package net.shibboleth.mvn.enforcer.impl;

import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.PrintWriter;
import java.net.URL;
import java.net.URLClassLoader;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.time.Instant;
import java.util.ArrayList;
import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.mvn.enforcer.impl.GPGKeyRing;
import net.shibboleth.utilities.java.support.primitive.StringSupport;
import net.shibboleth.utilities.java.support.xml.BasicParserPool;
import org.apache.commons.compress.archivers.tar.TarArchiveInputStream;
import org.apache.commons.compress.archivers.zip.ZipArchiveInputStream;
import org.apache.commons.compress.compressors.gzip.GzipCompressorInputStream;
import org.apache.maven.artifact.Artifact;
import org.apache.maven.artifact.resolver.ArtifactResolutionRequest;
import org.apache.maven.artifact.resolver.ArtifactResolver;
import org.apache.maven.enforcer.rule.api.EnforcerRule;
import org.apache.maven.enforcer.rule.api.EnforcerRuleException;
import org.apache.maven.enforcer.rule.api.EnforcerRuleHelper;
import org.apache.maven.execution.MavenSession;
import org.apache.maven.project.MavenProject;
import org.apache.maven.repository.RepositorySystem;
import org.slf4j.Logger;

/* loaded from: input_file:net/shibboleth/mvn/enforcer/impl/JarEnforcer.class */
public class JarEnforcer implements EnforcerRule, MavenLoader {
    private String dataKeyRing;
    private boolean listJarSources;
    private boolean checkM2;
    private String m2ReportPath;
    private String sigCheckReportPath;
    private String depCheckReportPath;
    private ArtifactResolver artifactResolver;
    private MavenSession session;
    private MavenProject project;
    private Logger log;
    private RepositorySystem repositorySystem;
    private Path targetDir;

    @Nonnull
    private String parentPomDir = ".";

    @Nonnull
    private String tgzFiles = "";

    @Nonnull
    private String zipFiles = "";

    @Nonnull
    private String dataGroupId = "";

    @Nonnull
    private String dataArtifactId = "";

    @Nonnull
    private String dataVersion = "";

    @Nonnull
    private String m2GroupId = "";

    @Nonnull
    private String m2ArtifactId = "";

    @Nonnull
    private String m2Version = "";

    @Nonnull
    private String m2Type = "";
    private boolean checkSignatures = true;
    private boolean checkDependencies = true;
    private boolean compileRuntimeArtifactFatal = true;
    private boolean distVersionMismatchFatal = true;
    private boolean pomVersionMismatchFatal = true;
    private boolean multipleJarVersionsFatal = true;

    @Nonnull
    private String versionExtensions = "-SNAPSHOT -GA -jre -empty-to-avoid-conflict-with-guava";

    @Nonnull
    private String classifiers = "";

    private Path getM2ReportPath() {
        return this.m2ReportPath == null ? this.targetDir.resolve("m2SignatureReport.txt") : Path.of(this.m2ReportPath, new String[0]);
    }

    private Path getSigCheckReportPath() {
        return this.sigCheckReportPath == null ? this.targetDir.resolve("signatureReport.txt") : Path.of(this.sigCheckReportPath, new String[0]);
    }

    private Path getDepCheckReportPath() {
        return this.depCheckReportPath == null ? this.targetDir.resolve("dependencyReport.txt") : Path.of(this.depCheckReportPath, new String[0]);
    }

