package ghidra.features.bsim.query;

import com.sun.jna.platform.win32.WinError;
import ghidra.GhidraApplicationLayout;
import ghidra.GhidraLaunchable;
import ghidra.features.bsim.query.ingest.BSimLaunchable;
import ghidra.framework.Application;
import ghidra.framework.OSFileNotFoundException;
import ghidra.framework.OperatingSystem;
import ghidra.framework.Platform;
import ghidra.net.ApplicationKeyManagerUtils;
import ghidra.util.Msg;
import ghidra.util.exception.AssertException;
import ghidra.util.task.TaskMonitor;
import ghidra.util.xml.SpecXmlUtils;
import ghidra.xml.NonThreadedXmlPullParserImpl;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileOutputStream;
import java.io.FileReader;
import java.io.FileWriter;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.net.Authenticator;
import java.net.InetAddress;
import java.nio.file.Files;
import java.nio.file.attribute.PosixFilePermissions;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableEntryException;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
import javax.security.auth.DestroyFailedException;
import org.apache.commons.dbcp2.Constants;
import org.apache.logging.log4j.core.net.ssl.SslConfigurationDefaults;
import org.xml.sax.SAXException;
import utilities.util.FileUtilities;

/* loaded from: input_file:ghidra/features/bsim/query/BSimControlLaunchable.class */
public class BSimControlLaunchable implements GhidraLaunchable {
    public static final String COMMAND_START = "start";
    public static final String COMMAND_STOP = "stop";
    public static final String COMMAND_RESET_PASSWORD = "resetpassword";
    public static final String COMMAND_CHANGE_PRIVILEGE = "changeprivilege";
    public static final String COMMAND_ADDUSER = "adduser";
    public static final String COMMAND_DROPUSER = "dropuser";
    public static final String COMMAND_CHANGEAUTH = "changeauth";
    public static final String NO_LOCAL_AUTH_OPTION = "--noLocalAuth";
    public static final String FORCE_OPTION = "--force";
    private static final Set<String> START_OPTIONS;
    private static final Set<String> STOP_OPTIONS;
    private static final Set<String> RESET_PASSWORD_OPTIONS;
    private static final Set<String> CHANGE_PRIVILEGE_OPTIONS;
    private static final Set<String> ADDUSER_OPTIONS;
    private static final Set<String> DROPUSER_OPTIONS;
    private static final Set<String> CHANGEAUTH_OPTIONS;
    private static final Map<String, Set<String>> ALLOWED_OPTION_MAP;
    private static final String POSTGRES = "postgresql";
    private static final String POSTGRES_BUILD_SCRIPT = "Ghidra/Features/BSim/make-postgres.sh";
    private static final String POSTGRES_CONFIGFILE = "postgresql.conf";
    private static final String POSTGRES_CONNECTFILE = "pg_hba.conf";
    private static final String POSTGRES_IDENTFILE = "pg_ident.conf";
    private static final String POSTGRES_ROOTCA = "root.crt";
    private static final String PASSWORD_METHOD = "scram-sha-256";
    private static final String TRUST_METHOD = "trust";
    private static final String CERTIFICATE_METHOD = "cert";
    private static final String CERTIFICATE_OPTIONS = "map=mymap clientcert=verify-full";
    private static final String POSTGRES_MAP_IDENTIFIER = "mymap";
    private static final String DEFAULT_PASSWORD = "changeme";
    private static final int AUTHENTICATION_NONE = 0;
    private static final int AUTHENTICATION_PASSWORD = 1;
    private static final int AUTHENTICATION_PKI = 2;
    private GhidraApplicationLayout layout;
    private File dataDirectory;
    private File postgresRoot;
    private File postgresControl;
    private File certAuthorityFile;
    private String certParameter;
    private String distinguishedName;
    private String commonName;
    private String connectingUserName;
    private String specifiedUserName;
    private boolean adminPrivilegeRequested;
    private boolean forceShutdown;
    private String loadLibraryVar;
    private String loadLibraryValue;
    private int port;
    private int localAuthentication;
    private int hostAuthentication;
    private boolean authConfigPresent;
    private File passwordFile;
    private char[] adminPasswordData;
    private Connection localConnection;
    public static final String PORT_OPTION = "--port";
    public static final String USER_OPTION = "--user";
    public static final String CERT_OPTION = "--cert";
    public static final String CAFILE_OPTION = "--cafile";
    public static final String AUTH_OPTION = "--auth";
    public static final String DN_OPTION = "--dn";
    private static final Set<String> VALUE_OPTIONS = Set.of(PORT_OPTION, USER_OPTION, CERT_OPTION, CAFILE_OPTION, AUTH_OPTION, DN_OPTION);
    private static final Set<String> GLOBAL_OPTIONS = Set.of(PORT_OPTION, USER_OPTION, CERT_OPTION);
    private static final Map<String, String> SHORTCUT_OPTION_MAP = new HashMap();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:ghidra/features/bsim/query/BSimControlLaunchable$IOThread.class */
    public class IOThread extends Thread {
        private BufferedReader shellOutput;
        private boolean suppressOutput;

        public IOThread(BSimControlLaunchable bSimControlLaunchable, InputStream inputStream, boolean z) {
            this.shellOutput = new BufferedReader(new InputStreamReader(inputStream));
            this.suppressOutput = z;
        }

