package org.opensaml.security;

import jargs.gnu.CmdLineParser;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.PrintStream;
import java.io.PrintWriter;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.KeyStore;
import java.security.PrivateKey;
import org.apache.log4j.ConsoleAppender;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
import org.apache.log4j.PatternLayout;
import org.opensaml.Configuration;
import org.opensaml.DefaultBootstrap;
import org.opensaml.common.SignableSAMLObject;
import org.opensaml.common.impl.SAMLObjectContentReference;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.io.UnmarshallingException;
import org.opensaml.xml.parse.ParserPool;
import org.opensaml.xml.parse.XMLParserException;
import org.opensaml.xml.security.SecurityHelper;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.signature.Signature;
import org.opensaml.xml.signature.Signer;
import org.opensaml.xml.util.DatatypeHelper;
import org.opensaml.xml.util.XMLHelper;
import org.w3c.dom.Element;

/* loaded from: input_file:org/opensaml/security/MetadataTool.class */
public class MetadataTool {
    private static Logger log = Logger.getLogger(MetadataTool.class);
    private static ParserPool parser;

    /* loaded from: input_file:org/opensaml/security/MetadataTool$CLIParserBuilder.class */
    private static class CLIParserBuilder {
        public static final String HELP = "help";
        public static final String SIGN = "sign";
        public static final String VALIDATE = "validate";
        public static final String INPUT_FILE = "input";
        public static final String KEYSTORE = "keystore";
        public static final String KEYSTORE_TYPE = "storetype";
        public static final String KEYSTORE_PASS = "storepass";
        public static final String ALIAS = "alias";
        public static final String KEY_PASS = "keypass";
        public static final String OUTPUT_FILE = "output";
        public static CmdLineParser.Option HELP_ARG;
        public static CmdLineParser.Option SIGN_ARG;
        public static CmdLineParser.Option VALIDATE_ARG;
        public static CmdLineParser.Option INPUT_FILE_ARG;
        public static CmdLineParser.Option KEYSTORE_ARG;
        public static CmdLineParser.Option KEYSTORE_TYPE_ARG;
        public static CmdLineParser.Option KEYSTORE_PASS_ARG;
        public static CmdLineParser.Option ALIAS_ARG;
        public static CmdLineParser.Option KEY_PASS_ARG;
        public static CmdLineParser.Option OUTPUT_FILE_ARG;

        private CLIParserBuilder() {
        }

        public static CmdLineParser buildParser() {
            CmdLineParser cmdLineParser = new CmdLineParser();
            HELP_ARG = cmdLineParser.addBooleanOption(HELP);
            SIGN_ARG = cmdLineParser.addBooleanOption(SIGN);
            VALIDATE_ARG = cmdLineParser.addBooleanOption(VALIDATE);
            INPUT_FILE_ARG = cmdLineParser.addStringOption(INPUT_FILE);
            KEYSTORE_ARG = cmdLineParser.addStringOption(KEYSTORE);
            KEYSTORE_TYPE_ARG = cmdLineParser.addStringOption(KEYSTORE_TYPE);
            KEYSTORE_PASS_ARG = cmdLineParser.addStringOption(KEYSTORE_PASS);
            ALIAS_ARG = cmdLineParser.addStringOption(ALIAS);
            KEY_PASS_ARG = cmdLineParser.addStringOption(KEY_PASS);
            OUTPUT_FILE_ARG = cmdLineParser.addStringOption(OUTPUT_FILE);
            return cmdLineParser;
        }
    }

