package edu.vt.middleware.crypt;

import edu.vt.middleware.crypt.digest.MD5;
import edu.vt.middleware.crypt.digest.SHA1;
import edu.vt.middleware.crypt.util.CryptReader;
import edu.vt.middleware.crypt.util.CryptWriter;
import edu.vt.middleware.crypt.util.HexConverter;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import org.apache.commons.cli.CommandLine;
import org.apache.commons.cli.Option;

/* loaded from: input_file:edu/vt/middleware/crypt/KeyStoreCli.class */
public class KeyStoreCli extends AbstractCli {
    public static final String DEFAULT_KEY_ALGORITHM = "RSA";
    protected static final String OPT_LIST = "list";
    protected static final String OPT_IMPORT = "import";
    protected static final String OPT_EXPORT = "export";
    protected static final String OPT_STORE = "keystore";
    protected static final String OPT_TYPE = "storetype";
    protected static final String OPT_PASS = "storepass";
    protected static final String OPT_ALIAS = "alias";
    protected static final String OPT_CERT = "cert";
    protected static final String OPT_KEY = "key";
    protected static final String OPT_KEYALG = "keyalg";
    private static final String COMMAND_NAME = "keystore";
    private final MD5 md5 = new MD5();
    private final SHA1 sha1 = new SHA1();
    private final HexConverter hexConv = new HexConverter(true);

    public static void main(String[] strArr) {
        new KeyStoreCli().performAction(strArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // edu.vt.middleware.crypt.AbstractCli
    public void initOptions() {
        super.initOptions();
        Option option = new Option("keystore", true, "keystore file");
        option.setArgName("filepath");
        option.setOptionalArg(false);
        Option option2 = new Option(OPT_PASS, true, "keystore password");
        option2.setArgName("password");
        option2.setOptionalArg(false);
        Option option3 = new Option(OPT_TYPE, true, "keystore type, e.g. BKS (default), JKS");
        option3.setArgName("name");
        option3.setOptionalArg(false);
        Option option4 = new Option(OPT_ALIAS, true, "alias assigned to imported item or alias of item to export");
        option4.setArgName("name");
        option4.setOptionalArg(false);
        Option option5 = new Option(OPT_CERT, true, "X.509 certificate file; encoding determined by file extension (der|pem)");
        option5.setArgName("filepath");
        option5.setOptionalArg(false);
        Option option6 = new Option(OPT_KEY, true, "DER-encoded PKCS#8 or PEM-encoded SSLeay private key; encoding determined by file extension (der|pem)");
        option6.setArgName("filepath");
        option6.setOptionalArg(false);
        Option option7 = new Option(OPT_KEYALG, true, "private key algorithm name; assumes RSA if not specified");
        option7.setArgName("algorithm");
        option7.setOptionalArg(false);
        this.options.addOption(option);
        this.options.addOption(option2);
        this.options.addOption(option3);
        this.options.addOption(option4);
        this.options.addOption(option5);
        this.options.addOption(option6);
        this.options.addOption(option7);
        this.options.addOption(new Option(OPT_LIST, "list keystore contents"));
        this.options.addOption(new Option(OPT_IMPORT, "import cert or cert/key pair"));
        this.options.addOption(new Option(OPT_EXPORT, "export cert or cert/key pair"));
    }

    @Override // edu.vt.middleware.crypt.AbstractCli
    protected void dispatch(CommandLine commandLine) throws Exception {
        if (commandLine.hasOption(OPT_LIST)) {
            list(commandLine);
            return;
        }
        if (commandLine.hasOption(OPT_IMPORT)) {
            doImport(commandLine);
        } else if (commandLine.hasOption(OPT_EXPORT)) {
            doExport(commandLine);
        } else {
            printHelp();
        }
    }

    protected void list(CommandLine commandLine) throws Exception {
        validateOptions(commandLine);
        KeyStore readKeyStore = readKeyStore(commandLine);
        Enumeration<String> aliases = readKeyStore.aliases();
        System.out.println("");
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            System.out.println("Alias name: " + nextElement);
            System.out.println("Creation date: " + readKeyStore.getCreationDate(nextElement));
            if (readKeyStore.isKeyEntry(nextElement)) {
                System.out.println("Entry type: keyEntry");
                Certificate[] certificateChain = readKeyStore.getCertificateChain(nextElement);
                System.out.println("Certificate chain length: " + certificateChain.length);
                for (int i = 0; i < certificateChain.length; i++) {
                    System.out.println("===== Certificate [" + i + "] =====");
                    printCertificate(certificateChain[i]);
                }
            } else {
                System.out.println("Entry type: trustedCertEntry");
                System.out.println("Certificate details:");
                printCertificate(readKeyStore.getCertificate(nextElement));
            }
            System.out.println("");
            System.out.println("");
        }
    }

