package net.shibboleth.tool.xmlsectool;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyException;
import java.security.PublicKey;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.zip.DeflaterOutputStream;
import java.util.zip.GZIPInputStream;
import java.util.zip.GZIPOutputStream;
import java.util.zip.InflaterInputStream;
import javax.annotation.Nonnull;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import net.shibboleth.utilities.java.support.httpclient.HttpClientBuilder;
import net.shibboleth.utilities.java.support.primitive.StringSupport;
import net.shibboleth.utilities.java.support.xml.AttributeSupport;
import net.shibboleth.utilities.java.support.xml.ElementSupport;
import net.shibboleth.utilities.java.support.xml.SchemaBuilder;
import net.shibboleth.utilities.java.support.xml.SerializeSupport;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.binary.Base64InputStream;
import org.apache.commons.codec.binary.Base64OutputStream;
import org.apache.http.Header;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.keys.content.KeyName;
import org.apache.xml.security.keys.content.X509Data;
import org.apache.xml.security.signature.Reference;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.signature.XMLSignatureException;
import org.apache.xml.security.signature.reference.ReferenceData;
import org.apache.xml.security.signature.reference.ReferenceSubTreeData;
import org.apache.xml.security.transforms.TransformationException;
import org.apache.xml.security.transforms.Transforms;
import org.opensaml.core.config.InitializationException;
import org.opensaml.security.credential.CredentialSupport;
import org.opensaml.security.crypto.JCAConstants;
import org.opensaml.security.x509.BasicX509Credential;
import org.opensaml.security.x509.X509Credential;
import org.opensaml.security.x509.X509Support;
import org.opensaml.xmlsec.SecurityConfigurationSupport;
import org.opensaml.xmlsec.SignatureSigningConfiguration;
import org.opensaml.xmlsec.algorithm.AlgorithmSupport;
import org.opensaml.xmlsec.signature.Signature;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Attr;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NamedNodeMap;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;

/* loaded from: input_file:BOOT-INF/lib/xmlsectool-2.0.0.jar:net/shibboleth/tool/xmlsectool/XMLSecTool.class */
public final class XMLSecTool {
    private static Logger log;

    private XMLSecTool() {
    }

    public static void main(String[] strArr) {
        try {
            CommandLineArguments commandLineArguments = new CommandLineArguments();
            commandLineArguments.parseCommandLineArguments(strArr);
            initLogging(commandLineArguments);
            try {
                InitializationSupport.initialize();
                if (commandLineArguments.doHelp()) {
                    commandLineArguments.printHelp(System.out);
                    return;
                }
                if (commandLineArguments.doListBlacklist()) {
                    commandLineArguments.getBlacklist().list(System.out);
                    return;
                }
                Document parseXML = parseXML(commandLineArguments);
                if (commandLineArguments.doSchemaValidation()) {
                    schemaValidate(commandLineArguments, parseXML);
                }
                if (commandLineArguments.doSign()) {
                    sign(commandLineArguments, getCredential(commandLineArguments), parseXML);
                }
                if (commandLineArguments.doSignatureVerify()) {
                    verifySignature(commandLineArguments, getCredential(commandLineArguments), parseXML);
                }
                if (commandLineArguments.getOutputFile() != null) {
                    writeDocument(commandLineArguments, parseXML);
                }
            } catch (InitializationException e) {
                log.error("Unable to initialize OpenSAML library", (Throwable) e);
                throw new Terminator(ReturnCode.RC_INIT);
            }
        } catch (Terminator e2) {
            System.exit(e2.getExitCode());
        } catch (Throwable th) {
            log.error("Unknown error", th);
            System.exit(ReturnCode.RC_UNKNOWN.getCode());
        }
    }

