package org.mule.runtime.module.reboot.internal;

import java.security.Provider;
import java.security.Security;

/* loaded from: input_file:org/mule/runtime/module/reboot/internal/FipsSecurityManager.class */
public class FipsSecurityManager {
    private static final String FIPS_KEY = "fips";
    private static final String FIPS_VALUE = "BCFIPS";
    private static final String FIPS_PROVIDER = "org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider";
    private static final String FIPS_SECURITY_MODEL = "fips140-2";
    private static final String FIPS_CONFIG_HYBRID_ENTROPY_POOL = "C:HYBRID;ENABLE{ALL};";
    private static final String JSSE_PROVIDER = "org.bouncycastle.jsse.provider.BouncyCastleJsseProvider";
    private static final String KEY_MANAGER_FACTORY_ALGORITHM_KEY = "ssl.KeyManagerFactory.algorithm";
    private static final String KEY_MANAGER_FACTORY_ALGORITHM_VALUE = "PKIX";
    private static final String KEYSTORE_TYPE_KEY = "keystore.type";
    private static final String KEYSTORE_TYPE_VALUE = "PKCS12";
    private static final String LEGACY_SUN_JSSE_PROVIDER = "com.sun.net.ssl.internal.ssl.Provider";
    private static final String TRUST_MANAGER_FACTORY_ALGORITHM_KEY = "ssl.KeyManagerFactory.algorithm";
    private static final String SUN_JSSE_PROVIDER = "SunJSSE";

    public void configureFips() throws Exception {
        configureSecurityManager();
        setSecurityAlgorithm();
    }

    public boolean isFipsEnabled() {
        return FIPS_SECURITY_MODEL.equals(System.getProperty("mule.security.model"));
    }

    private void configureSecurityManager() throws ReflectiveOperationException {
        Security.insertProviderAt(createFipsProvider(), 1);
        Security.insertProviderAt(createJsseProvider(), 2);
        Provider provider = Security.getProvider(SUN_JSSE_PROVIDER);
        Provider provider2 = Security.getProvider(LEGACY_SUN_JSSE_PROVIDER);
        if (provider != null) {
            Security.removeProvider(SUN_JSSE_PROVIDER);
        }
        if (provider2 != null) {
            provider2.setProperty(FIPS_VALUE, "");
        }
    }

    private Provider createJsseProvider() throws ReflectiveOperationException {
        Provider provider = (Provider) Class.forName(JSSE_PROVIDER).getConstructor(new Class[0]).newInstance(new Object[0]);
        provider.setProperty(FIPS_KEY, FIPS_VALUE);
        return provider;
    }

    private Provider createFipsProvider() throws ReflectiveOperationException {
        Class<?> cls = Class.forName(FIPS_PROVIDER);
        return !Boolean.valueOf(System.getProperty("mule.security.provider.enableHybridDrbg", "true")).booleanValue() ? (Provider) cls.getConstructor(new Class[0]).newInstance(new Object[0]) : (Provider) cls.getConstructor(String.class).newInstance(FIPS_CONFIG_HYBRID_ENTROPY_POOL);
    }

    private void setSecurityAlgorithm() {
        Security.setProperty("ssl.KeyManagerFactory.algorithm", KEY_MANAGER_FACTORY_ALGORITHM_VALUE);
        Security.setProperty("ssl.KeyManagerFactory.algorithm", KEY_MANAGER_FACTORY_ALGORITHM_VALUE);
        Security.setProperty(KEYSTORE_TYPE_KEY, KEYSTORE_TYPE_VALUE);
    }
}