    protected void doImport(CommandLine commandLine) throws Exception {
        validateOptions(commandLine);
        KeyStore readKeyStore = readKeyStore(commandLine);
        String optionValue = commandLine.getOptionValue(OPT_ALIAS);
        File file = new File(commandLine.getOptionValue(OPT_CERT));
        if (commandLine.hasOption(OPT_KEY)) {
            File file2 = new File(commandLine.getOptionValue(OPT_KEY));
            char[] charArray = commandLine.getOptionValue(OPT_PASS).toCharArray();
            PrivateKey readPrivateKey = CryptReader.readPrivateKey(file2);
            Certificate[] readCertificateChain = CryptReader.readCertificateChain(file);
            System.err.println("Read certificate chain of length " + readCertificateChain.length + HexConverter.DEFAULT_BYTE_DELIMITER);
            for (int i = 0; i < readCertificateChain.length; i++) {
                System.out.println("===== Certificate [" + i + "] =====");
                printCertificate(readCertificateChain[i]);
            }
            readKeyStore.setKeyEntry(optionValue, readPrivateKey, charArray, readCertificateChain);
            System.err.println("Imported key entry " + optionValue);
        } else {
            Certificate readCertificate = CryptReader.readCertificate(file);
            System.err.println("Read certificate:");
            printCertificate(readCertificate);
            readKeyStore.setCertificateEntry(optionValue, readCertificate);
            System.err.println("Imported trusted cert entry " + optionValue);
        }
        FileOutputStream fileOutputStream = new FileOutputStream(new File(commandLine.getOptionValue("keystore")));
        try {
            readKeyStore.store(fileOutputStream, commandLine.getOptionValue(OPT_PASS).toCharArray());
            fileOutputStream.close();
        } catch (Throwable th) {
            fileOutputStream.close();
            throw th;
        }
    }

    protected void doExport(CommandLine commandLine) throws Exception {
        validateOptions(commandLine);
        KeyStore readKeyStore = readKeyStore(commandLine);
        String optionValue = commandLine.getOptionValue(OPT_ALIAS);
        boolean z = false;
        if (commandLine.hasOption(OPT_CERT)) {
            File file = new File(commandLine.getOptionValue(OPT_CERT));
            Certificate[] certificateChain = readKeyStore.getCertificateChain(optionValue);
            if (certificateChain == null) {
                Certificate certificate = readKeyStore.getCertificate(optionValue);
                if (file.getName().endsWith("pem")) {
                    CryptWriter.writePemCertificate(certificate, file);
                } else {
                    CryptWriter.writeEncodedCertificate(certificate, file);
                }
            } else if (file.getName().endsWith("pem")) {
                CryptWriter.writePemCertificates(certificateChain, file);
            } else {
                CryptWriter.writeEncodedCertificates(certificateChain, file);
            }
            System.err.println("Wrote certificate to " + file);
            z = true;
        }
        if (commandLine.hasOption(OPT_KEY)) {
            File file2 = new File(commandLine.getOptionValue(OPT_KEY));
            PrivateKey privateKey = (PrivateKey) readKeyStore.getKey(optionValue, commandLine.getOptionValue(OPT_PASS).toCharArray());
            if (file2.getName().endsWith("pem")) {
                CryptWriter.writePemKey(privateKey, (char[]) null, (SecureRandom) null, file2);
            } else {
                CryptWriter.writeEncodedKey(privateKey, file2);
            }
            System.err.println("Wrote key to " + file2);
            z = true;
        }
        if (z) {
            return;
        }
        System.err.println("No data was written because neither -cert nor -key was specified.");
    }

    @Override // edu.vt.middleware.crypt.AbstractCli
    protected String getCommandName() {
        return "keystore";
    }

    protected KeyStore readKeyStore(CommandLine commandLine) throws Exception {
        KeyStore keyStore = commandLine.hasOption(OPT_TYPE) ? CryptProvider.getKeyStore(commandLine.getOptionValue(OPT_TYPE)) : CryptProvider.getKeyStore();
        File file = new File(commandLine.getOptionValue("keystore"));
        char[] charArray = commandLine.getOptionValue(OPT_PASS).toCharArray();
        if (file.exists()) {
            FileInputStream fileInputStream = new FileInputStream(file);
            try {
                keyStore.load(fileInputStream, charArray);
                fileInputStream.close();
            } catch (Throwable th) {
                fileInputStream.close();
                throw th;
            }
        } else {
            if (!commandLine.hasOption(OPT_IMPORT)) {
                throw new IllegalArgumentException("Keystore does not exist at " + file + ". An existing keystore is required for this operation.");
            }
            keyStore.load(null, charArray);
        }
        return keyStore;
    }

    protected void printCertificate(Certificate certificate) throws Exception {
        if (!(certificate instanceof X509Certificate)) {
            System.out.println(certificate);
            return;
        }
        X509Certificate x509Certificate = (X509Certificate) certificate;
        byte[] encoded = x509Certificate.getEncoded();
        System.out.println("Subject: " + x509Certificate.getSubjectDN());
        System.out.println("Issuer: " + x509Certificate.getIssuerDN());
        System.out.println("Serial: " + this.hexConv.fromBytes(x509Certificate.getSerialNumber().toByteArray()));
        System.out.println("Valid not before: " + x509Certificate.getNotBefore());
        System.out.println("Valid not after: " + x509Certificate.getNotAfter());
        System.out.println("MD5 fingerprint: " + this.md5.digest(encoded, this.hexConv));
        System.out.println("SHA1 fingerprint: " + this.sha1.digest(encoded, this.hexConv));
    }

    protected void validateOptions(CommandLine commandLine) {
        if (!commandLine.hasOption("keystore")) {
            throw new IllegalArgumentException("keystore option is required.");
        }
        if (!commandLine.hasOption(OPT_PASS)) {
            throw new IllegalArgumentException("storepass option is required.");
        }
        if ((commandLine.hasOption(OPT_IMPORT) || commandLine.hasOption(OPT_EXPORT)) && !commandLine.hasOption(OPT_ALIAS)) {
            throw new IllegalArgumentException("alias option is required.");
        }
        if (commandLine.hasOption(OPT_IMPORT) && !commandLine.hasOption(OPT_CERT)) {
            throw new IllegalArgumentException("cert option is required.");
        }
    }
}
