package org.eclipse.equinox.internal.p2.engine.phases;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.nio.ByteBuffer;
import java.security.GeneralSecurityException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.eclipse.core.runtime.IConfigurationElement;
import org.eclipse.core.runtime.IProgressMonitor;
import org.eclipse.core.runtime.IStatus;
import org.eclipse.core.runtime.MultiStatus;
import org.eclipse.core.runtime.RegistryFactory;
import org.eclipse.core.runtime.Status;
import org.eclipse.core.runtime.preferences.IEclipsePreferences;
import org.eclipse.equinox.internal.p2.artifact.processors.pgp.PGPPublicKeyStore;
import org.eclipse.equinox.internal.p2.artifact.repository.simple.SimpleArtifactRepository;
import org.eclipse.equinox.internal.p2.engine.DebugHelper;
import org.eclipse.equinox.internal.p2.engine.EngineActivator;
import org.eclipse.equinox.internal.p2.engine.Messages;
import org.eclipse.equinox.p2.core.IAgentLocation;
import org.eclipse.equinox.p2.core.IProvisioningAgent;
import org.eclipse.equinox.p2.core.UIServices;
import org.eclipse.equinox.p2.engine.IProfile;
import org.eclipse.equinox.p2.engine.ProfileScope;
import org.eclipse.equinox.p2.metadata.IArtifactKey;
import org.eclipse.equinox.p2.repository.artifact.IArtifactDescriptor;
import org.eclipse.equinox.p2.repository.artifact.spi.IArtifactUIServices;
import org.eclipse.equinox.p2.repository.spi.PGPPublicKeyService;
import org.eclipse.osgi.signedcontent.SignedContent;
import org.eclipse.osgi.signedcontent.SignedContentFactory;
import org.eclipse.osgi.signedcontent.SignerInfo;
import org.eclipse.osgi.util.NLS;
import org.osgi.framework.Bundle;
import org.osgi.framework.BundleContext;
import org.osgi.framework.ServiceReference;
import org.osgi.service.prefs.BackingStoreException;

/* loaded from: input_file:org/eclipse/equinox/internal/p2/engine/phases/CertificateChecker.class */
public class CertificateChecker {
    private static final String DEBUG_PREFIX = "certificate checker";
    private static boolean VERIFY_CERTIFICATE_SIGNATURE_VALIDITY = Boolean.TRUE.toString().equalsIgnoreCase(System.getProperty("p2.verifyCertificateSignatureValidity", Boolean.TRUE.toString()));
    public static final String TRUST_ALWAYS_PROPERTY = "trustAlways";
    public static final String TRUSTED_KEY_STORE_PROPERTY = "pgp.trustedPublicKeys";
    public static final String TRUSTED_CERTIFICATES_PROPERTY = "trustedCertificates";
    private IProfile profile;
    private Map<IArtifactDescriptor, File> artifacts;
    private final IProvisioningAgent agent;
    private final PGPPublicKeyService keyService;
    private final Supplier<PGPPublicKeyStore> trustedKeys;
    private final Supplier<Collection<? extends Certificate>> additionalTrustedCertificates;

    public CertificateChecker() {
        this(null);
    }

    public CertificateChecker(IProvisioningAgent iProvisioningAgent) {
        this.artifacts = new HashMap();
        this.trustedKeys = new Supplier<PGPPublicKeyStore>() { // from class: org.eclipse.equinox.internal.p2.engine.phases.CertificateChecker.1
            private PGPPublicKeyStore cache = null;

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.function.Supplier
            public PGPPublicKeyStore get() {
                if (this.cache == null) {
                    this.cache = CertificateChecker.this.getPreferenceTrustedKeys();
                    Set<PGPPublicKey> keySet = CertificateChecker.this.getContributedTrustedKeys().keySet();
                    PGPPublicKeyStore pGPPublicKeyStore = this.cache;
                    pGPPublicKeyStore.getClass();
                    keySet.forEach(pGPPublicKeyStore::addKey);
                }
                return this.cache;
            }
        };
        this.additionalTrustedCertificates = new Supplier<Collection<? extends Certificate>>() { // from class: org.eclipse.equinox.internal.p2.engine.phases.CertificateChecker.2
            private Collection<? extends Certificate> cache = null;

