SideStore/SideStoreApp/Sources/SideStoreAppKit/Operations/ResignAppOperation.swift

//
//  ResignAppOperation.swift
//  AltStore
//
//  Created by Riley Testut on 6/7/19.
//  Copyright © 2019 Riley Testut. All rights reserved.
//

import Foundation
import RoxasUIKit

import AltSign
import SideStoreCore
import os.log

@objc(ResignAppOperation)
final class ResignAppOperation: ResultOperation<ALTApplication> {
    let context: InstallAppOperationContext

    init(context: InstallAppOperationContext) {
        self.context = context

        super.init()

        progress.totalUnitCount = 3
    }

    override func main() {
        super.main()

        if let error = context.error {
            finish(.failure(error))
            return
        }

        guard
            let app = context.app,
            let profiles = context.provisioningProfiles,
            let team = context.team,
            let certificate = context.certificate
        else { return finish(.failure(OperationError.invalidParameters)) }

        // Prepare app bundle
        let prepareAppProgress = Progress.discreteProgress(totalUnitCount: 2)
        progress.addChild(prepareAppProgress, withPendingUnitCount: 3)

        let prepareAppBundleProgress = prepareAppBundle(for: app, profiles: profiles) { result in
            guard let appBundleURL = self.process(result) else { return }

            os_log("Resigning App: %@", type: .info , self.context.bundleIdentifier)

            // Resign app bundle
            let resignProgress = self.resignAppBundle(at: appBundleURL, team: team, certificate: certificate, profiles: Array(profiles.values)) { result in
                guard let resignedURL = self.process(result) else { return }

                // Finish
                do {
                    let destinationURL = InstalledApp.refreshedIPAURL(for: app)
                    try FileManager.default.copyItem(at: resignedURL, to: destinationURL, shouldReplace: true)

                    // Use appBundleURL since we need an app bundle, not .ipa.
                    guard let resignedApplication = ALTApplication(fileURL: appBundleURL) else { throw OperationError.invalidApp }
                    self.finish(.success(resignedApplication))
                } catch {
                    self.finish(.failure(error))
                }
            }
            prepareAppProgress.addChild(resignProgress, withPendingUnitCount: 1)
        }
        prepareAppProgress.addChild(prepareAppBundleProgress, withPendingUnitCount: 1)
    }

    func process<T>(_ result: Result<T, Error>) -> T? {
        switch result {
        case let .failure(error):
            finish(.failure(error))
            return nil

        case let .success(value):
            guard !isCancelled else {
                finish(.failure(OperationError.cancelled))
                return nil
            }

            return value
        }
    }
}

private extension ResignAppOperation {
    func prepareAppBundle(for app: ALTApplication, profiles: [String: ALTProvisioningProfile], completionHandler: @escaping (Result<URL, Error>) -> Void) -> Progress {
        let progress = Progress.discreteProgress(totalUnitCount: 1)

        let bundleIdentifier = app.bundleIdentifier
        let openURL = InstalledApp.openAppURL(for: app)

        let fileURL = app.fileURL

        func prepare(_ bundle: Bundle, additionalInfoDictionaryValues: [String: Any] = [:]) throws {
            guard let identifier = bundle.bundleIdentifier else { throw ALTError(.missingAppBundle) }
            guard let profile = profiles[identifier] else { throw ALTError(.missingProvisioningProfile) }
            guard var infoDictionary = bundle.completeInfoDictionary else { throw ALTError(.missingInfoPlist) }

            infoDictionary[kCFBundleIdentifierKey as String] = profile.bundleIdentifier
            infoDictionary[Bundle.Info.altBundleID] = identifier
            infoDictionary[Bundle.Info.devicePairingString] = Bundle.main.object(forInfoDictionaryKey: "ALTPairingFile") as? String

            for (key, value) in additionalInfoDictionaryValues {
                infoDictionary[key] = value
            }

            if let appGroups = profile.entitlements[.appGroups] as? [String] {
                infoDictionary[Bundle.Info.appGroups] = appGroups

                // To keep file providers working, remap the NSExtensionFileProviderDocumentGroup, if there is one.
                if var extensionInfo = infoDictionary["NSExtension"] as? [String: Any],
                   let appGroup = extensionInfo["NSExtensionFileProviderDocumentGroup"] as? String,
                   let localAppGroup = appGroups.filter({ $0.contains(appGroup) }).min(by: { $0.count < $1.count }) {
                    extensionInfo["NSExtensionFileProviderDocumentGroup"] = localAppGroup
                    infoDictionary["NSExtension"] = extensionInfo
                }
            }