    protected static Document parseXML(CommandLineArguments commandLineArguments) {
        InputStream xmlInputStreamFromFile = commandLineArguments.getInputFile() != null ? getXmlInputStreamFromFile(commandLineArguments) : getXmlInputStreamFromUrl(commandLineArguments);
        DocumentBuilder parser = getParser();
        try {
            log.debug("Parsing XML input stream");
            Document parse = parser.parse(xmlInputStreamFromFile);
            log.info("XML document parsed and is well-formed.");
            return parse;
        } catch (IOException e) {
            log.error("Error reading XML document from input source", (Throwable) e);
            throw new Terminator(ReturnCode.RC_IO);
        } catch (SAXException e2) {
            log.error("XML document was not well formed", (Throwable) e2);
            throw new Terminator(ReturnCode.RC_MALFORMED_XML);
        }
    }

    protected static InputStream getXmlInputStreamFromFile(CommandLineArguments commandLineArguments) {
        try {
            log.info("Reading XML document from file '{}'", commandLineArguments.getInputFile());
            File file = new File(commandLineArguments.getInputFile());
            if (!file.exists()) {
                log.error("Input file '{}' does not exist", commandLineArguments.getInputFile());
                throw new Terminator(ReturnCode.RC_IO);
            }
            if (file.isDirectory()) {
                log.error("Input file '{}' is a directory", commandLineArguments.getInputFile());
                throw new Terminator(ReturnCode.RC_IO);
            }
            if (!file.canRead()) {
                log.error("Input file '{}' can not be read", commandLineArguments.getInputFile());
                throw new Terminator(ReturnCode.RC_IO);
            }
            InputStream fileInputStream = new FileInputStream(commandLineArguments.getInputFile());
            if (commandLineArguments.isBase64DecodeInput()) {
                log.debug("Passing input file through Base64 decoder.");
                fileInputStream = new Base64InputStream(fileInputStream);
            }
            if (commandLineArguments.isInflateInput()) {
                log.debug("Passing input file data through Inflater decompression filter");
                fileInputStream = new InflaterInputStream(fileInputStream);
            }
            if (commandLineArguments.isGunzipInput()) {
                log.debug("Passing input file data through GZip decompression filter");
                fileInputStream = new GZIPInputStream(fileInputStream);
            }
            return fileInputStream;
        } catch (IOException e) {
            log.error("Unable to read input file '{}'", commandLineArguments.getInputFile(), e);
            throw new Terminator(ReturnCode.RC_IO);
        }
    }

    protected static InputStream getXmlInputStreamFromUrl(CommandLineArguments commandLineArguments) {
        log.info("Reading XML document from URL '{}'", commandLineArguments.getInputUrl());
        HttpClientBuilder httpClientBuilder = new HttpClientBuilder();
        httpClientBuilder.setConnectionDisregardTLSCertificate(true);
        if (commandLineArguments.getHttpProxy() != null) {
            httpClientBuilder.setConnectionProxyHost(commandLineArguments.getHttpProxy());
            httpClientBuilder.setConnectionProxyPort(commandLineArguments.getHttpProxyPort());
            httpClientBuilder.setConnectionProxyUsername(commandLineArguments.getHttpProxyUsername());
            httpClientBuilder.setConnectionProxyPassword(commandLineArguments.getHttpProxyPassword());
        }
        HttpGet httpGet = new HttpGet(commandLineArguments.getInputUrl());
        httpGet.setHeader("Accept-Encoding", "gzip,deflate");
        try {
            HttpResponse execute = httpClientBuilder.buildClient().execute(httpGet);
            int statusCode = execute.getStatusLine().getStatusCode();
            if (statusCode != 200) {
                log.error("Non-ok status code '" + Integer.valueOf(statusCode) + "' returned by '" + commandLineArguments.getInputUrl() + "'");
                throw new Terminator(ReturnCode.RC_IO);
            }
            InputStream content = execute.getEntity().getContent();
            Header firstHeader = execute.getFirstHeader("Content-Encoding");
            if (firstHeader != null) {
                String value = firstHeader.getValue();
                if ("deflate".equalsIgnoreCase(value)) {
                    log.debug("Passing input file data through Inflater decompression filter");
                    content = new InflaterInputStream(content);
                }
                if ("gzip".equalsIgnoreCase(value)) {
                    log.debug("Passing input file data through GZip decompression filter");
                    content = new GZIPInputStream(content);
                }
            }
            if (commandLineArguments.isBase64DecodeInput()) {
                log.debug("Passing input file through Base64 decoder.");
                content = new Base64InputStream(content);
            }
            return content;
        } catch (IOException e) {
            log.error("Unable to read XML document from " + commandLineArguments.getInputUrl(), (Throwable) e);
            throw new Terminator(ReturnCode.RC_IO);
        } catch (Exception e2) {
            log.error("error building an HTTP client instance for " + commandLineArguments.getInputUrl(), (Throwable) e2);
            throw new Terminator(ReturnCode.RC_IO);
        }
    }

