package edu.internet2.middleware.security;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyException;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.zip.DeflaterOutputStream;
import java.util.zip.GZIPInputStream;
import java.util.zip.GZIPOutputStream;
import java.util.zip.InflaterInputStream;
import javax.net.ssl.X509KeyManager;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import javax.xml.validation.Schema;
import javax.xml.validation.Validator;
import org.apache.commons.httpclient.Header;
import org.apache.commons.httpclient.methods.GetMethod;
import org.apache.xml.security.Init;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.keys.content.KeyName;
import org.apache.xml.security.keys.content.X509Data;
import org.apache.xml.security.signature.Reference;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.signature.XMLSignatureException;
import org.apache.xml.security.transforms.Transform;
import org.apache.xml.security.transforms.TransformationException;
import org.apache.xml.security.transforms.Transforms;
import org.apache.xml.security.utils.IdResolver;
import org.opensaml.ws.soap.client.http.HttpClientBuilder;
import org.opensaml.ws.soap.client.http.TLSProtocolSocketFactory;
import org.opensaml.xml.schema.SchemaBuilder;
import org.opensaml.xml.security.BasicSecurityConfiguration;
import org.opensaml.xml.security.DefaultSecurityConfigurationBootstrap;
import org.opensaml.xml.security.SecurityHelper;
import org.opensaml.xml.security.x509.BasicX509Credential;
import org.opensaml.xml.security.x509.X509Util;
import org.opensaml.xml.signature.Signature;
import org.opensaml.xml.util.Base64;
import org.opensaml.xml.util.DatatypeHelper;
import org.opensaml.xml.util.XMLHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Attr;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;

/* loaded from: input_file:edu/internet2/middleware/security/XmlSecTool.class */
public final class XmlSecTool {
    public static final int RC_OK = 0;
    public static final int RC_INIT = 1;
    public static final int RC_IO = 2;
    public static final int RC_MALFORMED_XML = 3;
    public static final int RC_INVALID_XML = 4;
    public static final int RC_INVALID_XS = 5;
    public static final int RC_INVALID_CRED = 6;
    public static final int RC_SIG = 7;
    public static final int RC_UNKNOWN = -1;
    private static Logger log;

    public static void main(String[] strArr) {
        XmlSecToolCommandLineArguments xmlSecToolCommandLineArguments = new XmlSecToolCommandLineArguments(strArr);
        xmlSecToolCommandLineArguments.parseCommandLineArguments(strArr);
        if (xmlSecToolCommandLineArguments.doHelp()) {
            xmlSecToolCommandLineArguments.printHelp(System.out);
            System.exit(0);
        }
        initLogging(xmlSecToolCommandLineArguments);
        try {
            Init.init();
        } catch (Throwable th) {
            log.error("Unable to initialize XML security libraries", th);
            System.exit(1);
        }
        try {
            Document parseXML = parseXML(xmlSecToolCommandLineArguments);
            if (xmlSecToolCommandLineArguments.doSchemaValidation()) {
                schemaValidate(xmlSecToolCommandLineArguments, parseXML);
            }
            if (xmlSecToolCommandLineArguments.doSign()) {
                sign(xmlSecToolCommandLineArguments, parseXML);
            }
            if (xmlSecToolCommandLineArguments.doSignatureVerify()) {
                verifySignature(xmlSecToolCommandLineArguments, parseXML);
            }
            if (xmlSecToolCommandLineArguments.getOutputFile() != null) {
                writeDocument(xmlSecToolCommandLineArguments, parseXML);
            }
        } catch (Throwable th2) {
            log.error("Unknown error", th2);
            System.exit(-1);
        }
    }

