package org.cloudfoundry.multiapps.controller.process.steps;

import java.io.IOException;
import java.math.BigInteger;
import java.net.MalformedURLException;
import java.net.URL;
import java.nio.file.Files;
import java.nio.file.Path;
import java.util.Arrays;
import java.util.List;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import javax.inject.Inject;
import javax.inject.Named;
import org.cloudfoundry.multiapps.common.SLException;
import org.cloudfoundry.multiapps.controller.client.util.ResilientOperationExecutor;
import org.cloudfoundry.multiapps.controller.persistence.model.FileEntry;
import org.cloudfoundry.multiapps.controller.persistence.services.FileStorageException;
import org.cloudfoundry.multiapps.controller.process.Constants;
import org.cloudfoundry.multiapps.controller.process.Messages;
import org.cloudfoundry.multiapps.controller.process.util.ArchiveMerger;
import org.cloudfoundry.multiapps.controller.process.util.JarSignatureOperations;
import org.cloudfoundry.multiapps.controller.process.variables.Variables;
import org.flowable.engine.delegate.DelegateExecution;
import org.springframework.context.annotation.Scope;

@Scope("prototype")
@Named("validateDeployParametersStep")
/* loaded from: input_file:org/cloudfoundry/multiapps/controller/process/steps/ValidateDeployParametersStep.class */
public class ValidateDeployParametersStep extends SyncFlowableStep {

    @Inject
    private JarSignatureOperations jarSignatureOperations;
    private final ResilientOperationExecutor resilientOperationExecutor = new ResilientOperationExecutor();

    @Override // org.cloudfoundry.multiapps.controller.process.steps.SyncFlowableStep
    protected StepPhase executeStep(ProcessContext processContext) {
        getStepLogger().debug(Messages.VALIDATING_PARAMETERS);
        validateParameters(processContext);
        String str = (String) processContext.getVariable(Variables.SPACE_NAME);
        getStepLogger().info(Messages.DEPLOYING_IN_ORG_0_AND_SPACE_1, (String) processContext.getVariable(Variables.ORGANIZATION_NAME), str);
        getStepLogger().debug(Messages.PARAMETERS_VALIDATED);
        return StepPhase.DONE;
    }

    @Override // org.cloudfoundry.multiapps.controller.process.steps.SyncFlowableStep
    protected String getStepErrorMessage(ProcessContext processContext) {
        return Messages.ERROR_VALIDATING_PARAMS;
    }

    private void validateParameters(ProcessContext processContext) {
        validateExtensionDescriptorFileIds(processContext);
        validateArchive(processContext);
    }

    private void validateExtensionDescriptorFileIds(ProcessContext processContext) {
        String str = (String) processContext.getVariable(Variables.EXT_DESCRIPTOR_FILE_ID);
        if (str == null) {
            return;
        }
        for (String str2 : str.split(",")) {
            validateDescriptorSize(findFile(processContext, str2));
        }
    }

    private FileEntry findFile(ProcessContext processContext, String str) {
        try {
            String str2 = (String) processContext.getVariable(Variables.SPACE_GUID);
            FileEntry file = this.fileService.getFile(str2, str);
            if (file == null) {
                throw new SLException(Messages.ERROR_NO_FILE_ASSOCIATED_WITH_THE_SPECIFIED_FILE_ID_0_IN_SPACE_1, new Object[]{str, str2});
            }
            return file;
        } catch (FileStorageException e) {
            throw new SLException(e, Messages.FAILED_TO_RETRIEVE_FILE_WITH_ID_0, new Object[]{str});
        }
    }

    private void validateDescriptorSize(FileEntry fileEntry) {
        Long maxMtaDescriptorSize = this.configuration.getMaxMtaDescriptorSize();
        if (fileEntry.getSize().compareTo(BigInteger.valueOf(maxMtaDescriptorSize.longValue())) > 0) {
            throw new SLException("The size \"{0}\" of mta file \"{1}\" exceeds the configured max size limit \"{2}\"", new Object[]{fileEntry.getSize().toString(), fileEntry.getName(), String.valueOf(maxMtaDescriptorSize.longValue())});
        }
    }

