package org.eclipse.osgi.internal.signedcontent;

import com.liferay.portal.plugin.PluginPackageImpl;
import java.io.File;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLConnection;
import java.security.AccessController;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Dictionary;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import java.util.StringTokenizer;
import org.eclipse.core.runtime.internal.adaptor.IModel;
import org.eclipse.osgi.baseadaptor.BaseAdaptor;
import org.eclipse.osgi.baseadaptor.BaseData;
import org.eclipse.osgi.baseadaptor.HookConfigurator;
import org.eclipse.osgi.baseadaptor.HookRegistry;
import org.eclipse.osgi.baseadaptor.bundlefile.BundleFile;
import org.eclipse.osgi.baseadaptor.bundlefile.DirBundleFile;
import org.eclipse.osgi.baseadaptor.bundlefile.ZipBundleFile;
import org.eclipse.osgi.baseadaptor.hooks.AdaptorHook;
import org.eclipse.osgi.baseadaptor.hooks.BundleFileWrapperFactoryHook;
import org.eclipse.osgi.framework.adaptor.BundleData;
import org.eclipse.osgi.framework.internal.core.AbstractBundle;
import org.eclipse.osgi.framework.internal.core.FilterImpl;
import org.eclipse.osgi.framework.internal.core.FrameworkProperties;
import org.eclipse.osgi.framework.log.FrameworkLog;
import org.eclipse.osgi.framework.log.FrameworkLogEntry;
import org.eclipse.osgi.internal.service.security.DefaultAuthorizationEngine;
import org.eclipse.osgi.internal.service.security.KeyStoreTrustEngine;
import org.eclipse.osgi.service.security.TrustEngine;
import org.eclipse.osgi.signedcontent.SignedContent;
import org.eclipse.osgi.signedcontent.SignedContentFactory;
import org.eclipse.osgi.util.ManifestElement;
import org.eclipse.osgi.util.NLS;
import org.osgi.framework.Bundle;
import org.osgi.framework.BundleContext;
import org.osgi.framework.BundleException;
import org.osgi.framework.Constants;
import org.osgi.framework.InvalidSyntaxException;
import org.osgi.framework.ServiceRegistration;
import org.osgi.util.tracker.ServiceTracker;
import org.osgi.util.tracker.ServiceTrackerCustomizer;

/* loaded from: input_file:com/liferay/portal/deploy/dependencies/osgi/core/org.eclipse.osgi.jar:org/eclipse/osgi/internal/signedcontent/SignedBundleHook.class */
public class SignedBundleHook implements AdaptorHook, BundleFileWrapperFactoryHook, HookConfigurator, SignedContentFactory {
    static final int VERIFY_CERTIFICATE = 1;
    static final int VERIFY_TRUST = 2;
    static final int VERIFY_RUNTIME = 4;
    static final int VERIFY_AUTHORITY = 8;
    static final int VERIFY_ALL = 15;
    private static ServiceTracker<TrustEngine, TrustEngine> trustEngineTracker;
    private static BaseAdaptor ADAPTOR;
    private static int supportSignedBundles;
    private TrustEngineListener trustEngineListener;
    private BundleInstallListener installListener;
    private ServiceRegistration<?> signedContentFactoryReg;
    private ServiceRegistration<?> systemTrustEngineReg;
    private ServiceRegistration<?> defaultAuthEngineReg;
    private List<ServiceRegistration<?>> osgiTrustEngineReg;
    private ServiceRegistration<?> legacyFactoryReg;
    static Class class$0;
    static Class class$1;
    static Class class$2;
    static Class class$3;
    private static String SUPPORT_CERTIFICATE = "certificate";
    private static String SUPPORT_TRUST = "trust";
    private static String SUPPORT_RUNTIME = IModel.RUNTIME;
    private static String SUPPORT_AUTHORITY = "authority";
    private static String SUPPORT_ALL = PluginPackageImpl.STATUS_ALL;
    private static String SUPPORT_TRUE = IModel.TRUE;
    private static String CACERTS_PATH = new StringBuffer(String.valueOf(System.getProperty("java.home"))).append(File.separatorChar).append("lib").append(File.separatorChar).append("security").append(File.separatorChar).append("cacerts").toString();
    private static String CACERTS_TYPE = "JKS";
    private static String SIGNED_BUNDLE_SUPPORT = "osgi.support.signature.verify";
    private static String SIGNED_CONTENT_SUPPORT = "osgi.signedcontent.support";
    private static String OSGI_KEYSTORE = "osgi.framework.keystore";

