package org.jenkinsci.plugins.androidsigning;

import com.android.apksig.ApkSigner;
import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.common.StandardCertificateCredentials;
import com.cloudbees.plugins.credentials.domains.DomainRequirement;
import hudson.AbortException;
import hudson.EnvVars;
import hudson.Extension;
import hudson.FilePath;
import hudson.Launcher;
import hudson.model.AbstractBuild;
import hudson.model.AbstractProject;
import hudson.model.Item;
import hudson.model.ItemGroup;
import hudson.model.Result;
import hudson.model.Run;
import hudson.model.TaskListener;
import hudson.remoting.VirtualChannel;
import hudson.security.ACL;
import hudson.tasks.BuildStepDescriptor;
import hudson.tasks.Builder;
import hudson.util.ArgumentListBuilder;
import hudson.util.FormValidation;
import hudson.util.ListBoxModel;
import java.io.File;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Comparator;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.TreeSet;
import java.util.regex.Pattern;
import javax.annotation.Nonnull;
import jenkins.MasterToSlaveFileCallable;
import jenkins.model.Jenkins;
import jenkins.tasks.SimpleBuildStep;
import jenkins.util.BuildListenerAdapter;
import org.apache.commons.lang.StringUtils;
import org.jenkinsci.Symbol;
import org.kohsuke.stapler.AncestorInPath;
import org.kohsuke.stapler.DataBoundConstructor;
import org.kohsuke.stapler.DataBoundSetter;
import org.kohsuke.stapler.QueryParameter;

/* loaded from: input_file:org/jenkinsci/plugins/androidsigning/SignApksBuilder.class */
public class SignApksBuilder extends Builder implements SimpleBuildStep {
    static final List<DomainRequirement> NO_REQUIREMENTS = Collections.emptyList();
    static final String BUILDER_DIR = SignApksBuilder.class.getSimpleName() + "-out";
    private String androidHome;
    private String zipalignPath;
    private String keyStoreId;
    private String keyAlias;
    private String apksToSign;
    private boolean archiveSignedApks = true;
    private boolean archiveUnsignedApks = false;
    private transient List<Apk> entries;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/jenkinsci/plugins/androidsigning/SignApksBuilder$SignApkCallable.class */
    public static class SignApkCallable extends MasterToSlaveFileCallable<Void> {
        private static final long serialVersionUID = 1;
        private final PrivateKey key;
        private final Certificate[] certChain;
        private final String v1SigName;
        private final String outputApk;
        private final TaskListener listener;

        SignApkCallable(PrivateKey privateKey, Certificate[] certificateArr, String str, String str2, TaskListener taskListener) {
            this.key = privateKey;
            this.certChain = certificateArr;
            this.v1SigName = str;
            this.outputApk = str2;
            this.listener = taskListener;
        }

        /* renamed from: invoke, reason: merged with bridge method [inline-methods] */
        public Void m3invoke(File file, VirtualChannel virtualChannel) throws IOException, InterruptedException {
            File file2 = new File(this.outputApk);
            if (file2.isFile()) {
                this.listener.getLogger().printf("[SignApksBuilder] deleting previous signed APK %s%n", this.outputApk);
                if (!file2.delete()) {
                    throw new AbortException("failed to delete previous signed APK " + this.outputApk);
                }
            }
            ArrayList arrayList = new ArrayList(this.certChain.length);
            for (Certificate certificate : this.certChain) {
                arrayList.add((X509Certificate) certificate);
            }
            try {
                new ApkSigner.Builder(Collections.singletonList(new ApkSigner.SignerConfig.Builder(this.v1SigName, this.key, arrayList).build())).setInputApk(file).setOutputApk(file2).setOtherSignersSignaturesPreserved(false).setV1SigningEnabled(true).setV2SigningEnabled(true).build().sign();
                return null;
            } catch (Exception e) {
                e.printStackTrace(this.listener.fatalError("[SignApksBuilder] error signing APK %s", new Object[]{file.getAbsolutePath()}));
                throw new AbortException("failed to sign APK " + file.getAbsolutePath() + ": " + e.getLocalizedMessage());
            }
        }
    }

