package org.keycloak.client.cli.common;

import java.io.File;
import java.io.PrintWriter;
import org.keycloak.client.cli.config.ConfigData;
import org.keycloak.client.cli.config.ConfigHandler;
import org.keycloak.client.cli.config.FileConfigHandler;
import org.keycloak.client.cli.config.InMemoryConfigHandler;
import org.keycloak.client.cli.config.RealmConfigData;
import org.keycloak.client.cli.util.AuthUtil;
import org.keycloak.client.cli.util.ConfigUtil;
import org.keycloak.client.cli.util.HttpUtil;
import org.keycloak.common.util.IoUtils;
import org.keycloak.representations.idm.CredentialRepresentation;
import picocli.CommandLine;

/* loaded from: input_file:org/keycloak/client/cli/common/BaseAuthOptionsCmd.class */
public abstract class BaseAuthOptionsCmd extends BaseGlobalOptionsCmd {
    public static final String DEFAULT_CONFIG_PATH_STRING_KEY = "default.config.path.string";

    @CommandLine.Option(names = {"--config"}, description = {"Path to the config file (${sys:default.config.path.string} by default)"})
    protected String config;

    @CommandLine.Option(names = {"--no-config"}, description = {"Don't use config file - no authentication info is loaded or saved"})
    protected boolean noconfig;

    @CommandLine.Option(names = {"--server"}, description = {"Server endpoint url (e.g. 'http://localhost:8080')"})
    protected String server;

    @CommandLine.Option(names = {"--realm"}, description = {"Realm name to authenticate against"})
    protected String realm;

    @CommandLine.Option(names = {"--client"}, description = {"Realm name to authenticate against"})
    protected String clientId;

    @CommandLine.Option(names = {"--user"}, description = {"Username to login with"})
    protected String user;

    @CommandLine.Option(names = {"--password"}, description = {"Password to login with (prompted for if not specified, --user is used, and the env variable KC_CLI_PASSWORD is not defined)"})
    protected String password;

    @CommandLine.Option(names = {"--secret"}, description = {"Secret to authenticate the client (prompted for if no --user nor --keystore is specified, and the env variable KC_CLI_CLIENT_SECRET is not defined)"})
    protected String secret;

    @CommandLine.Option(names = {"--keystore"}, description = {"Path to a keystore containing private key"})
    protected String keystore;

    @CommandLine.Option(names = {"--storepass"}, description = {"Keystore password (prompted for if not specified, --keystore is used, and the env variable KC_CLI_STORE_PASSWORD is undefined)"})
    protected String storePass;

    @CommandLine.Option(names = {"--keypass"}, description = {"Key password (prompted for if not specified, --keystore is used without --storepass, and the env variable KC_CLI_KEY_PASSWORD is undefined, otherwise defaults to keystore password)"})
    protected String keyPass;

    @CommandLine.Option(names = {"--alias"}, description = {"Alias of the key inside a keystore (defaults to the value of ClientId)"})
    protected String alias;

    @CommandLine.Option(names = {"--truststore"}, description = {"Path to a truststore"})
    protected String trustStore;

    @CommandLine.Option(names = {"--trustpass"}, description = {"Truststore password (prompted for if not specified, --user is used, and the env variable KC_CLI_TRUSTSTORE_PASSWORD is not defined)"})
    protected String trustPass;

    @CommandLine.Option(names = {"--insecure"}, description = {"Turns off TLS validation"})
    protected boolean insecure;
    protected String externalToken;
    protected CommandState commandState;

    public BaseAuthOptionsCmd(CommandState commandState) {
        this.commandState = commandState;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getCommand() {
        return this.commandState.getCommand();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getDefaultConfigFilePath() {
        return this.commandState.getDefaultConfigFilePath();
    }