    protected static DocumentBuilder getParser() {
        log.debug("Building DOM parser");
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setCoalescing(false);
        newInstance.setExpandEntityReferences(true);
        newInstance.setIgnoringComments(false);
        newInstance.setIgnoringElementContentWhitespace(false);
        newInstance.setNamespaceAware(true);
        newInstance.setValidating(false);
        newInstance.setXIncludeAware(false);
        try {
            return newInstance.newDocumentBuilder();
        } catch (ParserConfigurationException e) {
            log.error("Unable to create XML parser", (Throwable) e);
            throw new Terminator(ReturnCode.RC_UNKNOWN);
        }
    }

    protected static void schemaValidate(CommandLineArguments commandLineArguments, Document document) {
        SchemaBuilder.SchemaLanguage schemaLanguage = commandLineArguments.isXsdSchema() ? SchemaBuilder.SchemaLanguage.XML : SchemaBuilder.SchemaLanguage.RELAX;
        File file = new File(commandLineArguments.getSchemaDirectory());
        try {
            log.debug("Building W3 XML Schema from file/directory '{}'", file.getAbsolutePath());
            SchemaValidator schemaValidator = new SchemaValidator(schemaLanguage, file);
            try {
                log.debug("Schema validating XML document");
                schemaValidator.validate(new DOMSource(document));
                log.info("XML document is schema valid");
            } catch (IOException e) {
                log.error("internal error: I/O exception while validating XML", (Throwable) e);
                throw new Terminator(ReturnCode.RC_INVALID_XML);
            } catch (SAXException e2) {
                log.error("XML is not schema valid", (Throwable) e2);
                throw new Terminator(ReturnCode.RC_INVALID_XML);
            }
        } catch (SAXException e3) {
            log.error("Invalid XML schema files, unable to validate XML", (Throwable) e3);
            throw new Terminator(ReturnCode.RC_INVALID_XS);
        }
    }

