package org.apache.maven.plugins.gpg;

import java.io.File;
import java.util.Collections;
import java.util.List;
import org.apache.maven.execution.MavenSession;
import org.apache.maven.plugin.AbstractMojo;
import org.apache.maven.plugin.MojoExecutionException;
import org.apache.maven.plugin.MojoFailureException;
import org.apache.maven.plugins.annotations.Component;
import org.apache.maven.plugins.annotations.Parameter;
import org.apache.maven.project.MavenProject;
import org.apache.maven.settings.Server;
import org.apache.maven.settings.Settings;
import org.sonatype.plexus.components.cipher.DefaultPlexusCipher;
import org.sonatype.plexus.components.sec.dispatcher.DefaultSecDispatcher;
import org.sonatype.plexus.components.sec.dispatcher.SecDispatcher;
import org.sonatype.plexus.components.sec.dispatcher.SecDispatcherException;

/* loaded from: input_file:org/apache/maven/plugins/gpg/AbstractGpgMojo.class */
public abstract class AbstractGpgMojo extends AbstractMojo {
    public static final String DEFAULT_ENV_MAVEN_GPG_KEY = "MAVEN_GPG_KEY";
    public static final String DEFAULT_ENV_MAVEN_GPG_FINGERPRINT = "MAVEN_GPG_KEY_FINGERPRINT";
    public static final String DEFAULT_ENV_MAVEN_GPG_PASSPHRASE = "MAVEN_GPG_PASSPHRASE";

    @Parameter(property = "gpg.agentSocketLocations", defaultValue = ".gnupg/S.gpg-agent")
    private String agentSocketLocations;

    @Parameter(property = "gpg.keyFilePath", defaultValue = "maven-signing-key.key")
    private String keyFilePath;

    @Parameter(property = "gpg.keyFingerprint")
    private String keyFingerprint;

    @Parameter(property = "gpg.keyEnvName", defaultValue = DEFAULT_ENV_MAVEN_GPG_KEY)
    private String keyEnvName;

    @Parameter(property = "gpg.keyFingerprintEnvName", defaultValue = DEFAULT_ENV_MAVEN_GPG_FINGERPRINT)
    private String keyFingerprintEnvName;

    @Parameter(property = "gpg.passphraseEnvName", defaultValue = DEFAULT_ENV_MAVEN_GPG_PASSPHRASE)
    private String passphraseEnvName;

    @Parameter(property = "gpg.homedir")
    private File homedir;

    @Parameter(property = GPG_PASSPHRASE)
    @Deprecated
    private String passphrase;

    @Parameter(property = "gpg.passphraseServerId")
    @Deprecated
    private String passphraseServerId;

    @Parameter(property = "gpg.keyname")
    private String keyname;

    @Parameter(property = "gpg.useagent", defaultValue = "true")
    private boolean useAgent;

    @Parameter(property = "gpg.executable")
    private String executable;

    @Parameter(property = "gpg.defaultKeyring", defaultValue = "true")
    private boolean defaultKeyring;

    @Parameter(property = "gpg.secretKeyring")
    @Deprecated
    private String secretKeyring;

    @Parameter(property = "gpg.publicKeyring")
    @Deprecated
    private String publicKeyring;

    @Parameter(property = "gpg.lockMode")
    private String lockMode;

    @Parameter(property = "gpg.skip", defaultValue = "false")
    private boolean skip;

    @Parameter
    private List<String> gpgArguments;

    @Parameter(property = "gpg.signer", defaultValue = GpgSigner.NAME)
    private String signer;

    @Component
    protected MavenSession session;

    @Parameter(property = "gpg.bestPractices", defaultValue = "false")
    private boolean bestPractices;

    @Parameter(defaultValue = "${settings}", readonly = true, required = true)
    protected Settings settings;

    @Deprecated
    private final SecDispatcher secDispatcher = new DefaultSecDispatcher(new DefaultPlexusCipher(), Collections.emptyMap(), "~/.m2/settings-security.xml");

