package com.helger.phase4.crypto;

import com.helger.commons.ValueEnforcer;
import com.helger.commons.annotation.Nonempty;
import com.helger.commons.annotation.ReturnsMutableCopy;
import com.helger.commons.annotation.ReturnsMutableObject;
import com.helger.commons.lang.ICloneable;
import com.helger.commons.string.StringHelper;
import com.helger.commons.string.ToStringGenerator;
import com.helger.phase4.model.pmode.leg.PModeLegSecurity;
import java.security.Provider;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.function.Consumer;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.annotation.OverridingMethodsMustInvokeSuper;
import javax.annotation.concurrent.NotThreadSafe;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@NotThreadSafe
/* loaded from: input_file:com/helger/phase4/crypto/AS4CryptParams.class */
public class AS4CryptParams implements ICloneable<AS4CryptParams> {
    public static final String DEFAULT_MGF_ALGORITHM = "http://www.w3.org/2009/xmlenc11#mgf1sha256";
    public static final String DEFAULT_DIGEST_ALGORITHM = "http://www.w3.org/2001/04/xmlenc#sha256";
    public static final boolean DEFAULT_ENCRYPT_SYMMETRIC_SESSION_KEY = true;
    private ECryptoAlgorithmCrypt m_eAlgorithmCrypt;
    private X509Certificate m_aCert;
    private String m_sAlias;
    private Provider m_aSecurityProvider;
    private IWSSecEncryptCustomizer m_aWSSecEncryptCustomizer;
    public static final ECryptoKeyIdentifierType DEFAULT_KEY_IDENTIFIER_TYPE = ECryptoKeyIdentifierType.BST_DIRECT_REFERENCE;
    public static final ECryptoKeyEncryptionAlgorithm DEFAULT_KEY_ENCRYPTION_ALGORITHM = ECryptoKeyEncryptionAlgorithm.RSA_OAEP_XENC11;
    public static final ICryptoSessionKeyProvider DEFAULT_SESSION_KEY_PROVIDER = ICryptoSessionKeyProvider.INSTANCE_RANDOM_AES_128;
    private static final Logger LOGGER = LoggerFactory.getLogger(AS4CryptParams.class);
    private ECryptoKeyIdentifierType m_eKeyIdentifierType = DEFAULT_KEY_IDENTIFIER_TYPE;
    private ECryptoKeyEncryptionAlgorithm m_eKeyEncAlgorithm = DEFAULT_KEY_ENCRYPTION_ALGORITHM;
    private String m_sMGFAlgorithm = DEFAULT_MGF_ALGORITHM;
    private String m_sDigestAlgorithm = DEFAULT_DIGEST_ALGORITHM;
    private ICryptoSessionKeyProvider m_aSessionKeyProvider = DEFAULT_SESSION_KEY_PROVIDER;
    private boolean m_bEncryptSymmetricSessionKey = true;

    public boolean isCryptEnabled(@Nullable Consumer<String> consumer) {
        if (this.m_eAlgorithmCrypt == null) {
            return false;
        }
        if (hasCertificate() || hasAlias()) {
            return true;
        }
        if (consumer == null) {
            return false;
        }
        consumer.accept("Crypt parameters have an algorithm defined but neither an alias nor a certificate was provided. Therefore encryption is not enabled.");
        return false;
    }

    @Nonnull
    public final ECryptoKeyIdentifierType getKeyIdentifierType() {
        return this.m_eKeyIdentifierType;
    }

    @Nonnull
    public final AS4CryptParams setKeyIdentifierType(@Nonnull ECryptoKeyIdentifierType eCryptoKeyIdentifierType) {
        ValueEnforcer.notNull(eCryptoKeyIdentifierType, "KeyIdentifierType");
        this.m_eKeyIdentifierType = eCryptoKeyIdentifierType;
        return this;
    }

    @Nullable
    public final ECryptoAlgorithmCrypt getAlgorithmCrypt() {
        return this.m_eAlgorithmCrypt;
    }

    @Nonnull
    public final AS4CryptParams setAlgorithmCrypt(@Nullable ECryptoAlgorithmCrypt eCryptoAlgorithmCrypt) {
        this.m_eAlgorithmCrypt = eCryptoAlgorithmCrypt;
        return this;
    }

    @Nonnull
    public final ECryptoKeyEncryptionAlgorithm getKeyEncAlgorithm() {
        return this.m_eKeyEncAlgorithm;
    }

    @Nonnull
    public final AS4CryptParams setKeyEncAlgorithm(@Nonnull ECryptoKeyEncryptionAlgorithm eCryptoKeyEncryptionAlgorithm) {
        this.m_eKeyEncAlgorithm = eCryptoKeyEncryptionAlgorithm;
        return this;
    }

    @Nonnull
    @Nonempty
    public final String getMGFAlgorithm() {
        return this.m_sMGFAlgorithm;
    }

    @Nonnull
    public final AS4CryptParams setMGFAlgorithm(@Nonnull @Nonempty String str) {
        ValueEnforcer.notEmpty(str, "MGFAlgorithm");
        this.m_sMGFAlgorithm = str;
        return this;
    }

    @Nonnull
    @Nonempty
    public final String getDigestAlgorithm() {
        return this.m_sDigestAlgorithm;
    }

    @Nonnull
    public final AS4CryptParams setDigestAlgorithm(@Nonnull @Nonempty String str) {
        ValueEnforcer.notEmpty(str, "DigestAlgorithm");
        this.m_sDigestAlgorithm = str;
        return this;
    }

