package org.jenkinsci.plugins.androidsigning;

import com.android.apksig.ApkSigner;
import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.common.StandardCertificateCredentials;
import com.cloudbees.plugins.credentials.domains.DomainRequirement;
import hudson.AbortException;
import hudson.EnvVars;
import hudson.Extension;
import hudson.FilePath;
import hudson.Launcher;
import hudson.model.AbstractBuild;
import hudson.model.AbstractProject;
import hudson.model.Item;
import hudson.model.ItemGroup;
import hudson.model.Result;
import hudson.model.Run;
import hudson.model.TaskListener;
import hudson.remoting.VirtualChannel;
import hudson.security.ACL;
import hudson.tasks.BuildStepDescriptor;
import hudson.tasks.Builder;
import hudson.util.ArgumentListBuilder;
import hudson.util.FormValidation;
import hudson.util.ListBoxModel;
import java.io.File;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Comparator;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.TreeSet;
import javax.annotation.Nonnull;
import jenkins.MasterToSlaveFileCallable;
import jenkins.model.Jenkins;
import jenkins.tasks.SimpleBuildStep;
import jenkins.util.BuildListenerAdapter;
import org.apache.commons.lang.StringUtils;
import org.jenkinsci.Symbol;
import org.jenkinsci.plugins.androidsigning.SignedApkMappingStrategy;
import org.kohsuke.stapler.AncestorInPath;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.DataBoundSetter;
import org.kohsuke.stapler.QueryParameter;

/* loaded from: input_file:WEB-INF/lib/android-signing.jar:org/jenkinsci/plugins/androidsigning/SignApksBuilder.class */
public class SignApksBuilder extends Builder implements SimpleBuildStep {
    static final List<DomainRequirement> NO_REQUIREMENTS = Collections.emptyList();
    static final String BUILDER_DIR = SignApksBuilder.class.getSimpleName() + "-out";
    private String androidHome;
    private String zipalignPath;
    private String keyStoreId;
    private String keyAlias;
    private String apksToSign;
    private SignedApkMappingStrategy signedApkMapping;
    private boolean archiveSignedApks;
    private boolean archiveUnsignedApks;
    private boolean skipZipalign;
    private transient List<Apk> entries;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/android-signing.jar:org/jenkinsci/plugins/androidsigning/SignApksBuilder$SignApkCallable.class */
    public static class SignApkCallable extends MasterToSlaveFileCallable<Void> {
        private static final long serialVersionUID = 1;
        private final PrivateKey key;
        private final Certificate[] certChain;
        private final String v1SigName;
        private final String outputApk;
        private final TaskListener listener;

        SignApkCallable(PrivateKey privateKey, Certificate[] certificateArr, String str, String str2, TaskListener taskListener) {
            this.key = privateKey;
            this.certChain = certificateArr;
            this.v1SigName = str;
            this.outputApk = str2;
            this.listener = taskListener;
        }

        /* renamed from: invoke, reason: merged with bridge method [inline-methods] */
        public Void m25invoke(File file, VirtualChannel virtualChannel) throws IOException, InterruptedException {
            File file2 = new File(this.outputApk);
            if (file2.isFile()) {
                this.listener.getLogger().printf("[SignApksBuilder] deleting previous signed APK %s%n", this.outputApk);
                if (!file2.delete()) {
                    throw new AbortException("failed to delete previous signed APK " + this.outputApk);
                }
            }
            ArrayList arrayList = new ArrayList(this.certChain.length);
            for (Certificate certificate : this.certChain) {
                arrayList.add((X509Certificate) certificate);
            }
            try {
                new ApkSigner.Builder((List<ApkSigner.SignerConfig>) Collections.singletonList(new ApkSigner.SignerConfig.Builder(this.v1SigName, this.key, arrayList).build())).setInputApk(file).setOutputApk(file2).setOtherSignersSignaturesPreserved(false).setV1SigningEnabled(true).setV2SigningEnabled(true).build().sign();
                return null;
            } catch (Exception e) {
                e.printStackTrace(this.listener.fatalError("[SignApksBuilder] error signing APK %s", new Object[]{file.getAbsolutePath()}));
                throw new AbortException("failed to sign APK " + file.getAbsolutePath() + ": " + e.getLocalizedMessage());
            }
        }
    }

