package org.apache.felix.framework.security.verifier;

import java.io.IOException;
import java.io.InputStream;
import java.lang.reflect.Method;
import java.security.cert.CRL;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.WeakHashMap;
import java.util.jar.JarEntry;
import java.util.jar.JarInputStream;
import org.apache.felix.framework.Logger;
import org.apache.felix.framework.resolver.Content;
import org.apache.felix.framework.resolver.Module;
import org.apache.felix.framework.security.util.BundleInputStream;
import org.apache.felix.framework.security.util.TrustManager;
import org.eclipse.osgi.internal.signedcontent.SignedContentConstants;

/* loaded from: input_file:WEB-INF/karaf/system/org/apache/felix/org.apache.felix.framework.security/1.4.2-fuse-09-16/org.apache.felix.framework.security-1.4.2-fuse-09-16.jar:org/apache/felix/framework/security/verifier/BundleDNParser.class */
public final class BundleDNParser {
    private static final Method m_getCodeSigners;
    private static final Method m_getSignerCertPath;
    private static final Method m_getCertificates;
    private final Logger m_logger;
    private final Map m_cache = new WeakHashMap();
    private final Map m_allCache = new WeakHashMap();
    private final TrustManager m_manager;

    public BundleDNParser(TrustManager trustManager, Logger logger) {
        this.m_manager = trustManager;
        this.m_logger = logger;
    }

    public Map getCache() {
        HashMap hashMap;
        synchronized (this.m_cache) {
            hashMap = new HashMap(this.m_cache);
        }
        return hashMap;
    }

    public void put(String str, X509Certificate[] x509CertificateArr) {
        synchronized (this.m_cache) {
            this.m_cache.put(str, x509CertificateArr);
        }
    }

    public void checkDNChains(Module module, Content content, int i) throws Exception {
        if (i == 2) {
            synchronized (this.m_cache) {
                if (this.m_cache.containsKey(module)) {
                    Map map = (Map) this.m_cache.get(module);
                    if (map != null && map.isEmpty()) {
                        throw new IOException("Bundle not properly signed");
                    }
                    return;
                }
            }
        } else {
            synchronized (this.m_allCache) {
                if (this.m_allCache.containsKey(module)) {
                    Map map2 = (Map) this.m_allCache.get(module);
                    if (map2 != null && map2.isEmpty()) {
                        throw new IOException("Bundle not properly signed");
                    }
                    return;
                }
            }
        }
        Map map3 = null;
        Exception exc = null;
        try {
            map3 = _getDNChains(content, i == 2);
        } catch (Exception e) {
            exc = e;
        }
        if (i == 2) {
            synchronized (this.m_cache) {
                this.m_cache.put(module, map3);
            }
        } else {
            synchronized (this.m_allCache) {
                this.m_allCache.put(module, map3);
            }
        }
        if (exc != null) {
            throw exc;
        }
    }

    public Map getDNChains(Module module, Content content, int i) {
        if (i == 2) {
            synchronized (this.m_cache) {
                if (this.m_cache.containsKey(module)) {
                    Map map = (Map) this.m_cache.get(module);
                    return map == null ? new HashMap() : new HashMap(map);
                }
            }
        } else {
            synchronized (this.m_allCache) {
                if (this.m_allCache.containsKey(module)) {
                    Map map2 = (Map) this.m_allCache.get(module);
                    return map2 == null ? new HashMap() : new HashMap(map2);
                }
            }
        }
        Map map3 = null;
        try {
            map3 = _getDNChains(content, i == 2);
        } catch (Exception e) {
        }
        if (i == 2) {
            synchronized (this.m_cache) {
                this.m_cache.put(module, map3);
            }
        } else {
            synchronized (this.m_allCache) {
                this.m_allCache.put(module, map3);
            }
        }
        return map3 == null ? new HashMap() : new HashMap(map3);
    }

    private Map _getDNChains(Content content, boolean z) throws IOException {
        X509Certificate[] certificates = getCertificates(new BundleInputStream(content), z);
        if (certificates == null) {
            return null;
        }
        ArrayList<List> arrayList = new ArrayList();
        getRootChains(certificates, arrayList, z);
        HashMap hashMap = new HashMap();
        for (List list : arrayList) {
            new StringBuffer();
            hashMap.put((X509Certificate) list.iterator().next(), list);
        }
        if (hashMap.isEmpty()) {
            throw new IOException();
        }
        return hashMap;
    }

