package org.elasticsearch.xpack.security.authc.esnative.tool;

import java.net.URL;
import java.util.List;
import java.util.function.Function;
import joptsimple.OptionSet;
import joptsimple.OptionSpec;
import joptsimple.OptionSpecBuilder;
import org.elasticsearch.cli.Terminal;
import org.elasticsearch.cli.UserException;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.settings.KeyStoreWrapper;
import org.elasticsearch.common.settings.SecureString;
import org.elasticsearch.core.CheckedFunction;
import org.elasticsearch.env.Environment;
import org.elasticsearch.xcontent.XContentBuilder;
import org.elasticsearch.xcontent.json.JsonXContent;
import org.elasticsearch.xpack.core.security.CommandLineHttpClient;
import org.elasticsearch.xpack.core.security.HttpResponse;
import org.elasticsearch.xpack.core.security.support.Validation;
import org.elasticsearch.xpack.security.tool.BaseRunAsSuperuserCommand;
import org.elasticsearch.xpack.security.tool.CommandUtils;

/* loaded from: input_file:org/elasticsearch/xpack/security/authc/esnative/tool/ResetPasswordTool.class */
public class ResetPasswordTool extends BaseRunAsSuperuserCommand {
    private final Function<Environment, CommandLineHttpClient> clientFunction;
    private final OptionSpecBuilder interactive;
    private final OptionSpecBuilder auto;
    private final OptionSpecBuilder batch;
    private final OptionSpec<String> usernameOption;

    public ResetPasswordTool() {
        this(CommandLineHttpClient::new, environment -> {
            return KeyStoreWrapper.load(environment.configFile());
        });
    }

    public static void main(String[] strArr) throws Exception {
        exit(new ResetPasswordTool().main(strArr, Terminal.DEFAULT));
    }

    protected ResetPasswordTool(Function<Environment, CommandLineHttpClient> function, CheckedFunction<Environment, KeyStoreWrapper, Exception> checkedFunction) {
        super(function, checkedFunction, "Resets the password of users in the native realm and built-in users.");
        this.interactive = this.parser.acceptsAll(List.of("i", "interactive"));
        this.auto = this.parser.acceptsAll(List.of("a", "auto"));
        this.batch = this.parser.acceptsAll(List.of("b", "batch"));
        this.usernameOption = this.parser.acceptsAll(List.of("u", "username"), "The username of the user whose password will be reset").withRequiredArg().required();
        this.clientFunction = function;
    }

    /* JADX WARN: Finally extract failed */
    @Override // org.elasticsearch.xpack.security.tool.BaseRunAsSuperuserCommand
    protected void executeCommand(Terminal terminal, OptionSet optionSet, Environment environment, String str, SecureString secureString) throws Exception {
        SecureString secureString2;
        String str2 = (String) optionSet.valueOf(this.usernameOption);
        if (optionSet.has(this.interactive)) {
            if (!optionSet.has(this.batch)) {
                terminal.println("This tool will reset the password of the [" + str2 + "] user.");
                terminal.println("You will be prompted to enter the password.");
                boolean promptYesNo = terminal.promptYesNo("Please confirm that you would like to continue", false);
                terminal.println("\n");
                if (!promptYesNo) {
                    throw new UserException(0, "User cancelled operation");
                }
            }
            secureString2 = promptForPassword(terminal, str2);
        } else {
            if (!optionSet.has(this.batch)) {
                terminal.println("This tool will reset the password of the [" + str2 + "] user to an autogenerated value.");
                terminal.println("The password will be printed in the console.");
                boolean promptYesNo2 = terminal.promptYesNo("Please confirm that you would like to continue", false);
                terminal.println("\n");
                if (!promptYesNo2) {
                    throw new UserException(0, "User cancelled operation");
                }
            }
            secureString2 = new SecureString(CommandUtils.generatePassword(20));
        }
        try {
            try {
                CommandLineHttpClient apply = this.clientFunction.apply(environment);
                SecureString secureString3 = secureString2;
                HttpResponse execute = apply.execute("POST", CommandLineHttpClient.createURL(new URL(apply.getDefaultURL()), "_security/user/" + str2 + "/_password", "?pretty"), str, secureString, () -> {
                    return requestBodySupplier(secureString3);
                }, CommandLineHttpClient::responseBuilder);
                int httpStatus = execute.getHttpStatus();
                if (execute.getHttpStatus() != 200) {
                    String errorCause = CommandLineHttpClient.getErrorCause(execute);
                    String str3 = "Failed to reset password for the [" + str2 + "] user. Unexpected http status [" + httpStatus + "].";
                    if (null != errorCause) {
                        str3 = str3 + " Cause was " + errorCause;
                    }
                    throw new UserException(75, str3);
                }
                if (optionSet.has(this.interactive)) {
                    terminal.println("Password for the [" + str2 + "] user successfully reset.");
                } else {
                    terminal.println("Password for the [" + str2 + "] user successfully reset.");
                    terminal.print(Terminal.Verbosity.NORMAL, "New value: ");
                    terminal.println(Terminal.Verbosity.SILENT, secureString2.toString());
                }
                secureString2.close();
            } catch (Exception e) {
                throw new UserException(75, "Failed to reset password for the [" + str2 + "] user", e);
            }
        } catch (Throwable th) {
            secureString2.close();
            throw th;
        }
    }

    private SecureString promptForPassword(Terminal terminal, String str) {
        while (true) {
            SecureString secureString = new SecureString(terminal.readSecret("Enter password for [" + str + "]: "));
            Validation.Error validatePassword = Validation.Users.validatePassword(secureString);
            if (validatePassword != null) {
                terminal.errorPrintln(validatePassword.toString());
                terminal.errorPrintln("Try again.");
                secureString.close();
            } else {
                SecureString secureString2 = new SecureString(terminal.readSecret("Re-enter password for [" + str + "]: "));
                try {
                    if (secureString.equals(secureString2)) {
                        secureString2.close();
                        return secureString;
                    }
                    terminal.errorPrintln("Passwords do not match.");
                    terminal.errorPrintln("Try again.");
                    secureString.close();
                    secureString2.close();
                } catch (Throwable th) {
                    try {
                        secureString2.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            }
        }
    }

    private String requestBodySupplier(SecureString secureString) throws Exception {
        XContentBuilder contentBuilder = JsonXContent.contentBuilder();
        contentBuilder.startObject().field("password", secureString.toString()).endObject();
        return Strings.toString(contentBuilder);
    }

    @Override // org.elasticsearch.xpack.security.tool.BaseRunAsSuperuserCommand
    protected void validate(Terminal terminal, OptionSet optionSet, Environment environment) throws Exception {
        if (optionSet.has("i") || optionSet.has("interactive")) {
            if (optionSet.has("a") || optionSet.has("auto")) {
                throw new UserException(64, "You can only run the tool in one of [auto] or [interactive] modes");
            }
        }
    }
}
