package org.gradle.api.internal.artifacts.ivyservice.ivyresolve.verification.writer;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.TreeSet;
import java.util.concurrent.atomic.AtomicReference;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.gradle.api.Action;
import org.gradle.api.Project;
import org.gradle.api.UncheckedIOException;
import org.gradle.api.artifacts.ArtifactView;
import org.gradle.api.artifacts.Configuration;
import org.gradle.api.artifacts.component.ModuleComponentIdentifier;
import org.gradle.api.internal.artifacts.configurations.ResolutionStrategyInternal;
import org.gradle.api.internal.artifacts.ivyservice.ivyresolve.DependencyVerifyingModuleComponentRepository;
import org.gradle.api.internal.artifacts.ivyservice.ivyresolve.ModuleComponentRepository;
import org.gradle.api.internal.artifacts.ivyservice.ivyresolve.verification.ArtifactVerificationOperation;
import org.gradle.api.internal.artifacts.ivyservice.ivyresolve.verification.DefaultKeyServers;
import org.gradle.api.internal.artifacts.ivyservice.ivyresolve.verification.DependencyVerificationOverride;
import org.gradle.api.internal.artifacts.ivyservice.ivyresolve.verification.utils.PGPUtils;
import org.gradle.api.internal.artifacts.verification.DependencyVerificationException;
import org.gradle.api.internal.artifacts.verification.model.ChecksumKind;
import org.gradle.api.internal.artifacts.verification.model.IgnoredKey;
import org.gradle.api.internal.artifacts.verification.serializer.DependencyVerificationsXmlReader;
import org.gradle.api.internal.artifacts.verification.serializer.DependencyVerificationsXmlWriter;
import org.gradle.api.internal.artifacts.verification.signatures.BuildTreeDefinedKeys;
import org.gradle.api.internal.artifacts.verification.signatures.SignatureVerificationService;
import org.gradle.api.internal.artifacts.verification.signatures.SignatureVerificationServiceFactory;
import org.gradle.api.internal.artifacts.verification.verifier.DependencyVerifier;
import org.gradle.api.internal.artifacts.verification.verifier.DependencyVerifierBuilder;
import org.gradle.api.internal.project.ProjectInternal;
import org.gradle.api.invocation.Gradle;
import org.gradle.api.logging.Logger;
import org.gradle.api.logging.Logging;
import org.gradle.api.tasks.diagnostics.internal.text.DefaultTextReportBuilder;
import org.gradle.internal.Factory;
import org.gradle.internal.UncheckedException;
import org.gradle.internal.component.external.model.ModuleComponentArtifactIdentifier;
import org.gradle.internal.deprecation.DeprecatableConfiguration;
import org.gradle.internal.hash.ChecksumService;
import org.gradle.internal.impldep.com.amazonaws.auth.internal.SignerConstants;
import org.gradle.internal.impldep.com.google.common.collect.ImmutableList;
import org.gradle.internal.impldep.com.google.common.collect.ImmutableSet;
import org.gradle.internal.impldep.com.google.common.collect.Sets;
import org.gradle.internal.impldep.com.google.common.collect.UnmodifiableIterator;
import org.gradle.internal.impldep.com.google.common.io.Files;
import org.gradle.internal.impldep.org.bouncycastle.bcpg.ArmoredOutputStream;
import org.gradle.internal.impldep.org.bouncycastle.openpgp.PGPPublicKey;
import org.gradle.internal.impldep.org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.gradle.internal.operations.BuildOperationContext;
import org.gradle.internal.operations.BuildOperationDescriptor;
import org.gradle.internal.operations.BuildOperationExecutor;
import org.gradle.internal.operations.BuildOperationQueue;
import org.gradle.internal.operations.RunnableBuildOperation;
import org.gradle.security.internal.Fingerprint;
import org.gradle.security.internal.PublicKeyResultBuilder;
import org.gradle.security.internal.PublicKeyService;
import org.gradle.security.internal.SecuritySupport;

