package org.gradle.api.internal.artifacts.verification.verifier;

import java.io.File;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.annotation.Nullable;
import org.gradle.api.artifacts.component.ModuleComponentIdentifier;
import org.gradle.api.internal.artifacts.ivyservice.ivyresolve.verification.ArtifactVerificationOperation;
import org.gradle.api.internal.artifacts.verification.model.ArtifactVerificationMetadata;
import org.gradle.api.internal.artifacts.verification.model.Checksum;
import org.gradle.api.internal.artifacts.verification.model.ChecksumKind;
import org.gradle.api.internal.artifacts.verification.model.ComponentVerificationMetadata;
import org.gradle.api.internal.artifacts.verification.model.IgnoredKey;
import org.gradle.api.internal.artifacts.verification.signatures.SignatureVerificationResultBuilder;
import org.gradle.api.internal.artifacts.verification.signatures.SignatureVerificationService;
import org.gradle.api.internal.artifacts.verification.verifier.SignatureVerificationFailure;
import org.gradle.internal.component.external.model.ModuleComponentArtifactIdentifier;
import org.gradle.internal.hash.ChecksumService;
import org.gradle.internal.hash.HashCode;
import org.gradle.internal.impldep.com.google.common.collect.ImmutableList;
import org.gradle.internal.impldep.com.google.common.collect.ImmutableMap;
import org.gradle.internal.impldep.com.google.common.collect.Lists;
import org.gradle.internal.impldep.com.google.common.collect.Maps;
import org.gradle.internal.impldep.com.google.common.collect.Sets;
import org.gradle.internal.impldep.org.bouncycastle.openpgp.PGPPublicKey;
import org.gradle.security.internal.Fingerprint;
import org.gradle.security.internal.PublicKeyService;

/* loaded from: input_file:org/gradle/api/internal/artifacts/verification/verifier/DependencyVerifier.class */
public class DependencyVerifier {
    private final Map<String, ComponentVerificationMetadata> verificationMetadata;
    private final DependencyVerificationConfiguration config;
    private final List<String> topLevelComments;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/gradle/api/internal/artifacts/verification/verifier/DependencyVerifier$DefaultSignatureVerificationResultBuilder.class */
    public static class DefaultSignatureVerificationResultBuilder implements SignatureVerificationResultBuilder {
        private final File file;
        private final File signatureFile;
        private List<String> missingKeys;
        private List<PGPPublicKey> trustedKeys;
        private List<PGPPublicKey> validNotTrusted;
        private List<PGPPublicKey> failedKeys;
        private List<String> ignoredKeys;

        private DefaultSignatureVerificationResultBuilder(File file, File file2) {
            this.missingKeys = null;
            this.trustedKeys = null;
            this.validNotTrusted = null;
            this.failedKeys = null;
            this.ignoredKeys = null;
            this.file = file;
            this.signatureFile = file2;
        }

        @Override // org.gradle.api.internal.artifacts.verification.signatures.SignatureVerificationResultBuilder
        public void missingKey(String str) {
            if (this.missingKeys == null) {
                this.missingKeys = Lists.newArrayList();
            }
            this.missingKeys.add(str);
        }

        @Override // org.gradle.api.internal.artifacts.verification.signatures.SignatureVerificationResultBuilder
        public void verified(PGPPublicKey pGPPublicKey, boolean z) {
            if (z) {
                if (this.trustedKeys == null) {
                    this.trustedKeys = Lists.newArrayList();
                }
                this.trustedKeys.add(pGPPublicKey);
            } else {
                if (this.validNotTrusted == null) {
                    this.validNotTrusted = Lists.newArrayList();
                }
                this.validNotTrusted.add(pGPPublicKey);
            }
        }

        @Override // org.gradle.api.internal.artifacts.verification.signatures.SignatureVerificationResultBuilder
        public void failed(PGPPublicKey pGPPublicKey) {
            if (this.failedKeys == null) {
                this.failedKeys = Lists.newArrayList();
            }
            this.failedKeys.add(pGPPublicKey);
        }