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.function.Supplier
            public Collection<? extends Certificate> get() {
                if (this.cache == null) {
                    this.cache = CertificateChecker.this.getPreferenceTrustedCertificates();
                }
                return this.cache;
            }
        };
        this.agent = iProvisioningAgent;
        this.artifacts = new HashMap();
        this.keyService = (PGPPublicKeyService) iProvisioningAgent.getService(PGPPublicKeyService.class);
    }

    public IStatus start() {
        BundleContext context = EngineActivator.getContext();
        ServiceReference serviceReference = context.getServiceReference(SignedContentFactory.class);
        try {
            return checkCertificates((SignedContentFactory) context.getService(serviceReference));
        } finally {
            context.ungetService(serviceReference);
        }
    }

    private IStatus checkCertificates(SignedContentFactory signedContentFactory) {
        IArtifactUIServices iArtifactUIServices;
        if (this.artifacts.isEmpty()) {
            return Status.OK_STATUS;
        }
        String unsignedContentPolicy = getUnsignedContentPolicy();
        if (!EngineActivator.UNSIGNED_ALLOW.equals(unsignedContentPolicy) && (iArtifactUIServices = (UIServices) this.agent.getService(UIServices.class)) != null && !isTrustAlways()) {
            IArtifactUIServices iArtifactUIServices2 = iArtifactUIServices instanceof IArtifactUIServices ? iArtifactUIServices : (map, map2, set, map3) -> {
                return IArtifactUIServices.getTrustInfo(iArtifactUIServices, map, map2, set, map3);
            };
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            LinkedHashMap linkedHashMap2 = new LinkedHashMap();
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            HashSet hashSet = new HashSet();
            HashSet hashSet2 = new HashSet();
            boolean z = false;
            LinkedHashMap linkedHashMap3 = new LinkedHashMap();
            for (Map.Entry<IArtifactDescriptor, File> entry : this.artifacts.entrySet()) {
                IArtifactDescriptor key = entry.getKey();
                SimpleArtifactRepository repository = key.getRepository();
                if (repository instanceof SimpleArtifactRepository) {
                    hashSet2.add(repository);
                }
                IArtifactKey artifactKey = key.getArtifactKey();
                File value = entry.getValue();
                linkedHashMap3.put(artifactKey, value);
                boolean z2 = false;
                try {
                    SignedContent signedContent = signedContentFactory.getSignedContent(value);
                    boolean isSigned = signedContent.isSigned();
                    if (isSigned) {
                        SignerInfo[] signerInfos = signedContent.getSignerInfos();
                        if (Arrays.stream(signerInfos).noneMatch((v0) -> {
                            return v0.isTrusted();
                        }) && Arrays.stream(signerInfos).map((v0) -> {
                            return v0.getCertificateChain();
                        }).flatMap((v0) -> {
                            return Arrays.stream(v0);
                        }).noneMatch(certificate -> {
                            return this.additionalTrustedCertificates.get().contains(certificate);
                        })) {
                            for (SignerInfo signerInfo : signerInfos) {
                                if (!signerInfo.isTrusted()) {
                                    ((Set) linkedHashMap.computeIfAbsent(Arrays.asList(signerInfo.getCertificateChain()), list -> {
                                        return new LinkedHashSet();
                                    })).add(artifactKey);
                                }
                            }
                        } else {
                            z2 = true;
                        }
                        if (VERIFY_CERTIFICATE_SIGNATURE_VALIDITY) {
                            List list2 = (List) Arrays.stream(signerInfos).filter(signerInfo2 -> {
                                try {
                                    signedContent.checkValidity(signerInfo2);
                                    return false;
                                } catch (CertificateExpiredException | CertificateNotYetValidException e) {
                                    return true;
                                }
                            }).collect(Collectors.toList());
                            if (signerInfos.length == list2.size()) {
                                z2 = false;
                                Iterator it = list2.iterator();
                                while (it.hasNext()) {
                                    ((Set) linkedHashMap.computeIfAbsent(Arrays.asList(((SignerInfo) it.next()).getCertificateChain()), list3 -> {
                                        return new LinkedHashSet();
                                    })).add(artifactKey);
                                }
                            }
                        }
                    }
                    if (!isSigned || !z2) {