/* loaded from: input_file:org/gradle/api/internal/artifacts/ivyservice/ivyresolve/verification/writer/WriteDependencyVerificationFile.class */
public class WriteDependencyVerificationFile implements DependencyVerificationOverride, ArtifactVerificationOperation {
    private static final String SHA1 = "sha1";
    private static final String PGP_VERIFICATION_FAILED = "PGP verification failed";
    private static final String KEY_NOT_DOWNLOADED = "Key couldn't be downloaded from any key server";
    private final BuildOperationExecutor buildOperationExecutor;
    private final List<String> checksums;
    private final ChecksumService checksumService;
    private final File verificationFile;
    private final BuildTreeDefinedKeys keyrings;
    private final SignatureVerificationServiceFactory signatureVerificationServiceFactory;
    private final boolean isDryRun;
    private final boolean generatePgpInfo;
    private final boolean isExportKeyring;
    private static final Logger LOGGER = Logging.getLogger(WriteDependencyVerificationFile.class);
    private static final Action<ArtifactView.ViewConfiguration> MODULE_COMPONENT_FILES = viewConfiguration -> {
        viewConfiguration.componentFilter(componentIdentifier -> {
            return componentIdentifier instanceof ModuleComponentIdentifier;
        });
        viewConfiguration.setLenient(true);
    };
    private static final String MD5 = "md5";
    private static final String SHA256 = "sha256";
    private static final String SHA512 = "sha512";
    private static final String PGP = "pgp";
    private static final Set<String> SUPPORTED_CHECKSUMS = ImmutableSet.of(MD5, "sha1", SHA256, SHA512, PGP);
    private static final Set<String> SECURE_CHECKSUMS = ImmutableSet.of(SHA256, SHA512, PGP);
    private final DependencyVerifierBuilder verificationsBuilder = new DependencyVerifierBuilder();
    private final Set<VerificationEntry> entriesToBeWritten = Sets.newLinkedHashSetWithExpectedSize(512);
    private boolean hasMissingSignatures = false;
    private boolean hasMissingKeys = false;
    private boolean hasFailedVerification = false;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/gradle/api/internal/artifacts/ivyservice/ivyresolve/verification/writer/WriteDependencyVerificationFile$PGPPublicKeyRingListBuilder.class */
    public static class PGPPublicKeyRingListBuilder implements PublicKeyResultBuilder {
        private final ImmutableList.Builder<PGPPublicKeyRing> builder;

        private PGPPublicKeyRingListBuilder() {
            this.builder = ImmutableList.builder();
        }

        @Override // org.gradle.security.internal.PublicKeyResultBuilder
        public void keyRing(PGPPublicKeyRing pGPPublicKeyRing) {
            this.builder.add((ImmutableList.Builder<PGPPublicKeyRing>) pGPPublicKeyRing);
        }

        @Override // org.gradle.security.internal.PublicKeyResultBuilder
        public void publicKey(PGPPublicKey pGPPublicKey) {
        }

        public List<PGPPublicKeyRing> build() {
            return this.builder.build();
        }
    }

    public WriteDependencyVerificationFile(File file, BuildTreeDefinedKeys buildTreeDefinedKeys, BuildOperationExecutor buildOperationExecutor, List<String> list, ChecksumService checksumService, SignatureVerificationServiceFactory signatureVerificationServiceFactory, boolean z, boolean z2) {
        this.buildOperationExecutor = buildOperationExecutor;
        this.checksums = list;
        this.checksumService = checksumService;
        this.verificationFile = file;
        this.keyrings = buildTreeDefinedKeys;
        this.signatureVerificationServiceFactory = signatureVerificationServiceFactory;
        this.isDryRun = z;
        this.generatePgpInfo = list.contains(PGP);
        this.isExportKeyring = z2;
    }

    private void validateChecksums() {
        assertSupportedChecksums();
        warnAboutInsecureChecksums();
    }

    private void assertSupportedChecksums() {
        for (String str : this.checksums) {
            if (!SUPPORTED_CHECKSUMS.contains(str)) {
                LOGGER.warn("Invalid checksum type: '" + str + "'. You must choose one or more in " + SUPPORTED_CHECKSUMS);
            }
        }
        if (this.checksums.isEmpty()) {
            throw new DependencyVerificationException("You must specify at least one checksum type to use. You must choose one or more in " + SUPPORTED_CHECKSUMS);
        }
        assertPgpHasChecksumFallback(this.checksums);
    }

    private void assertPgpHasChecksumFallback(List<String> list) {
        if (list.size() == 1 && PGP.equals(list.get(0))) {
            throw new DependencyVerificationException("Generating a file with signature verification requires at least one checksum type (sha256 or sha512) as fallback.");
        }
    }

    private void warnAboutInsecureChecksums() {
        Stream<String> stream = this.checksums.stream();
        Set<String> set = SECURE_CHECKSUMS;
        Objects.requireNonNull(set);
        if (stream.noneMatch((v1) -> {
            return r1.contains(v1);
        })) {
            LOGGER.warn("You chose to generate " + String.join(" and ", this.checksums) + " checksums but they are all considered insecure. You should consider adding at least one of " + String.join(" or ", SECURE_CHECKSUMS) + ".");
        }
    }