    @Nullable
    public final X509Certificate getCertificate() {
        return this.m_aCert;
    }

    public final boolean hasCertificate() {
        return this.m_aCert != null;
    }

    @Nonnull
    public final AS4CryptParams setCertificate(@Nullable X509Certificate x509Certificate) {
        this.m_aCert = x509Certificate;
        if (x509Certificate != null) {
            try {
                x509Certificate.checkValidity();
            } catch (CertificateExpiredException e) {
                LOGGER.warn("The provided certificate is already expired. Please use a different one.");
            } catch (CertificateNotYetValidException e2) {
                LOGGER.warn("The provided certificate is not yet valid. Please use a different one.");
            }
        }
        return this;
    }

    @Nullable
    public final String getAlias() {
        return this.m_sAlias;
    }

    public final boolean hasAlias() {
        return StringHelper.hasText(this.m_sAlias);
    }

    @Nonnull
    public final AS4CryptParams setAlias(@Nullable String str) {
        this.m_sAlias = str;
        return this;
    }

    @Nonnull
    public final ICryptoSessionKeyProvider getSessionKeyProvider() {
        return this.m_aSessionKeyProvider;
    }

    @Nonnull
    public final AS4CryptParams setSessionKeyProvider(@Nonnull ICryptoSessionKeyProvider iCryptoSessionKeyProvider) {
        ValueEnforcer.notNull(iCryptoSessionKeyProvider, "SessionKeyProvider");
        this.m_aSessionKeyProvider = iCryptoSessionKeyProvider;
        return this;
    }

    @Nullable
    public final Provider getSecurityProvider() {
        return this.m_aSecurityProvider;
    }

    @Nonnull
    public final AS4CryptParams setSecurityProvider(@Nullable Provider provider) {
        this.m_aSecurityProvider = provider;
        return this;
    }

    public final boolean isEncryptSymmetricSessionKey() {
        return this.m_bEncryptSymmetricSessionKey;
    }

    @Nonnull
    public final AS4CryptParams setEncryptSymmetricSessionKey(boolean z) {
        this.m_bEncryptSymmetricSessionKey = z;
        return this;
    }

    @Nullable
    public final IWSSecEncryptCustomizer getWSSecEncryptCustomizer() {
        return this.m_aWSSecEncryptCustomizer;
    }

    public final boolean hasWSSecEncryptCustomizer() {
        return this.m_aWSSecEncryptCustomizer != null;
    }

    @Nonnull
    public final AS4CryptParams setWSSecEncryptCustomizer(@Nullable IWSSecEncryptCustomizer iWSSecEncryptCustomizer) {
        this.m_aWSSecEncryptCustomizer = iWSSecEncryptCustomizer;
        return this;
    }

    @Nonnull
    public final AS4CryptParams setFromPMode(@Nullable PModeLegSecurity pModeLegSecurity) {
        if (pModeLegSecurity == null) {
            setAlgorithmCrypt(null);
        } else {
            setAlgorithmCrypt(pModeLegSecurity.getX509EncryptionAlgorithm());
        }
        return this;
    }

    @OverridingMethodsMustInvokeSuper
    public void cloneTo(@Nonnull AS4CryptParams aS4CryptParams) {
        ValueEnforcer.notNull(aS4CryptParams, "Target");
        aS4CryptParams.setKeyIdentifierType(this.m_eKeyIdentifierType).setAlgorithmCrypt(this.m_eAlgorithmCrypt).setKeyEncAlgorithm(this.m_eKeyEncAlgorithm).setMGFAlgorithm(this.m_sMGFAlgorithm).setDigestAlgorithm(this.m_sDigestAlgorithm).setCertificate(this.m_aCert).setAlias(this.m_sAlias).setSessionKeyProvider(this.m_aSessionKeyProvider).setSecurityProvider(this.m_aSecurityProvider).setEncryptSymmetricSessionKey(this.m_bEncryptSymmetricSessionKey).setWSSecEncryptCustomizer(this.m_aWSSecEncryptCustomizer);
    }

    @Nonnull
    @ReturnsMutableCopy
    /* renamed from: getClone, reason: merged with bridge method [inline-methods] */
    public AS4CryptParams m12getClone() {
        AS4CryptParams aS4CryptParams = new AS4CryptParams();
        cloneTo(aS4CryptParams);
        return aS4CryptParams;
    }

    public String toString() {
        return new ToStringGenerator((Object) null).append("KeyIdentifierType", this.m_eKeyIdentifierType).append("AlgorithmCrypt", this.m_eAlgorithmCrypt).append("KeyEncAlgorithm", this.m_eKeyEncAlgorithm).append("MGFAlgorithm", this.m_sMGFAlgorithm).append("DigestAlgorithm", this.m_sDigestAlgorithm).append("Certificate", this.m_aCert).append("Alias", this.m_sAlias).append("SessionKeyProvider", this.m_aSessionKeyProvider).append("SecurityProvider", this.m_aSecurityProvider).append("EncryptSymmetricSessionKey", this.m_bEncryptSymmetricSessionKey).append("WSSecEncryptCustomizer", this.m_aWSSecEncryptCustomizer).getToString();
    }

    @Nonnull
    @ReturnsMutableObject
    public static AS4CryptParams createDefault() {
        return new AS4CryptParams().setAlgorithmCrypt(ECryptoAlgorithmCrypt.ENCRPYTION_ALGORITHM_DEFAULT);
    }
}
