package com.gluonhq.substrate.util.ios;

import com.gluonhq.substrate.model.InternalProjectConfiguration;
import com.gluonhq.substrate.model.ProcessPaths;
import com.gluonhq.substrate.util.FileOps;
import com.gluonhq.substrate.util.Logger;
import com.gluonhq.substrate.util.ProcessRunner;
import com.gluonhq.substrate.util.XcodeUtils;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.FileVisitOption;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.StandardCopyOption;
import java.time.LocalDate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Comparator;
import java.util.List;
import java.util.Locale;
import java.util.Objects;
import java.util.stream.Collectors;
import java.util.stream.Stream;

/* loaded from: input_file:com/gluonhq/substrate/util/ios/CodeSigning.class */
public class CodeSigning {
    private static final String CODESIGN_OK_1 = "satisfies its Designated Requirement";
    private static final String CODESIGN_OK_2 = "valid on disk";
    private static final String CODESING_OK_3 = "explicit requirement satisfied";
    private static final String CODESIGN_ALLOCATE_ENV = "CODESIGN_ALLOCATE";
    private static final String EMBEDDED_PROVISIONING_PROFILE = "embedded.mobileprovision";
    private static String ERRLINK = "Please check https://docs.gluonhq.com/client/ for more information.";
    private MobileProvision mobileProvision = null;
    private Identity identity = null;
    private List<MobileProvision> mobileProvisions;
    private List<Identity> identities;
    private final String providedIdentityName;
    private final String providedMobileProvision;
    private String bundleId;
    private final ProcessPaths paths;
    private final InternalProjectConfiguration projectConfiguration;
    private final String sourceOS;
    private final Path appPath;
    private final Path tmpPath;
    private NSDictionaryEx dictionary;

    public CodeSigning(ProcessPaths processPaths, InternalProjectConfiguration internalProjectConfiguration) {
        this.paths = processPaths;
        this.projectConfiguration = internalProjectConfiguration;
        this.sourceOS = internalProjectConfiguration.getTargetTriplet().getOs();
        this.bundleId = InfoPlist.getBundleId(InfoPlist.getPlistPath(processPaths, this.sourceOS), this.sourceOS);
        this.appPath = processPaths.getAppPath().resolve(internalProjectConfiguration.getAppName() + ".app");
        this.tmpPath = processPaths.getTmpPath();
        this.providedIdentityName = internalProjectConfiguration.getIosSigningConfiguration().getProvidedSigningIdentity();
        this.providedMobileProvision = internalProjectConfiguration.getIosSigningConfiguration().getProvidedProvisioningProfile();
    }

    public boolean signApp() throws IOException, InterruptedException {
        assertValidIdentity();
        MobileProvision provisioningProfile = getProvisioningProfile();
        if (provisioningProfile == null) {
            throw new RuntimeException("Provisioning profile not found.\n" + ERRLINK);
        }
        Files.copy(provisioningProfile.getProvisioningPath(), this.appPath.resolve(EMBEDDED_PROVISIONING_PROFILE), StandardCopyOption.REPLACE_EXISTING);
        Path entitlementsPath = getEntitlementsPath(this.bundleId, getProvisioningProfile().isTaskAllow());
        Logger.logDebug("Signing with entitlements path: " + entitlementsPath);
        return sign(entitlementsPath, this.appPath);
    }

    private void assertValidIdentity() {
        List<Identity> identity = getIdentity();
        if (identity == null || identity.isEmpty()) {
            throw new RuntimeException("No valid Identity (Certificate) found for iOS development.\n" + ERRLINK);
        }
    }

    private MobileProvision getProvisioningProfile() throws IOException {
        if (this.bundleId == null) {
            this.bundleId = InfoPlist.getBundleId(InfoPlist.getPlistPath(this.paths, this.sourceOS), this.sourceOS);
        }
        if (this.mobileProvision == null) {
            for (Identity identity : getIdentity()) {
                this.mobileProvision = findMobileProvision(identity, this.bundleId, this.bundleId);
                if (this.mobileProvision != null && (this.providedMobileProvision == null || this.providedMobileProvision.equals(this.mobileProvision.getName()))) {
                    this.identity = identity;
                    Logger.logDebug("Got provisioning profile: " + this.mobileProvision.getName());
                    return this.mobileProvision;
                }
            }
            Logger.logInfo("Warning, getProvisioningProfile is failing");
        }
        return this.mobileProvision;
    }

