namespace MxGateway.Server.Security.Authentication; public static class ApiKeyAdminCommandLineParser { ///

Parses command-line arguments for the API key admin subcommand.

/// Command-line arguments to parse. /// Parse result containing the command kind and options, or a failure message. public static ApiKeyAdminParseResult Parse(IReadOnlyList args) { if (args.Count == 0 || !string.Equals(args[0], "apikey", StringComparison.OrdinalIgnoreCase)) { return ApiKeyAdminParseResult.NotApiKeyCommand(); } if (args.Count < 2) { return ApiKeyAdminParseResult.Fail("Missing apikey subcommand."); } if (!TryParseKind(args[1], out ApiKeyAdminCommandKind kind)) { return ApiKeyAdminParseResult.Fail($"Unknown apikey subcommand '{args[1]}'."); } Dictionary> options = new(StringComparer.OrdinalIgnoreCase); bool json = false; for (int index = 2; index < args.Count; index++) { string arg = args[index]; if (string.Equals(arg, "--json", StringComparison.OrdinalIgnoreCase)) { json = true; continue; } if (!arg.StartsWith("--", StringComparison.Ordinal)) { return ApiKeyAdminParseResult.Fail($"Unexpected argument '{arg}'."); } string name = arg[2..]; string? value; int equalsIndex = name.IndexOf('=', StringComparison.Ordinal); if (equalsIndex >= 0) { value = name[(equalsIndex + 1)..]; name = name[..equalsIndex]; } else { if (index + 1 >= args.Count || args[index + 1].StartsWith("--", StringComparison.Ordinal)) { if (IsBooleanConstraintFlag(name)) { value = "true"; } else { return ApiKeyAdminParseResult.Fail($"Option '--{name}' requires a value."); } } else { value = args[++index]; } } if (!options.TryGetValue(name, out List? values)) { values = []; options[name] = values; } values.Add(value); } string? keyId = GetOption(options, "key-id"); string? displayName = GetOption(options, "display-name"); IReadOnlySet scopes = ParseScopes(GetOption(options, "scopes")); ApiKeyConstraints constraints; try { constraints = ParseConstraints(options); } catch (FormatException exception) { return ApiKeyAdminParseResult.Fail(exception.Message); } string? validationError = Validate(kind, keyId, displayName); if (validationError is not null) { return ApiKeyAdminParseResult.Fail(validationError); } return ApiKeyAdminParseResult.Success(new ApiKeyAdminCommand( Kind: kind, Json: json, SqlitePath: GetOption(options, "sqlite-path"), Pepper: GetOption(options, "pepper"), KeyId: keyId, DisplayName: displayName, Scopes: scopes, Constraints: constraints)); } private static bool TryParseKind(string value, out ApiKeyAdminCommandKind kind) { switch (value.ToLowerInvariant()) { case "init-db": kind = ApiKeyAdminCommandKind.InitDb; return true; case "create-key": kind = ApiKeyAdminCommandKind.CreateKey; return true; case "list-keys": kind = ApiKeyAdminCommandKind.ListKeys; return true; case "revoke-key": kind = ApiKeyAdminCommandKind.RevokeKey; return true; case "rotate-key": kind = ApiKeyAdminCommandKind.RotateKey; return true; default: kind = default; return false; } } private static string? Validate(ApiKeyAdminCommandKind kind, string? keyId, string? displayName) { if (kind is ApiKeyAdminCommandKind.CreateKey or ApiKeyAdminCommandKind.RevokeKey or ApiKeyAdminCommandKind.RotateKey && string.IsNullOrWhiteSpace(keyId)) { return $"Subcommand '{KindName(kind)}' requires --key-id."; } if (!string.IsNullOrWhiteSpace(keyId) && !IsValidKeyId(keyId)) { return "API key id may contain only letters, numbers, periods, and hyphens."; } if (kind == ApiKeyAdminCommandKind.CreateKey && string.IsNullOrWhiteSpace(displayName)) { return "Subcommand 'create-key' requires --display-name."; } return null; } private static string KindName(ApiKeyAdminCommandKind kind) { return kind switch { ApiKeyAdminCommandKind.InitDb => "init-db", ApiKeyAdminCommandKind.CreateKey => "create-key", ApiKeyAdminCommandKind.ListKeys => "list-keys", ApiKeyAdminCommandKind.RevokeKey => "revoke-key", ApiKeyAdminCommandKind.RotateKey => "rotate-key", _ => kind.ToString() }; } private static bool IsValidKeyId(string keyId) { return keyId.All(character => char.IsAsciiLetterOrDigit(character) || character is '.' or '-'); } private static string? GetOption(Dictionary> options, string name) { return options.TryGetValue(name, out List? values) && values.Count > 0 ? values[^1] : null; } private static IReadOnlyList GetOptions(Dictionary> options, string name) { return options.TryGetValue(name, out List? values) ? values.Where(value => !string.IsNullOrWhiteSpace(value)).Select(value => value!).ToArray() : Array.Empty(); } private static bool HasFlag(Dictionary> options, string name) { return options.ContainsKey(name); } private static bool IsBooleanConstraintFlag(string name) { return string.Equals(name, "read-alarm-only", StringComparison.OrdinalIgnoreCase) || string.Equals(name, "read-historized-only", StringComparison.OrdinalIgnoreCase); } private static ApiKeyConstraints ParseConstraints(Dictionary> options) { return new ApiKeyConstraints( ReadSubtrees: GetOptions(options, "read-subtree"), WriteSubtrees: GetOptions(options, "write-subtree"), ReadTagGlobs: GetOptions(options, "read-tag-glob"), WriteTagGlobs: GetOptions(options, "write-tag-glob"), MaxWriteClassification: ParseNullableInt(GetOption(options, "max-write-classification")), BrowseSubtrees: GetOptions(options, "browse-subtree"), ReadAlarmOnly: HasFlag(options, "read-alarm-only"), ReadHistorizedOnly: HasFlag(options, "read-historized-only")); } private static int? ParseNullableInt(string? value) { if (string.IsNullOrWhiteSpace(value)) { return null; } return int.TryParse( value, System.Globalization.NumberStyles.Integer, System.Globalization.CultureInfo.InvariantCulture, out int parsed) ? parsed : throw new FormatException("--max-write-classification must be an integer."); } private static IReadOnlySet ParseScopes(string? scopes) { return new HashSet( (scopes ?? string.Empty) .Split(',', StringSplitOptions.RemoveEmptyEntries | StringSplitOptions.TrimEntries), StringComparer.Ordinal); } }