package org.eclipse.equinox.internal.p2.engine.phases;

import java.net.URI;
import java.net.URISyntaxException;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.security.cert.Certificate;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.TreeMap;
import java.util.TreeSet;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.ExecutionException;
import java.util.function.Function;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import javax.net.ssl.SSLPeerUnverifiedException;
import org.eclipse.core.runtime.IProgressMonitor;
import org.eclipse.core.runtime.IStatus;
import org.eclipse.core.runtime.Status;
import org.eclipse.core.runtime.preferences.IEclipsePreferences;
import org.eclipse.equinox.internal.p2.core.helpers.LogHelper;
import org.eclipse.equinox.internal.p2.engine.EngineActivator;
import org.eclipse.equinox.internal.p2.engine.Messages;
import org.eclipse.equinox.p2.core.IAgentLocation;
import org.eclipse.equinox.p2.core.IProvisioningAgent;
import org.eclipse.equinox.p2.core.UIServices;
import org.eclipse.equinox.p2.engine.IProfile;
import org.eclipse.equinox.p2.engine.ProfileScope;
import org.eclipse.equinox.p2.engine.ProvisioningContext;
import org.eclipse.equinox.p2.metadata.IArtifactKey;
import org.eclipse.equinox.p2.metadata.IInstallableUnit;
import org.eclipse.equinox.p2.repository.metadata.spi.IInstallableUnitUIServices;
import org.osgi.service.prefs.BackingStoreException;

/* loaded from: input_file:org/eclipse/equinox/internal/p2/engine/phases/AuthorityChecker.class */
public class AuthorityChecker {
    public static final String TRUST_ALL_AUTHORITIES = "trustAllAuthorities";
    public static final String TRUSTED_AUTHORITIES_PROPERTY = "trustedAuthorities";
    private static final Pattern ARCHIVE_URI_PATTERN = Pattern.compile("(?i)(jar|zip|archive):(.*)?/(.*)");
    private static final Pattern HIERARCHICAL_URI_PATTERN = Pattern.compile("((?:[^/:]+):(?://[^/]+|///|/)?)([^?#]*)([#?].*)?");
    private final int requestTimeoutMillis;
    private final int maxRequestRetries;
    private final IProvisioningAgent agent;
    private final ProvisioningContext context;
    private final IProfile profile;
    private final Collection<? extends IInstallableUnit> ius;
    private final Collection<? extends IArtifactKey> artifacts;

    public AuthorityChecker(IProvisioningAgent iProvisioningAgent, IProfile iProfile) {
        this(iProvisioningAgent, null, List.of(), List.of(), iProfile);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthorityChecker(IProvisioningAgent iProvisioningAgent, ProvisioningContext provisioningContext, Collection<? extends IInstallableUnit> collection, Collection<? extends IArtifactKey> collection2, IProfile iProfile) {
        this.agent = iProvisioningAgent;
        this.context = provisioningContext;
        this.ius = collection;
        this.artifacts = collection2;
        this.profile = iProfile;
        this.requestTimeoutMillis = iProvisioningAgent.getIntProperty("org.eclipse.equinox.p2.engine.certificateRequestTimeout", 5000);
        this.maxRequestRetries = iProvisioningAgent.getIntProperty("org.eclipse.equinox.p2.engine.certificateRequestRetries", 3);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public IStatus start(IProgressMonitor iProgressMonitor) {
        if (isTrustAlways()) {
            return Status.OK_STATUS;
        }
        IInstallableUnitUIServices iInstallableUnitUIServices = (UIServices) this.agent.getService(UIServices.class);
        if (iInstallableUnitUIServices instanceof IInstallableUnitUIServices) {
            IInstallableUnitUIServices iInstallableUnitUIServices2 = iInstallableUnitUIServices;
            Map<URI, Set<IInstallableUnit>> installableUnitSources = this.context.getInstallableUnitSources(this.ius, iProgressMonitor);
            Map<URI, Set<IArtifactKey>> artifactSources = this.context.getArtifactSources(this.artifacts, iProgressMonitor);
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            installableUnitSources.values().stream().flatMap((v0) -> {
                return v0.stream();
            }).forEach(iInstallableUnit -> {
                Iterator it = iInstallableUnit.getArtifacts().iterator();
                while (it.hasNext()) {
                    ((Set) linkedHashMap.computeIfAbsent((IArtifactKey) it.next(), iArtifactKey -> {
                        return new HashSet();
                    })).add(iInstallableUnit);
                }
            });
            for (Map.Entry<URI, Set<IArtifactKey>> entry : artifactSources.entrySet()) {
                URI key = entry.getKey();
                Iterator<IArtifactKey> it = entry.getValue().iterator();
                while (it.hasNext()) {
                    Set set = (Set) linkedHashMap.get(it.next());
                    if (set != null) {
                        installableUnitSources.computeIfAbsent(key, uri -> {
                            return new TreeSet();
                        }).addAll(set);
                    }
                }
            }
            Set<URI> preferenceTrustedAuthorities = getPreferenceTrustedAuthorities();
            TreeSet treeSet = new TreeSet(preferenceTrustedAuthorities);
            installableUnitSources.keySet().removeIf(uri2 -> {
                for (URI uri2 : getAuthorityChain(uri2)) {
                    if ("file".equalsIgnoreCase(uri2.getScheme()) || treeSet.contains(uri2)) {
                        return true;
                    }
                }
                return false;
            });
            IInstallableUnitUIServices.TrustAuthorityInfo trustAuthorityInfo = iInstallableUnitUIServices2.getTrustAuthorityInfo(installableUnitSources, getCertificates(installableUnitSources.keySet(), iProgressMonitor));
            setTrustAlways(trustAuthorityInfo.isTrustAlways());
            if (!isTrustAlways()) {
                if (trustAuthorityInfo.isSave()) {
                    preferenceTrustedAuthorities.addAll(trustAuthorityInfo.getTrustedAuthorities());
                    persistTrustedAuthorities(preferenceTrustedAuthorities);
                }
                Collection trustedAuthorities = trustAuthorityInfo.getTrustedAuthorities();
                installableUnitSources.keySet().removeIf(uri3 -> {
                    Iterator<URI> it2 = getAuthorityChain(uri3).iterator();
                    while (it2.hasNext()) {
                        if (trustedAuthorities.contains(it2.next())) {
                            return true;
                        }
                    }
                    return false;
                });
                if (!installableUnitSources.isEmpty()) {
                    return new Status(8, EngineActivator.ID, Messages.AuthorityChecker_UntrustedAuthorities);
                }
            }
        }
        return Status.OK_STATUS;
    }

