package org.nhindirect.common.crypto.tools;

import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.Console;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.util.Arrays;
import java.util.Properties;
import org.apache.commons.io.FileUtils;
import org.apache.commons.lang.StringUtils;
import org.nhindirect.common.crypto.MutableKeyStoreProtectionManager;
import org.nhindirect.common.crypto.exceptions.CryptoException;
import org.nhindirect.common.crypto.impl.BootstrappedPKCS11Credential;
import org.nhindirect.common.crypto.impl.StaticPKCS11TokenKeyStoreProtectionManager;
import org.nhindirect.common.crypto.tools.commands.PKCS11Commands;
import org.nhindirect.common.tooling.Commands;

/* loaded from: input_file:WEB-INF/lib/direct-common-2.0.jar:org/nhindirect/common/crypto/tools/PKCS11SecretKeyManager.class */
public class PKCS11SecretKeyManager {
    private final Commands commands = new Commands("PKCS11 Secret Key Management Console");
    private static boolean exitOnEndCommands = true;
    private static String keyStoreType = null;
    private static String providerName = null;
    private static String keyStoreSource = null;
    protected static String pkcs11ProviderCfg = null;
    protected static String keyStoreConfigFile = null;

    public static void main(String[] strArr) {
        if (strArr.length > 0) {
            int i = 0;
            while (i < strArr.length) {
                String str = strArr[i];
                if (!str.startsWith("-")) {
                    System.err.println("Error: Unexpected argument [" + str + "]\n");
                    printUsage();
                    System.exit(-1);
                } else if (str.equalsIgnoreCase("-pkcscfg")) {
                    if (i == strArr.length - 1 || strArr[i + 1].startsWith("-")) {
                        System.err.println("Error: Missing pkcs config file");
                        System.exit(-1);
                    }
                    i++;
                    pkcs11ProviderCfg = strArr[i];
                } else if (str.equals("-keyStoreCfg")) {
                    if (i == strArr.length - 1 || strArr[i + 1].startsWith("-")) {
                        System.err.println("Error: Missing keystore config file");
                        System.exit(-1);
                    }
                    i++;
                    keyStoreConfigFile = strArr[i];
                } else if (str.equals("-help")) {
                    printUsage();
                    System.exit(-1);
                } else {
                    System.err.println("Error: Unknown argument " + str + "\n");
                    printUsage();
                    System.exit(-1);
                }
                i++;
            }
        }
        if (keyStoreConfigFile != null) {
            try {
                FileInputStream openInputStream = FileUtils.openInputStream(new File(keyStoreConfigFile));
                Properties properties = new Properties();
                properties.load(openInputStream);
                keyStoreType = properties.getProperty("keyStoreType");
                providerName = properties.getProperty("keyStoreProviderName");
                keyStoreSource = properties.getProperty("keyStoreSource");
            } catch (IOException e) {
                System.err.println("Error reading keystore config file to properties: " + e.getMessage());
                System.exit(-1);
            }
        }
        MutableKeyStoreProtectionManager mutableKeyStoreProtectionManager = null;
        try {
            mutableKeyStoreProtectionManager = tokenLogin();
        } catch (CryptoException e2) {
            System.out.println("Failed to login to hardware token: " + e2.getMessage());
            System.exit(-1);
        }
        PKCS11SecretKeyManager pKCS11SecretKeyManager = new PKCS11SecretKeyManager(mutableKeyStoreProtectionManager);
        boolean z = false;
        if (pKCS11SecretKeyManager != null) {
            z = pKCS11SecretKeyManager.run(null);
        }
        if (exitOnEndCommands) {
            System.exit(z ? 0 : -1);
        }
    }

    public boolean run(String[] strArr) {
        if (strArr != null && strArr.length > 0) {
            return this.commands.run(strArr);
        }
        this.commands.runInteractive();
        System.out.println("Shutting Down Configuration Manager Console");
        return true;
    }

    private static void printUsage() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("Usage:\n");
        stringBuffer.append("java PKCS11SecretKeyManager (options)...\n\n");
        stringBuffer.append("options:\n");
        stringBuffer.append("-pkcscfg    PKCS11 Config File  Optional location for the PKCS11 provider configuration.  If this is not set, then it is assumed that the JVM has already been configured to support your PKCS11 token.\n");
        stringBuffer.append("            Default: \"\"\n\n");
        System.err.println(stringBuffer);
    }

    public static MutableKeyStoreProtectionManager tokenLogin() throws CryptoException {
        char[] charArray;
        Console console = null;
        try {
            if (0 != 0) {
                charArray = console.readPassword("[%s]", "Enter hardware token password: ");
                Arrays.fill(charArray, ' ');
            } else {
                System.out.print("Enter hardware token password: ");
                charArray = new BufferedReader(new InputStreamReader(System.in)).readLine().toCharArray();
            }
            BootstrappedPKCS11Credential bootstrappedPKCS11Credential = new BootstrappedPKCS11Credential(new String(charArray));
            StaticPKCS11TokenKeyStoreProtectionManager staticPKCS11TokenKeyStoreProtectionManager = new StaticPKCS11TokenKeyStoreProtectionManager();
            staticPKCS11TokenKeyStoreProtectionManager.setCredential(bootstrappedPKCS11Credential);
            staticPKCS11TokenKeyStoreProtectionManager.setKeyStoreProviderName(providerName);
            if (!StringUtils.isEmpty(keyStoreType)) {
                staticPKCS11TokenKeyStoreProtectionManager.setKeyStoreType(keyStoreType);
            }
            if (!StringUtils.isEmpty(keyStoreSource)) {
                staticPKCS11TokenKeyStoreProtectionManager.setKeyStoreSource(new ByteArrayInputStream(keyStoreSource.getBytes()));
            }
            if (!StringUtils.isEmpty(pkcs11ProviderCfg)) {
                staticPKCS11TokenKeyStoreProtectionManager.setPcks11ConfigFile(pkcs11ProviderCfg);
            }
            staticPKCS11TokenKeyStoreProtectionManager.initTokenStore();
            return staticPKCS11TokenKeyStoreProtectionManager;
        } catch (Exception e) {
            throw new RuntimeException("Error getting password.", e);
        }
    }

    public PKCS11SecretKeyManager(MutableKeyStoreProtectionManager mutableKeyStoreProtectionManager) {
        this.commands.register(new PKCS11Commands(mutableKeyStoreProtectionManager));
    }

    public static void setExitOnEndCommands(boolean z) {
        exitOnEndCommands = z;
    }
}
