package convex.cli.key;

import convex.cli.CLIError;
import convex.core.crypto.AKeyPair;
import convex.core.crypto.BIP39;
import convex.core.crypto.PEMTools;
import convex.core.data.ABlob;
import convex.core.data.Blobs;
import convex.core.exceptions.BadFormatException;
import convex.core.util.FileUtils;
import java.io.IOException;
import org.bouncycastle.util.Arrays;
import picocli.CommandLine;

@CommandLine.Command(name = "import", description = {"Import key pairs to the keystore."})
/* loaded from: input_file:convex/cli/key/KeyImport.class */
public class KeyImport extends AKeyCommand {

    @CommandLine.ParentCommand
    protected Key keyParent;

    @CommandLine.Option(names = {"-i", "--import-file"}, description = {"Import file for the the keypair. Use '-' for STDIN."})
    private String importFilename;

    @CommandLine.Option(names = {"-t", "--text"}, description = {"Text string to import."})
    private String importText;

    @CommandLine.Option(names = {"--passphrase"}, description = {"Passphrase for BIP39 or encrypted PEM imported key"})
    private String importPassphrase;

    @CommandLine.Option(names = {"--type"}, description = {"Type of file imported. Supports: pem, seed, bip39. Will attempt to autodetect unless strict security is enabled"})
    private String type;

    @CommandLine.Option(names = {"-p", "--keypass"}, defaultValue = "${env:CONVEX_KEY_PASSWORD}", scope = CommandLine.ScopeType.INHERIT, description = {"Key pair password for imported key. Can specify with CONVEX_KEY_PASSWORD."})
    protected char[] keyPassword;

    public AKeyPair importKeyPair() {
        if (this.importFilename != null && this.importFilename.length() > 0) {
            if (this.importText != null) {
                throw new CLIError(64, "Please provide either --import-file or --text, not both!");
            }
            try {
                this.importText = FileUtils.loadFileAsString(this.importFilename);
            } catch (IOException e) {
                throw new CLIError("Unable to import key file", e);
            }
        }
        if (this.importText == null || this.importText.length() == 0) {
            showUsage();
            return null;
        }
        ABlob parse = Blobs.parse(this.importText.trim());
        if (this.type == null) {
            if (isParanoid()) {
                informError("Not permitted to infer key import type in strict mode");
                return null;
            }
            inform("No import type specified, attempting to auto-detect");
            if (parse != null) {
                if (parse.count() == 32) {
                    this.type = "seed";
                    inform("Detected type 'seed'");
                } else if (parse.count() == 64) {
                    this.type = "bip39";
                }
            }
        }
        AKeyPair aKeyPair = null;
        if ("seed".equals(this.type)) {
            if (parse == null) {
                throw new CLIError(65, "'seed' import type requires a hex private key seed");
            }
            if (parse.count() != 32) {
                throw new CLIError(65, "32 byte hex Ed25519 seed expected as input");
            }
            aKeyPair = AKeyPair.create(parse.toFlatBlob());
        } else if ("bip39".equals(this.type)) {
            if (parse == null) {
                if (this.importPassphrase == null) {
                    this.importPassphrase = new String(readPassword("Enter passphrase for imported BIP39 memonic: "));
                }
                parse = BIP39.getSeed(this.importText, this.importPassphrase);
            }
            aKeyPair = BIP39.seedToKeyPair(parse.toFlatBlob());
        } else if ("pem".equals(this.type)) {
            if (this.importPassphrase == null) {
                this.importPassphrase = new String(readPassword("Enter passphrase for imported PEM key: "));
            }
            try {
                aKeyPair = PEMTools.decryptPrivateKeyFromPEM(this.importText, this.importPassphrase.toCharArray());
            } catch (BadFormatException e2) {
                throw new CLIError(65, "Cannot decode PEM. File may be corrupt or wrong passphrase used.", e2);
            }
        }
        if (aKeyPair == null) {
            throw new CLIError("Unable to import keypair");
        }
        return aKeyPair;
    }

    @Override // convex.cli.ACommand
    public void execute() {
        AKeyPair importKeyPair = importKeyPair();
        if (importKeyPair == null) {
            return;
        }
        if (this.keyPassword == null) {
            this.keyPassword = readPassword("Enter password for imported key: ");
        }
        if (this.storeMixin.ensureKeyStore() == null) {
            throw new CLIError("Key store specified for import does not exist");
        }
        this.storeMixin.addKeyPairToStore(importKeyPair, this.keyPassword);
        Arrays.fill(this.keyPassword, 'x');
        this.storeMixin.saveKeyStore();
        println(importKeyPair.getAccountKey().toHexString());
    }
}