    public void execute(@Nonnull EnforcerRuleHelper enforcerRuleHelper) throws EnforcerRuleException {
        EnforcerLogger.setMavenLogger(enforcerRuleHelper.getLog());
        this.log = EnforcerLogger.getLogger(JarEnforcer.class);
        ArrayList arrayList = new ArrayList();
        for (String str : StringSupport.stringToList(this.tgzFiles, " \n\r\t")) {
            Path of = Path.of(str, new String[0]);
            if (Files.notExists(of, new LinkOption[0])) {
                this.log.warn("Input file {} does not exist", str);
            } else {
                arrayList.add(of);
            }
        }
        ArrayList arrayList2 = new ArrayList();
        for (String str2 : StringSupport.stringToList(this.zipFiles, " \n\r\t")) {
            Path of2 = Path.of(str2, new String[0]);
            if (Files.notExists(of2, new LinkOption[0])) {
                this.log.warn("Input file {} does not exist", str2);
            } else {
                arrayList2.add(of2);
            }
        }
        if (arrayList2.isEmpty() && arrayList.isEmpty() && (this.checkSignatures || this.checkDependencies)) {
            throw new EnforcerRuleException("No <tgzFiles/> or <zipFiles/> provided that exist");
        }
        try {
            this.repositorySystem = (RepositorySystem) enforcerRuleHelper.getComponent(RepositorySystem.class);
            this.artifactResolver = (ArtifactResolver) enforcerRuleHelper.getComponent(ArtifactResolver.class);
            this.session = (MavenSession) enforcerRuleHelper.evaluate("${session}");
            this.project = (MavenProject) enforcerRuleHelper.evaluate("${project}");
            this.targetDir = Path.of(enforcerRuleHelper.evaluate("${basedir}").toString(), new String[0]).resolve("target");
            if (this.repositorySystem == null || this.artifactResolver == null || this.session == null || this.project == null) {
                throw new EnforcerRuleException("Could not set up artifact environment");
            }
            Path resolve = Path.of(this.parentPomDir, new String[0]).resolve("pom.xml");
            if (Files.notExists(resolve, new LinkOption[0])) {
                throw new EnforcerRuleException("Pom File " + this.parentPomDir + "/pom.xml does not exist");
            }
            BasicParserPool basicParserPool = new BasicParserPool();
            basicParserPool.initialize();
            ProjectPomContext projectPomContext = new ProjectPomContext(this, EnforcerLogger.getLogger(ProjectPomContext.class), basicParserPool, getGPGDataClassLoader(), StringSupport.stringToList(this.versionExtensions, " \n\r\t"), StringSupport.stringToList(this.classifiers, " \n\r\t"));
            try {
                projectPomContext.initialize(resolve);
                boolean performM2Check = performM2Check(projectPomContext);
                boolean performDependencyCheck = performDependencyCheck(projectPomContext, arrayList, arrayList2);
                boolean performSignatureCheck = performSignatureCheck(projectPomContext, arrayList, arrayList2);
                if (!performDependencyCheck) {
                    throw new EnforcerRuleException("Dependency check failed, check the file " + getDepCheckReportPath());
                }
                if (!performSignatureCheck) {
                    throw new EnforcerRuleException("Signature check over distribution failed, check the file " + getSigCheckReportPath());
                }
                if (!performM2Check) {
                    throw new EnforcerRuleException("Signature check over ~m2 failed, check the file " + getM2ReportPath());
                }
                projectPomContext.close();
            } catch (Throwable th) {
                try {
                    projectPomContext.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        } catch (Exception e) {
            throw new EnforcerRuleException(e.toString() + " " + e.getMessage(), e);
        } catch (EnforcerRuleException e2) {
            throw e2;
        }
    }

    @Nonnull
    private ClassLoader getGPGDataClassLoader() throws Exception {
        File downloadArtifact = downloadArtifact(this.dataGroupId, this.dataArtifactId, this.dataVersion, "", "pom");
        if (downloadArtifact == null || !downloadArtifact.exists()) {
            this.log.error("Could not locate data artifact {}:{}:{}", new Object[]{this.dataGroupId, this.dataArtifactId, this.dataVersion});
            throw new FileNotFoundException("Could not locate data artifact");
        }
        File downloadArtifact2 = downloadArtifact(this.dataGroupId, this.dataArtifactId, this.dataVersion, "", "jar");
        if (downloadArtifact2 == null || !downloadArtifact2.exists()) {
            this.log.error("Could not locate data artifact {}:{}:{}", new Object[]{this.dataGroupId, this.dataArtifactId, this.dataVersion});
            throw new FileNotFoundException("Could not locate data artifact");
        }
        if (!isGPGDataASnapshot()) {
            File downloadArtifact3 = downloadArtifact(this.dataGroupId, this.dataArtifactId, this.dataVersion, "", "jar.asc");
            if (downloadArtifact3 == null || !downloadArtifact3.exists()) {
                this.log.error("Could not locate keyring data artifact signature for {}:{}:{}", new Object[]{this.dataGroupId, this.dataArtifactId, this.dataVersion});
                throw new FileNotFoundException("Could not locate keyring data artifact signature: probably a failed checksum");
            }
            File file = new File(this.dataKeyRing);
            if (!file.exists()) {
                this.log.error("KeyRing {} not found", file);
                throw new FileNotFoundException(this.dataKeyRing);
            }
            GPGKeyRing gPGKeyRing = new GPGKeyRing(file);
            BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(downloadArtifact3));
            try {
                BufferedInputStream bufferedInputStream2 = new BufferedInputStream(new FileInputStream(downloadArtifact2));
                try {
                    if (!gPGKeyRing.checkSignature(bufferedInputStream2, new GPGKeyRing.Signature(bufferedInputStream))) {
                        this.log.error("Signature check on data artifact {}:{}:{}:{} failed", new Object[]{this.dataGroupId, this.dataArtifactId, this.dataVersion});
                        throw new EnforcerRuleException("Signature check on data artifact failed");
                    }
                    bufferedInputStream2.close();
                    bufferedInputStream.close();
                } finally {
                }
            } catch (Throwable th) {
                try {
                    bufferedInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        }
        return new URLClassLoader(new URL[]{downloadArtifact2.toURI().toURL()});
    }

