package dev.sigstore.plugin;

import dev.sigstore.KeylessSigner;
import dev.sigstore.bundle.Bundle;
import dev.sigstore.encryption.certificates.Certificates;
import dev.sigstore.rekor.client.RekorEntry;
import java.io.File;
import java.security.cert.X509Certificate;
import java.time.temporal.ChronoUnit;
import java.util.List;
import org.apache.maven.plugin.AbstractMojo;
import org.apache.maven.plugin.MojoExecutionException;
import org.apache.maven.plugin.MojoFailureException;
import org.apache.maven.plugin.logging.Log;
import org.apache.maven.plugins.annotations.Component;
import org.apache.maven.plugins.annotations.LifecyclePhase;
import org.apache.maven.plugins.annotations.Mojo;
import org.apache.maven.plugins.annotations.Parameter;
import org.apache.maven.plugins.gpg.FilesCollector;
import org.apache.maven.project.MavenProject;
import org.apache.maven.project.MavenProjectHelper;
import org.codehaus.plexus.util.FileUtils;

@Mojo(name = "sign", defaultPhase = LifecyclePhase.VERIFY, threadSafe = true)
/* loaded from: input_file:dev/sigstore/plugin/SigstoreSignAttachedMojo.class */
public class SigstoreSignAttachedMojo extends AbstractMojo {
    private static final String BUNDLE_EXTENSION = ".sigstore.json";

    @Parameter(property = "sigstore.skip", defaultValue = "false")
    private boolean skip;

    @Parameter
    private String[] excludes;

    @Parameter(defaultValue = "false", property = "public-staging")
    private boolean publicStaging;

    @Parameter(defaultValue = "${project}", readonly = true)
    private MavenProject project;

    @Component
    private MavenProjectHelper projectHelper;

    public void execute() throws MojoExecutionException, MojoFailureException {
        if (this.skip) {
            return;
        }
        List<FilesCollector.Item> collect = new FilesCollector(this.project, this.excludes, getLog()).collect();
        getLog().info("Signing " + collect.size() + " file" + (collect.size() > 1 ? "s" : "") + ".");
        try {
            KeylessSigner build = this.publicStaging ? KeylessSigner.builder().sigstoreStagingDefaults().build() : KeylessSigner.builder().sigstorePublicDefaults().build();
            Object obj = null;
            for (FilesCollector.Item item : collect) {
                File file = item.getFile();
                getLog().info("Signing " + file);
                long currentTimeMillis = System.currentTimeMillis();
                Bundle signFile = build.signFile(file.toPath());
                X509Certificate x509Certificate = (X509Certificate) signFile.getCertPath().getCertificates().get(0);
                if (!x509Certificate.equals(obj)) {
                    obj = x509Certificate;
                    long validity = Certificates.validity(x509Certificate, ChronoUnit.MINUTES);
                    Log log = getLog();
                    Object obj2 = x509Certificate.getSubjectAlternativeNames().iterator().next().get(1);
                    FulcioOidHelper.getIssuerV2(x509Certificate);
                    log.info("  Fulcio certificate (valid for " + validity + " m) obtained for " + log + " (by " + obj2 + " IdP)");
                }
                File file2 = new File(file + ".sigstore.json");
                FileUtils.fileWrite(file2, "UTF-8", signFile.toJson());
                long currentTimeMillis2 = System.currentTimeMillis() - currentTimeMillis;
                Log log2 = getLog();
                long logIndex = ((RekorEntry) signFile.getEntries().get(0)).getLogIndex();
                file2.getName();
                log2.info("  > Rekor entry " + logIndex + " obtained in " + log2 + " ms, saved to " + currentTimeMillis2);
                this.projectHelper.attachArtifact(this.project, item.getExtension() + ".sigstore.json", item.getClassifier(), file2);
            }
        } catch (Exception e) {
            throw new MojoExecutionException("Error while signing with sigstore", e);
        }
    }
}
