package com.android.tools.build.bundletool.commands;

import com.android.SdkConstants;
import com.android.tools.build.bundletool.commands.AutoValue_CheckTransparencyCommand;
import com.android.tools.build.bundletool.commands.CommandHelp;
import com.android.tools.build.bundletool.device.AdbServer;
import com.android.tools.build.bundletool.flags.Flag;
import com.android.tools.build.bundletool.flags.ParsedFlags;
import com.android.tools.build.bundletool.model.utils.DefaultSystemEnvironmentProvider;
import com.android.tools.build.bundletool.model.utils.SdkToolsLocator;
import com.android.tools.build.bundletool.model.utils.SystemEnvironmentProvider;
import com.android.tools.build.bundletool.model.utils.files.FilePreconditions;
import com.android.tools.build.bundletool.transparency.ApkModeTransparencyChecker;
import com.android.tools.build.bundletool.transparency.BundleModeTransparencyChecker;
import com.android.tools.build.bundletool.transparency.CodeTransparencyCryptoUtils;
import com.android.tools.build.bundletool.transparency.ConnectedDeviceModeTransparencyChecker;
import com.android.tools.build.bundletool.transparency.TransparencyCheckResult;
import com.google.auto.value.AutoValue;
import com.google.common.base.Ascii;
import com.google.common.base.Preconditions;
import java.io.PrintStream;
import java.nio.file.Path;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Optional;
import java.util.stream.Collectors;

@AutoValue
/* loaded from: input_file:res/raw/bundleto:com/android/tools/build/bundletool/commands/CheckTransparencyCommand.class */
public abstract class CheckTransparencyCommand {
    public static final String COMMAND_NAME = "check-transparency";
    private static final Flag<Mode> MODE_FLAG = Flag.enumFlag("mode", Mode.class);
    private static final Flag<Path> ADB_PATH_FLAG = Flag.path("adb");
    private static final Flag<String> DEVICE_ID_FLAG = Flag.string("device-id");
    private static final Flag<String> PACKAGE_NAME_FLAG = Flag.string("package-name");
    private static final Flag<Path> BUNDLE_LOCATION_FLAG = Flag.path("bundle");
    private static final Flag<Path> APK_ZIP_LOCATION_FLAG = Flag.path("apk-zip");
    private static final Flag<Path> TRANSPARENCY_KEY_CERTIFICATE_LOCATION_FLAG = Flag.path("transparency-key-certificate");
    private static final Flag<Path> APK_SIGNING_KEY_CERTIFICATE_LOCATION_FLAG = Flag.path("apk-signing-key-certificate");
    private static final String MODE_FLAG_OPTIONS = (String) Arrays.stream(Mode.values()).map((v0) -> {
        return v0.getLowerCaseName();
    }).collect(Collectors.joining(SdkConstants.VALUE_DELIMITER_PIPE));
    private static final SystemEnvironmentProvider DEFAULT_PROVIDER = new DefaultSystemEnvironmentProvider();

    @AutoValue.Builder
    /* loaded from: input_file:res/raw/bundleto:com/android/tools/build/bundletool/commands/CheckTransparencyCommand$Builder.class */
    public static abstract class Builder {
        public abstract Builder setMode(Mode mode);

        public abstract Builder setAdbPath(Path path);

        public abstract Builder setDeviceId(String str);

        public abstract Builder setAdbServer(AdbServer adbServer);

        public abstract Builder setPackageName(String str);

        public abstract Builder setBundlePath(Path path);

        public abstract Builder setApkZipPath(Path path);

        /* JADX INFO: Access modifiers changed from: package-private */
        public abstract Builder setTransparencyKeyCertificate(X509Certificate x509Certificate);

        /* JADX INFO: Access modifiers changed from: package-private */
        public abstract Builder setApkSigningKeyCertificate(X509Certificate x509Certificate);

        public abstract CheckTransparencyCommand build();
    }

    /* loaded from: input_file:res/raw/bundleto:com/android/tools/build/bundletool/commands/CheckTransparencyCommand$Mode.class */
    public enum Mode {
        CONNECTED_DEVICE,
        BUNDLE,
        APK;

        final String getLowerCaseName() {
            return Ascii.toLowerCase(name());
        }
    }

    public abstract Mode getMode();

    public abstract Optional<Path> getAdbPath();

    public abstract Optional<String> getDeviceId();

    public abstract Optional<String> getPackageName();

    public abstract Optional<AdbServer> getAdbServer();

    public abstract Optional<Path> getBundlePath();

    public abstract Optional<Path> getApkZipPath();

