package org.eclipse.osgi.internal.service.security;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import org.eclipse.osgi.internal.signedcontent.SignedBundleHook;
import org.eclipse.osgi.internal.signedcontent.SignedContentMessages;
import org.eclipse.osgi.service.security.TrustEngine;
import org.eclipse.osgi.util.NLS;

/* loaded from: input_file:karaf.zip:apache-karaf-2.2.2-fuse-04-04/system/org/eclipse/osgi/3.6.0.v20100517/osgi-3.6.0.v20100517.jar:org/eclipse/osgi/internal/service/security/KeyStoreTrustEngine.class */
public class KeyStoreTrustEngine extends TrustEngine {
    private KeyStore keyStore;
    private final String type;
    private final String path;
    private final char[] password;
    private final String name;

    public KeyStoreTrustEngine(String str, String str2, char[] cArr, String str3) {
        this.path = str;
        this.type = str2;
        this.password = cArr;
        this.name = str3;
    }

    private String getType() {
        return this.type;
    }

    private String getPath() {
        return this.path;
    }

    private char[] getPassword() {
        return this.password;
    }

    private synchronized KeyStore getKeyStore() throws IOException, GeneralSecurityException {
        if (this.keyStore == null) {
            this.keyStore = KeyStore.getInstance(getType());
            InputStream inputStream = getInputStream();
            try {
                loadStore(this.keyStore, inputStream);
            } finally {
                try {
                    inputStream.close();
                } catch (IOException unused) {
                }
            }
        }
        if (this.keyStore == null) {
            throw new KeyStoreException(NLS.bind(SignedContentMessages.Default_Trust_Keystore_Load_Failed, getPath()));
        }
        return this.keyStore;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r11v0, types: [java.lang.Throwable, java.lang.String] */
    @Override // org.eclipse.osgi.service.security.TrustEngine
    public Certificate findTrustAnchor(Certificate[] certificateArr) throws IOException {
        String certificateAlias;
        if (certificateArr == null || certificateArr.length == 0) {
            throw new IllegalArgumentException("Certificate chain is required");
        }
        try {
            X509Certificate x509Certificate = null;
            KeyStore keyStore = getKeyStore();
            for (int i = 0; i < certificateArr.length; i++) {
                if (certificateArr[i] instanceof X509Certificate) {
                    if (i == certificateArr.length - 1) {
                        X509Certificate x509Certificate2 = (X509Certificate) certificateArr[i];
                        if (!x509Certificate2.getSubjectDN().equals(x509Certificate2.getIssuerDN())) {
                            return findAlternativeRoot(x509Certificate2, keyStore);
                        }
                        x509Certificate2.verify(x509Certificate2.getPublicKey());
                        x509Certificate = x509Certificate2;
                    } else {
                        certificateArr[i].verify(((X509Certificate) certificateArr[i + 1]).getPublicKey());
                    }
                }
                synchronized (keyStore) {
                    ?? certificateAlias2 = x509Certificate == null ? null : keyStore.getCertificateAlias(x509Certificate);
                    if (certificateAlias2 != 0) {
                        return keyStore.getCertificate(certificateAlias2);
                    }
                    if (x509Certificate != certificateArr[i] && (certificateAlias = keyStore.getCertificateAlias(certificateArr[i])) != null) {
                        return keyStore.getCertificate(certificateAlias);
                    }
                    if (certificateArr.length > 1 && i == certificateArr.length - 1 && (certificateArr[i - 1] instanceof X509Certificate)) {
                        return findAlternativeRoot((X509Certificate) certificateArr[i - 1], keyStore);
                    }
                }
            }
            return null;
        } catch (KeyStoreException e) {
            throw ((IOException) new IOException(e.getMessage()).initCause(e));
        } catch (GeneralSecurityException e2) {
            SignedBundleHook.log(e2.getMessage(), 2, e2);
            return null;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private Certificate findAlternativeRoot(X509Certificate x509Certificate, KeyStore keyStore) throws InvalidKeyException, KeyStoreException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException, CertificateException {
        synchronized (keyStore) {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                Certificate certificate = keyStore.getCertificate(aliases.nextElement());
                if ((certificate instanceof X509Certificate) && ((X509Certificate) certificate).getSubjectDN().equals(x509Certificate.getIssuerDN())) {
                    x509Certificate.verify(certificate.getPublicKey());
                    return certificate;
                }
            }
            return null;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v7, types: [java.lang.Throwable, java.security.KeyStore] */
    @Override // org.eclipse.osgi.service.security.TrustEngine
    protected String doAddTrustAnchor(Certificate certificate, String str) throws IOException, GeneralSecurityException {
        if (isReadOnly()) {
            throw new IOException(SignedContentMessages.Default_Trust_Read_Only);
        }
        if (certificate == null) {
            throw new IllegalArgumentException("Certificate must be specified");
        }
        try {
            ?? keyStore = getKeyStore();
            synchronized (keyStore) {
                if (keyStore.getCertificateAlias(certificate) != null) {
                    throw new CertificateException(SignedContentMessages.Default_Trust_Existing_Cert);
                }
                if (keyStore.getCertificate(str) != null) {
                    throw new CertificateException(SignedContentMessages.Default_Trust_Existing_Alias);
                }
                keyStore.setCertificateEntry(str, certificate);
                OutputStream outputStream = getOutputStream();
                try {
                    saveStore(keyStore, outputStream);
                } finally {
                    safeClose(outputStream);
                }
            }
            return str;
        } catch (KeyStoreException e) {
            throw ((CertificateException) new CertificateException(e.getMessage()).initCause(e));
        }
    }