    protected void initFromParent(BaseAuthOptionsCmd baseAuthOptionsCmd) {
        this.noconfig = baseAuthOptionsCmd.noconfig;
        this.config = baseAuthOptionsCmd.config;
        this.server = baseAuthOptionsCmd.server;
        this.realm = baseAuthOptionsCmd.realm;
        this.clientId = baseAuthOptionsCmd.clientId;
        this.user = baseAuthOptionsCmd.user;
        this.password = baseAuthOptionsCmd.password;
        this.secret = baseAuthOptionsCmd.secret;
        this.keystore = baseAuthOptionsCmd.keystore;
        this.storePass = baseAuthOptionsCmd.storePass;
        this.keyPass = baseAuthOptionsCmd.keyPass;
        this.alias = baseAuthOptionsCmd.alias;
        this.trustStore = baseAuthOptionsCmd.trustStore;
        this.trustPass = baseAuthOptionsCmd.trustPass;
        this.externalToken = baseAuthOptionsCmd.externalToken;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void applyDefaultOptionValues() {
        if (this.clientId == null) {
            this.clientId = ConfigUtil.DEFAULT_CLIENT;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.keycloak.client.cli.common.BaseGlobalOptionsCmd
    public boolean nothingToDo() {
        return this.externalToken == null && this.server == null && this.realm == null && this.clientId == null && this.secret == null && this.user == null && this.password == null && this.keystore == null && this.storePass == null && this.keyPass == null && this.alias == null && this.trustStore == null && this.trustPass == null && this.config == null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.keycloak.client.cli.common.BaseGlobalOptionsCmd
    public void processOptions() {
        if (this.config != null && this.noconfig) {
            throw new IllegalArgumentException("Options --config and --no-config are mutually exclusive");
        }
        if (!this.noconfig) {
            FileConfigHandler.setConfigFile(this.config != null ? this.config : getDefaultConfigFilePath());
            ConfigUtil.setHandler(new FileConfigHandler());
            return;
        }
        InMemoryConfigHandler inMemoryConfigHandler = new InMemoryConfigHandler();
        ConfigData configData = new ConfigData();
        initConfigData(configData);
        inMemoryConfigHandler.setConfigData(configData);
        ConfigUtil.setHandler(inMemoryConfigHandler);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setupTruststore(ConfigData configData) {
        if (configData.getServerUrl().startsWith("https:")) {
            String str = this.trustStore;
            if (str == null) {
                str = configData.getTruststore();
            }
            if (str != null) {
                String str2 = this.trustPass;
                if (str2 == null) {
                    str2 = configData.getTrustpass();
                }
                if (str2 == null) {
                    str2 = System.getenv("KC_CLI_TRUSTSTORE_PASSWORD");
                }
                if (str2 == null) {
                    str2 = IoUtils.readPasswordFromConsole("truststore password");
                }
                try {
                    HttpUtil.setTruststore(new File(str), str2);
                } catch (Exception e) {
                    throw new RuntimeException("Failed to load truststore: " + str, e);
                }
            }
            if (this.insecure) {
                HttpUtil.setSkipCertificateValidation();
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ConfigData ensureAuthInfo(ConfigData configData) {
        if (!requiresLogin()) {
            ConfigUtil.checkServerInfo(configData, getCommand());
            applyDefaultOptionValues();
            return ConfigUtil.loadConfig();
        }
        ConfigHandler handler = ConfigUtil.getHandler();
        try {
            try {
                applyDefaultOptionValues();
                initConfigData(configData);
                ConfigUtil.setupInMemoryHandler(configData);
                BaseConfigCredentialsCmd baseConfigCredentialsCmd = new BaseConfigCredentialsCmd(this.commandState);
                baseConfigCredentialsCmd.initFromParent(this);
                baseConfigCredentialsCmd.init(configData);
                baseConfigCredentialsCmd.process();
                ConfigData loadConfig = ConfigUtil.loadConfig();
                ConfigUtil.setHandler(handler);
                return loadConfig;
            } catch (RuntimeException e) {
                throw e;
            } catch (Exception e2) {
                throw new RuntimeException(e2);
            }
        } catch (Throwable th) {
            ConfigUtil.setHandler(handler);
            throw th;
        }
    }

    protected boolean requiresLogin() {
        return this.externalToken == null && !(this.user == null && this.password == null && this.secret == null && this.keystore == null && this.keyPass == null && this.storePass == null && this.alias == null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ConfigData copyWithServerInfo(ConfigData configData) {
        ConfigData deepcopy = configData.deepcopy();
        if (this.server != null) {
            deepcopy.setServerUrl(this.server);
        }
        if (this.realm != null) {
            deepcopy.setRealm(this.realm);
        }
        if (this.externalToken != null) {
            deepcopy.setExternalToken(this.externalToken);
        }
        ConfigUtil.checkServerInfo(deepcopy, getCommand());
        return deepcopy;
    }

    private void initConfigData(ConfigData configData) {
        if (this.server != null) {
            configData.setServerUrl(this.server);
        }
        if (this.realm != null) {
            configData.setRealm(this.realm);
        }
        if (this.trustStore != null) {
            configData.setTruststore(this.trustStore);
        }
        if (this.externalToken != null) {
            configData.setExternalToken(this.externalToken);
        }
        RealmConfigData sessionRealmConfigData = configData.sessionRealmConfigData();
        if (this.clientId != null) {
            sessionRealmConfigData.setClientId(this.clientId);
        }
        if (this.secret != null) {
            sessionRealmConfigData.setSecret(this.secret);
        }
        sessionRealmConfigData.setGrantTypeForAuthentication(this.user == null ? "client_credentials" : CredentialRepresentation.PASSWORD);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String ensureToken(ConfigData configData) {
        return AuthUtil.ensureToken(configData, getCommand());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void globalOptions(PrintWriter printWriter) {
        printWriter.println();
        printWriter.println("Arguments:");
        printWriter.println();
        printWriter.println("  Global options:");
        printWriter.println("    -x                    Print full stack trace when exiting with error");
        printWriter.println("    --config              Path to the config file (" + this.commandState.getDefaultConfigFilePath() + " by default)");
        printWriter.println("    --no-config           Don't use config file - no authentication info is loaded or saved");
        if (this.commandState.isTokenGlobal()) {
            printWriter.println("    --token               Token to use to invoke on Keycloak.  Other credential may be ignored if this flag is set.");
        }
        printWriter.println("    --truststore PATH     Path to a truststore containing trusted certificates");
        printWriter.println("    --trustpass PASSWORD  Truststore password (prompted for if not specified, --truststore is used, and the KC_CLI_TRUSTSTORE_PASSWORD env property is not defined)");
        printWriter.println("    CREDENTIALS OPTIONS   Same set of options as accepted by '" + this.commandState.getCommand() + " config credentials' in order to establish");
        printWriter.println("                          an authenticated sessions. In combination with --no-config option this allows transient");
        printWriter.println("                          (on-the-fly) authentication to be performed which leaves no tokens in config file.");
        printWriter.println();
    }
}