    private boolean performM2Check(@Nonnull ProjectPomContext projectPomContext) throws Exception {
        File downloadArtifact;
        boolean z = true;
        if (this.checkM2) {
            if ("".equals(this.m2GroupId) && "".equals(this.m2ArtifactId) && "".equals(this.m2Version) && "".equals(this.m2Type)) {
                this.log.debug("Resolving {}, {}, {} as jar", new Object[]{this.dataGroupId, this.dataArtifactId, this.dataVersion});
                downloadArtifact = downloadArtifact(this.dataGroupId, this.dataArtifactId, this.dataVersion, "", "jar");
            } else {
                if ("".equals(this.m2GroupId) || "".equals(this.m2ArtifactId) || "".equals(this.m2Version)) {
                    this.log.error("Must specify all of m2GroupId, m2ArtifactId, m2Version and m2Type or none.  Provided {}, {}, {}, {}", new Object[]{this.m2GroupId, this.m2ArtifactId, this.m2Version, this.m2Type});
                    throw new EnforcerRuleException("Configuration for m2 check failed");
                }
                this.log.debug("Resolving {}, {}, {} as {}", new Object[]{this.m2GroupId, this.m2ArtifactId, this.m2Version, this.m2Type});
                downloadArtifact = downloadArtifact(this.m2GroupId, this.m2ArtifactId, this.m2Version, "", this.m2Type);
            }
            if (downloadArtifact == null) {
                this.log.error("Could not ressolve m2 root");
                return false;
            }
            if (!("".equals(this.m2GroupId) && "".equals(this.m2ArtifactId) && "".equals(this.m2Version)) && ("".equals(this.m2GroupId) || "".equals(this.m2ArtifactId) || "".equals(this.m2Version))) {
                this.log.error("Must specify all of m2GroupId, m2ArtifactId and m2Version, not none.  Provided {}, {}, {}", new Object[]{this.m2GroupId, this.m2ArtifactId, this.m2Version});
                throw new EnforcerRuleException("Configuration for m2 check failed");
            }
            Path path = downloadArtifact.toPath();
            this.log.debug("Resolved Pom = {}", path);
            Path parent = path.getParent().getParent().getParent();
            int indexOf = this.dataGroupId.indexOf(46);
            while (true) {
                int i = indexOf;
                if (i <= 0) {
                    break;
                }
                parent = parent.getParent();
                indexOf = this.dataGroupId.indexOf(46, i + 1);
            }
            Path parent2 = parent.getParent();
            this.log.info("Inferred M2 Root at {}", parent2);
            PrintWriter printWriter = new PrintWriter(new BufferedOutputStream(new FileOutputStream(getM2ReportPath().toFile())));
            try {
                printWriter.format("M2 Signature Testing started at %s\n\n", Instant.now().toString());
                z = new M2SigChecker(projectPomContext, printWriter).testSignatures(parent2);
                printWriter.format("Completed at %s\n\n", Instant.now().toString());
                printWriter.close();
                if (!z) {
                    this.log.error("Signature check over ~m2 failed, check the file {}", getM2ReportPath());
                }
            } catch (Throwable th) {
                try {
                    printWriter.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        }
        return z;
    }

    private boolean performSignatureCheck(@Nonnull ProjectPomContext projectPomContext, @Nonnull List<Path> list, @Nonnull List<Path> list2) throws IOException, EnforcerRuleException {
        BufferedInputStream bufferedInputStream;
        boolean z = true;
        if (this.checkSignatures) {
            if (isGPGDataASnapshot() && !projectPomContext.isSnapShot()) {
                throw new EnforcerRuleException("Running a signature check of a non SNAPSHOT build against a SNAPSHOT of GPGData");
            }
            PrintWriter printWriter = new PrintWriter(new BufferedOutputStream(new FileOutputStream(getSigCheckReportPath().toFile())));
            try {
                printWriter.format("Signature Testing started at %s\n\n", Instant.now().toString());
                SigChecker sigChecker = new SigChecker(projectPomContext, printWriter);
                for (Path path : list) {
                    printWriter.format("Scanning %s \n\n", path);
                    bufferedInputStream = new BufferedInputStream(new FileInputStream(path.toFile()));
                    try {
                        z &= sigChecker.testSignatures(new TarArchiveInputStream(new GzipCompressorInputStream(bufferedInputStream)));
                        bufferedInputStream.close();
                    } finally {
                    }
                }
                for (Path path2 : list2) {
                    printWriter.format("Scanning %s \n\n", path2);
                    bufferedInputStream = new BufferedInputStream(new FileInputStream(path2.toFile()));
                    try {
                        z &= sigChecker.testSignatures(new ZipArchiveInputStream(bufferedInputStream));
                        bufferedInputStream.close();
                    } finally {
                    }
                }
                printWriter.format("Completed at %s\n\n", Instant.now().toString());
                if (!z) {
                    this.log.error("Signature check failed, check the file {}", getSigCheckReportPath());
                }
                printWriter.close();
            } catch (Throwable th) {
                try {
                    printWriter.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        }
        return z;
    }

