package net.bluemind.cli.authentication;

import java.io.File;
import java.io.IOException;
import java.net.URL;
import java.nio.file.Files;
import java.util.Base64;
import java.util.Map;
import java.util.Optional;
import net.bluemind.cli.cmd.api.CliContext;
import net.bluemind.cli.cmd.api.CliException;
import net.bluemind.cli.cmd.api.ICmdLet;
import net.bluemind.cli.cmd.api.ICmdLetRegistration;
import net.bluemind.cli.utils.CliUtils;
import net.bluemind.core.api.auth.AuthDomainProperties;
import net.bluemind.core.api.auth.AuthTypes;
import net.bluemind.core.api.fault.ServerFault;
import net.bluemind.core.container.model.ItemValue;
import net.bluemind.domain.api.Domain;
import net.bluemind.domain.api.IDomains;
import picocli.CommandLine;

@CommandLine.Command(name = "set-conf", description = {"Set domain authentication configuration"})
/* loaded from: input_file:net/bluemind/cli/authentication/SetAuthConfCommand.class */
public class SetAuthConfCommand implements ICmdLet, Runnable {

    @CommandLine.Spec
    private static CommandLine.Model.CommandSpec spec;

    @CommandLine.Option(required = true, names = {"--domain"}, description = {"Set authentication configuration for this domain UID or alias"})
    public String domain;

    @CommandLine.ArgGroup(exclusive = true, multiplicity = "1")
    private Scope scope;
    private CliContext ctx;
    private CliUtils cliUtils;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:net/bluemind/cli/authentication/SetAuthConfCommand$AuthCas.class */
    public static class AuthCas {
        public URL casUrl;

        private AuthCas() {
        }

        @CommandLine.Option(required = true, names = {"--cas-url"}, description = {"CAS server http(s) URL ending with /"})
        public void setCasUrl(URL url) {
            if (url == null || !url.toString().endsWith("/")) {
                throw new CommandLine.ParameterException(SetAuthConfCommand.spec.commandLine(), "CAS URL should be a valid http(s) url and end with /");
            }
            this.casUrl = url;
        }

        public void enable(ItemValue<Domain> itemValue) {
            ((Domain) itemValue.value).properties.put(AuthDomainProperties.AUTH_TYPE.name(), AuthTypes.CAS.name());
            ((Domain) itemValue.value).properties.put(AuthDomainProperties.CAS_URL.name(), this.casUrl.toString());
        }

        public static void disable(ItemValue<Domain> itemValue) {
            ((Domain) itemValue.value).properties.remove(AuthDomainProperties.AUTH_TYPE.name());
            ((Domain) itemValue.value).properties.remove(AuthDomainProperties.CAS_URL.name());
        }
    }

    /* loaded from: input_file:net/bluemind/cli/authentication/SetAuthConfCommand$AuthInternal.class */
    private static class AuthInternal {

        @CommandLine.Option(required = true, names = {"--internal"}, description = {"Enable internal authentication"})
        public Boolean internal;

        private AuthInternal() {
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:net/bluemind/cli/authentication/SetAuthConfCommand$AuthKerberos.class */
    public static class AuthKerberos {
        public String krbAdDomain;

        @CommandLine.Option(required = true, names = {"--krb-ad-ip"}, description = {"Active directory server IP or FQDN"})
        public String krbAdIp;

        @CommandLine.ArgGroup(exclusive = true, multiplicity = "1")
        public Keytab keytab;

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:net/bluemind/cli/authentication/SetAuthConfCommand$AuthKerberos$Keytab.class */
        public static class Keytab {

            @CommandLine.Option(required = false, names = {"--krb-keytab"}, description = {"Base64 encoded Active directory keytab content"})
            public String base64;
            public File file;

            private Keytab() {
            }

            @CommandLine.Option(required = false, names = {"--krb-keytab-file"}, description = {"Path to Active directory keytab"})
            public void setKeytabFile(File file) {
                if (file == null || !file.exists()) {
                    throw new CommandLine.ParameterException(SetAuthConfCommand.spec.commandLine(), "Keytab file must exists and readable");
                }
                this.file = file;
            }

            /* JADX INFO: Access modifiers changed from: private */
            public String loadFromFile() {
                try {
                    return Base64.getEncoder().encodeToString(Files.readAllBytes(this.file.toPath()));
                } catch (IOException unused) {
                    throw new CliException("Could not read keytab file " + String.valueOf(this.file));
                }
            }

            static /* synthetic */ String access$0(Keytab keytab) {
                return keytab.loadFromFile();
            }
        }

        private AuthKerberos() {
        }

        @CommandLine.Option(required = true, names = {"--krb-ad-domain"}, paramLabel = "AD.DOMAIN.TLD", description = {"Active directory kerberos domain", "Upper case only"})
        public void setKrbAdDomain(String str) {
            if (!str.equals(str.toUpperCase())) {
                throw new CommandLine.ParameterException(SetAuthConfCommand.spec.commandLine(), "Active directory kerberos domain must be in upper case");
            }
            this.krbAdDomain = str;
        }