    @Extension
    @Symbol({"signAndroidApks"})
    /* loaded from: input_file:WEB-INF/lib/android-signing.jar:org/jenkinsci/plugins/androidsigning/SignApksBuilder$SignApksDescriptor.class */
    public static final class SignApksDescriptor extends BuildStepDescriptor<Builder> {
        static final String DISPLAY_NAME = Messages.builderDisplayName();

        public boolean isApplicable(Class<? extends AbstractProject> cls) {
            return true;
        }

        public SignApksDescriptor() {
            load();
        }

        @Nonnull
        public String getDisplayName() {
            return DISPLAY_NAME;
        }

        public ListBoxModel doFillKeyStoreIdItems(@AncestorInPath ItemGroup<?> itemGroup) {
            if (itemGroup == null) {
                itemGroup = Jenkins.getInstance();
            }
            ListBoxModel listBoxModel = new ListBoxModel();
            for (StandardCertificateCredentials standardCertificateCredentials : CredentialsProvider.lookupCredentials(StandardCertificateCredentials.class, itemGroup, ACL.SYSTEM, SignApksBuilder.NO_REQUIREMENTS)) {
                String id = standardCertificateCredentials.getId();
                String description = standardCertificateCredentials.getDescription();
                if (StringUtils.isEmpty(description)) {
                    description = id;
                }
                listBoxModel.add(description, id);
            }
            return listBoxModel;
        }

        public FormValidation doCheckAlias(@AncestorInPath AbstractProject abstractProject, @QueryParameter String str) throws IOException {
            return FormValidation.validateRequired(str);
        }

        public FormValidation doCheckApksToSign(@AncestorInPath AbstractProject abstractProject, @QueryParameter String str) throws IOException {
            String validation_globSearchLimitReached;
            if (abstractProject == null) {
                return FormValidation.warning(Messages.validation_noProject());
            }
            FilePath someWorkspace = abstractProject.getSomeWorkspace();
            if (someWorkspace == null) {
                return FormValidation.warning(Messages.validation_noWorkspace());
            }
            for (String str2 : SignApksBuilder.getSelectionGlobs(str)) {
                try {
                    validation_globSearchLimitReached = someWorkspace.validateAntFileMask(str, FilePath.VALIDATE_ANT_FILE_MASK_BOUND);
                } catch (InterruptedException e) {
                    validation_globSearchLimitReached = Messages.validation_globSearchLimitReached(Integer.valueOf(FilePath.VALIDATE_ANT_FILE_MASK_BOUND));
                }
                if (validation_globSearchLimitReached != null) {
                    return FormValidation.warning(validation_globSearchLimitReached);
                }
            }
            return FormValidation.ok();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<SignApksBuilder> singleEntryBuildersFromEntriesOfBuilder(SignApksBuilder signApksBuilder) {
        ArrayList arrayList = new ArrayList(signApksBuilder.getEntries().size());
        for (Apk apk : signApksBuilder.getEntries()) {
            SignApksBuilder signApksBuilder2 = new SignApksBuilder();
            signApksBuilder2.setPropertiesFromOldSigningEntry(apk);
            signApksBuilder2.setAndroidHome(signApksBuilder.getAndroidHome());
            signApksBuilder2.setZipalignPath(signApksBuilder.getZipalignPath());
            arrayList.add(signApksBuilder2);
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String[] getSelectionGlobs(String str) {
        String[] split = str.split("\\s*,\\s*");
        ArrayList arrayList = new ArrayList(split.length);
        for (String str2 : split) {
            String trim = str2.trim();
            if (trim.length() > 0) {
                arrayList.add(trim);
            }
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    @Deprecated
    public SignApksBuilder(List<Apk> list) {
        this();
        if (list.size() == 1) {
            setPropertiesFromOldSigningEntry(list.get(0));
        } else if (list.size() > 1) {
            throw new UnsupportedOperationException("this constructor is deprecated; use multiple build steps instead of multiple signing entries");
        }
    }

    @DataBoundConstructor
    public SignApksBuilder() {
        this.archiveSignedApks = true;
        this.archiveUnsignedApks = false;
        this.skipZipalign = false;
        this.signedApkMapping = new SignedApkMappingStrategy.UnsignedApkSiblingMapping();
    }

    protected Object readResolve() {
        if (this.signedApkMapping == null) {
            this.signedApkMapping = new SignedApkMappingStrategy.UnsignedApkBuilderDirMapping();
        }
        return this;
    }

    private void setPropertiesFromOldSigningEntry(Apk apk) {
        setKeyStoreId(apk.getKeyStore());
        setKeyAlias(apk.getAlias());
        setApksToSign(apk.getApksToSign());
        setSignedApkMapping(new SignedApkMappingStrategy.UnsignedApkBuilderDirMapping());
        setArchiveSignedApks(apk.getArchiveSignedApks());
        setArchiveUnsignedApks(apk.getArchiveUnsignedApks());
    }

    private boolean isIntermediateFailure(Run run) {
        Result result = run.getResult();
        return result != null && result.isWorseThan(Result.UNSTABLE);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isMigrated() {
        return this.entries == null || this.entries.isEmpty();
    }

