package org.nhindirect.stagent.cert.tools;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.URL;
import java.net.URLConnection;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import javax.mail.internet.InternetAddress;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.nhindirect.common.crypto.CryptoExtensions;
import org.nhindirect.stagent.cert.impl.DNSCertificateStore;
import org.nhindirect.stagent.trust.TrustChainValidator;

/* loaded from: input_file:BOOT-INF/lib/agent-8.0.0.jar:org/nhindirect/stagent/cert/tools/TrustTest.class */
public class TrustTest {
    protected static final int DEFAULT_URL_CONNECTION_TIMEOUT = 10000;
    protected static final int DEFAULT_URL_READ_TIMEOUT = 10000;

    public static void main(String[] strArr) {
        X509Certificate next;
        CryptoExtensions.registerJCEProviders();
        if (strArr.length == 0) {
            printUsage();
            System.exit(-1);
        }
        String[] strArr2 = null;
        String str = "";
        String str2 = "";
        String str3 = "";
        String str4 = "";
        String[] strArr3 = null;
        int i = 0;
        while (i < strArr.length) {
            String str5 = strArr[i];
            if (!str5.startsWith("-")) {
                System.err.println("Error: Unexpected argument [" + str5 + "]\n");
                printUsage();
                System.exit(-1);
            } else if (str5.equalsIgnoreCase("-cert")) {
                if (i == strArr.length - 1 || strArr[i + 1].startsWith("-")) {
                    System.err.println("Error: Missing certificate file name");
                    System.exit(-1);
                }
                i++;
                str4 = strArr[i];
            } else if (str5.equalsIgnoreCase("-address")) {
                if (i == strArr.length - 1 || strArr[i + 1].startsWith("-")) {
                    System.err.println("Error: Missing the email address");
                    System.exit(-1);
                }
                i++;
                str = strArr[i];
            } else if (str5.equalsIgnoreCase("-bundleURL")) {
                if (i == strArr.length - 1 || strArr[i + 1].startsWith("-")) {
                    System.err.println("Error: Missing bundle URL");
                    System.exit(-1);
                }
                i++;
                str3 = strArr[i];
            } else if (str5.equalsIgnoreCase("-configServiceURL")) {
                if (i == strArr.length - 1 || strArr[i + 1].startsWith("-")) {
                    System.err.println("Error: Missing config service URL");
                    System.exit(-1);
                }
                i++;
                str2 = strArr[i];
            } else if (str5.equals("-anchors")) {
                if (i == strArr.length - 1 || strArr[i + 1].startsWith("-")) {
                    System.err.println("Error: Missing anchor file names");
                    System.exit(-1);
                }
                i++;
                strArr3 = strArr[i].split(",");
            } else if (str5.equals("-server")) {
                if (i == strArr.length - 1 || strArr[i + 1].startsWith("-")) {
                    System.err.println("Error: Missing DNS server list");
                    System.exit(-1);
                }
                i++;
                strArr2 = strArr[i].split(",");
            } else if (str5.equals("-help")) {
                printUsage();
                System.exit(-1);
            } else {
                System.err.println("Error: Unknown argument " + str5 + "\n");
                printUsage();
                System.exit(-1);
            }
            i++;
        }
        if (StringUtils.isEmpty(str4) && StringUtils.isEmpty(str)) {
            System.err.println("You must provide the name of the certificate file or an email address/domain to test.");
            printUsage();
        }
        if ((strArr3 == null || strArr3.length == 0) && str3.isEmpty() && str2.isEmpty()) {
            System.err.println("You must provide the name of the anchor files, a bundle URL, or config service URL.");
            printUsage();
        }
        if (StringUtils.isEmpty(str4)) {
            try {
                Collection<X509Certificate> certificates = (strArr2 != null ? new DNSCertificateStore(Arrays.asList(strArr2)) : new DNSCertificateStore()).getCertificates(new InternetAddress(str));
                if (certificates == null || certificates.size() == 0) {
                    System.out.println("No certs found");
                    System.exit(-1);
                    return;
                } else {
                    System.out.println("Found " + certificates.size() + " certificates via DNS");
                    next = certificates.iterator().next();
                }
            } catch (Exception e) {
                System.out.println("Failed to load certificate via DNS: " + e.getLocalizedMessage());
                System.exit(-1);
                return;
            }
        } else {
            File file = new File(str4);
            if (!file.exists()) {
                System.out.println("Certificate file " + str4 + " does not exist.");
                System.exit(-1);
                return;
            } else {
                try {
                    next = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(FileUtils.openInputStream(file));
                } catch (Exception e2) {
                    System.out.println("Failed to load certificate: " + e2.getLocalizedMessage());
                    System.exit(-1);
                    return;
                }
            }
        }
        try {
            ArrayList arrayList = new ArrayList();
            if (strArr3 != null && strArr3.length > 0) {
                for (String str6 : strArr3) {
                    File file2 = new File(str6);
                    if (!file2.exists()) {
                        System.out.println("Anchor file " + str4 + " does not exist.");
                        System.exit(-1);
                        return;
                    }
                    arrayList.add((X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(FileUtils.openInputStream(file2)));
                }
            }
            if (!str3.isEmpty()) {
                byte[] downloadBundleToByteArray = downloadBundleToByteArray(str3);
                if (downloadBundleToByteArray == null) {
                    System.out.println("Could not get bundle at URL " + str3);
                    System.exit(-1);
                }
                arrayList.addAll(convertRawBundleToAnchorCollection(downloadBundleToByteArray));
            }
            TrustChainValidator trustChainValidator = new TrustChainValidator();
            trustChainValidator.setCertificateResolver(Arrays.asList(new DNSCertificateStore()));
            if (trustChainValidator.isTrusted(next, arrayList)) {
                System.out.println("Certificate is trusted");
            } else {
                System.out.println("Certificate is NOT trusted");
            }
        } catch (Exception e3) {
            e3.printStackTrace();
        }
        System.exit(0);
    }