    @Extension
    @Symbol({"signAndroidApks"})
    /* loaded from: input_file:org/jenkinsci/plugins/androidsigning/SignApksBuilder$SignApksDescriptor.class */
    public static final class SignApksDescriptor extends BuildStepDescriptor<Builder> {
        static final String DISPLAY_NAME = Messages.builderDisplayName();

        public boolean isApplicable(Class<? extends AbstractProject> cls) {
            return true;
        }

        public SignApksDescriptor() {
            load();
        }

        @Nonnull
        public String getDisplayName() {
            return DISPLAY_NAME;
        }

        public ListBoxModel doFillKeyStoreIdItems(@AncestorInPath ItemGroup<?> itemGroup) {
            if (itemGroup == null) {
                itemGroup = Jenkins.getInstance();
            }
            ListBoxModel listBoxModel = new ListBoxModel();
            for (StandardCertificateCredentials standardCertificateCredentials : CredentialsProvider.lookupCredentials(StandardCertificateCredentials.class, itemGroup, ACL.SYSTEM, SignApksBuilder.NO_REQUIREMENTS)) {
                listBoxModel.add(standardCertificateCredentials.getDescription(), standardCertificateCredentials.getId());
            }
            return listBoxModel;
        }

        public FormValidation doCheckAlias(@AncestorInPath AbstractProject abstractProject, @QueryParameter String str) throws IOException {
            return FormValidation.validateRequired(str);
        }

        public FormValidation doCheckApksToSign(@AncestorInPath AbstractProject abstractProject, @QueryParameter String str) throws IOException, InterruptedException {
            if (abstractProject == null) {
                return FormValidation.warning(Messages.validation_noProject());
            }
            FilePath someWorkspace = abstractProject.getSomeWorkspace();
            if (someWorkspace == null) {
                return FormValidation.warning(Messages.validation_noWorkspace());
            }
            String validateAntFileMask = someWorkspace.validateAntFileMask(str, FilePath.VALIDATE_ANT_FILE_MASK_BOUND);
            return validateAntFileMask != null ? FormValidation.error(validateAntFileMask) : FormValidation.ok();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<SignApksBuilder> singleEntryBuildersFromEntriesOfBuilder(SignApksBuilder signApksBuilder) {
        ArrayList arrayList = new ArrayList(signApksBuilder.getEntries().size());
        for (Apk apk : signApksBuilder.getEntries()) {
            SignApksBuilder signApksBuilder2 = new SignApksBuilder();
            signApksBuilder2.setPropertiesFromOldSigningEntry(apk);
            signApksBuilder2.setAndroidHome(signApksBuilder.getAndroidHome());
            signApksBuilder2.setZipalignPath(signApksBuilder.getZipalignPath());
            arrayList.add(signApksBuilder2);
        }
        return arrayList;
    }

    @Deprecated
    public SignApksBuilder(List<Apk> list) {
        if (list.size() == 1) {
            setPropertiesFromOldSigningEntry(list.get(0));
        } else if (list.size() > 1) {
            throw new UnsupportedOperationException("this constructor is deprecated; use multiple build steps instead of multiple signing entries");
        }
    }