    private X509Certificate[] getCertificates(InputStream inputStream, boolean z) throws IOException {
        JarInputStream jarInputStream = new JarInputStream(inputStream, true);
        if (jarInputStream.getManifest() == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        int size = arrayList.size();
        JarEntry nextJarEntry = jarInputStream.getNextJarEntry();
        while (true) {
            JarEntry jarEntry = nextJarEntry;
            if (jarEntry == null) {
                ArrayList arrayList2 = new ArrayList();
                Iterator it = arrayList.iterator();
                while (it.hasNext()) {
                    arrayList2.addAll((List) it.next());
                }
                return (X509Certificate[]) arrayList2.toArray(new X509Certificate[arrayList2.size()]);
            }
            if (!jarEntry.isDirectory() && (!jarEntry.getName().startsWith(SignedContentConstants.META_INF) || jarEntry.getName().indexOf(47, SignedContentConstants.META_INF.length()) >= 0)) {
                byte[] bArr = new byte[4096];
                do {
                } while (jarInputStream.read(bArr, 0, bArr.length) != -1);
                Certificate[] certificates = jarEntry.getCertificates();
                if (certificates == null && m_getCodeSigners != null) {
                    try {
                        Object[] objArr = (Object[]) m_getCodeSigners.invoke(jarEntry, null);
                        if (objArr != null) {
                            ArrayList arrayList3 = new ArrayList();
                            for (Object obj : objArr) {
                                arrayList3.addAll((List) m_getCertificates.invoke(m_getSignerCertPath.invoke(obj, null), null));
                            }
                            certificates = (Certificate[]) arrayList3.toArray(new Certificate[arrayList3.size()]);
                        }
                    } catch (Exception e) {
                        e.printStackTrace();
                    }
                }
                if (certificates == null || certificates.length == 0) {
                    return null;
                }
                ArrayList arrayList4 = new ArrayList();
                getRootChains(certificates, arrayList4, z);
                if (arrayList.isEmpty()) {
                    arrayList.addAll(arrayList4);
                    size = arrayList.size();
                } else {
                    Iterator it2 = arrayList.iterator();
                    while (it2.hasNext()) {
                        X509Certificate x509Certificate = (X509Certificate) ((List) it2.next()).get(0);
                        boolean z2 = false;
                        Iterator it3 = arrayList4.iterator();
                        while (true) {
                            if (!it3.hasNext()) {
                                break;
                            }
                            X509Certificate x509Certificate2 = (X509Certificate) ((List) it3.next()).get(0);
                            if (x509Certificate.getSubjectDN().equals(x509Certificate2.getSubjectDN()) && x509Certificate.equals(x509Certificate2)) {
                                z2 = true;
                                break;
                            }
                        }
                        if (!z2) {
                            it2.remove();
                        }
                    }
                }
                if (arrayList.isEmpty()) {
                    if (size > 0) {
                        throw new IOException("Bad signers");
                    }
                    return null;
                }
            }
            nextJarEntry = jarInputStream.getNextJarEntry();
        }
    }

    private boolean isRevoked(Certificate certificate) {
        Iterator it = this.m_manager.getCRLs().iterator();
        while (it.hasNext()) {
            if (((CRL) it.next()).isRevoked(certificate)) {
                return true;
            }
        }
        return false;
    }

    private void getRootChains(Certificate[] certificateArr, List list, boolean z) {
        ArrayList arrayList = new ArrayList();
        boolean z2 = false;
        for (int i = 0; i < certificateArr.length - 1; i++) {
            X509Certificate x509Certificate = (X509Certificate) certificateArr[i];
            if (!z2 && isRevoked(x509Certificate)) {
                z2 = true;
            }
            if (!z || !z2) {
                if (z) {
                    try {
                        x509Certificate.checkValidity();
                    } catch (CertificateException e) {
                        this.m_logger.log(2, "Invalid Certificate", e);
                        z2 = true;
                    }
                }
                arrayList.add(x509Certificate);
            }
            if (!((X509Certificate) certificateArr[i + 1]).getSubjectDN().equals(x509Certificate.getIssuerDN())) {
                if (!z || (!z2 && trusted(x509Certificate))) {
                    list.add(arrayList);
                }
                z2 = false;
                if (!arrayList.isEmpty()) {
                    arrayList = new ArrayList();
                }
            }
        }
        if (z && z2) {
            return;
        }
        arrayList.add(certificateArr[certificateArr.length - 1]);
        if (!z || trusted((X509Certificate) certificateArr[certificateArr.length - 1])) {
            list.add(arrayList);
        }
    }

    private boolean trusted(X509Certificate x509Certificate) {
        if (this.m_manager.getCaCerts().isEmpty() || isRevoked(x509Certificate)) {
            return false;
        }
        for (X509Certificate x509Certificate2 : this.m_manager.getCaCerts()) {
            if (!isRevoked(x509Certificate2) && x509Certificate.getSubjectDN().equals(x509Certificate2.getSubjectDN()) && x509Certificate.equals(x509Certificate2)) {
                try {
                    x509Certificate.checkValidity();
                    x509Certificate2.checkValidity();
                    return true;
                } catch (CertificateException e) {
                    this.m_logger.log(2, "Invalid Certificate", e);
                }
            }
        }
        for (X509Certificate x509Certificate3 : this.m_manager.getCaCerts()) {
            if (!isRevoked(x509Certificate3) && x509Certificate.getIssuerDN().equals(x509Certificate3.getSubjectDN())) {
                try {
                    x509Certificate.verify(x509Certificate3.getPublicKey());
                    x509Certificate.checkValidity();
                    x509Certificate3.checkValidity();
                    return true;
                } catch (Exception e2) {
                    this.m_logger.log(2, "Invalid Certificate", e2);
                }
            }
        }
        return false;
    }

    static {
        Method method;
        Method method2;
        Method method3;
        try {
            method = Class.forName("java.util.jar.JarEntry").getMethod("getCodeSigners", null);
            method2 = Class.forName("java.security.CodeSigner").getMethod("getSignerCertPath", null);
            method3 = Class.forName("java.security.cert.CertPath").getMethod("getCertificates", null);
        } catch (Exception e) {
            e.printStackTrace();
            method = null;
            method2 = null;
            method3 = null;
        }
        m_getCodeSigners = method;
        m_getSignerCertPath = method2;
        m_getCertificates = method3;
    }
}
