package com.adobe.granite.crypto.internal;

import com.adobe.granite.crypto.CryptoSupport;
import com.rsa.asn1.ASN1;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.net.URLClassLoader;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Dictionary;
import java.util.Enumeration;
import java.util.Hashtable;
import javax.jcr.Binary;
import javax.jcr.Node;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.AccessControlPolicyIterator;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.sling.jcr.api.SlingRepository;
import org.osgi.framework.Bundle;
import org.osgi.framework.BundleActivator;
import org.osgi.framework.BundleContext;
import org.osgi.framework.ServiceFactory;
import org.osgi.framework.ServiceReference;
import org.osgi.framework.ServiceRegistration;
import org.osgi.util.tracker.ServiceTracker;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/adobe/granite/crypto/internal/Activator.class */
public class Activator implements BundleActivator {
    static final String WEB_CONSOLE_LABEL = "crypto";
    private static final String JAR_FILE_PATTERN = "*.jar";
    private static final String JAR_FILE_BUNDLE_PATH = "META-INF/lib";
    private static final String JAR_FILE_TARGET = "lib";
    private static final String JSAFE_CRYPTO_SUPPORT = "com.adobe.granite.crypto.internal.jsafe.JSafeCryptoSupport";
    private static final String keyPath = "/etc/key";
    private static final String keyProperty = "master";
    private static final String keyPropertyPath = "/etc/key/master";
    private final Logger log = LoggerFactory.getLogger(getClass());
    private BundleContext bundleContext;
    private CryptoSupportImpl cryptoSupportImpl;
    private ServiceRegistration configurationPlugin;
    private ServiceRegistration webConsolePlugin;
    private ServiceTracker repositoryTracker;
    private ServiceRegistration cryptoSupportService;

    /* loaded from: input_file:com/adobe/granite/crypto/internal/Activator$SecureDataWebConsolePluginFactory.class */
    public class SecureDataWebConsolePluginFactory implements ServiceFactory {
        public SecureDataWebConsolePluginFactory() {
        }

        public Object getService(Bundle bundle, ServiceRegistration serviceRegistration) {
            return new SecureDataWebConsolePlugin(Activator.this.cryptoSupportImpl);
        }

        public void ungetService(Bundle bundle, ServiceRegistration serviceRegistration, Object obj) {
        }
    }

    public void start(BundleContext bundleContext) throws Exception {
        this.bundleContext = bundleContext;
        this.repositoryTracker = new ServiceTracker(bundleContext, "org.apache.sling.jcr.api.SlingRepository", null) { // from class: com.adobe.granite.crypto.internal.Activator.1
            public Object addingService(ServiceReference serviceReference) {
                if (Activator.this.cryptoSupportImpl != null) {
                    return null;
                }
                SlingRepository slingRepository = (SlingRepository) super.addingService(serviceReference);
                Activator.this.setupCryptoSupport(slingRepository);
                return slingRepository;
            }
        };
        this.repositoryTracker.open();
    }

    public void stop(BundleContext bundleContext) throws Exception {
        if (this.webConsolePlugin != null) {
            this.webConsolePlugin.unregister();
            this.webConsolePlugin = null;
        }
        if (this.configurationPlugin != null) {
            this.configurationPlugin.unregister();
            this.configurationPlugin = null;
        }
        if (this.cryptoSupportService != null) {
            this.cryptoSupportService.unregister();
            this.cryptoSupportService = null;
        }
        if (this.repositoryTracker != null) {
            this.repositoryTracker.close();
            this.repositoryTracker = null;
        }
        if (this.cryptoSupportImpl != null) {
            this.cryptoSupportImpl.dispose();
            this.cryptoSupportImpl = null;
        }
        this.bundleContext = null;
    }

    void setupCryptoSupport(SlingRepository slingRepository) {
        try {
            CryptoSupportImpl createCryptoSupport = createCryptoSupport();
            loadOrCreateKey(slingRepository, createCryptoSupport);
            this.cryptoSupportImpl = createCryptoSupport;
            this.cryptoSupportService = this.bundleContext.registerService(CryptoSupport.NAME, this.cryptoSupportImpl, (Dictionary) null);
            SecureDataWebConsolePluginFactory secureDataWebConsolePluginFactory = new SecureDataWebConsolePluginFactory();
            Hashtable hashtable = new Hashtable();
            hashtable.put("felix.webconsole.label", WEB_CONSOLE_LABEL);
            this.webConsolePlugin = this.bundleContext.registerService("javax.servlet.Servlet", secureDataWebConsolePluginFactory, hashtable);
        } catch (Exception e) {
            this.log.error("setupCryptSupport: Failed creating CryptoSupport Implementation: ", e);
        }
    }

    private CryptoSupportImpl createCryptoSupport() throws Exception {
        return (CryptoSupportImpl) createClassLoader().loadClass(JSAFE_CRYPTO_SUPPORT).getDeclaredConstructor((Class[]) null).newInstance((Object[]) null);
    }