    @DataBoundConstructor
    public SignApksBuilder() {
    }

    private void setPropertiesFromOldSigningEntry(Apk apk) {
        setKeyStoreId(apk.getKeyStore());
        setKeyAlias(apk.getAlias());
        setApksToSign(apk.getApksToSign());
        setArchiveSignedApks(apk.getArchiveSignedApks());
        setArchiveUnsignedApks(apk.getArchiveUnsignedApks());
    }

    private boolean isIntermediateFailure(Run run) {
        Result result = run.getResult();
        return result != null && result.isWorseThan(Result.UNSTABLE);
    }

    private String[] getSelectionGlobs() {
        String[] split = getApksToSign().split("\\s*,\\s*");
        ArrayList arrayList = new ArrayList(split.length);
        for (String str : split) {
            String trim = str.trim();
            if (trim.length() > 0) {
                arrayList.add(trim);
            }
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isMigrated() {
        return this.entries == null || this.entries.isEmpty();
    }

    @Deprecated
    public List<Apk> getEntries() {
        return this.entries;
    }

    @DataBoundSetter
    public void setAndroidHome(String str) {
        this.androidHome = StringUtils.stripToNull(str);
    }

    public String getAndroidHome() {
        return this.androidHome;
    }

    @DataBoundSetter
    public void setZipalignPath(String str) {
        this.zipalignPath = StringUtils.stripToNull(str);
    }

    public String getZipalignPath() {
        return this.zipalignPath;
    }

    @DataBoundSetter
    public void setKeyStoreId(String str) {
        this.keyStoreId = str;
    }

    public String getKeyStoreId() {
        return this.keyStoreId;
    }

    @DataBoundSetter
    public void setKeyAlias(String str) {
        this.keyAlias = str;
    }

    public String getKeyAlias() {
        return this.keyAlias;
    }

    @DataBoundSetter
    public void setApksToSign(String str) {
        this.apksToSign = str;
    }

    public String getApksToSign() {
        return this.apksToSign;
    }

    @DataBoundSetter
    public void setArchiveSignedApks(boolean z) {
        this.archiveSignedApks = z;
    }

    public boolean getArchiveSignedApks() {
        return this.archiveSignedApks;
    }

    @DataBoundSetter
    public void setArchiveUnsignedApks(boolean z) {
        this.archiveUnsignedApks = z;
    }

    public boolean getArchiveUnsignedApks() {
        return this.archiveUnsignedApks;
    }