                        Stream stream = PGPPublicKeyStore.readPublicKeys(key.getProperty("pgp.publicKeys")).stream();
                        PGPPublicKeyService pGPPublicKeyService = this.keyService;
                        pGPPublicKeyService.getClass();
                        List list4 = (List) stream.map(pGPPublicKeyService::addKey).collect(Collectors.toList());
                        if (!list4.isEmpty()) {
                            if (!z) {
                                z = true;
                                hashSet.addAll(this.trustedKeys.get().all().stream().filter(pGPPublicKey -> {
                                    return this.keyService.getVerifiedRevocationDate(pGPPublicKey) == null;
                                }).toList());
                            }
                            Stream stream2 = list4.stream();
                            hashSet.getClass();
                            if (stream2.noneMatch((v1) -> {
                                return r1.contains(v1);
                            })) {
                                list4.forEach(pGPPublicKey2 -> {
                                    ((Set) linkedHashMap2.computeIfAbsent(pGPPublicKey2, pGPPublicKey2 -> {
                                        return new LinkedHashSet();
                                    })).add(artifactKey);
                                });
                            } else {
                                linkedHashMap.values().forEach(set2 -> {
                                    set2.remove(artifactKey);
                                });
                                linkedHashMap.values().removeIf((v0) -> {
                                    return v0.isEmpty();
                                });
                            }
                        } else if (!isSigned) {
                            linkedHashSet.add(artifactKey);
                        }
                    }
                } catch (IOException e) {
                    return new Status(4, EngineActivator.ID, Messages.CertificateChecker_SignedContentIOError, e);
                } catch (GeneralSecurityException e2) {
                    return new Status(4, EngineActivator.ID, Messages.CertificateChecker_SignedContentError, e2);
                }
            }
            if (DebugHelper.DEBUG_CERTIFICATE_CHECKER_UNSIGNED && !linkedHashSet.isEmpty()) {
                StringBuilder sb = new StringBuilder("The following artifacts are unsigned:\n");
                Iterator it2 = linkedHashSet.iterator();
                while (it2.hasNext()) {
                    sb.append(NLS.bind("  {0}\n", ((File) linkedHashMap3.get((IArtifactKey) it2.next())).getPath()));
                }
                DebugHelper.debug(DEBUG_PREFIX, sb.toString());
            }
            if (DebugHelper.DEBUG_CERTIFICATE_CHECKER_UNTRUSTED && !linkedHashMap.isEmpty()) {
                StringBuilder sb2 = new StringBuilder("The following certificates are untrusted:\n");
                for (Map.Entry entry2 : linkedHashMap.entrySet()) {
                    sb2.append(((Certificate) ((List) entry2.getKey()).get(0)).toString() + "\n");
                    sb2.append("  used by the following artifacts:\n");
                    Iterator it3 = ((Set) entry2.getValue()).iterator();
                    while (it3.hasNext()) {
                        sb2.append(NLS.bind("    {0}\n", ((File) linkedHashMap3.get((IArtifactKey) it3.next())).getPath()));
                    }
                }
                DebugHelper.debug(DEBUG_PREFIX, sb2.toString());
            }
            if (DebugHelper.DEBUG_CERTIFICATE_CHECKER_UNTRUSTED && !linkedHashMap2.isEmpty()) {
                StringBuilder sb3 = new StringBuilder("The following PGP Keys are untrusted:\n");
                for (Map.Entry entry3 : linkedHashMap2.entrySet()) {
                    sb3.append(Long.toHexString(((PGPPublicKey) entry3.getKey()).getKeyID()) + "\n");
                    sb3.append("  used by the following artifacts:\n");
                    Iterator it4 = ((Set) entry3.getValue()).iterator();
                    while (it4.hasNext()) {
                        sb3.append(NLS.bind("    {0}\n", (IArtifactKey) it4.next()));
                    }
                }
                DebugHelper.debug(DEBUG_PREFIX, sb3.toString());
            }
            if (!linkedHashSet.isEmpty() && EngineActivator.UNSIGNED_FAIL.equals(unsignedContentPolicy)) {
                return new Status(4, EngineActivator.ID, NLS.bind(Messages.CertificateChecker_UnsignedNotAllowed, linkedHashSet.stream().map(iArtifactKey -> {
                    return (File) linkedHashMap3.get(iArtifactKey);
                }).collect(Collectors.toList())));
            }
            if (linkedHashSet.isEmpty() && linkedHashMap.isEmpty() && linkedHashMap2.isEmpty()) {
                return Status.OK_STATUS;
            }
            UIServices.TrustInfo trustInfo = iArtifactUIServices2.getTrustInfo(linkedHashMap, linkedHashMap2, linkedHashSet, linkedHashMap3);
            setTrustAlways(trustInfo.trustAlways());
            if (!trustInfo.trustAlways()) {
                HashSet hashSet3 = new HashSet();
                Certificate[] trustedCertificates = trustInfo.getTrustedCertificates();