    public static void main(String[] strArr) throws Exception {
        DefaultBootstrap.bootstrap();
        configureLogging();
        CmdLineParser buildParser = CLIParserBuilder.buildParser();
        try {
            buildParser.parse(strArr);
        } catch (CmdLineParser.OptionException e) {
            errorAndExit(e.getMessage(), e);
        }
        if (((Boolean) buildParser.getOptionValue(CLIParserBuilder.HELP_ARG)) != null) {
            printHelp(System.out);
            System.out.flush();
            System.exit(0);
        }
        SignableSAMLObject fetchMetadata = fetchMetadata((String) buildParser.getOptionValue(CLIParserBuilder.INPUT_FILE_ARG), (Boolean) buildParser.getOptionValue(CLIParserBuilder.VALIDATE_ARG));
        String str = (String) buildParser.getOptionValue(CLIParserBuilder.KEYSTORE_ARG);
        String str2 = (String) buildParser.getOptionValue(CLIParserBuilder.KEYSTORE_TYPE_ARG);
        String str3 = (String) buildParser.getOptionValue(CLIParserBuilder.KEYSTORE_PASS_ARG);
        String str4 = (String) buildParser.getOptionValue(CLIParserBuilder.ALIAS_ARG);
        String str5 = (String) buildParser.getOptionValue(CLIParserBuilder.KEY_PASS_ARG);
        Boolean bool = (Boolean) buildParser.getOptionValue(CLIParserBuilder.SIGN_ARG);
        if (bool != null && bool.booleanValue()) {
            sign(fetchMetadata, getSigningCredential(getKeyStore(str, str2, str3), str4, str5));
        } else if (str != null) {
            verifySignature(fetchMetadata, getVerificationCredential(getKeyStore(str, str2, str3), str4));
        }
        printMetadata(fetchMetadata, (String) buildParser.getOptionValue(CLIParserBuilder.OUTPUT_FILE_ARG));
    }

    private static XMLObject fetchMetadata(String str, Boolean bool) {
        if (DatatypeHelper.isEmpty(str)) {
            errorAndExit("No input file was specified.", null);
        }
        try {
            log.debug("Fetching metadata from input " + str);
            Element documentElement = parser.parse(new URL(str).openStream()).getDocumentElement();
            return Configuration.getUnmarshallerFactory().getUnmarshaller(documentElement).unmarshall(documentElement);
        } catch (MalformedURLException e) {
            errorAndExit("Input file/url was not properly formed", e);
            return null;
        } catch (XMLParserException e2) {
            errorAndExit("Unable to parse and validate metadata document", e2);
            return null;
        } catch (UnmarshallingException e3) {
            errorAndExit("Unable to unmarshall metadata", e3);
            return null;
        } catch (IOException e4) {
            errorAndExit("Unable to read input file/url", e4);
            return null;
        }
    }

    private static KeyStore getKeyStore(String str, String str2, String str3) {
        try {
            FileInputStream fileInputStream = new FileInputStream(str);
            KeyStore keyStore = KeyStore.getInstance(str2);
            String safeTrimOrNullString = DatatypeHelper.safeTrimOrNullString(str3);
            if (safeTrimOrNullString != null) {
                keyStore.load(fileInputStream, safeTrimOrNullString.toCharArray());
                return keyStore;
            }
            log.error("No password provided for keystore");
            System.exit(1);
            return null;
        } catch (Exception e) {
            log.error("Unable to load keystore from file " + str, e);
            System.exit(1);
            return null;
        }
    }

    private static Credential getSigningCredential(KeyStore keyStore, String str, String str2) {
        String safeTrimOrNullString = DatatypeHelper.safeTrimOrNullString(str);
        if (safeTrimOrNullString == null) {
            log.error("Key alias may not be null or empty");
            System.exit(1);
        }
        String safeTrimOrNullString2 = DatatypeHelper.safeTrimOrNullString(str2);
        if (safeTrimOrNullString2 == null) {
            log.error("Private key password may not be null or empty");
            System.exit(1);
        }
        try {
            KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(safeTrimOrNullString, new KeyStore.PasswordProtection(safeTrimOrNullString2.toCharArray()));
            return SecurityHelper.getSimpleCredential(privateKeyEntry.getCertificate().getPublicKey(), privateKeyEntry.getPrivateKey());
        } catch (Exception e) {
            log.error("Unable to retrieve private key " + safeTrimOrNullString, e);
            return null;
        }
    }

    private static Credential getVerificationCredential(KeyStore keyStore, String str) {
        String safeTrimOrNullString = DatatypeHelper.safeTrimOrNullString(str);
        if (safeTrimOrNullString == null) {
            log.error("Key alias may not be null or empty");
            System.exit(1);
        }
        try {
            return SecurityHelper.getSimpleCredential(keyStore.getCertificate(safeTrimOrNullString).getPublicKey(), (PrivateKey) null);
        } catch (Exception e) {
            log.error("Unable to retrieve certificate " + safeTrimOrNullString, e);
            System.exit(1);
            return null;
        }
    }

