package org.forgerock.audit.handlers.csv;

import com.fasterxml.jackson.annotation.JsonProperty;
import java.io.File;
import java.io.PrintStream;
import java.nio.file.Path;
import java.security.PublicKey;
import java.util.HashSet;
import java.util.List;
import org.forgerock.audit.events.handlers.FileBasedEventHandlerConfiguration;
import org.forgerock.audit.handlers.csv.CsvSecureVerifier;
import org.forgerock.audit.retention.FileNamingPolicy;
import org.forgerock.audit.retention.TimeStampFileNamingPolicy;
import org.forgerock.audit.secure.JcaKeyStoreHandler;
import org.forgerock.audit.secure.KeyStoreHandlerDecorator;
import org.forgerock.audit.secure.KeyStoreSecureStorage;
import org.forgerock.audit.secure.SecureStorageException;
import org.forgerock.util.Option;
import org.forgerock.util.Options;
import org.forgerock.util.annotations.VisibleForTesting;
import org.forgerock.util.encode.Base64;
import org.supercsv.prefs.CsvPreference;

/* loaded from: input_file:WEB-INF/lib/handler-csv-2.1.4.jar:org/forgerock/audit/handlers/csv/CsvSecureArchiveVerifierCli.class */
public final class CsvSecureArchiveVerifierCli {
    private static final Option<Path> ARCHIVE_DIRECTORY = Option.of(Path.class, null);
    private static final Option<String> TOPIC = Option.of(String.class, null);
    private static final Option<String> PREFIX = Option.of(String.class, JsonProperty.USE_DEFAULT_NAME);
    private static final Option<String> SUFFIX = Option.of(String.class, FileBasedEventHandlerConfiguration.FileRotation.DEFAULT_ROTATION_FILE_SUFFIX);
    private static final Option<Path> KEYSTORE_FILE = Option.of(Path.class, null);
    private static final Option<String> KEYSTORE_PASSWORD = Option.of(String.class, null);

    @VisibleForTesting
    static PrintStream out = System.out;

    @VisibleForTesting
    static PrintStream err = System.err;

    @VisibleForTesting
    static FileNamingPolicyFactory fileNamingPolicyFactory = new DefaultFileNamingPolicyFactory();

    /* loaded from: input_file:WEB-INF/lib/handler-csv-2.1.4.jar:org/forgerock/audit/handlers/csv/CsvSecureArchiveVerifierCli$DefaultFileNamingPolicyFactory.class */
    static class DefaultFileNamingPolicyFactory implements FileNamingPolicyFactory {
        DefaultFileNamingPolicyFactory() {
        }

        @Override // org.forgerock.audit.handlers.csv.CsvSecureArchiveVerifierCli.FileNamingPolicyFactory
        public FileNamingPolicy newFileNamingPolicy(File file, String str, String str2) {
            return new TimeStampFileNamingPolicy(file, str, str2);
        }
    }

    /* loaded from: input_file:WEB-INF/lib/handler-csv-2.1.4.jar:org/forgerock/audit/handlers/csv/CsvSecureArchiveVerifierCli$FileNamingPolicyFactory.class */
    interface FileNamingPolicyFactory {
        FileNamingPolicy newFileNamingPolicy(File file, String str, String str2);
    }

    /* loaded from: input_file:WEB-INF/lib/handler-csv-2.1.4.jar:org/forgerock/audit/handlers/csv/CsvSecureArchiveVerifierCli$OptionsParser.class */
    static final class OptionsParser {
        static final String FLAG_ARCHIVE_DIRECTORY = "--archive";
        static final String FLAG_TOPIC = "--topic";
        static final String FLAG_PREFIX = "--prefix";
        static final String FLAG_SUFFIX = "--suffix";
        static final String FLAG_KEYSTORE_FILE = "--keystore";
        static final String FLAG_KEYSTORE_PASSWORD = "--password";
        private static final String DESC_ARCHIVE_DIRECTORY = "path to directory containing files to verify";
        private static final String DESC_TOPIC = "name of topic fileset to verify";
        private static final String DESC_PREFIX = "prefix prepended to archive files";
        private static final String DESC_SUFFIX = "format of timestamp suffix appended to archive files";
        private static final String DESC_KEYSTORE_FILE = "path to keystore file";
        private static final String DESC_KEYSTORE_PASSWORD = "keystore file password";
        private final PrintStream out;
        private final PrintStream err;

        OptionsParser(PrintStream printStream, PrintStream printStream2) {
            this.out = printStream;
            this.err = printStream2;
        }