                if (trustedCertificates != null) {
                    for (Map.Entry entry4 : linkedHashMap.entrySet()) {
                        for (Certificate certificate2 : trustedCertificates) {
                            if (((List) entry4.getKey()).contains(certificate2)) {
                                hashSet3.addAll((Collection) entry4.getValue());
                            }
                        }
                    }
                }
                hashSet.addAll(trustInfo.getTrustedPGPKeys());
                Stream stream3 = hashSet.stream();
                linkedHashMap2.getClass();
                hashSet3.addAll((Set) stream3.map((v1) -> {
                    return r1.get(v1);
                }).filter((v0) -> {
                    return Objects.nonNull(v0);
                }).flatMap((v0) -> {
                    return v0.stream();
                }).collect(Collectors.toSet()));
                linkedHashMap.values().forEach(set3 -> {
                    set3.removeAll(hashSet3);
                });
                linkedHashMap2.values().forEach(set4 -> {
                    set4.removeAll(hashSet3);
                });
                linkedHashMap.values().removeIf((v0) -> {
                    return v0.isEmpty();
                });
                linkedHashMap2.values().removeIf((v0) -> {
                    return v0.isEmpty();
                });
                String str = (linkedHashSet.isEmpty() || trustInfo.trustUnsignedContent()) ? (linkedHashMap.isEmpty() || linkedHashMap2.isEmpty()) ? !linkedHashMap.isEmpty() ? Messages.CertificateChecker_CertificateRejected : !linkedHashMap2.isEmpty() ? Messages.CertificateChecker_PGPKeyRejected : null : Messages.CertificateChecker_CertificateOrPGPKeyRejected : Messages.CertificateChecker_UnsignedRejected;
                if (str != null) {
                    HashSet hashSet4 = new HashSet();
                    hashSet4.addAll(linkedHashSet);
                    Stream stream4 = linkedHashMap.values().stream();
                    hashSet4.getClass();
                    stream4.forEach((v1) -> {
                        r1.addAll(v1);
                    });
                    Stream stream5 = linkedHashMap2.values().stream();
                    hashSet4.getClass();
                    stream5.forEach((v1) -> {
                        r1.addAll(v1);
                    });
                    Iterator it5 = hashSet2.iterator();
                    while (it5.hasNext()) {
                        ((SimpleArtifactRepository) it5.next()).removeDescriptors((IArtifactKey[]) hashSet4.toArray(i -> {
                            return new IArtifactKey[i];
                        }), true, (IProgressMonitor) null);
                    }
                    return new Status(8, EngineActivator.ID, str);
                }
            }
            if (trustInfo.persistTrust()) {
                ArrayList arrayList = new ArrayList();
                LinkedHashSet linkedHashSet2 = new LinkedHashSet();
                if (trustInfo.getTrustedCertificates() != null) {
                    linkedHashSet2.addAll(Arrays.asList(trustInfo.getTrustedCertificates()));
                }
                if (!linkedHashSet2.isEmpty()) {
                    IStatus persistTrustedCertificatesInTrustEngine = persistTrustedCertificatesInTrustEngine(linkedHashSet2);
                    if (persistTrustedCertificatesInTrustEngine != null && !persistTrustedCertificatesInTrustEngine.isOK()) {
                        arrayList.add(persistTrustedCertificatesInTrustEngine);
                    }
                    if (!linkedHashSet2.isEmpty()) {
                        linkedHashSet2.addAll(getPreferenceTrustedCertificates());
                        IStatus persistTrustedCertificates = persistTrustedCertificates(linkedHashSet2);
                        if (persistTrustedCertificates != null && !persistTrustedCertificates.isOK()) {
                            arrayList.add(persistTrustedCertificates);
                        }
                    }
                }
                if (!trustInfo.getTrustedPGPKeys().isEmpty()) {
                    PGPPublicKeyStore preferenceTrustedKeys = getPreferenceTrustedKeys();
                    Collection trustedPGPKeys = trustInfo.getTrustedPGPKeys();
                    preferenceTrustedKeys.getClass();
                    trustedPGPKeys.forEach(preferenceTrustedKeys::addKey);
                    IStatus persistTrustedKeys = persistTrustedKeys(preferenceTrustedKeys);
                    if (persistTrustedKeys != null && !persistTrustedKeys.isOK()) {
                        arrayList.add(persistTrustedKeys);
                    }
                }
                if (!arrayList.isEmpty()) {
                    return arrayList.size() == 1 ? (IStatus) arrayList.get(1) : new MultiStatus(getClass(), 0, (IStatus[]) arrayList.toArray(i2 -> {
                        return new IStatus[i2];
                    }), (String) arrayList.stream().map((v0) -> {
                        return v0.getMessage();
                    }).collect(Collectors.joining("\n")), (Throwable) null);
                }
            }
            return Status.OK_STATUS;
        }
        return Status.OK_STATUS;
    }

