/*
    * Licensed to the Apache Software Foundation (ASF) under one or more
    * contributor license agreements.  See the NOTICE file distributed with
    * this work for additional information regarding copyright ownership.
    * The ASF licenses this file to You under the Apache License, Version 2.0
    * (the "License"); you may not use this file except in compliance with
    * the License.  You may obtain a copy of the License at
    *
    *      http://www.apache.org/licenses/LICENSE-2.0
   *
   * Unless required by applicable law or agreed to in writing, software
   * distributed under the License is distributed on an "AS IS" BASIS,
   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   * See the License for the specific language governing permissions and
   * limitations under the License.
   */
  package org.apache.commons.openpgp.ant;
  
  import java.io.File;
  import java.io.FileInputStream;
  import java.io.FileNotFoundException;
  import java.io.IOException;
  import org.apache.commons.openpgp.BouncyCastleKeyRing;
  import org.apache.commons.openpgp.BouncyCastleOpenPgpSignatureVerifier;
  import org.apache.commons.openpgp.KeyRing;
  import org.apache.commons.openpgp.OpenPgpException;
  import org.apache.commons.openpgp.OpenPgpSignatureVerifier;
  import org.apache.commons.openpgp.SignatureStatus;
  import org.apache.tools.ant.BuildException;
  import org.apache.tools.ant.Task;
  import org.apache.tools.ant.types.Mapper;
  import org.apache.tools.ant.util.FileNameMapper;
  import org.apache.tools.ant.util.FileUtils;
  import org.apache.tools.ant.util.GlobPatternMapper;
  import org.bouncycastle.openpgp.PGPException;
  
  /**
   * Verify a signature using the Bouncy Castle OpenPGP provider.
   *
   * @author <a href="mailto:dennisl@apache.org">Dennis Lundberg</a>
   */
  public class OpenPgpVerifierTask extends Task {
      private File secring;
      private File pubring;
      private String password;
      private File artefact;
      private boolean asciiarmor = true;
      private Mapper mapperElement;
      private String verifyproperty;
  
      /**
       * Set the secret keyring.
       * @param secring secret keyring file
       */
      public void setSecring(File secring) {
          this.secring = secring;
      }
  
      /**
       * Set the public keyring.
       * @param pubring public keyring file
       */
      public void setPubring(File pubring) {
          this.pubring = pubring;
      }
  
      /**
       * Use ASCII armored signature files?
       * @param asciiarmor ascii armored signatures?
       */
      public void setAsciiarmor(boolean asciiarmor) {
          this.asciiarmor = asciiarmor;
      }
  
      /**
       * Set the value of the password.
       * @param password value of the password
       */
      public void setPassword(String password) {
          this.password = password;
      }
  
      /**
       * Set the artefact to be handled.
       * @param artefact artefact to be handled
       */
      public void setArtefact(File artefact) {
          this.artefact = artefact;
      }
  
      /**
       * Set the name of the property that contains the result of the verification.
       * @param verifyproperty name of the property
       */
      public void setVerifyproperty(String verifyproperty) {
          this.verifyproperty = verifyproperty;
      }
  
      /**
      * Define the mapper to map source to destination files.
      * @return a mapper to be configured.
      * @exception org.apache.tools.ant.BuildException if more than one mapper is defined.
      */
     public Mapper createMapper() throws BuildException {
         if (mapperElement != null) {
             throw new BuildException("Cannot define more than one mapper",
                     getLocation());
         }
         mapperElement = new Mapper(getProject());
         return mapperElement;
     }
 
     public void execute() {
         if (secring == null) {
             throw new BuildException("secring attribute compulsory");
         }
         if (pubring == null) {
             throw new BuildException("pubring attribute compulsory");
         }
         if (password == null) {
             throw new BuildException("password attribute compulsory");
         }
         if (artefact == null) {
             throw new BuildException("The 'artefact' attribute is compulsory.");
         }
         if (verifyproperty == null) {
             throw new BuildException("The 'verifyproperty' attribute is compulsory.");
         }
         if (!secring.exists() || !secring.canRead()) {
             throw new  BuildException("secret keyring file '" + secring.getAbsolutePath() + "' does not exist or is not readable");
         }
         if (!pubring.exists() || !pubring.canRead()) {
             throw new  BuildException("public keyring file '" + pubring.getAbsolutePath() + "' does not exist or is not readable");
         }
         FileInputStream secStream;
         FileInputStream pubStream;
         KeyRing keyRing = null;
         try {
             secStream = new FileInputStream(secring);
             pubStream = new FileInputStream(pubring);
             keyRing = new BouncyCastleKeyRing(secStream,
                     pubStream, password.toCharArray() );
         } catch (IOException ioe) {
             throw new BuildException(ioe);
         } catch (PGPException pgpe) {
             throw new BuildException(pgpe);
         }
         if (artefact != null) {
             doHandle(keyRing, artefact);
         }
         FileUtils.close(secStream);
         FileUtils.close(pubStream);
     }
 
     private void doHandle(KeyRing keyRing, File oneartefact) {
         doHandle(keyRing, oneartefact, oneartefact.getParentFile(), oneartefact.getName());
     }
 
     private void doHandle(KeyRing keyRing, File oneartefact, File basedir, String relpath) {
         FileInputStream artifactFis = null;
         FileInputStream signatureFis = null;
         File signature;
         boolean isValid = false;
 
         try {
             artifactFis = new FileInputStream(oneartefact);
             FileNameMapper mapper = getMapper();
             String [] mappedFiles = mapper.mapFileName(relpath);
             if (mappedFiles == null || mappedFiles.length != 1) {
                 throw new BuildException("mapper returned more or less than one output");
             }
             signature = new File(basedir, mappedFiles[0]);
             signatureFis = new FileInputStream(signature);
             OpenPgpSignatureVerifier verifier = new BouncyCastleOpenPgpSignatureVerifier();
             SignatureStatus status = verifier.verifyDetachedSignature(artifactFis, signatureFis, keyRing);
             isValid = status.isValid();
         } catch (FileNotFoundException fnfe) {
             throw new BuildException(fnfe);
         } catch (IOException ioe) {
             throw new BuildException(ioe);
         } catch (OpenPgpException opgpe) {
             throw new BuildException(opgpe);
         }
         finally {
             getProject().setProperty(verifyproperty, Boolean.toString(isValid));
         }
         FileUtils.close(signatureFis);
         FileUtils.close(artifactFis);
     }
 
     /**
      * Return the mapper to use based on nested elements or use a default mapping.
      */
     private FileNameMapper getMapper() {
         FileNameMapper mapper = null;
         if (mapperElement != null) {
             mapper = mapperElement.getImplementation();
         } else {
             mapper = new GlobPatternMapper();
             mapper.setFrom("*");
             if (asciiarmor) {
                 mapper.setTo("*.asc");
             } else {
                 mapper.setTo("*.sig");
             }
         }
         return mapper;
     }
 }