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract Optional<X509Certificate> getTransparencyKeyCertificate();

    /* JADX INFO: Access modifiers changed from: package-private */
    public abstract Optional<X509Certificate> getApkSigningKeyCertificate();

    public static Builder builder() {
        return new AutoValue_CheckTransparencyCommand.Builder();
    }

    public static CheckTransparencyCommand fromFlags(ParsedFlags parsedFlags, AdbServer adbServer) {
        return fromFlags(parsedFlags, DEFAULT_PROVIDER, adbServer);
    }

    public static CheckTransparencyCommand fromFlags(ParsedFlags parsedFlags, SystemEnvironmentProvider systemEnvironmentProvider, AdbServer adbServer) {
        switch (MODE_FLAG.getRequiredValue(parsedFlags)) {
            case CONNECTED_DEVICE:
                return fromFlagsInConnectedDeviceMode(parsedFlags, systemEnvironmentProvider, adbServer);
            case BUNDLE:
                return fromFlagsInBundleMode(parsedFlags);
            case APK:
                return fromFlagsInApkMode(parsedFlags);
            default:
                throw new IllegalStateException("Unrecognized value of --mode flag.");
        }
    }

    private static CheckTransparencyCommand fromFlagsInBundleMode(ParsedFlags parsedFlags) {
        Builder bundlePath = builder().setMode(Mode.BUNDLE).setBundlePath(BUNDLE_LOCATION_FLAG.getRequiredValue(parsedFlags));
        TRANSPARENCY_KEY_CERTIFICATE_LOCATION_FLAG.getValue(parsedFlags).ifPresent(path -> {
            bundlePath.setTransparencyKeyCertificate(CodeTransparencyCryptoUtils.getX509Certificate(path));
        });
        parsedFlags.checkNoUnknownFlags();
        return bundlePath.build();
    }

    private static CheckTransparencyCommand fromFlagsInApkMode(ParsedFlags parsedFlags) {
        Builder apkZipPath = builder().setMode(Mode.APK).setApkZipPath(APK_ZIP_LOCATION_FLAG.getRequiredValue(parsedFlags));
        TRANSPARENCY_KEY_CERTIFICATE_LOCATION_FLAG.getValue(parsedFlags).ifPresent(path -> {
            apkZipPath.setTransparencyKeyCertificate(CodeTransparencyCryptoUtils.getX509Certificate(path));
        });
        APK_SIGNING_KEY_CERTIFICATE_LOCATION_FLAG.getValue(parsedFlags).ifPresent(path2 -> {
            apkZipPath.setApkSigningKeyCertificate(CodeTransparencyCryptoUtils.getX509Certificate(path2));
        });
        parsedFlags.checkNoUnknownFlags();
        return apkZipPath.build();
    }

    private static CheckTransparencyCommand fromFlagsInConnectedDeviceMode(ParsedFlags parsedFlags, SystemEnvironmentProvider systemEnvironmentProvider, AdbServer adbServer) {
        Builder packageName = builder().setMode(Mode.CONNECTED_DEVICE).setPackageName(PACKAGE_NAME_FLAG.getRequiredValue(parsedFlags));
        Optional<String> value = DEVICE_ID_FLAG.getValue(parsedFlags);
        if (!value.isPresent()) {
            value = systemEnvironmentProvider.getVariable("ANDROID_SERIAL");
        }
        packageName.getClass();
        value.ifPresent(packageName::setDeviceId);
        packageName.setAdbPath(CommandUtils.getAdbPath(parsedFlags, ADB_PATH_FLAG, systemEnvironmentProvider)).setAdbServer(adbServer);
        TRANSPARENCY_KEY_CERTIFICATE_LOCATION_FLAG.getValue(parsedFlags).ifPresent(path -> {
            packageName.setTransparencyKeyCertificate(CodeTransparencyCryptoUtils.getX509Certificate(path));
        });
        APK_SIGNING_KEY_CERTIFICATE_LOCATION_FLAG.getValue(parsedFlags).ifPresent(path2 -> {
            packageName.setApkSigningKeyCertificate(CodeTransparencyCryptoUtils.getX509Certificate(path2));
        });
        parsedFlags.checkNoUnknownFlags();
        return packageName.build();
    }