    protected static Document parseXML(XmlSecToolCommandLineArguments xmlSecToolCommandLineArguments) {
        InputStream xmlInputStreamFromFile = xmlSecToolCommandLineArguments.getInputFile() != null ? getXmlInputStreamFromFile(xmlSecToolCommandLineArguments) : getXmlInputStreamFromUrl(xmlSecToolCommandLineArguments);
        DocumentBuilder parser = getParser(xmlSecToolCommandLineArguments);
        try {
            log.debug("Parsing XML input stream");
            Document parse = parser.parse(xmlInputStreamFromFile);
            log.info("XML document parsed and is well-formed.");
            return parse;
        } catch (IOException e) {
            log.error("Error reading XML document from input source", e);
            System.exit(2);
            return null;
        } catch (SAXException e2) {
            log.error("XML document was not well formed", e2);
            System.exit(3);
            return null;
        }
    }

    protected static InputStream getXmlInputStreamFromFile(XmlSecToolCommandLineArguments xmlSecToolCommandLineArguments) {
        try {
            log.info("Reading XML document from file '{}'", xmlSecToolCommandLineArguments.getInputFile());
            File file = new File(xmlSecToolCommandLineArguments.getInputFile());
            if (!file.exists()) {
                log.error("Input file '{}' does not exist", xmlSecToolCommandLineArguments.getInputFile());
                System.exit(2);
            }
            if (file.isDirectory()) {
                log.error("Input file '{}' is a directory", xmlSecToolCommandLineArguments.getInputFile());
                System.exit(2);
            }
            if (!file.canRead()) {
                log.error("Input file '{}' can not be read", xmlSecToolCommandLineArguments.getInputFile());
                System.exit(2);
            }
            InputStream fileInputStream = new FileInputStream(xmlSecToolCommandLineArguments.getInputFile());
            if (xmlSecToolCommandLineArguments.isBase64DecodeInput()) {
                log.debug("Passing input file through Base64 decoder.");
                fileInputStream = new Base64.InputStream(fileInputStream);
            }
            if (xmlSecToolCommandLineArguments.isInflateInput()) {
                log.debug("Passing input file data through Inflater decompression filter");
                fileInputStream = new InflaterInputStream(fileInputStream);
            }
            if (xmlSecToolCommandLineArguments.isGunzipInput()) {
                log.debug("Passing input file data through GZip decompression filter");
                fileInputStream = new GZIPInputStream(fileInputStream);
            }
            return fileInputStream;
        } catch (IOException e) {
            log.error("Unable to read input file '{}'", xmlSecToolCommandLineArguments.getInputFile(), e);
            System.exit(2);
            return null;
        }
    }

    protected static InputStream getXmlInputStreamFromUrl(XmlSecToolCommandLineArguments xmlSecToolCommandLineArguments) {
        log.info("Reading XML document from URL '{}'", xmlSecToolCommandLineArguments.getInputUrl());
        HttpClientBuilder httpClientBuilder = new HttpClientBuilder();
        httpClientBuilder.setHttpsProtocolSocketFactory(new TLSProtocolSocketFactory((X509KeyManager) null, CredentialHelper.buildNoTrustTrustManager()));
        if (xmlSecToolCommandLineArguments.getHttpProxy() != null) {
            httpClientBuilder.setProxyHost(xmlSecToolCommandLineArguments.getHttpProxy());
            httpClientBuilder.setProxyPort(xmlSecToolCommandLineArguments.getHttpProxyPort());
            httpClientBuilder.setProxyUsername(xmlSecToolCommandLineArguments.getHttpProxyUsername());
            httpClientBuilder.setProxyPassword(xmlSecToolCommandLineArguments.getHttpProxyPassword());
        }
        GetMethod getMethod = new GetMethod(xmlSecToolCommandLineArguments.getInputUrl());
        getMethod.setRequestHeader("Accept-Encoding", "gzip,deflate");
        try {
            httpClientBuilder.buildClient().executeMethod(getMethod);
            if (getMethod.getStatusCode() != 200) {
                log.error("Non-ok status code '" + Integer.valueOf(getMethod.getStatusCode()) + "' returned by '" + xmlSecToolCommandLineArguments.getInputUrl() + "'");
                System.exit(2);
            }
            InputStream responseBodyAsStream = getMethod.getResponseBodyAsStream();
            Header responseHeader = getMethod.getResponseHeader("Content-Encoding");
            if (responseHeader != null) {
                String value = responseHeader.getValue();
                if ("deflate".equalsIgnoreCase(value)) {
                    log.debug("Passing input file data through Inflater decompression filter");
                    responseBodyAsStream = new InflaterInputStream(responseBodyAsStream);
                }
                if ("gzip".equalsIgnoreCase(value)) {
                    log.debug("Passing input file data through GZip decompression filter");
                    responseBodyAsStream = new GZIPInputStream(responseBodyAsStream);
                }
            }
            if (xmlSecToolCommandLineArguments.isBase64DecodeInput()) {
                log.debug("Passing input file through Base64 decoder.");
                responseBodyAsStream = new Base64.InputStream(responseBodyAsStream);
            }
            return responseBodyAsStream;
        } catch (IOException e) {
            log.error("Unable to read XML document from " + xmlSecToolCommandLineArguments.getInputUrl(), e);
            System.exit(2);
            return null;
        }
    }

