package gov.nist.secautotrust.signature;

import gov.nist.secauto.trust.tmsad.config.Reference;
import gov.nist.secauto.trust.tmsad.config.ReferenceType;
import gov.nist.secauto.trust.tmsad.config.Sign;
import gov.nist.secauto.trust.tmsad.config.Signs;
import gov.nist.secautotrust.signature.Signature;
import gov.nist.secautotrust.signature.config.ValidateSigConfig;
import gov.nist.secautotrust.signature.enums.CanonicalizationType;
import gov.nist.secautotrust.signature.enums.HashType;
import gov.nist.secautotrust.signature.enums.SignatureType;
import gov.nist.secautotrust.signature.exception.TMSADException;
import gov.nist.secautotrust.signature.model.IReferenceValidationResult;
import gov.nist.secautotrust.signature.model.ISignatureValidationResult;
import gov.nist.secautotrust.signer.ScapDataStreamSigner;
import gov.nist.secautotrust.signer.config.ScapDataStreamSignerConfig;
import gov.nist.secautotrust.util.Util;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.URL;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.Unmarshaller;
import javax.xml.crypto.dsig.XMLSignatureException;
import javax.xml.crypto.dsig.spec.XPathType;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.validation.SchemaFactory;
import javax.xml.xpath.XPathExpressionException;
import org.w3c.dom.Element;
import org.xml.sax.SAXException;

/* loaded from: input_file:gov/nist/secautotrust/signature/SecAutoTrustMain.class */
public class SecAutoTrustMain {

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:gov/nist/secautotrust/signature/SecAutoTrustMain$KeyInfo.class */
    public static class KeyInfo {
        private KeyPair keyPair;
        private X509Certificate[] certChain;

        private KeyInfo() {
        }
    }

    private static void buildReference(ReferenceBuilderFactory referenceBuilderFactory, Reference reference, Map<String, String> map) {
        ReferenceBuilder newDetachedReferenceBuilder;
        if (reference.getType() != null && reference.getType() == ReferenceType.ENVELOPED) {
            newDetachedReferenceBuilder = referenceBuilderFactory.newEnvelopedReferenceBuilder();
        } else {
            if (reference.getType() != null && reference.getType() == ReferenceType.ENVELOPING) {
                throw new UnsupportedOperationException("Enveloping signatures is not currently supported via the command line.");
            }
            newDetachedReferenceBuilder = referenceBuilderFactory.newDetachedReferenceBuilder();
        }
        if (reference.getUri().equals("#")) {
            System.out.println("Certain versions of Java have a known bug when processing a reference URI \"#\". If an error such as \"java.lang.StringIndexOutOfBoundsException: String index out of range: 1\" is encountered, change \"#\" references to blank string: \"\"");
        }
        newDetachedReferenceBuilder.uri(reference.getUri());
        newDetachedReferenceBuilder.hashType(HashType.fromUrlString(reference.getDigestType().value()));
        if (reference.getCanonicalization() != null) {
            newDetachedReferenceBuilder.canonicalization(CanonicalizationType.fromUrlString(reference.getCanonicalization().value()));
        }
        for (Reference.Xpath xpath : reference.getXpath()) {
            XPathType.Filter filter = null;
            switch (xpath.getType()) {
                case INTERSECT:
                    filter = XPathType.Filter.INTERSECT;
                    break;
                case SUBTRACT:
                    filter = XPathType.Filter.SUBTRACT;
                    break;
                case UNION:
                    filter = XPathType.Filter.UNION;
                    break;
            }
            newDetachedReferenceBuilder.xpath(new XPathType(xpath.getExpression(), filter, map));
        }
    }

    public static void sign(String str) throws Exception {
        sign(str, null, null);
    }