    protected static void sign(@Nonnull CommandLineArguments commandLineArguments, @Nonnull X509Credential x509Credential, @Nonnull Document document) {
        log.debug("Preparing to sign document");
        Element documentElement = document.getDocumentElement();
        if (getSignatureElement(document) != null) {
            log.error("XML document is already signed");
            throw new Terminator(ReturnCode.RC_SIG);
        }
        String determineSignatureAlgorithm = determineSignatureAlgorithm(commandLineArguments, x509Credential);
        log.debug("signature algorithm {} selected from credential+digest", determineSignatureAlgorithm);
        SignatureSigningConfiguration globalSignatureSigningConfiguration = SecurityConfigurationSupport.getGlobalSignatureSigningConfiguration();
        boolean isHMAC = AlgorithmSupport.isHMAC(determineSignatureAlgorithm);
        Integer signatureHMACOutputLength = globalSignatureSigningConfiguration.getSignatureHMACOutputLength();
        String digestAlgorithm = commandLineArguments.getDigestAlgorithm();
        if (digestAlgorithm == null) {
            digestAlgorithm = commandLineArguments.getDigest().getDigestAlgorithm();
        }
        try {
            XMLSignature xMLSignature = isHMAC ? new XMLSignature(document, "#", determineSignatureAlgorithm, signatureHMACOutputLength.intValue(), "http://www.w3.org/2001/10/xml-exc-c14n#") : new XMLSignature(document, "#", determineSignatureAlgorithm, "http://www.w3.org/2001/10/xml-exc-c14n#");
            populateKeyInfo(document, xMLSignature.getKeyInfo(), x509Credential);
            Transforms transforms = new Transforms(document);
            transforms.addTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature");
            transforms.addTransform("http://www.w3.org/2001/10/xml-exc-c14n#");
            xMLSignature.addDocument(getSignatureReferenceUri(commandLineArguments, documentElement), transforms, digestAlgorithm);
            log.debug("Creating Signature DOM element");
            addSignatureELement(commandLineArguments, documentElement, xMLSignature.getElement());
            xMLSignature.sign(CredentialSupport.extractSigningKey(x509Credential));
            log.info("XML document successfully signed");
        } catch (XMLSecurityException e) {
            log.error("Unable to create XML document signature", (Throwable) e);
            throw new Terminator(ReturnCode.RC_SIG);
        }
    }

    protected static String determineSignatureAlgorithm(@Nonnull CommandLineArguments commandLineArguments, @Nonnull X509Credential x509Credential) {
        if (commandLineArguments.getSignatureAlgorithm() != null) {
            return commandLineArguments.getSignatureAlgorithm();
        }
        String algorithm = x509Credential.getPublicKey().getAlgorithm();
        log.debug("credential public key algorithm is {}", algorithm);
        boolean z = -1;
        switch (algorithm.hashCode()) {
            case 2206:
                if (algorithm.equals("EC")) {
                    z = true;
                    break;
                }
                break;
            case 67986:
                if (algorithm.equals(JCAConstants.KEY_ALGO_DSA)) {
                    z = 2;
                    break;
                }
                break;
            case 81440:
                if (algorithm.equals("RSA")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return commandLineArguments.getDigest().getRSAAlgorithm();
            case true:
                return commandLineArguments.getDigest().getECDSAAlgorithm();
            case true:
                return "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
            default:
                log.error("unimplemented signing credential type: {}", algorithm);
                throw new Terminator(ReturnCode.RC_SIG);
        }
    }

    protected static void populateKeyInfo(Document document, KeyInfo keyInfo, X509Credential x509Credential) {
        if (x509Credential.getKeyNames() != null) {
            Iterator<String> it = x509Credential.getKeyNames().iterator();
            while (it.hasNext()) {
                keyInfo.add(new KeyName(document, it.next()));
            }
        }
        PublicKey publicKey = x509Credential.getPublicKey();
        if ((publicKey instanceof RSAPublicKey) || (publicKey instanceof DSAPublicKey)) {
            keyInfo.add(publicKey);
        } else {
            log.debug("not adding KeyValue for unsupported credential of type " + publicKey.getAlgorithm());
        }
        X509Data x509Data = new X509Data(document);
        keyInfo.add(x509Data);
        try {
            Iterator<X509Certificate> it2 = x509Credential.getEntityCertificateChain().iterator();
            while (it2.hasNext()) {
                x509Data.addCertificate(it2.next());
            }
            if (x509Credential.getCRLs() != null) {
                Iterator<X509CRL> it3 = x509Credential.getCRLs().iterator();
                while (it3.hasNext()) {
                    x509Data.addCRL(it3.next().getEncoded());
                }
            }
        } catch (CRLException e) {
        } catch (XMLSecurityException e2) {
            log.error("Unable to constructor signature KeyInfo", (Throwable) e2);
            throw new Terminator(ReturnCode.RC_UNKNOWN);
        }
    }

