package uk.co.froot.maven.enforcer;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.DigestInputStream;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Formatter;
import java.util.Iterator;
import org.apache.maven.artifact.Artifact;
import org.apache.maven.artifact.factory.ArtifactFactory;
import org.apache.maven.artifact.repository.ArtifactRepository;
import org.apache.maven.artifact.resolver.ArtifactNotFoundException;
import org.apache.maven.artifact.resolver.ArtifactResolutionException;
import org.apache.maven.artifact.resolver.ArtifactResolver;
import org.apache.maven.artifact.versioning.VersionRange;
import org.apache.maven.enforcer.rule.api.EnforcerRule;
import org.apache.maven.enforcer.rule.api.EnforcerRuleException;
import org.apache.maven.enforcer.rule.api.EnforcerRuleHelper;
import org.apache.maven.plugin.logging.Log;
import org.apache.maven.project.MavenProject;
import org.codehaus.plexus.component.configurator.expression.ExpressionEvaluationException;
import org.codehaus.plexus.component.repository.exception.ComponentLookupException;
import org.codehaus.plexus.util.FileUtils;

/* loaded from: input_file:uk/co/froot/maven/enforcer/DigestRule.class */
public class DigestRule implements EnforcerRule {
    private String[] urns = null;
    private boolean buildSnapshot = false;
    private MessageDigest messageDigest = null;
    private ArtifactRepository localRepository = null;
    private MavenProject mavenProject = null;
    private ArtifactFactory artifactFactory = null;
    private ArtifactResolver resolver = null;
    private Log log = null;

    public String getCacheId() {
        return "id";
    }

    public boolean isCacheable() {
        return false;
    }

    public boolean isResultValid(EnforcerRule enforcerRule) {
        return false;
    }

    public void execute(EnforcerRuleHelper enforcerRuleHelper) throws EnforcerRuleException {
        this.log = enforcerRuleHelper.getLog();
        this.log.info("Applying DigestRule");
        try {
            this.messageDigest = MessageDigest.getInstance("SHA-1");
            this.mavenProject = (MavenProject) enforcerRuleHelper.evaluate("${project}");
            this.localRepository = (ArtifactRepository) enforcerRuleHelper.evaluate("${localRepository}");
            this.artifactFactory = (ArtifactFactory) enforcerRuleHelper.getComponent(ArtifactFactory.class);
            this.resolver = (ArtifactResolver) enforcerRuleHelper.getComponent(ArtifactResolver.class);
            if (this.buildSnapshot) {
                buildSnapshot(this.mavenProject, this.log);
            }
            if (this.urns == null && !this.buildSnapshot) {
                throw new EnforcerRuleException("Failing because there are no URNs in the <configuration> section. See the README for help.");
            }
            verifyDependencies();
        } catch (ExpressionEvaluationException e) {
            throw new EnforcerRuleException("Unable to lookup an expression: " + e.getLocalizedMessage(), e);
        } catch (ComponentLookupException e2) {
            throw new EnforcerRuleException("Unable to look up a component: " + e2.getLocalizedMessage(), e2);
        } catch (IOException e3) {
            throw new EnforcerRuleException("Unable to read file: " + e3.getLocalizedMessage(), e3);
        } catch (NoSuchAlgorithmException e4) {
            throw new EnforcerRuleException("Unable to initialise MessageDigest: " + e4.getLocalizedMessage(), e4);
        }
    }

