/*

  * Licensed to the Apache Software Foundation (ASF) under one or more

  * contributor license agreements.  See the NOTICE file distributed with

  * this work for additional information regarding copyright ownership.

  * The ASF licenses this file to You under the Apache License, Version 2.0

  * (the "License"); you may not use this file except in compliance with

  * the License.  You may obtain a copy of the License at

  *

  *      http://www.apache.org/licenses/LICENSE-2.0

  *

  * Unless required by applicable law or agreed to in writing, software

  * distributed under the License is distributed on an "AS IS" BASIS,

  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  * See the License for the specific language governing permissions and

  * limitations under the License.

  */

 package org.apache.commons.openpgp.ant;

 import java.io.File;

 import java.io.FileInputStream;

 import java.io.FileNotFoundException;

 import java.io.IOException;

 import org.apache.commons.openpgp.BouncyCastleKeyRing;

 import org.apache.commons.openpgp.BouncyCastleOpenPgpSignatureVerifier;

 import org.apache.commons.openpgp.KeyRing;

 import org.apache.commons.openpgp.OpenPgpException;

 import org.apache.commons.openpgp.OpenPgpSignatureVerifier;

 import org.apache.commons.openpgp.SignatureStatus;

 import org.apache.tools.ant.BuildException;

 import org.apache.tools.ant.Task;

 import org.apache.tools.ant.types.Mapper;

 import org.apache.tools.ant.util.FileNameMapper;

 import org.apache.tools.ant.util.FileUtils;

 import org.apache.tools.ant.util.GlobPatternMapper;

 import org.bouncycastle.openpgp.PGPException;

 /**

  * Verify a signature using the Bouncy Castle OpenPGP provider.

  *

  * @author <a href="mailto:dennisl@apache.org">Dennis Lundberg</a>

  */

 public class OpenPgpVerifierTask extends Task {

     private File secring;

     private File pubring;

     private String password;

     private File artefact;

     private boolean asciiarmor = true;

     private Mapper mapperElement;

     private String verifyproperty;

     /**

      * Set the secret keyring.

      * @param secring secret keyring file

      */

     public void setSecring(File secring) {

         this.secring = secring;

     }

     /**

      * Set the public keyring.

      * @param pubring public keyring file

      */

     public void setPubring(File pubring) {

         this.pubring = pubring;

     }

     /**

      * Use ASCII armored signature files?

      * @param asciiarmor ascii armored signatures?

      */

     public void setAsciiarmor(boolean asciiarmor) {

         this.asciiarmor = asciiarmor;

     }

     /**

      * Set the value of the password.

      * @param password value of the password

      */

     public void setPassword(String password) {

         this.password = password;

     }

     /**

      * Set the artefact to be handled.

      * @param artefact artefact to be handled

      */

     public void setArtefact(File artefact) {

         this.artefact = artefact;

     }

     /**

      * Set the name of the property that contains the result of the verification.

      * @param verifyproperty name of the property

      */

     public void setVerifyproperty(String verifyproperty) {

         this.verifyproperty = verifyproperty;

     }

     /**

      * Define the mapper to map source to destination files.

      * @return a mapper to be configured.

      * @exception org.apache.tools.ant.BuildException if more than one mapper is defined.

      */

     public Mapper createMapper() throws BuildException {

         if (mapperElement != null) {

             throw new BuildException("Cannot define more than one mapper",

                     getLocation());

         }

         mapperElement = new Mapper(getProject());

         return mapperElement;

     }

     public void execute() {

         if (secring == null) {

             throw new BuildException("secring attribute compulsory");

         }

         if (pubring == null) {

             throw new BuildException("pubring attribute compulsory");

         }

         if (password == null) {

             throw new BuildException("password attribute compulsory");

         }

         if (artefact == null) {

             throw new BuildException("The 'artefact' attribute is compulsory.");

         }

         if (verifyproperty == null) {

             throw new BuildException("The 'verifyproperty' attribute is compulsory.");

         }

         if (!secring.exists() || !secring.canRead()) {

             throw new  BuildException("secret keyring file '" + secring.getAbsolutePath() + "' does not exist or is not readable");

         }

         if (!pubring.exists() || !pubring.canRead()) {

             throw new  BuildException("public keyring file '" + pubring.getAbsolutePath() + "' does not exist or is not readable");

         }

         FileInputStream secStream;

         FileInputStream pubStream;

         KeyRing keyRing = null;

         try {

             secStream = new FileInputStream(secring);

             pubStream = new FileInputStream(pubring);

             keyRing = new BouncyCastleKeyRing(secStream,

                     pubStream, password.toCharArray() );

         } catch (IOException ioe) {

             throw new BuildException(ioe);

         } catch (PGPException pgpe) {

             throw new BuildException(pgpe);

         }

         if (artefact != null) {

             doHandle(keyRing, artefact);

         }

         FileUtils.close(secStream);

         FileUtils.close(pubStream);

     }

     private void doHandle(KeyRing keyRing, File oneartefact) {

         doHandle(keyRing, oneartefact, oneartefact.getParentFile(), oneartefact.getName());

     }

     private void doHandle(KeyRing keyRing, File oneartefact, File basedir, String relpath) {

         FileInputStream artifactFis = null;

         FileInputStream signatureFis = null;

         File signature;

         boolean isValid = false;

         try {

             artifactFis = new FileInputStream(oneartefact);

             FileNameMapper mapper = getMapper();

             String [] mappedFiles = mapper.mapFileName(relpath);

             if (mappedFiles == null || mappedFiles.length != 1) {

                 throw new BuildException("mapper returned more or less than one output");

             }

             signature = new File(basedir, mappedFiles[0]);

             signatureFis = new FileInputStream(signature);

             OpenPgpSignatureVerifier verifier = new BouncyCastleOpenPgpSignatureVerifier();

             SignatureStatus status = verifier.verifyDetachedSignature(artifactFis, signatureFis, keyRing);

             isValid = status.isValid();

         } catch (FileNotFoundException fnfe) {

             throw new BuildException(fnfe);

         } catch (IOException ioe) {

             throw new BuildException(ioe);

         } catch (OpenPgpException opgpe) {

             throw new BuildException(opgpe);

         }

         finally {

             getProject().setProperty(verifyproperty, Boolean.toString(isValid));

         }

         FileUtils.close(signatureFis);

         FileUtils.close(artifactFis);

     }

     /**

      * Return the mapper to use based on nested elements or use a default mapping.

      */

     private FileNameMapper getMapper() {

         FileNameMapper mapper = null;

         if (mapperElement != null) {

             mapper = mapperElement.getImplementation();

         } else {

             mapper = new GlobPatternMapper();

             mapper.setFrom("*");

             if (asciiarmor) {

                 mapper.setTo("*.asc");

             } else {

                 mapper.setTo("*.sig");

             }

         }

         return mapper;

     }

 }