package org.jreleaser.sdk.tool;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import org.jreleaser.bundle.RB;
import org.jreleaser.model.JReleaserContext;
import org.jreleaser.util.StringUtils;
import org.jreleaser.util.command.Command;
import org.jreleaser.util.command.CommandException;
import org.jreleaser.util.command.CommandExecutor;
import org.jreleaser.util.signing.SigningException;

/* loaded from: input_file:org/jreleaser/sdk/tool/Cosign.class */
public class Cosign extends AbstractTool {
    public Cosign(JReleaserContext jReleaserContext, String str) {
        super(jReleaserContext, "cosign", str);
    }

    public boolean checkPassword(Path path, byte[] bArr) {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        Command arg = this.tool.asCommand().arg("public-key").arg("--key").arg(path.toAbsolutePath().toString());
        try {
            executeCommand(() -> {
                return new CommandExecutor(this.context.getLogger(), true).executeCommandWithInput(arg, byteArrayInputStream);
            });
            return true;
        } catch (CommandException e) {
            this.context.getLogger().debug(RB.$("ERROR_password_incorrect", new Object[0]));
            return false;
        }
    }

    public Path generateKeyPair(byte[] bArr) throws SigningException {
        Command arg = this.tool.asCommand().arg("generate-key-pair");
        Path resolveJReleaserHomeDir = resolveJReleaserHomeDir();
        try {
            executeCommand(() -> {
                return new CommandExecutor(this.context.getLogger(), true).environment("COSIGN_PASSWORD", new String(bArr)).executeCommand(resolveJReleaserHomeDir, arg);
            });
            this.context.getLogger().info(RB.$("cosign.generated.keys.at", new Object[0]), new Object[]{resolveJReleaserHomeDir.toAbsolutePath()});
            return resolveJReleaserHomeDir.resolve("cosign.key");
        } catch (CommandException e) {
            throw new SigningException(RB.$("ERROR_unexpected_generate_key_pair", new Object[0]), e);
        }
    }

    public void signBlob(Path path, byte[] bArr, Path path2, Path path3) throws SigningException {
        this.context.getLogger().info("{}", new Object[]{this.context.relativizeToBasedir(path2)});
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        Command arg = this.tool.asCommand().arg("sign-blob").arg("--key").arg(path.toAbsolutePath().toString()).arg(path2.toAbsolutePath().toString());
        try {
            executeCommand(() -> {
                return new CommandExecutor(this.context.getLogger(), true).executeCommandWithInputCapturing(arg, byteArrayInputStream, byteArrayOutputStream);
            });
            try {
                Files.write(path3.resolve(path2.getFileName() + ".sig"), byteArrayOutputStream.toByteArray(), new OpenOption[0]);
            } catch (IOException e) {
                throw new SigningException(RB.$("ERROR_unexpected_error_signing", new Object[]{path2}), e);
            }
        } catch (CommandException e2) {
            throw new SigningException(RB.$("ERROR_unexpected_error_signing", new Object[]{path2.toAbsolutePath()}), e2);
        }
    }

    public void verifyBlob(Path path, Path path2, Path path3) throws SigningException {
        this.context.getLogger().debug("{}", new Object[]{this.context.relativizeToBasedir(path2)});
        Command arg = this.tool.asCommand().arg("verify-blob").arg("--key").arg(path.toAbsolutePath().toString()).arg("--signature").arg(path2.toAbsolutePath().toString()).arg(path3.toAbsolutePath().toString());
        try {
            executeCommand(() -> {
                return new CommandExecutor(this.context.getLogger(), true).executeCommand(arg);
            });
        } catch (CommandException e) {
            throw new SigningException(RB.$("ERROR_signing_verify_signature", new Object[]{this.context.relativizeToBasedir(path2)}), e);
        }
    }

    private Path resolveJReleaserHomeDir() {
        String str = System.getenv("JRELEASER_USER_HOME");
        if (StringUtils.isBlank(str)) {
            str = System.getProperty("user.home") + File.separator + ".jreleaser";
        }
        return Paths.get(str, new String[0]);
    }
}
