package org.apache.nifi.processors.standard;

import java.security.Security;
import java.text.Normalizer;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import org.apache.nifi.annotation.behavior.EventDriven;
import org.apache.nifi.annotation.behavior.SideEffectFree;
import org.apache.nifi.annotation.behavior.SupportsBatching;
import org.apache.nifi.annotation.documentation.CapabilityDescription;
import org.apache.nifi.annotation.documentation.Tags;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.components.ValidationContext;
import org.apache.nifi.components.ValidationResult;
import org.apache.nifi.flowfile.FlowFile;
import org.apache.nifi.flowfile.attributes.CoreAttributes;
import org.apache.nifi.logging.ProcessorLog;
import org.apache.nifi.processor.AbstractProcessor;
import org.apache.nifi.processor.ProcessContext;
import org.apache.nifi.processor.ProcessSession;
import org.apache.nifi.processor.ProcessorInitializationContext;
import org.apache.nifi.processor.Relationship;
import org.apache.nifi.processor.exception.ProcessException;
import org.apache.nifi.processor.io.StreamCallback;
import org.apache.nifi.processor.util.StandardValidators;
import org.apache.nifi.processors.standard.util.OpenPGPKeyBasedEncryptor;
import org.apache.nifi.processors.standard.util.OpenPGPPasswordBasedEncryptor;
import org.apache.nifi.processors.standard.util.PasswordBasedEncryptor;
import org.apache.nifi.security.util.EncryptionMethod;
import org.apache.nifi.util.StopWatch;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

@CapabilityDescription("Encrypts or Decrypts a FlowFile using either symmetric encryption with a password and randomly generated salt, or asymmetric encryption using a public and secret key.")
@EventDriven
@SupportsBatching
@Tags({"encryption", "decryption", "password", "JCE", "OpenPGP", "PGP", "GPG"})
@SideEffectFree
/* loaded from: input_file:org/apache/nifi/processors/standard/EncryptContent.class */
public class EncryptContent extends AbstractProcessor {
    public static final String ENCRYPT_MODE = "Encrypt";
    public static final String DECRYPT_MODE = "Decrypt";
    public static final PropertyDescriptor MODE = new PropertyDescriptor.Builder().name("Mode").description("Specifies whether the content should be encrypted or decrypted").required(true).allowableValues(new String[]{ENCRYPT_MODE, DECRYPT_MODE}).defaultValue(ENCRYPT_MODE).build();
    public static final PropertyDescriptor ENCRYPTION_ALGORITHM = new PropertyDescriptor.Builder().name("Encryption Algorithm").description("The Encryption Algorithm to use").required(true).allowableValues(EncryptionMethod.values()).defaultValue(EncryptionMethod.MD5_256AES.name()).build();
    public static final PropertyDescriptor PASSWORD = new PropertyDescriptor.Builder().name("Password").description("The Password to use for encrypting or decrypting the data").required(false).addValidator(StandardValidators.NON_EMPTY_VALIDATOR).sensitive(true).build();
    public static final PropertyDescriptor PUBLIC_KEYRING = new PropertyDescriptor.Builder().name("public-keyring-file").displayName("Public Keyring File").description("In a PGP encrypt mode, this keyring contains the public key of the recipient").required(false).addValidator(StandardValidators.NON_EMPTY_VALIDATOR).build();
    public static final PropertyDescriptor PUBLIC_KEY_USERID = new PropertyDescriptor.Builder().name("public-key-user-id").displayName("Public Key User Id").description("In a PGP encrypt mode, this user id of the recipient").required(false).addValidator(StandardValidators.NON_EMPTY_VALIDATOR).build();
    public static final PropertyDescriptor PRIVATE_KEYRING = new PropertyDescriptor.Builder().name("private-keyring-file").displayName("Private Keyring File").description("In a PGP decrypt mode, this keyring contains the private key of the recipient").required(false).addValidator(StandardValidators.NON_EMPTY_VALIDATOR).build();
    public static final PropertyDescriptor PRIVATE_KEYRING_PASSPHRASE = new PropertyDescriptor.Builder().name("private-keyring-passphrase").displayName("Private Keyring Passphrase").description("In a PGP decrypt mode, this is the private keyring passphrase").required(false).addValidator(StandardValidators.NON_EMPTY_VALIDATOR).sensitive(true).build();
    public static final Relationship REL_SUCCESS = new Relationship.Builder().name("success").description("Any FlowFile that is successfully encrypted or decrypted will be routed to success").build();
    public static final Relationship REL_FAILURE = new Relationship.Builder().name("failure").description("Any FlowFile that cannot be encrypted or decrypted will be routed to failure").build();
    private List<PropertyDescriptor> properties;
    private Set<Relationship> relationships;

