package com.datastax.bdp.cassandra.crypto.kmip.cli;

import com.datastax.bdp.cassandra.crypto.KeyAccessException;
import com.datastax.bdp.cassandra.crypto.kmip.CloseableKmip;
import com.datastax.bdp.cassandra.crypto.kmip.KmipHost;
import com.datastax.dse.byos.shade.com.cryptsoft.kmip.KmipException;
import com.datastax.dse.byos.shade.com.cryptsoft.kmip.enm.RevocationReasonCode;
import com.datastax.dse.byos.shade.com.google.common.annotations.VisibleForTesting;
import java.io.IOException;
import java.util.Date;

/* loaded from: input_file:com/datastax/bdp/cassandra/crypto/kmip/cli/RevokeKey.class */
public class RevokeKey extends KmipCommand {
    public static final String COMMAND = "revoke";
    public static final String USAGE = String.format("Usage: %s %s <kmip_groupname> <key_id>", KmipCommands.MANAGE_KMIP, COMMAND);
    private static final RevocationReasonCode[] REASONS = {RevocationReasonCode.Unspecified, RevocationReasonCode.KeyCompromise, RevocationReasonCode.CACompromise, RevocationReasonCode.AffiliationChanged, RevocationReasonCode.Superseded, RevocationReasonCode.CessationOfOperation, RevocationReasonCode.PrivilegeWithdrawn};

    @Override // com.datastax.bdp.cassandra.crypto.kmip.cli.KmipCommand
    public String help() {
        return "Permanently disables the key on the KMIP server.\nDatabase can no longer use the key for encryption, but continues to use the key for decryption of existing data.\n" + USAGE;
    }

    RevocationReasonCode getReason() {
        System.out.println("Select reason for revokation:");
        for (int i = 0; i < REASONS.length; i++) {
            System.out.println(String.format("  [%s] %s", Integer.valueOf(i), REASONS[i].name()));
        }
        int parseInt = Integer.parseInt(console.readLine("Reason (0 - %s): ", Integer.valueOf(REASONS.length - 1)));
        if (parseInt >= 0 && parseInt < REASONS.length) {
            return REASONS[parseInt];
        }
        System.out.println(String.format("Selection must be between 0 and %s: ", Integer.valueOf(REASONS.length - 1)));
        return null;
    }

    String getMessage() {
        return console.readLine("Revokation message (optional): ", new Object[0]);
    }

    boolean confirm(String str, RevocationReasonCode revocationReasonCode, String str2, Date date) {
        System.out.println(String.format("Revoking key %s", str));
        System.out.println(String.format("  Reason: %s", revocationReasonCode.name()));
        System.out.println(String.format("  Message: %s", str2));
        System.out.println(String.format("  Time: %s", date));
        String readLine = console.readLine("Would you like to continue? yes / [no]  ", new Object[0]);
        System.out.println();
        return readLine.equalsIgnoreCase("yes");
    }

    @Override // com.datastax.bdp.cassandra.crypto.kmip.cli.KmipCommand
    public boolean execute(KmipHost kmipHost, String[] strArr) throws IOException {
        if (strArr.length == 0) {
            System.out.println("Please include the key id to revoke");
            return false;
        }
        String str = strArr[0];
        if (!KmipCommands.acknowledgeRisks()) {
            System.out.print("Cancelled, exiting...");
            return false;
        }
        RevocationReasonCode reason = getReason();
        if (reason == null) {
            System.out.print("No reason given, exiting...");
            return false;
        }
        String message = getMessage();
        if (!confirm(str, reason, message, new Date())) {
            System.out.print("Cancelled, exiting...");
            return false;
        }
        try {
            callRevoke(kmipHost, str, reason, message);
            System.out.println("Done");
            return true;
        } catch (KeyAccessException | KmipException e) {
            System.out.println("Unable to revoke key: " + str + ". " + e.getMessage());
            return false;
        }
    }

    @VisibleForTesting
    void callRevoke(KmipHost kmipHost, String str, RevocationReasonCode revocationReasonCode, String str2) throws IOException, KeyAccessException {
        CloseableKmip connection = kmipHost.getConnection();
        Throwable th = null;
        try {
            try {
                connection.revoke(str, revocationReasonCode, str2, null);
                if (connection != null) {
                    if (0 == 0) {
                        connection.close();
                        return;
                    }
                    try {
                        connection.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (connection != null) {
                if (th != null) {
                    try {
                        connection.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    connection.close();
                }
            }
            throw th4;
        }
    }
}