    protected static DocumentBuilder getParser(XmlSecToolCommandLineArguments xmlSecToolCommandLineArguments) {
        log.debug("Building DOM parser");
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setCoalescing(false);
        newInstance.setExpandEntityReferences(true);
        newInstance.setIgnoringComments(false);
        newInstance.setIgnoringElementContentWhitespace(false);
        newInstance.setNamespaceAware(true);
        newInstance.setValidating(false);
        newInstance.setXIncludeAware(false);
        try {
            return newInstance.newDocumentBuilder();
        } catch (ParserConfigurationException e) {
            log.error("Unable to create XML parser", e);
            System.exit(-1);
            return null;
        }
    }

    protected static void schemaValidate(XmlSecToolCommandLineArguments xmlSecToolCommandLineArguments, Document document) {
        Schema buildSchema;
        File file = new File(xmlSecToolCommandLineArguments.getSchemaDirectory());
        try {
            if (xmlSecToolCommandLineArguments.isXsdSchema()) {
                log.debug("Building W3 XML Schema from file/directory '{}'", file.getAbsolutePath());
                buildSchema = SchemaBuilder.buildSchema(SchemaBuilder.SchemaLanguage.XML, file);
            } else {
                log.debug("Building RELAX NG Schema from file/directory '{}'", file.getAbsolutePath());
                buildSchema = SchemaBuilder.buildSchema(SchemaBuilder.SchemaLanguage.RELAX, file);
            }
            Validator newValidator = buildSchema.newValidator();
            log.debug("Schema validating XML document");
            newValidator.validate(new DOMSource(document));
            log.info("XML document is schema valid");
        } catch (SAXException e) {
            log.error("Invalid XML schema files, unable to validate XML", e);
            System.exit(5);
        } catch (Exception e2) {
            log.error("XML is not schema valid", e2);
            System.exit(4);
        }
    }

