package com.github.exabrial.checkpgpsignaturesplugin.gpg;

import com.github.exabrial.checkpgpsignaturesplugin.interfaces.SignatureChecker;
import com.github.exabrial.checkpgpsignaturesplugin.model.SignatureCheckFailedException;
import java.io.File;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Singleton;
import org.codehaus.plexus.logging.Logger;
import org.codehaus.plexus.util.cli.Commandline;

@Singleton
@Named
/* loaded from: input_file:com/github/exabrial/checkpgpsignaturesplugin/gpg/GPGSignatureChecker.class */
public class GPGSignatureChecker implements SignatureChecker {
    private static final Pattern signingKeyPattern = Pattern.compile("^gpg:\\s+using (ECDSA|RSA|DSA) key ([a-f0-9]{16,40})$", 10);
    private static final Pattern subkeyPattern = Pattern.compile("^gpg:\\s+using subkey ([a-f0-9]{16,40}) instead of primary key ([a-f0-9]{16,40})$", 10);

    @Inject
    private CommandExecutor commandExecutor;

    @Inject
    private GPGExecutable gpgExecutable;

    @Inject
    private Logger logger;

    @Override // com.github.exabrial.checkpgpsignaturesplugin.interfaces.SignatureChecker
    public void checkArtifact(File file, File file2, File file3, String str) throws SignatureCheckFailedException {
        this.logger.debug("checkArtifact() artifactFile:" + file + ", signatureFile:" + file2 + ", keyRingFile:" + file3 + ", keyId:" + str);
        Commandline commandline = new Commandline();
        commandline.setExecutable(this.gpgExecutable.getGPGExecutable());
        commandline.createArg().setValue("--verbose");
        commandline.createArg().setValue("--no-default-keyring");
        commandline.createArg().setValue("--always-trust");
        commandline.createArg().setValue("--keyring");
        commandline.createArg().setValue(file3.getAbsolutePath());
        commandline.createArg().setValue("--verify");
        commandline.createArg().setValue(file2.getAbsolutePath());
        commandline.createArg().setValue(file.getAbsolutePath());
        ExecutionResult execute = this.commandExecutor.execute(commandline);
        if (execute.exitCode != 0 || !isGoodOutput(execute.output, str)) {
            throw new SignatureCheckFailedException(execute, str, file);
        }
    }

    protected static boolean isGoodOutput(String str, String str2) {
        try {
            Matcher matcher = signingKeyPattern.matcher(str);
            if (!matcher.find()) {
                return false;
            }
            String group = matcher.group(2);
            Matcher matcher2 = subkeyPattern.matcher(str);
            if (matcher2.find()) {
                return str2.endsWith(matcher2.group(2)) && group.endsWith(matcher2.group(1));
            }
            return str2.endsWith(group);
        } catch (Exception e) {
            return false;
        }
    }
}
