package org.nhindirect.stagent.cert.tools;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStream;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Collection;
import javax.mail.Session;
import javax.mail.internet.MimeMessage;
import javax.mail.internet.MimeMultipart;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.IOUtils;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.ASN1Object;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.cms.CMSAttributes;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.CMSSignedData;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.mail.smime.CMSProcessableBodyPart;
import org.bouncycastle.util.Store;
import org.nhindirect.common.crypto.CryptoExtensions;
import org.nhindirect.policy.PolicyProcessException;
import org.nhindirect.stagent.cert.impl.CRLRevocationManager;

/* loaded from: input_file:BOOT-INF/lib/agent-8.0.0.jar:org/nhindirect/stagent/cert/tools/MessageSigInspector.class */
public class MessageSigInspector {
    public static void main(String[] strArr) {
        if (strArr.length == 0) {
            System.exit(-1);
        }
        String str = null;
        int i = 0;
        while (i < strArr.length) {
            String str2 = strArr[i];
            if (!str2.startsWith("-")) {
                System.err.println("Error: Unexpected argument [" + str2 + "]\n");
                System.exit(-1);
            } else if (str2.equalsIgnoreCase("-msgFile")) {
                if (i == strArr.length - 1 || strArr[i + 1].startsWith("-")) {
                    System.err.println("Error: Missing message file");
                    System.exit(-1);
                }
                i++;
                str = strArr[i];
            } else if (str2.equals("-help")) {
                System.exit(-1);
            } else {
                System.err.println("Error: Unknown argument " + str2 + "\n");
                System.exit(-1);
            }
            i++;
        }
        if (str == null) {
            System.err.println("Error: missing message file\n");
        }
        FileInputStream fileInputStream = null;
        try {
            try {
                fileInputStream = FileUtils.openInputStream(new File(str));
                MimeMultipart mimeMultipart = (MimeMultipart) new MimeMessage((Session) null, fileInputStream).getContent();
                CMSSignedData cMSSignedData = new CMSSignedData(new CMSProcessableBodyPart(mimeMultipart.getBodyPart(0)), mimeMultipart.getBodyPart(1).getInputStream());
                Store<X509CertificateHolder> certificates = cMSSignedData.getCertificates();
                Collection<SignerInformation> signers = cMSSignedData.getSignerInfos().getSigners();
                System.out.println("Found " + signers.size() + " signers");
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                int i2 = 1;
                for (SignerInformation signerInformation : signers) {
                    Collection<X509CertificateHolder> matches = certificates.getMatches(signerInformation.getSID());
                    if (matches != null && matches.size() > 0) {
                        X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(matches.iterator().next().getEncoded()));
                        int i3 = i2;
                        i2++;
                        System.out.println("\r\nInfo for certificate " + i3);
                        System.out.println("\tSubject: " + x509Certificate.getSubjectDN());
                        System.out.println("\tSerial Number: " + x509Certificate.getSerialNumber().toString(16));
                        FileUtils.writeByteArrayToFile(new File("SigCert.der"), x509Certificate.getEncoded());
                        byte[] extensionValue = x509Certificate.getExtensionValue("2.5.29.15");
                        if (extensionValue != null) {
                            byte[] bytes = KeyUsage.getInstance(getObject(extensionValue)).getBytes();
                            System.out.println("\tKey Usage: " + (bytes.length == 1 ? bytes[0] & 255 : ((bytes[1] & 255) << 8) | (bytes[0] & 255)));
                        } else {
                            System.out.println("\tKey Usage: NONE");
                        }
                        if (CRLRevocationManager.getInstance().isRevoked(x509Certificate)) {
                            System.out.println("\tHas been marked as revoked");
                        }
                        System.out.println("\r\nSigned Message Digest: " + Hex.encodeHexString(((ASN1OctetString) signerInformation.getSignedAttributes().get(CMSAttributes.messageDigest).getAttrValues().getObjectAt(0)).getOctets()));
                        try {
                            signerInformation.verify(new JcaSimpleSignerInfoVerifierBuilder().setProvider(CryptoExtensions.getJCEProviderName()).build(x509Certificate));
                            System.out.println("Signature verified.");
                        } catch (CMSException e) {
                            System.out.println("Signature failed to verify.");
                        }
                        System.out.println("\r\nComputed Message Digest: " + Hex.encodeHexString(signerInformation.getContentDigest()));
                    }
                }
                IOUtils.closeQuietly((InputStream) fileInputStream);
            } catch (Exception e2) {
                e2.printStackTrace();
                IOUtils.closeQuietly((InputStream) fileInputStream);
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly((InputStream) fileInputStream);
            throw th;
        }
    }

    protected static ASN1Object getObject(byte[] bArr) throws PolicyProcessException {
        ASN1InputStream aSN1InputStream = null;
        try {
            try {
                ASN1InputStream aSN1InputStream2 = new ASN1InputStream(bArr);
                ASN1OctetString aSN1OctetString = (ASN1OctetString) aSN1InputStream2.readObject();
                IOUtils.closeQuietly((InputStream) aSN1InputStream2);
                aSN1InputStream = new ASN1InputStream(aSN1OctetString.getOctets());
                ASN1Primitive readObject = aSN1InputStream.readObject();
                IOUtils.closeQuietly((InputStream) aSN1InputStream);
                return readObject;
            } catch (Exception e) {
                throw new PolicyProcessException("Exception processing data ", e);
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly((InputStream) aSN1InputStream);
            throw th;
        }
    }

    static {
        CryptoExtensions.registerJCEProviders();
    }
}