        @Override // java.lang.Thread, java.lang.Runnable
        public void run() {
            while (true) {
                try {
                    String readLine = this.shellOutput.readLine();
                    if (readLine == null) {
                        return;
                    }
                    if (!this.suppressOutput) {
                        System.out.println(readLine);
                    }
                } catch (Exception e) {
                    System.err.println("Unexpected Exception: " + e.getMessage());
                    e.printStackTrace(System.err);
                    return;
                }
            }
        }
    }

    private void clearParams() {
        this.dataDirectory = null;
        this.postgresRoot = null;
        this.postgresControl = null;
        this.certAuthorityFile = null;
        this.certParameter = null;
        this.distinguishedName = null;
        this.commonName = null;
        this.connectingUserName = null;
        this.specifiedUserName = null;
        this.adminPrivilegeRequested = false;
        this.forceShutdown = false;
        this.loadLibraryVar = null;
        this.loadLibraryValue = null;
        this.port = -1;
        this.localAuthentication = 0;
        this.hostAuthentication = 0;
        this.authConfigPresent = false;
        this.passwordFile = null;
        this.adminPasswordData = null;
    }

    private String readCommandLine(String[] strArr) throws IllegalArgumentException, IOException {
        int i;
        checkRequiredParam(strArr, 0, "command");
        int i2 = 0 + 1;
        String str = strArr[0];
        boolean z = -1;
        switch (str.hashCode()) {
            case -2131519144:
                if (str.equals(COMMAND_CHANGEAUTH)) {
                    z = 5;
                    break;
                }
                break;
            case -1147589652:
                if (str.equals(COMMAND_ADDUSER)) {
                    z = 2;
                    break;
                }
                break;
            case -431551686:
                if (str.equals(COMMAND_DROPUSER)) {
                    z = 3;
                    break;
                }
                break;
            case -89057046:
                if (str.equals(COMMAND_RESET_PASSWORD)) {
                    z = 4;
                    break;
                }
                break;
            case 3540994:
                if (str.equals(COMMAND_STOP)) {
                    z = true;
                    break;
                }
                break;
            case 109757538:
                if (str.equals(COMMAND_START)) {
                    z = false;
                    break;
                }
                break;
            case 451348737:
                if (str.equals(COMMAND_CHANGE_PRIVILEGE)) {
                    z = 6;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                i = i2 + 1;
                scanDataDirectory(strArr, i2);
                break;
            case true:
                i = i2 + 1;
                scanDataDirectory(strArr, i2);
                break;
            case true:
                int i3 = i2 + 1;
                scanDataDirectory(strArr, i2);
                i = i3 + 1;
                scanUsername(strArr, i3);
                break;
            case true:
                int i4 = i2 + 1;
                scanDataDirectory(strArr, i2);
                i = i4 + 1;
                scanUsername(strArr, i4);
                break;
            case true:
                i = i2 + 1;
                scanUsername(strArr, i2);
                break;
            case true:
                i = i2 + 1;
                scanDataDirectory(strArr, i2);
                break;
            case true:
                int i5 = i2 + 1;
                scanUsername(strArr, i2);
                i = i5 + 1;
                scanPrivilege(strArr, i5);
                break;
            default:
                throw new IllegalArgumentException("Unknown command: " + str);
        }
        readOptions(str, strArr, i);
        return str;
    }

    /* JADX WARN: Removed duplicated region for block: B:64:0x0230  */
    /* JADX WARN: Removed duplicated region for block: B:67:0x023f  */
    /* JADX WARN: Removed duplicated region for block: B:69:0x0248  */
    /* JADX WARN: Removed duplicated region for block: B:71:0x0251  */
    /* JADX WARN: Removed duplicated region for block: B:73:0x0261  */
    /* JADX WARN: Removed duplicated region for block: B:90:0x02c8  */
    /* JADX WARN: Removed duplicated region for block: B:92:0x02d5  */
    /* JADX WARN: Removed duplicated region for block: B:94:0x02db  */
    /* JADX WARN: Removed duplicated region for block: B:96:0x02e3 A[SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void readOptions(java.lang.String r6, java.lang.String[] r7, int r8) {
        /*
            Method dump skipped, instructions count: 790
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: ghidra.features.bsim.query.BSimControlLaunchable.readOptions(java.lang.String, java.lang.String[], int):void");
    }

    private void checkRequiredParam(String[] strArr, int i, String str) {
        if (strArr.length <= i) {
            throw new IllegalArgumentException("Missing required parameter: " + str);
        }
        String str2 = strArr[i];
        if (str2.startsWith("--")) {
            throw new IllegalArgumentException("Missing required parameter (" + str + ") before specified option: " + str2);
        }
    }

    private int parsePositiveIntegerOption(String str, String str2) {
        try {
            int intValue = Integer.valueOf(str2).intValue();
            if (intValue < 0) {
                throw new IllegalArgumentException("Negative value not permitted for " + str);
            }
            return intValue;
        } catch (NumberFormatException e) {
            throw new IllegalArgumentException("Invalid integer value specified for " + str);
        }
    }

    private static boolean verifyPEMFormat(File file) throws IOException {
        BufferedReader bufferedReader = new BufferedReader(new FileReader(file));
        for (int i = 0; i < 200; i++) {
            try {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    break;
                }
                if (readLine.startsWith(ApplicationKeyManagerUtils.BEGIN_CERT)) {
                    return true;
                }
            } finally {
                bufferedReader.close();
            }
        }
        bufferedReader.close();
        return false;
    }

