package org.eclipse.cbi.webservice.signing.macosx;

import com.google.auto.value.AutoValue;
import com.google.common.base.Joiner;
import com.google.common.base.Preconditions;
import com.google.common.base.Throwables;
import com.google.common.collect.ImmutableList;
import java.io.IOException;
import java.nio.file.FileSystem;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.StandardCopyOption;
import java.nio.file.attribute.FileAttribute;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import java.util.stream.Stream;
import org.eclipse.cbi.common.util.Paths;
import org.eclipse.cbi.common.util.Zips;
import org.eclipse.cbi.webservice.signing.macosx.AutoValue_Codesigner;
import org.eclipse.cbi.webservice.signing.macosx.AutoValue_Codesigner_Options;
import org.eclipse.cbi.webservice.util.ProcessExecutor;
import org.eclipse.cbi.webservice.util.function.UnsafePredicate;
import org.eclipse.cbi.webservice.util.function.WrappedException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@AutoValue
/* loaded from: input_file:org/eclipse/cbi/webservice/signing/macosx/Codesigner.class */
public abstract class Codesigner {
    private static final Logger logger = LoggerFactory.getLogger(Codesigner.class);
    private static final String TEMP_FILE_PREFIX = Codesigner.class.getSimpleName() + "-";
    private static final String DOT_PKG_GLOB_PATTERN = "glob:**.{pkg,mpkg}";

    @AutoValue.Builder
    /* loaded from: input_file:org/eclipse/cbi/webservice/signing/macosx/Codesigner$Builder.class */
    public static abstract class Builder {
        public abstract Builder tempFolder(Path path);

        public abstract Builder keychainPassword(String str);

        abstract String keychainPassword();

        public abstract Builder keychain(Path path);

        abstract Path keychain();

        public abstract Builder identityApplication(String str);

        abstract String identityApplication();

        public abstract Builder identityInstaller(String str);

        abstract String identityInstaller();

        public abstract Builder processExecutor(ProcessExecutor processExecutor);

        public abstract Builder codesignTimeout(long j);

        public abstract Builder productsignTimeout(long j);

        public abstract Builder timeStampAuthority(String str);

        abstract String timeStampAuthority();

        public abstract Builder securityUnlockTimeout(long j);

        abstract Builder codesignCommandPrefix(ImmutableList<String> immutableList);

        abstract Builder productsignCommandPrefix(ImmutableList<String> immutableList);

        abstract Builder securityUnlockCommand(ImmutableList<String> immutableList);

        abstract Codesigner autoBuild();

        public Codesigner build() {
            Preconditions.checkState(!identityApplication().isEmpty(), "Certificate name must not be empty");
            Preconditions.checkState(Files.exists(keychain(), new LinkOption[0]) && Files.isRegularFile(keychain(), new LinkOption[0]), "Keychain file must exists");
            ImmutableList.Builder builder = ImmutableList.builder();
            builder.add(new String[]{"codesign", "-s", identityApplication(), "--options", "runtime", "-f", "--verbose=4", "--keychain", keychain().toString()});
            if (timeStampAuthority().trim().isEmpty()) {
                builder.add("--timestamp");
            } else {
                builder.add("--timestamp=\"" + timeStampAuthority().trim() + "\"");
            }
            codesignCommandPrefix(builder.build());
            ImmutableList.Builder builder2 = ImmutableList.builder();
            builder2.add(new String[]{"productsign", "--sign", identityInstaller(), "--keychain", keychain().toString()});
            if (timeStampAuthority().trim().isEmpty()) {
                builder2.add("--timestamp");
            } else {
                builder2.add("--timestamp=\"" + timeStampAuthority().trim() + "\"");
            }
            productsignCommandPrefix(builder2.build());
            securityUnlockCommand(ImmutableList.of("security", "unlock", "-p", keychainPassword(), keychain().toString()));
            Codesigner autoBuild = autoBuild();
            Preconditions.checkState(autoBuild.codesignTimeout() > 0, "Codesign timeout must be strictly positive");
            Preconditions.checkState(autoBuild.securityUnlockTimeout() > 0, "Security unlock timeout must be strictly positive");
            Preconditions.checkState(Files.exists(autoBuild.tempFolder(), new LinkOption[0]), "Temporary folder must exists");
            Preconditions.checkState(Files.exists(autoBuild.tempFolder(), new LinkOption[0]), "Temporary folder must exists");
            Preconditions.checkState(Files.isDirectory(autoBuild.tempFolder(), new LinkOption[0]), "Temporary folder must be a directory");
            return autoBuild;
        }
    }

