package org.apache.nifi.processors.standard;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.SecureRandom;
import java.security.Security;
import java.text.Normalizer;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.flowfile.FlowFile;
import org.apache.nifi.logging.ProcessorLog;
import org.apache.nifi.processor.AbstractProcessor;
import org.apache.nifi.processor.ProcessContext;
import org.apache.nifi.processor.ProcessSession;
import org.apache.nifi.processor.ProcessorInitializationContext;
import org.apache.nifi.processor.Relationship;
import org.apache.nifi.processor.annotation.CapabilityDescription;
import org.apache.nifi.processor.annotation.EventDriven;
import org.apache.nifi.processor.annotation.SideEffectFree;
import org.apache.nifi.processor.annotation.SupportsBatching;
import org.apache.nifi.processor.annotation.Tags;
import org.apache.nifi.processor.exception.ProcessException;
import org.apache.nifi.processor.io.StreamCallback;
import org.apache.nifi.processor.util.StandardValidators;
import org.apache.nifi.security.util.EncryptionMethod;
import org.apache.nifi.stream.io.StreamUtils;
import org.apache.nifi.util.StopWatch;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

@SupportsBatching
@Tags({"encryption", "decryption", "password", "JCE"})
@EventDriven
@SideEffectFree
@CapabilityDescription("Encrypts or Decrypts a FlowFile using a randomly generated salt")
/* loaded from: input_file:org/apache/nifi/processors/standard/EncryptContent.class */
public class EncryptContent extends AbstractProcessor {
    public static final String SECURE_RANDOM_ALGORITHM = "SHA1PRNG";
    public static final int DEFAULT_SALT_SIZE = 8;
    private List<PropertyDescriptor> properties;
    private Set<Relationship> relationships;
    public static final String ENCRYPT_MODE = "Encrypt";
    public static final String DECRYPT_MODE = "Decrypt";
    public static final PropertyDescriptor MODE = new PropertyDescriptor.Builder().name("Mode").description("Specifies whether the content should be encrypted or decrypted").required(true).allowableValues(new String[]{ENCRYPT_MODE, DECRYPT_MODE}).defaultValue(ENCRYPT_MODE).build();
    public static final PropertyDescriptor ENCRYPTION_ALGORITHM = new PropertyDescriptor.Builder().name("Encryption Algorithm").description("The Encryption Algorithm to use").required(true).allowableValues(EncryptionMethod.values()).defaultValue(EncryptionMethod.MD5_256AES.name()).build();
    public static final PropertyDescriptor PASSWORD = new PropertyDescriptor.Builder().name("Password").description("The Password to use for encrypting or decrypting the data").required(true).addValidator(StandardValidators.NON_EMPTY_VALIDATOR).sensitive(true).build();
    public static final Relationship REL_SUCCESS = new Relationship.Builder().name("success").description("Any FlowFile that is successfully encrypted or decrypted will be routed to success").build();
    public static final Relationship REL_FAILURE = new Relationship.Builder().name("failure").description("Any FlowFile that cannot be encrypted or decrypted will be routed to failure").build();

    /* loaded from: input_file:org/apache/nifi/processors/standard/EncryptContent$DecryptCallback.class */
    private static class DecryptCallback implements StreamCallback {
        private final Cipher cipher;
        private final SecretKey secretKey;
        private final int saltSize;

        public DecryptCallback(Cipher cipher, SecretKey secretKey, int i) {
            this.cipher = cipher;
            this.secretKey = secretKey;
            this.saltSize = i;
        }

        public void process(InputStream inputStream, OutputStream outputStream) throws IOException {
            byte[] bArr = new byte[this.saltSize];
            StreamUtils.fillBuffer(inputStream, bArr);
            try {
                this.cipher.init(2, this.secretKey, new PBEParameterSpec(bArr, 1000));
                byte[] bArr2 = new byte[65536];
                while (true) {
                    int read = inputStream.read(bArr2);
                    if (read <= 0) {
                        try {
                            outputStream.write(this.cipher.doFinal());
                            return;
                        } catch (Exception e) {
                            throw new ProcessException(e);
                        }
                    } else {
                        byte[] update = this.cipher.update(bArr2, 0, read);
                        if (update != null) {
                            outputStream.write(update);
                        }
                    }
                }
            } catch (Exception e2) {
                throw new ProcessException(e2);
            }
        }
    }

