package nl.lexemmens.podman.service;

import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.attribute.FileAttribute;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import nl.lexemmens.podman.command.chcon.ChConCommand;
import nl.lexemmens.podman.command.sestatus.SeStatusCommand;
import nl.lexemmens.podman.config.podman.PodmanConfiguration;
import nl.lexemmens.podman.executor.CommandExecutorDelegate;
import org.apache.maven.plugin.MojoExecutionException;
import org.apache.maven.plugin.logging.Log;

/* loaded from: input_file:nl/lexemmens/podman/service/SecurityContextService.class */
public class SecurityContextService {
    private static final String TARGET_SECURITY_CONTEXT_TYPE = "data_home_t";
    private static final Pattern SELINUX_STATUS_REGEX = Pattern.compile("(SELinux status:\\s*)(enabled|disabled)");
    private static final String UNKNOWN = "unknown";
    private final Log log;
    private final PodmanConfiguration podmanCfg;
    private final CommandExecutorDelegate delegate;

    public SecurityContextService(Log log, PodmanConfiguration podmanConfiguration, CommandExecutorDelegate commandExecutorDelegate) {
        this.podmanCfg = podmanConfiguration;
        this.log = log;
        this.delegate = commandExecutorDelegate;
    }

    public void setSecurityContext() throws MojoExecutionException {
        this.log.debug("Checking SELinux status...");
        if (!isSELinuxEnabled()) {
            this.log.debug("Not setting security context because SELinux is disabled.");
        } else {
            this.log.debug("SELinux is enabled");
            doSetSecurityContext();
        }
    }

    private boolean isSELinuxEnabled() throws MojoExecutionException {
        return ((Boolean) new SeStatusCommand.Builder(this.log, this.delegate).build().execute().stream().filter(str -> {
            return str.contains("SELinux status");
        }).map(this::extractSeLinuxStatus).findFirst().map(str2 -> {
            return Boolean.valueOf(str2.equals("enabled"));
        }).orElse(false)).booleanValue();
    }

    private String extractSeLinuxStatus(String str) {
        Matcher matcher = SELINUX_STATUS_REGEX.matcher(str);
        if (matcher.matches()) {
            return matcher.group(2);
        }
        this.log.warn("Unable to determine if SELinux is enabled! Continuing without setting proper security context.");
        return UNKNOWN;
    }

    private void doSetSecurityContext() throws MojoExecutionException {
        if (this.podmanCfg.getRoot() == null) {
            this.log.debug("Using Podman default storage location. Assuming security context is set correctly for this location. Refer to the documentation of this plugin if you run into any issues.");
            return;
        }
        this.log.debug("Using custom root with SELinux enabled. Setting security context to data_home_t for " + this.podmanCfg.getRoot());
        try {
            Files.createDirectories(this.podmanCfg.getRoot().toPath(), new FileAttribute[0]);
            new ChConCommand.Builder(this.log, this.delegate).withType(TARGET_SECURITY_CONTEXT_TYPE).withDirectory(this.podmanCfg.getRoot().getAbsolutePath()).build().execute();
        } catch (IOException e) {
            throw new MojoExecutionException("Failed to set security context on Podman's (custom) root location: " + this.podmanCfg.getRoot().getAbsolutePath(), e);
        }
    }
}