        @Override // org.gradle.api.internal.artifacts.verification.signatures.SignatureVerificationResultBuilder
        public void ignored(String str) {
            if (this.ignoredKeys == null) {
                this.ignoredKeys = Lists.newArrayList();
            }
            this.ignoredKeys.add(str);
        }

        boolean hasOnlyIgnoredKeys() {
            return this.ignoredKeys != null && this.trustedKeys == null && this.validNotTrusted == null && this.missingKeys == null && this.failedKeys == null;
        }

        public SignatureVerificationFailure asError(PublicKeyService publicKeyService) {
            HashMap newHashMap = Maps.newHashMap();
            if (this.missingKeys != null) {
                Iterator<String> it = this.missingKeys.iterator();
                while (it.hasNext()) {
                    newHashMap.put(it.next(), DependencyVerifier.error(null, SignatureVerificationFailure.FailureKind.MISSING_KEY));
                }
            }
            if (this.failedKeys != null) {
                for (PGPPublicKey pGPPublicKey : this.failedKeys) {
                    newHashMap.put(Fingerprint.of(pGPPublicKey).toString(), DependencyVerifier.error(pGPPublicKey, SignatureVerificationFailure.FailureKind.FAILED));
                }
            }
            if (this.validNotTrusted != null) {
                for (PGPPublicKey pGPPublicKey2 : this.validNotTrusted) {
                    newHashMap.put(Fingerprint.of(pGPPublicKey2).toString(), DependencyVerifier.error(pGPPublicKey2, SignatureVerificationFailure.FailureKind.PASSED_NOT_TRUSTED));
                }
            }
            if (this.ignoredKeys != null) {
                Iterator<String> it2 = this.ignoredKeys.iterator();
                while (it2.hasNext()) {
                    newHashMap.put(it2.next(), DependencyVerifier.error(null, SignatureVerificationFailure.FailureKind.IGNORED_KEY));
                }
            }
            return new SignatureVerificationFailure(this.file, this.signatureFile, ImmutableMap.copyOf((Map) newHashMap), publicKeyService);
        }

        public boolean hasError() {
            return (this.failedKeys == null && this.validNotTrusted == null && this.missingKeys == null) ? false : true;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public DependencyVerifier(Map<ModuleComponentIdentifier, ComponentVerificationMetadata> map, DependencyVerificationConfiguration dependencyVerificationConfiguration, List<String> list) {
        this.verificationMetadata = (Map) map.entrySet().stream().collect(ImmutableMap.toImmutableMap(entry -> {
            return toStringKey((ModuleComponentIdentifier) entry.getKey());
        }, (v0) -> {
            return v0.getValue();
        }));
        this.config = dependencyVerificationConfiguration;
        this.topLevelComments = list;
    }

    public void verify(ChecksumService checksumService, SignatureVerificationService signatureVerificationService, ArtifactVerificationOperation.ArtifactKind artifactKind, ModuleComponentArtifactIdentifier moduleComponentArtifactIdentifier, File file, File file2, ArtifactVerificationResultBuilder artifactVerificationResultBuilder) {
        if (shouldSkipVerification(artifactKind)) {
            return;
        }
        performVerification(moduleComponentArtifactIdentifier, checksumService, signatureVerificationService, file, file2, verificationFailure -> {
            if (isTrustedArtifact(moduleComponentArtifactIdentifier)) {
                return;
            }
            artifactVerificationResultBuilder.failWith(verificationFailure);
        });
    }

    private boolean shouldSkipVerification(ArtifactVerificationOperation.ArtifactKind artifactKind) {
        return artifactKind == ArtifactVerificationOperation.ArtifactKind.METADATA && !this.config.isVerifyMetadata();
    }

    private boolean isTrustedArtifact(ModuleComponentArtifactIdentifier moduleComponentArtifactIdentifier) {
        return this.config.getTrustedArtifacts().stream().anyMatch(trustedArtifact -> {
            return trustedArtifact.matches(moduleComponentArtifactIdentifier);
        });
    }

    private void performVerification(ModuleComponentArtifactIdentifier moduleComponentArtifactIdentifier, ChecksumService checksumService, SignatureVerificationService signatureVerificationService, File file, File file2, ArtifactVerificationResultBuilder artifactVerificationResultBuilder) {
        if (file.exists()) {
            doVerifyArtifact(moduleComponentArtifactIdentifier, checksumService, signatureVerificationService, file, file2, artifactVerificationResultBuilder);
        } else {
            artifactVerificationResultBuilder.failWith(new DeletedArtifact(file));
        }
    }

