package org.ejbca.core.protocol.ws.client;

import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import org.cesecore.util.CertTools;
import org.cesecore.util.CryptoProviderTools;
import org.cesecore.util.FileTools;
import org.ejbca.core.protocol.ws.client.gen.EjbcaException_Exception;
import org.ejbca.ui.cli.ErrorAdminCommandException;
import org.ejbca.ui.cli.IAdminCommand;
import org.ejbca.ui.cli.IllegalAdminCommandException;

/* loaded from: input_file:org/ejbca/core/protocol/ws/client/CaCertRequestCommand.class */
public class CaCertRequestCommand extends EJBCAWSRABaseCommand implements IAdminCommand {
    private static final int ARG_CANAME = 1;
    private static final int ARG_CACHAIN = 2;
    private static final int ARG_REGENKEYS = 3;
    private static final int ARG_ACIVATEKEYS = 4;
    private static final int ARG_USENEXTKEY = 5;
    private static final int ARG_OUTFILE = 6;
    private static final int ARG_KEYSTOREPWD = 7;

    public CaCertRequestCommand(String[] strArr) {
        super(strArr);
    }

    public void execute() throws IllegalAdminCommandException, ErrorAdminCommandException {
        try {
            if (this.args.length < 7 || this.args.length > 8) {
                getPrintStream().println("Number of arguments: " + this.args.length);
                usage();
                System.exit(-1);
            }
            CryptoProviderTools.installBCProvider();
            String str = this.args[1];
            String str2 = this.args[2];
            boolean equalsIgnoreCase = this.args[3].equalsIgnoreCase("true");
            boolean equalsIgnoreCase2 = this.args[4].equalsIgnoreCase("true");
            boolean equalsIgnoreCase3 = this.args[5].equalsIgnoreCase("true");
            String str3 = this.args[6];
            String str4 = null;
            if (this.args.length > 7) {
                str4 = this.args[7];
            }
            if (equalsIgnoreCase && str4 == null) {
                System.out.print("Enter CA token password: ");
                str4 = String.valueOf(System.console().readPassword());
            }
            getPrintStream().println("Creating request for CA: " + str);
            getPrintStream().println("CA chain file: " + str2);
            getPrintStream().println("Regenerate keys: " + equalsIgnoreCase);
            getPrintStream().println("Activate keys: " + equalsIgnoreCase2);
            getPrintStream().println("Use next key: " + equalsIgnoreCase3);
            getPrintStream().println("Output file: " + str3);
            ArrayList arrayList = new ArrayList();
            if (!str2.equalsIgnoreCase("NULL")) {
                try {
                    Iterator it = CertTools.getCertsFromPEM(new FileInputStream(str2)).iterator();
                    while (it.hasNext()) {
                        arrayList.add(((Certificate) it.next()).getEncoded());
                    }
                } catch (IOException e) {
                    arrayList.add(CertTools.getCertfromByteArray(FileTools.readFiletoBuffer(str2)).getEncoded());
                }
            }
            byte[] caRenewCertRequest = getEjbcaRAWS().caRenewCertRequest(str, arrayList, equalsIgnoreCase, equalsIgnoreCase3, equalsIgnoreCase2, str4);
            if (caRenewCertRequest != null) {
                FileOutputStream fileOutputStream = new FileOutputStream(str3);
                fileOutputStream.write(caRenewCertRequest);
                fileOutputStream.close();
                getPrintStream().println("Wrote certificate request to file: " + str3);
            } else {
                getPrintStream().println("Received null reply. Does the CA exists and does the admin have renew privileges for this CA?");
            }
        } catch (Exception e2) {
            if (e2 instanceof EjbcaException_Exception) {
                getPrintStream().println("Error code is: " + ((EjbcaException_Exception) e2).getFaultInfo().getErrorCode().getInternalErrorCode());
            }
            throw new ErrorAdminCommandException(e2);
        }
    }

    @Override // org.ejbca.core.protocol.ws.client.EJBCAWSRABaseCommand
    protected void usage() {
        getPrintStream().println("Command used to make a certificate request from a CA to an external CA. Can be X.509 or CVC. Can be used for cross certification and for renewing a Sub CA.");
        getPrintStream().println("Usage : cacertrequest <caname> <cachainfile | NULL> <regenkeys true/false> <activatekeys true/false> <usenextkey true/false> <outfile> [<CA token password>]\n\n");
        getPrintStream().println("Caname is the name of the CA that will generate the request.");
        getPrintStream().println("Cachainfile is a file with the certificate chain of the external CA. This can be a file with several PEM certificates in it, or a file with a single PEM or binary Root CA certificate.");
        getPrintStream().println("  Specifying NULL means that no cachain is supplied.");
        getPrintStream().println("Regenkeys will generate new CA signing keys that will be used to sign the request.");
        getPrintStream().println("Activatekeys is valid if regenkeys=true. Activatekeys determins if the new keys will be activated by the CA immediately or not. If activated immediately the CA will be set in status \"waiting for certificate response\". In this state the CA will not be able to issue certificates until the response from the external CA has been imported. If activatekeys=false the new keys will be used to generate the request, but the old keys will still be active until the response from the external CA is imported.");
        getPrintStream().println("Usenextkey is valid if regenkeys=false but there has already been a call with regenkeys=true and activatekeys=false. This will then generate a new request using the new, not yet activated keys. Useful if the original request got lost, or if the same key should be used to generate a request for several external CAs.");
        getPrintStream().println("Outfile is the filename where the resulting request will be written, in binary format.");
        getPrintStream().println("CA token password is needed if regenkeys=true. If not given this command will prompt for the input if regenkeys=true.");
    }
}
