package org.apache.clerezza.platform.security;

import java.security.AccessController;
import java.security.AllPermission;
import java.security.PrivilegedAction;
import java.util.Collection;
import java.util.Enumeration;
import java.util.HashSet;
import org.apache.clerezza.platform.security.conditions.NotBundleLocationCondition;
import org.apache.clerezza.rdf.core.MGraph;
import org.osgi.framework.BundleEvent;
import org.osgi.framework.BundleListener;
import org.osgi.framework.PackagePermission;
import org.osgi.service.component.ComponentContext;
import org.osgi.service.condpermadmin.BundleLocationCondition;
import org.osgi.service.condpermadmin.ConditionInfo;
import org.osgi.service.condpermadmin.ConditionalPermissionAdmin;
import org.osgi.service.condpermadmin.ConditionalPermissionInfo;
import org.osgi.service.permissionadmin.PermissionInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:bundles/startlevel-2/org/apache/clerezza/platform.security/0.8-incubating/platform.security-0.8-incubating.jar:org/apache/clerezza/platform/security/BundlePermissionManager.class */
public class BundlePermissionManager implements BundleListener {
    final Logger logger = LoggerFactory.getLogger(BundlePermissionManager.class);
    private ConditionalPermissionAdmin cpa;
    private static final String ALL_EXCEPT_USER_BUNDLES_CPINAME = "allExceptUserBundles";
    private static final String PACKAGE_EXPORT_CPINAME = "package export";
    private static final Collection<String> NON_USER_CPI_NAMES = new HashSet();
    private MGraph systemGraph;
    private PermissionDefinitions permissionDefinitions;

    protected void activate(ComponentContext componentContext) throws Exception {
        this.logger.debug("Activating PermissionManager");
        AccessController.doPrivileged(new PrivilegedAction() { // from class: org.apache.clerezza.platform.security.BundlePermissionManager.1
            @Override // java.security.PrivilegedAction
            public Object run() {
                BundlePermissionManager.this.cpa.setConditionalPermissionInfo(BundlePermissionManager.ALL_EXCEPT_USER_BUNDLES_CPINAME, new ConditionInfo[]{new ConditionInfo(NotBundleLocationCondition.class.getName(), new String[]{"userbundle:*"})}, new PermissionInfo[]{new PermissionInfo(AllPermission.class.getName(), "", "")});
                return null;
            }
        });
        assignAllBundlePermissions();
        componentContext.getBundleContext().addBundleListener(this);
        this.logger.debug("Permissions assigned");
        this.permissionDefinitions = new PermissionDefinitions(this.systemGraph);
        deleteUserBundlePermissions();
        for (int i = 0; i < componentContext.getBundleContext().getBundles().length; i++) {
            String location = componentContext.getBundleContext().getBundles()[i].getLocation();
            if (location.startsWith("userbundle:")) {
                updateFromSystemGraph(location);
            }
        }
    }

    protected void deactivate(ComponentContext componentContext) throws Exception {
        this.logger.debug("Permission manager being deactivated");
        componentContext.getBundleContext().removeBundleListener(this);
    }

    private void assignAllBundlePermissions() {
        this.logger.debug("Give PackagePermission to all bundles");
        this.cpa.setConditionalPermissionInfo(PACKAGE_EXPORT_CPINAME, new ConditionInfo[]{null}, new PermissionInfo[]{new PermissionInfo(PackagePermission.class.getName(), "*", PackagePermission.EXPORT)});
    }

    private void updateFromSystemGraph(String str) {
        this.logger.debug("Updating from system graph");
        this.logger.debug("location: {}, cpa: {}", str, this.cpa);
        this.cpa.setConditionalPermissionInfo(str, new ConditionInfo[]{new ConditionInfo(BundleLocationCondition.class.getName(), new String[]{str})}, this.permissionDefinitions.retrievePermissions(str));
    }

    private void deleteUserBundlePermissions() {
        Enumeration conditionalPermissionInfos = this.cpa.getConditionalPermissionInfos();
        while (conditionalPermissionInfos.hasMoreElements()) {
            ConditionalPermissionInfo conditionalPermissionInfo = (ConditionalPermissionInfo) conditionalPermissionInfos.nextElement();
            if (!NON_USER_CPI_NAMES.contains(conditionalPermissionInfo.getName())) {
                conditionalPermissionInfo.delete();
            }
        }
    }

    @Override // org.osgi.framework.BundleListener
    public void bundleChanged(BundleEvent bundleEvent) {
        this.logger.debug("Got bundle event {}", Integer.valueOf(bundleEvent.getType()));
        String location = bundleEvent.getBundle().getLocation();
        switch (bundleEvent.getType()) {
            case 1:
                this.logger.debug("Bundle INSTALLED: {}", location);
                if (location.startsWith("userbundle:")) {
                    updateFromSystemGraph(location);
                    return;
                }
                return;
            case 16:
                this.logger.debug("Bundle UNINSTALLED: {}", location);
                this.cpa.getConditionalPermissionInfo(location).delete();
                return;
            default:
                return;
        }
    }

    static {
        NON_USER_CPI_NAMES.add(ALL_EXCEPT_USER_BUNDLES_CPINAME);
        NON_USER_CPI_NAMES.add(PACKAGE_EXPORT_CPINAME);
    }

    protected void bindCpa(ConditionalPermissionAdmin conditionalPermissionAdmin) {
        this.cpa = conditionalPermissionAdmin;
    }

    protected void unbindCpa(ConditionalPermissionAdmin conditionalPermissionAdmin) {
        if (this.cpa == conditionalPermissionAdmin) {
            this.cpa = null;
        }
    }

    protected void bindSystemGraph(MGraph mGraph) {
        this.systemGraph = mGraph;
    }

    protected void unbindSystemGraph(MGraph mGraph) {
        if (this.systemGraph == mGraph) {
            this.systemGraph = null;
        }
    }
}
