package jenkins.plugins.rpmsign;

import hudson.Extension;
import hudson.FilePath;
import hudson.Launcher;
import hudson.model.AbstractBuild;
import hudson.model.AbstractProject;
import hudson.model.BuildListener;
import hudson.model.Descriptor;
import hudson.model.Result;
import hudson.tasks.BuildStepDescriptor;
import hudson.tasks.BuildStepMonitor;
import hudson.tasks.Publisher;
import hudson.tasks.Recorder;
import hudson.util.ArgumentListBuilder;
import hudson.util.FormValidation;
import hudson.util.ListBoxModel;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.io.PrintWriter;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.StringTokenizer;
import jenkins.model.Jenkins;
import net.sf.json.JSONObject;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.kohsuke.stapler.AncestorInPath;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.StaplerRequest;

/* loaded from: input_file:jenkins/plugins/rpmsign/RpmSignPlugin.class */
public class RpmSignPlugin extends Recorder {
    private List<Rpm> entries;

    @Extension
    /* loaded from: input_file:jenkins/plugins/rpmsign/RpmSignPlugin$GpgSignerDescriptor.class */
    public static final class GpgSignerDescriptor extends BuildStepDescriptor<Publisher> {
        public static final String DISPLAY_NAME = Messages.job_displayName();
        private volatile List<GpgKey> gpgKeys = new ArrayList();

        public boolean isApplicable(Class<? extends AbstractProject> cls) {
            return true;
        }

        public GpgSignerDescriptor() {
            load();
        }

        public String getDisplayName() {
            return DISPLAY_NAME;
        }

        public List<GpgKey> getGpgKeys() {
            return this.gpgKeys;
        }

        public ListBoxModel doFillGpgKeyNameItems() {
            ListBoxModel listBoxModel = new ListBoxModel();
            for (GpgKey gpgKey : this.gpgKeys) {
                listBoxModel.add(gpgKey.getName(), gpgKey.getName());
            }
            return listBoxModel;
        }

        public boolean configure(StaplerRequest staplerRequest, JSONObject jSONObject) throws Descriptor.FormException {
            this.gpgKeys = staplerRequest.bindJSONToList(GpgKey.class, jSONObject.get("gpgKey"));
            save();
            return true;
        }

        public FormValidation doCheckName(@AncestorInPath AbstractProject abstractProject, @QueryParameter String str) throws IOException {
            return FormValidation.validateRequired(str);
        }

        public FormValidation doCheckPrivateKey(@AncestorInPath AbstractProject abstractProject, @QueryParameter String str) throws IOException {
            return FormValidation.validateRequired(str);
        }

        public FormValidation doCheckPassphrase(@AncestorInPath AbstractProject abstractProject, @QueryParameter String str) throws IOException {
            return FormValidation.validateRequired(str);
        }

        public FormValidation doCheckIncludes(@AncestorInPath AbstractProject abstractProject, @QueryParameter String str) throws IOException, InterruptedException {
            if (abstractProject.getSomeWorkspace() == null) {
                return FormValidation.warning(Messages.noworkspace());
            }
            String validateAntFileMask = abstractProject.getSomeWorkspace().validateAntFileMask(str);
            return validateAntFileMask != null ? FormValidation.error(validateAntFileMask) : FormValidation.ok();
        }
    }

    @DataBoundConstructor
    public RpmSignPlugin(List<Rpm> list) {
        this.entries = Collections.emptyList();
        this.entries = list;
        if (this.entries == null) {
            this.entries = Collections.emptyList();
        }
    }

    public BuildStepMonitor getRequiredMonitorService() {
        return BuildStepMonitor.NONE;
    }

    private boolean isPerformDeployment(AbstractBuild abstractBuild) {
        if (abstractBuild.getResult() == null) {
            return true;
        }
        return abstractBuild.getResult().isBetterOrEqualTo(Result.UNSTABLE);
    }