    /* loaded from: input_file:org/apache/nifi/processors/standard/EncryptContent$Encryptor.class */
    public interface Encryptor {
        StreamCallback getEncryptionCallback() throws Exception;

        StreamCallback getDecryptionCallback() throws Exception;
    }

    protected void init(ProcessorInitializationContext processorInitializationContext) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(MODE);
        arrayList.add(ENCRYPTION_ALGORITHM);
        arrayList.add(PASSWORD);
        arrayList.add(PUBLIC_KEYRING);
        arrayList.add(PUBLIC_KEY_USERID);
        arrayList.add(PRIVATE_KEYRING);
        arrayList.add(PRIVATE_KEYRING_PASSPHRASE);
        this.properties = Collections.unmodifiableList(arrayList);
        HashSet hashSet = new HashSet();
        hashSet.add(REL_SUCCESS);
        hashSet.add(REL_FAILURE);
        this.relationships = Collections.unmodifiableSet(hashSet);
    }

    public Set<Relationship> getRelationships() {
        return this.relationships;
    }

    protected List<PropertyDescriptor> getSupportedPropertyDescriptors() {
        return this.properties;
    }

    public static boolean isPGPAlgorithm(String str) {
        return str.startsWith("PGP");
    }

    public static boolean isPGPArmoredAlgorithm(String str) {
        return isPGPAlgorithm(str) && str.endsWith("ASCII-ARMOR");
    }

    protected Collection<ValidationResult> customValidate(ValidationContext validationContext) {
        ArrayList arrayList = new ArrayList(super.customValidate(validationContext));
        String value = validationContext.getProperty(ENCRYPTION_ALGORITHM).getValue();
        String algorithm = EncryptionMethod.valueOf(value).getAlgorithm();
        String value2 = validationContext.getProperty(PASSWORD).getValue();
        if (isPGPAlgorithm(algorithm)) {
            if (value2 == null) {
                if (validationContext.getProperty(MODE).getValue().equalsIgnoreCase(ENCRYPT_MODE)) {
                    String value3 = validationContext.getProperty(PUBLIC_KEYRING).getValue();
                    String value4 = validationContext.getProperty(PUBLIC_KEY_USERID).getValue();
                    if (value3 == null || value4 == null) {
                        arrayList.add(new ValidationResult.Builder().subject(PUBLIC_KEYRING.getDisplayName()).explanation(algorithm + " encryption without a " + PASSWORD.getDisplayName() + " requires both " + PUBLIC_KEYRING.getDisplayName() + " and " + PUBLIC_KEY_USERID.getDisplayName()).build());
                    } else {
                        try {
                            if (OpenPGPKeyBasedEncryptor.getPublicKey(value4, value3) == null) {
                                arrayList.add(new ValidationResult.Builder().subject(PUBLIC_KEYRING.getDisplayName()).explanation(PUBLIC_KEYRING.getDisplayName() + " " + value3 + " does not contain user id " + value4).build());
                            }
                        } catch (Exception e) {
                            arrayList.add(new ValidationResult.Builder().subject(PUBLIC_KEYRING.getDisplayName()).explanation("Invalid " + PUBLIC_KEYRING.getDisplayName() + " " + value3 + " because " + e.toString()).build());
                        }
                    }
                } else {
                    String value5 = validationContext.getProperty(PRIVATE_KEYRING).getValue();
                    String value6 = validationContext.getProperty(PRIVATE_KEYRING_PASSPHRASE).getValue();
                    if (value5 == null || value6 == null) {
                        arrayList.add(new ValidationResult.Builder().subject(PRIVATE_KEYRING.getName()).explanation(algorithm + " decryption without a " + PASSWORD.getDisplayName() + " requires both " + PRIVATE_KEYRING.getDisplayName() + " and " + PRIVATE_KEYRING_PASSPHRASE.getDisplayName()).build());
                    } else {
                        try {
                            if (!OpenPGPKeyBasedEncryptor.validateKeyring(EncryptionMethod.valueOf(value).getProvider(), value5, value6.toCharArray())) {
                                arrayList.add(new ValidationResult.Builder().subject(PRIVATE_KEYRING.getDisplayName()).explanation(PRIVATE_KEYRING.getDisplayName() + " " + value5 + " could not be opened with the provided " + PRIVATE_KEYRING_PASSPHRASE.getDisplayName()).build());
                            }
                        } catch (Exception e2) {
                            arrayList.add(new ValidationResult.Builder().subject(PRIVATE_KEYRING.getDisplayName()).explanation("Invalid " + PRIVATE_KEYRING.getDisplayName() + " " + value5 + " because " + e2.toString()).build());
                        }
                    }
                }
            }
        } else if (value2 == null) {
            arrayList.add(new ValidationResult.Builder().subject(PASSWORD.getName()).explanation(PASSWORD.getDisplayName() + " is required when using algorithm " + algorithm).build());
        }
        return arrayList;
    }