    /* JADX WARN: Code restructure failed: missing block: B:20:0x005f, code lost:
    
        r0.addTrustAnchor(r0, r0.toString());
        r0.remove();
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private org.eclipse.core.runtime.IStatus persistTrustedCertificatesInTrustEngine(java.util.Collection<? extends java.security.cert.Certificate> r8) {
        /*
            r7 = this;
            org.osgi.util.tracker.ServiceTracker r0 = new org.osgi.util.tracker.ServiceTracker
            r1 = r0
            org.osgi.framework.BundleContext r2 = org.eclipse.equinox.internal.p2.engine.EngineActivator.getContext()
            java.lang.Class<org.eclipse.osgi.service.security.TrustEngine> r3 = org.eclipse.osgi.service.security.TrustEngine.class
            r4 = 0
            r1.<init>(r2, r3, r4)
            r9 = r0
            r0 = r9
            r0.open()
            r0 = r9
            java.lang.Object[] r0 = r0.getServices()
            r10 = r0
            r0 = r10
            if (r0 != 0) goto L22
            r0 = r9
            r0.close()
            r0 = 0
            return r0
        L22:
            r0 = r8
            java.util.Iterator r0 = r0.iterator()     // Catch: java.lang.Throwable -> Lc3
            r11 = r0
            goto Lb6
        L2d:
            r0 = r11
            java.lang.Object r0 = r0.next()     // Catch: java.lang.Throwable -> Lc3
            java.security.cert.Certificate r0 = (java.security.cert.Certificate) r0     // Catch: java.lang.Throwable -> Lc3
            r12 = r0
            r0 = r10
            r1 = r0
            r16 = r1
            int r0 = r0.length     // Catch: java.lang.Throwable -> Lc3
            r15 = r0
            r0 = 0
            r14 = r0
            goto Laf
        L46:
            r0 = r16
            r1 = r14
            r0 = r0[r1]     // Catch: java.lang.Throwable -> Lc3
            r13 = r0
            r0 = r13
            org.eclipse.osgi.service.security.TrustEngine r0 = (org.eclipse.osgi.service.security.TrustEngine) r0     // Catch: java.lang.Throwable -> Lc3
            r17 = r0
            r0 = r17
            boolean r0 = r0.isReadOnly()     // Catch: java.lang.Throwable -> Lc3
            if (r0 == 0) goto L5f
            goto Lac
        L5f:
            r0 = r17
            r1 = r12
            r2 = r12
            java.lang.String r2 = r2.toString()     // Catch: java.io.IOException -> L76 java.security.GeneralSecurityException -> L91 java.lang.Throwable -> Lc3
            java.lang.String r0 = r0.addTrustAnchor(r1, r2)     // Catch: java.io.IOException -> L76 java.security.GeneralSecurityException -> L91 java.lang.Throwable -> Lc3
            r0 = r11
            r0.remove()     // Catch: java.io.IOException -> L76 java.security.GeneralSecurityException -> L91 java.lang.Throwable -> Lc3
            goto Lb6
        L76:
            r18 = move-exception
            org.eclipse.core.runtime.Status r0 = new org.eclipse.core.runtime.Status     // Catch: java.lang.Throwable -> Lc3
            r1 = r0
            r2 = 1
            java.lang.String r3 = "org.eclipse.equinox.p2.engine"
            java.lang.String r4 = org.eclipse.equinox.internal.p2.engine.Messages.CertificateChecker_KeystoreConnectionError     // Catch: java.lang.Throwable -> Lc3
            r5 = r18
            r1.<init>(r2, r3, r4, r5)     // Catch: java.lang.Throwable -> Lc3
            r20 = r0
            r0 = r9
            r0.close()
            r0 = r20
            return r0
        L91:
            r18 = move-exception
            org.eclipse.core.runtime.Status r0 = new org.eclipse.core.runtime.Status     // Catch: java.lang.Throwable -> Lc3
            r1 = r0
            r2 = 1
            java.lang.String r3 = "org.eclipse.equinox.p2.engine"
            java.lang.String r4 = org.eclipse.equinox.internal.p2.engine.Messages.CertificateChecker_CertificateError     // Catch: java.lang.Throwable -> Lc3
            r5 = r18
            r1.<init>(r2, r3, r4, r5)     // Catch: java.lang.Throwable -> Lc3
            r20 = r0
            r0 = r9
            r0.close()
            r0 = r20
            return r0
        Lac:
            int r14 = r14 + 1
        Laf:
            r0 = r14
            r1 = r15
            if (r0 < r1) goto L46
        Lb6:
            r0 = r11
            boolean r0 = r0.hasNext()     // Catch: java.lang.Throwable -> Lc3
            if (r0 != 0) goto L2d
            goto Lcc
        Lc3:
            r19 = move-exception
            r0 = r9
            r0.close()
            r0 = r19
            throw r0
        Lcc:
            r0 = r9
            r0.close()
            org.eclipse.core.runtime.IStatus r0 = org.eclipse.core.runtime.Status.OK_STATUS
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.eclipse.equinox.internal.p2.engine.phases.CertificateChecker.persistTrustedCertificatesInTrustEngine(java.util.Collection):org.eclipse.core.runtime.IStatus");
    }