    public List<Rpm> getEntries() {
        return this.entries;
    }

    public boolean perform(AbstractBuild<?, ?> abstractBuild, Launcher launcher, BuildListener buildListener) throws InterruptedException, IOException {
        if (!isPerformDeployment(abstractBuild)) {
            buildListener.getLogger().println("[RpmSignPlugin] - Skipping signing RPMs ...");
            return true;
        }
        buildListener.getLogger().println("[RpmSignPlugin] - Starting signing RPMs ...");
        for (Rpm rpm : this.entries) {
            StringTokenizer stringTokenizer = new StringTokenizer(rpm.getIncludes(), ",");
            GpgKey gpgKey = getGpgKey(rpm.getGpgKeyName());
            if (gpgKey != null && gpgKey.getPrivateKey().getPlainText().length() > 0) {
                buildListener.getLogger().println("[RpmSignPlugin] - Importing private key");
                importGpgKey(gpgKey.getPrivateKey().getPlainText(), abstractBuild, launcher, buildListener);
                buildListener.getLogger().println("[RpmSignPlugin] - Imported private key");
            }
            if (!isGpgKeyAvailable(gpgKey, abstractBuild, launcher, buildListener)) {
                buildListener.getLogger().println("[RpmSignPlugin] - Can't find GPG key: " + rpm.getGpgKeyName());
                return false;
            }
            while (stringTokenizer.hasMoreTokens()) {
                String nextToken = stringTokenizer.nextToken();
                buildListener.getLogger().println("[RpmSignPlugin] - Publishing " + nextToken);
                FilePath[] list = abstractBuild.getWorkspace().list(nextToken);
                if (ArrayUtils.isEmpty(list)) {
                    buildListener.getLogger().println("[RpmSignPlugin] - No RPMs matching " + nextToken);
                } else {
                    ArgumentListBuilder argumentListBuilder = new ArgumentListBuilder();
                    argumentListBuilder.add(new String[]{"rpm", "--define"});
                    argumentListBuilder.add("_gpg_name " + gpgKey.getName());
                    argumentListBuilder.addTokenized(rpm.getCmdlineOpts());
                    if (rpm.isResign()) {
                        argumentListBuilder.add("--resign");
                    } else {
                        argumentListBuilder.add("--addsign");
                    }
                    for (FilePath filePath : list) {
                        argumentListBuilder.add(filePath.toURI().normalize().getPath());
                    }
                    String argumentListBuilder2 = argumentListBuilder.toString();
                    buildListener.getLogger().println("[RpmSignPlugin] - Running " + argumentListBuilder2);
                    ArgumentListBuilder argumentListBuilder3 = new ArgumentListBuilder();
                    argumentListBuilder3.add(new String[]{"expect", "-"});
                    launcher.getClass();
                    Launcher.ProcStarter envs = new Launcher.ProcStarter(launcher).cmds(argumentListBuilder3).stdout(buildListener).pwd(abstractBuild.getWorkspace()).envs(abstractBuild.getEnvironment(buildListener));
                    envs.stdin(new ByteArrayInputStream(createExpectScriptFile(argumentListBuilder2, gpgKey.getPassphrase().getPlainText())));
                    if (launcher.launch(envs).join() != 0) {
                        buildListener.getLogger().println("[RpmSignPlugin] - Failed signing RPMs ...");
                        return false;
                    }
                }
            }
        }
        buildListener.getLogger().println("[RpmSignPlugin] - Finished signing RPMs ...");
        return true;
    }

    private byte[] createExpectScriptFile(String str, String str2) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(512);
        PrintWriter printWriter = new PrintWriter(new OutputStreamWriter(byteArrayOutputStream));
        try {
            printWriter.print("spawn ");
            printWriter.println(str);
            printWriter.println("expect \"Enter pass phrase: \"");
            printWriter.print("send -- \"");
            printWriter.print(str2);
            printWriter.println("\r\"");
            printWriter.println("expect eof");
            printWriter.println("catch wait rc");
            printWriter.println("exit [lindex $rc 3]");
            printWriter.println();
            printWriter.flush();
            printWriter.close();
            return byteArrayOutputStream.toByteArray();
        } catch (Throwable th) {
            printWriter.close();
            throw th;
        }
    }

    private void importGpgKey(String str, AbstractBuild<?, ?> abstractBuild, Launcher launcher, BuildListener buildListener) throws InterruptedException, IOException {
        ArgumentListBuilder argumentListBuilder = new ArgumentListBuilder();
        argumentListBuilder.add(new String[]{"gpg", "--import", "-"});
        launcher.getClass();
        Launcher.ProcStarter envs = new Launcher.ProcStarter(launcher).cmds(argumentListBuilder).stdout(buildListener).pwd(abstractBuild.getWorkspace()).envs(abstractBuild.getEnvironment(buildListener));
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(str.getBytes());
        envs.stdin(byteArrayInputStream);
        launcher.launch(envs).join();
        byteArrayInputStream.close();
    }

    private boolean isGpgKeyAvailable(GpgKey gpgKey, AbstractBuild<?, ?> abstractBuild, Launcher launcher, BuildListener buildListener) throws IOException, InterruptedException {
        ArgumentListBuilder argumentListBuilder = new ArgumentListBuilder();
        argumentListBuilder.add(new String[]{"gpg", "--fingerprint", gpgKey.getName()});
        launcher.getClass();
        return launcher.launch(new Launcher.ProcStarter(launcher).cmds(argumentListBuilder).stdout(buildListener).pwd(abstractBuild.getWorkspace()).envs(abstractBuild.getEnvironment(buildListener))).join() == 0;
    }

    private GpgKey getGpgKey(String str) {
        GpgSignerDescriptor descriptorByType = Jenkins.getInstance().getDescriptorByType(GpgSignerDescriptor.class);
        if (StringUtils.isEmpty(str) || descriptorByType.getGpgKeys().isEmpty()) {
            return null;
        }
        for (GpgKey gpgKey : descriptorByType.getGpgKeys()) {
            if (StringUtils.equals(str, gpgKey.getName())) {
                return gpgKey;
            }
        }
        return null;
    }
}