    public void onTrigger(ProcessContext processContext, ProcessSession processSession) {
        Encryptor passwordBasedEncryptor;
        FlowFile flowFile = processSession.get();
        if (flowFile == null) {
            return;
        }
        ProcessorLog logger = getLogger();
        EncryptionMethod valueOf = EncryptionMethod.valueOf(processContext.getProperty(ENCRYPTION_ALGORITHM).getValue());
        String provider = valueOf.getProvider();
        String algorithm = valueOf.getAlgorithm();
        String value = processContext.getProperty(PASSWORD).getValue();
        boolean equalsIgnoreCase = processContext.getProperty(MODE).getValue().equalsIgnoreCase(ENCRYPT_MODE);
        try {
            if (isPGPAlgorithm(algorithm)) {
                String attribute = flowFile.getAttribute(CoreAttributes.FILENAME.key());
                String value2 = processContext.getProperty(PUBLIC_KEYRING).getValue();
                String value3 = processContext.getProperty(PRIVATE_KEYRING).getValue();
                passwordBasedEncryptor = (!equalsIgnoreCase || value2 == null) ? (equalsIgnoreCase || value3 == null) ? new OpenPGPPasswordBasedEncryptor(algorithm, provider, Normalizer.normalize(value, Normalizer.Form.NFC).toCharArray(), attribute) : new OpenPGPKeyBasedEncryptor(algorithm, provider, value3, null, processContext.getProperty(PRIVATE_KEYRING_PASSPHRASE).getValue().toCharArray(), attribute) : new OpenPGPKeyBasedEncryptor(algorithm, provider, value2, processContext.getProperty(PUBLIC_KEY_USERID).getValue(), null, attribute);
            } else {
                passwordBasedEncryptor = new PasswordBasedEncryptor(algorithm, provider, Normalizer.normalize(value, Normalizer.Form.NFC).toCharArray());
            }
            StreamCallback encryptionCallback = equalsIgnoreCase ? passwordBasedEncryptor.getEncryptionCallback() : passwordBasedEncryptor.getDecryptionCallback();
            try {
                StopWatch stopWatch = new StopWatch(true);
                flowFile = processSession.write(flowFile, encryptionCallback);
                Object[] objArr = new Object[2];
                objArr[0] = equalsIgnoreCase ? "en" : "de";
                objArr[1] = flowFile;
                logger.info("successfully {}crypted {}", objArr);
                processSession.getProvenanceReporter().modifyContent(flowFile, stopWatch.getElapsed(TimeUnit.MILLISECONDS));
                processSession.transfer(flowFile, REL_SUCCESS);
            } catch (ProcessException e) {
                Object[] objArr2 = new Object[3];
                objArr2[0] = equalsIgnoreCase ? "en" : "de";
                objArr2[1] = flowFile;
                objArr2[2] = e;
                logger.error("Cannot {}crypt {} - ", objArr2);
                processSession.transfer(flowFile, REL_FAILURE);
            }
        } catch (Exception e2) {
            Object[] objArr3 = new Object[2];
            objArr3[0] = equalsIgnoreCase ? "en" : "de";
            objArr3[1] = e2;
            logger.error("Failed to initialize {}cryption algorithm because - ", objArr3);
            processSession.rollback();
            processContext.yield();
        }
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