    protected static String getSignatureReferenceUri(CommandLineArguments commandLineArguments, Element element) {
        Attr attr;
        String str = "";
        if (commandLineArguments.getReferenceIdAttributeName() != null && (attr = (Attr) element.getAttributes().getNamedItem(commandLineArguments.getReferenceIdAttributeName())) != null) {
            element.setIdAttributeNode(attr, true);
            str = StringSupport.trim(attr.getValue());
            if (str.length() > 0) {
                str = "#" + str;
            }
        }
        return str;
    }

    protected static void addSignatureELement(CommandLineArguments commandLineArguments, Element element, Element element2) {
        if ("FIRST".equalsIgnoreCase(commandLineArguments.getSignaturePosition()) || commandLineArguments.getSignaturePosition() == null) {
            element.insertBefore(element2, element.getFirstChild());
            return;
        }
        if ("LAST".equalsIgnoreCase(commandLineArguments.getSignaturePosition())) {
            element.appendChild(element2);
            return;
        }
        try {
            NodeList childNodes = element.getChildNodes();
            int parseInt = Integer.parseInt(commandLineArguments.getSignaturePosition());
            boolean z = false;
            if (childNodes.getLength() > parseInt) {
                int i = 0;
                for (int i2 = 0; i2 < childNodes.getLength(); i2++) {
                    if (childNodes.item(i2).getNodeType() == 1) {
                        i++;
                        if (i == parseInt) {
                            element.insertBefore(element2, childNodes.item(i2));
                            z = true;
                        }
                    }
                }
            }
            if (!z) {
                element.appendChild(element2);
            }
        } catch (NumberFormatException e) {
            log.error("Invalid signature position: " + commandLineArguments.getSignaturePosition());
            throw new Terminator(ReturnCode.RC_SIG);
        }
    }

    protected static void markIdAttribute(Element element, Reference reference) {
        String uri = reference.getURI();
        if (uri == null || uri.trim().isEmpty()) {
            log.debug("reference was empty; no ID marking required");
            return;
        }
        if (AttributeSupport.getIdAttribute(element) != null) {
            log.debug("document element already has an ID attribute");
            return;
        }
        if (!uri.startsWith("#")) {
            log.error("Signature Reference URI was not a document fragment reference: " + uri);
            throw new Terminator(ReturnCode.RC_SIG);
        }
        String substring = uri.substring(1);
        NamedNodeMap attributes = element.getAttributes();
        for (int i = 0; i < attributes.getLength(); i++) {
            Attr attr = (Attr) attributes.item(i);
            if (substring.equals(attr.getValue())) {
                log.debug("marking ID attribute {}", attr.getName());
                element.setIdAttributeNode(attr, true);
                return;
            }
        }
        log.warn("did not find a document element attribute with value '{}'", substring);
    }

