package net.bluemind.cli.certificate;

import java.util.Optional;
import net.bluemind.cli.cmd.api.CliContext;
import net.bluemind.cli.cmd.api.CliException;
import net.bluemind.cli.cmd.api.ICmdLet;
import net.bluemind.cli.cmd.api.ICmdLetRegistration;
import net.bluemind.cli.utils.CliUtils;
import net.bluemind.cli.utils.Tasks;
import net.bluemind.core.api.Regex;
import net.bluemind.core.container.model.ItemValue;
import net.bluemind.core.task.api.TaskStatus;
import net.bluemind.system.api.CertData;
import net.bluemind.system.api.ISecurityMgmt;
import picocli.CommandLine;

@CommandLine.Command(name = "manage-lets-encrypt", description = {"Setup or renew Let's Encrypt for the specified domain.\nTo enable globally: specify global.virt domain, or don't specify the domain.\nIf enabled globally, a certificate can ALSO be used per domain (specify --domain=)."})
/* loaded from: input_file:net/bluemind/cli/certificate/LetsEncryptManageCommand.class */
public class LetsEncryptManageCommand implements ICmdLet, Runnable, CommandLine.IExitCodeGenerator {
    private CliContext ctx;
    private CliUtils cliUtils;

    @CommandLine.Option(required = false, names = {"--domain", "-d"}, description = {"The domain, default 'global.virt'"})
    public String domain;

    @CommandLine.Option(required = false, names = {"--contact", "-c"}, description = {"The contact email to use for the certificate (default: no-reply@<default-domain>)."})
    public String contactEmail;
    private int exitCode = 0;

    @CommandLine.Option(required = false, names = {"--silent", "-s"}, description = {"Automatically accept Let's Encrypt Terms."})
    public boolean silent = false;

    /* loaded from: input_file:net/bluemind/cli/certificate/LetsEncryptManageCommand$Reg.class */
    public static class Reg implements ICmdLetRegistration {
        public Optional<String> group() {
            return Optional.of("certificate");
        }

        public Class<? extends ICmdLet> commandClass() {
            return LetsEncryptManageCommand.class;
        }
    }

    @Override // java.lang.Runnable
    public void run() {
        if (this.contactEmail != null && !Regex.EMAIL.validate(this.contactEmail)) {
            throw new CliException("Invalid contact email format");
        }
        if (this.domain == null || this.domain.isEmpty()) {
            this.domain = "global.virt";
        }
        ItemValue itemValue = (ItemValue) this.cliUtils.getDomain(this.domain).orElseThrow(() -> {
            return new CliException(String.format("Domain '%s' not found", this.domain));
        });
        ISecurityMgmt iSecurityMgmt = (ISecurityMgmt) this.ctx.adminApi().instance(ISecurityMgmt.class, new String[0]);
        if (!this.silent) {
            this.ctx.info(String.format("Let's Encrypt conditions: %s", iSecurityMgmt.getLetsEncryptTos()));
            if (!"y".equalsIgnoreCase(System.console().readLine("Do you accept Let's Encrypt conditions? y/n: ", new Object[0]))) {
                throw new CliException("Let's Encrypt not enabled, because conditions not accepted.");
            }
        }
        try {
            iSecurityMgmt.approveLetsEncryptTos(itemValue.uid);
            this.ctx.info(String.format("Let's Encrypt conditions accepted for domain '%s'.", this.domain));
            TaskStatus follow = Tasks.follow(this.ctx, iSecurityMgmt.generateLetsEncrypt(CertData.createForLetsEncrypt(itemValue.uid, this.contactEmail)), this.domain, String.format("Failed to get certificate for domain %s", this.domain));
            if (follow == null || follow.state != TaskStatus.State.Success) {
                return;
            }
            this.ctx.info(String.format("Let's Encrypt Certificate generated for domain '%s'.", this.domain));
        } catch (Exception e) {
            throw new CliException(e);
        }
    }

    public int getExitCode() {
        return this.exitCode;
    }

    public Runnable forContext(CliContext cliContext) {
        this.ctx = cliContext;
        this.cliUtils = new CliUtils(cliContext);
        return this;
    }
}