    private void validateDistinguishedName() throws IllegalArgumentException {
        if (this.distinguishedName == null) {
            return;
        }
        this.commonName = null;
        try {
            Iterator it = new LdapName(this.distinguishedName).getRdns().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Rdn rdn = (Rdn) it.next();
                if (rdn.getType().equalsIgnoreCase("CN")) {
                    this.commonName = rdn.getValue().toString();
                    break;
                }
            }
            if (this.commonName == null) {
                throw new IllegalArgumentException("Missing common name attribute");
            }
        } catch (Exception e) {
            throw new IllegalArgumentException("Improperly formatted distinguished name");
        }
    }

    private boolean isServerRunning() throws IOException, InterruptedException {
        File file = new File(this.postgresRoot, "bin/pg_isready");
        ArrayList arrayList = new ArrayList();
        arrayList.add(file.getAbsolutePath());
        if (this.port != -1 && this.port != 5432) {
            arrayList.add("-p");
            arrayList.add(Integer.toString(this.port));
        }
        return runCommand(null, arrayList, this.loadLibraryVar, this.loadLibraryValue) == 0;
    }

    private char[] requestPassword(String str) {
        return Authenticator.requestPasswordAuthentication("localhost", InetAddress.getLoopbackAddress(), this.port, POSTGRES, str, "NO_NAME").getPassword();
    }

    private void establishAdminPassword() throws IOException {
        while (true) {
            this.adminPasswordData = requestPassword("Set admin(" + this.connectingUserName + ") password:");
            if (this.adminPasswordData == null) {
                throw new IOException("Unable to obtain password");
            }
            char[] requestPassword = requestPassword("Please re-enter password:");
            boolean comparePasswordData = comparePasswordData(this.adminPasswordData, requestPassword);
            clearPasswordData(requestPassword);
            if (comparePasswordData) {
                this.passwordFile = Files.createTempFile("bsim", ".dat", PosixFilePermissions.asFileAttribute(PosixFilePermissions.fromString("rw-------"))).toFile();
                FileWriter fileWriter = new FileWriter(this.passwordFile);
                fileWriter.write(this.adminPasswordData);
                fileWriter.close();
                return;
            }
            cleanupPasswordData();
            System.out.println("Passwords do not match");
        }
    }

    private static void clearPasswordData(char[] cArr) {
        if (cArr != null) {
            for (int i = 0; i < cArr.length; i++) {
                cArr[i] = ' ';
            }
        }
    }

    private static boolean comparePasswordData(char[] cArr, char[] cArr2) {
        if (cArr == null || cArr2 == null || cArr.length != cArr2.length) {
            return false;
        }
        for (int i = 0; i < cArr2.length; i++) {
            if (cArr2[i] != cArr[i]) {
                return false;
            }
        }
        return true;
    }

    private void cleanupPasswordData() throws IOException {
        clearPasswordData(this.adminPasswordData);
        this.adminPasswordData = null;
        if (this.passwordFile != null) {
            if (!this.passwordFile.delete()) {
                throw new IOException("Unable to delete password file: " + this.passwordFile.getAbsolutePath());
            }
            this.passwordFile = null;
        }
    }

    private void generateSelfSignedCertificate(File file, File file2) throws IOException, GeneralSecurityException {
        char[] charArray = "unusedpassword".toCharArray();
        KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(charArray);
        try {
            try {
                KeyStore createKeyStore = ApplicationKeyManagerUtils.createKeyStore("bsimroot", "CN=BSimServer", WinError.ERROR_WAKE_SYSTEM, null, null, SslConfigurationDefaults.KEYSTORE_TYPE, null, charArray);
                ApplicationKeyManagerUtils.exportX509Certificates(createKeyStore.getCertificateChain("bsimroot"), file);
                Key key = createKeyStore.getKey("bsimroot", charArray);
                FileOutputStream fileOutputStream = new FileOutputStream(file2);
                try {
                    PrintWriter printWriter = new PrintWriter(fileOutputStream);
                    try {
                        printWriter.print("-----BEGIN PRIVATE KEY-----");
                        printWriter.println();
                        String encodeToString = Base64.getEncoder().encodeToString(key.getEncoded());
                        while (encodeToString.length() != 0) {
                            int min = Math.min(44, encodeToString.length());
                            printWriter.println(encodeToString.substring(0, min));
                            encodeToString = encodeToString.substring(min);
                        }
                        printWriter.println("-----END PRIVATE KEY-----");
                        printWriter.println();
                        printWriter.close();
                        fileOutputStream.close();
                        file2.setExecutable(false, false);
                        file2.setReadable(false, false);
                        file2.setWritable(false, false);
                        file2.setReadable(true, true);
                        Arrays.fill(charArray, ' ');
                        try {
                            passwordProtection.destroy();
                        } catch (DestroyFailedException e) {
                            throw new AssertException(e);
                        }
                    } catch (Throwable th) {
                        try {
                            printWriter.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                        throw th;
                    }
                } catch (Throwable th3) {
                    try {
                        fileOutputStream.close();
                    } catch (Throwable th4) {
                        th3.addSuppressed(th4);
                    }
                    throw th3;
                }
            } catch (Throwable th5) {
                Arrays.fill(charArray, ' ');
                try {
                    passwordProtection.destroy();
                    throw th5;
                } catch (DestroyFailedException e2) {
                    throw new AssertException(e2);
                }
            }
        } catch (NoSuchAlgorithmException | UnrecoverableEntryException e3) {
            throw new KeyStoreException("Failed to generate BSim server certificate", e3);
        }
    }

