
        sb.append("Subject:    ").append(toString(x509Certificate.getSubjectX500Principal()));
        sb.append("\nValidity:   ").append(x509Certificate.getNotBefore()).append(" - ").append(x509Certificate.getNotAfter());
        sb.append("\nS/N:        ").append(x509Certificate.getSerialNumber());
        sb.append("\nVersion:    ").append(x509Certificate.getVersion());
        sb.append("\nIssuer:     ").append(toString(x509Certificate.getIssuerX500Principal()));
        sb.append("\nPublic Key: ").append(toString(x509Certificate.getPublicKey()));
        sb.append("\nSign. Alg.: ").append(x509Certificate.getSigAlgName()).append(" (OID: ").append(x509Certificate.getSigAlgOID()).append(')');
        return sb.toString();
    }

    private String toString(X500Principal x500Principal) {
        return x500Principal.getName("RFC2253", CertificateRealm.OID_MAP);
    }

    private String toString(PublicKey publicKey) {
        if (publicKey instanceof RSAKey) {
            return publicKey.getAlgorithm() + ", " + ((RSAKey) publicKey).getModulus().bitLength() + " bits";
        }
        if (publicKey instanceof DSAKey) {
            DSAKey dSAKey = (DSAKey) publicKey;
            if (dSAKey.getParams() != null) {
                return publicKey.getAlgorithm() + ", " + dSAKey.getParams().getP().bitLength() + " bits";
            }
        }
        return publicKey.getAlgorithm() + ", unresolved bit length.";
    }

    private boolean isDerEncodedFile() {
        return this.file.trim().matches(".*\\.(cer|cert|crt|der|pem)");
    }

    private boolean isKeystoreFile() {
        return this.file.trim().matches(".*\\.(jks|jceks|pkcs12|pfx|p12)");
    }

    private String getKeystoreType() {
        String lowerCase = this.keystoreFile.getName().toLowerCase();
        if (lowerCase.endsWith("jks")) {
            return "JKS";
        }
        if (lowerCase.endsWith("jceks")) {
            return "JCEKS";
        }
        if (lowerCase.endsWith("p12") || lowerCase.endsWith("pfx") || lowerCase.endsWith("pkcs12")) {
            return "PKCS12";
        }
        throw new IllegalStateException("Reached unreachable code, validation is incomplete!");
    }

    private X509Certificate getCertificate() throws CommandException {
        if (this.derFile != null) {
            return getCertificateFromDerFile();
        }
        if (this.keystoreFile != null) {
            return getCertificateFromKeystore();
        }
        throw new CommandException("Could not read the certificate from the provided file.");
    }

    private X509Certificate getCertificateFromDerFile() throws CommandException {
        try {
            return getX509Certificate(() -> {
                Collection<? extends Certificate> readPemCertificateChain = new KeystoreManager().readPemCertificateChain(this.derFile);
                if (readPemCertificateChain.isEmpty()) {
                    return null;
                }
                return readPemCertificateChain.iterator().next();
            });
        } catch (Exception e) {
            throw new CommandException("Could not read the certificate from the provided file.", e);
        }
    }

    private X509Certificate getCertificateFromKeystore() throws CommandException {
        try {
            return getX509Certificate(() -> {
                return new KeystoreManager().openKeyStore(this.keystoreFile, getKeystoreType(), this.keystorePassword).getCertificate(this.certificateAlias);
            });
        } catch (Exception e) {
            throw new CommandException("Could not read the certificate from the provided keystore.", e);
        }
    }

    private static X509Certificate getX509Certificate(Callable<Certificate> callable) throws Exception {
        Certificate call = callable.call();
        if (call instanceof X509Certificate) {
            return (X509Certificate) call;
        }
        throw new IllegalStateException("The certificate was found but it is not supported X509 certificate.");
    }
}