    @Override // org.eclipse.osgi.baseadaptor.hooks.AdaptorHook
    public void initialize(BaseAdaptor baseAdaptor) {
        ADAPTOR = baseAdaptor;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v25, types: [java.lang.Throwable, java.util.List, java.util.List<org.osgi.framework.ServiceRegistration<?>>] */
    /* JADX WARN: Type inference failed for: r0v47, types: [java.lang.Throwable, java.util.List, java.util.List<org.osgi.framework.ServiceRegistration<?>>] */
    @Override // org.eclipse.osgi.baseadaptor.hooks.AdaptorHook
    public void frameworkStart(BundleContext bundleContext) throws BundleException {
        if ((supportSignedBundles & 8) != 0) {
            this.installListener = new BundleInstallListener();
            bundleContext.addBundleListener(this.installListener);
            Hashtable hashtable = new Hashtable(7);
            hashtable.put(Constants.SERVICE_RANKING, new Integer(Integer.MIN_VALUE));
            hashtable.put(SignedContentConstants.AUTHORIZATION_ENGINE, SignedContentConstants.DEFAULT_AUTHORIZATION_ENGINE);
            Class<?> cls = class$0;
            if (cls == null) {
                try {
                    cls = Class.forName("org.eclipse.osgi.internal.provisional.service.security.AuthorizationEngine");
                    class$0 = cls;
                } catch (ClassNotFoundException unused) {
                    throw new NoClassDefFoundError(getMessage());
                }
            }
            this.defaultAuthEngineReg = bundleContext.registerService(cls.getName(), new DefaultAuthorizationEngine(bundleContext, ADAPTOR.getState()), hashtable);
        }
        Hashtable hashtable2 = new Hashtable(7);
        hashtable2.put(Constants.SERVICE_RANKING, new Integer(Integer.MIN_VALUE));
        hashtable2.put(SignedContentConstants.TRUST_ENGINE, SignedContentConstants.DEFAULT_TRUST_ENGINE);
        KeyStoreTrustEngine keyStoreTrustEngine = new KeyStoreTrustEngine(CACERTS_PATH, CACERTS_TYPE, null, "System");
        Class<?> cls2 = class$1;
        if (cls2 == null) {
            try {
                cls2 = Class.forName("org.eclipse.osgi.service.security.TrustEngine");
                class$1 = cls2;
            } catch (ClassNotFoundException unused2) {
                throw new NoClassDefFoundError(getMessage());
            }
        }
        this.systemTrustEngineReg = bundleContext.registerService(cls2.getName(), keyStoreTrustEngine, hashtable2);
        String property = bundleContext.getProperty(OSGI_KEYSTORE);
        if (property != null) {
            try {
                URL url = new URL(property);
                if ("file".equals(url.getProtocol())) {
                    hashtable2.put(SignedContentConstants.TRUST_ENGINE, OSGI_KEYSTORE);
                    String path = url.getPath();
                    this.osgiTrustEngineReg = new ArrayList(1);
                    ?? r0 = this.osgiTrustEngineReg;
                    Class<?> cls3 = class$1;
                    if (cls3 == null) {
                        try {
                            cls3 = Class.forName("org.eclipse.osgi.service.security.TrustEngine");
                            class$1 = cls3;
                        } catch (ClassNotFoundException unused3) {
                            throw new NoClassDefFoundError(r0.getMessage());
                        }
                    }
                    r0.add(bundleContext.registerService(cls3.getName(), new KeyStoreTrustEngine(path, CACERTS_TYPE, null, OSGI_KEYSTORE), hashtable2));
                }
            } catch (MalformedURLException e) {
                log(new StringBuffer("Invalid setting for ").append(OSGI_KEYSTORE).toString(), 2, e);
            }
        } else {
            String property2 = bundleContext.getProperty(Constants.FRAMEWORK_TRUST_REPOSITORIES);
            if (property2 != null) {
                hashtable2.put(SignedContentConstants.TRUST_ENGINE, Constants.FRAMEWORK_TRUST_REPOSITORIES);
                StringTokenizer stringTokenizer = new StringTokenizer(property2, File.pathSeparator);
                this.osgiTrustEngineReg = new ArrayList(1);
                while (stringTokenizer.hasMoreTokens()) {
                    String nextToken = stringTokenizer.nextToken();
                    ?? r02 = this.osgiTrustEngineReg;
                    Class<?> cls4 = class$1;
                    if (cls4 == null) {
                        try {
                            cls4 = Class.forName("org.eclipse.osgi.service.security.TrustEngine");
                            class$1 = cls4;
                        } catch (ClassNotFoundException unused4) {
                            throw new NoClassDefFoundError(r02.getMessage());
                        }
                    }
                    r02.add(bundleContext.registerService(cls4.getName(), new KeyStoreTrustEngine(nextToken, CACERTS_TYPE, null, OSGI_KEYSTORE), hashtable2));
                }
            }
        }
        if ((supportSignedBundles & 2) != 0) {
            this.trustEngineListener = new TrustEngineListener(bundleContext);
        }
        Class<?> cls5 = class$2;
        if (cls5 == null) {
            try {
                cls5 = Class.forName("org.eclipse.osgi.signedcontent.SignedContentFactory");
                class$2 = cls5;
            } catch (ClassNotFoundException unused5) {
                throw new NoClassDefFoundError(getMessage());
            }
        }
        this.signedContentFactoryReg = bundleContext.registerService(cls5.getName(), this, (Dictionary<String, ?>) null);
        Class<?> cls6 = class$3;
        if (cls6 == null) {
            try {
                cls6 = Class.forName("org.eclipse.osgi.internal.provisional.verifier.CertificateVerifierFactory");
                class$3 = cls6;
            } catch (ClassNotFoundException unused6) {
                throw new NoClassDefFoundError(getMessage());
            }
        }
        this.legacyFactoryReg = bundleContext.registerService(cls6.getName(), new LegacyVerifierFactory(this), (Dictionary<String, ?>) null);
    }