    @Deprecated
    public List<Apk> getEntries() {
        return this.entries;
    }

    @DataBoundSetter
    public void setAndroidHome(String str) {
        this.androidHome = StringUtils.stripToNull(str);
    }

    public String getAndroidHome() {
        return this.androidHome;
    }

    @DataBoundSetter
    public void setZipalignPath(String str) {
        this.zipalignPath = StringUtils.stripToNull(str);
    }

    public String getZipalignPath() {
        return this.zipalignPath;
    }

    @DataBoundSetter
    public void setKeyStoreId(String str) {
        this.keyStoreId = str;
    }

    public String getKeyStoreId() {
        return this.keyStoreId;
    }

    @DataBoundSetter
    public void setKeyAlias(String str) {
        this.keyAlias = str;
    }

    public String getKeyAlias() {
        return this.keyAlias;
    }

    @DataBoundSetter
    public void setApksToSign(String str) {
        this.apksToSign = str;
    }

    public String getApksToSign() {
        return this.apksToSign;
    }

    @DataBoundSetter
    public void setSignedApkMapping(SignedApkMappingStrategy signedApkMappingStrategy) {
        this.signedApkMapping = signedApkMappingStrategy;
    }

    public SignedApkMappingStrategy getSignedApkMapping() {
        return this.signedApkMapping;
    }

    @DataBoundSetter
    public void setSkipZipalign(boolean z) {
        this.skipZipalign = z;
    }

    public boolean getSkipZipalign() {
        return this.skipZipalign;
    }

    @DataBoundSetter
    public void setArchiveSignedApks(boolean z) {
        this.archiveSignedApks = z;
    }

    public boolean getArchiveSignedApks() {
        return this.archiveSignedApks;
    }

    @DataBoundSetter
    public void setArchiveUnsignedApks(boolean z) {
        this.archiveUnsignedApks = z;
    }

    public boolean getArchiveUnsignedApks() {
        return this.archiveUnsignedApks;
    }

