package org.xipki.scep.client.shell;

import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import org.apache.karaf.shell.api.action.Completion;
import org.apache.karaf.shell.api.action.Option;
import org.xipki.console.karaf.XipkiCommandSupport;
import org.xipki.console.karaf.completer.FilePathCompleter;
import org.xipki.scep.client.CaIdentifier;
import org.xipki.scep.client.PreprovisionedCaCertValidator;
import org.xipki.scep.client.ScepClient;
import org.xipki.security.util.KeyUtil;
import org.xipki.security.util.X509Util;

/* loaded from: input_file:org/xipki/scep/client/shell/ClientCommandSupport.class */
public abstract class ClientCommandSupport extends XipkiCommandSupport {

    @Option(name = "--url", required = true, description = "URL of the SCEP server\n(required)")
    protected String url;

    @Option(name = "--ca-id", description = "CA identifier")
    protected String caId;

    @Option(name = "--ca-cert", required = true, description = "CA certificate\n(required)")
    @Completion(FilePathCompleter.class)
    private String caCertFile;

    @Option(name = "--p12", required = true, description = "PKCS#12 keystore file\n(required)")
    @Completion(FilePathCompleter.class)
    private String p12File;

    @Option(name = "--password", description = "password of the PKCS#12 file")
    private String password;
    private ScepClient scepClient;
    private PrivateKey identityKey;
    private X509Certificate identityCert;

    /* JADX INFO: Access modifiers changed from: protected */
    public ScepClient getScepClient() throws CertificateException, IOException {
        if (this.scepClient == null) {
            this.scepClient = new ScepClient(new CaIdentifier(this.url, this.caId), new PreprovisionedCaCertValidator(X509Util.parseCert(this.caCertFile)));
        }
        return this.scepClient;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public PrivateKey getIdentityKey() throws Exception {
        if (this.identityKey == null) {
            readIdentity();
        }
        return this.identityKey;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public X509Certificate getIdentityCert() throws Exception {
        if (this.identityCert == null) {
            readIdentity();
        }
        return this.identityCert;
    }

    private void readIdentity() throws Exception {
        char[] readPasswordIfNotSet = readPasswordIfNotSet(this.password);
        KeyStore keyStore = KeyUtil.getKeyStore("PKCS12");
        keyStore.load(new FileInputStream(this.p12File), readPasswordIfNotSet);
        String str = null;
        Enumeration<String> aliases = keyStore.aliases();
        while (true) {
            if (!aliases.hasMoreElements()) {
                break;
            }
            String nextElement = aliases.nextElement();
            if (keyStore.isKeyEntry(nextElement)) {
                str = nextElement;
                break;
            }
        }
        if (str == null) {
            throw new Exception("no key entry is contained in the keystore");
        }
        this.identityKey = (PrivateKey) keyStore.getKey(str, readPasswordIfNotSet);
        this.identityCert = (X509Certificate) keyStore.getCertificate(str);
    }
}