    @Override // org.gradle.api.internal.artifacts.ivyservice.ivyresolve.verification.DependencyVerificationOverride
    public ModuleComponentRepository overrideDependencyVerification(ModuleComponentRepository moduleComponentRepository, String str, ResolutionStrategyInternal resolutionStrategyInternal) {
        return new DependencyVerifyingModuleComponentRepository(moduleComponentRepository, this, this.generatePgpInfo);
    }

    @Override // org.gradle.api.internal.artifacts.ivyservice.ivyresolve.verification.DependencyVerificationOverride
    public void buildFinished(Gradle gradle) {
        ensureOutputDirCreated();
        maybeReadExistingFile();
        boolean isOffline = gradle.getStartParameter().isOffline();
        SignatureVerificationService create = this.signatureVerificationServiceFactory.create(this.keyrings, DefaultKeyServers.getOrDefaults(this.verificationsBuilder.getKeyServers()), !isOffline);
        if (!this.verificationsBuilder.isUseKeyServers() && !isOffline) {
            LOGGER.lifecycle("Will use key servers to download missing keys. If you really want to ignore key servers when generating the verification file, you can use the --offline flag in addition");
        }
        try {
            try {
                validateChecksums();
                resolveAllConfigurationsConcurrently(gradle);
                computeChecksumsConcurrently(create);
                writeEntriesSerially();
                serializeResult(create);
                create.stop();
            } catch (IOException e) {
                throw UncheckedException.throwAsUncheckedException(e);
            }
        } catch (Throwable th) {
            create.stop();
            throw th;
        }
    }

    public boolean ensureOutputDirCreated() {
        return this.verificationFile.getParentFile().mkdirs();
    }

    private void serializeResult(SignatureVerificationService signatureVerificationService) throws IOException {
        File dryRunVerificationFile = this.isDryRun ? dryRunVerificationFile() : this.verificationFile;
        if (this.generatePgpInfo) {
            this.verificationsBuilder.setVerifySignatures(true);
        }
        DependencyVerifier build = this.verificationsBuilder.build();
        DependencyVerificationsXmlWriter.serialize(build, new FileOutputStream(dryRunVerificationFile));
        if (this.isExportKeyring) {
            exportKeys(signatureVerificationService, build);
        }
    }

    private File dryRunVerificationFile() {
        return new File(this.verificationFile.getParent(), Files.getNameWithoutExtension(this.verificationFile.getName()) + ".dryrun.xml");
    }

    private void exportKeys(SignatureVerificationService signatureVerificationService, DependencyVerifier dependencyVerifier) throws IOException {
        BuildTreeDefinedKeys dryRun = this.isDryRun ? this.keyrings.dryRun() : this.keyrings;
        HashSet newHashSet = Sets.newHashSet();
        Stream<R> map = dependencyVerifier.getConfiguration().getTrustedKeys().stream().map((v0) -> {
            return v0.getKeyId();
        });
        Objects.requireNonNull(newHashSet);
        map.forEach((v1) -> {
            r1.add(v1);
        });
        Stream<R> map2 = dependencyVerifier.getConfiguration().getIgnoredKeys().stream().map((v0) -> {
            return v0.getKeyId();
        });
        Objects.requireNonNull(newHashSet);
        map2.forEach((v1) -> {
            r1.add(v1);
        });
        Stream flatMap = dependencyVerifier.getVerificationMetadata().stream().flatMap(componentVerificationMetadata -> {
            return componentVerificationMetadata.getArtifactVerifications().stream();
        }).flatMap(artifactVerificationMetadata -> {
            return Stream.concat(artifactVerificationMetadata.getTrustedPgpKeys().stream(), artifactVerificationMetadata.getIgnoredPgpKeys().stream().map((v0) -> {
                return v0.getKeyId();
            }));
        });
        Objects.requireNonNull(newHashSet);
        flatMap.forEach((v1) -> {
            r1.add(v1);
        });
        exportKeyRingCollection(signatureVerificationService.getPublicKeyService(), dryRun, newHashSet);
    }