    public static void sign(String str, String str2, String str3) throws Exception {
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(System.in));
        File file = new File(str);
        if (!file.exists() || !file.canRead()) {
            throw new IllegalStateException("File " + file.getCanonicalPath() + " MUST exist and be readable.");
        }
        Unmarshaller createUnmarshaller = JAXBContext.newInstance(new Class[]{Sign.class}).createUnmarshaller();
        createUnmarshaller.setSchema(SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema").newSchema(new URL("classpath:tmsad/secautotrust.xsd")));
        Signs signs = (Signs) createUnmarshaller.unmarshal(file);
        File file2 = new File(signs.getOutputFile());
        if (file2.exists()) {
            throw new IllegalStateException("File " + file2.getCanonicalPath() + " MUST not exist.");
        }
        boolean z = false;
        if (signs.getSourceFile() != null) {
            File file3 = new File(signs.getSourceFile());
            if (!file3.exists() || !file3.canRead()) {
                throw new IllegalStateException("File " + file3.getCanonicalPath() + " MUST exist and be readable.");
            }
            z = true;
        }
        if (!z && signs.getSign().size() > 1) {
            throw new IllegalStateException("If no source file is specified, then only 1 signature definition is permitted.");
        }
        int size = signs.getSign().size();
        for (int i = 0; i < size; i++) {
            if ((!z || signs.getSign().get(i).getInsert() == null) && (z || signs.getSign().get(i).getInsert() != null)) {
                throw new IllegalStateException("If a source file is specified, every <sign> MUST specify an <insert> element. If no source file is specified, the <sign> MUST NOT specify an <insert> element.");
            }
        }
        HashMap hashMap = null;
        if (signs.getXpathNamespacePrefixMap() != null) {
            hashMap = new HashMap();
            for (Signs.XpathNamespacePrefixMap.Ns ns : signs.getXpathNamespacePrefixMap().getNs()) {
                hashMap.put(ns.getPrefix(), ns.getUri());
            }
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        int size2 = signs.getSign().size();
        for (int i2 = 0; i2 < size2; i2++) {
            Sign sign = signs.getSign().get(i2);
            Signature.Builder builder = new Signature.Builder();
            builder.includeDefaultSignatureProperties(true);
            builder.creators(sign.getCreators());
            FileOutputStream fileOutputStream = new FileOutputStream(file2);
            builder.outputStream(i2 + 1 < size2 ? byteArrayOutputStream : new BufferedOutputStream(fileOutputStream));
            builder.sigType(SignatureType.fromUrlString(sign.getSignatureType().value()));
            if (sign.getCanonicalization() != null) {
                builder.canonicalization(CanonicalizationType.fromUrlString(sign.getCanonicalization().value()));
            }
            String str4 = null;
            if (!"MSCAPI".equals(sign.getKeyInfo().getKeyStore())) {
                File file4 = new File(sign.getKeyInfo().getKeyStore());
                if (!file4.exists() || !file4.canRead()) {
                    throw new IllegalStateException("The Java Keystore Store (JKS) must exist and be readable.");
                }
                if (str2 != null) {
                    str4 = str2;
                } else {
                    System.out.print("Enter keystore password: ");
                    str4 = bufferedReader.readLine();
                }
            }
            KeyStore keyStore = getKeyStore(sign.getKeyInfo().getKeyStore(), str4 != null ? str4.toCharArray() : null, true);
            String str5 = null;
            if (!"MSCAPI".equals(sign.getKeyInfo().getKeyStore())) {
                if (str3 != null) {
                    str5 = str2;
                } else {
                    System.out.print("Enter certificate password: ");
                    str5 = bufferedReader.readLine();
                }
            }
            KeyInfo keyInfo = getKeyInfo(keyStore, str5 != null ? str5.toCharArray() : null, sign.getKeyInfo().getAlias());
            if (keyInfo == null) {
                System.out.println("Failed to locate key information");
                System.exit(1);
            }
            KeyInfoBuilder publicKey = new KeyInfoBuilder().privateKey(keyInfo.keyPair.getPrivate()).publicKey(keyInfo.keyPair.getPublic());
            for (X509Certificate x509Certificate : keyInfo.certChain) {
                publicKey.certificate(x509Certificate);
            }
            builder.keyInfoBuilder(publicKey);
            if (sign.getInsert() != null) {
                if (i2 == 0) {
                    builder.sourceForOutput(new BufferedInputStream(new FileInputStream(signs.getSourceFile())));
                } else {
                    builder.sourceForOutput(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()));
                    byteArrayOutputStream = new ByteArrayOutputStream();
                }
                builder.insertXpath(sign.getInsert().getInsertXpath());
                builder.insertXpathNamespaceMap(hashMap);
            }
            Iterator<Reference> it = sign.getReference().iterator();
            while (it.hasNext()) {
                buildReference(builder, it.next(), hashMap);
            }
            for (Sign.Manifest manifest : sign.getManifest()) {
                ManifestBuilder newManifestBuilder = builder.newManifestBuilder();
                newManifestBuilder.id(Util.generateId("manifest"));
                newManifestBuilder.canonicalizationType(CanonicalizationType.fromUrlString(sign.getCanonicalization().value()));
                newManifestBuilder.hashType(HashType.fromUrlString(sign.getDigestType().value()));
                Iterator<Reference> it2 = manifest.getReference().iterator();
                while (it2.hasNext()) {
                    buildReference(newManifestBuilder, it2.next(), hashMap);
                }
            }
            for (Sign.SignatureProperty signatureProperty : sign.getSignatureProperty()) {
                if (!(signatureProperty.getAny() instanceof Element)) {
                    throw new IllegalStateException("Signature properties MUST be XML.");
                }
                builder.newSignatureProperty((Element) signatureProperty.getAny());
            }
            builder.build().signContents();
            fileOutputStream.close();
        }
    }