    @AutoValue
    /* loaded from: input_file:org/eclipse/cbi/webservice/signing/macosx/Codesigner$Options.class */
    public static abstract class Options {

        @AutoValue.Builder
        /* loaded from: input_file:org/eclipse/cbi/webservice/signing/macosx/Codesigner$Options$Builder.class */
        public static abstract class Builder {
            public abstract Builder deep(boolean z);

            public abstract Builder force(boolean z);

            public abstract Builder entitlements(Path path);

            public abstract Builder entitlements(Optional<Path> optional);

            public abstract Options build();
        }

        public abstract boolean deep();

        public abstract boolean force();

        public abstract Optional<Path> entitlements();

        public static Builder builder() {
            return new AutoValue_Codesigner_Options.Builder().deep(true).force(true);
        }

        public List<String> toArgsList() {
            ImmutableList.Builder builder = ImmutableList.builder();
            if (deep()) {
                builder.add("--deep");
            }
            if (force()) {
                builder.add("--force");
            }
            if (entitlements().isPresent()) {
                builder.add(new String[]{"--entitlements", entitlements().get().toString()});
            }
            return builder.build();
        }
    }

    public long signZippedApplications(Path path, Path path2, Options options) throws IOException {
        Objects.requireNonNull(path);
        Objects.requireNonNull(path2);
        Preconditions.checkArgument(Files.isRegularFile(path, new LinkOption[0]), "Source zip must be an existing regular file");
        Preconditions.checkArgument(path.getFileName().toString().endsWith(".zip"), "Source path must end with zip extension");
        Preconditions.checkArgument(path2.getFileName().toString().endsWith(".zip"), "Target path must end with zip extension");
        try {
            Path createTempDirectory = Files.createTempDirectory(tempFolder(), TEMP_FILE_PREFIX, new FileAttribute[0]);
            if (Zips.unpackZip(path, createTempDirectory) <= 0) {
                throw new IOException("The provided Zip file is invalid");
            }
            long signAndRezip = signAndRezip(createTempDirectory, path2, options);
            cleanTemporaryResource(createTempDirectory);
            return signAndRezip;
        } catch (Throwable th) {
            cleanTemporaryResource(null);
            throw th;
        }
    }

    private long signAndRezip(Path path, Path path2, Options options) throws IOException {
        long signAll = signAll(path, options);
        if (signAll <= 0 || Zips.packZip(path, path2, false) > 0) {
            return signAll;
        }
        throw new IOException("The signing was succesfull, but something wrong happened when trying to zip it back");
    }

    public long signFile(Path path, Options options) throws IOException {
        Objects.requireNonNull(path);
        return doSign(path, options, true) ? 1L : 0L;
    }

    private long signAll(Path path, Options options) throws IOException {
        Objects.requireNonNull(path);
        Preconditions.checkArgument(Files.isDirectory(path, new LinkOption[0]), "Path must reference an existing directory");
        unlockKeychain();
        Stream<Path> list = Files.list(path);
        try {
            try {
                long count = list.filter(UnsafePredicate.safePredicate(path2 -> {
                    return doSign(path2, options, false);
                })).count();
                if (list != null) {
                    list.close();
                }
                return count;
            } catch (WrappedException e) {
                Throwables.throwIfInstanceOf(e.getCause(), IOException.class);
                Throwables.throwIfUnchecked(e.getCause());
                throw new RuntimeException(e.getCause());
            }
        } catch (Throwable th) {
            if (list != null) {
                try {
                    list.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private boolean doSign(Path path, Options options, boolean z) throws IOException {
        if (z) {
            unlockKeychain();
        }
        FileSystem fileSystem = path.getFileSystem();
        if (Files.isDirectory(path, new LinkOption[0])) {
            return codesign(path, options);
        }
        if (Files.isRegularFile(path, new LinkOption[0])) {
            return fileSystem.getPathMatcher(DOT_PKG_GLOB_PATTERN).matches(path) ? productsign(path) : codesign(path, options);
        }
        return false;
    }

