package com.mulesoft.mule.runtime.gw.api.config;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:com/mulesoft/mule/runtime/gw/api/config/GatewaySecurityConfiguration.class */
public class GatewaySecurityConfiguration extends RuntimeConfiguration {
    private static final String ENCRYPTION_KEY = "anypoint.platform.encryption_key";
    private static final String POLICY_ENCRYPTION_MODE = "anypoint.platform.policy_encryption_mode";
    private static final EncryptionMode POLICY_ENCRYPTION_MODE_DEFAULT = EncryptionMode.SENSITIVE_ONLY;
    private static final String HASH_CLIENTS = "anypoint.platform.hash_clients";
    private static final String HASH_CLIENTS_DEFAULT = "false";
    private static final String HASH_CLIENTS_ALGORITHM = "anypoint.platform.hash_clients.algorithm";
    private static final String HASH_CLIENTS_ALGORITHM_DEFAULT = "SHA-256";

    /* loaded from: input_file:com/mulesoft/mule/runtime/gw/api/config/GatewaySecurityConfiguration$EncryptionMode.class */
    public enum EncryptionMode {
        FULL,
        SENSITIVE_ONLY
    }

    public String getEncryptionKey() {
        return StringUtils.trimToNull(System.getProperty(ENCRYPTION_KEY));
    }

    public boolean isEncryptionEnabled() {
        return getEncryptionKey() != null;
    }

    public boolean isSensitiveOnlyEncryption() {
        return parsePropertyValue().equals(EncryptionMode.SENSITIVE_ONLY);
    }

    private EncryptionMode parsePropertyValue() {
        String trimToNull = StringUtils.trimToNull(System.getProperty(POLICY_ENCRYPTION_MODE, POLICY_ENCRYPTION_MODE_DEFAULT.name()));
        try {
            return EncryptionMode.valueOf(trimToNull.toUpperCase());
        } catch (IllegalArgumentException e) {
            LOGGER.warn("{} is not a valid Policy Encryption configuration mode. {} mode will be used", trimToNull, POLICY_ENCRYPTION_MODE_DEFAULT);
            return POLICY_ENCRYPTION_MODE_DEFAULT;
        }
    }

    public void clearEncryptionKey() {
        System.clearProperty(ENCRYPTION_KEY);
    }

    public boolean hashClients() {
        return Boolean.valueOf(StringUtils.trimToNull(System.getProperty(HASH_CLIENTS, HASH_CLIENTS_DEFAULT))).booleanValue();
    }

    public String hashAlgorithm() {
        String upperCase = StringUtils.trimToNull(System.getProperty(HASH_CLIENTS_ALGORITHM, HASH_CLIENTS_ALGORITHM_DEFAULT)).toUpperCase();
        try {
            MessageDigest.getInstance(upperCase);
            return upperCase;
        } catch (NoSuchAlgorithmException e) {
            LOGGER.warn("{} is not a valid Hashing algorithm. {} algorithm will be used.", upperCase, HASH_CLIENTS_ALGORITHM_DEFAULT);
            return HASH_CLIENTS_ALGORITHM_DEFAULT;
        }
    }
}