    private void maybeReadExistingFile() {
        if (this.verificationFile.exists()) {
            LOGGER.info("Found dependency verification metadata file, updating");
            try {
                DependencyVerificationsXmlReader.readFromXml(new FileInputStream(this.verificationFile), this.verificationsBuilder);
            } catch (FileNotFoundException e) {
                throw new UncheckedIOException(e);
            }
        }
    }

    private void writeEntriesSerially() {
        AtomicReference atomicReference = new AtomicReference();
        this.entriesToBeWritten.stream().sorted().filter(this::shouldWriteEntry).forEachOrdered(verificationEntry -> {
            registerEntryToBuilder(verificationEntry, atomicReference);
        });
        printWarnings();
    }

    private void printWarnings() {
        if (this.hasMissingKeys || this.hasFailedVerification) {
            StringBuilder sb = new StringBuilder("A verification file was generated but some problems were discovered:\n");
            if (this.hasMissingSignatures) {
                sb.append("   - some artifacts aren't signed or the signature couldn't be retrieved.");
                sb.append(SignerConstants.LINE_SEPARATOR);
            }
            if (this.hasMissingKeys) {
                sb.append("   - some keys couldn't be downloaded. They were automatically added as ignored keys but you should review if this is acceptable. Look for entries with the following comment: ");
                sb.append(KEY_NOT_DOWNLOADED);
                sb.append(SignerConstants.LINE_SEPARATOR);
            }
            if (this.hasFailedVerification) {
                sb.append("   - some signature verification failed. Checksums were generated for those artifacts but you MUST check if there's an actual problem. Look for entries with the following comment: ");
                sb.append(PGP_VERIFICATION_FAILED);
                sb.append(SignerConstants.LINE_SEPARATOR);
            }
            LOGGER.warn(sb.toString());
        }
    }

    private void registerEntryToBuilder(VerificationEntry verificationEntry, AtomicReference<PgpEntry> atomicReference) {
        PgpEntry pgpEntry = atomicReference.get();
        if (pgpEntry != null && !pgpEntry.id.equals(verificationEntry.id)) {
            pgpEntry = null;
            atomicReference.set(null);
        }
        if (!(verificationEntry instanceof ChecksumEntry)) {
            PgpEntry pgpEntry2 = (PgpEntry) verificationEntry;
            atomicReference.set(pgpEntry2);
            TreeSet newTreeSet = Sets.newTreeSet(pgpEntry2.getFailed());
            Iterator it = newTreeSet.iterator();
            while (it.hasNext()) {
                this.verificationsBuilder.addIgnoredKey(pgpEntry2.id, new IgnoredKey((String) it.next(), PGP_VERIFICATION_FAILED));
            }
            if (pgpEntry2.hasArtifactLevelKeys()) {
                for (String str : pgpEntry2.getArtifactLevelKeys()) {
                    if (!newTreeSet.contains(str)) {
                        this.verificationsBuilder.addTrustedKey(pgpEntry2.id, str);
                    }
                }
                return;
            }
            return;
        }
        ChecksumEntry checksumEntry = (ChecksumEntry) verificationEntry;
        if (pgpEntry == null || (verificationEntry.id.equals(pgpEntry.id) && pgpEntry.isRequiringChecksums())) {
            String str2 = "Generated by Gradle";
            if (pgpEntry != null) {
                if (pgpEntry.isFailed()) {
                    this.hasFailedVerification = true;
                    str2 = str2 + " because PGP signature verification failed!";
                } else if (pgpEntry.hasSignatureFile()) {
                    this.hasMissingKeys = true;
                    str2 = str2 + " because a key couldn't be downloaded";
                } else {
                    this.hasMissingSignatures = true;
                    str2 = str2 + " because artifact wasn't signed";
                }
            }
            this.verificationsBuilder.addChecksum(verificationEntry.id, checksumEntry.getChecksumKind(), checksumEntry.getChecksum(), str2);
        }
    }

    private boolean shouldWriteEntry(VerificationEntry verificationEntry) {
        return verificationEntry instanceof ChecksumEntry ? (((ChecksumEntry) verificationEntry).getChecksum() == null || isTrustedArtifact(verificationEntry.id)) ? false : true : !isTrustedArtifact(verificationEntry.id);
    }

