package com.mulesoft.connector.as2.internal.utils;

import com.mulesoft.connector.as2.internal.enums.HashAlgorithm;
import com.mulesoft.connector.as2.internal.error.exception.AS2ExtensionException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/mulesoft/connector/as2/internal/utils/AS2FipsUtil.class */
public class AS2FipsUtil {
    private static final Logger LOGGER = LoggerFactory.getLogger(AS2FipsUtil.class);
    private static final String ENVELOPED_DATA = "enveloped-data";
    public static final String APPLICATION_PKCS7_MIME = "application/pkcs7-mime";
    private static final String BC_FIPS_PROVIDER = "BCFIPS";
    private static final String ALLOW_MULTI_USE = "org.bouncycastle.rsa.allow_multi_use";
    private static final String MULE_SECURITY_MODEL = "mule.security.model";
    private static final String FIPS1402_MODEL = "fips140-2";
    private static final String EXCEPTION_MSG = "Error trying to use the same private key both to decrypt the incoming message and to sign the mdn in fips mode.";
    private static final String SAME_ALIAS_WARN_MSG = "Using the same private key for both decrypting the incoming message and signing the mdn is a discouraged practice.";
    private static final String SAME_ALIAS_ERROR_MSG = "Using the same private key for both decrypting the incoming message and signing the mdn is not a fips-compliant practice.";

    public static void validateDifferentKeyCompliance(PrivateKey privateKey, PrivateKey privateKey2, Map<String, String> map) throws Exception {
        if (isFipsMode() && !allowMultiUse() && isEncyptedMessage(map.get(AS2HeaderConstants.CONTENT_TYPE)) && isMDNSigned(map.get(AS2HeaderConstants.DISPOSITION_NOTIFICATION_OPTIONS)) && privateKey.equals(privateKey2)) {
            throw new AS2ExtensionException(EXCEPTION_MSG);
        }
    }

    public static void checkAndLogDifferentKeyCompliance(PrivateKey privateKey, PrivateKey privateKey2) {
        if (privateKey.equals(privateKey2)) {
            if (!isFipsMode() || allowMultiUse()) {
                LOGGER.warn(SAME_ALIAS_WARN_MSG);
            } else {
                LOGGER.error(SAME_ALIAS_ERROR_MSG);
            }
        }
    }

    public static boolean isFipsMode() {
        return FIPS1402_MODEL.equals(System.getProperty(MULE_SECURITY_MODEL));
    }

    public static boolean allowMultiUse() {
        return Boolean.getBoolean(ALLOW_MULTI_USE);
    }

    public static Provider getFipsProvider() {
        return Security.getProvider(BC_FIPS_PROVIDER);
    }

    private static boolean isEncyptedMessage(String str) {
        if (str == null) {
            return false;
        }
        String findSMimeTypeFrom = AS2PatternMatchers.findSMimeTypeFrom(str);
        if (!str.toLowerCase().startsWith("application/pkcs7-mime") || findSMimeTypeFrom == null) {
            return false;
        }
        return findSMimeTypeFrom.equalsIgnoreCase(ENVELOPED_DATA);
    }

    private static boolean isMDNSigned(String str) {
        return AS2PatternMatchers.findMicAlgorithmFrom(str) != HashAlgorithm.UNSIGNED;
    }
}