    @Override // org.eclipse.osgi.baseadaptor.hooks.AdaptorHook
    public void frameworkStop(BundleContext bundleContext) throws BundleException {
        if (this.legacyFactoryReg != null) {
            this.legacyFactoryReg.unregister();
            this.legacyFactoryReg = null;
        }
        if (this.signedContentFactoryReg != null) {
            this.signedContentFactoryReg.unregister();
            this.signedContentFactoryReg = null;
        }
        if (this.systemTrustEngineReg != null) {
            this.systemTrustEngineReg.unregister();
            this.systemTrustEngineReg = null;
        }
        if (this.osgiTrustEngineReg != null) {
            Iterator<ServiceRegistration<?>> it = this.osgiTrustEngineReg.iterator();
            while (it.hasNext()) {
                it.next().unregister();
            }
            this.osgiTrustEngineReg = null;
        }
        if (this.defaultAuthEngineReg != null) {
            this.defaultAuthEngineReg.unregister();
            this.defaultAuthEngineReg = null;
        }
        if (this.trustEngineListener != null) {
            this.trustEngineListener.stopTrustEngineListener();
            this.trustEngineListener = null;
        }
        if (this.installListener != null) {
            bundleContext.removeBundleListener(this.installListener);
            this.installListener = null;
        }
        if (trustEngineTracker != null) {
            trustEngineTracker.close();
            trustEngineTracker = null;
        }
    }

    @Override // org.eclipse.osgi.baseadaptor.hooks.AdaptorHook
    public void frameworkStopping(BundleContext bundleContext) {
    }

    @Override // org.eclipse.osgi.baseadaptor.hooks.AdaptorHook
    public void addProperties(Properties properties) {
    }

    @Override // org.eclipse.osgi.baseadaptor.hooks.AdaptorHook
    public URLConnection mapLocationToURLConnection(String str) throws IOException {
        return null;
    }

    @Override // org.eclipse.osgi.baseadaptor.hooks.AdaptorHook
    public void handleRuntimeError(Throwable th) {
    }

    @Override // org.eclipse.osgi.baseadaptor.hooks.AdaptorHook
    public FrameworkLog createFrameworkLog() {
        return null;
    }

    @Override // org.eclipse.osgi.baseadaptor.hooks.BundleFileWrapperFactoryHook
    public BundleFile wrapBundleFile(BundleFile bundleFile, Object obj, BaseData baseData, boolean z) {
        SignedBundleFile signedBundleFile;
        if (bundleFile != null) {
            try {
                SignedStorageHook signedStorageHook = (SignedStorageHook) baseData.getStorageHook(SignedStorageHook.KEY);
                if (!z || signedStorageHook == null) {
                    signedBundleFile = new SignedBundleFile(null, supportSignedBundles);
                } else {
                    signedBundleFile = new SignedBundleFile(signedStorageHook.signedContent, supportSignedBundles);
                    if (signedStorageHook.signedContent == null) {
                        signedBundleFile.setBundleFile(bundleFile);
                        SignedContentImpl signedContent = signedBundleFile.getSignedContent();
                        signedStorageHook.signedContent = (signedContent == null || !signedContent.isSigned()) ? null : signedContent;
                    }
                }
                signedBundleFile.setBundleFile(bundleFile);
                SignedContentImpl signedContent2 = signedBundleFile.getSignedContent();
                if (signedContent2 != null && signedContent2.isSigned()) {
                    signedContent2.setContent(signedBundleFile);
                    bundleFile = signedBundleFile;
                }
            } catch (IOException e) {
                log(new StringBuffer("Bad bundle file: ").append(bundleFile.getBaseFile()).toString(), 2, e);
            } catch (GeneralSecurityException e2) {
                log(new StringBuffer("Bad bundle file: ").append(bundleFile.getBaseFile()).toString(), 2, e2);
            }
        }
        return bundleFile;
    }