            // Add app-specific exported UTI so we can check later if this app (extension) is installed or not.
            let installedAppUTI = ["UTTypeConformsTo": [],
                                   "UTTypeDescription": "AltStore Installed App",
                                   "UTTypeIconFiles": [],
                                   "UTTypeIdentifier": InstalledApp.installedAppUTI(forBundleIdentifier: profile.bundleIdentifier),
                                   "UTTypeTagSpecification": [:]] as [String: Any]

            var exportedUTIs = infoDictionary[Bundle.Info.exportedUTIs] as? [[String: Any]] ?? []
            exportedUTIs.append(installedAppUTI)
            infoDictionary[Bundle.Info.exportedUTIs] = exportedUTIs

            try (infoDictionary as NSDictionary).write(to: bundle.infoPlistURL)
        }

        DispatchQueue.global().async {
            do {
                let appBundleURL = self.context.temporaryDirectory.appendingPathComponent("App.app")
                try FileManager.default.copyItem(at: fileURL, to: appBundleURL)

                // Become current so we can observe progress from unzipAppBundle().
                progress.becomeCurrent(withPendingUnitCount: 1)

                guard let appBundle = Bundle(url: appBundleURL) else { throw ALTError(.missingAppBundle) }
                guard let infoDictionary = appBundle.completeInfoDictionary else { throw ALTError(.missingInfoPlist) }

                var allURLSchemes = infoDictionary[Bundle.Info.urlTypes] as? [[String: Any]] ?? []

                let altstoreURLScheme = ["CFBundleTypeRole": "Editor",
                                         "CFBundleURLName": bundleIdentifier,
                                         "CFBundleURLSchemes": [openURL.scheme!]] as [String: Any]
                allURLSchemes.append(altstoreURLScheme)

                var additionalValues: [String: Any] = [Bundle.Info.urlTypes: allURLSchemes]

                if app.isAltStoreApp {
                    guard let udid = Bundle.main.object(forInfoDictionaryKey: Bundle.Info.deviceID) as? String else { throw OperationError.unknownUDID }
                    guard let pairingFileString = Bundle.main.object(forInfoDictionaryKey: Bundle.Info.devicePairingString) as? String else { throw OperationError.unknownUDID }
                    additionalValues[Bundle.Info.devicePairingString] = pairingFileString
                    additionalValues[Bundle.Info.deviceID] = udid
                    additionalValues[Bundle.Info.serverID] = UserDefaults.standard.preferredServerID

                    if
                        let data = Keychain.shared.signingCertificate,
                        let signingCertificate = ALTCertificate(p12Data: data, password: nil),
                        let encryptingPassword = Keychain.shared.signingCertificatePassword
                    {
                        additionalValues[Bundle.Info.certificateID] = signingCertificate.serialNumber

                        let encryptedData = signingCertificate.encryptedP12Data(withPassword: encryptingPassword)
                        try encryptedData?.write(to: appBundle.certificateURL, options: .atomic)
                    } else {
                        // The embedded certificate + certificate identifier are already in app bundle, no need to update them.
                    }
                } else if infoDictionary.keys.contains(Bundle.Info.deviceID), let udid = Bundle.main.object(forInfoDictionaryKey: Bundle.Info.deviceID) as? String {
                    // There is an ALTDeviceID entry, so assume the app is using AltKit and replace it with the device's UDID.
                    additionalValues[Bundle.Info.deviceID] = udid
                    additionalValues[Bundle.Info.serverID] = UserDefaults.standard.preferredServerID
                }

                let iconScale = Int(UIScreen.main.scale)

                if let alternateIconURL = self.context.alternateIconURL,
                   case let data = try Data(contentsOf: alternateIconURL),
                   let image = UIImage(data: data),
                   let icon = image.resizing(toFill: CGSize(width: 60 * iconScale, height: 60 * iconScale)),
                   let iconData = icon.pngData() {
                    let iconName = "AltIcon"
                    let iconURL = appBundleURL.appendingPathComponent(iconName + "@\(iconScale)x.png")
                    try iconData.write(to: iconURL, options: .atomic)

                    let iconDictionary = ["CFBundlePrimaryIcon": ["CFBundleIconFiles": [iconName]]]
                    additionalValues["CFBundleIcons"] = iconDictionary
                }

                // Prepare app
                try prepare(appBundle, additionalInfoDictionaryValues: additionalValues)

                if let directory = appBundle.builtInPlugInsURL, let enumerator = FileManager.default.enumerator(at: directory, includingPropertiesForKeys: nil, options: [.skipsSubdirectoryDescendants]) {
                    for case let fileURL as URL in enumerator {
                        guard let appExtension = Bundle(url: fileURL) else { throw ALTError(.missingAppBundle) }
                        try prepare(appExtension)
                    }
                }

                completionHandler(.success(appBundleURL))
            } catch {
                completionHandler(.failure(error))
            }
        }

        return progress
    }

    func resignAppBundle(at fileURL: URL, team: ALTTeam, certificate: ALTCertificate, profiles: [ALTProvisioningProfile], completionHandler: @escaping (Result<URL, Error>) -> Void) -> Progress {
        let signer = ALTSigner(team: team, certificate: certificate)
        let progress = signer.signApp(at: fileURL, provisioningProfiles: profiles) { success, error in
            do {
                try Result(success, error).get()

                let ipaURL = try FileManager.default.zipAppBundle(at: fileURL)
                completionHandler(.success(ipaURL))
            } catch {
                completionHandler(.failure(error))
            }
        }

        return progress
    }
}