    private void buildSnapshot(MavenProject mavenProject, Log log) throws IOException, EnforcerRuleException {
        log.info("Building snapshot whitelist of all current artifacts");
        ArrayList arrayList = new ArrayList();
        ArrayList<Artifact> arrayList2 = new ArrayList();
        arrayList2.addAll(mavenProject.getArtifacts());
        arrayList2.addAll(mavenProject.getPluginArtifacts());
        arrayList2.addAll(mavenProject.getExtensionArtifacts());
        for (Artifact artifact : arrayList2) {
            String format = String.format("%s:%s:%s:%s:%s:%s", artifact.getGroupId(), artifact.getArtifactId(), artifact.getVersion(), artifact.getType(), artifact.getClassifier(), artifact.getScope());
            log.debug("Examining artifact URN: " + format);
            resolveArtifact(artifact);
            File file = artifact.getFile();
            if (file == null) {
                log.error("Artifact " + format + " UNVERIFIED (could not be resolved).");
            } else if (file.exists()) {
                File file2 = new File(file.getAbsoluteFile() + ".sha1");
                String str = null;
                if (file2.exists()) {
                    str = FileUtils.fileRead(file2).substring(0, 40);
                    log.debug("Found SHA1:" + str);
                }
                String digest = digest(artifact.getFile());
                if (str == null) {
                    log.warn("Artifact " + format + " UNVERIFIED SHA1 (missing in repo).");
                } else if (str.equals(digest)) {
                    log.debug("Artifact " + format + " PASSED SHA1 verification.");
                    arrayList.add(format + ":" + digest);
                } else {
                    log.error("Artifact " + format + " FAILED SHA1 verification. Expected='" + str + "' Actual='" + digest + "'");
                }
            } else {
                log.warn("Artifact " + format + " UNVERIFIED (file missing in repo).");
            }
        }
        Collections.sort(arrayList);
        log.info("List of verified artifacts. If you are confident in the integrity of your repository you can use the list below:");
        log.info("<urns>");
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            log.info("  <urn>" + ((String) it.next()) + "</urn>");
        }
        log.info("</urns>");
    }

    private void verifyDependencies() throws EnforcerRuleException {
        this.log.info("Verifying dependencies");
        boolean z = false;
        for (String str : this.urns) {
            this.log.info("Verifying URN: " + str);
            String[] split = str.split(":");
            if (split.length != 7) {
                throw new EnforcerRuleException("Failing because URN '" + str + "' is not in format 'groupId:artifactId:version:type:classifier:scope:hash'");
            }
            String str2 = split[0];
            String str3 = split[1];
            String str4 = split[2];
            String str5 = split[3];
            String str6 = "null".equalsIgnoreCase(split[4]) ? null : split[4];
            String str7 = split[5];
            String str8 = split[6];
            Artifact createDependencyArtifact = this.artifactFactory.createDependencyArtifact(str2, str3, VersionRange.createFromVersion(str4), str5, str6, str7);
            resolveArtifact(createDependencyArtifact);
            String digest = digest(createDependencyArtifact.getFile());
            if (!digest.equals(str8)) {
                this.log.error("*** CRITICAL FAILURE *** Artifact does not match. Possible dependency-chain attack. Expected='" + str8 + "' Actual='" + digest + "'");
                z = true;
            }
        }
        if (z) {
            throw new EnforcerRuleException("At least one artifact has not met expectations. You should manually verify the integrity of the affected artifacts against trusted sources.");
        }
    }

    private void resolveArtifact(Artifact artifact) throws EnforcerRuleException {
        try {
            this.resolver.resolve(artifact, this.mavenProject.getRemoteArtifactRepositories(), this.localRepository);
        } catch (ArtifactNotFoundException e) {
            throw new EnforcerRuleException("Failing due to artifact not found: " + e.getLocalizedMessage(), e);
        } catch (ArtifactResolutionException e2) {
            throw new EnforcerRuleException("Failing due to artifact resolution: " + e2.getLocalizedMessage(), e2);
        }
    }

    private String digest(File file) throws EnforcerRuleException {
        try {
            this.messageDigest.reset();
            FileInputStream fileInputStream = new FileInputStream(file);
            DigestInputStream digestInputStream = new DigestInputStream(fileInputStream, this.messageDigest);
            do {
            } while (digestInputStream.read() != -1);
            digestInputStream.close();
            fileInputStream.close();
            return byteToHex(this.messageDigest.digest());
        } catch (FileNotFoundException e) {
            throw new EnforcerRuleException("Unable to digest " + e.getLocalizedMessage(), e);
        } catch (IOException e2) {
            throw new EnforcerRuleException("Unable to digest " + e2.getLocalizedMessage(), e2);
        }
    }

    private static String byteToHex(byte[] bArr) {
        Formatter formatter = new Formatter();
        for (byte b : bArr) {
            formatter.format("%02x", Byte.valueOf(b));
        }
        String formatter2 = formatter.toString();
        formatter.close();
        return formatter2;
    }
}
