package net.corda.install.internal.verification;

import java.security.PublicKey;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import kotlin.Metadata;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.internal.Intrinsics;
import net.corda.crypto.CryptoLibraryFactory;
import net.corda.crypto.CryptoUtilsInternalKt;
import net.corda.install.CpkVerificationException;
import net.corda.install.internal.InstallConstants;
import net.corda.packaging.Cpk;
import net.corda.v5.crypto.DigestService;
import net.corda.v5.crypto.DigestServiceUtils;
import org.jetbrains.annotations.NotNull;
import org.osgi.service.cm.Configuration;
import org.osgi.service.cm.ConfigurationAdmin;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;

/* compiled from: Verifiers.kt */
@Metadata(mv = {1, 4, 1}, bv = {1, 0, 3}, k = 1, d1 = {"��.\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\u0002\n��\n\u0002\u0010\u001c\n\u0002\u0018\u0002\n��\b\u0001\u0018��2\u00020\u0001B\u001b\b\u0007\u0012\b\b\u0001\u0010\u0002\u001a\u00020\u0003\u0012\b\b\u0001\u0010\u0004\u001a\u00020\u0005¢\u0006\u0002\u0010\u0006J\u0016\u0010\t\u001a\u00020\n2\f\u0010\u000b\u001a\b\u0012\u0004\u0012\u00020\r0\fH\u0016R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0007\u001a\u00020\bX\u0082\u0004¢\u0006\u0002\n��¨\u0006\u000e"}, d2 = {"Lnet/corda/install/internal/verification/CordappSignatureVerifier;", "Lnet/corda/install/internal/verification/StandaloneCpkVerifier;", "configAdmin", "Lorg/osgi/service/cm/ConfigurationAdmin;", "cryptoLibraryFactory", "Lnet/corda/crypto/CryptoLibraryFactory;", "(Lorg/osgi/service/cm/ConfigurationAdmin;Lnet/corda/crypto/CryptoLibraryFactory;)V", "hashingService", "Lnet/corda/v5/crypto/DigestService;", "verify", "", InstallConstants.CPK_DIRECTORY, "", "Lnet/corda/packaging/Cpk;", "install"})
@Component
/* loaded from: input_file:net/corda/install/internal/verification/CordappSignatureVerifier.class */
public final class CordappSignatureVerifier implements StandaloneCpkVerifier {
    private final DigestService hashingService;
    private final ConfigurationAdmin configAdmin;
    private final CryptoLibraryFactory cryptoLibraryFactory;

    @Override // net.corda.install.internal.verification.CpkVerifier
    public void verify(@NotNull Iterable<? extends Cpk> iterable) {
        Intrinsics.checkNotNullParameter(iterable, InstallConstants.CPK_DIRECTORY);
        Configuration configuration = this.configAdmin.getConfiguration(ConfigurationAdmin.class.getName(), (String) null);
        Intrinsics.checkNotNullExpressionValue(configuration, "conf");
        Object obj = configuration.getProperties().get(InstallConstants.CONFIG_ADMIN_BLACKLISTED_KEYS);
        if (!(obj instanceof List)) {
            obj = null;
        }
        List list = (List) obj;
        if (list == null) {
            throw new CpkVerificationException("Parameter blacklistedKeys needs to be set to perform signature verification check.", null, 2, null);
        }
        List<String> list2 = list;
        ArrayList arrayList = new ArrayList(CollectionsKt.collectionSizeOrDefault(list2, 10));
        for (String str : list2) {
            try {
                arrayList.add(DigestServiceUtils.create(this.hashingService, str));
            } catch (IllegalArgumentException e) {
                throw new CpkVerificationException("Error while adding key fingerprint " + str + " to blacklistedAttachmentSigningKeys", null, 2, null);
            }
        }
        ArrayList arrayList2 = arrayList;
        if (arrayList2.isEmpty()) {
            return;
        }
        for (Cpk cpk : iterable) {
            Set cordappCertificates = cpk.getCordappCertificates();
            if (cordappCertificates.isEmpty()) {
                return;
            }
            Set set = cordappCertificates;
            ArrayList arrayList3 = new ArrayList();
            for (Object obj2 : set) {
                PublicKey publicKey = ((Certificate) obj2).getPublicKey();
                Intrinsics.checkNotNullExpressionValue(publicKey, "certificate.publicKey");
                if (!arrayList2.contains(CryptoUtilsInternalKt.sha256(CryptoUtilsInternalKt.sha256Bytes(publicKey)))) {
                    arrayList3.add(obj2);
                }
            }
            if (arrayList3.isEmpty()) {
                throw new CpkVerificationException("CPK " + cpk.getId() + " is only signed by blacklisted keys (probably the development key).", null, 2, null);
            }
        }
    }

    @Activate
    public CordappSignatureVerifier(@Reference @NotNull ConfigurationAdmin configurationAdmin, @Reference @NotNull CryptoLibraryFactory cryptoLibraryFactory) {
        Intrinsics.checkNotNullParameter(configurationAdmin, "configAdmin");
        Intrinsics.checkNotNullParameter(cryptoLibraryFactory, "cryptoLibraryFactory");
        this.configAdmin = configurationAdmin;
        this.cryptoLibraryFactory = cryptoLibraryFactory;
        this.hashingService = this.cryptoLibraryFactory.createDigestService();
    }
}