    public void perform(@Nonnull Run<?, ?> run, @Nonnull FilePath filePath, @Nonnull Launcher launcher, @Nonnull TaskListener taskListener) throws InterruptedException, IOException {
        EnvVars envVars;
        if (isIntermediateFailure(run)) {
            taskListener.getLogger().println("[SignApksBuilder] skipping Sign APKs step because a previous step failed");
            return;
        }
        if (getEntries() != null && !getEntries().isEmpty()) {
            Iterator<SignApksBuilder> it = singleEntryBuildersFromEntriesOfBuilder(this).iterator();
            while (it.hasNext()) {
                it.next().perform(run, filePath, launcher, taskListener);
            }
            return;
        }
        if (run instanceof AbstractBuild) {
            envVars = run.getEnvironment(taskListener);
            envVars.overrideAll(((AbstractBuild) run).getBuildVariables());
        } else {
            envVars = new EnvVars();
        }
        FilePath child = filePath.child(BUILDER_DIR);
        String str = child.getName() + "/**";
        ZipalignTool zipalignTool = new ZipalignTool(envVars, filePath, taskListener.getLogger(), this.androidHome, this.zipalignPath);
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        StandardCertificateCredentials keystore = getKeystore(getKeyStoreId(), run.getParent());
        char[] charArray = keystore.getPassword().getPlainText().toCharArray();
        KeyStore keyStore = keystore.getKeyStore();
        String keyAlias = getKeyAlias();
        try {
            if (getKeyAlias() == null) {
            }
            PrivateKey privateKey = (PrivateKey) keyStore.getKey(keyAlias, charArray);
            Certificate[] certificateChain = keyStore.getCertificateChain(keyAlias);
            if (privateKey == null || certificateChain == null) {
                throw new AbortException("Alias " + keyAlias + " does not exist or does not point to a key and certificate in certificate credentials " + getKeyStoreId());
            }
            String str2 = keyAlias;
            if (str2 == null) {
                str2 = keystore.getId();
            }
            TreeSet treeSet = new TreeSet(Comparator.comparing((v0) -> {
                return v0.getRemote();
            }));
            for (String str3 : getSelectionGlobs()) {
                FilePath[] list = filePath.list(str3, str);
                if (list.length == 0) {
                    throw new AbortException("No APKs in workspace matching " + str3);
                }
                treeSet.addAll(Arrays.asList(list));
            }
            Iterator it2 = treeSet.iterator();
            while (it2.hasNext()) {
                FilePath absolutize = ((FilePath) it2.next()).absolutize();
                FilePath child2 = child.child(absolutize.getName());
                if (child2.isDirectory()) {
                    child2.deleteContents();
                } else {
                    child2.mkdirs();
                }
                String relativeToWorkspace = relativeToWorkspace(filePath, child2);
                String remote = absolutize.getRemote();
                String replaceFirst = Pattern.compile("(-?unsigned)?.apk$", 2).matcher(absolutize.getName()).replaceFirst("");
                String str4 = relativeToWorkspace + "/" + replaceFirst + "-aligned.apk";
                String str5 = relativeToWorkspace + "/" + replaceFirst + "-signed.apk";
                ArgumentListBuilder commandFor = zipalignTool.commandFor(remote, str4);
                taskListener.getLogger().printf("[SignApksBuilder] %s%n", commandFor);
                int join = launcher.launch().cmds(commandFor).pwd(filePath).stdout(taskListener).stderr(taskListener.getLogger()).join();
                if (join != 0) {
                    taskListener.fatalError("[SignApksBuilder] zipalign failed: exit code %d", new Object[]{Integer.valueOf(join)});
                    throw new AbortException(String.format("zipalign failed on APK %s: exit code %d", remote, Integer.valueOf(join)));
                }
                FilePath child3 = filePath.child(str4);
                if (!child3.exists()) {
                    throw new AbortException(String.format("aligned APK does not exist: %s", str4));
                }
                taskListener.getLogger().printf("[SignApksBuilder] signing APK %s%n", str4);
                child3.act(new SignApkCallable(privateKey, certificateChain, str2, filePath.child(str5).getRemote(), taskListener));
                taskListener.getLogger().printf("[SignApksBuilder] signed APK %s%n", str5);
                if (getArchiveUnsignedApks()) {
                    taskListener.getLogger().printf("[SignApksBuilder] archiving unsigned APK %s%n", remote);
                    linkedHashMap.put(relativeToWorkspace + "/" + absolutize.getName(), relativeToWorkspace(filePath, absolutize));
                }
                if (getArchiveSignedApks()) {
                    taskListener.getLogger().printf("[SignApksBuilder] archiving signed APK %s%n", str5);
                    linkedHashMap.put(str5, str5);
                }
            }
            taskListener.getLogger().println("[SignApksBuilder] finished signing APKs");
            if (linkedHashMap.size() > 0) {
                run.pickArtifactManager().archive(filePath, launcher, BuildListenerAdapter.wrap(taskListener), linkedHashMap);
            }
        } catch (GeneralSecurityException e) {
            e.printStackTrace(taskListener.fatalError("Error reading keystore " + getKeyStoreId()));
            throw new AbortException("Error reading keystore " + getKeyStoreId());
        }
    }

    private String relativeToWorkspace(FilePath filePath, FilePath filePath2) throws IOException, InterruptedException {
        return filePath.toURI().relativize(filePath2.toURI()).getPath().replaceFirst("/$", "");
    }

    private StandardCertificateCredentials getKeystore(String str, Item item) {
        return CredentialsMatchers.firstOrNull(CredentialsProvider.lookupCredentials(StandardCertificateCredentials.class, item, ACL.SYSTEM, NO_REQUIREMENTS), CredentialsMatchers.withId(str));
    }
}