    protected static void verifySignature(CommandLineArguments commandLineArguments, @Nonnull X509Credential x509Credential, Document document) {
        Element signatureElement = getSignatureElement(document);
        if (signatureElement == null) {
            log.error("Signature required but XML document is not signed");
            throw new Terminator(ReturnCode.RC_SIG);
        }
        log.debug("XML document contained Signature element\n{}", SerializeSupport.prettyPrintXML(signatureElement));
        log.debug("Creating XML security library XMLSignature object");
        try {
            XMLSignature xMLSignature = new XMLSignature(signatureElement, "");
            if (xMLSignature.getObjectLength() != 0) {
                log.error("Signature contained an Object element, this is not allowed");
                throw new Terminator(ReturnCode.RC_SIG);
            }
            Reference extractReference = extractReference(xMLSignature);
            markIdAttribute(document.getDocumentElement(), extractReference);
            try {
                String algorithmURI = extractReference.getMessageDigestAlgorithm().getAlgorithmURI();
                log.debug("blacklist checking digest {}", algorithmURI);
                if (commandLineArguments.getBlacklist().isBlacklistedDigest(algorithmURI)) {
                    log.error("Digest algorithm {} is blacklisted", algorithmURI);
                    throw new Terminator(ReturnCode.RC_SIG);
                }
                String signatureMethodURI = xMLSignature.getSignedInfo().getSignatureMethodURI();
                log.debug("blacklist checking signature method {}", signatureMethodURI);
                if (commandLineArguments.getBlacklist().isBlacklistedSignature(signatureMethodURI)) {
                    log.error("Signature algorithm {} is blacklisted", signatureMethodURI);
                    throw new Terminator(ReturnCode.RC_SIG);
                }
                Key extractVerificationKey = CredentialSupport.extractVerificationKey(x509Credential);
                log.debug("Verifying XML signature with key\n{}", Base64.encodeBase64String(extractVerificationKey.getEncoded()));
                try {
                    if (!xMLSignature.checkSignatureValue(extractVerificationKey)) {
                        log.error("XML document signature verification failed");
                        throw new Terminator(ReturnCode.RC_SIG);
                    }
                    validateSignatureReference(document, extractReference(xMLSignature));
                    log.info("XML document signature verified.");
                } catch (XMLSignatureException e) {
                    log.error("XML document signature verification failed with an error", (Throwable) e);
                    throw new Terminator(ReturnCode.RC_SIG);
                }
            } catch (XMLSignatureException e2) {
                log.error("unable to retrieve signature digest algorithm", (Throwable) e2);
                throw new Terminator(ReturnCode.RC_SIG);
            }
        } catch (XMLSecurityException e3) {
            log.error("Unable to read XML signature", (Throwable) e3);
            throw new Terminator(ReturnCode.RC_SIG);
        }
    }

    protected static Reference extractReference(XMLSignature xMLSignature) {
        int length = xMLSignature.getSignedInfo().getLength();
        if (length != 1) {
            log.error("Signature SignedInfo had invalid number of References: " + length);
            throw new Terminator(ReturnCode.RC_SIG);
        }
        try {
            Reference item = xMLSignature.getSignedInfo().item(0);
            if (item != null) {
                return item;
            }
            log.error("Signature Reference was null");
            throw new Terminator(ReturnCode.RC_SIG);
        } catch (XMLSecurityException e) {
            log.error("Apache XML Security exception obtaining Reference", (Throwable) e);
            throw new Terminator(ReturnCode.RC_SIG);
        }
    }

    protected static void validateSignatureReference(Document document, Reference reference) {
        validateSignatureReferenceUri(document, reference);
        validateSignatureTransforms(reference);
    }

    protected static void validateSignatureReferenceUri(Document document, Reference reference) {
        ReferenceData referenceData = reference.getReferenceData();
        if (!(referenceData instanceof ReferenceSubTreeData)) {
            log.error("Signature Reference URI did not resolve to a subtree");
            throw new Terminator(ReturnCode.RC_SIG);
        }
        Node root = ((ReferenceSubTreeData) referenceData).getRoot();
        Node node = root;
        if (root.getNodeType() == 9) {
            node = ((Document) root).getDocumentElement();
        }
        if (document.getDocumentElement().isSameNode(node)) {
            return;
        }
        log.error("Signature Reference URI \"" + reference.getURI() + "\" was resolved to a node other than the document element");
        throw new Terminator(ReturnCode.RC_SIG);
    }