    private void validateArchive(ProcessContext processContext) {
        String[] archivePartIds = getArchivePartIds(processContext);
        if (((Boolean) processContext.getVariable(Variables.VERIFY_ARCHIVE_SIGNATURE)).booleanValue() || archivePartIds.length != 1) {
            Path path = null;
            try {
                path = mergeArchiveParts(processContext, archivePartIds);
                verifyArchiveSignature(processContext, path);
                if (archivePartIds.length != 1) {
                    persistMergedArchive(processContext, path);
                }
                deleteArchive(path);
            } catch (Throwable th) {
                deleteArchive(path);
                throw th;
            }
        }
    }

    private String[] getArchivePartIds(ProcessContext processContext) {
        return ((String) processContext.getRequiredVariable(Variables.APP_ARCHIVE_ID)).split(",");
    }

    private Path mergeArchiveParts(ProcessContext processContext, String[] strArr) {
        List<FileEntry> archivePartEntries = getArchivePartEntries(processContext, strArr);
        processContext.setVariable(Variables.FILE_ENTRIES, archivePartEntries);
        getStepLogger().debug(Messages.BUILDING_ARCHIVE_FROM_PARTS);
        return (Path) this.resilientOperationExecutor.execute(createArchiveFromParts(processContext.getExecution(), archivePartEntries));
    }

    private List<FileEntry> getArchivePartEntries(ProcessContext processContext, String[] strArr) {
        return (List) Arrays.stream(strArr).map(str -> {
            return findFile(processContext, str);
        }).collect(Collectors.toList());
    }

    private Supplier<Path> createArchiveFromParts(DelegateExecution delegateExecution, List<FileEntry> list) {
        return () -> {
            return new ArchiveMerger(this.fileService, getStepLogger(), delegateExecution).createArchiveFromParts(list);
        };
    }

    private void verifyArchiveSignature(ProcessContext processContext, Path path) {
        if (((Boolean) processContext.getVariable(Variables.VERIFY_ARCHIVE_SIGNATURE)).booleanValue()) {
            if (!this.configuration.isArchiveSignatureVerificationEnabled().booleanValue()) {
                throw new SLException(Messages.ARCHIVE_SIGNATURE_VERIFICATION_IS_DISABLED);
            }
            getStepLogger().debug(Messages.VERIFYING_ARCHIVE_0, path);
            verifyArchiveSignature(path);
            getStepLogger().info(Messages.ARCHIVE_IS_VERIFIED);
        }
    }

    private void verifyArchiveSignature(Path path) {
        String certificateCN = this.configuration.getCertificateCN();
        getStepLogger().debug(Messages.WILL_LOOK_FOR_CERTIFICATE_CN, certificateCN);
        this.jarSignatureOperations.checkCertificates(getArchiveFilePathURL(path), this.jarSignatureOperations.readCertificates(Constants.SYMANTEC_CERTIFICATE_FILE), certificateCN);
    }

    private URL getArchiveFilePathURL(Path path) {
        try {
            return path.toUri().toURL();
        } catch (MalformedURLException e) {
            throw new SLException(e, e.getMessage());
        }
    }

    private void persistMergedArchive(ProcessContext processContext, Path path) {
        this.resilientOperationExecutor.execute(() -> {
            persistMergedArchive(path, processContext);
        });
    }

    private void persistMergedArchive(Path path, ProcessContext processContext) {
        processContext.setVariable(Variables.APP_ARCHIVE_ID, persistArchive(path, processContext).getId());
    }

    private FileEntry persistArchive(Path path, ProcessContext processContext) {
        try {
            return this.fileService.addFile((String) processContext.getVariable(Variables.SPACE_GUID), (String) processContext.getVariable(Variables.MTA_NAMESPACE), path.getFileName().toString(), path.toFile());
        } catch (FileStorageException e) {
            throw new SLException(e, e.getMessage());
        }
    }

    private void deleteArchive(Path path) {
        if (path == null) {
            return;
        }
        tryDeleteArchiveFile(path);
    }

    private void tryDeleteArchiveFile(Path path) {
        try {
            Files.deleteIfExists(path);
        } catch (IOException e) {
            this.logger.warn(Messages.MERGED_FILE_NOT_DELETED);
        }
    }
}