    @Override // org.eclipse.osgi.baseadaptor.HookConfigurator
    public void addHooks(HookRegistry hookRegistry) {
        hookRegistry.addAdaptorHook(this);
        String[] arrayFromList = ManifestElement.getArrayFromList(FrameworkProperties.getProperty(SIGNED_CONTENT_SUPPORT, FrameworkProperties.getProperty(SIGNED_BUNDLE_SUPPORT)), ",");
        for (int i = 0; i < arrayFromList.length; i++) {
            if (SUPPORT_CERTIFICATE.equals(arrayFromList[i])) {
                supportSignedBundles |= 1;
            } else if (SUPPORT_TRUST.equals(arrayFromList[i])) {
                supportSignedBundles |= 3;
            } else if (SUPPORT_RUNTIME.equals(arrayFromList[i])) {
                supportSignedBundles |= 5;
            } else if (SUPPORT_AUTHORITY.equals(arrayFromList[i])) {
                supportSignedBundles |= 11;
            } else if (SUPPORT_TRUE.equals(arrayFromList[i]) || SUPPORT_ALL.equals(arrayFromList[i])) {
                supportSignedBundles |= 15;
            }
        }
        if ((supportSignedBundles & 1) != 0) {
            hookRegistry.addStorageHook(new SignedStorageHook());
            hookRegistry.addBundleFileWrapperFactoryHook(this);
        }
    }

    @Override // org.eclipse.osgi.signedcontent.SignedContentFactory
    public SignedContent getSignedContent(File file) throws IOException, InvalidKeyException, SignatureException, CertificateException, NoSuchAlgorithmException, NoSuchProviderException {
        if (file == null) {
            throw new IllegalArgumentException("null content");
        }
        BundleFile dirBundleFile = file.isDirectory() ? new DirBundleFile(file) : new ZipBundleFile(file, null);
        SignedBundleFile signedBundleFile = new SignedBundleFile(null, 15);
        try {
            signedBundleFile.setBundleFile(dirBundleFile);
            return new SignedContentFile(signedBundleFile.getSignedContent());
        } catch (InvalidKeyException e) {
            throw ((InvalidKeyException) new InvalidKeyException(NLS.bind(SignedContentMessages.Factory_SignedContent_Error, file)).initCause(e));
        } catch (NoSuchAlgorithmException e2) {
            throw ((NoSuchAlgorithmException) new NoSuchAlgorithmException(NLS.bind(SignedContentMessages.Factory_SignedContent_Error, file)).initCause(e2));
        } catch (NoSuchProviderException e3) {
            throw ((NoSuchProviderException) new NoSuchProviderException(NLS.bind(SignedContentMessages.Factory_SignedContent_Error, file)).initCause(e3));
        } catch (SignatureException e4) {
            throw ((SignatureException) new SignatureException(NLS.bind(SignedContentMessages.Factory_SignedContent_Error, file)).initCause(e4));
        } catch (CertificateException e5) {
            throw ((CertificateException) new CertificateException(NLS.bind(SignedContentMessages.Factory_SignedContent_Error, file)).initCause(e5));
        }
    }

    @Override // org.eclipse.osgi.signedcontent.SignedContentFactory
    public SignedContent getSignedContent(Bundle bundle) throws IOException, InvalidKeyException, SignatureException, CertificateException, NoSuchAlgorithmException, NoSuchProviderException, IllegalArgumentException {
        BundleData bundleData = ((AbstractBundle) bundle).getBundleData();
        if (!(bundleData instanceof BaseData)) {
            throw new IllegalArgumentException("Invalid bundle object.  No BaseData found.");
        }
        SignedStorageHook signedStorageHook = (SignedStorageHook) ((BaseData) bundleData).getStorageHook(SignedStorageHook.KEY);
        SignedContentImpl signedContentImpl = signedStorageHook != null ? signedStorageHook.signedContent : null;
        if (signedContentImpl != null) {
            return signedContentImpl;
        }
        if (System.getSecurityManager() == null) {
            return getSignedContent(((BaseData) bundleData).getBundleFile().getBaseFile());
        }
        try {
            return (SignedContent) AccessController.doPrivileged(new PrivilegedExceptionAction<SignedContent>(this, bundleData) { // from class: org.eclipse.osgi.internal.signedcontent.SignedBundleHook.1
                final SignedBundleHook this$0;
                private final BundleData val$data;