    private MobileProvision findMobileProvision(Identity identity, String str, String str2) {
        Logger.logDebug("Mobile provision asked with bundleId = " + str + " (initial bundleId: " + str2 + ")");
        return retrieveValidMobileProvisions().stream().filter(mobileProvision -> {
            return filterByIdentifier(mobileProvision, str);
        }).filter(mobileProvision2 -> {
            return filterByCertificate(mobileProvision2, identity).booleanValue();
        }).findFirst().orElseGet(() -> {
            return tryModifiedBundleId(identity, str, str2);
        });
    }

    private boolean filterByIdentifier(MobileProvision mobileProvision, String str) {
        Logger.logDebug("Checking mobile provision " + mobileProvision.getAppIdName());
        return mobileProvision.getAppIdentifier().equals(mobileProvision.getAppIdentifierPrefix() + "." + str);
    }

    private Boolean filterByCertificate(MobileProvision mobileProvision, Identity identity) {
        return (Boolean) mobileProvision.getDeveloperCertificates().stream().filter(str -> {
            return str.equals(identity.getSha1());
        }).findFirst().map(str2 -> {
            Logger.logDebug(mobileProvision.getName() + " matches " + identity);
            return true;
        }).orElseGet(() -> {
            Logger.logDebug("App identifiers match, but there are not fingerprint matches");
            return false;
        });
    }

    private MobileProvision tryModifiedBundleId(Identity identity, String str, String str2) {
        if (str.equals("*")) {
            Logger.logInfo("No mobile provision was found matching signing identity '" + identity.getCommonName() + "' and app bundle ID '" + str2 + "'");
            return null;
        }
        if (!str.contains(".")) {
            return findMobileProvision(identity, "*", str2);
        }
        String[] split = str.split("\\.");
        String str3 = (String) Stream.of((Object[]) split).limit(split[split.length - 1].equals("*") ? r0 - 1 : r0).collect(Collectors.joining("."));
        return findMobileProvision(identity, str3.isEmpty() ? "*" : str3.concat(".*"), str2);
    }

    private List<MobileProvision> retrieveValidMobileProvisions() {
        LocalDate now = LocalDate.now();
        if (this.mobileProvisions == null) {
            this.mobileProvisions = retrieveAllMobileProvisions();
        }
        return (List) this.mobileProvisions.stream().filter(mobileProvision -> {
            LocalDate expirationDate = mobileProvision.getExpirationDate();
            return (expirationDate == null || expirationDate.isBefore(now)) ? false : true;
        }).collect(Collectors.toList());
    }

    public static List<MobileProvision> retrieveAllMobileProvisions() {
        Path path = Paths.get(System.getProperty("user.home"), "Library", "MobileDevice", "Provisioning Profiles");
        if (!Files.exists(path, new LinkOption[0]) || !Files.isDirectory(path, new LinkOption[0])) {
            Logger.logSevere("Invalid provisioning profiles folder at " + path.toString());
            return Collections.emptyList();
        }
        try {
            return (List) Files.walk(path, new FileVisitOption[0]).filter(path2 -> {
                return path2.toFile().getName().endsWith(MobileProvision.MOBILE_PROVISION_EXTENSION);
            }).map(MobileProvision::new).sorted(Comparator.comparing(mobileProvision -> {
                return mobileProvision.getName().toLowerCase(Locale.ROOT);
            })).collect(Collectors.toList());
        } catch (IOException e) {
            Logger.logSevere("Invalid provisioning profiles files: " + e.getMessage());
            return Collections.emptyList();
        }
    }

    private boolean sign(Path path, Path path2) throws IOException, InterruptedException {
        if (this.identity == null) {
            getProvisioningProfile();
            if (this.identity == null) {
                throw new IOException("Error signing app: signing identity was null");
            }
        }
        Logger.logDebug("Signing app with identity: " + this.identity);
        ProcessRunner processRunner = new ProcessRunner("codesign", "--force", "--sign", this.identity.getSha1());
        if (path != null) {
            processRunner.addArgs("--entitlements", path.toString());
        }
        if (this.projectConfiguration.isVerbose()) {
            processRunner.addArg("--verbose");
        }
        processRunner.addArg(path2.toString());
        processRunner.addToEnv(CODESIGN_ALLOCATE_ENV, XcodeUtils.getCommandForSdk("codesign_allocate", "iphoneos"));
        if (!processRunner.runTimedProcess("codesign", 30L)) {
            Logger.logSevere("Codesign process failed");
            return false;
        }
        if (verifyCodesign(path2)) {
            Logger.logDebug("Signing done successfully");
            return true;
        }
        Logger.logSevere("Codesign validation failed");
        return false;
    }