    protected static void sign(XmlSecToolCommandLineArguments xmlSecToolCommandLineArguments, Document document) {
        log.debug("Preparing to sign document");
        Element documentElement = document.getDocumentElement();
        if (getSignatureElement(document) != null) {
            log.error("XML document is already signed");
            System.exit(7);
        }
        BasicX509Credential credential = getCredential(xmlSecToolCommandLineArguments);
        BasicSecurityConfiguration buildDefaultConfig = DefaultSecurityConfigurationBootstrap.buildDefaultConfig();
        String signatureAlgorithmURI = buildDefaultConfig.getSignatureAlgorithmURI(credential);
        try {
            XMLSignature xMLSignature = SecurityHelper.isHMAC(signatureAlgorithmURI) ? new XMLSignature(document, "#", signatureAlgorithmURI, buildDefaultConfig.getSignatureHMACOutputLength().intValue(), "http://www.w3.org/2001/10/xml-exc-c14n#") : new XMLSignature(document, "#", signatureAlgorithmURI, "http://www.w3.org/2001/10/xml-exc-c14n#");
            populateKeyInfo(document, xMLSignature.getKeyInfo(), credential);
            Transforms transforms = new Transforms(document);
            transforms.addTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature");
            transforms.addTransform("http://www.w3.org/2001/10/xml-exc-c14n#");
            xMLSignature.addDocument(getSignatureReferenceUri(xmlSecToolCommandLineArguments, documentElement), transforms, "http://www.w3.org/2000/09/xmldsig#sha1");
            log.debug("Creating Signature DOM element");
            addSignatureELement(xmlSecToolCommandLineArguments, documentElement, xMLSignature.getElement());
            xMLSignature.sign(SecurityHelper.extractSigningKey(credential));
            log.info("XML document successfully signed");
        } catch (XMLSecurityException e) {
            log.error("Unable to create XML document signature", e);
            System.exit(7);
        }
    }

    protected static void populateKeyInfo(Document document, KeyInfo keyInfo, BasicX509Credential basicX509Credential) {
        if (basicX509Credential.getKeyNames() != null) {
            Iterator it = basicX509Credential.getKeyNames().iterator();
            while (it.hasNext()) {
                keyInfo.add(new KeyName(document, (String) it.next()));
            }
        }
        keyInfo.add(basicX509Credential.getPublicKey());
        X509Data x509Data = new X509Data(document);
        keyInfo.add(x509Data);
        try {
            Iterator it2 = basicX509Credential.getEntityCertificateChain().iterator();
            while (it2.hasNext()) {
                x509Data.addCertificate((X509Certificate) it2.next());
            }
            if (basicX509Credential.getCRLs() != null) {
                Iterator it3 = basicX509Credential.getCRLs().iterator();
                while (it3.hasNext()) {
                    x509Data.addCRL(((X509CRL) it3.next()).getEncoded());
                }
            }
        } catch (CRLException e) {
        } catch (XMLSecurityException e2) {
            log.error("Unable to constructor signature KeyInfo", e2);
            System.exit(-1);
        }
    }

    protected static String getSignatureReferenceUri(XmlSecToolCommandLineArguments xmlSecToolCommandLineArguments, Element element) {
        Attr attr;
        String str = "";
        if (xmlSecToolCommandLineArguments.getReferenceIdAttributeName() != null && (attr = (Attr) element.getAttributes().getNamedItem(xmlSecToolCommandLineArguments.getReferenceIdAttributeName())) != null) {
            str = DatatypeHelper.safeTrim(attr.getValue());
            if (str.length() > 0) {
                str = "#" + str;
            }
        }
        return str;
    }

    protected static void addSignatureELement(XmlSecToolCommandLineArguments xmlSecToolCommandLineArguments, Element element, Element element2) {
        if ("FIRST".equalsIgnoreCase(xmlSecToolCommandLineArguments.getSignaturePosition()) || xmlSecToolCommandLineArguments.getSignaturePosition() == null) {
            element.insertBefore(element2, element.getFirstChild());
            return;
        }
        if ("LAST".equalsIgnoreCase(xmlSecToolCommandLineArguments.getSignaturePosition())) {
            element.appendChild(element2);
            return;
        }
        try {
            NodeList childNodes = element.getChildNodes();
            int parseInt = Integer.parseInt(xmlSecToolCommandLineArguments.getSignaturePosition());
            boolean z = false;
            if (childNodes.getLength() > parseInt) {
                int i = 0;
                for (int i2 = 0; i2 < childNodes.getLength(); i2++) {
                    if (childNodes.item(i2).getNodeType() == 1) {
                        i++;
                        if (i == parseInt) {
                            element.insertBefore(element2, childNodes.item(i2));
                            z = true;
                        }
                    }
                }
            }
            if (z) {
                return;
            }
            element.appendChild(element2);
        } catch (NumberFormatException e) {
            log.error("Invalid signature position: " + xmlSecToolCommandLineArguments.getSignaturePosition());
            System.exit(7);
        }
    }