    public void execute() {
        validateInput();
        checkTransparency(System.out);
    }

    public void checkTransparency(PrintStream printStream) {
        TransparencyCheckResult empty = TransparencyCheckResult.empty();
        switch (getMode()) {
            case CONNECTED_DEVICE:
                empty = ConnectedDeviceModeTransparencyChecker.checkTransparency(this);
                break;
            case BUNDLE:
                empty = BundleModeTransparencyChecker.checkTransparency(this);
                break;
            case APK:
                empty = ApkModeTransparencyChecker.checkTransparency(this);
                break;
        }
        printResult(printStream, empty);
    }

    private void printResult(PrintStream printStream, TransparencyCheckResult transparencyCheckResult) {
        if (verifyAndPrintApkSignatureCert(printStream, transparencyCheckResult)) {
            printCodeTransparencyVerificationResult(printStream, transparencyCheckResult);
        }
    }

    private boolean verifyAndPrintApkSignatureCert(PrintStream printStream, TransparencyCheckResult transparencyCheckResult) {
        Preconditions.checkState(getMode().equals(Mode.BUNDLE) || !transparencyCheckResult.verified() || transparencyCheckResult.apkSigningKeyCertificateFingerprint().isPresent(), "APK signing key certificate fingerprint must be present in TransparencyCheckResult.");
        if (getMode().equals(Mode.BUNDLE)) {
            printStream.println("No APK present. APK signature was not checked.");
            return true;
        }
        if (!transparencyCheckResult.apkSigningKeyCertificateFingerprint().isPresent()) {
            Preconditions.checkState(!transparencyCheckResult.verified(), "Successful TransparencyCheckResult must specify APK signing key certificate.");
            printStream.println(transparencyCheckResult.getErrorMessage());
            return false;
        }
        if (!getApkSigningKeyCertificate().isPresent()) {
            printStream.println("APK signature is valid. SHA-256 fingerprint of the apk signing key certificate (must be compared with the developer's public key manually): " + transparencyCheckResult.getApkSigningKeyCertificateFingerprint());
            return true;
        }
        String certificateFingerprint = CodeTransparencyCryptoUtils.getCertificateFingerprint(getApkSigningKeyCertificate().get());
        if (transparencyCheckResult.getApkSigningKeyCertificateFingerprint().equals(certificateFingerprint)) {
            printStream.println("APK signature verified for the provided apk signing key certificate.");
            return true;
        }
        printStream.println("APK signature verification failed because the provided public key certificate does not match the APK signature.\nSHA-256 fingerprint of the certificate that was used to sign the APKs: " + transparencyCheckResult.getApkSigningKeyCertificateFingerprint() + "\nSHA-256 fingerprint of the certificate that was provided: " + certificateFingerprint);
        return false;
    }

    private void printCodeTransparencyVerificationResult(PrintStream printStream, TransparencyCheckResult transparencyCheckResult) {
        if (!transparencyCheckResult.verified()) {
            printStream.println(transparencyCheckResult.getErrorMessage());
            return;
        }
        if (!getTransparencyKeyCertificate().isPresent()) {
            printStream.println("Code transparency signature is valid. SHA-256 fingerprint of the code transparency key certificate (must be compared with the developer's public key manually): " + transparencyCheckResult.getTransparencyKeyCertificateFingerprint());
            printStream.println("Code transparency verified: code related file contents match the code transparency file.");
            return;
        }
        String certificateFingerprint = CodeTransparencyCryptoUtils.getCertificateFingerprint(getTransparencyKeyCertificate().get());
        if (!transparencyCheckResult.getTransparencyKeyCertificateFingerprint().equals(certificateFingerprint)) {
            printStream.println("Code transparency verification failed because the provided public key certificate does not match the code transparency file.\nSHA-256 fingerprint of the certificate that was used to sign code transparency file: " + transparencyCheckResult.getTransparencyKeyCertificateFingerprint() + "\nSHA-256 fingerprint of the certificate that was provided: " + certificateFingerprint);
        } else {
            printStream.println("Code transparency signature verified for the provided code transparency key certificate.");
            printStream.println("Code transparency verified: code related file contents match the code transparency file.");
        }
    }

