package org.mule.module.pgp;

import java.security.Security;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.mule.api.lifecycle.InitialisationException;
import org.mule.api.security.Authentication;
import org.mule.api.security.SecurityException;
import org.mule.api.security.UnauthorisedException;
import org.mule.config.i18n.CoreMessages;
import org.mule.module.pgp.i18n.PGPMessages;
import org.mule.security.AbstractSecurityProvider;
import org.mule.util.SecurityUtils;

/* loaded from: input_file:org/mule/module/pgp/PGPSecurityProvider.class */
public class PGPSecurityProvider extends AbstractSecurityProvider {
    private PGPKeyRing keyManager;

    public PGPSecurityProvider() {
        super("pgp");
    }

    @Override // org.mule.api.security.SecurityProvider
    public Authentication authenticate(Authentication authentication) throws SecurityException {
        PGPAuthentication pGPAuthentication = (PGPAuthentication) authentication;
        String str = (String) pGPAuthentication.getPrincipal();
        if (str == null) {
            throw new UnauthorisedException(CoreMessages.objectIsNull("UserId"));
        }
        PGPPublicKey publicKey = this.keyManager.getPublicKey(str);
        if (publicKey == null) {
            throw new UnauthorisedException(PGPMessages.noPublicKeyForUser(str));
        }
        Message message = (Message) pGPAuthentication.getCredentials();
        if (message instanceof SignedMessage) {
            try {
                if (!((SignedMessage) message).verify()) {
                    throw new UnauthorisedException(PGPMessages.invalidSignature());
                }
            } catch (Exception e) {
                throw new UnauthorisedException(PGPMessages.errorVerifySignature(), e);
            }
        }
        pGPAuthentication.setAuthenticated(true);
        pGPAuthentication.setDetails(publicKey);
        return pGPAuthentication;
    }

    @Override // org.mule.security.AbstractSecurityProvider, org.mule.api.security.SecurityProvider
    public boolean supports(Class<?> cls) {
        return PGPAuthentication.class.isAssignableFrom(cls);
    }

    @Override // org.mule.security.AbstractSecurityProvider
    protected void doInitialise() throws InitialisationException {
        try {
            if (!SecurityUtils.isFipsSecurityModel()) {
                Security.addProvider(new BouncyCastleProvider());
            }
            setSecurityContextFactory(new PGPSecurityContextFactory());
        } catch (Exception e) {
            throw new InitialisationException(CoreMessages.failedToCreate("PGPProvider"), e, this);
        }
    }

    public PGPKeyRing getKeyManager() {
        return this.keyManager;
    }

    public void setKeyManager(PGPKeyRing pGPKeyRing) {
        this.keyManager = pGPKeyRing;
    }
}