    private void resolveAllConfigurationsConcurrently(Gradle gradle) {
        this.buildOperationExecutor.runAllWithAccessToProjectState(buildOperationQueue -> {
            for (final Project project : gradle.getRootProject().getAllprojects()) {
                buildOperationQueue.add(new RunnableBuildOperation() { // from class: org.gradle.api.internal.artifacts.ivyservice.ivyresolve.verification.writer.WriteDependencyVerificationFile.1
                    @Override // org.gradle.internal.operations.RunnableBuildOperation
                    public void run(BuildOperationContext buildOperationContext) {
                        WriteDependencyVerificationFile.resolveAllConfigurationsAndForceDownload(project);
                    }

                    @Override // org.gradle.internal.operations.BuildOperation
                    public BuildOperationDescriptor.Builder description() {
                        String str = "Resolving configurations of " + project.getDisplayName();
                        return BuildOperationDescriptor.displayName(str).progressDisplayName(str);
                    }
                });
            }
        });
    }

    private void computeChecksumsConcurrently(SignatureVerificationService signatureVerificationService) {
        Set<String> newConcurrentHashSet = this.generatePgpInfo ? Sets.newConcurrentHashSet() : null;
        this.buildOperationExecutor.runAll(buildOperationQueue -> {
            for (VerificationEntry verificationEntry : this.entriesToBeWritten) {
                if (!shouldSkipVerification(verificationEntry.getArtifactKind())) {
                    if (!verificationEntry.getFile().exists()) {
                        LOGGER.warn("Cannot compute checksum for " + verificationEntry.getFile() + " because it doesn't exist. It may indicate a corrupt or tampered cache.");
                    } else if (verificationEntry instanceof ChecksumEntry) {
                        queueChecksumVerification(buildOperationQueue, (ChecksumEntry) verificationEntry);
                    } else {
                        queueSignatureVerification(buildOperationQueue, signatureVerificationService, (PgpEntry) verificationEntry, newConcurrentHashSet);
                    }
                }
            }
        });
        if (this.generatePgpInfo) {
            postProcessPgpResults(newConcurrentHashSet);
        }
    }

    private void postProcessPgpResults(Set<String> set) {
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            this.verificationsBuilder.addIgnoredKey(new IgnoredKey(it.next(), KEY_NOT_DOWNLOADED));
        }
        new PgpKeyGrouper(this.verificationsBuilder, this.entriesToBeWritten).performPgpKeyGrouping();
    }

    private void queueSignatureVerification(BuildOperationQueue<RunnableBuildOperation> buildOperationQueue, final SignatureVerificationService signatureVerificationService, final PgpEntry pgpEntry, final Set<String> set) {
        buildOperationQueue.add(new RunnableBuildOperation() { // from class: org.gradle.api.internal.artifacts.ivyservice.ivyresolve.verification.writer.WriteDependencyVerificationFile.2
            @Override // org.gradle.internal.operations.RunnableBuildOperation
            public void run(BuildOperationContext buildOperationContext) {
                File create2 = pgpEntry.getSignatureFile().create2();
                if (create2 != null) {
                    signatureVerificationService.verify(pgpEntry.file, create2, Collections.emptySet(), Collections.emptySet(), new WriterSignatureVerificationResult(set, pgpEntry));
                }
            }

            @Override // org.gradle.internal.operations.BuildOperation
            public BuildOperationDescriptor.Builder description() {
                return BuildOperationDescriptor.displayName("Verifying dependency signature").progressDisplayName("Verifying signature of " + pgpEntry.id);
            }
        });
    }

    private void queueChecksumVerification(BuildOperationQueue<RunnableBuildOperation> buildOperationQueue, final ChecksumEntry checksumEntry) {
        buildOperationQueue.add(new RunnableBuildOperation() { // from class: org.gradle.api.internal.artifacts.ivyservice.ivyresolve.verification.writer.WriteDependencyVerificationFile.3
            @Override // org.gradle.internal.operations.RunnableBuildOperation
            public void run(BuildOperationContext buildOperationContext) {
                checksumEntry.setChecksum(WriteDependencyVerificationFile.this.createHash(checksumEntry.getFile(), checksumEntry.getChecksumKind()));
            }

            @Override // org.gradle.internal.operations.BuildOperation
            public BuildOperationDescriptor.Builder description() {
                return BuildOperationDescriptor.displayName("Computing checksums").progressDisplayName("Computing checksum of " + checksumEntry.id);
            }
        });
    }

