package dev.sigstore.tuf;

import com.google.common.annotations.VisibleForTesting;
import dev.sigstore.json.GsonSupplier;
import dev.sigstore.tuf.model.Role;
import dev.sigstore.tuf.model.Root;
import dev.sigstore.tuf.model.SignedTufMeta;
import dev.sigstore.tuf.model.Snapshot;
import dev.sigstore.tuf.model.Targets;
import dev.sigstore.tuf.model.Timestamp;
import java.io.BufferedWriter;
import java.io.File;
import java.io.IOException;
import java.nio.file.CopyOption;
import java.nio.file.FileAlreadyExistsException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;
import java.util.Optional;

/* loaded from: input_file:dev/sigstore/tuf/FileSystemTufStore.class */
public class FileSystemTufStore implements MutableTufStore {
    private static final String ROOT_FILE_NAME = "root.json";
    private static final String SNAPSHOT_FILE_NAME = "snapshot.json";
    private static final String TIMESTAMP_FILE_NAME = "timestamp.json";
    private Path repoBaseDir;
    private Path targetsCache;

    @VisibleForTesting
    FileSystemTufStore(Path path, Path path2) {
        this.repoBaseDir = path;
        this.targetsCache = path2;
    }

    public static MutableTufStore newFileSystemStore(Path path) throws IOException {
        if (!Files.isDirectory(path, new LinkOption[0])) {
            throw new IllegalArgumentException(path + " must be a file system directory.");
        }
        Path resolve = path.resolve("targets");
        Files.createDirectory(resolve, new FileAttribute[0]);
        return newFileSystemStore(path, resolve);
    }

    static MutableTufStore newFileSystemStore(Path path, Path path2) {
        if (!Files.isDirectory(path, new LinkOption[0])) {
            throw new IllegalArgumentException(path + " must be a file system directory.");
        }
        if (Files.isDirectory(path2, new LinkOption[0])) {
            return new FileSystemTufStore(path, path2);
        }
        throw new IllegalArgumentException(path2 + " must be a file system directory.");
    }

    @Override // dev.sigstore.tuf.TufStore
    public String getIdentifier() {
        return this.repoBaseDir.toAbsolutePath().toString();
    }

    @Override // dev.sigstore.tuf.TufStore
    public Optional<Root> loadTrustedRoot() throws IOException {
        return loadRole(Role.Name.ROOT, Root.class);
    }

    @Override // dev.sigstore.tuf.TufStore
    public Optional<Timestamp> loadTimestamp() throws IOException {
        return loadRole(Role.Name.TIMESTAMP, Timestamp.class);
    }

    @Override // dev.sigstore.tuf.TufStore
    public Optional<Snapshot> loadSnapshot() throws IOException {
        return loadRole(Role.Name.SNAPSHOT, Snapshot.class);
    }

    @Override // dev.sigstore.tuf.TufStore
    public Optional<Targets> loadTargets() throws IOException {
        return loadRole(Role.Name.TARGETS, Targets.class);
    }

    @Override // dev.sigstore.tuf.MutableTufStore
    public void storeTargetFile(String str, byte[] bArr) throws IOException {
        Files.write(this.targetsCache.resolve(str), bArr, new OpenOption[0]);
    }

    @Override // dev.sigstore.tuf.TufStore
    public byte[] getTargetFile(String str) throws IOException {
        return Files.readAllBytes(this.targetsCache.resolve(str));
    }

    @Override // dev.sigstore.tuf.MutableTufStore
    public void storeMeta(SignedTufMeta<?> signedTufMeta) throws IOException {
        storeRole(signedTufMeta);
    }

    <T extends SignedTufMeta<?>> Optional<T> loadRole(Role.Name name, Class<T> cls) throws IOException {
        Path resolve = this.repoBaseDir.resolve(name + ".json");
        return !resolve.toFile().exists() ? Optional.empty() : Optional.of((SignedTufMeta) GsonSupplier.GSON.get().fromJson(Files.readString(resolve), cls));
    }

    <T extends SignedTufMeta<?>> void storeRole(T t) throws IOException {
        BufferedWriter newBufferedWriter = Files.newBufferedWriter(this.repoBaseDir.resolve(t.getSignedMeta().getType() + ".json"), new OpenOption[0]);
        try {
            GsonSupplier.GSON.get().toJson(t, newBufferedWriter);
            if (newBufferedWriter != null) {
                newBufferedWriter.close();
            }
        } catch (Throwable th) {
            if (newBufferedWriter != null) {
                try {
                    newBufferedWriter.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Override // dev.sigstore.tuf.MutableTufStore
    public void storeTrustedRoot(Root root) throws IOException {
        Optional<Root> loadTrustedRoot = loadTrustedRoot();
        if (loadTrustedRoot.isPresent()) {
            try {
                Files.move(this.repoBaseDir.resolve(ROOT_FILE_NAME), this.repoBaseDir.resolve(loadTrustedRoot.get().getSignedMeta().getVersion() + ".root.json"), new CopyOption[0]);
            } catch (FileAlreadyExistsException e) {
            }
        }
        storeRole(root);
    }

    @Override // dev.sigstore.tuf.MutableTufStore
    public void clearMetaDueToKeyRotation() throws IOException {
        File file = this.repoBaseDir.resolve(SNAPSHOT_FILE_NAME).toFile();
        if (file.exists()) {
            Files.delete(file.toPath());
        }
        File file2 = this.repoBaseDir.resolve(TIMESTAMP_FILE_NAME).toFile();
        if (file2.exists()) {
            Files.delete(file2.toPath());
        }
    }
}