    public boolean isTrustAlways() {
        IEclipsePreferences enngineProfilePreferences = getEnngineProfilePreferences();
        if (enngineProfilePreferences != null) {
            return enngineProfilePreferences.getBoolean(TRUST_ALL_AUTHORITIES, false);
        }
        return false;
    }

    public IStatus setTrustAlways(boolean z) {
        IEclipsePreferences enngineProfilePreferences = getEnngineProfilePreferences();
        if (enngineProfilePreferences != null) {
            try {
                enngineProfilePreferences.putBoolean(TRUST_ALL_AUTHORITIES, z);
                enngineProfilePreferences.flush();
            } catch (BackingStoreException e) {
                return new Status(4, EngineActivator.ID, e.getMessage(), e);
            }
        }
        return Status.OK_STATUS;
    }

    public Set<URI> getPreferenceTrustedAuthorities() {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        IEclipsePreferences enngineProfilePreferences = getEnngineProfilePreferences();
        if (enngineProfilePreferences != null) {
            String property = EngineActivator.getProperty("p2.trustedAuthorities", this.agent);
            for (String str : enngineProfilePreferences.get(TRUSTED_AUTHORITIES_PROPERTY, property == null ? "https://download.eclipse.org https://archive.eclipse.org" : property.replace(',', ' ')).split("\\s+")) {
                try {
                    if (!str.isBlank()) {
                        linkedHashSet.add(new URI(str));
                    }
                } catch (URISyntaxException e) {
                }
            }
        }
        return linkedHashSet;
    }

    public IStatus persistTrustedAuthorities(Collection<? extends URI> collection) {
        IEclipsePreferences enngineProfilePreferences = getEnngineProfilePreferences();
        if (enngineProfilePreferences != null) {
            try {
                enngineProfilePreferences.put(TRUSTED_AUTHORITIES_PROPERTY, String.join(" ", (Iterable<? extends CharSequence>) getFilteredAuthorities(collection).stream().map((v0) -> {
                    return v0.toString();
                }).collect(Collectors.toList())));
                enngineProfilePreferences.flush();
            } catch (BackingStoreException e) {
                return new Status(4, EngineActivator.ID, e.getMessage(), e);
            }
        }
        return Status.OK_STATUS;
    }

    public IEclipsePreferences getEnngineProfilePreferences() {
        if (this.profile != null) {
            return new ProfileScope((IAgentLocation) this.agent.getService(IAgentLocation.class), this.profile.getProfileId()).getNode(EngineActivator.ID);
        }
        return null;
    }

