package org.eclipse.cbi.webservice.signing.macosx;

import com.google.auto.value.AutoValue;
import com.google.common.base.Preconditions;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServlet;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;
import org.eclipse.cbi.webservice.servlet.RequestFacade;
import org.eclipse.cbi.webservice.servlet.ResponseFacade;
import org.eclipse.cbi.webservice.signing.macosx.AutoValue_SigningServlet;
import org.eclipse.cbi.webservice.signing.macosx.Codesigner;

@AutoValue
/* loaded from: input_file:org/eclipse/cbi/webservice/signing/macosx/SigningServlet.class */
public abstract class SigningServlet extends HttpServlet {
    private static final String TEMP_FILE_PREFIX = SigningServlet.class.getSimpleName() + "-";
    private static final String ZIP_CONTENT_TYPE = "application/zip";
    private static final String OCTET_STREAM__CONTENT_TYPE = "application/octet-stream";
    private static final String FILE_PART_NAME = "file";
    private static final String ENTITLEMENTS_PART_NAME = "entitlements";
    private static final long serialVersionUID = 523028904959736808L;

    @AutoValue.Builder
    /* loaded from: input_file:org/eclipse/cbi/webservice/signing/macosx/SigningServlet$Builder.class */
    public static abstract class Builder {
        public abstract Builder codesigner(Codesigner codesigner);

        public abstract Builder tempFolder(Path path);

        abstract SigningServlet autoBuild();

        public SigningServlet build() {
            SigningServlet autoBuild = autoBuild();
            Preconditions.checkState(Files.exists(autoBuild.tempFolder(), new LinkOption[0]), "Temporary folder must exists");
            Preconditions.checkState(Files.isDirectory(autoBuild.tempFolder(), new LinkOption[0]), "Temporary folder must be a directory");
            return autoBuild;
        }
    }

    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        ResponseFacade build = ResponseFacade.builder().servletResponse(httpServletResponse).build();
        RequestFacade build2 = RequestFacade.builder(tempFolder()).request(httpServletRequest).build();
        try {
            if (build2.hasPart(FILE_PART_NAME)) {
                doSign(build2, build);
            } else {
                build.replyError(400, "POST request must contain a part named 'file'");
            }
            if (build2 != null) {
                build2.close();
            }
        } catch (Throwable th) {
            if (build2 != null) {
                try {
                    build2.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private void doSign(RequestFacade requestFacade, ResponseFacade responseFacade) throws IOException, ServletException {
        Path path = (Path) requestFacade.getPartPath(FILE_PART_NAME, TEMP_FILE_PREFIX).get();
        Codesigner.Options build = Codesigner.Options.builder().entitlements(requestFacade.getPartPath(ENTITLEMENTS_PART_NAME, TEMP_FILE_PREFIX)).build();
        if ("zip".equals(com.google.common.io.Files.getFileExtension((String) requestFacade.getSubmittedFileName(FILE_PART_NAME).get()))) {
            signFilesInZip(requestFacade, responseFacade, path, build);
        } else if (codesigner().signFile(path, build) > 0) {
            responseFacade.replyWithFile(OCTET_STREAM__CONTENT_TYPE, (String) requestFacade.getSubmittedFileName(FILE_PART_NAME).get(), path);
        } else {
            responseFacade.replyError(400, "Unable to sign provided file");
        }
    }

    private void signFilesInZip(RequestFacade requestFacade, ResponseFacade responseFacade, Path path, Codesigner.Options options) throws IOException, ServletException {
        Path createTempFile = Files.createTempFile(tempFolder(), TEMP_FILE_PREFIX, "signed." + com.google.common.io.Files.getFileExtension((String) requestFacade.getSubmittedFileName(FILE_PART_NAME).get()), new FileAttribute[0]);
        try {
            if (codesigner().signZippedApplications(path, createTempFile, options) > 0) {
                responseFacade.replyWithFile(ZIP_CONTENT_TYPE, (String) requestFacade.getSubmittedFileName(FILE_PART_NAME).get(), createTempFile);
            } else {
                responseFacade.replyError(400, "No '.app' folder can be found in the provided zip file");
            }
        } finally {
            Codesigner.cleanTemporaryResource(createTempFile);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract Codesigner codesigner();

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract Path tempFolder();

    public static Builder builder() {
        return new AutoValue_SigningServlet.Builder();
    }
}
