package com.ibm.cfwk.tools;

import com.ibm.asn1.ASN1OID;
import com.ibm.cfwk.API;
import com.ibm.cfwk.Algorithm;
import com.ibm.cfwk.Key;
import com.ibm.util.getopt.ArgEater;
import com.ibm.util.getopt.DateData;
import com.ibm.util.getopt.FileData;
import com.ibm.util.getopt.GUITrigger;
import com.ibm.util.getopt.GetOptSpec;
import com.ibm.util.getopt.HelpOption;
import com.ibm.util.getopt.IntegerData;
import com.ibm.util.getopt.Option;
import com.ibm.util.getopt.OptionSet;
import com.ibm.util.getopt.StringData;
import com.ibm.util.x500name.X500Name;
import infospc.rptapi.RPTMap;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.Random;
import java.util.SimpleTimeZone;

/* compiled from: MakeCertTool.java */
/* loaded from: input_file:lib/swimport.zip:com/ibm/cfwk/tools/MkCertGetOptSpec.class */
class MkCertGetOptSpec extends GetOptSpec {
    static String cmd = "mkcert";
    static String doc = "This program creates X.509 certificates. You can create\nself-signed certificates or CA signed certificates. In\norder to create certificates you must supply a private key\nwhich is used for signing and a public key which is being\nsigned. You can create those keys using the keygen tool.\n";
    static API api;
    static String[] units;
    static long[] scales;
    static IntegerData serial;
    static DateData from;
    static DateData to;
    static IntegerData span;
    static StringData subject;
    static KeyData subjkey;
    static StringData issuer;
    static KeyData signkey;
    static AlgorithmData signalg;
    static FileData certfile;
    static StringData signoid;
    static StringData keyoid;
    static Option serialOpt;
    static Option fromOpt;
    static Option toOpt;
    static Option spanOpt;
    static Option issuerOpt;
    static Option subjectOpt;
    static Option signalgOpt;
    static Option signoidOpt;
    static Option subjkeyOpt;
    static Option keyoidOpt;
    static Option signkeyOpt;
    static Option certfileOpt;
    static ExtProfile profile;
    static Option profOpt;
    static ExtList extList;
    static Option extOpt;
    static GUITrigger gui;
    static Option verbose;
    static Option silent;
    static Option[] opts;
    static ArgEater[] args;
    static X500Name issuerName;
    static X500Name subjectName;
    static long notBefore;
    static long notAfter;
    static Key signKey;
    static Key subjKey;
    static ASN1OID signOID;
    static ASN1OID keyOID;

    @Override // com.ibm.util.getopt.GetOptSpec
    public String checkConsistency() {
        String str = "";
        if (issuerOpt.isSet()) {
            try {
                issuerName = new X500Name(issuer.getString());
            } catch (Exception e) {
                ArgEater[] argEaterArr = {issuer};
                String stringBuffer = new StringBuffer("Bad issuer X500 name:\n").append(e.getMessage()).toString();
                isInconsistent(stringBuffer, argEaterArr);
                str = new StringBuffer(String.valueOf(stringBuffer)).append(RPTMap.NL).toString();
            }
        } else {
            isInconsistent("You must specify an issuer name.\n", new ArgEater[]{issuerOpt});
            str = "You must specify an issuer name.\n";
        }
        if (subjectOpt.isSet()) {
            try {
                subjectName = new X500Name(subject.getString());
            } catch (Exception e2) {
                ArgEater[] argEaterArr2 = {subject};
                String stringBuffer2 = new StringBuffer("Bad subject X500 name:\n").append(e2.getMessage()).toString();
                isInconsistent(stringBuffer2, argEaterArr2);
                str = new StringBuffer(String.valueOf(str)).append(stringBuffer2).append(RPTMap.NL).toString();
            }
        } else {
            subjectName = issuerName;
        }
        if (fromOpt.isSet()) {
            notBefore = from.getTime();
        } else {
            notBefore = System.currentTimeMillis();
        }
        if (toOpt.isSet() && spanOpt.isSet()) {
            isInconsistent("Specify either --to date or --for timeSpan but not both.\n", new ArgEater[]{toOpt, spanOpt});
            str = new StringBuffer(String.valueOf(str)).append("Specify either --to date or --for timeSpan but not both.\n").append(RPTMap.NL).toString();
        } else if (toOpt.isSet()) {
            notAfter = to.getTime();
        } else {
            GregorianCalendar gregorianCalendar = new GregorianCalendar(new SimpleTimeZone(0, "GMT"));
            gregorianCalendar.setTime(new Date(notBefore));
            if (spanOpt.isSet()) {
                gregorianCalendar.add(10, span.getInt());
            } else {
                gregorianCalendar.add(5, 31);
            }
            notAfter = gregorianCalendar.getTime().getTime();
        }
        if (notAfter < notBefore) {
            isInconsistent("--to preceeds --from", new ArgEater[]{from, to});
            str = new StringBuffer(String.valueOf(str)).append("--to preceeds --from").append(RPTMap.NL).toString();
        }
        if (signkeyOpt.isSet()) {
            try {
                signKey = signkey.getKey(api);
            } catch (Exception e3) {
                ArgEater[] argEaterArr3 = {signkey};
                String stringBuffer3 = new StringBuffer("Bad signing key:\n").append(e3.getMessage()).toString();
                isInconsistent(stringBuffer3, argEaterArr3);
                str = new StringBuffer(String.valueOf(str)).append(stringBuffer3).append(RPTMap.NL).toString();
            }
        } else {
            isInconsistent("No signing key specified.\n", new ArgEater[]{signkeyOpt});
            str = new StringBuffer(String.valueOf(str)).append("No signing key specified.\n").toString();
        }
        if (signoidOpt.isSet()) {
            try {
                signOID = new ASN1OID((String) null, signoid.getString());
            } catch (Exception unused) {
                ArgEater[] argEaterArr4 = {signoidOpt};
                String stringBuffer4 = new StringBuffer("Bad ASN.1 object identifier (").append(signoidOpt.getLongName()).append(")").toString();
                isInconsistent(stringBuffer4, argEaterArr4);
                str = new StringBuffer(String.valueOf(str)).append(stringBuffer4).append(RPTMap.NL).toString();
            }
        }
        if (keyoidOpt.isSet()) {
            try {
                keyOID = new ASN1OID((String) null, keyoid.getString());
            } catch (Exception unused2) {
                ArgEater[] argEaterArr5 = {keyoidOpt};
                String stringBuffer5 = new StringBuffer("Bad ASN.1 object identifier (").append(keyoidOpt.getLongName()).append(")").toString();
                isInconsistent(stringBuffer5, argEaterArr5);
                str = new StringBuffer(String.valueOf(str)).append(stringBuffer5).append(RPTMap.NL).toString();
            }
        }
        if (subjkeyOpt.isSet()) {
            try {
                subjKey = subjkey.getKey(api);
            } catch (Exception e4) {
                ArgEater[] argEaterArr6 = {subjkey};
                String stringBuffer6 = new StringBuffer("Bad subject key:\n").append(e4.getMessage()).toString();
                isInconsistent(stringBuffer6, argEaterArr6);
                str = new StringBuffer(String.valueOf(str)).append(stringBuffer6).append(RPTMap.NL).toString();
            }
        } else {
            subjKey = signKey;
        }
        if (!signalgOpt.isSet() && !signoidOpt.isSet()) {
            isInconsistent("You must enable and select an signing algorithm\n", new ArgEater[]{signalgOpt, signoidOpt});
            str = new StringBuffer(String.valueOf(str)).append("You must enable and select an signing algorithm\n").toString();
        }
        if (str.length() == 0) {
            return null;
        }
        return str;
    }