    public static void validateSignature(String str, String str2, String str3) throws IllegalStateException, IOException, TMSADException, ParserConfigurationException, SAXException, XMLSignatureException {
        validateSignature(str, str2, str3, null);
    }

    public static void validateSignature(String str, String str2, String str3, String str4) throws IllegalStateException, IOException, TMSADException, ParserConfigurationException, SAXException, XMLSignatureException {
        char[] charArray;
        String str5 = null;
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(System.in));
        if (!"MSCAPI".equals(str2)) {
            File file = new File(str2);
            if (!file.exists() || !file.canRead()) {
                throw new IllegalStateException("The Java Keystore Store (JKS) must exist and be readable.");
            }
            if (str4 != null) {
                str5 = str4;
            } else {
                System.out.print("Enter keystore password: ");
                str5 = bufferedReader.readLine();
            }
            if (str5.trim().length() == 0) {
                str5 = null;
            }
        }
        if (str5 != null) {
            try {
                charArray = str5.toCharArray();
            } catch (KeyStoreException e) {
                throw new TMSADException(e.getMessage());
            } catch (NoSuchAlgorithmException e2) {
                throw new TMSADException(e2.getMessage());
            } catch (CertificateException e3) {
                throw new TMSADException(e3.getMessage());
            }
        } else {
            charArray = null;
        }
        List<ISignatureValidationResult> validateContent = XMLValidator.validateContent(new ValidateSigConfig.Builder().content(new FileInputStream(str)).trustedPublicKey(getPublicKey(getKeyStore(str2, charArray, false), str3)).build());
        if (validateContent.size() == 0) {
            throw new TMSADException("No signatures found.");
        }
        for (ISignatureValidationResult iSignatureValidationResult : validateContent) {
            if (!iSignatureValidationResult.isSignatureValid()) {
                throw new TMSADException("Signature is not valid: " + iSignatureValidationResult.getSignatureId());
            }
            System.out.println("Signature is valid: " + iSignatureValidationResult.getSignatureId());
            for (IReferenceValidationResult iReferenceValidationResult : iSignatureValidationResult.getSignatureReferenceResults()) {
                if (!iReferenceValidationResult.isReferenceDigestValid()) {
                    throw new TMSADException("Reference is not valid: " + iReferenceValidationResult.getReferenceURI());
                }
                System.out.println("Reference is valid: " + iReferenceValidationResult.getReferenceURI());
            }
            Iterator<List<IReferenceValidationResult>> it = iSignatureValidationResult.getManifestsReferenceResults().iterator();
            while (it.hasNext()) {
                for (IReferenceValidationResult iReferenceValidationResult2 : it.next()) {
                    if (!iReferenceValidationResult2.isReferenceDigestValid()) {
                        throw new TMSADException("Manifest reference is not valid: " + iReferenceValidationResult2.getReferenceURI());
                    }
                    System.out.println("Manifest reference is valid: " + iReferenceValidationResult2.getReferenceURI());
                }
            }
        }
    }

    public static void createScapSignConfig(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8) throws IllegalStateException, IOException, ParserConfigurationException, SAXException, XPathExpressionException {
        File file = new File(str);
        File file2 = new File(str2);
        if (file.exists()) {
            throw new IllegalStateException("Cannot overwrite file: " + str);
        }
        if (!file2.exists() || !file2.canRead()) {
            throw new IllegalStateException("Cannot read SCAP 1.2 file: " + str2);
        }
        if (HashType.valueOf(str4) == null) {
            StringBuilder sb = new StringBuilder();
            sb.append("Did not recognize hash type: " + str4 + ". Valid values: ");
            for (HashType hashType : HashType.values()) {
                sb.append(hashType + ", ");
            }
            sb.deleteCharAt(sb.length() - 1);
            sb.deleteCharAt(sb.length() - 1);
            throw new IllegalStateException(sb.toString());
        }
        if (SignatureType.valueOf(str5) != null) {
            Boolean valueOf = Boolean.valueOf(str8.toLowerCase().equals("true") ? true : (str8.toLowerCase().equals("false") ? false : null).booleanValue());
            if (valueOf == null) {
                throw new IllegalStateException("The boolean to include external references MUST be \"true\" or \"false\"");
            }
            System.setProperty(ScapDataStreamSigner.EXCLUDE_EXTERNAL_REFERENCE_PROPERTY, valueOf.booleanValue() ? "false" : "true");
            ScapDataStreamSigner.getInstance().createConfig(new ScapDataStreamSignerConfig.Builder().content(str2).hashType(HashType.valueOf(str4)).sigType(SignatureType.valueOf(str5)).keystore(str6).alias(str7).outputStream(new FileOutputStream(file)).outputFileLocation(str3).build());
            return;
        }
        StringBuilder sb2 = new StringBuilder();
        sb2.append("Did not recognize signature type: " + str5 + ". Valid values: ");
        for (SignatureType signatureType : SignatureType.values()) {
            sb2.append(signatureType + ", ");
        }
        sb2.deleteCharAt(sb2.length() - 1);
        sb2.deleteCharAt(sb2.length() - 1);
        throw new IllegalStateException(sb2.toString());
    }