    protected static void validateSignatureTransforms(Reference reference) {
        try {
            Transforms transforms = reference.getTransforms();
            if (transforms == null) {
                log.error("Error obtaining Transforms instance, null was returned");
                throw new Terminator(ReturnCode.RC_SIG);
            }
            int length = transforms.getLength();
            if (length > 2) {
                log.error("Invalid number of Transforms was present: " + length);
                throw new Terminator(ReturnCode.RC_SIG);
            }
            boolean z = false;
            for (int i = 0; i < length; i++) {
                try {
                    String uri = transforms.item(i).getURI();
                    if ("http://www.w3.org/2000/09/xmldsig#enveloped-signature".equals(uri)) {
                        log.debug("Saw Enveloped signature transform");
                        z = true;
                    } else {
                        if (!"http://www.w3.org/2001/10/xml-exc-c14n#".equals(uri) && !"http://www.w3.org/2001/10/xml-exc-c14n#WithComments".equals(uri)) {
                            log.error("Saw invalid signature transform: " + uri);
                            throw new Terminator(ReturnCode.RC_SIG);
                        }
                        log.debug("Saw Exclusive C14N signature transform");
                    }
                } catch (TransformationException e) {
                    log.error("Error obtaining transform instance", (Throwable) e);
                    throw new Terminator(ReturnCode.RC_SIG);
                }
            }
            if (z) {
                return;
            }
            log.error("Signature was missing the required Enveloped signature transform");
            throw new Terminator(ReturnCode.RC_SIG);
        } catch (XMLSecurityException e2) {
            log.error("Apache XML Security error obtaining Transforms instance", (Throwable) e2);
            throw new Terminator(ReturnCode.RC_SIG);
        }
    }

    protected static Element getSignatureElement(Document document) {
        List<Element> childElementsByTagNameNS = ElementSupport.getChildElementsByTagNameNS(document.getDocumentElement(), Signature.DEFAULT_ELEMENT_NAME.getNamespaceURI(), Signature.DEFAULT_ELEMENT_NAME.getLocalPart());
        if (childElementsByTagNameNS.isEmpty()) {
            return null;
        }
        if (childElementsByTagNameNS.size() <= 1) {
            return childElementsByTagNameNS.get(0);
        }
        log.error("XML document contained more than one signature, unable to process");
        throw new Terminator(ReturnCode.RC_SIG);
    }

    protected static X509Credential getCredential(CommandLineArguments commandLineArguments) {
        BasicX509Credential fileBasedCredentials;
        if (commandLineArguments.getCertificate() != null) {
            try {
                fileBasedCredentials = CredentialHelper.getFileBasedCredentials(commandLineArguments.getKey(), commandLineArguments.getKeyPassword(), commandLineArguments.getCertificate());
            } catch (KeyException e) {
                log.error("Unable to read key file " + commandLineArguments.getKey(), (Throwable) e);
                throw new Terminator(ReturnCode.RC_IO);
            } catch (CertificateException e2) {
                log.error("Unable to read certificate file " + commandLineArguments.getKey(), (Throwable) e2);
                throw new Terminator(ReturnCode.RC_IO);
            }
        } else if (commandLineArguments.getPkcs11Config() != null) {
            try {
                fileBasedCredentials = CredentialHelper.getPKCS11Credential(commandLineArguments.getKeystoreProvider(), commandLineArguments.getPkcs11Config(), commandLineArguments.getKey(), commandLineArguments.getKeyPassword());
            } catch (IOException e3) {
                log.error("Error accessing PKCS11 store", (Throwable) e3);
                throw new Terminator(ReturnCode.RC_IO);
            } catch (GeneralSecurityException e4) {
                log.error("Unable to recover key entry from PKCS11 store", (Throwable) e4);
                throw new Terminator(ReturnCode.RC_IO);
            }
        } else {
            try {
                fileBasedCredentials = CredentialHelper.getKeystoreCredential(commandLineArguments.getKeystore(), commandLineArguments.getKeystorePassword(), commandLineArguments.getKeystoreProvider(), commandLineArguments.getKeystoreType(), commandLineArguments.getKey(), commandLineArguments.getKeyPassword());
            } catch (IOException e5) {
                log.error("Unable to read keystore " + commandLineArguments.getKeystore(), (Throwable) e5);
                throw new Terminator(ReturnCode.RC_IO);
            } catch (GeneralSecurityException e6) {
                log.error("Unable to recover key entry from keystore", (Throwable) e6);
                throw new Terminator(ReturnCode.RC_IO);
            }
        }
        if (commandLineArguments.getKeyInfoKeyNames() != null) {
            fileBasedCredentials.getKeyNames().addAll(commandLineArguments.getKeyInfoKeyNames());
        }
        fileBasedCredentials.setCRLs(getCRLs(commandLineArguments));
        return fileBasedCredentials;
    }