    public MkCertGetOptSpec() {
        super(cmd, doc, args, 15, true, gui, null);
    }

    static {
        try {
            api = new API() { // from class: com.ibm.cfwk.tools.MkCertGetOptSpec.1
            }.open();
        } catch (Throwable th) {
            System.err.println(new StringBuffer(String.valueOf(cmd)).append(": ").append(th.getMessage()).toString());
            System.exit(1);
        }
        units = new String[]{"h", "d", "m", "y"};
        scales = new long[]{1, 24, 744, 8760};
        serial = new IntegerData("num", (String) null, new Random().nextLong(), Long.MIN_VALUE, Long.MAX_VALUE, (String[]) null, (long[]) null);
        from = new DateData(null, null, null);
        to = new DateData(null, null, null);
        span = new IntegerData("num", (String) null, 31L, 1L, Long.MAX_VALUE, units, scales);
        subject = new StringData("x500name", null, null);
        subjkey = new KeyData("keyfile", (String) null, true);
        issuer = new StringData("x500name", null, null);
        signkey = new KeyData("keyfile", (String) null, true);
        signalg = new AlgorithmData("alg", null, null, Algorithm.SIGNATURE, api);
        certfile = new FileData("file", null, "CERT", true, 0);
        signoid = new StringData("oid", null, null);
        keyoid = new StringData("oid", null, null);
        serialOpt = new Option("--serial", (char) 0, "Serial number of the certificate\n(default is a random number)", serial);
        fromOpt = new Option("--from", (char) 0, "Certificate is not valid before this date\n(Default is now, format: dd/mm/yyyy)", from);
        toOpt = new Option("--to", (char) 0, "Certificate is not valid after this date\n(format: dd/mm/yyyy)", to);
        spanOpt = new Option("--for", (char) 0, "Certificate is valid for the specified time span.\n(Default is 31 days)", span);
        issuerOpt = new Option("--issuer", (char) 0, "The issuer's X500 name", issuer);
        subjectOpt = new Option("--subject", (char) 0, "The subject's X500 name (Default is issuer name)", subject);
        signalgOpt = new Option("--sign-alg", (char) 0, "The signature algorithm", signalg);
        signoidOpt = new Option("--sign-oid", (char) 0, "The ASN.1 identifier of the signature algorithm.\nA default value for each algorithm is used if omitted.", signoid);
        subjkeyOpt = new Option("--subject-key", (char) 0, "The (private/)public key being signed (Java key format)", subjkey);
        keyoidOpt = new Option("--key-oid", (char) 0, "The ASN.1 identifier of the subject public key.\nA default value for each key type is used if omitted.", keyoid);
        signkeyOpt = new Option("--sign-key", (char) 0, "The private key used for signing (Java key format)", signkey);
        certfileOpt = new Option("--cert-file", (char) 0, "Write certificate to this file (default: CERT)", certfile);
        profile = new ExtProfile("profile", null);
        profOpt = new Option("--profile", (char) 0, "Definition of some extension profile", profile);
        extList = new ExtList("extensions", null, null);
        extOpt = new Option("--extensions", (char) 0, ExtList.DESCRIPTION, extList);
        gui = new GUITrigger();
        verbose = new Option("--verbose", 'v', null, null);
        silent = new Option("--silent", 's', "Do not produce any output if successful.", null);
        opts = new Option[]{new HelpOption(), gui, silent, verbose, profOpt, serialOpt, fromOpt, toOpt, spanOpt, issuerOpt, subjectOpt, signalgOpt, keyoidOpt, subjkeyOpt, signoidOpt, signkeyOpt, extOpt, certfileOpt};
        args = new ArgEater[]{new OptionSet(opts, null)};
    }
}