    public static CommandHelp help() {
        return CommandHelp.builder().setCommandName(COMMAND_NAME).setCommandDescription(CommandHelp.CommandDescription.builder().setShortDescription("Verifies code transparency.").build()).addFlag(CommandHelp.FlagDescription.builder().setFlagName(MODE_FLAG.getName()).setExampleValue(MODE_FLAG_OPTIONS).setOptional(true).setDescription("Specifies which mode to run '%s' command against. Acceptable values are '%s'. If set to '%s' we verify code transparency for a given app installed on a connected device. If set to '%s', we verify code transparency for a given Android App Bundle file. If set to '%s', we verify code transparency for a given set of device-specific APK files.", COMMAND_NAME, MODE_FLAG_OPTIONS, Mode.CONNECTED_DEVICE.getLowerCaseName(), Mode.BUNDLE.getLowerCaseName(), Mode.APK.getLowerCaseName()).build()).addFlag(CommandHelp.FlagDescription.builder().setFlagName(ADB_PATH_FLAG.getName()).setExampleValue("path/to/adb").setOptional(true).setDescription("Path to the adb utility. Used only in '%s' mode. If absent, an attempt will be made to locate it if the %s or %s environment variable is set.", Mode.CONNECTED_DEVICE.getLowerCaseName(), "ANDROID_HOME", SdkToolsLocator.SYSTEM_PATH_VARIABLE).build()).addFlag(CommandHelp.FlagDescription.builder().setFlagName(DEVICE_ID_FLAG.getName()).setExampleValue("device-serial-name").setOptional(true).setDescription("Device serial name. Used only in '%s' mode. If absent, this uses the %s environment variable. Either this flag or the environment variable is required when more than one device or emulator is connected.", Mode.CONNECTED_DEVICE.getLowerCaseName(), "ANDROID_SERIAL").build()).addFlag(CommandHelp.FlagDescription.builder().setFlagName(PACKAGE_NAME_FLAG.getName()).setExampleValue("package-name").setOptional(true).setDescription("Package name of the app that code transparency will be verified for. Used only in '%s' mode.", Mode.CONNECTED_DEVICE.getLowerCaseName()).build()).addFlag(CommandHelp.FlagDescription.builder().setFlagName(BUNDLE_LOCATION_FLAG.getName()).setExampleValue("path/to/bundle.aab").setOptional(true).setDescription("Path to the Android App Bundle that we want to verify code transparency for. Used only in '%s' mode. Must have extension .aab.", Mode.BUNDLE.getLowerCaseName()).build()).addFlag(CommandHelp.FlagDescription.builder().setFlagName(APK_ZIP_LOCATION_FLAG.getName()).setExampleValue("path/to/apks.zip").setOptional(true).setDescription("Path to the zip archive of device specific APKs that we want to verify code transparency for. Used only in '%s' mode. Must have extension .zip.", Mode.APK.getLowerCaseName()).build()).addFlag(CommandHelp.FlagDescription.builder().setFlagName(TRANSPARENCY_KEY_CERTIFICATE_LOCATION_FLAG.getName()).setExampleValue("path/to/certificate.cert").setOptional(true).setDescription("Path to the file containing the public key certificate that should be used for code transparency signature verification. If not set, fingerprint of the certificate that is used will be printed.").build()).addFlag(CommandHelp.FlagDescription.builder().setFlagName(APK_SIGNING_KEY_CERTIFICATE_LOCATION_FLAG.getName()).setExampleValue("path/to/certificate.cert").setOptional(true).setDescription("Path to the file containing the public key certificate that should be used for APK signature verification. Can only be set in '%s and '%s' modes. If not set, fingerprint of the certificate that is used will be printed.", Mode.APK.getLowerCaseName(), Mode.CONNECTED_DEVICE.getLowerCaseName()).build()).build();
    }

    private void validateInput() {
        if (getBundlePath().isPresent()) {
            FilePreconditions.checkFileHasExtension("AAB file", getBundlePath().get(), ".aab");
            FilePreconditions.checkFileExistsAndReadable(getBundlePath().get());
        }
        if (getApkZipPath().isPresent()) {
            FilePreconditions.checkFileHasExtension("Zip file", getApkZipPath().get(), SdkConstants.DOT_ZIP);
            FilePreconditions.checkFileExistsAndReadable(getApkZipPath().get());
        }
    }
}