    public static void listAliases(String str) throws Exception {
        listAliases(str, null);
    }

    public static void listAliases(String str, String str2) throws Exception {
        Enumeration<String> aliases = getKeyStore(str, true, str2).aliases();
        System.out.println("Alias in the keystore:\n");
        while (aliases.hasMoreElements()) {
            System.out.println(aliases.nextElement());
        }
    }

    public static void listTrustChain(String str, String str2) throws Exception {
        listTrustChain(str, str2, null);
    }

    public static void listTrustChain(String str, String str2, String str3) throws Exception {
        LinkedList linkedList = new LinkedList();
        linkedList.add(getKeyStore(str, true, str3));
        if ("MSCAPI".equals(str)) {
            linkedList.add(getKeyStore(str, false));
        }
        Certificate[] certificateChain = ((KeyStore) linkedList.get(0)).getCertificateChain(str2);
        if (certificateChain == null) {
            System.out.println("failed to locate certificate chain for alias: (" + str2 + ")");
            return;
        }
        System.out.println("Certificate chain by alias (starts with target cert; ends with trusted cert):\n");
        for (Certificate certificate : certificateChain) {
            String certificateAlias = ((KeyStore) linkedList.get(0)).getCertificateAlias(certificate);
            if (certificateAlias == null && linkedList.size() > 1) {
                certificateAlias = ((KeyStore) linkedList.get(1)).getCertificateAlias(certificate);
            }
            System.out.println(certificateAlias == null ? "<unknown alias>" : certificateAlias);
        }
    }

    private static KeyInfo getKeyInfo(KeyStore keyStore, char[] cArr, String str) throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException {
        Key key = keyStore.getKey(str, cArr);
        if (!(key instanceof PrivateKey)) {
            return null;
        }
        Certificate[] certificateChain = keyStore.getCertificateChain(str);
        X509Certificate[] x509CertificateArr = new X509Certificate[certificateChain.length];
        int length = certificateChain.length;
        for (int i = 0; i < length; i++) {
            x509CertificateArr[i] = (X509Certificate) certificateChain[i];
        }
        PublicKey publicKey = x509CertificateArr[0].getPublicKey();
        KeyInfo keyInfo = new KeyInfo();
        keyInfo.keyPair = new KeyPair(publicKey, (PrivateKey) key);
        keyInfo.certChain = x509CertificateArr;
        return keyInfo;
    }

    private static PublicKey getPublicKey(KeyStore keyStore, String str) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        Certificate[] certificateChain;
        Certificate certificate = keyStore.getCertificate(str);
        if (certificate == null && (certificateChain = keyStore.getCertificateChain(str)) != null && certificateChain.length > 0) {
            certificate = certificateChain[0];
        }
        return certificate.getPublicKey();
    }

    private static KeyStore getKeyStore(String str, boolean z) throws Exception {
        return getKeyStore(str, z, (String) null);
    }

    private static KeyStore getKeyStore(String str, boolean z, String str2) throws Exception {
        String str3 = null;
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(System.in));
        if (!"MSCAPI".equals(str)) {
            File file = new File(str);
            if (!file.exists() || !file.canRead()) {
                throw new IllegalStateException("The Java Keystore Store (JKS) must exist and be readable.");
            }
            if (str2 != null) {
                str3 = str2;
            } else {
                System.out.print("Enter keystore password: ");
                str3 = bufferedReader.readLine();
            }
        }
        return getKeyStore(str, str3 != null ? str3.toCharArray() : null, z);
    }

    private static KeyStore getKeyStore(String str, char[] cArr, boolean z) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        KeyStore keyStore;
        if ("MSCAPI".equals(str)) {
            keyStore = z ? KeyStore.getInstance("Windows-MY") : KeyStore.getInstance("Windows-ROOT");
            keyStore.load(null, null);
        } else {
            keyStore = KeyStore.getInstance("JKS");
            FileInputStream fileInputStream = new FileInputStream(str);
            try {
                keyStore.load(new BufferedInputStream(fileInputStream), cArr);
            } finally {
                try {
                    fileInputStream.close();
                } catch (IOException e) {
                }
            }
        }
        return keyStore;
    }
}