    private Connection createLocalConnection() throws SQLException, IOException {
        Properties properties = new Properties();
        properties.setProperty("sslmode", "require");
        properties.setProperty("sslfactory", "ghidra.net.ApplicationSSLSocketFactory");
        properties.setProperty("user", this.connectingUserName);
        StringBuilder sb = new StringBuilder();
        sb.append("jdbc:postgresql://localhost");
        if (this.port != -1 && this.port != 5432) {
            sb.append(':');
            sb.append(this.port);
        }
        sb.append("/template1");
        String sb2 = sb.toString();
        if (this.adminPasswordData == null) {
            try {
                return DriverManager.getConnection(sb2, properties);
            } catch (SQLException e) {
                if (!e.getMessage().contains("password-based authentication") && !e.getMessage().contains("SCRAM-based authentication")) {
                    throw e;
                }
                this.adminPasswordData = requestPassword("User " + this.connectingUserName + " password:");
                if (this.adminPasswordData == null) {
                    throw new IOException("Unable to obtain password");
                }
            }
        }
        properties.setProperty(Constants.KEY_PASSWORD, new String(this.adminPasswordData));
        return DriverManager.getConnection(sb2, properties);
    }

    private static void executeSQLStatement(Connection connection, String str) throws SQLException {
        try {
            Statement createStatement = connection.createStatement();
            try {
                createStatement.executeUpdate(str);
                if (createStatement != null) {
                    createStatement.close();
                }
            } finally {
            }
        } catch (SQLException e) {
            connection.close();
            throw e;
        }
    }

    private void enableLSHExtension() throws SQLException, IOException {
        Connection createLocalConnection = createLocalConnection();
        try {
            executeSQLStatement(createLocalConnection, "CREATE EXTENSION IF NOT EXISTS lshvector");
        } finally {
            createLocalConnection.close();
        }
    }

    private int runCommand(File file, List<String> list, String str, String str2) throws IOException, InterruptedException {
        ProcessBuilder processBuilder = new ProcessBuilder(list);
        processBuilder.directory(file);
        if (str != null) {
            processBuilder.environment().put(str, str2);
        }
        Process start = processBuilder.start();
        new IOThread(this, start.getInputStream(), true).start();
        new IOThread(this, start.getErrorStream(), true).start();
        return start.waitFor();
    }

    private void tuneConfig(File file, File file2, File file3, File file4, File file5) throws SAXException, IOException {
        NonThreadedXmlPullParserImpl nonThreadedXmlPullParserImpl = new NonThreadedXmlPullParserImpl(file5, SpecXmlUtils.getXmlHandler(), false);
        ServerConfig serverConfig = new ServerConfig();
        serverConfig.restoreXml(nonThreadedXmlPullParserImpl);
        if (this.port != -1 && this.port != 5432) {
            serverConfig.addKey("port", Integer.toString(this.port));
        }
        if (this.localAuthentication == 0) {
            serverConfig.setLocalAuthentication(TRUST_METHOD, null);
        } else if (this.localAuthentication == 1) {
            serverConfig.setLocalAuthentication(PASSWORD_METHOD, null);
        } else {
            if (this.localAuthentication != 2) {
                throw new IOException("Unsupported local authentication type");
            }
            serverConfig.setLocalAuthentication(CERTIFICATE_METHOD, CERTIFICATE_OPTIONS);
        }
        if (this.hostAuthentication == 0) {
            serverConfig.setHostAuthentication(TRUST_METHOD, null);
        } else if (this.hostAuthentication == 1) {
            serverConfig.setHostAuthentication(PASSWORD_METHOD, null);
        } else {
            if (this.hostAuthentication != 2) {
                throw new IOException("Unsupported host authentication type");
            }
            serverConfig.setHostAuthentication(CERTIFICATE_METHOD, CERTIFICATE_OPTIONS);
        }
        if (this.hostAuthentication == 2 || this.localAuthentication == 2) {
            serverConfig.addKey("ssl_ca_file", "'root.crt'");
        }
        serverConfig.patchConfig(file, file2);
        serverConfig.patchConnect(file3, file4);
    }

    private void setupPostgresSharedLibrary() {
        if (Platform.CURRENT_PLATFORM.getOperatingSystem() == OperatingSystem.MAC_OS_X) {
            this.loadLibraryVar = "DYLD_LIBRARY_PATH";
        } else {
            this.loadLibraryVar = "LD_LIBRARY_PATH";
        }
        this.loadLibraryValue = new File(this.postgresRoot, "lib").getAbsolutePath();
    }

    private void discoverPostgresInstall() throws IOException {
        try {
            this.postgresRoot = Application.getOSFile(POSTGRES);
            this.postgresControl = new File(this.postgresRoot, "bin/pg_ctl");
            if (!this.postgresControl.isFile()) {
                throw new IOException("PostgreSQL pg_ctl command not found: " + String.valueOf(this.postgresControl));
            }
            setupPostgresSharedLibrary();
        } catch (OSFileNotFoundException e) {
            throw new IOException("PostgreSQL not found and must be built (see Ghidra/Features/BSim/make-postgres.sh, view script for details)");
        }
    }