                {
                    this.this$0 = this;
                    this.val$data = bundleData;
                }

                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public SignedContent run() throws Exception {
                    return this.this$0.getSignedContent(((BaseData) this.val$data).getBundleFile().getBaseFile());
                }

                @Override // java.security.PrivilegedExceptionAction
                public /* bridge */ SignedContent run() throws Exception {
                    return run();
                }
            });
        } catch (PrivilegedActionException e) {
            if (e.getException() instanceof IOException) {
                throw ((IOException) e.getException());
            }
            if (e.getException() instanceof InvalidKeyException) {
                throw ((InvalidKeyException) e.getException());
            }
            if (e.getException() instanceof SignatureException) {
                throw ((SignatureException) e.getException());
            }
            if (e.getException() instanceof CertificateException) {
                throw ((CertificateException) e.getException());
            }
            if (e.getException() instanceof NoSuchAlgorithmException) {
                throw ((NoSuchAlgorithmException) e.getException());
            }
            if (e.getException() instanceof NoSuchProviderException) {
                throw ((NoSuchProviderException) e.getException());
            }
            throw new RuntimeException("Unknown error.", e.getException());
        }
    }

    public static void log(String str, int i, Throwable th) {
        if (ADAPTOR == null) {
            System.err.println(str);
            th.printStackTrace();
        } else {
            ADAPTOR.getFrameworkLog().log(new FrameworkLogEntry("org.eclipse.osgi", i, 0, str, 0, th, null));
        }
    }

    static BundleContext getContext() {
        if (ADAPTOR == null) {
            return null;
        }
        return ADAPTOR.getContext();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Type inference failed for: r0v18, types: [java.lang.Throwable, java.lang.StringBuffer] */
    /* JADX WARN: Type inference failed for: r0v29, types: [java.lang.Throwable, org.osgi.util.tracker.ServiceTracker<org.eclipse.osgi.service.security.TrustEngine, org.eclipse.osgi.service.security.TrustEngine>, org.osgi.util.tracker.ServiceTracker] */
    public static TrustEngine[] getTrustEngines() {
        ?? serviceTracker;
        BundleContext context = getContext();
        if (context == null) {
            return new TrustEngine[0];
        }
        if (trustEngineTracker == null) {
            String property = FrameworkProperties.getProperty(SignedContentConstants.TRUST_ENGINE);
            FilterImpl filterImpl = null;
            if (property != null) {
                try {
                    ?? stringBuffer = new StringBuffer("(&(objectClass=");
                    Class<?> cls = class$1;
                    if (cls == null) {
                        try {
                            cls = Class.forName("org.eclipse.osgi.service.security.TrustEngine");
                            class$1 = cls;
                        } catch (ClassNotFoundException unused) {
                            throw new NoClassDefFoundError(stringBuffer.getMessage());
                        }
                    }
                    filterImpl = FilterImpl.newInstance(stringBuffer.append(cls.getName()).append(")(").append(SignedContentConstants.TRUST_ENGINE).append("=").append(property).append("))").toString());
                } catch (InvalidSyntaxException e) {
                    log("Invalid trust engine filter", 2, e);
                }
            }
            if (filterImpl != null) {
                trustEngineTracker = new ServiceTracker(context, filterImpl, (ServiceTrackerCustomizer) null);
            } else {
                Class<?> cls2 = class$1;
                if (cls2 == null) {
                    try {
                        cls2 = Class.forName("org.eclipse.osgi.service.security.TrustEngine");
                        class$1 = cls2;
                    } catch (ClassNotFoundException unused2) {
                        throw new NoClassDefFoundError(serviceTracker.getMessage());
                    }
                }
                serviceTracker = new ServiceTracker(context, cls2.getName(), (ServiceTrackerCustomizer) null);
                trustEngineTracker = serviceTracker;
            }
            trustEngineTracker.open();
        }
        Object[] services = trustEngineTracker.getServices();
        if (services == null) {
            return new TrustEngine[0];
        }
        TrustEngine[] trustEngineArr = new TrustEngine[services.length];
        System.arraycopy(services, 0, trustEngineArr, 0, services.length);
        return trustEngineArr;
    }
}