    public IStatus persistTrustedCertificates(Collection<? extends Certificate> collection) {
        if (this.profile != null) {
            IEclipsePreferences node = new ProfileScope((IAgentLocation) this.agent.getService(IAgentLocation.class), this.profile.getProfileId()).getNode(EngineActivator.ID);
            try {
                node.putByteArray(TRUSTED_CERTIFICATES_PROPERTY, CertificateFactory.getInstance("X.509").generateCertPath(new ArrayList(collection)).getEncoded("PKCS7"));
                node.flush();
            } catch (BackingStoreException | CertificateException e) {
                return new Status(4, EngineActivator.ID, e.getMessage(), e);
            }
        }
        return Status.OK_STATUS;
    }

    public Set<? extends Certificate> getPreferenceTrustedCertificates() {
        if (this.profile != null) {
            try {
                byte[] byteArray = new ProfileScope((IAgentLocation) this.agent.getService(IAgentLocation.class), this.profile.getProfileId()).getNode(EngineActivator.ID).getByteArray(TRUSTED_CERTIFICATES_PROPERTY, (byte[]) null);
                if (byteArray != null) {
                    return new LinkedHashSet(CertificateFactory.getInstance("X.509").generateCertPath(new ByteArrayInputStream(byteArray), "PKCS7").getCertificates());
                }
            } catch (CertificateException e) {
                DebugHelper.debug(DEBUG_PREFIX, e.getMessage());
            }
        }
        return Set.of();
    }

    private String getUnsignedContentPolicy() {
        String property = EngineActivator.getProperty(EngineActivator.PROP_UNSIGNED_POLICY, this.agent);
        if (property == null) {
            property = EngineActivator.UNSIGNED_PROMPT;
        }
        return property;
    }

    public void setProfile(IProfile iProfile) {
        this.profile = iProfile;
    }

    public void add(Map<IArtifactDescriptor, File> map) {
        this.artifacts.putAll(map);
    }