    private boolean verifyCodesign(Path path) throws IOException, InterruptedException {
        Logger.logDebug("Validating codesign...");
        ProcessRunner processRunner = new ProcessRunner("codesign", "--verify", "-vvvv", path.toAbsolutePath().toString());
        if (processRunner.runTimedProcess("verify", 5L)) {
            return processRunner.getResponses().stream().anyMatch(str -> {
                return str.contains(CODESIGN_OK_1) || str.contains(CODESIGN_OK_2) || str.contains(CODESING_OK_3);
            });
        }
        return false;
    }

    private Path getEntitlementsPath(String str, boolean z) throws IOException {
        getProvisioningProfile();
        Path resolve = this.tmpPath.resolve("Entitlements.plist");
        try {
            InputStream resourceAsStream = FileOps.resourceAsStream("/native/ios/Entitlements.plist");
            try {
                this.dictionary = new NSDictionaryEx(resourceAsStream);
                if (resourceAsStream != null) {
                    resourceAsStream.close();
                }
                if (this.mobileProvision != null) {
                    NSDictionaryEx entitlements = this.mobileProvision.getEntitlements();
                    Arrays.stream(entitlements.getAllKeys()).filter(str2 -> {
                        return this.dictionary.get(str2) == null;
                    }).forEach(str3 -> {
                        this.dictionary.put(str3, entitlements.get(str3));
                    });
                    this.dictionary.put("application-identifier", this.mobileProvision.getAppIdentifierPrefix() + "." + str);
                }
                this.dictionary.put("get-task-allow", Boolean.valueOf(z));
                Logger.logDebug("Entitlements.plist = " + this.dictionary.getEntrySet());
                this.dictionary.saveAsXML(resolve);
                return resolve;
            } finally {
            }
        } catch (Exception e) {
            e.printStackTrace();
            throw new IOException("Error reading default entitlements: ", e);
        }
    }

    private List<Identity> getIdentity() {
        return this.providedIdentityName != null ? findIdentityByName(this.providedIdentityName) : findIdentityByPattern();
    }

    private List<Identity> findIdentityByName(String str) {
        if (str == null) {
            return Collections.emptyList();
        }
        if (this.identities == null) {
            this.identities = retrieveAllIdentities();
        }
        return (List) this.identities.stream().filter(identity -> {
            return identity.getCommonName().equals(str);
        }).collect(Collectors.toList());
    }

    private List<Identity> findIdentityByPattern() {
        if (this.identities == null) {
            this.identities = retrieveAllIdentities();
        }
        return (List) this.identities.stream().filter(identity -> {
            return Identity.IDENTITY_NAME_PATTERN.matcher(identity.getCommonName()).find();
        }).collect(Collectors.toList());
    }

    public static List<Identity> retrieveAllIdentities() {
        ProcessRunner processRunner = new ProcessRunner("security", "find-identity", "-p", "codesigning", "-v");
        try {
            if (processRunner.runProcess("security") == 0) {
                return (List) processRunner.getResponses().stream().map(str -> {
                    return Identity.IDENTITY_PATTERN.matcher(str.trim());
                }).filter((v0) -> {
                    return v0.find();
                }).map(matcher -> {
                    String group = matcher.group(3);
                    if (group == null || !group.startsWith("CSSMERR")) {
                        return new Identity(matcher.group(1), matcher.group(2));
                    }
                    return null;
                }).filter((v0) -> {
                    return Objects.nonNull(v0);
                }).sorted(Comparator.comparing(identity -> {
                    return identity.getCommonName().toLowerCase(Locale.ROOT);
                })).collect(Collectors.toList());
            }
        } catch (IOException | InterruptedException e) {
            Logger.logFatal(e, "There was an error retrieving identities for codesigning: " + e.getMessage());
        }
        return new ArrayList();
    }
}