        /* JADX WARN: Failed to find 'out' block for switch in B:18:0x0085. Please report as an issue. */
        Options parse(String[] strArr) {
            Options defaultOptions = Options.defaultOptions();
            if (strArr.length == 0) {
                printHelp();
                return null;
            }
            HashSet hashSet = new HashSet();
            for (int i = 0; i < strArr.length; i += 2) {
                boolean z = strArr.length == i + 1;
                String str = strArr[i];
                if (hashSet.contains(str)) {
                    this.err.println(str + " should only be provided once");
                    return null;
                }
                hashSet.add(str);
                String str2 = z ? null : strArr[i + 1];
                boolean z2 = -1;
                switch (str.hashCode()) {
                    case -1613149297:
                        if (str.equals(FLAG_TOPIC)) {
                            z2 = true;
                            break;
                        }
                        break;
                    case 535356290:
                        if (str.equals(FLAG_KEYSTORE_FILE)) {
                            z2 = 4;
                            break;
                        }
                        break;
                    case 637880098:
                        if (str.equals(FLAG_ARCHIVE_DIRECTORY)) {
                            z2 = false;
                            break;
                        }
                        break;
                    case 1232740411:
                        if (str.equals(FLAG_KEYSTORE_PASSWORD)) {
                            z2 = 5;
                            break;
                        }
                        break;
                    case 1419903026:
                        if (str.equals(FLAG_PREFIX)) {
                            z2 = 2;
                            break;
                        }
                        break;
                    case 1508590833:
                        if (str.equals(FLAG_SUFFIX)) {
                            z2 = 3;
                            break;
                        }
                        break;
                }
                switch (z2) {
                    case false:
                        defaultOptions.set(CsvSecureArchiveVerifierCli.ARCHIVE_DIRECTORY, getPathOption(str2, FLAG_ARCHIVE_DIRECTORY, DESC_ARCHIVE_DIRECTORY));
                        break;
                    case true:
                        defaultOptions.set(CsvSecureArchiveVerifierCli.TOPIC, getStringOption(str2, FLAG_TOPIC, DESC_TOPIC));
                        break;
                    case true:
                        defaultOptions.set(CsvSecureArchiveVerifierCli.PREFIX, getStringOption(str2, FLAG_PREFIX, DESC_PREFIX));
                        break;
                    case true:
                        defaultOptions.set(CsvSecureArchiveVerifierCli.SUFFIX, getStringOption(str2, FLAG_SUFFIX, DESC_SUFFIX));
                        break;
                    case true:
                        defaultOptions.set(CsvSecureArchiveVerifierCli.KEYSTORE_FILE, getPathOption(str2, FLAG_KEYSTORE_FILE, DESC_KEYSTORE_FILE));
                        break;
                    case true:
                        defaultOptions.set(CsvSecureArchiveVerifierCli.KEYSTORE_PASSWORD, getStringOption(str2, FLAG_KEYSTORE_PASSWORD, DESC_KEYSTORE_PASSWORD));
                        break;
                    default:
                        this.err.println("Unknown flag " + str);
                        return null;
                }
            }
            if (!hashSet.contains(FLAG_ARCHIVE_DIRECTORY) && defaultOptions.get(CsvSecureArchiveVerifierCli.ARCHIVE_DIRECTORY) == null) {
                this.err.println("path to directory containing files to verify must be specified using flag --archive");
                return null;
            }
            if (!hashSet.contains(FLAG_TOPIC) && defaultOptions.get(CsvSecureArchiveVerifierCli.TOPIC) == null) {
                this.err.println("name of topic fileset to verify must be specified using flag --topic");
                return null;
            }
            if (!hashSet.contains(FLAG_KEYSTORE_FILE) && defaultOptions.get(CsvSecureArchiveVerifierCli.KEYSTORE_FILE) == null) {
                this.err.println("path to keystore file must be specified using flag --keystore");
                return null;
            }
            if (hashSet.contains(FLAG_KEYSTORE_PASSWORD) || defaultOptions.get(CsvSecureArchiveVerifierCli.KEYSTORE_PASSWORD) != null) {
                return defaultOptions;
            }
            this.err.println("keystore file password must be specified using flag --password");
            return null;
        }