    private void recoverConfigurationParameters(File file, File file2) throws IOException {
        ServerConfig serverConfig = new ServerConfig();
        serverConfig.addKey("port", "");
        serverConfig.scanConfig(file);
        String value = serverConfig.getValue("port");
        int i = 5432;
        if (value.length() != 0) {
            i = Integer.parseInt(value);
        }
        if (this.port != -1 && i != this.port) {
            throw new IOException("Server is configured to run on port " + Integer.toString(i) + ": Change in postgresql.conf");
        }
        this.port = i;
        serverConfig.scanConnect(file2);
        String localAuthentication = serverConfig.getLocalAuthentication();
        if (localAuthentication == null || localAuthentication.equals(TRUST_METHOD)) {
            this.localAuthentication = 0;
        } else if (localAuthentication.equals(PASSWORD_METHOD)) {
            this.localAuthentication = 1;
        } else if (localAuthentication.equals(CERTIFICATE_METHOD)) {
            this.localAuthentication = 2;
        }
        String hostAuthentication = serverConfig.getHostAuthentication();
        if (hostAuthentication == null || hostAuthentication.equals(TRUST_METHOD)) {
            this.hostAuthentication = 0;
        } else if (hostAuthentication.equals(PASSWORD_METHOD)) {
            this.hostAuthentication = 1;
        } else if (hostAuthentication.equals(CERTIFICATE_METHOD)) {
            this.hostAuthentication = 2;
        }
    }

    private void checkCertAuthorityFile() throws IOException, GeneralSecurityException {
        if (this.certAuthorityFile == null) {
            throw new IOException("PKI authentication requested, but certificate authority file not provided");
        }
        if (!this.certAuthorityFile.isFile()) {
            throw new IOException(this.certAuthorityFile.getAbsolutePath() + " is not a valid certification authority");
        }
        if (!verifyPEMFormat(this.certAuthorityFile)) {
            throw new GeneralSecurityException("File " + this.certAuthorityFile.getName() + " does not appear to be a certificate");
        }
    }

    private void initializeDataDirectory() throws IOException, InterruptedException, SAXException, GeneralSecurityException {
        File file = new File(this.dataDirectory, POSTGRES_CONFIGFILE);
        File file2 = new File(this.dataDirectory, POSTGRES_CONNECTFILE);
        if (file.exists()) {
            recoverConfigurationParameters(file, file2);
            return;
        }
        File file3 = Application.getModuleDataFile("serverconfig.xml").getFile(false);
        if (this.hostAuthentication == 2) {
            checkCertAuthorityFile();
            System.out.println("Remote client authentication with PKI certificates");
        } else if (this.hostAuthentication == 1) {
            System.out.println("Remote client authentication via password");
        } else {
            System.out.println("No client authentication");
        }
        System.out.println("Initializing data directory");
        ArrayList arrayList = new ArrayList();
        arrayList.add(this.postgresControl.getAbsolutePath());
        arrayList.add("init");
        arrayList.add("-o");
        arrayList.add("'--username=" + this.connectingUserName + "'");
        if (this.hostAuthentication == 1) {
            establishAdminPassword();
            arrayList.add("-o");
            arrayList.add("'--pwfile=" + this.passwordFile.getAbsolutePath() + "'");
        } else if (this.hostAuthentication == 2) {
            if (this.commonName == null) {
                throw new GeneralSecurityException("Distinguished name option (--dn) required for " + this.connectingUserName);
            }
            checkCertAuthorityFile();
        }
        arrayList.add("-D");
        arrayList.add(this.dataDirectory.getAbsolutePath());
        if (runCommand(null, arrayList, this.loadLibraryVar, this.loadLibraryValue) != 0) {
            throw new IOException("Error initializing postgres database");
        }
        File file4 = new File(this.dataDirectory, "postgresql.conf.orig");
        if (this.hostAuthentication == 2 || this.localAuthentication == 2) {
            FileUtilities.copyFile(this.certAuthorityFile, new File(this.dataDirectory, POSTGRES_ROOTCA), false, (TaskMonitor) null);
            addCertificateName(this.connectingUserName);
        }
        if (!file.renameTo(file4)) {
            throw new IOException("Error copying original configuration file");
        }
        File file5 = new File(this.dataDirectory, "pg_hba.conf.orig");
        if (!file2.renameTo(file5)) {
            throw new IOException("Error copying original connection file");
        }
        tuneConfig(file4, file, file5, file2, file3);
        System.out.println("Generating servers SSL certificate");
        generateSelfSignedCertificate(new File(this.dataDirectory, "server.crt"), new File(this.dataDirectory, "server.key"));
    }

    private void scanDataDirectory(String[] strArr, int i) throws IllegalArgumentException, IOException {
        if (strArr.length <= i) {
            throw new IllegalArgumentException("Missing data directory");
        }
        this.dataDirectory = new File(strArr[i]);
        if (!this.dataDirectory.isDirectory()) {
            throw new IllegalArgumentException("Data directory " + this.dataDirectory.getAbsolutePath() + " does not exist");
        }
        this.dataDirectory = this.dataDirectory.getCanonicalFile();
    }

    private void scanUsername(String[] strArr, int i) throws IllegalArgumentException {
        if (strArr.length <= i) {
            throw new IllegalArgumentException("Missing username");
        }
        this.specifiedUserName = strArr[i];
    }

    private void scanPrivilege(String[] strArr, int i) throws IllegalArgumentException {
        if (strArr.length <= i) {
            throw new IllegalArgumentException("Missing desired privilege (admin or user)");
        }
        if (strArr[i].equals("admin")) {
            this.adminPrivilegeRequested = true;
        } else {
            if (!strArr[i].equals("user")) {
                throw new IllegalArgumentException("Expecting privilege option (admin or user)");
            }
            this.adminPrivilegeRequested = false;
        }
    }