    private void doVerifyArtifact(ModuleComponentArtifactIdentifier moduleComponentArtifactIdentifier, ChecksumService checksumService, SignatureVerificationService signatureVerificationService, File file, File file2, ArtifactVerificationResultBuilder artifactVerificationResultBuilder) {
        PublicKeyService publicKeyService = signatureVerificationService.getPublicKeyService();
        ComponentVerificationMetadata componentVerificationMetadata = this.verificationMetadata.get(toStringKey(moduleComponentArtifactIdentifier.getComponentIdentifier()));
        if (componentVerificationMetadata != null) {
            Object fileName = moduleComponentArtifactIdentifier.getFileName();
            for (ArtifactVerificationMetadata artifactVerificationMetadata : componentVerificationMetadata.getArtifactVerifications()) {
                if (artifactVerificationMetadata.getArtifactName().equals(fileName)) {
                    if (file2 == null) {
                        if (this.config.isVerifySignatures()) {
                            artifactVerificationResultBuilder.failWith(new MissingSignature(file));
                        }
                        if (artifactVerificationMetadata.getChecksums().isEmpty()) {
                            artifactVerificationResultBuilder.failWith(new MissingChecksums(file));
                            return;
                        }
                    } else {
                        DefaultSignatureVerificationResultBuilder defaultSignatureVerificationResultBuilder = new DefaultSignatureVerificationResultBuilder(file, file2);
                        verifySignature(signatureVerificationService, file, file2, allTrustedKeys(moduleComponentArtifactIdentifier, artifactVerificationMetadata.getTrustedPgpKeys()), allIgnoredKeys(artifactVerificationMetadata.getIgnoredPgpKeys()), defaultSignatureVerificationResultBuilder);
                        if (defaultSignatureVerificationResultBuilder.hasOnlyIgnoredKeys()) {
                            artifactVerificationResultBuilder.failWith(new OnlyIgnoredKeys(file));
                            if (artifactVerificationMetadata.getChecksums().isEmpty()) {
                                artifactVerificationResultBuilder.failWith(new MissingChecksums(file));
                                return;
                            } else {
                                verifyChecksums(checksumService, file, artifactVerificationMetadata, artifactVerificationResultBuilder);
                                return;
                            }
                        }
                        if (defaultSignatureVerificationResultBuilder.hasError()) {
                            artifactVerificationResultBuilder.failWith(defaultSignatureVerificationResultBuilder.asError(publicKeyService));
                            return;
                        }
                    }
                    verifyChecksums(checksumService, file, artifactVerificationMetadata, artifactVerificationResultBuilder);
                    return;
                }
            }
        }
        if (file2 != null) {
            DefaultSignatureVerificationResultBuilder defaultSignatureVerificationResultBuilder2 = new DefaultSignatureVerificationResultBuilder(file, file2);
            verifySignature(signatureVerificationService, file, file2, allTrustedKeys(moduleComponentArtifactIdentifier, Collections.emptySet()), allIgnoredKeys(Collections.emptySet()), defaultSignatureVerificationResultBuilder2);
            if (defaultSignatureVerificationResultBuilder2.hasError()) {
                artifactVerificationResultBuilder.failWith(defaultSignatureVerificationResultBuilder2.asError(publicKeyService));
                return;
            } else if (!defaultSignatureVerificationResultBuilder2.hasOnlyIgnoredKeys()) {
                return;
            }
        }
        artifactVerificationResultBuilder.failWith(new MissingChecksums(file));
    }

    private String toStringKey(ModuleComponentIdentifier moduleComponentIdentifier) {
        return moduleComponentIdentifier.getGroup() + ":" + moduleComponentIdentifier.getModule() + ":" + moduleComponentIdentifier.getVersion();
    }

    private Set<String> allTrustedKeys(ModuleComponentArtifactIdentifier moduleComponentArtifactIdentifier, Set<String> set) {
        if (this.config.getTrustedKeys().isEmpty()) {
            return set;
        }
        HashSet newHashSet = Sets.newHashSet(set);
        this.config.getTrustedKeys().stream().filter(trustedKey -> {
            return trustedKey.matches(moduleComponentArtifactIdentifier);
        }).forEach(trustedKey2 -> {
            newHashSet.add(trustedKey2.getKeyId());
        });
        return newHashSet;
    }

