package net.jsign;

import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.Arrays;
import java.util.Collections;
import java.util.Comparator;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.commons.cli.CommandLine;
import org.apache.commons.cli.DefaultParser;
import org.apache.commons.cli.HelpFormatter;
import org.apache.commons.cli.Option;
import org.apache.commons.cli.Options;
import org.apache.commons.cli.ParseException;
import org.apache.commons.io.ByteOrderMark;
import org.apache.commons.io.IOUtils;
import org.apache.commons.io.input.BOMInputStream;

/* loaded from: input_file:net/jsign/JsignCLI.class */
public class JsignCLI {
    public static void main(String... strArr) {
        try {
            new JsignCLI().execute(strArr);
        } catch (SignerException | IllegalArgumentException | ParseException e) {
            System.err.println("jsign: " + e.getMessage());
            if (e.getCause() != null) {
                e.getCause().printStackTrace(System.err);
            }
            System.err.println("Try `" + getProgramName() + " --help' for more information.");
            System.exit(1);
        }
    }

    private Map<String, Options> getOptions() {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        Options options = new Options();
        options.addOption(Option.builder("s").hasArg().longOpt("keystore").argName("FILE").desc("The keystore file, the SunPKCS11 configuration file, the cloud keystore name, or the card/token name").type(File.class).build());
        options.addOption(Option.builder().hasArg().longOpt("storepass").argName("PASSWORD").desc("The password to open the keystore").build());
        options.addOption(Option.builder().hasArg().longOpt("storetype").argName("TYPE").desc("The type of the keystore\nFile based:\n- JKS: Java keystore (.jks files)\n- JCEKS: SunJCE keystore (.jceks files)\n- PKCS12: Standard PKCS#12 keystore (.p12 or .pfx files)\nHardware tokens\n- PKCS11: PKCS#11 hardware token\n- ETOKEN: SafeNet eToken\n- NITROKEY: Nitrokey HSM\n- OPENPGP: OpenPGP card\n- OPENSC: Smart card\n- PIV: PIV card\n- YUBIKEY: YubiKey security key\nCloud key management systems:\n- AWS: AWS Key Management Service\n- AZUREKEYVAULT: Azure Key Vault key management system\n- DIGICERTONE: DigiCert ONE Secure Software Manager\n- ESIGNER: SSL.com eSigner\n- GARASIGN: Garantir Remote Signing\n- GOOGLECLOUD: Google Cloud KMS\n- HASHICORPVAULT: HashiCorp Vault\n- ORACLECLOUD: Oracle Cloud Key Management Service\n- SIGNPATH: SignPath\n- SIGNSERVER: Keyfactor SignServer\n- TRUSTEDSIGNING: Azure Trusted Signing\n").build());
        options.addOption(Option.builder("a").hasArg().longOpt("alias").argName("NAME").desc("The alias of the certificate used for signing in the keystore").build());
        options.addOption(Option.builder().hasArg().longOpt("keypass").argName("PASSWORD").desc("The password of the private key. When using a keystore, this parameter can be omitted if the keystore shares the same password").build());
        options.addOption(Option.builder().hasArg().longOpt("keyfile").argName("FILE").desc("The file containing the private key. PEM and PVK files are supported").type(File.class).build());
        options.addOption(Option.builder("c").hasArg().longOpt("certfile").argName("FILE").desc("The file containing the PKCS#7 certificate chain\n(.p7b or .spc files)").type(File.class).build());
        options.addOption(Option.builder("d").hasArg().longOpt("alg").argName("ALGORITHM").desc("The digest algorithm (SHA-1, SHA-256, SHA-384 or SHA-512)").build());
        options.addOption(Option.builder("t").hasArg().longOpt("tsaurl").argName("URL").desc("The URL of the timestamping authority. Several URLs separated by a comma can be specified to fallback on alternative servers").build());
        options.addOption(Option.builder("t").hasArg().longOpt("tsaurl").argName("URL").desc("The URL of the timestamping authority").build());
        options.addOption(Option.builder("m").hasArg().longOpt("tsmode").argName("MODE").desc("The timestamping mode (RFC3161 or Authenticode)").build());
        options.addOption(Option.builder("r").hasArg().longOpt("tsretries").argName("NUMBER").desc("The number of retries for timestamping").build());
        options.addOption(Option.builder("w").hasArg().longOpt("tsretrywait").argName("SECONDS").desc("The number of seconds to wait between timestamping retries").build());
        options.addOption(Option.builder("n").hasArg().longOpt("name").argName("NAME").desc("The name of the application").build());
        options.addOption(Option.builder("u").hasArg().longOpt("url").argName("URL").desc("The URL of the application").build());
        options.addOption(Option.builder().hasArg().longOpt("proxyUrl").argName("URL").desc("The URL of the HTTP proxy").build());
        options.addOption(Option.builder().hasArg().longOpt("proxyUser").argName("NAME").desc("The user for the HTTP proxy. If a user is needed").build());
        options.addOption(Option.builder().hasArg().longOpt("proxyPass").argName("PASSWORD").desc("The password for the HTTP proxy user. If a user is needed").build());
        options.addOption(Option.builder().longOpt("replace").desc("Tells if the previous signatures should be replaced").build());
        options.addOption(Option.builder("e").hasArg().longOpt("encoding").argName("ENCODING").desc("The encoding of the script to be signed (UTF-8 by default, or the encoding specified by the byte order mark if there is one)").build());
        options.addOption(Option.builder().longOpt("detached").desc("Tells if a detached signature should be generated or reused").build());
        options.addOption(Option.builder().longOpt("quiet").desc("Print only error messages").build());
        options.addOption(Option.builder().longOpt("verbose").desc("Print more information").build());
        options.addOption(Option.builder().longOpt("debug").desc("Print debugging information").build());
        options.addOption(Option.builder("h").longOpt("help").desc("Print the help").build());
        linkedHashMap.put("sign", options);
        Options options2 = new Options();
        options2.addOption(Option.builder("t").hasArg().longOpt("tsaurl").argName("URL").desc("The URL of the timestamping authority").build());
        options2.addOption(Option.builder("m").hasArg().longOpt("tsmode").argName("MODE").desc("The timestamping mode (RFC3161 or Authenticode)").build());
        options2.addOption(Option.builder("r").hasArg().longOpt("tsretries").argName("NUMBER").desc("The number of retries for timestamping").build());
        options2.addOption(Option.builder("w").hasArg().longOpt("tsretrywait").argName("SECONDS").desc("The number of seconds to wait between timestamping retries").build());
        options2.addOption(Option.builder().hasArg().longOpt("proxyUrl").argName("URL").desc("The URL of the HTTP proxy").build());
        options2.addOption(Option.builder().hasArg().longOpt("proxyUser").argName("NAME").desc("The user for the HTTP proxy. If a user is needed").build());
        options2.addOption(Option.builder().hasArg().longOpt("proxyPass").argName("PASSWORD").desc("The password for the HTTP proxy user. If a user is needed").build());
        options2.addOption(Option.builder().longOpt("replace").desc("Tells if the previous timestamps should be replaced").build());
        linkedHashMap.put("timestamp", options2);
        Options options3 = new Options();
        options3.addOption(Option.builder().hasArg().longOpt("format").argName("FORMAT").desc("      The output format of the signature (DER or PEM)").build());
        linkedHashMap.put("extract", options3);
        linkedHashMap.put("remove", new Options());
        Options options4 = new Options();
        options4.addOption(Option.builder().hasArg().longOpt("value").argName("VALUE").desc("        The value of the unsigned attribute").build());
        linkedHashMap.put("tag", options4);
        return linkedHashMap;
    }