    private static void sign(SignableSAMLObject signableSAMLObject, Credential credential) {
        Signature signature = (Signature) Configuration.getBuilderFactory().getBuilder(Signature.DEFAULT_ELEMENT_NAME).buildObject(Signature.DEFAULT_ELEMENT_NAME);
        signature.getContentReferences().add(new SAMLObjectContentReference(signableSAMLObject));
        signature.setSigningCredential(credential);
        signableSAMLObject.setSignature(signature);
        Signer.signObject(signature);
    }

    private static void verifySignature(SignableSAMLObject signableSAMLObject, Credential credential) {
    }

    private static void printMetadata(XMLObject xMLObject, String str) {
        PrintStream printStream = System.out;
        if (str != null) {
            try {
                printStream = new PrintStream(new File(str));
            } catch (Exception e) {
                errorAndExit("Unable to open output file for writing", e);
            }
        }
        try {
            if (!DatatypeHelper.isEmpty(str)) {
                new File(str).createNewFile();
                printStream = new PrintStream(new File(str));
            }
        } catch (Exception e2) {
            log.error("Unable to write to output file", e2);
        }
        printStream.print(XMLHelper.nodeToString(xMLObject.getDOM()));
    }

    private static void configureLogging() {
        ConsoleAppender consoleAppender = new ConsoleAppender();
        consoleAppender.setWriter(new PrintWriter(System.err));
        consoleAppender.setName("stderr");
        consoleAppender.setLayout(new PatternLayout("%d{ABSOLUTE} %-5p [%c{1}] %m%n"));
        log = Logger.getLogger("org.opensaml");
        log.addAppender(consoleAppender);
        log.setLevel(Level.ERROR);
        Logger.getRootLogger().setLevel(Level.OFF);
    }

    private static void printHelp(PrintStream printStream) {
        printStream.println("usage: java org.opensaml.security.MetadataTool");
        printStream.println();
        printStream.println("when retrieving:");
        printStream.println("  --input <fileOrUrl> [--ouput <outfile>]");
        printStream.println("when signing:");
        printStream.println("  --input <fileOrUrl> --sign --keystore <keystore> [--storetype <storetype>] --storepass <password> --alias <alias> [--keypass <password>] [--output <outfile>]");
        printStream.println("when retrieving and verifying signature:");
        printStream.println("  --input <fileOrUrl> --validate --keystore <keystore> [--storetype <storetype>] --storepass <password> --alias <alias> [--output <outfile>]");
        printStream.println();
        printStream.println();
        printStream.println(String.format("  --%-16s %s", CLIParserBuilder.HELP, "print this message"));
        printStream.println(String.format("  --%-16s %s", CLIParserBuilder.VALIDATE, "validate the digital signature on the metadata if it is signed"));
        printStream.println(String.format("  --%-16s %s", CLIParserBuilder.SIGN, "sign the input file and write out a signed version"));
        printStream.println(String.format("  --%-16s %s", CLIParserBuilder.INPUT_FILE, "filesystem path or URL to fetch metadata from"));
        printStream.println(String.format("  --%-16s %s", CLIParserBuilder.KEYSTORE, "filesystem path to Java keystore"));
        printStream.println(String.format("  --%-16s %s", CLIParserBuilder.KEYSTORE_TYPE, "the keystore type (default: JKS)"));
        printStream.println(String.format("  --%-16s %s", CLIParserBuilder.KEYSTORE_PASS, "keystore password"));
        printStream.println(String.format("  --%-16s %s", CLIParserBuilder.ALIAS, "alias of signing or verification key"));
        printStream.println(String.format("  --%-16s %s", CLIParserBuilder.KEY_PASS, "private key password"));
        printStream.println(String.format("  --%-16s %s", CLIParserBuilder.OUTPUT_FILE, "filesystem path where metadata will be written"));
        printStream.println();
    }

    private static void errorAndExit(String str, Exception exc) {
        if (exc == null) {
            log.error(str);
        } else {
            log.error(str, exc);
        }
        printHelp(System.out);
        System.out.flush();
        System.exit(1);
    }
}
