package org.elasticsearch.xpack.security.crypto.tool;

import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.StandardOpenOption;
import java.nio.file.attribute.PosixFileAttributeView;
import java.nio.file.attribute.PosixFilePermission;
import java.security.NoSuchAlgorithmException;
import java.util.List;
import java.util.Locale;
import java.util.Set;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import joptsimple.OptionSet;
import joptsimple.OptionSpec;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.cli.EnvironmentAwareCommand;
import org.elasticsearch.cli.Terminal;
import org.elasticsearch.cli.UserException;
import org.elasticsearch.common.SuppressForbidden;
import org.elasticsearch.common.io.PathUtils;
import org.elasticsearch.common.util.set.Sets;
import org.elasticsearch.env.Environment;
import org.elasticsearch.xpack.core.XPackPlugin;

/* loaded from: input_file:org/elasticsearch/xpack/security/crypto/tool/SystemKeyTool.class */
public class SystemKeyTool extends EnvironmentAwareCommand {
    static final String KEY_ALGO = "HmacSHA512";
    static final int KEY_SIZE = 1024;
    private final OptionSpec<String> arguments;
    public static final Set<PosixFilePermission> PERMISSION_OWNER_READ_WRITE = Sets.newHashSet(new PosixFilePermission[]{PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE});

    SystemKeyTool() {
        super("system key tool");
        this.arguments = this.parser.nonOptions("key path");
    }

    public static void main(String[] strArr) throws Exception {
        int main = main(new SystemKeyTool(), strArr, Terminal.DEFAULT);
        if (main != 0) {
            exit(main);
        }
    }

    static int main(SystemKeyTool systemKeyTool, String[] strArr, Terminal terminal) throws Exception {
        return systemKeyTool.main(strArr, terminal);
    }

    protected void execute(Terminal terminal, OptionSet optionSet, Environment environment) throws Exception {
        Path resolveConfigFile;
        if (optionSet.hasArgument(this.arguments)) {
            List values = this.arguments.values(optionSet);
            if (values.size() > 1) {
                throw new UserException(64, "No more than one key path can be supplied");
            }
            resolveConfigFile = parsePath((String) values.get(0));
        } else {
            resolveConfigFile = XPackPlugin.resolveConfigFile(environment, "system_key");
        }
        terminal.println(Terminal.Verbosity.VERBOSE, "generating...");
        byte[] generateKey = generateKey();
        terminal.println(String.format(Locale.ROOT, "Storing generated key in [%s]...", resolveConfigFile.toAbsolutePath()));
        Files.write(resolveConfigFile, generateKey, StandardOpenOption.CREATE_NEW);
        PosixFileAttributeView posixFileAttributeView = (PosixFileAttributeView) Files.getFileAttributeView(resolveConfigFile, PosixFileAttributeView.class, new LinkOption[0]);
        if (posixFileAttributeView != null) {
            posixFileAttributeView.setPermissions(PERMISSION_OWNER_READ_WRITE);
            terminal.println("Ensure the generated key can be read by the user that Elasticsearch runs as, permissions are set to owner read/write only");
        }
    }

    static byte[] generateKey() {
        return generateSecretKey(KEY_SIZE).getEncoded();
    }

    static SecretKey generateSecretKey(int i) {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(KEY_ALGO);
            keyGenerator.init(i);
            return keyGenerator.generateKey();
        } catch (NoSuchAlgorithmException e) {
            throw new ElasticsearchException("failed to generate key", e, new Object[0]);
        }
    }

    @SuppressForbidden(reason = "Parsing command line path")
    private static Path parsePath(String str) {
        return PathUtils.get(str, new String[0]);
    }
}