    private ClassLoader createClassLoader() throws IOException {
        File dataFile = this.bundleContext.getDataFile(JAR_FILE_TARGET);
        dataFile.mkdirs();
        long lastModified = this.bundleContext.getBundle().getLastModified();
        Enumeration findEntries = this.bundleContext.getBundle().findEntries(JAR_FILE_BUNDLE_PATH, JAR_FILE_PATTERN, false);
        ArrayList arrayList = new ArrayList();
        if (findEntries != null) {
            while (findEntries.hasMoreElements()) {
                arrayList.add(copy((URL) findEntries.nextElement(), dataFile, lastModified));
            }
        }
        return new URLClassLoader((URL[]) arrayList.toArray(new URL[arrayList.size()]), getClass().getClassLoader());
    }

    private static URL copy(URL url, File file, long j) throws IOException {
        File file2 = new File(file, toName(url, j));
        if (!file2.exists()) {
            FileOutputStream fileOutputStream = new FileOutputStream(file2);
            InputStream openStream = url.openStream();
            byte[] bArr = new byte[ASN1.CONSTRUCTED];
            while (true) {
                int read = openStream.read(bArr);
                if (read <= 0) {
                    break;
                }
                fileOutputStream.write(bArr, 0, read);
            }
            openStream.close();
            fileOutputStream.close();
        }
        return new URL("jar:" + file2.toURI() + "!/");
    }

    private static String toName(URL url, long j) {
        String path = url.getPath();
        int lastIndexOf = path.lastIndexOf(47);
        return (lastIndexOf < 0 ? path : path.substring(lastIndexOf)) + "." + j + ".jar";
    }

    private void loadOrCreateKey(SlingRepository slingRepository, CryptoSupportImpl cryptoSupportImpl) throws Exception {
        byte[] deObfuscate;
        Session session = null;
        try {
            session = slingRepository.loginAdministrative((String) null);
            byte[] readKey = readKey(session);
            if (readKey == null) {
                deObfuscate = cryptoSupportImpl.generateSecretKey();
                writeKey(session, cryptoSupportImpl.obfuscate(deObfuscate));
            } else {
                deObfuscate = cryptoSupportImpl.deObfuscate(readKey);
            }
            cryptoSupportImpl.init(deObfuscate);
            if (session != null) {
                try {
                    session.logout();
                } catch (Exception e) {
                }
            }
        } catch (Throwable th) {
            if (session != null) {
                try {
                    session.logout();
                } catch (Exception e2) {
                }
            }
            throw th;
        }
    }

    private static Node getOrCreateKeyNode(Session session) throws RepositoryException {
        return session.nodeExists(keyPath) ? session.getNode(keyPath) : session.getRootNode().addNode(keyPath.substring(1), "sling:Folder");
    }

    private byte[] readKey(Session session) throws Exception {
        if (!session.propertyExists(keyPropertyPath)) {
            return null;
        }
        Binary binary = session.getProperty(keyPropertyPath).getBinary();
        try {
            long size = binary.getSize();
            if (size >= 2147483647L) {
                this.log.error("loadOrCreateKey: Cannot handle key property larger than Integer.MAX_SIZE bytes!");
                binary.dispose();
                return null;
            }
            byte[] bArr = new byte[(int) size];
            binary.read(bArr, 0L);
            binary.dispose();
            return bArr;
        } catch (Throwable th) {
            binary.dispose();
            throw th;
        }
    }

    private void writeKey(Session session, byte[] bArr) throws Exception {
        Node orCreateKeyNode = getOrCreateKeyNode(session);
        Binary createBinary = orCreateKeyNode.getSession().getValueFactory().createBinary(new ByteArrayInputStream(bArr));
        try {
            orCreateKeyNode.setProperty(keyProperty, createBinary);
            createBinary.dispose();
            limitAccess(session);
            session.save();
        } catch (Throwable th) {
            createBinary.dispose();
            throw th;
        }
    }

    private static void limitAccess(Session session) throws RepositoryException {
        AccessControlManager accessControlManager = session.getAccessControlManager();
        AccessControlPolicyIterator applicablePolicies = accessControlManager.getApplicablePolicies(keyPath);
        while (applicablePolicies.hasNext()) {
            JackrabbitAccessControlList nextAccessControlPolicy = applicablePolicies.nextAccessControlPolicy();
            if (nextAccessControlPolicy instanceof JackrabbitAccessControlList) {
                JackrabbitAccessControlList jackrabbitAccessControlList = nextAccessControlPolicy;
                AccessControlEntry[] accessControlEntries = jackrabbitAccessControlList.getAccessControlEntries();
                if (accessControlEntries != null) {
                    for (AccessControlEntry accessControlEntry : accessControlEntries) {
                        jackrabbitAccessControlList.removeAccessControlEntry(accessControlEntry);
                    }
                }
                jackrabbitAccessControlList.addEntry(getPrincipal(session, session.getUserID()), new Privilege[]{accessControlManager.privilegeFromName("{http://www.jcp.org/jcr/1.0}read")}, true);
                jackrabbitAccessControlList.addEntry(getPrincipal(session, "everyone"), new Privilege[]{accessControlManager.privilegeFromName("{http://www.jcp.org/jcr/1.0}all")}, false);
                accessControlManager.setPolicy(keyPath, jackrabbitAccessControlList);
            }
        }
    }

    private static Principal getPrincipal(Session session, String str) throws RepositoryException {
        return ((JackrabbitSession) session).getPrincipalManager().getPrincipal(str);
    }
}