    void execute(String... strArr) throws SignerException, ParseException {
        DefaultParser defaultParser = new DefaultParser();
        String str = "sign";
        if (strArr.length >= 1 && !strArr[0].startsWith("-")) {
            str = strArr[0];
            strArr = (String[]) Arrays.copyOfRange(strArr, 1, strArr.length);
        }
        Options options = getOptions().get(str);
        if (options == null) {
            throw new ParseException("Unknown command '" + str + "'");
        }
        options.addOption(Option.builder().longOpt("quiet").build());
        options.addOption(Option.builder().longOpt("verbose").build());
        options.addOption(Option.builder().longOpt("debug").build());
        CommandLine parse = defaultParser.parse(options, strArr);
        if (parse.hasOption("help") || strArr.length == 0) {
            printHelp();
            return;
        }
        Logger logger = Logger.getLogger("net.jsign");
        logger.setLevel(parse.hasOption("debug") ? Level.FINEST : parse.hasOption("verbose") ? Level.FINE : parse.hasOption("quiet") ? Level.WARNING : Level.INFO);
        logger.setUseParentHandlers(false);
        Stream of = Stream.of((Object[]) logger.getHandlers());
        logger.getClass();
        of.forEach(logger::removeHandler);
        logger.addHandler(new StdOutLogHandler());
        SignerHelper signerHelper = new SignerHelper("option");
        signerHelper.command(str);
        setOption("keystore", signerHelper, parse);
        setOption("storepass", signerHelper, parse);
        setOption("storetype", signerHelper, parse);
        setOption("alias", signerHelper, parse);
        setOption("keypass", signerHelper, parse);
        setOption("keyfile", signerHelper, parse);
        setOption("certfile", signerHelper, parse);
        setOption("alg", signerHelper, parse);
        setOption("tsaurl", signerHelper, parse);
        setOption("tsmode", signerHelper, parse);
        setOption("tsretries", signerHelper, parse);
        setOption("tsretrywait", signerHelper, parse);
        setOption("name", signerHelper, parse);
        setOption("url", signerHelper, parse);
        setOption("proxyUrl", signerHelper, parse);
        setOption("proxyUser", signerHelper, parse);
        setOption("proxyPass", signerHelper, parse);
        signerHelper.replace(parse.hasOption("replace"));
        setOption("encoding", signerHelper, parse);
        signerHelper.detached(parse.hasOption("detached"));
        setOption("format", signerHelper, parse);
        setOption("value", signerHelper, parse);
        if (parse.getArgList().isEmpty()) {
            throw new SignerException("No file specified");
        }
        Iterator it = parse.getArgList().iterator();
        while (it.hasNext()) {
            for (String str2 : expand((String) it.next())) {
                if (!str2.trim().isEmpty() && !str2.startsWith("#")) {
                    signerHelper.execute(new File(unquote(str2)));
                }
            }
        }
    }

