package org.eclipse.osgi.internal.signedcontent;

import java.security.cert.Certificate;
import java.util.HashSet;
import java.util.Iterator;
import org.eclipse.osgi.baseadaptor.BaseData;
import org.eclipse.osgi.framework.internal.core.AbstractBundle;
import org.eclipse.osgi.framework.internal.core.Constants;
import org.eclipse.osgi.framework.internal.core.FilterImpl;
import org.eclipse.osgi.framework.internal.core.FrameworkProperties;
import org.eclipse.osgi.internal.provisional.service.security.AuthorizationEngine;
import org.eclipse.osgi.signedcontent.SignerInfo;
import org.osgi.framework.Bundle;
import org.osgi.framework.BundleContext;
import org.osgi.framework.InvalidSyntaxException;
import org.osgi.framework.ServiceReference;
import org.osgi.service.packageadmin.PackageAdmin;
import org.osgi.util.tracker.ServiceTracker;
import org.osgi.util.tracker.ServiceTrackerCustomizer;

/* loaded from: input_file:lib/org.eclipse.osgi.jar:org/eclipse/osgi/internal/signedcontent/TrustEngineListener.class */
public class TrustEngineListener {
    private static volatile TrustEngineListener instance;
    private final BundleContext context;
    private final ServiceTracker authorizationTracker;
    static Class class$0;
    static Class class$1;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v7, types: [java.lang.Throwable, java.lang.StringBuffer] */
    public TrustEngineListener(BundleContext bundleContext) {
        this.context = bundleContext;
        String property = FrameworkProperties.getProperty(SignedContentConstants.AUTHORIZATION_ENGINE);
        FilterImpl filterImpl = null;
        if (property != null) {
            try {
                ?? stringBuffer = new StringBuffer("(&(objectClass=");
                Class<?> cls = class$0;
                if (cls == null) {
                    try {
                        cls = Class.forName("org.eclipse.osgi.internal.provisional.service.security.AuthorizationEngine");
                        class$0 = cls;
                    } catch (ClassNotFoundException unused) {
                        throw new NoClassDefFoundError(stringBuffer.getMessage());
                    }
                }
                filterImpl = FilterImpl.newInstance(stringBuffer.append(cls.getName()).append(")(").append(SignedContentConstants.AUTHORIZATION_ENGINE).append("=").append(property).append("))").toString());
            } catch (InvalidSyntaxException e) {
                SignedBundleHook.log("Invalid authorization filter", 2, e);
            }
        }
        if (filterImpl != null) {
            this.authorizationTracker = new ServiceTracker(bundleContext, filterImpl, (ServiceTrackerCustomizer) null);
        } else {
            Class<?> cls2 = class$0;
            if (cls2 == null) {
                try {
                    cls2 = Class.forName("org.eclipse.osgi.internal.provisional.service.security.AuthorizationEngine");
                    class$0 = cls2;
                } catch (ClassNotFoundException unused2) {
                    throw new NoClassDefFoundError(getMessage());
                }
            }
            this.authorizationTracker = new ServiceTracker(bundleContext, cls2.getName(), (ServiceTrackerCustomizer) null);
        }
        this.authorizationTracker.open();
        instance = this;
    }

    public static TrustEngineListener getInstance() {
        return instance;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void stopTrustEngineListener() {
        this.authorizationTracker.close();
        instance = null;
    }

    public void addedTrustAnchor(Certificate certificate) {
        Bundle[] bundles = this.context.getBundles();
        HashSet hashSet = new HashSet();
        for (int i = 0; i < bundles.length; i++) {
            SignedContentImpl signedContent = getSignedContent(bundles[i]);
            if (signedContent != null && signedContent.isSigned()) {
                SignerInfo[] signerInfos = signedContent.getSignerInfos();
                for (int i2 = 0; i2 < signerInfos.length; i2++) {
                    if (signerInfos[i2].getTrustAnchor() == null) {
                        hashSet.add(bundles[i]);
                    }
                    SignerInfo tSASignerInfo = signedContent.getTSASignerInfo(signerInfos[i2]);
                    if (tSASignerInfo != null && tSASignerInfo.getTrustAnchor() == null) {
                        hashSet.add(bundles[i]);
                    }
                }
            }
            if (hashSet.contains(bundles[i])) {
                SignedBundleFile.determineTrust(signedContent, 2);
                checkAuthorization(signedContent, bundles[i]);
            }
        }
        if (hashSet.size() > 0) {
            resolveBundles((Bundle[]) hashSet.toArray(new Bundle[hashSet.size()]), false);
        }
    }

