package org.apache.nifi.processors.standard.util;

import java.io.EOFException;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.charset.StandardCharsets;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.processor.exception.ProcessException;
import org.apache.nifi.processor.io.StreamCallback;
import org.apache.nifi.processors.standard.EncryptContent;
import org.apache.nifi.security.util.KeyDerivationFunction;
import org.apache.nifi.stream.io.StreamUtils;

/* loaded from: input_file:org/apache/nifi/processors/standard/util/PasswordBasedEncryptor.class */
public class PasswordBasedEncryptor implements EncryptContent.Encryptor {
    private Cipher cipher;
    private int saltSize;
    private SecretKey secretKey;
    private KeyDerivationFunction kdf;
    private int iterationsCount;

    @Deprecated
    private static final String SECURE_RANDOM_ALGORITHM = "SHA1PRNG";
    private static final int DEFAULT_SALT_SIZE = 8;
    private static final int LEGACY_KDF_ITERATIONS = 1000;
    private static final int OPENSSL_EVP_HEADER_SIZE = 8;
    private static final int OPENSSL_EVP_SALT_SIZE = 8;
    private static final String OPENSSL_EVP_HEADER_MARKER = "Salted__";
    private static final int OPENSSL_EVP_KDF_ITERATIONS = 0;
    private static final int DEFAULT_MAX_ALLOWED_KEY_LENGTH = 128;
    private static boolean isUnlimitedStrengthCryptographyEnabled;

    /* loaded from: input_file:org/apache/nifi/processors/standard/util/PasswordBasedEncryptor$DecryptCallback.class */
    private class DecryptCallback implements StreamCallback {
        public DecryptCallback() {
        }

        public void process(InputStream inputStream, OutputStream outputStream) throws IOException {
            byte[] bArr = new byte[PasswordBasedEncryptor.this.saltSize];
            try {
                if (PasswordBasedEncryptor.this.isOpenSSLKDF()) {
                    byte[] bArr2 = new byte[8];
                    inputStream.mark(9);
                    StreamUtils.fillBuffer(inputStream, bArr2);
                    if (!Arrays.equals(PasswordBasedEncryptor.OPENSSL_EVP_HEADER_MARKER.getBytes(StandardCharsets.US_ASCII), bArr2)) {
                        bArr = new byte[0];
                        inputStream.reset();
                    }
                }
                StreamUtils.fillBuffer(inputStream, bArr);
                try {
                    PasswordBasedEncryptor.this.cipher.init(2, PasswordBasedEncryptor.this.secretKey, new PBEParameterSpec(bArr, PasswordBasedEncryptor.this.getIterationsCount()));
                    byte[] bArr3 = new byte[65536];
                    while (true) {
                        int read = inputStream.read(bArr3);
                        if (read <= 0) {
                            try {
                                outputStream.write(PasswordBasedEncryptor.this.cipher.doFinal());
                                return;
                            } catch (Exception e) {
                                throw new ProcessException(e);
                            }
                        } else {
                            byte[] update = PasswordBasedEncryptor.this.cipher.update(bArr3, 0, read);
                            if (update != null) {
                                outputStream.write(update);
                            }
                        }
                    }
                } catch (Exception e2) {
                    throw new ProcessException(e2);
                }
            } catch (EOFException e3) {
                throw new ProcessException("Cannot decrypt because file size is smaller than salt size", e3);
            }
        }
    }

    /* loaded from: input_file:org/apache/nifi/processors/standard/util/PasswordBasedEncryptor$EncryptCallback.class */
    private class EncryptCallback implements StreamCallback {
        private final byte[] salt;

        public EncryptCallback(byte[] bArr) {
            this.salt = bArr;
        }

        public void process(InputStream inputStream, OutputStream outputStream) throws IOException {
            try {
                PasswordBasedEncryptor.this.cipher.init(1, PasswordBasedEncryptor.this.secretKey, new PBEParameterSpec(this.salt, PasswordBasedEncryptor.this.getIterationsCount()));
                if (PasswordBasedEncryptor.this.isOpenSSLKDF()) {
                    outputStream.write(PasswordBasedEncryptor.OPENSSL_EVP_HEADER_MARKER.getBytes(StandardCharsets.US_ASCII));
                }
                outputStream.write(this.salt);
                byte[] bArr = new byte[65536];
                while (true) {
                    int read = inputStream.read(bArr);
                    if (read <= 0) {
                        try {
                            outputStream.write(PasswordBasedEncryptor.this.cipher.doFinal());
                            return;
                        } catch (BadPaddingException | IllegalBlockSizeException e) {
                            throw new ProcessException(e);
                        }
                    } else {
                        byte[] update = PasswordBasedEncryptor.this.cipher.update(bArr, 0, read);
                        if (update != null) {
                            outputStream.write(update);
                        }
                    }
                }
            } catch (Exception e2) {
                throw new ProcessException(e2);
            }
        }
    }

    public PasswordBasedEncryptor(String str, String str2, char[] cArr, KeyDerivationFunction keyDerivationFunction) {
        this.iterationsCount = LEGACY_KDF_ITERATIONS;
        try {
            this.cipher = Cipher.getInstance(str, str2);
            this.kdf = keyDerivationFunction;
            if (isOpenSSLKDF()) {
                this.saltSize = 8;
                this.iterationsCount = 0;
            } else {
                int blockSize = this.cipher.getBlockSize();
                this.saltSize = blockSize > 0 ? blockSize : 8;
            }
            this.secretKey = SecretKeyFactory.getInstance(str, str2).generateSecret(new PBEKeySpec(cArr));
        } catch (Exception e) {
            throw new ProcessException(e);
        }
    }

    public static int getMaxAllowedKeyLength(String str) {
        if (StringUtils.isEmpty(str)) {
            return DEFAULT_MAX_ALLOWED_KEY_LENGTH;
        }
        try {
            return Cipher.getMaxAllowedKeyLength(parseCipherFromAlgorithm(str));
        } catch (NoSuchAlgorithmException e) {
            return DEFAULT_MAX_ALLOWED_KEY_LENGTH;
        }
    }

    private static String parseCipherFromAlgorithm(String str) {
        for (String str2 : Arrays.asList("AES", "TRIPLEDES", "DES", "RC4", "RC2", "TWOFISH")) {
            if (str.contains(str2)) {
                return str2.equals("TRIPLEDES") ? "DESede" : str2;
            }
        }
        return str;
    }

    public static boolean supportsUnlimitedStrength() {
        return isUnlimitedStrengthCryptographyEnabled;
    }

    @Override // org.apache.nifi.processors.standard.EncryptContent.Encryptor
    public StreamCallback getEncryptionCallback() throws ProcessException {
        try {
            byte[] bArr = new byte[this.saltSize];
            new SecureRandom().nextBytes(bArr);
            return new EncryptCallback(bArr);
        } catch (Exception e) {
            throw new ProcessException(e);
        }
    }

    @Override // org.apache.nifi.processors.standard.EncryptContent.Encryptor
    public StreamCallback getDecryptionCallback() throws ProcessException {
        return new DecryptCallback();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public int getIterationsCount() {
        return this.iterationsCount;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean isOpenSSLKDF() {
        return KeyDerivationFunction.OPENSSL_EVP_BYTES_TO_KEY.equals(this.kdf);
    }

    static {
        try {
            isUnlimitedStrengthCryptographyEnabled = Cipher.getMaxAllowedKeyLength("AES") > DEFAULT_MAX_ALLOWED_KEY_LENGTH;
        } catch (NoSuchAlgorithmException e) {
            isUnlimitedStrengthCryptographyEnabled = false;
        }
    }
}
