package com.ibm.cfwk.tools;

import com.ibm.cfwk.API;
import com.ibm.cfwk.KeyMaterial;
import com.ibm.cfwk.pki.Cert;
import com.ibm.cfwk.pki.ExtensionProfile;
import com.ibm.cfwk.pki.X509Cert;
import com.ibm.cfwk.pki.X509Extension;
import com.ibm.cfwk.pki.X509Extensions;
import com.ibm.cfwk.pki.X509Util;
import com.ibm.util.getopt.ArgEater;
import com.ibm.util.getopt.FileData;
import com.ibm.util.getopt.GUITrigger;
import com.ibm.util.getopt.GetOptSpec;
import com.ibm.util.getopt.HelpOption;
import com.ibm.util.getopt.Option;
import com.ibm.util.getopt.OptionSet;
import java.io.ObjectOutputStream;
import java.io.OutputStream;

/* loaded from: input_file:lib/swimport.zip:com/ibm/cfwk/tools/CertTool.class */
public class CertTool {
    static final String cmd = "certtool";
    static final String doc = "A tool to inspect and verify certificates.";
    static API api;
    static FileData certFile;
    static FileData issuerFile;
    static Option vrfyOpt;
    static FileData outFile;
    static Option encdOpt;
    static FileData keyFile;
    static Option extrctOpt;
    static Option fngrOpt;
    static Option dsplyOpt;
    static Option printOpt;
    static ExtProfile profile;
    static Option profOpt;
    static Option gui;
    static Option verbose;
    static Option[] opts;
    static ArgEater[] args;
    static GetOptSpec spec;

    public static void main(String[] strArr) {
        spec.parse(strArr);
        X509Cert x509Cert = null;
        try {
            try {
                x509Cert = new X509Cert(X509Util.toBinary("CERTIFICATE", certFile.getFileData()));
            } catch (Exception e) {
                System.err.println(new StringBuffer("certtool: Cannot decode certificate: ").append(e).toString());
                System.exit(1);
            }
            if (printOpt.isSet() || (!dsplyOpt.isSet() && !encdOpt.isSet() && !vrfyOpt.isSet() && !extrctOpt.isSet() && !fngrOpt.isSet())) {
                System.out.print(new StringBuffer("Certificate read from `").append(certFile.getString()).append("':\n").append(x509Cert).toString());
                if (x509Cert.extensions().numberOfExtensions() > 0) {
                    System.out.println("Certificate extensions:");
                    printExtensions(x509Cert.extensions(), "    ", profile.getProfile());
                }
            }
            if (fngrOpt.isSet()) {
                System.out.println(new StringBuffer("MD5 Finger print of certificate <").append(certFile.getString()).append(">:\n").append(x509Cert.fingerprint("MD5")).toString());
            }
            if (encdOpt.isSet()) {
                OutputStream outputStream = outFile.getOutputStream();
                outputStream.write(x509Cert.encode());
                outputStream.close();
            }
            if (vrfyOpt.isSet()) {
                X509Cert x509Cert2 = null;
                try {
                    x509Cert2 = new X509Cert(X509Util.toBinary("CERTIFICATE", issuerFile.getFileData()));
                } catch (Exception e2) {
                    if (System.getProperty("PRINT.STACKTRACE") != null) {
                        e2.printStackTrace();
                    }
                    System.err.println(new StringBuffer("certtool: Cannot decode issuer certificate: ").append(e2).toString());
                    System.exit(1);
                }
                int verify = x509Cert.verify(x509Cert2, api);
                System.out.println(new StringBuffer("Verification: ").append(verify != 0 ? Cert.failureToString(verify) : "ok").toString());
                System.exit(verify != 0 ? 1 : 0);
            }
            if (dsplyOpt.isSet()) {
                new X509Frame(x509Cert).waitForEnd();
            }
            if (extrctOpt.isSet()) {
                KeyMaterial exportKeyMaterial = x509Cert.subjectKey(api).exportKeyMaterial(api);
                ObjectOutputStream objectOutputStream = new ObjectOutputStream(keyFile.getOutputStream());
                objectOutputStream.writeObject(exportKeyMaterial);
                objectOutputStream.close();
            }
        } catch (Exception e3) {
            if (System.getProperty("PRINT.STACKTRACE") != null) {
                e3.printStackTrace();
            }
            System.err.println(new StringBuffer("certtool: Something failed: ").append(e3.toString()).toString());
            System.exit(1);
        }
        System.exit(0);
    }

    public static void printExtensions(X509Extensions x509Extensions, String str, ExtensionProfile extensionProfile) {
        int numberOfExtensions = x509Extensions.numberOfExtensions();
        for (int i = 0; i < numberOfExtensions; i++) {
            X509Extension extension = x509Extensions.extension(i);
            System.out.print(str);
            System.out.print(extension.isCritical() ? '!' : ' ');
            System.out.print(extensionProfile.findName(extension.asn1oid()));
            System.out.print('=');
            System.out.println(extension.valueToString());
        }
    }

    static {
        try {
            api = new API() { // from class: com.ibm.cfwk.tools.CertTool.1
            }.open();
        } catch (Exception e) {
            System.err.println(new StringBuffer("certtool: ").append(e.getMessage()).toString());
            System.exit(1);
        }
        certFile = new FileData("cert", "Source certificate file or - for stdin", "-", true, 4);
        issuerFile = new FileData("issuer", null, null, false, 4);
        vrfyOpt = new Option("--verify", (char) 0, "Verify against given issuer certificate", issuerFile);
        outFile = new FileData("outfile", null, null, false, 0);
        encdOpt = new Option("--encode", (char) 0, "Encode parsed certificate to given file", outFile);
        keyFile = new FileData("keyfile", null, null, false, 0);
        extrctOpt = new Option("--extract-key", (char) 0, "Extract public key and save in Java key format", keyFile);
        fngrOpt = new Option("--finger-print", (char) 0, "Display a certificate's finger print", null);
        dsplyOpt = new Option("--display", (char) 0, "Pop up a window showing the certificate", null);
        printOpt = new Option("--print", (char) 0, "Print certifcate", null);
        profile = new ExtProfile("profile", null);
        profOpt = new Option("--profile", (char) 0, "Definition of some extension profile", profile);
        gui = new GUITrigger();
        verbose = new Option("--verbose", (char) 0, null, null);
        opts = new Option[]{new HelpOption(), gui, verbose, printOpt, profOpt, vrfyOpt, encdOpt, dsplyOpt, fngrOpt, extrctOpt};
        args = new ArgEater[]{new OptionSet(opts, null), certFile};
        spec = new GetOptSpec(cmd, doc, args, 15, true, gui, null);
    }
}