    private void startCommand() throws IOException, InterruptedException, SAXException, GeneralSecurityException {
        discoverPostgresInstall();
        initializeDataDirectory();
        if (this.localAuthentication == 2 && this.certParameter == null) {
            throw new GeneralSecurityException("Path to certificate necessary to start server (--cert /path/to/cert)");
        }
        File file = new File(this.dataDirectory, "logfile");
        ArrayList arrayList = new ArrayList();
        arrayList.add(this.postgresControl.getAbsolutePath());
        arrayList.add(COMMAND_START);
        arrayList.add("-w");
        arrayList.add("-D");
        arrayList.add(this.dataDirectory.getAbsolutePath());
        arrayList.add("-l");
        arrayList.add(file.getAbsolutePath());
        if (runCommand(null, arrayList, this.loadLibraryVar, this.loadLibraryValue) != 0) {
            throw new IOException("Could not start postgres server process");
        }
        System.out.println("Server started");
        boolean z = true;
        try {
            enableLSHExtension();
        } catch (SQLException e) {
            System.out.println(e.getMessage());
            z = false;
        }
        if (z) {
            System.out.println("BSim extension enabled");
        } else {
            this.forceShutdown = true;
            stopCommand();
        }
    }

    private void stopCommand() throws IOException, InterruptedException {
        discoverPostgresInstall();
        ArrayList arrayList = new ArrayList();
        arrayList.add(this.postgresControl.getAbsolutePath());
        arrayList.add(COMMAND_STOP);
        arrayList.add("-D");
        arrayList.add(this.dataDirectory.getAbsolutePath());
        if (this.forceShutdown) {
            arrayList.add("-m");
            arrayList.add("fast");
        }
        if (runCommand(null, arrayList, this.loadLibraryVar, this.loadLibraryValue) != 0) {
            throw new IOException("Error shutting down postgres server process");
        }
        System.out.println("Server shutdown complete");
    }

    private void reloadIdent() throws IOException, InterruptedException {
        ArrayList arrayList = new ArrayList();
        arrayList.add(this.postgresControl.getAbsolutePath());
        arrayList.add("reload");
        arrayList.add("-D");
        arrayList.add(this.dataDirectory.getAbsolutePath());
        arrayList.add("-s");
        if (runCommand(null, arrayList, this.loadLibraryVar, this.loadLibraryValue) != 0) {
            throw new IOException("Error creating new user");
        }
    }

    private void addCertificateName(String str) throws IOException {
        File file = new File(this.dataDirectory, POSTGRES_IDENTFILE);
        File file2 = new File(this.dataDirectory, "pg_ident.conf.copy");
        if (!file.isFile()) {
            throw new IOException("Missing ident file: " + file.getAbsolutePath());
        }
        ServerConfig.patchIdent(file, file2, POSTGRES_MAP_IDENTIFIER, this.commonName, str, true);
        FileUtilities.copyFile(file2, file, false, (TaskMonitor) null);
    }

    private void addUserCommand() throws GeneralSecurityException, Exception {
        Statement createStatement;
        discoverPostgresInstall();
        initializeDataDirectory();
        if (this.hostAuthentication == 2 && (this.distinguishedName == null || this.commonName == null)) {
            throw new GeneralSecurityException("Distinguished name required (dn=\"..\")");
        }
        StringBuilder sb = new StringBuilder();
        sb.append("Added user: ");
        sb.append(this.specifiedUserName);
        boolean z = this.hostAuthentication == 1;
        this.adminPasswordData = null;
        this.localConnection = getOrCreateLocalConnection();
        try {
            try {
                createStatement = this.localConnection.createStatement();
            } catch (SQLException e) {
                if (!e.getMessage().contains("already exists")) {
                    throw e;
                }
                sb.append(" (already present)");
                if (0 != 0) {
                    resetPassword(this.localConnection, this.specifiedUserName);
                }
                this.localConnection.close();
            }
            try {
                createStatement.executeUpdate("CREATE ROLE \"" + this.specifiedUserName + "\" WITH LOGIN");
                if (createStatement != null) {
                    createStatement.close();
                }
                if (this.hostAuthentication != 2) {
                    System.out.println(sb.toString());
                    return;
                }
                addCertificateName(this.specifiedUserName);
                reloadIdent();
                System.out.println("Linking distinguished name to user: " + this.specifiedUserName);
            } catch (Throwable th) {
                if (createStatement != null) {
                    try {
                        createStatement.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } finally {
            if (z) {
                resetPassword(this.localConnection, this.specifiedUserName);
            }
            this.localConnection.close();
        }
    }

    private Connection getOrCreateLocalConnection() throws Exception {
        try {
            if (this.localConnection == null || this.localConnection.isClosed()) {
                this.localConnection = createLocalConnection();
            }
            return this.localConnection;
        } catch (IOException | SQLException e) {
            Msg.error(this, "Error creating connection to Postgres database", e);
            throw e;
        }
    }