    public static List<URI> getFilteredAuthorities(Collection<? extends URI> collection) {
        ArrayList arrayList = new ArrayList(collection);
        arrayList.removeIf(uri -> {
            for (URI uri : getAuthorityChain(uri)) {
                if (!uri.equals(uri) && collection.contains(uri)) {
                    return true;
                }
            }
            return false;
        });
        return arrayList;
    }

    public Map<URI, List<Certificate>> getCertificates(Collection<? extends URI> collection, IProgressMonitor iProgressMonitor) {
        TreeMap treeMap = new TreeMap();
        TreeMap treeMap2 = new TreeMap();
        for (URI uri : collection) {
            treeMap.put(uri, (List) treeMap2.computeIfAbsent(getAuthorityChain(uri).get(0), uri2 -> {
                return new ArrayList();
            }));
        }
        gatherCertificates(treeMap2, iProgressMonitor);
        return treeMap;
    }

    public void gatherCertificates(Map<URI, List<Certificate>> map, IProgressMonitor iProgressMonitor) {
        HttpClient build = HttpClient.newBuilder().build();
        Map map2 = (Map) map.keySet().stream().collect(Collectors.toMap(Function.identity(), uri -> {
            try {
                return Optional.of(sendHttpRequestOrRetry(build, HttpRequest.newBuilder().uri(uri).timeout(Duration.ofMillis(this.requestTimeoutMillis)).method("HEAD", HttpRequest.BodyPublishers.noBody()).build(), this.maxRequestRetries));
            } catch (RuntimeException e) {
                return Optional.ofNullable(null);
            }
        }));
        for (Map.Entry<URI, List<Certificate>> entry : map.entrySet()) {
            if (iProgressMonitor.isCanceled()) {
                return;
            } else {
                ((Optional) map2.get(entry.getKey())).ifPresent(completableFuture -> {
                    try {
                        ((HttpResponse) completableFuture.get()).sslSession().ifPresent(sSLSession -> {
                            try {
                                ((List) entry.getValue()).addAll(Arrays.asList(sSLSession.getPeerCertificates()));
                            } catch (SSLPeerUnverifiedException e) {
                                LogHelper.log(new Status(2, EngineActivator.ID, Messages.AuthorityChecker_GatherCertificatesFailure, e));
                            }
                        });
                    } catch (InterruptedException e) {
                        Thread.currentThread().interrupt();
                    } catch (RuntimeException | ExecutionException e2) {
                        LogHelper.log(new Status(2, EngineActivator.ID, Messages.AuthorityChecker_GatherCertificatesFailure, e2));
                    }
                });
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static CompletableFuture<HttpResponse<String>> sendHttpRequestOrRetry(HttpClient httpClient, HttpRequest httpRequest, int i) {
        CompletableFuture<HttpResponse<String>> sendAsync = httpClient.sendAsync(httpRequest, HttpResponse.BodyHandlers.ofString());
        if (i > 1) {
            sendAsync = sendAsync.exceptionallyComposeAsync(th -> {
                return sendHttpRequestOrRetry(httpClient, httpRequest, i - 1);
            });
        }
        return sendAsync;
    }

    public static List<URI> getAuthorityChain(URI uri) {
        ArrayList arrayList = new ArrayList();
        if (uri.isOpaque()) {
            Matcher matcher = ARCHIVE_URI_PATTERN.matcher(uri.toString());
            if (matcher.matches()) {
                arrayList.addAll(getAuthorityChain(URI.create(matcher.group(2))));
            }
        } else if (uri.getScheme() != null) {
            try {
                Matcher matcher2 = HIERARCHICAL_URI_PATTERN.matcher(uri.toString());
                if (matcher2.matches()) {
                    String group = matcher2.group(1);
                    String group2 = matcher2.group(2);
                    String group3 = matcher2.group(3);
                    if ((group2 != null && !group2.isEmpty()) || group3 != null) {
                        arrayList.add(new URI(group));
                        int length = group2.length();
                        int indexOf = group2.indexOf(47, 1);
                        while (indexOf != -1) {
                            if (indexOf != 1) {
                                indexOf++;
                                if (indexOf == length) {
                                    break;
                                }
                            }
                            arrayList.add(new URI(group + group2.substring(0, indexOf)));
                            indexOf = group2.indexOf(47, indexOf + 1);
                        }
                        if (group3 != null) {
                            arrayList.add(new URI(group + group2));
                        }
                    }
                }
            } catch (URISyntaxException e) {
            }
        }
        arrayList.add(uri);
        return arrayList;
    }
}