    /* JADX WARN: Type inference failed for: r0v7, types: [java.lang.Throwable, java.security.KeyStore] */
    @Override // org.eclipse.osgi.service.security.TrustEngine
    protected void doRemoveTrustAnchor(Certificate certificate) throws IOException, GeneralSecurityException {
        if (isReadOnly()) {
            throw new IOException(SignedContentMessages.Default_Trust_Read_Only);
        }
        if (certificate == null) {
            throw new IllegalArgumentException("Certificate must be specified");
        }
        try {
            ?? keyStore = getKeyStore();
            synchronized (keyStore) {
                String certificateAlias = keyStore.getCertificateAlias(certificate);
                if (certificateAlias == null) {
                    throw new CertificateException(SignedContentMessages.Default_Trust_Cert_Not_Found);
                }
                removeTrustAnchor(certificateAlias);
            }
        } catch (KeyStoreException e) {
            throw ((CertificateException) new CertificateException(e.getMessage()).initCause(e));
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v5, types: [java.lang.Throwable, java.security.KeyStore] */
    @Override // org.eclipse.osgi.service.security.TrustEngine
    protected void doRemoveTrustAnchor(String str) throws IOException, GeneralSecurityException {
        if (str == null) {
            throw new IllegalArgumentException("Alias must be specified");
        }
        try {
            ?? keyStore = getKeyStore();
            synchronized (keyStore) {
                if (keyStore.getCertificate(str) == null) {
                    throw new CertificateException(SignedContentMessages.Default_Trust_Cert_Not_Found);
                }
                keyStore.deleteEntry(str);
                OutputStream outputStream = getOutputStream();
                try {
                    saveStore(keyStore, outputStream);
                } finally {
                    safeClose(outputStream);
                }
            }
        } catch (KeyStoreException e) {
            throw ((CertificateException) new CertificateException(e.getMessage()).initCause(e));
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v6 */
    /* JADX WARN: Type inference failed for: r0v7, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v9, types: [java.security.cert.Certificate] */
    @Override // org.eclipse.osgi.service.security.TrustEngine
    public Certificate getTrustAnchor(String str) throws IOException, GeneralSecurityException {
        if (str == null) {
            throw new IllegalArgumentException("Alias must be specified");
        }
        try {
            KeyStore keyStore = getKeyStore();
            ?? r0 = keyStore;
            synchronized (r0) {
                r0 = keyStore.getCertificate(str);
            }
            return r0;
        } catch (KeyStoreException e) {
            throw ((CertificateException) new CertificateException(e.getMessage()).initCause(e));
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v12 */
    /* JADX WARN: Type inference failed for: r0v6 */
    /* JADX WARN: Type inference failed for: r0v7, types: [java.lang.Throwable] */
    @Override // org.eclipse.osgi.service.security.TrustEngine
    public String[] getAliases() throws IOException, GeneralSecurityException {
        ArrayList arrayList = new ArrayList();
        try {
            KeyStore keyStore = getKeyStore();
            ?? r0 = keyStore;
            synchronized (r0) {
                Enumeration<String> aliases = keyStore.aliases();
                while (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    if (keyStore.isCertificateEntry(nextElement)) {
                        arrayList.add(nextElement);
                    }
                }
                r0 = r0;
                return (String[]) arrayList.toArray(new String[0]);
            }
        } catch (KeyStoreException e) {
            throw ((CertificateException) new CertificateException(e.getMessage()).initCause(e));
        }
    }

    private void loadStore(KeyStore keyStore, InputStream inputStream) throws IOException, GeneralSecurityException {
        keyStore.load(inputStream, getPassword());
    }

    private void saveStore(KeyStore keyStore, OutputStream outputStream) throws IOException, GeneralSecurityException {
        keyStore.store(outputStream, getPassword());
    }

    private void safeClose(OutputStream outputStream) {
        if (outputStream != null) {
            try {
                outputStream.close();
            } catch (IOException unused) {
            }
        }
    }

    private InputStream getInputStream() throws IOException {
        return new FileInputStream(new File(getPath()));
    }

    private OutputStream getOutputStream() throws IOException {
        File file = new File(getPath());
        if (!file.exists()) {
            file.createNewFile();
        }
        return new FileOutputStream(file);
    }

    @Override // org.eclipse.osgi.service.security.TrustEngine
    public boolean isReadOnly() {
        return getPassword() == null || !new File(this.path).canWrite();
    }

    @Override // org.eclipse.osgi.service.security.TrustEngine
    public String getName() {
        return this.name;
    }
}
