package org.ejbca.core.protocol.ws.client;

import java.io.FileOutputStream;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.spec.PKCS8EncodedKeySpec;
import org.apache.commons.lang.RandomStringUtils;
import org.cesecore.keys.util.KeyTools;
import org.cesecore.util.Base64;
import org.cesecore.util.CertTools;
import org.cesecore.util.CryptoProviderTools;
import org.cesecore.util.FileTools;
import org.ejbca.core.protocol.ws.client.gen.AuthorizationDeniedException_Exception;
import org.ejbca.core.protocol.ws.client.gen.EjbcaException_Exception;
import org.ejbca.core.protocol.ws.client.gen.UserDoesntFullfillEndEntityProfile_Exception;
import org.ejbca.cvc.CAReferenceField;
import org.ejbca.cvc.CVCAuthenticatedRequest;
import org.ejbca.cvc.CVCertificate;
import org.ejbca.cvc.CertificateGenerator;
import org.ejbca.cvc.CertificateParser;
import org.ejbca.cvc.HolderReferenceField;
import org.ejbca.ui.cli.ErrorAdminCommandException;
import org.ejbca.ui.cli.IAdminCommand;
import org.ejbca.ui.cli.IllegalAdminCommandException;

/* loaded from: input_file:org/ejbca/core/protocol/ws/client/CvcRequestCommand.class */
public class CvcRequestCommand extends EJBCAWSRABaseCommand implements IAdminCommand {
    private static final int ARG_USERNAME = 1;
    private static final int ARG_PASSWORD = 2;
    private static final int ARG_SUBJECTDN = 3;
    private static final int ARG_SEQUENCE = 4;
    private static final int ARG_SIGNALG = 5;
    private static final int ARG_KEYSPEC = 6;
    private static final int ARG_GENREQ = 7;
    private static final int ARG_BASEFILENAME = 8;
    private static final int ARG_AUTHSIGNKEY = 9;
    private static final int ARG_AUTHSIGNCERT = 10;

