package com.adobe.granite.keystore.internal;

import com.adobe.granite.crypto.CryptoSupport;
import com.adobe.granite.keystore.KeyStoreService;
import java.security.Security;
import java.util.Dictionary;
import javax.jcr.Property;
import javax.jcr.Session;
import org.apache.sling.jcr.api.SlingRepository;
import org.osgi.framework.BundleContext;
import org.osgi.framework.InvalidSyntaxException;
import org.osgi.framework.ServiceEvent;
import org.osgi.framework.ServiceListener;
import org.osgi.framework.ServiceReference;
import org.osgi.framework.ServiceRegistration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/adobe/granite/keystore/internal/ServicesListener.class */
public class ServicesListener {
    private static final String GRANITE_KEYSTORE_ENABLED = "granite.keystore.enabled";
    private final BundleContext bundleContext;
    private boolean enableKeyStoreService;
    private KeyStoreServiceImpl keyStoreServiceImpl;
    private ServiceRegistration<KeyStoreService> keyStoreService;
    private final Logger log = LoggerFactory.getLogger(getClass());
    private final Listener repositoryListener = new Listener(SlingRepository.class.getName());
    private final Listener cryptoServiceListener = new Listener(CryptoSupport.class.getName());

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:com/adobe/granite/keystore/internal/ServicesListener$Listener.class */
    public final class Listener implements ServiceListener {
        private final String serviceName;
        private volatile ServiceReference<?> reference;
        private volatile Object service;

        public Listener(String str) {
            this.serviceName = str;
        }

        public void start() {
            try {
                ServicesListener.this.bundleContext.addServiceListener(this, "(objectClass=" + this.serviceName + ")");
                retainService();
            } catch (InvalidSyntaxException e) {
                throw new RuntimeException("Unexpected exception occured.", e);
            }
        }

        public void stop() {
            ServicesListener.this.bundleContext.removeServiceListener(this);
        }

        public synchronized Object getService() {
            return this.service;
        }

        private synchronized void retainService() {
            if (this.reference == null) {
                this.reference = ServicesListener.this.bundleContext.getServiceReference(this.serviceName);
                if (this.reference != null) {
                    this.service = ServicesListener.this.bundleContext.getService(this.reference);
                    if (this.service == null) {
                        this.reference = null;
                    } else {
                        ServicesListener.this.notifyChange();
                    }
                }
            }
        }

        private synchronized void releaseService(ServiceReference<?> serviceReference) {
            if (this.reference == null || this.reference.compareTo(serviceReference) != 0) {
                return;
            }
            this.service = null;
            ServicesListener.this.bundleContext.ungetService(this.reference);
            this.reference = null;
            ServicesListener.this.notifyChange();
        }

        public void serviceChanged(ServiceEvent serviceEvent) {
            if (serviceEvent.getType() == 1) {
                retainService();
            } else if (serviceEvent.getType() == 4) {
                releaseService(serviceEvent.getServiceReference());
                retainService();
            }
        }
    }

    public ServicesListener(BundleContext bundleContext) {
        this.bundleContext = bundleContext;
        this.repositoryListener.start();
        this.cryptoServiceListener.start();
    }

    public synchronized void notifyChange() {
        SlingRepository slingRepository = (SlingRepository) this.repositoryListener.getService();
        CryptoSupport cryptoSupport = (CryptoSupport) this.cryptoServiceListener.getService();
        if (slingRepository == null || cryptoSupport == null) {
            return;
        }
        this.enableKeyStoreService = !"false".equalsIgnoreCase(this.bundleContext.getProperty(GRANITE_KEYSTORE_ENABLED));
        if (!this.enableKeyStoreService || cryptoSupport == null || slingRepository == null) {
            return;
        }
        try {
            registerGraniteSecurityProvider();
            moveTrustStoreIfNeeded(slingRepository);
            this.keyStoreServiceImpl = getOrCreateKeyStoreService(cryptoSupport);
            if (this.keyStoreService == null) {
                this.keyStoreService = this.bundleContext.registerService(KeyStoreService.class, this.keyStoreServiceImpl, (Dictionary) null);
            }
        } catch (Exception e) {
            throw new RuntimeException("Unexpected failure while initializing the key store", e);
        }
    }

    public void stop() {
        if (this.keyStoreService != null) {
            this.keyStoreService.unregister();
            this.keyStoreService = null;
        }
        unregisterGraniteSecurityProvider();
        this.cryptoServiceListener.stop();
        this.repositoryListener.stop();
    }

    private KeyStoreServiceImpl getOrCreateKeyStoreService(CryptoSupport cryptoSupport) {
        return this.keyStoreServiceImpl == null ? new KeyStoreServiceImpl(cryptoSupport) : this.keyStoreServiceImpl;
    }

    private void registerGraniteSecurityProvider() {
        unregisterGraniteSecurityProvider();
        if (this.enableKeyStoreService) {
            Security.addProvider(GraniteSecurityProvider.getInstance());
        }
    }

    private void unregisterGraniteSecurityProvider() {
        Security.removeProvider(GraniteSecurityProvider.BASE_PROVIDER_NAME);
    }

    private void moveTrustStoreIfNeeded(SlingRepository slingRepository) throws Exception {
        String[] strArr = {"/etc/key/truststore.p12", "/etc/security/truststore.p12"};
        Session session = null;
        try {
            session = slingRepository.loginService((String) null, (String) null);
            for (String str : strArr) {
                if (session.nodeExists(str)) {
                    this.log.info("Detected truststore at {}", str);
                    if (!session.nodeExists(KeyStoreServiceImpl.TRUST_STORE_PATH)) {
                        session.getNode("/etc").addNode("truststore", "sling:Folder");
                    }
                    session.move(str, KeyStoreServiceImpl.TRUST_STORE);
                    this.log.info("Moved truststore to {}", KeyStoreServiceImpl.TRUST_STORE);
                    String substring = str.substring(0, str.lastIndexOf(47));
                    if (session.getNode(substring).hasProperty(KeyStoreServiceImpl.JCR_PROP_KEYSTORE_PASSWORD)) {
                        Property property = session.getNode(substring).getProperty(KeyStoreServiceImpl.JCR_PROP_KEYSTORE_PASSWORD);
                        session.getNode(KeyStoreServiceImpl.TRUST_STORE_PATH).setProperty(KeyStoreServiceImpl.JCR_PROP_KEYSTORE_PASSWORD, property.getString());
                        property.remove();
                    }
                    KeyStoreServiceImpl.protectTrustStore(session);
                }
            }
            session.save();
            if (session != null) {
                session.logout();
            }
        } catch (Throwable th) {
            if (session != null) {
                session.logout();
            }
            throw th;
        }
    }
}