    protected static Collection<X509CRL> getCRLs(CommandLineArguments commandLineArguments) {
        List<String> keyInfoCrls = commandLineArguments.getKeyInfoCrls();
        if (keyInfoCrls == null || keyInfoCrls.isEmpty()) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList();
        File file = null;
        try {
            for (String str : keyInfoCrls) {
                file = new File(str);
                if (!file.exists() || !file.canRead()) {
                    log.error("Unable to read CRL file " + str);
                    throw new Terminator(ReturnCode.RC_INVALID_CRED);
                }
                arrayList.addAll(X509Support.decodeCRLs(file));
            }
            return arrayList;
        } catch (CRLException e) {
            log.error("Unable to parse CRL file " + file.getAbsolutePath(), (Throwable) e);
            throw new Terminator(ReturnCode.RC_INVALID_CRED);
        }
    }

    protected static void writeDocument(CommandLineArguments commandLineArguments, Node node) {
        try {
            log.debug("Attempting to write output to file {}", commandLineArguments.getOutputFile());
            File file = new File(commandLineArguments.getOutputFile());
            if (file.exists() && file.isDirectory()) {
                log.error("Output file " + commandLineArguments.getOutputFile() + " is a directory");
                throw new Terminator(ReturnCode.RC_IO);
            }
            file.createNewFile();
            if (!file.canWrite()) {
                log.error("Unable to write to output file " + commandLineArguments.getOutputFile());
                throw new Terminator(ReturnCode.RC_IO);
            }
            OutputStream fileOutputStream = new FileOutputStream(commandLineArguments.getOutputFile());
            if (commandLineArguments.isBase64EncodedOutput()) {
                log.debug("Base64 encoding output to file");
                fileOutputStream = new Base64OutputStream(fileOutputStream);
            }
            if (commandLineArguments.isDeflateOutput()) {
                log.debug("Deflate compressing output to file");
                fileOutputStream = new DeflaterOutputStream(fileOutputStream);
            }
            if (commandLineArguments.isGzipOutput()) {
                log.debug("GZip compressing output to file");
                fileOutputStream = new GZIPOutputStream(fileOutputStream);
            }
            log.debug("Writing XML document to output file {}", commandLineArguments.getOutputFile());
            try {
                Transformer newTransformer = TransformerFactory.newInstance().newTransformer();
                newTransformer.setOutputProperty("encoding", "UTF-8");
                newTransformer.transform(new DOMSource(node), new StreamResult(fileOutputStream));
                fileOutputStream.flush();
                fileOutputStream.close();
                log.info("XML document written to file {}", file.getAbsolutePath());
            } catch (TransformerException e) {
                log.error("Unable to write out XML", (Throwable) e);
                throw new Terminator(ReturnCode.RC_IO);
            }
        } catch (IOException e2) {
            log.error("Unable to write document to file " + commandLineArguments.getOutputFile(), (Throwable) e2);
            throw new Terminator(ReturnCode.RC_IO);
        }
    }

    protected static void initLogging(CommandLineArguments commandLineArguments) {
        if (commandLineArguments.getLoggingConfiguration() != null) {
            System.setProperty("logback.configurationFile", commandLineArguments.getLoggingConfiguration());
        } else if (commandLineArguments.doVerboseOutput()) {
            System.setProperty("logback.configurationFile", "logger-verbose.xml");
        } else if (commandLineArguments.doQuietOutput()) {
            System.setProperty("logback.configurationFile", "logger-quiet.xml");
        } else {
            System.setProperty("logback.configurationFile", "logger-normal.xml");
        }
        log = LoggerFactory.getLogger((Class<?>) XMLSecTool.class);
    }
}
