package org.elasticsearch.xpack.security.enrollment.tool;

import java.net.URL;
import java.util.List;
import java.util.function.Function;
import joptsimple.OptionSet;
import joptsimple.OptionSpec;
import org.elasticsearch.cli.Terminal;
import org.elasticsearch.cli.UserException;
import org.elasticsearch.common.settings.KeyStoreWrapper;
import org.elasticsearch.common.settings.SecureString;
import org.elasticsearch.core.CheckedFunction;
import org.elasticsearch.env.Environment;
import org.elasticsearch.xpack.core.XPackSettings;
import org.elasticsearch.xpack.core.security.CommandLineHttpClient;
import org.elasticsearch.xpack.security.enrollment.ExternalEnrollmentTokenGenerator;
import org.elasticsearch.xpack.security.tool.BaseRunAsSuperuserCommand;

/* loaded from: input_file:org/elasticsearch/xpack/security/enrollment/tool/CreateEnrollmentTokenTool.class */
class CreateEnrollmentTokenTool extends BaseRunAsSuperuserCommand {
    private final OptionSpec<String> scope;
    private final Function<Environment, CommandLineHttpClient> clientFunction;
    private final CheckedFunction<Environment, ExternalEnrollmentTokenGenerator, Exception> createEnrollmentTokenFunction;
    static final List<String> ALLOWED_SCOPES = List.of("node", "kibana");

    /* JADX INFO: Access modifiers changed from: package-private */
    public CreateEnrollmentTokenTool() {
        this(environment -> {
            return new CommandLineHttpClient(environment);
        }, environment2 -> {
            return KeyStoreWrapper.load(environment2.configDir());
        }, environment3 -> {
            return new ExternalEnrollmentTokenGenerator(environment3);
        });
    }

    CreateEnrollmentTokenTool(Function<Environment, CommandLineHttpClient> function, CheckedFunction<Environment, KeyStoreWrapper, Exception> checkedFunction, CheckedFunction<Environment, ExternalEnrollmentTokenGenerator, Exception> checkedFunction2) {
        super(function, checkedFunction, "Creates enrollment tokens for elasticsearch nodes and kibana instances");
        this.createEnrollmentTokenFunction = checkedFunction2;
        this.clientFunction = function;
        this.scope = this.parser.acceptsAll(List.of("scope", "s"), "The scope of this enrollment token, can be either \"node\" or \"kibana\"").withRequiredArg().required();
    }

    @Override // org.elasticsearch.xpack.security.tool.BaseRunAsSuperuserCommand
    protected void validate(Terminal terminal, OptionSet optionSet, Environment environment) throws Exception {
        if (!((Boolean) XPackSettings.ENROLLMENT_ENABLED.get(environment.settings())).booleanValue()) {
            throw new UserException(78, "[xpack.security.enrollment.enabled] must be set to `true` to create an enrollment token");
        }
        if (ALLOWED_SCOPES.contains((String) this.scope.value(optionSet))) {
            return;
        }
        terminal.errorPrintln("The scope of this enrollment token, can only be one of " + String.valueOf(ALLOWED_SCOPES));
        throw new UserException(64, "Invalid scope");
    }

    @Override // org.elasticsearch.xpack.security.tool.BaseRunAsSuperuserCommand
    protected void executeCommand(Terminal terminal, OptionSet optionSet, Environment environment, String str, SecureString secureString) throws Exception {
        String str2 = (String) this.scope.value(optionSet);
        URL url = optionSet.has(this.urlOption) ? new URL((String) optionSet.valueOf(this.urlOption)) : new URL(this.clientFunction.apply(environment).getDefaultURL());
        try {
            ExternalEnrollmentTokenGenerator externalEnrollmentTokenGenerator = (ExternalEnrollmentTokenGenerator) this.createEnrollmentTokenFunction.apply(environment);
            if (str2.equals("node")) {
                terminal.println(externalEnrollmentTokenGenerator.createNodeEnrollmentToken(str, secureString, url).getEncoded());
            } else {
                terminal.println(externalEnrollmentTokenGenerator.createKibanaEnrollmentToken(str, secureString, url).getEncoded());
            }
        } catch (Exception e) {
            terminal.errorPrintln("Unable to create enrollment token for scope [" + str2 + "]");
            throw new UserException(73, e.getMessage(), e.getCause());
        }
    }
}