    protected static void verifySignature(XmlSecToolCommandLineArguments xmlSecToolCommandLineArguments, Document document) {
        Element signatureElement = getSignatureElement(document);
        if (signatureElement == null) {
            if (!xmlSecToolCommandLineArguments.isSignatureRequired()) {
                log.info("XML document is not signed, no verification performed");
                return;
            } else {
                log.error("Signature required but XML document is not signed");
                System.exit(7);
            }
        }
        log.debug("XML document cotnained Signature element\n{}", XMLHelper.prettyPrintXML(signatureElement));
        log.debug("Creating XML security library XMLSignature object");
        XMLSignature xMLSignature = null;
        try {
            xMLSignature = new XMLSignature(signatureElement, "");
        } catch (XMLSecurityException e) {
            log.error("Unable to read XML signature", e);
            System.exit(7);
        }
        if (xMLSignature.getObjectLength() != 0) {
            log.error("Signature contained an Object element, this is not allowed");
            System.exit(7);
        }
        validateSignatureReference(document, xMLSignature);
        Key extractVerificationKey = SecurityHelper.extractVerificationKey(getCredential(xmlSecToolCommandLineArguments));
        log.debug("Verifying XML signature with key\n{}", Base64.encodeBytes(extractVerificationKey.getEncoded()));
        try {
            if (xMLSignature.checkSignatureValue(extractVerificationKey)) {
                log.info("XML document signature verified.");
            } else {
                log.error("XML document signature verification failed");
                System.exit(7);
            }
        } catch (XMLSignatureException e2) {
            log.error("XML document signature verification failed with an error", e2);
            System.exit(7);
        }
    }

    protected static void validateSignatureReference(Document document, XMLSignature xMLSignature) {
        int length = xMLSignature.getSignedInfo().getLength();
        if (length != 1) {
            log.error("Signature SignedInfo had invalid number of References: " + length);
            System.exit(7);
        }
        Reference reference = null;
        try {
            reference = xMLSignature.getSignedInfo().item(0);
        } catch (XMLSecurityException e) {
            log.error("Apache XML Security exception obtaining Reference", e);
            System.exit(7);
        }
        if (reference == null) {
            log.error("Signature Reference was null");
            System.exit(7);
        }
        validateSignatureReferenceUri(document, xMLSignature, reference);
        validateSignatureTransforms(reference);
    }

    protected static void validateSignatureReferenceUri(Document document, XMLSignature xMLSignature, Reference reference) {
        String uri = reference.getURI();
        if (!DatatypeHelper.isEmpty(uri) && !uri.startsWith("#")) {
            log.error("Signature Reference URI was not a document fragment reference: " + uri);
            System.exit(7);
        }
        String substring = uri.substring(1);
        Element documentElement = document.getDocumentElement();
        Element elementById = IdResolver.getElementById(document, substring);
        if (documentElement == null) {
            log.error("No element with DOM ID attribute #" + substring + " can be resolved by XML-Security's IdResolver");
            System.exit(7);
        }
        if (documentElement.isSameNode(elementById)) {
            return;
        }
        log.error("Signature Reference URI #" + substring + " was resolved to a node other than the document element");
        System.exit(7);
    }

