package org.mule.module.pgp.filters;

import org.mule.api.EncryptionStrategy;
import org.mule.api.MuleEvent;
import org.mule.api.MuleMessage;
import org.mule.api.lifecycle.InitialisationException;
import org.mule.api.security.Authentication;
import org.mule.api.security.SecurityContext;
import org.mule.api.security.UnauthorisedException;
import org.mule.api.security.UnknownAuthenticationTypeException;
import org.mule.config.i18n.CoreMessages;
import org.mule.module.pgp.LiteralMessage;
import org.mule.module.pgp.Message;
import org.mule.module.pgp.MessageFactory;
import org.mule.module.pgp.PGPAuthentication;
import org.mule.module.pgp.PGPCryptInfo;
import org.mule.module.pgp.PGPKeyRing;
import org.mule.module.pgp.SignedMessage;
import org.mule.module.pgp.i18n.PGPMessages;
import org.mule.security.AbstractAuthenticationFilter;

/* loaded from: input_file:org/mule/module/pgp/filters/PGPSecurityFilter.class */
public class PGPSecurityFilter extends AbstractAuthenticationFilter {
    private EncryptionStrategy strategy;
    private String strategyName;
    private boolean signRequired;
    private PGPKeyRing keyManager;

    protected void authenticateInbound(MuleEvent muleEvent) throws SecurityException, UnauthorisedException, UnknownAuthenticationTypeException {
        MuleMessage message = muleEvent.getMessage();
        String str = (String) getCredentialsAccessor().getCredentials(muleEvent);
        try {
            try {
                try {
                    Authentication authenticate = getSecurityManager().authenticate(new PGPAuthentication(str, decodeMsgRaw(this.strategy.decrypt(message.getPayloadAsBytes(), (Object) null))));
                    if (this.logger.isDebugEnabled()) {
                        this.logger.debug("Authentication success: " + authenticate.toString());
                    }
                    SecurityContext createSecurityContext = getSecurityManager().createSecurityContext(authenticate);
                    muleEvent.getSession().setSecurityContext(createSecurityContext);
                    try {
                        updatePayload(message, getUnencryptedMessageWithoutSignature((PGPAuthentication) authenticate), muleEvent);
                    } catch (Exception e) {
                        throw new UnauthorisedException(muleEvent, createSecurityContext, this);
                    }
                } catch (Exception e2) {
                    if (this.logger.isDebugEnabled()) {
                        this.logger.debug("Authentication request for user: " + str + " failed: " + e2.toString());
                    }
                    throw new UnauthorisedException(CoreMessages.authFailedForUser(str), muleEvent, e2);
                }
            } catch (Exception e3) {
                throw new UnauthorisedException(CoreMessages.failedToReadPayload(), muleEvent, e3);
            }
        } catch (Exception e4) {
            throw new UnauthorisedException(CoreMessages.failedToReadPayload(), muleEvent, e4);
        }
    }

    private Message decodeMsgRaw(byte[] bArr) throws Exception {
        return MessageFactory.getMessage(bArr);
    }

    private String getUnencryptedMessageWithoutSignature(PGPAuthentication pGPAuthentication) throws Exception {
        Message message = (Message) pGPAuthentication.getCredentials();
        if (message instanceof SignedMessage) {
            message = ((SignedMessage) message).getContents();
        }
        if (message instanceof LiteralMessage) {
            return ((LiteralMessage) message).getTextData();
        }
        throw new Exception("Wrong data");
    }

    protected void authenticateOutbound(MuleEvent muleEvent) throws SecurityException, UnauthorisedException {
        this.logger.debug("authenticateOutbound:" + muleEvent.getId());
        if (isAuthenticate()) {
            try {
                updatePayload(muleEvent.getMessage(), this.strategy.encrypt(muleEvent.getMessage().getPayloadAsBytes(), new PGPCryptInfo(this.keyManager.getPublicKey((String) getCredentialsAccessor().getCredentials(muleEvent)), this.signRequired)), muleEvent);
            } catch (Exception e) {
                throw new UnauthorisedException(CoreMessages.failedToReadPayload(), muleEvent, e);
            }
        }
    }

    protected void doInitialise() throws InitialisationException {
        if (this.strategyName != null) {
            this.strategy = this.muleContext.getSecurityManager().getEncryptionStrategy(this.strategyName);
        }
        if (this.strategy == null) {
            throw new InitialisationException(PGPMessages.encryptionStrategyNotSet(), this);
        }
    }

    public EncryptionStrategy getStrategy() {
        return this.strategy;
    }

    public void setStrategy(EncryptionStrategy encryptionStrategy) {
        this.strategy = encryptionStrategy;
    }

    public void setStrategyName(String str) {
        this.strategyName = str;
    }

    public boolean isSignRequired() {
        return this.signRequired;
    }

    public void setSignRequired(boolean z) {
        this.signRequired = z;
    }

    public PGPKeyRing getKeyManager() {
        return this.keyManager;
    }

    public void setKeyManager(PGPKeyRing pGPKeyRing) {
        this.keyManager = pGPKeyRing;
    }
}