    private void dropUserCommand() throws Exception {
        Statement createStatement;
        discoverPostgresInstall();
        initializeDataDirectory();
        boolean z = false;
        this.localConnection = getOrCreateLocalConnection();
        try {
            try {
                createStatement = this.localConnection.createStatement();
            } catch (SQLException e) {
                if (!e.getMessage().contains("does not exist")) {
                    throw e;
                }
                z = true;
                this.localConnection.close();
            }
            try {
                createStatement.executeUpdate("DROP ROLE \"" + this.specifiedUserName + '\"');
                if (createStatement != null) {
                    createStatement.close();
                }
                this.localConnection.close();
                if (this.hostAuthentication == 2 || this.localAuthentication == 2) {
                    File file = new File(this.dataDirectory, POSTGRES_IDENTFILE);
                    File file2 = new File(this.dataDirectory, "pg_ident.conf.copy");
                    if (!file.isFile()) {
                        throw new IOException("Missing ident file: " + file.getAbsolutePath());
                    }
                    ServerConfig.patchIdent(file, file2, POSTGRES_MAP_IDENTIFIER, this.commonName, this.specifiedUserName, false);
                    FileUtilities.copyFile(file2, file, false, (TaskMonitor) null);
                    reloadIdent();
                }
                if (z) {
                    System.out.println("User " + this.specifiedUserName + " does not exist");
                } else {
                    System.out.println("Removed user: " + this.specifiedUserName);
                }
            } catch (Throwable th) {
                if (createStatement != null) {
                    try {
                        createStatement.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (Throwable th3) {
            this.localConnection.close();
            throw th3;
        }
    }

    private void changeAuthCommand() throws IOException, InterruptedException, SAXException, GeneralSecurityException {
        discoverPostgresInstall();
        File file = new File(this.dataDirectory, POSTGRES_CONFIGFILE);
        File file2 = new File(this.dataDirectory, POSTGRES_CONNECTFILE);
        if (!file.exists()) {
            throw new IOException("Data directory not initialized: run \"bsim_ctl start\" first");
        }
        int i = this.localAuthentication;
        int i2 = this.hostAuthentication;
        int i3 = this.port;
        this.port = -1;
        recoverConfigurationParameters(file, file2);
        if (isServerRunning()) {
            throw new IOException("Cannot modify settings on running server");
        }
        if ((!this.authConfigPresent || (i2 == this.hostAuthentication && i == this.localAuthentication)) && (i3 == -1 || i3 == this.port)) {
            System.out.println("No changes to make");
            return;
        }
        File file3 = Application.getModuleDataFile("serverconfig.xml").getFile(false);
        File file4 = new File(this.dataDirectory, "postgresql.conf.orig");
        if (!file4.exists()) {
            throw new IOException("Original configuration file not present: " + file4.getAbsolutePath());
        }
        File file5 = new File(this.dataDirectory, "pg_hba.conf.orig");
        if (!file5.exists()) {
            throw new IOException("Original connection file not present: " + file5.getAbsolutePath());
        }
        if (i3 != -1 && i3 != this.port) {
            this.port = i3;
            System.out.println("Server will now listen on port " + Integer.toString(this.port));
        }
        boolean z = false;
        boolean z2 = false;
        if (this.authConfigPresent && i != this.localAuthentication) {
            this.localAuthentication = i;
            System.out.print("New local authentication: ");
            if (this.localAuthentication == 1) {
                System.out.println(Constants.KEY_PASSWORD);
            } else if (this.localAuthentication == 2) {
                System.out.println("pki");
                z2 = true;
                if (this.commonName == null) {
                    throw new GeneralSecurityException("Distinguished name required (dn=\"..\")");
                }
            } else if (this.localAuthentication == 0) {
                System.out.println("none");
            }
        }
        if (this.authConfigPresent && i2 != this.hostAuthentication) {
            this.hostAuthentication = i2;
            System.out.print("New host authentication: ");
            if (this.hostAuthentication == 0) {
                System.out.println("none");
            } else if (this.hostAuthentication == 1) {
                System.out.println(Constants.KEY_PASSWORD);
            } else if (this.hostAuthentication == 2) {
                System.out.println("pki");
                z = true;
            } else {
                System.out.println("unknown");
            }
        }
        if (z2 || z) {
            checkCertAuthorityFile();
            FileUtilities.copyFile(this.certAuthorityFile, new File(this.dataDirectory, POSTGRES_ROOTCA), false, (TaskMonitor) null);
        }
        if (z2) {
            addCertificateName(this.connectingUserName);
        }
        tuneConfig(file4, file, file5, file2, file3);
    }

    private void resetPassword(Connection connection, String str) throws SQLException {
        executeSQLStatement(connection, "ALTER ROLE \"" + str + "\" WITH PASSWORD 'changeme'");
    }

    private void passwordCommand() throws Exception {
        this.localConnection = getOrCreateLocalConnection();
        System.out.println("Resetting password for user: " + this.specifiedUserName);
        try {
            resetPassword(this.localConnection, this.specifiedUserName);
            System.out.println("Password reset complete");
        } finally {
            this.localConnection.close();
        }
    }

    private void changePrivilegeCommand() throws Exception {
        this.localConnection = getOrCreateLocalConnection();
        try {
            if (this.adminPrivilegeRequested) {
                System.out.println("Granting admin privileges to " + this.specifiedUserName);
                executeSQLStatement(this.localConnection, "ALTER ROLE " + this.specifiedUserName + " SUPERUSER CREATEROLE CREATEDB");
            } else {
                System.out.println("Revoking admin privileges from " + this.specifiedUserName);
                executeSQLStatement(this.localConnection, "ALTER ROLE " + this.specifiedUserName + " NOSUPERUSER NOCREATEROLE NOCREATEDB");
            }
        } finally {
            this.localConnection.close();
        }
    }