    @Override // org.gradle.api.internal.artifacts.ivyservice.ivyresolve.verification.ArtifactVerificationOperation
    public void onArtifact(ArtifactVerificationOperation.ArtifactKind artifactKind, ModuleComponentArtifactIdentifier moduleComponentArtifactIdentifier, File file, Factory<File> factory, String str, String str2) {
        for (String str3 : this.checksums) {
            if (PGP.equals(str3)) {
                addPgp(moduleComponentArtifactIdentifier, artifactKind, file, factory);
            } else {
                addChecksum(moduleComponentArtifactIdentifier, artifactKind, file, ChecksumKind.valueOf(str3));
            }
        }
    }

    private void addPgp(ModuleComponentArtifactIdentifier moduleComponentArtifactIdentifier, ArtifactVerificationOperation.ArtifactKind artifactKind, File file, Factory<File> factory) {
        PgpEntry pgpEntry = new PgpEntry(moduleComponentArtifactIdentifier, artifactKind, file, factory);
        synchronized (this.entriesToBeWritten) {
            this.entriesToBeWritten.add(pgpEntry);
        }
    }

    private boolean shouldSkipVerification(ArtifactVerificationOperation.ArtifactKind artifactKind) {
        return artifactKind == ArtifactVerificationOperation.ArtifactKind.METADATA && !this.verificationsBuilder.isVerifyMetadata();
    }

    private void addChecksum(ModuleComponentArtifactIdentifier moduleComponentArtifactIdentifier, ArtifactVerificationOperation.ArtifactKind artifactKind, File file, ChecksumKind checksumKind) {
        ChecksumEntry checksumEntry = new ChecksumEntry(moduleComponentArtifactIdentifier, artifactKind, file, checksumKind);
        synchronized (this.entriesToBeWritten) {
            this.entriesToBeWritten.add(checksumEntry);
        }
    }

    private boolean isTrustedArtifact(ModuleComponentArtifactIdentifier moduleComponentArtifactIdentifier) {
        return this.verificationsBuilder.getTrustedArtifacts().stream().anyMatch(trustedArtifact -> {
            return trustedArtifact.matches(moduleComponentArtifactIdentifier);
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String createHash(File file, ChecksumKind checksumKind) {
        try {
            return this.checksumService.hash(file, checksumKind.getAlgorithm()).toString();
        } catch (Exception e) {
            LOGGER.debug("Error while snapshotting " + file, (Throwable) e);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void resolveAllConfigurationsAndForceDownload(Project project) {
        ((ProjectInternal) project).getOwner().applyToMutableState(projectInternal -> {
            projectInternal.getConfigurations().all(configuration -> {
                if (((DeprecatableConfiguration) configuration).canSafelyBeResolved()) {
                    try {
                        resolveAndDownloadExternalFiles(configuration);
                    } catch (Exception e) {
                        LOGGER.debug("Cannot resolve configuration {}: {}", configuration.getName(), e.getMessage());
                    }
                }
            });
        });
    }

    private static void resolveAndDownloadExternalFiles(Configuration configuration) {
        configuration.getIncoming().artifactView(MODULE_COMPONENT_FILES).getFiles().getFiles();
    }

    private void exportKeyRingCollection(PublicKeyService publicKeyService, BuildTreeDefinedKeys buildTreeDefinedKeys, Set<String> set) throws IOException {
        List<PGPPublicKeyRing> loadExistingKeyRing = loadExistingKeyRing(buildTreeDefinedKeys);
        PGPPublicKeyRingListBuilder pGPPublicKeyRingListBuilder = new PGPPublicKeyRingListBuilder();
        for (String str : set) {
            if (str.length() <= 16) {
                publicKeyService.findByLongId(new BigInteger(str, 16).longValue(), pGPPublicKeyRingListBuilder);
            } else {
                publicKeyService.findByFingerprint(Fingerprint.fromString(str).getBytes(), pGPPublicKeyRingListBuilder);
            }
        }
        ImmutableList<PGPPublicKeyRing> build = ImmutableList.builder().addAll((Iterable) loadExistingKeyRing).addAll((Iterable) pGPPublicKeyRingListBuilder.build().stream().filter(WriteDependencyVerificationFile::hasAtLeastOnePublicKey).filter(pGPPublicKeyRing -> {
            return loadExistingKeyRing.stream().noneMatch(pGPPublicKeyRing -> {
                return keyIds(pGPPublicKeyRing).equals(keyIds(pGPPublicKeyRing));
            });
        }).collect(Collectors.toList())).build();
        File binaryKeyringsFile = buildTreeDefinedKeys.getBinaryKeyringsFile();
        writeBinaryKeyringFile(binaryKeyringsFile, build);
        File asciiKeyringsFile = buildTreeDefinedKeys.getAsciiKeyringsFile();
        writeAsciiArmoredKeyRingFile(asciiKeyringsFile, build);
        LOGGER.lifecycle("Exported {} keys to {} and {}", Integer.valueOf(build.size()), binaryKeyringsFile, asciiKeyringsFile);
    }

