package org.elasticsearch.xpack.security.enrollment.tool;

import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URISyntaxException;
import java.net.URL;
import java.util.function.Function;
import joptsimple.OptionSet;
import joptsimple.OptionSpec;
import org.elasticsearch.cli.KeyStoreAwareCommand;
import org.elasticsearch.cli.Terminal;
import org.elasticsearch.cli.UserException;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.settings.KeyStoreWrapper;
import org.elasticsearch.common.settings.SecureString;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.common.xcontent.json.JsonXContent;
import org.elasticsearch.core.CheckedFunction;
import org.elasticsearch.env.Environment;
import org.elasticsearch.xpack.core.security.CommandLineHttpClient;
import org.elasticsearch.xpack.core.security.EnrollmentToken;
import org.elasticsearch.xpack.security.authc.esnative.ReservedRealm;
import org.elasticsearch.xpack.security.enrollment.EnrollmentTokenGenerator;
import org.elasticsearch.xpack.security.tool.CommandUtils;

/* loaded from: input_file:org/elasticsearch/xpack/security/enrollment/tool/BootstrapPasswordAndEnrollmentTokenForInitialNode.class */
public class BootstrapPasswordAndEnrollmentTokenForInitialNode extends KeyStoreAwareCommand {
    private final CheckedFunction<Environment, EnrollmentTokenGenerator, Exception> createEnrollmentTokenFunction;
    private final Function<Environment, CommandLineHttpClient> clientFunction;
    private final CheckedFunction<Environment, KeyStoreWrapper, Exception> keyStoreFunction;
    private final OptionSpec<Void> includeNodeEnrollmentToken;

    BootstrapPasswordAndEnrollmentTokenForInitialNode() {
        this(environment -> {
            return new CommandLineHttpClient(environment);
        }, environment2 -> {
            return KeyStoreWrapper.load(environment2.configFile());
        }, environment3 -> {
            return new EnrollmentTokenGenerator(environment3);
        });
    }

    BootstrapPasswordAndEnrollmentTokenForInitialNode(Function<Environment, CommandLineHttpClient> function, CheckedFunction<Environment, KeyStoreWrapper, Exception> checkedFunction, CheckedFunction<Environment, EnrollmentTokenGenerator, Exception> checkedFunction2) {
        super("Set elastic password and generate enrollment token for initial node");
        this.clientFunction = function;
        this.keyStoreFunction = checkedFunction;
        this.createEnrollmentTokenFunction = checkedFunction2;
        this.includeNodeEnrollmentToken = this.parser.accepts("include-node-enrollment-token", "determine that we have to generate a node enrollment token");
    }

    public static void main(String[] strArr) throws Exception {
        exit(new BootstrapPasswordAndEnrollmentTokenForInitialNode().main(strArr, Terminal.DEFAULT));
    }

    protected void execute(Terminal terminal, OptionSet optionSet, Environment environment) throws Exception {
        try {
            Environment readSecureSettings = readSecureSettings(environment, new SecureString(terminal.readSecret("")));
            CommandLineHttpClient apply = this.clientFunction.apply(readSecureSettings);
            EnrollmentTokenGenerator enrollmentTokenGenerator = (EnrollmentTokenGenerator) this.createEnrollmentTokenFunction.apply(readSecureSettings);
            SecureString secureString = (SecureString) ReservedRealm.BOOTSTRAP_ELASTIC_PASSWORD.get(readSecureSettings.settings());
            try {
                apply.checkClusterHealthWithRetriesWaitingForCluster("elastic", secureString, 15);
                EnrollmentToken createKibanaEnrollmentToken = enrollmentTokenGenerator.createKibanaEnrollmentToken("elastic", secureString);
                String str = ("Kibana enrollment token: " + createKibanaEnrollmentToken.getEncoded() + System.lineSeparator()) + "CA fingerprint: " + createKibanaEnrollmentToken.getFingerprint() + System.lineSeparator();
                if (optionSet.has(this.includeNodeEnrollmentToken)) {
                    str = str + "Node enrollment token: " + enrollmentTokenGenerator.createNodeEnrollmentToken("elastic", secureString).getEncoded() + System.lineSeparator();
                }
                if (!ReservedRealm.BOOTSTRAP_ELASTIC_PASSWORD.exists(readSecureSettings.settings())) {
                    str = str + "elastic user password: " + setElasticUserPassword(apply, secureString);
                }
                terminal.println(str);
            } catch (Exception e) {
                throw new UserException(69, (String) null);
            }
        } catch (Exception e2) {
            throw new UserException(64, (String) null);
        }
    }

    protected SecureString setElasticUserPassword(CommandLineHttpClient commandLineHttpClient, SecureString secureString) throws Exception {
        URL elasticUserPasswordUrl = setElasticUserPasswordUrl(commandLineHttpClient);
        SecureString secureString2 = new SecureString(CommandUtils.generatePassword(20));
        try {
            if (commandLineHttpClient.execute("POST", elasticUserPasswordUrl, "elastic", secureString, () -> {
                XContentBuilder contentBuilder = JsonXContent.contentBuilder();
                contentBuilder.startObject().field("password", secureString2.toString()).endObject();
                return Strings.toString(contentBuilder);
            }, CommandLineHttpClient::responseBuilder).getHttpStatus() != 200) {
                throw new UserException(69, (String) null);
            }
            return secureString2;
        } catch (IOException e) {
            throw new UserException(74, (String) null);
        }
    }

    Environment readSecureSettings(Environment environment, SecureString secureString) throws Exception {
        KeyStoreWrapper keyStoreWrapper = (KeyStoreWrapper) this.keyStoreFunction.apply(environment);
        keyStoreWrapper.decrypt(secureString.getChars());
        Settings.Builder builder = Settings.builder();
        builder.put(environment.settings(), true);
        if (builder.getSecureSettings() == null) {
            builder.setSecureSettings(keyStoreWrapper);
        }
        return new Environment(builder.build(), environment.configFile());
    }

    public static URL checkClusterHealthUrl(CommandLineHttpClient commandLineHttpClient) throws MalformedURLException, URISyntaxException {
        return CommandLineHttpClient.createURL(new URL(commandLineHttpClient.getDefaultURL()), "_cluster/health", "?pretty");
    }

    public static URL setElasticUserPasswordUrl(CommandLineHttpClient commandLineHttpClient) throws MalformedURLException, URISyntaxException {
        return CommandLineHttpClient.createURL(new URL(commandLineHttpClient.getDefaultURL()), "/_security/user/elastic/_password", "?pretty");
    }
}