    @Deprecated
    private static final String GPG_PASSPHRASE = "gpg.passphrase";

    public final void execute() throws MojoExecutionException, MojoFailureException {
        if (this.skip) {
            return;
        }
        if (this.bestPractices) {
            enforceBestPractices();
        } else if (!isNotBlank(this.passphraseServerId)) {
            this.passphraseServerId = GPG_PASSPHRASE;
        }
        doExecute();
    }

    protected void enforceBestPractices() throws MojoFailureException {
        if (isNotBlank(this.passphrase) || isNotBlank(this.passphraseServerId)) {
            throw new MojoFailureException("Do not store passphrase in any file (disk or SCM repository), rely on GnuPG agent or provide passphrase in " + this.passphraseEnvName + " environment variable.");
        }
    }

    protected abstract void doExecute() throws MojoExecutionException, MojoFailureException;

    private void logBestPracticeWarning(String str) {
        getLog().warn("");
        getLog().warn("W A R N I N G");
        getLog().warn("");
        getLog().warn("Do not store passphrase in any file (disk or SCM repository),");
        getLog().warn("instead rely on GnuPG agent or provide passphrase in ");
        getLog().warn(this.passphraseEnvName + " environment variable for batch mode.");
        getLog().warn("");
        getLog().warn("Sensitive content loaded from " + str);
        getLog().warn("");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractGpgSigner newSigner(MavenProject mavenProject) throws MojoFailureException {
        AbstractGpgSigner bcSigner;
        if (GpgSigner.NAME.equals(this.signer)) {
            bcSigner = new GpgSigner(this.executable);
        } else {
            if (!BcSigner.NAME.equals(this.signer)) {
                throw new MojoFailureException("Unknown signer: " + this.signer);
            }
            bcSigner = new BcSigner(this.session.getRepositorySession(), this.keyEnvName, this.keyFingerprintEnvName, this.agentSocketLocations, this.keyFilePath, this.keyFingerprint);
        }
        bcSigner.setLog(getLog());
        bcSigner.setInteractive(this.settings.isInteractiveMode());
        bcSigner.setKeyName(this.keyname);
        bcSigner.setUseAgent(this.useAgent);
        bcSigner.setHomeDirectory(this.homedir);
        bcSigner.setDefaultKeyring(this.defaultKeyring);
        bcSigner.setSecretKeyring(this.secretKeyring);
        bcSigner.setPublicKeyring(this.publicKeyring);
        bcSigner.setLockMode(this.lockMode);
        bcSigner.setArgs(this.gpgArguments);
        String str = (String) this.session.getRepositorySession().getConfigProperties().get("env." + this.passphraseEnvName);
        if (isNotBlank(str)) {
            bcSigner.setPassPhrase(str);
        } else if (!this.bestPractices) {
            String str2 = this.passphrase;
            if (isNotBlank(str2)) {
                logBestPracticeWarning("Mojo configuration");
                bcSigner.setPassPhrase(str2);
            } else {
                String loadGpgPassphrase = loadGpgPassphrase();
                if (isNotBlank(loadGpgPassphrase)) {
                    logBestPracticeWarning("settings.xml");
                    bcSigner.setPassPhrase(loadGpgPassphrase);
                } else {
                    String passphrase = getPassphrase(mavenProject);
                    if (isNotBlank(passphrase)) {
                        logBestPracticeWarning("Project properties");
                        bcSigner.setPassPhrase(passphrase);
                    }
                }
            }
        }
        bcSigner.prepare();
        return bcSigner;
    }

    private boolean isNotBlank(String str) {
        return (str == null || str.trim().isEmpty()) ? false : true;
    }

    @Deprecated
    private String loadGpgPassphrase() throws MojoFailureException {
        Server server;
        if (!isNotBlank(this.passphraseServerId) || (server = this.settings.getServer(this.passphraseServerId)) == null || !isNotBlank(server.getPassphrase())) {
            return null;
        }
        try {
            return this.secDispatcher.decrypt(server.getPassphrase());
        } catch (SecDispatcherException e) {
            throw new MojoFailureException("Unable to decrypt gpg passphrase", e);
        }
    }

    @Deprecated
    public String getPassphrase(MavenProject mavenProject) {
        String str = null;
        if (mavenProject != null) {
            str = mavenProject.getProperties().getProperty(GPG_PASSPHRASE);
            if (str == null) {
                str = findReactorProject(mavenProject).getProperties().getProperty(GPG_PASSPHRASE);
            }
        }
        if (mavenProject != null && str != null) {
            findReactorProject(mavenProject).getProperties().setProperty(GPG_PASSPHRASE, str);
        }
        return str;
    }

    @Deprecated
    private MavenProject findReactorProject(MavenProject mavenProject) {
        return (mavenProject.getParent() == null || mavenProject.getParent().getBasedir() == null || !mavenProject.getParent().getBasedir().exists()) ? mavenProject : findReactorProject(mavenProject.getParent());
    }
}