    private void checkAuthorization(SignedContentImpl signedContentImpl, Bundle bundle) {
        AuthorizationEngine authorizationEngine = getAuthorizationEngine();
        if (authorizationEngine != null) {
            authorizationEngine.authorize(signedContentImpl, bundle);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthorizationEngine getAuthorizationEngine() {
        return (AuthorizationEngine) this.authorizationTracker.getService();
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable, org.osgi.framework.BundleContext] */
    private void resolveBundles(Bundle[] bundleArr, boolean z) {
        PackageAdmin packageAdmin;
        ?? r0 = this.context;
        Class<?> cls = class$1;
        if (cls == null) {
            try {
                cls = Class.forName(Constants.OSGI_PACKAGEADMIN_NAME);
                class$1 = cls;
            } catch (ClassNotFoundException unused) {
                throw new NoClassDefFoundError(r0.getMessage());
            }
        }
        ServiceReference serviceReference = r0.getServiceReference(cls.getName());
        if (serviceReference == null || (packageAdmin = (PackageAdmin) this.context.getService(serviceReference)) == null) {
            return;
        }
        try {
            if (z) {
                packageAdmin.refreshPackages(bundleArr);
            } else {
                packageAdmin.resolveBundles(bundleArr);
            }
        } finally {
            this.context.ungetService(serviceReference);
        }
    }

    public void removedTrustAnchor(Certificate certificate) {
        Bundle[] bundles = this.context.getBundles();
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        for (int i = 0; i < bundles.length; i++) {
            SignedContentImpl signedContent = getSignedContent(bundles[i]);
            if (signedContent != null && signedContent.isSigned()) {
                SignerInfo[] signerInfos = signedContent.getSignerInfos();
                for (int i2 = 0; i2 < signerInfos.length; i2++) {
                    if (certificate.equals(signerInfos[i2].getTrustAnchor())) {
                        hashSet2.add(signerInfos[i2]);
                        hashSet.add(bundles[i]);
                    }
                    SignerInfo tSASignerInfo = signedContent.getTSASignerInfo(signerInfos[i2]);
                    if (tSASignerInfo != null && certificate.equals(tSASignerInfo.getTrustAnchor())) {
                        hashSet.add(bundles[i]);
                        hashSet2.add(tSASignerInfo);
                    }
                }
            }
        }
        Iterator it = hashSet2.iterator();
        while (it.hasNext()) {
            ((SignerInfoImpl) it.next()).setTrustAnchor(null);
        }
        Iterator it2 = hashSet.iterator();
        while (it2.hasNext()) {
            Bundle bundle = (Bundle) it2.next();
            SignedContentImpl signedContent2 = getSignedContent(bundle);
            SignedBundleFile.determineTrust(signedContent2, 2);
            checkAuthorization(signedContent2, bundle);
        }
        if (hashSet.size() > 0) {
            resolveBundles((Bundle[]) hashSet.toArray(new Bundle[hashSet.size()]), true);
        }
    }

    private SignedContentImpl getSignedContent(Bundle bundle) {
        SignedStorageHook signedStorageHook = (SignedStorageHook) ((BaseData) ((AbstractBundle) bundle).getBundleData()).getStorageHook(SignedStorageHook.KEY);
        if (signedStorageHook == null) {
            return null;
        }
        return (SignedContentImpl) signedStorageHook.getSignedContent();
    }
}
