package org.eclipse.cbi.webservice.dmgpackaging;

import com.google.auto.value.AutoValue;
import com.google.common.base.Joiner;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableList;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.util.Objects;
import java.util.concurrent.TimeUnit;
import org.eclipse.cbi.webservice.dmgpackaging.AutoValue_DMGSigner;
import org.eclipse.cbi.webservice.util.ProcessExecutor;

@AutoValue
/* loaded from: input_file:org/eclipse/cbi/webservice/dmgpackaging/DMGSigner.class */
public abstract class DMGSigner {
    private static final String DOT_DMG_GLOB_PATTERN = "glob:**.dmg";

    @AutoValue.Builder
    /* loaded from: input_file:org/eclipse/cbi/webservice/dmgpackaging/DMGSigner$Builder.class */
    public static abstract class Builder {
        public abstract Builder keychainPassword(String str);

        abstract String keychainPassword();

        public abstract Builder keychain(Path path);

        abstract Path keychain();

        public abstract Builder certificateName(String str);

        abstract String certificateName();

        public abstract Builder timeStampAuthority(String str);

        abstract String timeStampAuthority();

        public abstract Builder processExecutor(ProcessExecutor processExecutor);

        public abstract Builder codesignTimeout(long j);

        public abstract Builder securityUnlockTimeout(long j);

        abstract Builder codesignCommandPrefix(ImmutableList<String> immutableList);

        abstract Builder securityUnlockCommand(ImmutableList<String> immutableList);

        abstract DMGSigner autoBuild();

        public DMGSigner build() {
            Preconditions.checkState(!certificateName().isEmpty(), "Certificate name must not be empty");
            Preconditions.checkState(Files.exists(keychain(), new LinkOption[0]) && Files.isRegularFile(keychain(), new LinkOption[0]), "Keychain file must exists");
            ImmutableList.Builder builder = ImmutableList.builder();
            builder.add(new String[]{"codesign", "-s", certificateName(), "-f", "--verbose=4", "--keychain", keychain().toString()});
            if (timeStampAuthority().trim().isEmpty()) {
                builder.add("--timestamp");
            } else {
                builder.add("--timestamp=\"" + timeStampAuthority().trim() + "\"");
            }
            codesignCommandPrefix(builder.build());
            securityUnlockCommand(ImmutableList.of("security", "unlock", "-p", keychainPassword(), keychain().toString()));
            DMGSigner autoBuild = autoBuild();
            Preconditions.checkState(autoBuild.codesignTimeout() > 0, "Codesign timeout must be strictly positive");
            Preconditions.checkState(autoBuild.securityUnlockTimeout() > 0, "Security unlock timeout must be strictly positive");
            return autoBuild;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract String keychainPassword();

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract Path keychain();

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract String certificateName();

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract String timeStampAuthority();

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract ProcessExecutor processExecutor();

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract long codesignTimeout();

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract long securityUnlockTimeout();

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract ImmutableList<String> codesignCommandPrefix();

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract ImmutableList<String> securityUnlockCommand();

    public static Builder builder() {
        return new AutoValue_DMGSigner.Builder().securityUnlockTimeout(20L).codesignTimeout(TimeUnit.MINUTES.toSeconds(10L));
    }

    public boolean sign(Path path) throws IOException {
        Objects.requireNonNull(path);
        Preconditions.checkArgument(path.getFileSystem().getPathMatcher(DOT_DMG_GLOB_PATTERN).matches(path), "Path must ends with '.dmg");
        unlockKeychain();
        StringBuilder sb = new StringBuilder();
        int exec = processExecutor().exec(codesignCommand(path), sb, codesignTimeout(), TimeUnit.SECONDS);
        if (exec == 0) {
            return true;
        }
        throw new IOException(Joiner.on('\n').join("The 'codesign' command on '" + path.getFileName() + "' exited with value '" + exec + "'", "'codesign' command output:", new Object[]{sb}));
    }

    private ImmutableList<String> codesignCommand(Path path) {
        return ImmutableList.builder().addAll(codesignCommandPrefix()).add(path.toString()).build();
    }

    private void unlockKeychain() throws IOException {
        StringBuilder sb = new StringBuilder();
        int exec = processExecutor().exec(securityUnlockCommand(), sb, securityUnlockTimeout(), TimeUnit.SECONDS);
        if (exec != 0) {
            throw new IOException(Joiner.on('\n').join("The 'security unlock' command exited with value '" + exec + "'", "'security unlock' output:", new Object[]{sb}));
        }
    }
}
