package com.github.s4u.plugins;

import com.google.common.collect.Lists;
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.URISyntaxException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.maven.ProjectDependenciesResolver;
import org.apache.maven.artifact.Artifact;
import org.apache.maven.artifact.ArtifactUtils;
import org.apache.maven.artifact.repository.ArtifactRepository;
import org.apache.maven.artifact.resolver.ArtifactNotFoundException;
import org.apache.maven.artifact.resolver.ArtifactResolutionException;
import org.apache.maven.artifact.resolver.ArtifactResolutionRequest;
import org.apache.maven.execution.MavenSession;
import org.apache.maven.plugin.AbstractMojo;
import org.apache.maven.plugin.MojoExecutionException;
import org.apache.maven.plugin.MojoFailureException;
import org.apache.maven.plugins.annotations.Component;
import org.apache.maven.plugins.annotations.LifecyclePhase;
import org.apache.maven.plugins.annotations.Mojo;
import org.apache.maven.plugins.annotations.Parameter;
import org.apache.maven.plugins.annotations.ResolutionScope;
import org.apache.maven.project.MavenProject;
import org.apache.maven.repository.RepositorySystem;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPObjectFactory;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.openpgp.PGPSignatureList;
import org.bouncycastle.openpgp.PGPUtil;
import org.bouncycastle.openpgp.operator.bc.BcKeyFingerprintCalculator;
import org.bouncycastle.openpgp.operator.bc.BcPGPContentVerifierBuilderProvider;
import org.codehaus.plexus.resource.loader.ResourceNotFoundException;

@Mojo(name = "check", requiresProject = true, requiresDependencyResolution = ResolutionScope.TEST, defaultPhase = LifecyclePhase.VALIDATE)
/* loaded from: input_file:com/github/s4u/plugins/PGPVerifyMojo.class */
public class PGPVerifyMojo extends AbstractMojo {

    @Parameter(property = "project", readonly = true, required = true)
    private MavenProject project;

    @Parameter(defaultValue = "${session}", readonly = true)
    private MavenSession session;

    @Component
    private ProjectDependenciesResolver resolver;

    @Component
    private RepositorySystem repositorySystem;

    @Component
    private KeysMap keysMap;

    @Parameter(defaultValue = "${localRepository}", readonly = true, required = true)
    private ArtifactRepository localRepository;

    @Parameter(defaultValue = "${project.remoteArtifactRepositories}", readonly = true, required = true)
    private List<ArtifactRepository> pomRemoteRepositories;

    @Parameter(property = "pgpverify.keycache", defaultValue = "${settings.localRepository}/pgpkeys-cache", required = true)
    private File pgpKeysCachePath;

    @Parameter(property = "pgpverify.scope", defaultValue = "test")
    private String scope;

    @Parameter(property = "pgpverify.keyserver", defaultValue = "hkp://pool.sks-keyservers.net", required = true)
    private String pgpKeyServer;

    @Parameter(property = "pgpverify.failNoSignature", defaultValue = "false")
    private boolean failNoSignature;

    @Parameter(property = "pgpverify.verifyPomFiles", defaultValue = "true")
    private boolean verifyPomFiles;

    @Parameter(property = "pgpverify.keysMapLocation", defaultValue = "")
    private String keysMapLocation;
    private PGPKeysCache pgpKeysCache;

    public void execute() throws MojoExecutionException, MojoFailureException {
        prepareForKeys();
        try {
            Set<Artifact> resolve = this.resolver.resolve(this.project, Arrays.asList(this.scope.split(",")), this.session);
            if (this.verifyPomFiles) {
                resolve.addAll(getPomArtifacts(resolve));
            }
            HashMap hashMap = new HashMap();
            getLog().debug("Start resolving ASC files");
            for (Artifact artifact : resolve) {
                if (!artifact.isSnapshot()) {
                    ArtifactResolutionRequest artifactResolutionRequestForAsc = getArtifactResolutionRequestForAsc(artifact);
                    if (this.repositorySystem.resolve(artifactResolutionRequestForAsc).isSuccess()) {
                        Artifact artifact2 = artifactResolutionRequestForAsc.getArtifact();
                        getLog().debug(artifact2.toString() + " " + artifact2.getFile());
                        hashMap.put(artifact, artifact2);
                    } else {
                        if (this.failNoSignature) {
                            getLog().error("No signature for " + artifact.getId());
                            throw new MojoExecutionException("No signature for " + artifact.getId());
                        }
                        getLog().warn("No signature for " + artifact.getId());
                    }
                }
            }
            boolean z = true;
            for (Map.Entry entry : hashMap.entrySet()) {
                z = z && verifyPGPSignature((Artifact) entry.getKey(), ((Artifact) entry.getKey()).getFile(), ((Artifact) entry.getValue()).getFile());
            }
            if (!z) {
                throw new MojoExecutionException("PGP signature error");
            }
        } catch (ArtifactResolutionException | ArtifactNotFoundException e) {
            throw new MojoExecutionException(e.getMessage(), e);
        }
    }

    private void prepareForKeys() throws MojoFailureException, MojoExecutionException {
        initCache();
        try {
            this.keysMap.load(this.keysMapLocation);
        } catch (ResourceNotFoundException | IOException e) {
            throw new MojoExecutionException("load keys map", e);
        }
    }