        private void printHelp() {
            this.out.println(String.format("arguments: %s <path> %s <topic> [%s <prefix>] [%s <suffix>] %s <path> %s <password>", FLAG_ARCHIVE_DIRECTORY, FLAG_TOPIC, FLAG_PREFIX, FLAG_SUFFIX, FLAG_KEYSTORE_FILE, FLAG_KEYSTORE_PASSWORD));
            this.out.println(JsonProperty.USE_DEFAULT_NAME);
            this.out.println(String.format("   %-15s %s", FLAG_ARCHIVE_DIRECTORY, DESC_ARCHIVE_DIRECTORY));
            this.out.println(String.format("   %-15s %s", FLAG_TOPIC, DESC_TOPIC));
            this.out.println(String.format("   %-15s %s", FLAG_PREFIX, DESC_PREFIX));
            this.out.println(String.format("   %-15s %s", FLAG_SUFFIX, DESC_SUFFIX));
            this.out.println(String.format("   %-15s %s", FLAG_KEYSTORE_FILE, DESC_KEYSTORE_FILE));
            this.out.println(String.format("   %-15s %s", FLAG_KEYSTORE_PASSWORD, DESC_KEYSTORE_PASSWORD));
        }

        private Path getPathOption(String str, String str2, String str3) {
            if (str == null) {
                this.err.println(str2 + " flag must be followed by " + str3);
                return null;
            }
            File file = new File(str);
            if (file.exists()) {
                return file.toPath();
            }
            this.err.println(file + " not found");
            return null;
        }

        private String getStringOption(String str, String str2, String str3) {
            if (str != null) {
                return str;
            }
            this.err.println(str2 + " flag must be followed by " + str3);
            return null;
        }
    }

    public static void main(String[] strArr) {
        PublicKey signaturePublicKey;
        String keystorePassword;
        Options parse = new OptionsParser(out, err).parse(strArr);
        if (parse == null) {
            return;
        }
        FileNamingPolicy newFileNamingPolicy = fileNamingPolicyFactory.newFileNamingPolicy(new File(((Path) parse.get(ARCHIVE_DIRECTORY)).toFile(), ((String) parse.get(TOPIC)) + ".csv"), (String) parse.get(SUFFIX), ((String) parse.get(PREFIX)) + "tamper-evident-");
        KeyStoreHandlerDecorator keyStoreHandlerDecorator = getKeyStoreHandlerDecorator((Path) parse.get(KEYSTORE_FILE), (String) parse.get(KEYSTORE_PASSWORD));
        if (keyStoreHandlerDecorator == null || (signaturePublicKey = getSignaturePublicKey(keyStoreHandlerDecorator)) == null || (keystorePassword = getKeystorePassword(keyStoreHandlerDecorator)) == null) {
            return;
        }
        printVerificationResults(new CsvSecureArchiveVerifier(newFileNamingPolicy, keystorePassword, signaturePublicKey, CsvPreference.EXCEL_PREFERENCE).verify(), out);
    }

    private static KeyStoreHandlerDecorator getKeyStoreHandlerDecorator(Path path, String str) {
        try {
            return new KeyStoreHandlerDecorator(new JcaKeyStoreHandler(KeyStoreSecureStorage.JCEKS_KEYSTORE_TYPE, path.toFile().getAbsolutePath(), str));
        } catch (Exception e) {
            err.println("Unable to open keystore");
            return null;
        }
    }

    private static PublicKey getSignaturePublicKey(KeyStoreHandlerDecorator keyStoreHandlerDecorator) {
        try {
            return keyStoreHandlerDecorator.readPublicKeyFromKeyStore(KeyStoreSecureStorage.ENTRY_SIGNATURE);
        } catch (SecureStorageException e) {
            err.println("Unable to read Signature public key from keystore");
            return null;
        }
    }

    private static String getKeystorePassword(KeyStoreHandlerDecorator keyStoreHandlerDecorator) {
        try {
            return Base64.encode(keyStoreHandlerDecorator.readSecretKeyFromKeyStore("Password").getEncoded());
        } catch (SecureStorageException e) {
            err.println("Unable to read Password secret key from keystore");
            return null;
        }
    }

    static void printVerificationResults(List<CsvSecureVerifier.VerificationResult> list, PrintStream printStream) {
        for (CsvSecureVerifier.VerificationResult verificationResult : list) {
            String name = verificationResult.getArchiveFile().getName();
            if (verificationResult.hasPassedVerification()) {
                printStream.println("PASS    " + name);
            } else {
                printStream.println("FAIL    " + name + "    " + verificationResult.getFailureReason());
            }
        }
    }

    private CsvSecureArchiveVerifierCli() {
    }
}
