package nl.lexemmens.podman.service;

import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.Reader;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import nl.lexemmens.podman.authentication.AuthConfig;
import nl.lexemmens.podman.authentication.AuthConfigFactory;
import org.apache.maven.plugin.MojoExecutionException;
import org.apache.maven.plugin.logging.Log;
import org.apache.maven.settings.Settings;
import org.apache.maven.settings.crypto.SettingsDecrypter;
import org.json.JSONObject;
import org.json.JSONTokener;

/* loaded from: input_file:nl/lexemmens/podman/service/AuthenticationService.class */
public class AuthenticationService {
    private static final String AUTHS_KEY_PODMAN_CFG = "auths";
    private static final String XDG_RUNTIME_DIR = "XDG_RUNTIME_DIR";
    private static final String REGISTRY_AUTH_FILE = "REGISTRY_AUTH_FILE";
    private static final String AUTH_JSON_SUB_PATH = "containers/auth.json";
    private static final String DOCKER_CONFIG_FILE = ".docker/config.json";
    private final Log log;
    private final PodmanExecutorService podmanExecutorService;
    private final AuthConfigFactory authConfigFactory;

    public AuthenticationService(Log log, PodmanExecutorService podmanExecutorService, Settings settings, SettingsDecrypter settingsDecrypter) {
        this.podmanExecutorService = podmanExecutorService;
        this.log = log;
        this.authConfigFactory = new AuthConfigFactory(settings, settingsDecrypter);
    }

    public void authenticate(String[] strArr) throws MojoExecutionException {
        this.log.info("Checking authentication status...");
        if (strArr == null || strArr.length == 0) {
            this.log.error("No registries have been configured but authentication is not skipped. If you want to skip authentication, run again with 'podman.skip.auth' set to true");
            throw new MojoExecutionException("No registries have been configured but authentication is not skipped. If you want to skip authentication, run again with 'podman.skip.auth' set to true");
        }
        List<Path> registryAuthFiles = getRegistryAuthFiles();
        if (registryAuthFiles.isEmpty()) {
            this.log.info("Authentication file not (yet) present. Authenticating...");
            authenticateRegistries(strArr);
        } else {
            this.log.debug("Checking unauthenticated registries...");
            authenticateUnauthenticatedRegistries(strArr, registryAuthFiles);
        }
        this.log.debug("Authentication status: OK!");
    }

    private List<Path> getRegistryAuthFiles() {
        ArrayList arrayList = new ArrayList();
        if (System.getenv().containsKey(REGISTRY_AUTH_FILE)) {
            Path path = Paths.get(System.getenv(REGISTRY_AUTH_FILE), new String[0]);
            if (Files.exists(path, new LinkOption[0])) {
                this.log.debug("Found custom registry authentication file at: " + path);
                arrayList.add(path);
            }
        }
        if (System.getenv().containsKey(XDG_RUNTIME_DIR)) {
            Path resolve = Paths.get(System.getenv(XDG_RUNTIME_DIR), new String[0]).resolve(AUTH_JSON_SUB_PATH);
            if (Files.exists(resolve, new LinkOption[0])) {
                this.log.debug("Found default registry authentication file at: " + resolve);
                arrayList.add(resolve);
            }
        }
        Path resolve2 = Paths.get(System.getProperty("user.home"), new String[0]).resolve(DOCKER_CONFIG_FILE);
        if (Files.exists(resolve2, new LinkOption[0])) {
            this.log.debug("Found Docker registry authentication file at: " + resolve2);
            arrayList.add(resolve2);
        }
        if (arrayList.isEmpty()) {
            this.log.warn("Could not locate suitable credentials for Podman. If this error persists, try running with <skipAuth>true</skipAuth>.");
        }
        return arrayList;
    }

    private void authenticateUnauthenticatedRegistries(String[] strArr, List<Path> list) throws MojoExecutionException {
        Set<String> authenticatedRegistries = getAuthenticatedRegistries(list);
        ArrayList arrayList = new ArrayList();
        for (String str : strArr) {
            if (!authenticatedRegistries.contains(str)) {
                arrayList.add(str);
            }
        }
        authenticateRegistries((String[]) arrayList.toArray(new String[0]));
    }

    private void authenticateRegistries(String[] strArr) throws MojoExecutionException {
        for (String str : strArr) {
            Optional<AuthConfig> authConfigForRegistry = this.authConfigFactory.getAuthConfigForRegistry(str);
            if (!authConfigForRegistry.isPresent()) {
                String str2 = "Credentials are missing for registry " + str + ". Add credentials by specifying the server in the Maven's settings.xml (usually located in ~/.m2/)";
                this.log.error(str2);
                throw new MojoExecutionException(str2);
            }
            AuthConfig authConfig = authConfigForRegistry.get();
            authenticate(authConfig.getRegistry(), authConfig.getUsername(), authConfig.getPassword());
        }
    }

    private void authenticate(String str, String str2, String str3) throws MojoExecutionException {
        this.log.debug("Authenticating " + str);
        this.podmanExecutorService.login(str, str2, str3);
    }

    private Set<String> getAuthenticatedRegistries(List<Path> list) throws MojoExecutionException {
        HashSet hashSet = new HashSet();
        Iterator<Path> it = list.iterator();
        while (it.hasNext()) {
            JSONObject readPodmanConfig = readPodmanConfig(it.next());
            if (readPodmanConfig == null || !readPodmanConfig.has(AUTHS_KEY_PODMAN_CFG)) {
                this.log.debug("No authenticated registries were found.");
            } else {
                Object obj = readPodmanConfig.get(AUTHS_KEY_PODMAN_CFG);
                if (obj instanceof JSONObject) {
                    hashSet.addAll(((JSONObject) obj).keySet());
                } else {
                    this.log.warn("Failed to read authenticated registries. Maven might re-authenticate...");
                }
            }
        }
        this.log.debug("Found authentication details for the following registries: " + hashSet);
        return hashSet;
    }

    private static JSONObject readPodmanConfig(Path path) throws MojoExecutionException {
        Reader fileReader = getFileReader(path);
        if (fileReader != null) {
            return new JSONObject(new JSONTokener(fileReader));
        }
        return null;
    }

    private static Reader getFileReader(Path path) throws MojoExecutionException {
        File file = path.toFile();
        if (!file.exists() || file.length() == 0) {
            return null;
        }
        try {
            return new FileReader(file);
        } catch (FileNotFoundException e) {
            throw new MojoExecutionException("Cannot find " + file, e);
        }
    }
}