    protected static void validateSignatureTransforms(Reference reference) {
        Transforms transforms = null;
        try {
            transforms = reference.getTransforms();
        } catch (XMLSecurityException e) {
            log.error("Apache XML Security error obtaining Transforms instance", e);
            System.exit(7);
        }
        if (transforms == null) {
            log.error("Error obtaining Transforms instance, null was returned");
            System.exit(7);
        }
        int length = transforms.getLength();
        if (length > 2) {
            log.error("Invalid number of Transforms was present: " + length);
            System.exit(7);
        }
        boolean z = false;
        for (int i = 0; i < length; i++) {
            Transform transform = null;
            try {
                transform = transforms.item(i);
            } catch (TransformationException e2) {
                log.error("Error obtaining transform instance", e2);
                System.exit(7);
            }
            String uri = transform.getURI();
            if ("http://www.w3.org/2000/09/xmldsig#enveloped-signature".equals(uri)) {
                log.debug("Saw Enveloped signature transform");
                z = true;
            } else if ("http://www.w3.org/2001/10/xml-exc-c14n#".equals(uri) || "http://www.w3.org/2001/10/xml-exc-c14n#WithComments".equals(uri)) {
                log.debug("Saw Exclusive C14N signature transform");
            } else {
                log.error("Saw invalid signature transform: " + uri);
                System.exit(7);
            }
        }
        if (z) {
            return;
        }
        log.error("Signature was missing the required Enveloped signature transform");
        System.exit(7);
    }

    protected static Element getSignatureElement(Document document) {
        List childElementsByTagNameNS = XMLHelper.getChildElementsByTagNameNS(document.getDocumentElement(), Signature.DEFAULT_ELEMENT_NAME.getNamespaceURI(), Signature.DEFAULT_ELEMENT_NAME.getLocalPart());
        if (childElementsByTagNameNS.isEmpty()) {
            return null;
        }
        if (childElementsByTagNameNS.size() > 1) {
            log.error("XML document contained more than on signature, unable to process");
            System.exit(7);
        }
        return (Element) childElementsByTagNameNS.get(0);
    }

    protected static BasicX509Credential getCredential(XmlSecToolCommandLineArguments xmlSecToolCommandLineArguments) {
        BasicX509Credential basicX509Credential = null;
        if (xmlSecToolCommandLineArguments.getCertificate() != null) {
            try {
                basicX509Credential = CredentialHelper.getFileBasedCredentials(xmlSecToolCommandLineArguments.getKey(), xmlSecToolCommandLineArguments.getKeyPassword(), xmlSecToolCommandLineArguments.getCertificate());
            } catch (KeyException e) {
                log.error("Unable to read key file " + xmlSecToolCommandLineArguments.getKey(), e);
                System.exit(2);
            } catch (CertificateException e2) {
                log.error("Unable to read certificate file " + xmlSecToolCommandLineArguments.getKey(), e2);
                System.exit(2);
            }
        } else if (xmlSecToolCommandLineArguments.getPkcs11Config() != null) {
            try {
                basicX509Credential = CredentialHelper.getPKCS11Credential(xmlSecToolCommandLineArguments.getKeystore(), xmlSecToolCommandLineArguments.getPkcs11Config(), xmlSecToolCommandLineArguments.getKey(), xmlSecToolCommandLineArguments.getKeyPassword());
            } catch (IOException e3) {
                log.error("Error accessing PKCS11 store", e3);
                System.exit(2);
            } catch (GeneralSecurityException e4) {
                log.error("Unable to recover key entry from PKCS11 store", e4);
                System.exit(2);
            }
        } else {
            try {
                basicX509Credential = CredentialHelper.getKeystoreCredential(xmlSecToolCommandLineArguments.getKeystore(), xmlSecToolCommandLineArguments.getKeystorePassword(), xmlSecToolCommandLineArguments.getKeystoreProvider(), xmlSecToolCommandLineArguments.getKeystoreType(), xmlSecToolCommandLineArguments.getKey(), xmlSecToolCommandLineArguments.getKeyPassword());
            } catch (IOException e5) {
                log.error("Unable to read keystore " + xmlSecToolCommandLineArguments.getKeystore(), e5);
                System.exit(2);
            } catch (GeneralSecurityException e6) {
                log.error("Unable to recover key entry from keystore", e6);
                System.exit(2);
            }
        }
        if (xmlSecToolCommandLineArguments.getKeyInfoKeyNames() != null) {
            basicX509Credential.getKeyNames().addAll(xmlSecToolCommandLineArguments.getKeyInfoKeyNames());
        }
        basicX509Credential.setCRLs(getCRLs(xmlSecToolCommandLineArguments));
        return basicX509Credential;
    }

