package org.xipki.scep.jscepclient.shell;

import java.io.File;
import java.security.cert.X509Certificate;
import org.apache.karaf.shell.api.action.Command;
import org.apache.karaf.shell.api.action.Completion;
import org.apache.karaf.shell.api.action.Option;
import org.apache.karaf.shell.api.action.lifecycle.Service;
import org.apache.karaf.shell.support.completers.FileCompleter;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.jscep.client.EnrollmentResponse;
import org.xipki.security.util.X509Util;
import org.xipki.shell.CmdFailure;
import org.xipki.shell.completer.DerPemCompleter;

@Service
@Command(scope = "xi", name = "jscep-enroll", description = "enroll certificate via automatic selected messageType")
/* loaded from: input_file:org/xipki/scep/jscepclient/shell/EnrollCertAction.class */
public class EnrollCertAction extends ClientAction {

    @Option(name = "--csr", required = true, description = "CSR file")
    @Completion(FileCompleter.class)
    private String csrFile;

    @Option(name = "--outform", description = "output format of the certificate")
    @Completion(DerPemCompleter.class)
    protected String outform = "der";

    @Option(name = "--out", aliases = {"-o"}, required = true, description = "where to save the certificate")
    @Completion(FileCompleter.class)
    private String outputFile;

    protected Object execute0() throws Exception {
        EnrollmentResponse enrol = getScepClient().enrol(getIdentityCert(), getIdentityKey(), new PKCS10CertificationRequest(X509Util.parseCsr(new File(this.csrFile))));
        if (enrol.isFailure()) {
            throw new CmdFailure("server returned 'failure'");
        }
        if (enrol.isPending()) {
            throw new CmdFailure("server returned 'pending'");
        }
        X509Certificate extractEeCerts = extractEeCerts(enrol.getCertStore());
        if (extractEeCerts == null) {
            throw new Exception("received no certificate");
        }
        saveVerbose("saved enrolled certificate to file", new File(this.outputFile), derPemEncodeCert(extractEeCerts.getEncoded(), this.outform));
        return null;
    }
}