    /* loaded from: input_file:org/apache/nifi/processors/standard/EncryptContent$EncryptCallback.class */
    private static class EncryptCallback implements StreamCallback {
        private final Cipher cipher;
        private final byte[] salt;

        public EncryptCallback(Cipher cipher, byte[] bArr) {
            this.cipher = cipher;
            this.salt = bArr;
        }

        public void process(InputStream inputStream, OutputStream outputStream) throws IOException {
            outputStream.write(this.salt);
            byte[] bArr = new byte[65536];
            while (true) {
                int read = inputStream.read(bArr);
                if (read <= 0) {
                    try {
                        outputStream.write(this.cipher.doFinal());
                        return;
                    } catch (BadPaddingException | IllegalBlockSizeException e) {
                        throw new ProcessException(e);
                    }
                } else {
                    byte[] update = this.cipher.update(bArr, 0, read);
                    if (update != null) {
                        outputStream.write(update);
                    }
                }
            }
        }
    }

    protected void init(ProcessorInitializationContext processorInitializationContext) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(MODE);
        arrayList.add(ENCRYPTION_ALGORITHM);
        arrayList.add(PASSWORD);
        this.properties = Collections.unmodifiableList(arrayList);
        HashSet hashSet = new HashSet();
        hashSet.add(REL_SUCCESS);
        hashSet.add(REL_FAILURE);
        this.relationships = Collections.unmodifiableSet(hashSet);
    }

    public Set<Relationship> getRelationships() {
        return this.relationships;
    }

    protected List<PropertyDescriptor> getSupportedPropertyDescriptors() {
        return this.properties;
    }

    public void onTrigger(ProcessContext processContext, ProcessSession processSession) {
        FlowFile write;
        FlowFile flowFile = processSession.get();
        if (flowFile == null) {
            return;
        }
        ProcessorLog logger = getLogger();
        EncryptionMethod valueOf = EncryptionMethod.valueOf(processContext.getProperty(ENCRYPTION_ALGORITHM).getValue());
        String provider = valueOf.getProvider();
        String algorithm = valueOf.getAlgorithm();
        PBEKeySpec pBEKeySpec = new PBEKeySpec(Normalizer.normalize(processContext.getProperty(PASSWORD).getValue(), Normalizer.Form.NFC).toCharArray());
        try {
            SecureRandom secureRandom = SecureRandom.getInstance(SECURE_RANDOM_ALGORITHM);
            secureRandom.setSeed(System.currentTimeMillis());
            SecretKey generateSecret = SecretKeyFactory.getInstance(algorithm, provider).generateSecret(pBEKeySpec);
            Cipher cipher = Cipher.getInstance(algorithm, provider);
            int blockSize = cipher.getBlockSize();
            int i = blockSize > 0 ? blockSize : 8;
            StopWatch stopWatch = new StopWatch(true);
            if (processContext.getProperty(MODE).getValue().equalsIgnoreCase(ENCRYPT_MODE)) {
                byte[] bArr = new byte[i];
                secureRandom.nextBytes(bArr);
                try {
                    cipher.init(1, generateSecret, new PBEParameterSpec(bArr, 1000));
                    write = processSession.write(flowFile, new EncryptCallback(cipher, bArr));
                    logger.info("Successfully encrypted {}", new Object[]{write});
                } catch (InvalidAlgorithmParameterException | InvalidKeyException e) {
                    logger.error("unable to encrypt {} due to {}", new Object[]{flowFile, e});
                    processSession.transfer(flowFile, REL_FAILURE);
                    return;
                }
            } else if (flowFile.getSize() <= i) {
                logger.error("Cannot decrypt {} because its file size is not greater than the salt size", new Object[]{flowFile});
                processSession.transfer(flowFile, REL_FAILURE);
                return;
            } else {
                write = processSession.write(flowFile, new DecryptCallback(cipher, generateSecret, i));
                logger.info("successfully decrypted {}", new Object[]{write});
            }
            processSession.getProvenanceReporter().modifyContent(write, stopWatch.getElapsed(TimeUnit.MILLISECONDS));
            processSession.transfer(write, REL_SUCCESS);
        } catch (Exception e2) {
            logger.error("failed to initialize Encryption/Decryption algorithm due to {}", new Object[]{e2});
            processSession.transfer(flowFile, REL_FAILURE);
        }
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
