package org.mule.module.pgp;

import java.io.InputStream;
import java.security.Provider;
import java.security.Security;
import java.util.Calendar;
import java.util.Iterator;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
import org.mule.RequestContext;
import org.mule.api.lifecycle.InitialisationException;
import org.mule.api.security.CredentialsAccessor;
import org.mule.api.security.CryptoFailureException;
import org.mule.module.pgp.config.PGPOutputMode;
import org.mule.module.pgp.exception.MissingPGPKeyException;
import org.mule.module.pgp.i18n.PGPMessages;
import org.mule.module.pgp.util.BouncyCastleUtil;
import org.mule.module.pgp.util.ValidatorUtil;
import org.mule.security.AbstractNamedEncryptionStrategy;
import org.mule.util.SecurityUtils;

/* loaded from: input_file:org/mule/module/pgp/KeyBasedEncryptionStrategy.class */
public class KeyBasedEncryptionStrategy extends AbstractNamedEncryptionStrategy {
    protected static final Log logger = LogFactory.getLog(KeyBasedEncryptionStrategy.class);
    private static final String SIGNER_PRIVATE_KEY_NOT_FOUND_FOR_PRINCIPAL = "Signer private key not found for principal: ";
    private PGPKeyRing keyManager;
    private CredentialsAccessor credentialsAccessor;
    private boolean checkKeyExpirity = false;
    private Provider provider;
    private String encryptionAlgorithm;
    private int encryptionAlgorithmId;
    private PGPOutputMode pgpOutputMode;
    private String fileName;

    public void initialise() throws InitialisationException {
        if (!SecurityUtils.isFipsSecurityModel()) {
            Security.addProvider(new BouncyCastleProvider());
        }
        this.provider = SecurityUtils.getDefaultSecurityProvider();
        if (this.encryptionAlgorithm == null) {
            this.encryptionAlgorithm = EncryptionAlgorithm.AES_256.toString();
        }
        try {
            this.encryptionAlgorithmId = EncryptionAlgorithm.valueOf(this.encryptionAlgorithm).getNumericId();
        } catch (IllegalArgumentException e) {
            throw new RuntimeException("Could not initialise encryption strategy: invalid algorithm " + this.encryptionAlgorithm, e);
        }
    }

    public InputStream encrypt(InputStream inputStream, Object obj) throws CryptoFailureException {
        try {
            PGPCryptInfo safeGetCryptInfo = safeGetCryptInfo(obj);
            EncryptStreamTransformer encryptStreamTransformer = new EncryptStreamTransformer(safeGetCryptInfo.getPublicKey(), this.provider, this.encryptionAlgorithmId, this.pgpOutputMode, this.fileName);
            if (safeGetCryptInfo.isSignRequested()) {
                encryptStreamTransformer.signContentsWith(safeGetCryptInfo.getSignerPrivateKey(), safeGetCryptInfo.getSignerPrincipal());
            }
            return encryptStreamTransformer.process(inputStream);
        } catch (Exception e) {
            throw new CryptoFailureException(this, e);
        }
    }

    public InputStream decrypt(InputStream inputStream, Object obj) throws CryptoFailureException {
        try {
            PGPSecretKey configuredSecretKey = this.keyManager.getConfiguredSecretKey();
            String secretPassphrase = this.keyManager.getSecretPassphrase();
            PGPSecretKeyRingCollection secretKeys = this.keyManager.getSecretKeys();
            PGPPublicKeyRingCollection publicKeys = this.keyManager.getPublicKeys();
            if (secretPassphrase == null) {
                throw new CryptoFailureException(PGPMessages.noSecretPassPhrase(), this);
            }
            boolean z = false;
            if (obj != null && (obj instanceof PGPDecryptInfo)) {
                z = ((PGPDecryptInfo) obj).isVerifySignatureIfFound();
            }
            return new DecryptStreamTransformer(configuredSecretKey, secretKeys, publicKeys, secretPassphrase).setValidateSignatureIfFound(z).process(inputStream);
        } catch (Exception e) {
            throw new CryptoFailureException(this, e);
        }
    }

