package com.android.tools.build.bundletool.transparency;

import com.android.bundle.CodeTransparencyOuterClass;
import com.android.tools.build.bundletool.model.AppBundle;
import com.android.tools.build.bundletool.model.BundleMetadata;
import com.android.tools.build.bundletool.model.exceptions.InvalidBundleException;
import com.android.tools.build.bundletool.transparency.TransparencyCheckResult;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.MapDifference;
import com.google.common.collect.Maps;
import com.google.common.io.ByteSource;
import java.util.Optional;
import org.jose4j.jws.JsonWebSignature;

/* loaded from: input_file:tools/bundletool.jar:com/android/tools/build/bundletool/transparency/BundleTransparencyCheckUtils.class */
public final class BundleTransparencyCheckUtils {
    public static TransparencyCheckResult checkTransparency(AppBundle appBundle) {
        Optional<ByteSource> fileAsByteSource = appBundle.getBundleMetadata().getFileAsByteSource(BundleMetadata.BUNDLETOOL_NAMESPACE, BundleMetadata.TRANSPARENCY_SIGNED_FILE_NAME);
        if (fileAsByteSource.isPresent()) {
            return checkTransparency(appBundle, fileAsByteSource.get());
        }
        throw InvalidBundleException.builder().withUserMessage("Bundle does not include code transparency metadata. Run `add-transparency` command to add code transparency metadata to the bundle.").build();
    }

    public static TransparencyCheckResult checkTransparency(AppBundle appBundle, ByteSource byteSource) {
        if (appBundle.hasSharedUserId()) {
            throw InvalidBundleException.builder().withUserMessage("Transparency file is present in the bundle, but it can not be verified because `sharedUserId` attribute is specified in one of the manifests.").build();
        }
        TransparencyCheckResult.Builder builder = TransparencyCheckResult.builder();
        JsonWebSignature parseJws = CodeTransparencyCryptoUtils.parseJws(byteSource);
        if (!CodeTransparencyCryptoUtils.verifySignature(parseJws)) {
            return builder.errorMessage("Verification failed because code transparency signature is invalid.").build();
        }
        builder.transparencySignatureVerified(true).transparencyKeyCertificateFingerprint(CodeTransparencyCryptoUtils.getCertificateFingerprint(parseJws));
        MapDifference difference = Maps.difference(getCodeRelatedFilesFromTransparencyMetadata(parseJws), getCodeRelatedFilesFromBundle(appBundle));
        builder.fileContentsVerified(difference.areEqual());
        if (!difference.areEqual()) {
            builder.errorMessage(getDiffAsString(difference));
        }
        return builder.build();
    }

    private static ImmutableMap<String, CodeTransparencyOuterClass.CodeRelatedFile> getCodeRelatedFilesFromTransparencyMetadata(JsonWebSignature jsonWebSignature) {
        return (ImmutableMap) CodeTransparencyFactory.parseFrom(jsonWebSignature.getUnverifiedPayload()).getCodeRelatedFileList().stream().collect(ImmutableMap.toImmutableMap((v0) -> {
            return v0.getPath();
        }, codeRelatedFile -> {
            return codeRelatedFile;
        }));
    }

    private static ImmutableMap<String, CodeTransparencyOuterClass.CodeRelatedFile> getCodeRelatedFilesFromBundle(AppBundle appBundle) {
        return (ImmutableMap) CodeTransparencyFactory.createCodeTransparencyMetadata(appBundle).getCodeRelatedFileList().stream().collect(ImmutableMap.toImmutableMap((v0) -> {
            return v0.getPath();
        }, codeRelatedFile -> {
            return codeRelatedFile;
        }));
    }

    private static String getDiffAsString(MapDifference<String, CodeTransparencyOuterClass.CodeRelatedFile> mapDifference) {
        return mapDifference.areEqual() ? "" : "Verification failed because code was modified after transparency metadata generation. \nFiles deleted after transparency metadata generation: " + mapDifference.entriesOnlyOnLeft().keySet() + "\nFiles added after transparency metadata generation: " + mapDifference.entriesOnlyOnRight().keySet() + "\nFiles modified after transparency metadata generation: " + mapDifference.entriesDiffering().keySet();
    }

    private BundleTransparencyCheckUtils() {
    }
}