    public void perform(@Nonnull Run<?, ?> run, @Nonnull FilePath filePath, @Nonnull Launcher launcher, @Nonnull TaskListener taskListener) throws InterruptedException, IOException {
        if (isIntermediateFailure(run)) {
            taskListener.getLogger().println("[SignApksBuilder] skipping Sign APKs step because a previous step failed");
            return;
        }
        if (getEntries() != null && !getEntries().isEmpty()) {
            Iterator<SignApksBuilder> it = singleEntryBuildersFromEntriesOfBuilder(this).iterator();
            while (it.hasNext()) {
                it.next().perform(run, filePath, launcher, taskListener);
            }
            return;
        }
        ArgumentListBuilder addQuoted = new ArgumentListBuilder().add("echo").addQuoted("resolving effective environment");
        addQuoted.toWindowsCommand();
        if (!launcher.isUnix()) {
            addQuoted = addQuoted.toWindowsCommand();
        }
        Launcher.ProcStarter cmds = launcher.launch().pwd(filePath).cmds(addQuoted);
        try {
            cmds.join();
        } catch (Exception e) {
            taskListener.getLogger().println("[SignApksBuilder] error resolving effective script environment, but this does not necessarily fail your build:");
            e.printStackTrace(taskListener.getLogger());
        }
        String[] envs = cmds.envs();
        EnvVars envVars = new EnvVars();
        for (String str : envs) {
            envVars.addLine(str);
        }
        EnvVars envVars2 = new EnvVars();
        if (run instanceof AbstractBuild) {
            envVars2.overrideExpandingAll(run.getEnvironment(taskListener));
            envVars2.overrideExpandingAll(((AbstractBuild) run).getBuildVariables());
        }
        envVars2.overrideAll(envVars);
        FilePath child = filePath.child(BUILDER_DIR);
        FilePath child2 = child.child("zipalign");
        child2.mkdirs();
        ZipalignTool zipalignTool = new ZipalignTool(envVars2, filePath, taskListener.getLogger(), this.androidHome, this.zipalignPath);
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        StandardCertificateCredentials keystore = getKeystore(getKeyStoreId(), run.getParent());
        try {
            SigningComponents fromCredentials = SigningComponents.fromCredentials(keystore, getKeyAlias());
            TreeSet treeSet = new TreeSet(Comparator.comparing((v0) -> {
                return v0.getRemote();
            }));
            for (String str2 : getSelectionGlobs(getApksToSign())) {
                FilePath[] list = filePath.list(str2, child.getName() + "/**");
                if (list.length == 0) {
                    throw new AbortException("No APKs in workspace matching " + str2);
                }
                treeSet.addAll(Arrays.asList(list));
            }
            String str3 = BUILDER_DIR + "/" + getKeyStoreId() + "/" + getKeyAlias() + "/";
            if (this.signedApkMapping == null) {
                this.signedApkMapping = new SignedApkMappingStrategy.UnsignedApkSiblingMapping();
            }
            Iterator it2 = treeSet.iterator();
            while (it2.hasNext()) {
                FilePath absolutize = ((FilePath) it2.next()).absolutize();
                FilePath createTempFile = child2.createTempFile("aligned-" + absolutize.getBaseName() + "-", ".apk");
                FilePath destinationForUnsignedApk = this.signedApkMapping.destinationForUnsignedApk(absolutize, filePath);
                if (this.skipZipalign) {
                    taskListener.getLogger().printf("[SignApksBuilder] skipping zipalign for unsigned apk %s", absolutize);
                    createTempFile = absolutize;
                } else {
                    ArgumentListBuilder commandFor = zipalignTool.commandFor(absolutize.getRemote(), createTempFile.getRemote());
                    taskListener.getLogger().printf("[SignApksBuilder] %s%n", commandFor);
                    int join = launcher.launch().cmds(commandFor).pwd(filePath).stdout(taskListener).stderr(taskListener.getLogger()).join();
                    if (join != 0) {
                        taskListener.fatalError("[SignApksBuilder] zipalign failed: exit code %d", new Object[]{Integer.valueOf(join)});
                        throw new AbortException(String.format("zipalign failed on APK %s: exit code %d", absolutize, Integer.valueOf(join)));
                    }
                }
                String relativeToWorkspace = relativeToWorkspace(filePath, createTempFile);
                String relativeToWorkspace2 = relativeToWorkspace(filePath, destinationForUnsignedApk);
                if (!createTempFile.exists()) {
                    throw new AbortException(String.format("aligned APK does not exist: %s", relativeToWorkspace));
                }
                taskListener.getLogger().printf("[SignApksBuilder] signing APK %s%n", relativeToWorkspace);
                FilePath parent = destinationForUnsignedApk.getParent();
                if (!parent.exists()) {
                    parent.mkdirs();
                }
                createTempFile.act(new SignApkCallable(fromCredentials.key, fromCredentials.certChain, fromCredentials.v1SigName, destinationForUnsignedApk.getRemote(), taskListener));
                taskListener.getLogger().printf("[SignApksBuilder] signed APK %s%n", relativeToWorkspace2);
                if (getArchiveUnsignedApks()) {
                    taskListener.getLogger().printf("[SignApksBuilder] archiving unsigned APK %s%n", absolutize);
                    linkedHashMap.put(str3 + absolutize.getName() + "/" + absolutize.getName(), relativeToWorkspace(filePath, absolutize));
                }
                if (getArchiveSignedApks()) {
                    taskListener.getLogger().printf("[SignApksBuilder] archiving signed APK %s%n", relativeToWorkspace2);
                    linkedHashMap.put(str3 + absolutize.getName() + "/" + destinationForUnsignedApk.getName(), relativeToWorkspace2);
                }
            }
            taskListener.getLogger().println("[SignApksBuilder] finished signing APKs");
            if (linkedHashMap.size() > 0) {
                run.pickArtifactManager().archive(filePath, launcher, BuildListenerAdapter.wrap(taskListener), linkedHashMap);
            }
        } catch (GeneralSecurityException e2) {
            String str4 = "Error reading signing key from key store credential " + keystore.getId() + ": " + e2.getMessage();
            taskListener.fatalError(str4);
            e2.printStackTrace(taskListener.getLogger());
            throw new AbortException(str4);
        }
    }

    private String relativeToWorkspace(FilePath filePath, FilePath filePath2) throws IOException, InterruptedException {
        return filePath.toURI().relativize(filePath2.toURI()).getPath().replaceFirst("/$", "");
    }

    private StandardCertificateCredentials getKeystore(String str, Item item) {
        return CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentials(StandardCertificateCredentials.class, item, ACL.SYSTEM, NO_REQUIREMENTS), CredentialsMatchers.withId(str));
    }
}