    public Map<PGPPublicKey, Set<Bundle>> getContributedTrustedKeys() {
        String attribute;
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        for (IConfigurationElement iConfigurationElement : RegistryFactory.getRegistry().getConfigurationElementsFor(EngineActivator.ID, "pgp")) {
            if ("trustedKeys".equals(iConfigurationElement.getName()) && (attribute = iConfigurationElement.getAttribute("path")) != null) {
                String name = iConfigurationElement.getContributor().getName();
                Stream.of((Object[]) EngineActivator.getContext().getBundles()).filter(bundle -> {
                    return bundle.getSymbolicName().equals(name);
                }).findAny().ifPresent(bundle2 -> {
                    Throwable th = null;
                    try {
                        try {
                            InputStream openStream = bundle2.getEntry(attribute).openStream();
                            try {
                                Stream stream = PGPPublicKeyStore.readPublicKeys(openStream).stream();
                                PGPPublicKeyService pGPPublicKeyService = this.keyService;
                                pGPPublicKeyService.getClass();
                                stream.map(pGPPublicKeyService::addKey).forEach(pGPPublicKey -> {
                                    ((Set) linkedHashMap.computeIfAbsent(ByteBuffer.wrap(pGPPublicKey.getFingerprint()), byteBuffer -> {
                                        return new LinkedHashSet();
                                    })).add(bundle2);
                                });
                                if (openStream != null) {
                                    openStream.close();
                                }
                            } catch (Throwable th2) {
                                if (openStream != null) {
                                    openStream.close();
                                }
                                throw th2;
                            }
                        } catch (Throwable th3) {
                            if (0 == 0) {
                                th = th3;
                            } else if (null != th3) {
                                th.addSuppressed(th3);
                            }
                            throw th;
                        }
                    } catch (IOException e) {
                        DebugHelper.debug(DEBUG_PREFIX, e.getMessage());
                    }
                });
            }
        }
        return (Map) linkedHashMap.entrySet().stream().collect(Collectors.toMap(entry -> {
            return this.keyService.getKey(((ByteBuffer) entry.getKey()).array());
        }, (v0) -> {
            return v0.getValue();
        }));
    }

    public boolean isTrustAlways() {
        if (this.profile != null) {
            return new ProfileScope((IAgentLocation) this.agent.getService(IAgentLocation.class), this.profile.getProfileId()).getNode(EngineActivator.ID).getBoolean(TRUST_ALWAYS_PROPERTY, false);
        }
        return false;
    }

    public IStatus setTrustAlways(boolean z) {
        if (this.profile != null) {
            IEclipsePreferences node = new ProfileScope((IAgentLocation) this.agent.getService(IAgentLocation.class), this.profile.getProfileId()).getNode(EngineActivator.ID);
            try {
                node.putBoolean(TRUST_ALWAYS_PROPERTY, z);
                node.flush();
            } catch (BackingStoreException e) {
                return new Status(4, EngineActivator.ID, e.getMessage(), e);
            }
        }
        return Status.OK_STATUS;
    }

    public PGPPublicKeyStore getPreferenceTrustedKeys() {
        PGPPublicKeyStore pGPPublicKeyStore = new PGPPublicKeyStore();
        if (this.profile != null) {
            Stream stream = PGPPublicKeyStore.readPublicKeys(new ProfileScope((IAgentLocation) this.agent.getService(IAgentLocation.class), this.profile.getProfileId()).getNode(EngineActivator.ID).get(TRUSTED_KEY_STORE_PROPERTY, (String) null)).stream();
            PGPPublicKeyService pGPPublicKeyService = this.keyService;
            pGPPublicKeyService.getClass();
            Stream map = stream.map(pGPPublicKeyService::addKey);
            pGPPublicKeyStore.getClass();
            map.forEach(pGPPublicKeyStore::addKey);
        }
        return pGPPublicKeyStore;
    }

    public IStatus persistTrustedKeys(PGPPublicKeyStore pGPPublicKeyStore) {
        if (this.profile != null) {
            IEclipsePreferences node = new ProfileScope((IAgentLocation) this.agent.getService(IAgentLocation.class), this.profile.getProfileId()).getNode(EngineActivator.ID);
            try {
                node.put(TRUSTED_KEY_STORE_PROPERTY, pGPPublicKeyStore.toArmoredString());
                node.flush();
            } catch (IOException | BackingStoreException e) {
                return new Status(4, EngineActivator.ID, e.getMessage(), e);
            }
        }
        return Status.OK_STATUS;
    }
}