    public CvcRequestCommand(String[] strArr) {
        super(strArr);
    }

    public void execute() throws IllegalAdminCommandException, ErrorAdminCommandException {
        String str;
        try {
            if (this.args.length < 9 || this.args.length > 11) {
                getPrintStream().println("Number of arguments: " + this.args.length);
                usage();
                System.exit(-1);
            }
            String str2 = this.args[1];
            String str3 = this.args[2];
            String str4 = this.args[3];
            String str5 = this.args[4];
            String str6 = this.args[5];
            String str7 = this.args[6];
            boolean equalsIgnoreCase = this.args[7].equalsIgnoreCase("true");
            String str8 = this.args[8];
            String str9 = null;
            if (this.args.length > 9) {
                str9 = this.args[9];
            }
            String str10 = null;
            if (this.args.length > 10) {
                str10 = this.args[10];
            }
            getPrintStream().println("Enrolling user:");
            getPrintStream().println("Username: " + str2);
            getPrintStream().println("Subject name: " + str4);
            getPrintStream().println("Sequence: " + str5);
            getPrintStream().println("Signature algorithm: " + str6);
            getPrintStream().println("Key spec: " + str7);
            try {
                CryptoProviderTools.installBCProvider();
                if (equalsIgnoreCase) {
                    getPrintStream().println("Generating a new request with base filename: " + str8);
                    String str11 = str6.contains("ECDSA") ? "ECDSA" : "RSA";
                    KeyPair genKeys = KeyTools.genKeys(str7, str11);
                    String partFromDN = CertTools.getPartFromDN(str4, "C");
                    String partFromDN2 = CertTools.getPartFromDN(str4, "CN");
                    if (str5.equalsIgnoreCase("null")) {
                        str5 = RandomStringUtils.randomNumeric(5);
                        getPrintStream().println("No sequence given, using random 5 number sequence: " + str5);
                    }
                    CVCertificate createRequest = CertificateGenerator.createRequest(genKeys, str6, (CAReferenceField) null, new HolderReferenceField(partFromDN, partFromDN2, str5));
                    byte[] dEREncoded = createRequest.getDEREncoded();
                    if (str9 != null) {
                        getPrintStream().println("Reading private key from pkcs8 file " + str9 + " to create an authenticated request");
                        KeyPair keyPair = new KeyPair(null, KeyFactory.getInstance(str11, "BC").generatePrivate(new PKCS8EncodedKeySpec(FileTools.readFiletoBuffer(str9))));
                        CAReferenceField cAReferenceField = new CAReferenceField(partFromDN, partFromDN2, str5);
                        CVCertificate cVCertificate = null;
                        if (str10 != null) {
                            getPrintStream().println("Reading cert from cvcert file " + str10 + " to create an authenticated request");
                            cVCertificate = (CVCertificate) CvcPrintCommand.getCVCObject(str10);
                            cAReferenceField = new CAReferenceField(cVCertificate.getCertificateBody().getHolderReference().getCountry(), cVCertificate.getCertificateBody().getHolderReference().getMnemonic(), cVCertificate.getCertificateBody().getHolderReference().getSequence());
                        }
                        CVCAuthenticatedRequest createAuthenticatedRequest = CertificateGenerator.createAuthenticatedRequest(createRequest, keyPair, str6, cAReferenceField);
                        if (cVCertificate != null) {
                            getPrintStream().println("Verifying the request before sending it...");
                            createAuthenticatedRequest.verify(KeyTools.getECPublicKeyWithParams(cVCertificate.getCertificateBody().getPublicKey(), str7));
                        }
                        dEREncoded = createAuthenticatedRequest.getDEREncoded();
                    }
                    str = new String(Base64.encode(dEREncoded));
                    FileOutputStream fileOutputStream = new FileOutputStream(str8 + ".cvreq");
                    fileOutputStream.write(dEREncoded);
                    fileOutputStream.close();
                    getPrintStream().println("Wrote binary request to: " + str8 + ".cvreq");
                    FileOutputStream fileOutputStream2 = new FileOutputStream(str8 + ".pkcs8");
                    fileOutputStream2.write(genKeys.getPrivate().getEncoded());
                    fileOutputStream2.close();
                    getPrintStream().println("Wrote private key in " + genKeys.getPrivate().getFormat() + " format to to: " + str8 + ".pkcs8");
                } else {
                    getPrintStream().println("Reading request from filename: " + str8 + ".cvreq");
                    str = new String(Base64.encode(FileTools.readFiletoBuffer(str8 + ".cvreq")));
                }
                getPrintStream().println("Submitting CVC request for user '" + str2 + "'.");
                getPrintStream().println();
                CVCertificate parseCertificate = CertificateParser.parseCertificate(Base64.decode(getEjbcaRAWS().cvcRequest(str2, str3, str).get(0).getCertificateData()));
                FileOutputStream fileOutputStream3 = new FileOutputStream(str8 + ".cvcert");
                fileOutputStream3.write(parseCertificate.getDEREncoded());
                fileOutputStream3.close();
                getPrintStream().println("Wrote binary certificate to: " + str8 + ".cvcert");
                getPrintStream().println("You can look at the certificate with the command cvcwscli.sh cvcprint " + str8 + ".cvcert");
            } catch (AuthorizationDeniedException_Exception e) {
                getPrintStream().println("Error : " + e.getMessage());
            } catch (UserDoesntFullfillEndEntityProfile_Exception e2) {
                getPrintStream().println("Error : Given userdata doesn't fullfill end entity profile. : " + e2.getMessage());
            }
        } catch (Exception e3) {
            if (e3 instanceof EjbcaException_Exception) {
                getPrintStream().println("Error code is: " + ((EjbcaException_Exception) e3).getFaultInfo().getErrorCode().getInternalErrorCode());
            }
            throw new ErrorAdminCommandException(e3);
        }
    }

    @Override // org.ejbca.core.protocol.ws.client.EJBCAWSRABaseCommand
    protected void usage() {
        getPrintStream().println("Command used to make a CVC request. A user must exist, add one with 'ejbcawsracli.sh edituser'.");
        getPrintStream().println("Usage : cvcrequest <username> <password> <subjectdn> <sequence> <signatureAlg> <keyspec (1024|1536|2048|curve)><genreq=true|false> <basefilename> [<auth-sign-key>] [<auth-sign-cert>]\n\n");
        getPrintStream().println("SignatureAlg is used when generating a request and can be SHA1WithRSA, SHA256WithRSA, SHA256WithRSAAndMGF1, SHA1WithECDSA, SHA224WithECDSA, SHA256WithECDSA");
        getPrintStream().println("Keyspec is used when generating a request and is 1024, 1536, 2048, etc. for RSA keys and the name of a named curve for ECDSA, see User Guide for supported curves.");
        getPrintStream().println("DN is used when generating a request and is of form \"C=SE, CN=ISTEST2\", where SE is the country and ISTEST2 the mnemonic.");
        getPrintStream().println("Sequence is used when generating a request and is a sequence number for the public key, recomended form 00001 etc. If 'null' a random 5 number sequence will be generated.");
        getPrintStream().println("If genreq is true a new request is generated and the generated request is written to <basefilename>.cvreq, and the private key to <basefilename>.pkcs8.");
        getPrintStream().println("If genreq is false a request is read from <reqfilename>.cvreq and sent to the CA, the sequence from the command line is ignored.");
        getPrintStream().println("The issued certificate is written to <basefilename>.cvcert\n");
        getPrintStream().println("auth-sign-key is optional and if given the CVC request is signed by this key to create an authenticated CVC request.");
        getPrintStream().println("auth-sign-cert is optional and if given the caRef of the authenticated CVC request is taken from this CVC certificate.");
    }
}