    private boolean performDependencyCheck(@Nonnull ProjectPomContext projectPomContext, @Nonnull List<Path> list, @Nonnull List<Path> list2) throws IOException {
        BufferedInputStream bufferedInputStream;
        boolean z = true;
        if (this.checkDependencies) {
            PrintWriter printWriter = new PrintWriter(new BufferedOutputStream(new FileOutputStream(getDepCheckReportPath().toFile())));
            try {
                printWriter.format("POM based Dependency Testing started at %s\n", Instant.now().toString());
                for (Path path : list) {
                    printWriter.format("Scanning %s \n\n", path);
                    bufferedInputStream = new BufferedInputStream(new FileInputStream(path.toFile()));
                    try {
                        z &= new DependencyChecker(projectPomContext, printWriter, this.compileRuntimeArtifactFatal, this.distVersionMismatchFatal, this.pomVersionMismatchFatal, this.multipleJarVersionsFatal).checkDependencies(new TarArchiveInputStream(new GzipCompressorInputStream(bufferedInputStream)), this.listJarSources);
                        bufferedInputStream.close();
                    } finally {
                    }
                }
                for (Path path2 : list2) {
                    printWriter.format("Scanning %s \n\n", path2);
                    bufferedInputStream = new BufferedInputStream(new FileInputStream(path2.toFile()));
                    try {
                        z &= new DependencyChecker(projectPomContext, printWriter, this.compileRuntimeArtifactFatal, this.distVersionMismatchFatal, this.pomVersionMismatchFatal, this.multipleJarVersionsFatal).checkDependencies(new ZipArchiveInputStream(bufferedInputStream), this.listJarSources);
                        bufferedInputStream.close();
                    } finally {
                    }
                }
                printWriter.format("Completed at %s\n\n", Instant.now().toString());
                if (!z) {
                    this.log.error("Dependency check failed, check the file {}", getDepCheckReportPath());
                }
                printWriter.close();
            } catch (Throwable th) {
                try {
                    printWriter.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        }
        return z;
    }

    private boolean isGPGDataASnapshot() {
        return this.dataVersion == null || this.dataVersion.endsWith("-SNAPSHOT");
    }

    public String getCacheId() {
        return null;
    }

    public boolean isCacheable() {
        return false;
    }

    public boolean isResultValid(@Nonnull EnforcerRule enforcerRule) {
        return false;
    }

    @Nullable
    public File downloadArtifact(String str, String str2, String str3, String str4, String str5) throws Exception {
        Artifact createArtifactWithClassifier = this.repositorySystem.createArtifactWithClassifier(str, str2, str3, str5, str4);
        if (createArtifactWithClassifier == null) {
            this.log.error("Could not create {}:{}:{}:{}", new Object[]{str, str2, str3, str5});
            return null;
        }
        if (this.artifactResolver.resolve(new ArtifactResolutionRequest().setArtifact(createArtifactWithClassifier).setResolveRoot(true).setLocalRepository(this.session.getLocalRepository()).setRemoteRepositories(this.project.getRemoteArtifactRepositories())).isSuccess()) {
            this.log.debug("Resolved OK {}:{}:{}:{}", new Object[]{str, str2, str3, str5});
            return createArtifactWithClassifier.getFile();
        }
        this.log.info("Could not resolve " + str + ":" + str2 + ":" + str3 + ":" + str5);
        return null;
    }

    @Override // net.shibboleth.mvn.enforcer.impl.MavenLoader
    @Nullable
    public Path downloadArtifact(PomArtifact pomArtifact, String str) throws Exception {
        File downloadArtifact = downloadArtifact(pomArtifact.getGroupId(), pomArtifact.getArtifactId(), pomArtifact.getVersion(), pomArtifact.getClassifier(), str);
        if (downloadArtifact == null) {
            return null;
        }
        return downloadArtifact.toPath();
    }
}