    private void writeAsciiArmoredKeyRingFile(File file, ImmutableList<PGPPublicKeyRing> immutableList) throws IOException {
        if (file.exists()) {
            file.delete();
        }
        boolean z = false;
        UnmodifiableIterator<PGPPublicKeyRing> it = immutableList.iterator();
        while (it.hasNext()) {
            PGPPublicKeyRing next = it.next();
            FileOutputStream fileOutputStream = new FileOutputStream(file, true);
            if (z) {
                try {
                    fileOutputStream.write(10);
                } catch (Throwable th) {
                    try {
                        fileOutputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            }
            Iterator<PGPPublicKey> publicKeys = next.getPublicKeys();
            while (publicKeys.hasNext()) {
                boolean z2 = false;
                PGPPublicKey next2 = publicKeys.next();
                fileOutputStream.write(((next2.isMasterKey() ? "pub" : "sub") + DefaultTextReportBuilder.INDENT + SecuritySupport.toLongIdHexString(next2.getKeyID()).toUpperCase() + SignerConstants.LINE_SEPARATOR).getBytes(StandardCharsets.US_ASCII));
                Iterator<String> it2 = PGPUtils.getUserIDs(next2).iterator();
                while (it2.hasNext()) {
                    z2 = true;
                    fileOutputStream.write(("uid    " + it2.next() + SignerConstants.LINE_SEPARATOR).getBytes(StandardCharsets.US_ASCII));
                }
                if (z2) {
                    fileOutputStream.write(10);
                }
            }
            fileOutputStream.close();
            FileOutputStream fileOutputStream2 = new FileOutputStream(file, true);
            try {
                ArmoredOutputStream armoredOutputStream = new ArmoredOutputStream(fileOutputStream2);
                try {
                    next.encode(armoredOutputStream, true);
                    armoredOutputStream.close();
                    fileOutputStream2.close();
                    z = true;
                } finally {
                }
            } catch (Throwable th3) {
                try {
                    fileOutputStream2.close();
                } catch (Throwable th4) {
                    th3.addSuppressed(th4);
                }
                throw th3;
            }
        }
    }

    private void writeBinaryKeyringFile(File file, ImmutableList<PGPPublicKeyRing> immutableList) throws IOException {
        FileOutputStream fileOutputStream = new FileOutputStream(file);
        try {
            UnmodifiableIterator<PGPPublicKeyRing> it = immutableList.iterator();
            while (it.hasNext()) {
                it.next().encode(fileOutputStream, true);
            }
            fileOutputStream.close();
        } catch (Throwable th) {
            try {
                fileOutputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private static boolean hasAtLeastOnePublicKey(PGPPublicKeyRing pGPPublicKeyRing) {
        return pGPPublicKeyRing.getPublicKeys().hasNext();
    }

    private List<PGPPublicKeyRing> loadExistingKeyRing(BuildTreeDefinedKeys buildTreeDefinedKeys) throws IOException {
        List<PGPPublicKeyRing> emptyList;
        if (this.isDryRun) {
            emptyList = Collections.emptyList();
        } else {
            emptyList = buildTreeDefinedKeys.loadKeys();
            LOGGER.info("Existing keyring file contains {} keyrings", Integer.valueOf(emptyList.size()));
        }
        return emptyList;
    }

    private static Set<Long> keyIds(PGPPublicKeyRing pGPPublicKeyRing) {
        return (Set) ImmutableList.copyOf(pGPPublicKeyRing.getPublicKeys()).stream().map((v0) -> {
            return v0.getKeyID();
        }).collect(Collectors.toSet());
    }
}
