package org.elasticsearch.shield.crypto.tool;

import com.google.common.collect.Sets;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.StandardOpenOption;
import java.nio.file.attribute.PosixFileAttributeView;
import java.nio.file.attribute.PosixFilePermission;
import java.util.Set;
import org.apache.commons.cli.CommandLine;
import org.elasticsearch.common.SuppressForbidden;
import org.elasticsearch.common.cli.CheckFileCommand;
import org.elasticsearch.common.cli.CliTool;
import org.elasticsearch.common.cli.CliToolConfig;
import org.elasticsearch.common.cli.Terminal;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.env.Environment;
import org.elasticsearch.shield.crypto.InternalCryptoService;

/* loaded from: input_file:lib/shield-2.4.0.jar:org/elasticsearch/shield/crypto/tool/SystemKeyTool.class */
public class SystemKeyTool extends CliTool {
    public static final Set<PosixFilePermission> PERMISSION_OWNER_READ_WRITE = Sets.newHashSet(new PosixFilePermission[]{PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE});
    private static final CliToolConfig CONFIG = CliToolConfig.config("syskey", SystemKeyTool.class).cmds(new CliToolConfig.Cmd[]{Generate.CMD}).build();

    /* loaded from: input_file:lib/shield-2.4.0.jar:org/elasticsearch/shield/crypto/tool/SystemKeyTool$Generate.class */
    static class Generate extends CheckFileCommand {
        private static final CliToolConfig.Cmd CMD = CliToolConfig.Builder.cmd("generate", Generate.class).build();
        final Path path;

        Generate(Terminal terminal, Path path) {
            super(terminal);
            this.path = path;
        }

        public static CliTool.Command parse(Terminal terminal, CommandLine commandLine, Environment environment) {
            String[] args = commandLine.getArgs();
            if (args.length > 1) {
                return SystemKeyTool.exitCmd(CliTool.ExitStatus.USAGE, terminal, "Too many arguments", new Object[0]);
            }
            return new Generate(terminal, args.length != 0 ? environment.binFile().getParent().resolve(args[0]) : null);
        }

        protected Path[] pathsForPermissionsCheck(Settings settings, Environment environment) {
            Path path = this.path;
            if (path == null) {
                path = InternalCryptoService.resolveSystemKey(settings, environment);
            }
            return new Path[]{path};
        }

        public CliTool.ExitStatus doExecute(Settings settings, Environment environment) throws Exception {
            Path path = this.path;
            if (path == null) {
                try {
                    path = InternalCryptoService.resolveSystemKey(settings, environment);
                } catch (IOException e) {
                    this.terminal.printError("Cannot generate and save system key file [%s]", new Object[]{path.toAbsolutePath()});
                    return CliTool.ExitStatus.IO_ERROR;
                }
            }
            this.terminal.println(Terminal.Verbosity.VERBOSE, "generating...", new Object[0]);
            byte[] generateKey = InternalCryptoService.generateKey();
            this.terminal.println("Storing generated key in [%s]...", new Object[]{path.toAbsolutePath()});
            Files.write(path, generateKey, StandardOpenOption.CREATE, StandardOpenOption.TRUNCATE_EXISTING);
            if (Environment.getFileStore(path).supportsFileAttributeView(PosixFileAttributeView.class)) {
                try {
                    Files.setPosixFilePermissions(path, SystemKeyTool.PERMISSION_OWNER_READ_WRITE);
                    this.terminal.println("Ensure the generated key can be read by the user that Elasticsearch runs as, permissions are set to owner read/write only", new Object[0]);
                } catch (IOException e2) {
                    this.terminal.printError("Cannot set owner read/write permissions to generated system key file [%s]", new Object[]{path.toAbsolutePath()});
                    return CliTool.ExitStatus.IO_ERROR;
                }
            }
            return CliTool.ExitStatus.OK;
        }
    }

    public static void main(String[] strArr) throws Exception {
        exit(new SystemKeyTool().execute(strArr).status());
    }

    @SuppressForbidden(reason = "Allowed to exit explicitly from #main()")
    private static void exit(int i) {
        System.exit(i);
    }

    public SystemKeyTool() {
        super(CONFIG);
    }

    protected CliTool.Command parse(String str, CommandLine commandLine) throws Exception {
        return Generate.parse(this.terminal, commandLine, this.env);
    }
}
