package org.elasticsearch.xpack.security.enrollment.tool;

import joptsimple.OptionSet;
import org.elasticsearch.cli.ProcessInfo;
import org.elasticsearch.cli.Terminal;
import org.elasticsearch.cli.UserException;
import org.elasticsearch.common.cli.KeyStoreAwareCommand;
import org.elasticsearch.common.settings.KeyStoreWrapper;
import org.elasticsearch.common.settings.SecureString;
import org.elasticsearch.env.Environment;
import org.elasticsearch.xpack.core.XPackSettings;
import org.elasticsearch.xpack.core.security.authc.support.Hasher;
import org.elasticsearch.xpack.security.authc.esnative.ReservedRealm;
import org.elasticsearch.xpack.security.tool.CommandUtils;

/* loaded from: input_file:org/elasticsearch/xpack/security/enrollment/tool/AutoConfigGenerateElasticPasswordHash.class */
class AutoConfigGenerateElasticPasswordHash extends KeyStoreAwareCommand {
    /* JADX INFO: Access modifiers changed from: package-private */
    public AutoConfigGenerateElasticPasswordHash() {
        super("Generates a password hash for for the elastic user and stores it in elasticsearch.keystore");
    }

    public void execute(Terminal terminal, OptionSet optionSet, Environment environment, ProcessInfo processInfo) throws Exception {
        Hasher resolve = Hasher.resolve((String) XPackSettings.PASSWORD_HASHING_ALGORITHM.get(environment.settings()));
        try {
            SecureString secureString = new SecureString(CommandUtils.generatePassword(20));
            try {
                KeyStoreWrapper bootstrap = KeyStoreWrapper.bootstrap(environment.configFile(), () -> {
                    return new SecureString(new char[0]);
                });
                try {
                    bootstrap.setString(ReservedRealm.AUTOCONFIG_ELASTIC_PASSWORD_HASH.getKey(), resolve.hash(secureString));
                    bootstrap.save(environment.configFile(), new char[0]);
                    terminal.print(Terminal.Verbosity.NORMAL, secureString.toString());
                    if (bootstrap != null) {
                        bootstrap.close();
                    }
                    secureString.close();
                } catch (Throwable th) {
                    if (bootstrap != null) {
                        try {
                            bootstrap.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } finally {
            }
        } catch (Exception e) {
            throw new UserException(73, "Failed to generate a password for the elastic user", e);
        }
    }
}
