package org.mule.module.pgp;

import java.io.InputStream;
import java.security.Provider;
import java.security.Security;
import java.util.Calendar;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.mule.RequestContext;
import org.mule.api.lifecycle.InitialisationException;
import org.mule.api.security.CredentialsAccessor;
import org.mule.api.security.CryptoFailureException;
import org.mule.module.pgp.exception.MissingPGPKeyException;
import org.mule.module.pgp.i18n.PGPMessages;
import org.mule.module.pgp.util.ValidatorUtil;
import org.mule.security.AbstractNamedEncryptionStrategy;
import org.mule.util.SecurityUtils;

/* loaded from: input_file:org/mule/module/pgp/KeyBasedEncryptionStrategy.class */
public class KeyBasedEncryptionStrategy extends AbstractNamedEncryptionStrategy {
    protected static final Log logger = LogFactory.getLog(KeyBasedEncryptionStrategy.class);
    private PGPKeyRing keyManager;
    private CredentialsAccessor credentialsAccessor;
    private boolean checkKeyExpirity = false;
    private Provider provider;
    private int encryptionAlgorithmId;

    public void initialise() throws InitialisationException {
        if (!SecurityUtils.isFipsSecurityModel()) {
            Security.addProvider(new BouncyCastleProvider());
        }
        this.provider = SecurityUtils.getDefaultSecurityProvider();
        String property = System.getProperty("mule.pgp.encryption.algorithm", EncryptionAlgorithm.CAST5.toString());
        try {
            this.encryptionAlgorithmId = EncryptionAlgorithm.valueOf(property).getNumericId();
        } catch (IllegalArgumentException e) {
            throw new RuntimeException("Could not initialise encryption strategy: invalid algorithm " + property, e);
        }
    }

    public InputStream encrypt(InputStream inputStream, Object obj) throws CryptoFailureException {
        try {
            return new LazyTransformedInputStream(new TransformContinuouslyPolicy(), new EncryptStreamTransformer(inputStream, safeGetCryptInfo(obj).getPublicKey(), this.provider, this.encryptionAlgorithmId));
        } catch (Exception e) {
            throw new CryptoFailureException(this, e);
        }
    }

    public InputStream decrypt(InputStream inputStream, Object obj) throws CryptoFailureException {
        try {
            PGPPublicKey publicKey = safeGetCryptInfo(obj).getPublicKey();
            PGPSecretKey secretKey = this.keyManager.getSecretKey();
            String secretPassphrase = this.keyManager.getSecretPassphrase();
            if (secretPassphrase == null) {
                throw new CryptoFailureException(PGPMessages.noSecretPassPhrase(), this);
            }
            return new LazyTransformedInputStream(new TransformContinuouslyPolicy(), new DecryptStreamTransformer(inputStream, publicKey, secretKey, secretPassphrase, this.provider));
        } catch (Exception e) {
            throw new CryptoFailureException(this, e);
        }
    }

    private PGPCryptInfo safeGetCryptInfo(Object obj) throws MissingPGPKeyException {
        if (obj != null) {
            PGPCryptInfo pGPCryptInfo = (PGPCryptInfo) obj;
            checkKeyExpirity(pGPCryptInfo.getPublicKey());
            return pGPCryptInfo;
        }
        String str = (String) getCredentialsAccessor().getCredentials(RequestContext.getEvent());
        PGPPublicKey publicKey = this.keyManager.getPublicKey(str);
        ValidatorUtil.validateNotNull(publicKey, PGPMessages.noPublicKeyForPrincipal(str));
        checkKeyExpirity(publicKey);
        return new PGPCryptInfo(publicKey, false);
    }

    private void checkKeyExpirity(PGPPublicKey pGPPublicKey) {
        if (!isCheckKeyExpirity() || pGPPublicKey.getValidDays() == 0) {
            return;
        }
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(pGPPublicKey.getCreationTime());
        calendar.add(5, pGPPublicKey.getValidDays());
        if (!calendar.getTime().after(Calendar.getInstance().getTime())) {
            throw new InvalidPublicKeyException(PGPMessages.pgpPublicKeyExpired());
        }
    }

    public PGPKeyRing getKeyManager() {
        return this.keyManager;
    }

    public void setKeyManager(PGPKeyRing pGPKeyRing) {
        this.keyManager = pGPKeyRing;
    }

    public CredentialsAccessor getCredentialsAccessor() {
        return this.credentialsAccessor;
    }

    public void setCredentialsAccessor(CredentialsAccessor credentialsAccessor) {
        this.credentialsAccessor = credentialsAccessor;
    }

    public boolean isCheckKeyExpirity() {
        return this.checkKeyExpirity;
    }

    public void setCheckKeyExpirity(boolean z) {
        this.checkKeyExpirity = z;
    }
}