    private List<String> expand(String str) {
        if (str.startsWith("@")) {
            try {
                return readFile(new File(str.substring(1)));
            } catch (IOException e) {
                throw new IllegalArgumentException("Failed to read the file list: " + str.substring(1), e);
            }
        }
        if (!str.contains("*")) {
            return Collections.singletonList(str);
        }
        try {
            return (List) new DirectoryScanner().scan(str).stream().map((v0) -> {
                return v0.toString();
            }).collect(Collectors.toList());
        } catch (IOException e2) {
            throw new IllegalArgumentException("Failed to scan the directory: " + str, e2);
        }
    }

    private List<String> readFile(File file) throws IOException {
        BOMInputStream bOMInputStream = new BOMInputStream(new BufferedInputStream(new FileInputStream(file)), false, new ByteOrderMark[]{ByteOrderMark.UTF_8, ByteOrderMark.UTF_16BE, ByteOrderMark.UTF_16LE});
        Throwable th = null;
        try {
            try {
                List<String> readLines = IOUtils.readLines(bOMInputStream, bOMInputStream.hasBOM() ? bOMInputStream.getBOMCharsetName() : "UTF-8");
                if (bOMInputStream != null) {
                    if (0 != 0) {
                        try {
                            bOMInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        bOMInputStream.close();
                    }
                }
                return readLines;
            } finally {
            }
        } catch (Throwable th3) {
            if (bOMInputStream != null) {
                if (th != null) {
                    try {
                        bOMInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    bOMInputStream.close();
                }
            }
            throw th3;
        }
    }

    private String unquote(String str) {
        String trim = str.trim();
        if (trim.startsWith("\"") && trim.endsWith("\"")) {
            trim = trim.substring(1, trim.length() - 1);
        }
        return trim;
    }

    private void setOption(String str, SignerHelper signerHelper, CommandLine commandLine) {
        signerHelper.param(str, commandLine.getOptionValue(str));
    }

    private void printHelp() {
        HelpFormatter helpFormatter = new HelpFormatter();
        helpFormatter.setOptionComparator((Comparator) null);
        helpFormatter.setWidth(85);
        helpFormatter.setDescPadding(1);
        PrintWriter printWriter = new PrintWriter(System.out);
        helpFormatter.printUsage(printWriter, helpFormatter.getWidth(), getProgramName() + " [COMMAND] [OPTIONS] [FILE] [PATTERN] [@FILELIST]...");
        printWriter.println();
        helpFormatter.printWrapped(printWriter, helpFormatter.getWidth(), "Sign and timestamp Windows executable files, Microsoft Installers (MSI), Cabinet files (CAB), Catalog files (CAT), Windows packages (APPX/MSIX), Microsoft Dynamics 365 extension packages, NuGet packages and scripts (PowerShell, VBScript, JScript, WSF)\n\n");
        Map<String, Options> options = getOptions();
        printWriter.println("commands: " + ((String) options.keySet().stream().map(str -> {
            return "sign".equals(str) ? str + " (default)" : str;
        }).collect(Collectors.joining(", "))));
        for (String str2 : options.keySet()) {
            if (!options.get(str2).getOptions().isEmpty()) {
                printWriter.println();
                printWriter.println(str2 + ":");
                helpFormatter.printOptions(printWriter, helpFormatter.getWidth(), options.get(str2), helpFormatter.getLeftPadding(), helpFormatter.getDescPadding());
            }
        }
        helpFormatter.printWrapped(printWriter, helpFormatter.getWidth(), "\nExamples:\n\n   Signing with a PKCS#12 keystore and timestamping:\n\n     jsign --keystore keystore.p12 --alias test --storepass pwd \\\n           --tsaurl http://timestamp.sectigo.com application.exe\n\n   Signing with a SPC certificate and a PVK key:\n\n     jsign --certfile certificate.spc --keyfile key.pvk --keypass pwd installer.msi\n\nPlease report suggestions and issues on the GitHub project at https://github.com/ebourg/jsign/issues");
        printWriter.flush();
    }

    private static String getProgramName() {
        return System.getProperty("basename", "java -jar jsign.jar");
    }
}