    protected static Collection<X509CRL> getCRLs(XmlSecToolCommandLineArguments xmlSecToolCommandLineArguments) {
        List<String> keyInfoCrls = xmlSecToolCommandLineArguments.getKeyInfoCrls();
        if (keyInfoCrls == null || keyInfoCrls.isEmpty()) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList();
        File file = null;
        try {
            for (String str : keyInfoCrls) {
                file = new File(str);
                if (!file.exists() || !file.canRead()) {
                    log.error("Unable to read CRL file " + str);
                    System.exit(6);
                }
                arrayList.addAll(X509Util.decodeCRLs(file));
            }
        } catch (CRLException e) {
            log.error("Unable to parse CRL file " + file.getAbsolutePath(), e);
            System.exit(6);
        }
        return arrayList;
    }

    protected static void writeDocument(XmlSecToolCommandLineArguments xmlSecToolCommandLineArguments, Node node) {
        try {
            log.debug("Attempting to write output to file {}", xmlSecToolCommandLineArguments.getOutputFile());
            File file = new File(xmlSecToolCommandLineArguments.getOutputFile());
            if (file.exists() && file.isDirectory()) {
                log.error("Output file " + xmlSecToolCommandLineArguments.getOutputFile() + " is a directory");
                System.exit(2);
            }
            file.createNewFile();
            if (!file.canWrite()) {
                log.error("Unable to write to output file " + xmlSecToolCommandLineArguments.getOutputFile());
                System.exit(2);
            }
            OutputStream fileOutputStream = new FileOutputStream(xmlSecToolCommandLineArguments.getOutputFile());
            if (xmlSecToolCommandLineArguments.isBase64EncodedOutput()) {
                log.debug("Base64 encoding output to file");
                fileOutputStream = new Base64.OutputStream(fileOutputStream);
            }
            if (xmlSecToolCommandLineArguments.isDeflateOutput()) {
                log.debug("Deflate compressing output to file");
                fileOutputStream = new DeflaterOutputStream(fileOutputStream);
            }
            if (xmlSecToolCommandLineArguments.isGzipOutput()) {
                log.debug("GZip compressing output to file");
                fileOutputStream = new GZIPOutputStream(fileOutputStream);
            }
            log.debug("Writting XML document to output file {}", xmlSecToolCommandLineArguments.getOutputFile());
            try {
                Transformer newTransformer = TransformerFactory.newInstance().newTransformer();
                newTransformer.setOutputProperty("encoding", "UTF-8");
                newTransformer.transform(new DOMSource(node), new StreamResult(fileOutputStream));
            } catch (TransformerException e) {
                log.error("Unable to write out XML", e);
                System.exit(2);
            }
            fileOutputStream.flush();
            fileOutputStream.close();
            log.info("XML document written to file {}", file.getAbsolutePath());
        } catch (IOException e2) {
            log.error("Unable to write document to file " + xmlSecToolCommandLineArguments.getOutputFile(), e2);
            System.exit(2);
        }
    }

    protected static void initLogging(XmlSecToolCommandLineArguments xmlSecToolCommandLineArguments) {
        if (xmlSecToolCommandLineArguments.getLoggingConfiguration() != null) {
            System.setProperty("logback.configurationFile", xmlSecToolCommandLineArguments.getLoggingConfiguration());
        } else if (xmlSecToolCommandLineArguments.doVerboseOutput()) {
            System.setProperty("logback.configurationFile", "logger-verbose.xml");
        } else if (xmlSecToolCommandLineArguments.doQuietOutput()) {
            System.setProperty("logback.configurationFile", "logger-quiet.xml");
        } else {
            System.setProperty("logback.configurationFile", "logger-normal.xml");
        }
        log = LoggerFactory.getLogger(XmlSecTool.class);
    }
}