    private boolean codesign(Path path, Options options) throws IOException {
        Objects.requireNonNull(path);
        StringBuilder sb = new StringBuilder();
        int exec = processExecutor().exec(codesignCommand(path, options), sb, codesignTimeout(), TimeUnit.SECONDS);
        if (exec == 0) {
            return true;
        }
        throw new IOException(Joiner.on('\n').join("The 'codesign' command on '" + path.getFileName() + "' exited with value '" + exec + "'", "'codesign' command output:", new Object[]{sb}));
    }

    private boolean productsign(Path path) throws IOException {
        Objects.requireNonNull(path);
        Preconditions.checkArgument(path.getFileSystem().getPathMatcher(DOT_PKG_GLOB_PATTERN).matches(path), "Path must ends with '.pkg' or '.mpkg'");
        Preconditions.checkArgument(Files.isRegularFile(path, new LinkOption[0]), "Path must reference an existing regular file");
        StringBuilder sb = new StringBuilder();
        Path createTempFile = Files.createTempFile(path.getParent(), com.google.common.io.Files.getNameWithoutExtension(path.getFileName().toString()), com.google.common.io.Files.getFileExtension(path.getFileName().toString()), new FileAttribute[0]);
        try {
            int exec = processExecutor().exec(productsignCommand(path, createTempFile), sb, productsignTimeout(), TimeUnit.SECONDS);
            if (exec != 0) {
                throw new IOException(Joiner.on('\n').join("The 'productsign' command on '" + path.getFileName() + "' exited with value '" + exec + "'", "'productsign' command output:", new Object[]{sb}));
            }
            Files.move(createTempFile, path, StandardCopyOption.REPLACE_EXISTING);
            cleanTemporaryResource(createTempFile);
            return true;
        } catch (Throwable th) {
            cleanTemporaryResource(createTempFile);
            throw th;
        }
    }

    private void unlockKeychain() throws IOException {
        StringBuilder sb = new StringBuilder();
        int exec = processExecutor().exec(securityUnlockCommand(), sb, securityUnlockTimeout(), TimeUnit.SECONDS);
        if (exec != 0) {
            throw new IOException(Joiner.on('\n').join("The 'security unlock' command exited with value '" + exec + "'", "'security unlock' output:", new Object[]{sb}));
        }
    }

    private ImmutableList<String> codesignCommand(Path path, Options options) {
        return ImmutableList.builder().addAll(codesignCommandPrefix()).addAll(options.toArgsList()).add(path.toString()).build();
    }

    private ImmutableList<String> productsignCommand(Path path, Path path2) {
        return ImmutableList.builder().addAll(productsignCommandPrefix()).add(path.toString()).add(path2.toString()).build();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void cleanTemporaryResource(Path path) {
        if (path == null || !Files.exists(path, new LinkOption[0])) {
            return;
        }
        try {
            Paths.delete(path);
        } catch (IOException e) {
            logger.error("Error occured while deleting temporary resource '" + path.toString() + "'", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract Path tempFolder();

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract String keychainPassword();

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract Path keychain();

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract String identityApplication();

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract String identityInstaller();

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract ProcessExecutor processExecutor();

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract long codesignTimeout();

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract long productsignTimeout();

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract String timeStampAuthority();

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract long securityUnlockTimeout();

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract ImmutableList<String> codesignCommandPrefix();

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract ImmutableList<String> productsignCommandPrefix();

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract ImmutableList<String> securityUnlockCommand();

    public static Builder builder() {
        return new AutoValue_Codesigner.Builder().securityUnlockTimeout(20L).codesignTimeout(TimeUnit.MINUTES.toSeconds(10L)).productsignTimeout(TimeUnit.MINUTES.toSeconds(10L));
    }
}