        public void enable(ItemValue<Domain> itemValue) {
            ((Domain) itemValue.value).properties.put(AuthDomainProperties.AUTH_TYPE.name(), AuthTypes.KERBEROS.name());
            ((Domain) itemValue.value).properties.put(AuthDomainProperties.KRB_AD_DOMAIN.name(), this.krbAdDomain);
            ((Domain) itemValue.value).properties.put(AuthDomainProperties.KRB_AD_IP.name(), this.krbAdIp);
            Map map = ((Domain) itemValue.value).properties;
            String name = AuthDomainProperties.KRB_KEYTAB.name();
            Optional ofNullable = Optional.ofNullable(this.keytab.base64);
            Keytab keytab = this.keytab;
            keytab.getClass();
            map.put(name, (String) ofNullable.orElseGet(() -> {
                return Keytab.access$0(r3);
            }));
        }

        public static void disable(ItemValue<Domain> itemValue) {
            ((Domain) itemValue.value).properties.remove(AuthDomainProperties.KRB_AD_DOMAIN.name());
            ((Domain) itemValue.value).properties.remove(AuthDomainProperties.KRB_AD_IP.name());
            ((Domain) itemValue.value).properties.remove(AuthDomainProperties.KRB_KEYTAB.name());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:net/bluemind/cli/authentication/SetAuthConfCommand$AuthOpenId.class */
    public static class AuthOpenId {

        @CommandLine.Option(required = true, names = {"--openid-server-url"}, description = {"OpenId third-party server URL"})
        public String openIdServerUrl;

        @CommandLine.Option(required = true, names = {"--openid-client-id"}, description = {"OpenId client ID"})
        public String openIdClientId;

        @CommandLine.Option(required = true, names = {"--openid-client-secret"}, description = {"OpenId client secret"})
        public String openIdClientSecret;

        private AuthOpenId() {
        }

        public void enable(ItemValue<Domain> itemValue) {
            ((Domain) itemValue.value).properties.put(AuthDomainProperties.AUTH_TYPE.name(), AuthTypes.OPENID.name());
            ((Domain) itemValue.value).properties.put(AuthDomainProperties.OPENID_HOST.name(), this.openIdServerUrl);
            ((Domain) itemValue.value).properties.put(AuthDomainProperties.OPENID_CLIENT_ID.name(), this.openIdClientId);
            ((Domain) itemValue.value).properties.put(AuthDomainProperties.OPENID_CLIENT_SECRET.name(), this.openIdClientSecret);
        }

        public static void disable(ItemValue<Domain> itemValue) {
            ((Domain) itemValue.value).properties.remove(AuthDomainProperties.OPENID_HOST.name());
            ((Domain) itemValue.value).properties.remove(AuthDomainProperties.OPENID_CLIENT_ID.name());
            ((Domain) itemValue.value).properties.remove(AuthDomainProperties.OPENID_CLIENT_SECRET.name());
        }
    }

    /* loaded from: input_file:net/bluemind/cli/authentication/SetAuthConfCommand$Reg.class */
    public static class Reg implements ICmdLetRegistration {
        public Optional<String> group() {
            return Optional.of("auth");
        }

        public Class<? extends ICmdLet> commandClass() {
            return SetAuthConfCommand.class;
        }
    }

    /* loaded from: input_file:net/bluemind/cli/authentication/SetAuthConfCommand$Scope.class */
    private static class Scope {

        @CommandLine.ArgGroup(exclusive = false, heading = "Set internal authentication%n")
        AuthInternal internal;

        @CommandLine.ArgGroup(exclusive = false, heading = "Set CAS authentication%n")
        AuthCas cas;

        @CommandLine.ArgGroup(exclusive = false, heading = "Set Kerberos authentication%n")
        AuthKerberos kerberos;

        @CommandLine.ArgGroup(exclusive = false, heading = "Set third-party OpenID authentication server%n")
        AuthOpenId openId;

        private Scope() {
        }
    }

    @Override // java.lang.Runnable
    public void run() {
        IDomains iDomains = (IDomains) this.ctx.adminApi().instance(IDomains.class, new String[0]);
        ItemValue itemValue = (ItemValue) Optional.ofNullable(this.cliUtils.getDomainUidByDomain(this.domain)).map(str -> {
            return iDomains.get(str);
        }).filter(itemValue2 -> {
            return !((Domain) itemValue2.value).global;
        }).orElseThrow(() -> {
            return new CliException("Domain must not be global");
        });
        Optional.ofNullable(this.scope.internal).ifPresent(authInternal -> {
            ((Domain) itemValue.value).properties.put(AuthDomainProperties.AUTH_TYPE.name(), AuthTypes.INTERNAL.name());
        });
        Optional.ofNullable(this.scope.cas).ifPresentOrElse(authCas -> {
            authCas.enable(itemValue);
        }, () -> {
            AuthCas.disable(itemValue);
        });
        Optional.ofNullable(this.scope.kerberos).ifPresentOrElse(authKerberos -> {
            authKerberos.enable(itemValue);
        }, () -> {
            AuthKerberos.disable(itemValue);
        });
        Optional.ofNullable(this.scope.openId).ifPresentOrElse(authOpenId -> {
            authOpenId.enable(itemValue);
        }, () -> {
            AuthOpenId.disable(itemValue);
        });
        try {
            iDomains.update(itemValue.uid, (Domain) itemValue.value);
        } catch (ServerFault e) {
            throw new CliException(e.getMessage());
        }
    }

    public Runnable forContext(CliContext cliContext) {
        this.ctx = cliContext;
        this.cliUtils = new CliUtils(cliContext);
        return this;
    }
}
