package org.eclipse.sensinact.gateway.security.signature.internal;

import java.net.URL;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import org.eclipse.sensinact.gateway.common.bundle.Mediator;
import org.eclipse.sensinact.gateway.security.signature.api.BundleValidation;
import org.eclipse.sensinact.gateway.security.signature.api.SignatureValidator;
import org.eclipse.sensinact.gateway.security.signature.exception.BundleValidationException;
import org.osgi.framework.Bundle;
import org.osgi.framework.BundleContext;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@SignatureValidator(type = "secure")
@Component
/* loaded from: input_file:org/eclipse/sensinact/gateway/security/signature/internal/BundleValidationImpl.class */
public class BundleValidationImpl implements BundleValidation {
    private static final Logger LOG = LoggerFactory.getLogger(BundleValidationImpl.class);
    private static final String FILE = "file";
    private final Map<String, ValidBundleKey> validated = new HashMap();
    private final Map<String, UnknownBundleKey> unknown = new HashMap();
    private final CryptographicUtils cryptoUtils = new CryptographicUtils();
    private final KeyStoreManager ksm = new KeyStoreManager(getKeyStoreFileName(), getKeyStorePassword());
    private Mediator mediator;

    /* loaded from: input_file:org/eclipse/sensinact/gateway/security/signature/internal/BundleValidationImpl$UnknownBundleKey.class */
    private final class UnknownBundleKey {
        public final int hashcode;
        public final String name;

        public UnknownBundleKey(int i, String str) {
            this.hashcode = i;
            this.name = str;
        }
    }

    /* loaded from: input_file:org/eclipse/sensinact/gateway/security/signature/internal/BundleValidationImpl$ValidBundleKey.class */
    private final class ValidBundleKey {
        public final int hashcode;
        public final String name;
        public final String key;

        public ValidBundleKey(int i, String str, String str2) {
            this.hashcode = i;
            this.name = str;
            this.key = str2;
        }
    }

    @Activate
    public BundleValidationImpl(BundleContext bundleContext) throws KeyStoreManagerException, NoSuchAlgorithmException {
        this.mediator = new Mediator(bundleContext);
    }

    protected String getKeyStoreFileName() {
        return (String) this.mediator.getProperty("org.eclipse.sensinact.gateway.security.jks.filename");
    }

    protected String getKeyStorePassword() {
        return (String) this.mediator.getProperty("org.eclipse.sensinact.gateway.security.jks.password");
    }

    protected String getSignerPassword() {
        return (String) this.mediator.getProperty("org.eclipse.sensinact.gateway.security.signer.password");
    }

    public String check(Bundle bundle) throws BundleValidationException {
        if (bundle == null) {
            LOG.debug("null bundle");
            return null;
        }
        LOG.debug("check bundle: %s", bundle.getLocation());
        int hashCode = bundle.hashCode();
        String symbolicName = bundle.getSymbolicName();
        ValidBundleKey validBundleKey = this.validated.get(symbolicName);
        if (validBundleKey != null && validBundleKey.hashcode == hashCode) {
            return validBundleKey.key;
        }
        UnknownBundleKey unknownBundleKey = this.unknown.get(symbolicName);
        if (unknownBundleKey != null && unknownBundleKey.hashcode == hashCode) {
            return null;
        }
        boolean z = false;
        Enumeration findEntries = bundle.findEntries("/META-INF", "*", true);
        while (findEntries.hasMoreElements()) {
            URL url = (URL) findEntries.nextElement();
            if (url.toExternalForm().endsWith(".RSA") || url.toExternalForm().endsWith("DSA")) {
                z = true;
                break;
            }
        }
        String str = null;
        if (z) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("file " + bundle.getLocation() + " is signed");
            }
            try {
                SignedBundle signedBundle = new SignedBundle(this.mediator, bundle, this.cryptoUtils);
                signedBundle.setKeyStoreManager(this.ksm);
                Map<String, Certificate> validCertificates = signedBundle.getValidCertificates(getSignerPassword());
                Iterator<Map.Entry<String, Certificate>> it = validCertificates.entrySet().iterator();
                ArrayList arrayList = new ArrayList();
                while (it.hasNext()) {
                    String key = it.next().getKey();
                    LOG.debug("signers: %s", it);
                    Certificate certificate = validCertificates.get(key);
                    SignatureFile signatureFile = signedBundle.getSignatureFile(key);
                    if (signatureFile != null) {
                        if (signedBundle.checkCoherence(key, certificate, signatureFile.getHashAlgo())) {
                            arrayList.add(certificate);
                            if (LOG.isInfoEnabled()) {
                                LOG.debug("certificate for " + key + " valid");
                            }
                        }
                        if (arrayList.size() == 0) {
                            this.unknown.put(symbolicName, new UnknownBundleKey(hashCode, symbolicName));
                            str = null;
                        } else {
                            str = signatureFile.getManifestHash();
                        }
                    }
                }
            } catch (Exception e) {
                this.unknown.put(symbolicName, new UnknownBundleKey(hashCode, symbolicName));
                throw new BundleValidationException(e);
            }
        }
        if (str != null) {
            this.validated.put(symbolicName, new ValidBundleKey(hashCode, symbolicName, str));
        } else {
            this.unknown.put(symbolicName, new UnknownBundleKey(hashCode, symbolicName));
        }
        return str;
    }
}