    private Set<String> allIgnoredKeys(Set<IgnoredKey> set) {
        if (this.config.getIgnoredKeys().isEmpty()) {
            return (Set) set.stream().map((v0) -> {
                return v0.getKeyId();
            }).collect(Collectors.toSet());
        }
        if (set.isEmpty()) {
            return (Set) this.config.getIgnoredKeys().stream().map((v0) -> {
                return v0.getKeyId();
            }).collect(Collectors.toSet());
        }
        HashSet newHashSet = Sets.newHashSet();
        Stream<R> map = set.stream().map((v0) -> {
            return v0.getKeyId();
        });
        Objects.requireNonNull(newHashSet);
        map.forEach((v1) -> {
            r1.add(v1);
        });
        Stream<R> map2 = this.config.getIgnoredKeys().stream().map((v0) -> {
            return v0.getKeyId();
        });
        Objects.requireNonNull(newHashSet);
        map2.forEach((v1) -> {
            r1.add(v1);
        });
        return newHashSet;
    }

    private void verifySignature(SignatureVerificationService signatureVerificationService, File file, File file2, Set<String> set, Set<String> set2, SignatureVerificationResultBuilder signatureVerificationResultBuilder) {
        signatureVerificationService.verify(file, file2, set, set2, signatureVerificationResultBuilder);
    }

    private void verifyChecksums(ChecksumService checksumService, File file, ArtifactVerificationMetadata artifactVerificationMetadata, ArtifactVerificationResultBuilder artifactVerificationResultBuilder) {
        for (Checksum checksum : artifactVerificationMetadata.getChecksums()) {
            verifyChecksum(checksum.getKind(), file, checksum.getValue(), checksum.getAlternatives(), checksumService, artifactVerificationResultBuilder);
        }
    }

    private static void verifyChecksum(ChecksumKind checksumKind, File file, String str, Set<String> set, ChecksumService checksumService, ArtifactVerificationResultBuilder artifactVerificationResultBuilder) {
        String checksumOf = checksumOf(checksumKind, file, checksumService);
        if (str.equals(checksumOf)) {
            return;
        }
        if (set != null) {
            Iterator<String> it = set.iterator();
            while (it.hasNext()) {
                if (checksumOf.equals(it.next())) {
                    return;
                }
            }
        }
        artifactVerificationResultBuilder.failWith(new ChecksumVerificationFailure(file, checksumKind, str, checksumOf));
    }

    private static String checksumOf(ChecksumKind checksumKind, File file, ChecksumService checksumService) {
        HashCode hashCode = null;
        switch (checksumKind) {
            case md5:
                hashCode = checksumService.md5(file);
                break;
            case sha1:
                hashCode = checksumService.sha1(file);
                break;
            case sha256:
                hashCode = checksumService.sha256(file);
                break;
            case sha512:
                hashCode = checksumService.sha512(file);
                break;
        }
        return hashCode.toString();
    }

    public Collection<ComponentVerificationMetadata> getVerificationMetadata() {
        return this.verificationMetadata.values();
    }

    public DependencyVerificationConfiguration getConfiguration() {
        return this.config;
    }

    public List<String> getTopLevelComments() {
        return this.topLevelComments;
    }

    public List<String> getSuggestedWriteFlags() {
        LinkedHashSet newLinkedHashSet = Sets.newLinkedHashSet();
        if (this.config.isVerifySignatures()) {
            newLinkedHashSet.add("pgp");
        }
        getVerificationMetadata().forEach(componentVerificationMetadata -> {
            componentVerificationMetadata.getArtifactVerifications().forEach(artifactVerificationMetadata -> {
                artifactVerificationMetadata.getChecksums().forEach(checksum -> {
                    newLinkedHashSet.add(checksum.getKind().name());
                });
            });
        });
        if (Collections.singleton("pgp").equals(newLinkedHashSet)) {
            newLinkedHashSet.add("sha512");
        }
        return ImmutableList.copyOf((Collection) newLinkedHashSet);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static SignatureVerificationFailure.SignatureError error(@Nullable PGPPublicKey pGPPublicKey, SignatureVerificationFailure.FailureKind failureKind) {
        return new SignatureVerificationFailure.SignatureError(pGPPublicKey, failureKind);
    }
}