    private Set<Artifact> getPomArtifacts(Set<Artifact> set) throws MojoExecutionException {
        HashSet hashSet = new HashSet();
        for (Artifact artifact : set) {
            if (!artifact.isSnapshot()) {
                ArtifactResolutionRequest artifactResolutionRequestForPom = getArtifactResolutionRequestForPom(artifact);
                if (!this.repositorySystem.resolve(artifactResolutionRequestForPom).isSuccess()) {
                    getLog().error("No pom for " + artifact.getId());
                    throw new MojoExecutionException("No pom for " + artifact.getId());
                }
                hashSet.add(artifactResolutionRequestForPom.getArtifact());
            }
        }
        return hashSet;
    }

    private ArtifactResolutionRequest getArtifactResolutionRequestForAsc(Artifact artifact) {
        Artifact createArtifactWithClassifier = this.repositorySystem.createArtifactWithClassifier(artifact.getGroupId(), artifact.getArtifactId(), artifact.getVersion(), artifact.getType() + ".asc", artifact.getClassifier());
        ArtifactResolutionRequest artifactResolutionRequest = new ArtifactResolutionRequest();
        artifactResolutionRequest.setArtifact(createArtifactWithClassifier);
        artifactResolutionRequest.setResolveTransitively(false);
        artifactResolutionRequest.setLocalRepository(this.localRepository);
        artifactResolutionRequest.setRemoteRepositories(this.pomRemoteRepositories);
        return artifactResolutionRequest;
    }

    private ArtifactResolutionRequest getArtifactResolutionRequestForPom(Artifact artifact) {
        Artifact createArtifactWithClassifier = this.repositorySystem.createArtifactWithClassifier(artifact.getGroupId(), artifact.getArtifactId(), artifact.getVersion(), "pom", artifact.getClassifier());
        ArtifactResolutionRequest artifactResolutionRequest = new ArtifactResolutionRequest();
        artifactResolutionRequest.setArtifact(createArtifactWithClassifier);
        artifactResolutionRequest.setResolveTransitively(false);
        artifactResolutionRequest.setLocalRepository(this.localRepository);
        artifactResolutionRequest.setRemoteRepositories(this.pomRemoteRepositories);
        return artifactResolutionRequest;
    }

    private void initCache() throws MojoFailureException {
        if (this.pgpKeysCachePath.exists()) {
            if (!this.pgpKeysCachePath.isDirectory()) {
                throw new MojoFailureException("PGP keys cache path exist but is not a directory: " + this.pgpKeysCachePath);
            }
        } else {
            if (!this.pgpKeysCachePath.mkdirs()) {
                throw new MojoFailureException("Cache directory create error");
            }
            getLog().info("Create cache for PGP keys: " + this.pgpKeysCachePath);
        }
        try {
            this.pgpKeysCache = new PGPKeysCache(getLog(), this.pgpKeysCachePath, this.pgpKeyServer);
        } catch (URISyntaxException e) {
            throw new MojoFailureException(e.getMessage(), e);
        }
    }

    private boolean verifyPGPSignature(Artifact artifact, File file, File file2) throws MojoFailureException {
        getLog().debug("Artifact file: " + file);
        getLog().debug("Artifact sign: " + file2);
        try {
            PGPSignatureList pGPSignatureList = (PGPSignatureList) new PGPObjectFactory(PGPUtil.getDecoderStream(new FileInputStream(file2)), new BcKeyFingerprintCalculator()).nextObject();
            if (pGPSignatureList == null) {
                throw new MojoFailureException("Invalid signature file: " + file2);
            }
            PGPSignature pGPSignature = pGPSignatureList.get(0);
            PGPPublicKey key = this.pgpKeysCache.getKey(pGPSignature.getKeyID());
            if (!this.keysMap.isValidKey(artifact, key)) {
                getLog().error(String.format("Not allowed artifact %s and keyID:\n\t%s\n\t%s\n", artifact.getId(), String.format("%s=0x%X", ArtifactUtils.key(artifact), Long.valueOf(key.getKeyID())), String.format("%s", this.pgpKeysCache.getUrlForKey(key.getKeyID()))));
                return false;
            }
            pGPSignature.init(new BcPGPContentVerifierBuilderProvider(), key);
            BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(file));
            Throwable th = null;
            while (true) {
                try {
                    try {
                        int read = bufferedInputStream.read();
                        if (read < 0) {
                            break;
                        }
                        pGPSignature.update((byte) read);
                    } finally {
                    }
                } catch (Throwable th2) {
                    if (bufferedInputStream != null) {
                        if (th != null) {
                            try {
                                bufferedInputStream.close();
                            } catch (Throwable th3) {
                                th.addSuppressed(th3);
                            }
                        } else {
                            bufferedInputStream.close();
                        }
                    }
                    throw th2;
                }
            }
            if (bufferedInputStream != null) {
                if (0 != 0) {
                    try {
                        bufferedInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    bufferedInputStream.close();
                }
            }
            if (pGPSignature.verify()) {
                getLog().info(String.format("%s PGP Signature %s\n       KeyId: 0x%X UserIds: %s", artifact.getId(), "OK", Long.valueOf(key.getKeyID()), Lists.newArrayList(key.getUserIDs())));
                return true;
            }
            getLog().warn(String.format("%s PGP Signature %s\n       KeyId: 0x%X UserIds: %s", artifact.getId(), "ERROR", Long.valueOf(key.getKeyID()), Lists.newArrayList(key.getUserIDs())));
            getLog().warn(file.toString());
            getLog().warn(file2.toString());
            return false;
        } catch (IOException | PGPException e) {
            throw new MojoFailureException(e.getMessage(), e);
        }
    }
}