    private PGPCryptInfo safeGetCryptInfo(Object obj) throws MissingPGPKeyException {
        if (obj == null) {
            return new PGPCryptInfo(getPublicKeyForCurrentEventValidatingIt(), false);
        }
        if (obj instanceof PGPEncryptAndSignInfo) {
            return doSafeGetEncryptAndSignInfo((PGPEncryptAndSignInfo) obj);
        }
        PGPCryptInfo pGPCryptInfo = (PGPCryptInfo) obj;
        checkKeyExpirity(pGPCryptInfo.getPublicKey());
        return pGPCryptInfo;
    }

    private PGPPublicKey getPublicKeyForCurrentEventValidatingIt() {
        String str = (String) getCredentialsAccessor().getCredentials(RequestContext.getEvent());
        PGPPublicKey publicKey = this.keyManager.getPublicKey(str);
        ValidatorUtil.validateNotNull(publicKey, PGPMessages.noPublicKeyForPrincipal(str));
        checkKeyExpirity(publicKey);
        return publicKey;
    }

    private PGPCryptInfo doSafeGetEncryptAndSignInfo(PGPEncryptAndSignInfo pGPEncryptAndSignInfo) {
        String signerPrincipal = pGPEncryptAndSignInfo.getSignerPrincipal();
        try {
            readSecretKeyBundleIfNecessary();
            Iterator keyRings = this.keyManager.getSecretKeys().getKeyRings(signerPrincipal);
            if (!keyRings.hasNext()) {
                throw new MissingPGPKeyException(org.mule.config.i18n.MessageFactory.createStaticMessage(SIGNER_PRIVATE_KEY_NOT_FOUND_FOR_PRINCIPAL + signerPrincipal));
            }
            return new PGPCryptInfo(getPublicKeyForCurrentEventValidatingIt(), ((PGPSecretKeyRing) keyRings.next()).getSecretKey().extractPrivateKey(BouncyCastleUtil.PBE_SECRET_KEY_DECRYPTOR_BUILDER.build(this.keyManager.getSecretPassphrase().toCharArray())), signerPrincipal);
        } catch (PGPException e) {
            throw new MissingPGPKeyException((Throwable) e);
        }
    }

    private void readSecretKeyBundleIfNecessary() {
        if (this.keyManager.getSecretKeys() == null) {
            this.keyManager.getConfiguredSecretKey();
        }
    }

    private void checkKeyExpirity(PGPPublicKey pGPPublicKey) {
        if (!isCheckKeyExpirity() || pGPPublicKey.getValidDays() == 0) {
            return;
        }
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(pGPPublicKey.getCreationTime());
        calendar.add(5, pGPPublicKey.getValidDays());
        if (!calendar.getTime().after(Calendar.getInstance().getTime())) {
            throw new InvalidPublicKeyException(PGPMessages.pgpPublicKeyExpired());
        }
    }

    public PGPKeyRing getKeyManager() {
        return this.keyManager;
    }

    public void setKeyManager(PGPKeyRing pGPKeyRing) {
        this.keyManager = pGPKeyRing;
    }

    public CredentialsAccessor getCredentialsAccessor() {
        return this.credentialsAccessor;
    }

    public void setCredentialsAccessor(CredentialsAccessor credentialsAccessor) {
        this.credentialsAccessor = credentialsAccessor;
    }

    public void setPgpOutputMode(PGPOutputMode pGPOutputMode) {
        this.pgpOutputMode = pGPOutputMode;
    }

    public boolean isCheckKeyExpirity() {
        return this.checkKeyExpirity;
    }

    public void setCheckKeyExpirity(boolean z) {
        this.checkKeyExpirity = z;
    }

    public void setEncryptionAlgorithm(String str) {
        this.encryptionAlgorithm = str;
    }

    public void setFileName(String str) {
        this.fileName = str;
    }
}