    public void run(String[] strArr) throws Exception {
        try {
            clearParams();
            String readCommandLine = readCommandLine(strArr);
            initializeApplication();
            boolean z = -1;
            switch (readCommandLine.hashCode()) {
                case -2131519144:
                    if (readCommandLine.equals(COMMAND_CHANGEAUTH)) {
                        z = 4;
                        break;
                    }
                    break;
                case -1147589652:
                    if (readCommandLine.equals(COMMAND_ADDUSER)) {
                        z = 2;
                        break;
                    }
                    break;
                case -431551686:
                    if (readCommandLine.equals(COMMAND_DROPUSER)) {
                        z = 3;
                        break;
                    }
                    break;
                case -89057046:
                    if (readCommandLine.equals(COMMAND_RESET_PASSWORD)) {
                        z = 5;
                        break;
                    }
                    break;
                case 3540994:
                    if (readCommandLine.equals(COMMAND_STOP)) {
                        z = true;
                        break;
                    }
                    break;
                case 109757538:
                    if (readCommandLine.equals(COMMAND_START)) {
                        z = false;
                        break;
                    }
                    break;
                case 451348737:
                    if (readCommandLine.equals(COMMAND_CHANGE_PRIVILEGE)) {
                        z = 6;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    startCommand();
                    break;
                case true:
                    stopCommand();
                    break;
                case true:
                    addUserCommand();
                    break;
                case true:
                    dropUserCommand();
                    break;
                case true:
                    changeAuthCommand();
                    break;
                case true:
                    passwordCommand();
                    break;
                case true:
                    changePrivilegeCommand();
                    break;
                default:
                    throw new IllegalArgumentException("Unknown command: " + readCommandLine);
            }
        } finally {
            try {
                cleanupPasswordData();
            } catch (IOException e) {
                e.printStackTrace();
            }
        }
    }

    private static void printUsage() {
        System.err.println("\nUSAGE: bsim_ctl [command]  required-args... [OPTIONS...}\n\n                start      </datadir-path> [--auth|-a pki|password|trust] [--noLocalAuth] [--cafile \"</cacert-path>\"] [--dn \"<distinguished-name>\"]\n                stop       </datadir-path> [--force]\n                adduser    </datadir-path> <username> [--dn \"<distinguished-name>\"]\n                dropuser   </datadir-path> <username>\n                changeauth </datadir-path> [--auth|-a pki|password|trust] [--noLocalAuth] [--cafile \"</cacert-path>\"]\n                resetpassword   <username>\n                changeprivilege <username> admin|user\n\nGlobal options:\n   --port|-p <portnum>\n   --user|-u <username>\n   --cert </certfile-path>\n\nNOTE: Options with values may also be specified using the form: --option=value\n");
    }

    @Override // ghidra.GhidraLaunchable
    public void launch(GhidraApplicationLayout ghidraApplicationLayout, String[] strArr) {
        if (strArr.length <= 1) {
            printUsage();
            return;
        }
        this.layout = ghidraApplicationLayout;
        boolean z = false;
        try {
            run(strArr);
            z = true;
        } catch (IllegalArgumentException e) {
            System.err.println("Error in command line arguments");
            System.err.println(e.getMessage());
        } catch (InterruptedException e2) {
            System.err.println("Command was interrupted");
            System.err.println(e2.getMessage());
        } catch (GeneralSecurityException e3) {
            System.err.println("Error establishing server certificate");
            System.err.println(e3.getMessage());
        } catch (SQLException e4) {
            System.err.println("Error connecting to the database");
            System.err.println(e4.getMessage());
        } catch (SAXException e5) {
            System.err.println("Error in server configuation data");
            System.err.println(e5.getMessage());
        } catch (Exception e6) {
            System.err.println("Unexpected error");
            e6.printStackTrace();
        }
        if (z) {
            return;
        }
        System.exit(1);
    }

    private void initializeApplication() throws IOException, ClassNotFoundException {
        if (this.layout != null) {
            BSimLaunchable.initializeApplication(this.layout, 0, this.connectingUserName, this.certParameter);
        }
    }

    static {
        SHORTCUT_OPTION_MAP.put("-a", AUTH_OPTION);
        SHORTCUT_OPTION_MAP.put("-p", PORT_OPTION);
        SHORTCUT_OPTION_MAP.put("-u", USER_OPTION);
        START_OPTIONS = Set.of(AUTH_OPTION, DN_OPTION, NO_LOCAL_AUTH_OPTION, CAFILE_OPTION);
        STOP_OPTIONS = Set.of(FORCE_OPTION);
        RESET_PASSWORD_OPTIONS = Set.of();
        CHANGE_PRIVILEGE_OPTIONS = Set.of();
        ADDUSER_OPTIONS = Set.of(DN_OPTION);
        DROPUSER_OPTIONS = Set.of();
        CHANGEAUTH_OPTIONS = Set.of(AUTH_OPTION, NO_LOCAL_AUTH_OPTION, CAFILE_OPTION);
        ALLOWED_OPTION_MAP = new HashMap();
        ALLOWED_OPTION_MAP.put(COMMAND_START, START_OPTIONS);
        ALLOWED_OPTION_MAP.put(COMMAND_STOP, STOP_OPTIONS);
        ALLOWED_OPTION_MAP.put(COMMAND_RESET_PASSWORD, RESET_PASSWORD_OPTIONS);
        ALLOWED_OPTION_MAP.put(COMMAND_CHANGE_PRIVILEGE, CHANGE_PRIVILEGE_OPTIONS);
        ALLOWED_OPTION_MAP.put(COMMAND_ADDUSER, ADDUSER_OPTIONS);
        ALLOWED_OPTION_MAP.put(COMMAND_DROPUSER, DROPUSER_OPTIONS);
        ALLOWED_OPTION_MAP.put(COMMAND_CHANGEAUTH, CHANGEAUTH_OPTIONS);
    }
}