    protected static byte[] downloadBundleToByteArray(String str) {
        InputStream inputStream = null;
        byte[] bArr = null;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            try {
                URLConnection openConnection = new URL(str).openConnection();
                openConnection.setConnectTimeout(10000);
                openConnection.setReadTimeout(10000);
                inputStream = openConnection.getInputStream();
                byte[] bArr2 = new byte[2048];
                while (true) {
                    int read = inputStream.read(bArr2);
                    if (read <= -1) {
                        break;
                    }
                    byteArrayOutputStream.write(bArr2, 0, read);
                }
                bArr = byteArrayOutputStream.toByteArray();
                IOUtils.closeQuietly(inputStream);
                IOUtils.closeQuietly((OutputStream) byteArrayOutputStream);
            } catch (Exception e) {
                e.printStackTrace();
                IOUtils.closeQuietly(inputStream);
                IOUtils.closeQuietly((OutputStream) byteArrayOutputStream);
            }
            return bArr;
        } catch (Throwable th) {
            IOUtils.closeQuietly(inputStream);
            IOUtils.closeQuietly((OutputStream) byteArrayOutputStream);
            throw th;
        }
    }

    protected static Collection<X509Certificate> convertRawBundleToAnchorCollection(byte[] bArr) {
        Collection<? extends Certificate> collection = null;
        ByteArrayInputStream byteArrayInputStream = null;
        try {
            try {
                byteArrayInputStream = new ByteArrayInputStream(bArr);
                collection = CertificateFactory.getInstance("X.509").generateCertificates(byteArrayInputStream);
                if (collection != null) {
                    if (collection.size() == 0) {
                        collection = null;
                    }
                }
                IOUtils.closeQuietly((InputStream) byteArrayInputStream);
            } catch (Exception e) {
                e.printStackTrace();
                IOUtils.closeQuietly((InputStream) byteArrayInputStream);
            }
            return collection;
        } catch (Throwable th) {
            IOUtils.closeQuietly((InputStream) byteArrayInputStream);
            throw th;
        }
    }

    private static void printUsage() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("Usage:\n");
        stringBuffer.append("java TrustTest (options)...\n\n");
        stringBuffer.append("options:\n");
        stringBuffer.append("-cert\t\tThe certificate file name that will be tested for trust.\n");
        stringBuffer.append("\n");
        stringBuffer.append("-address\tThe Direct address that will be tested for trust.\n");
        stringBuffer.append("\n");
        stringBuffer.append("-server     Comma delimited list of DNS servers used for lookup.\n");
        stringBuffer.append("\t\t\tDefault: Local machine's configured DNS server(s)\n\n");
        stringBuffer.append("-anchors    Comma delimited list of anchors files used for trust.\n");
        System.err.println(stringBuffer);
    }
}
