package org.apache.nifi.processors.standard.util.crypto;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.NoSuchAlgorithmException;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.processor.exception.ProcessException;
import org.apache.nifi.processor.io.StreamCallback;
import org.apache.nifi.processors.standard.EncryptContent;
import org.apache.nifi.security.util.EncryptionMethod;
import org.apache.nifi.security.util.KeyDerivationFunction;

/* loaded from: input_file:org/apache/nifi/processors/standard/util/crypto/KeyedEncryptor.class */
public class KeyedEncryptor implements EncryptContent.Encryptor {
    private EncryptionMethod encryptionMethod;
    private SecretKey key;
    private byte[] iv;
    private static final int DEFAULT_MAX_ALLOWED_KEY_LENGTH = 128;
    private static boolean isUnlimitedStrengthCryptographyEnabled;

    /* loaded from: input_file:org/apache/nifi/processors/standard/util/crypto/KeyedEncryptor$DecryptCallback.class */
    private class DecryptCallback implements StreamCallback {
        public DecryptCallback() {
        }

        public void process(InputStream inputStream, OutputStream outputStream) throws IOException {
            KeyedCipherProvider keyedCipherProvider = (KeyedCipherProvider) CipherProviderFactory.getCipherProvider(KeyDerivationFunction.NONE);
            try {
                if (KeyedEncryptor.this.iv.length == 0) {
                    KeyedEncryptor.this.iv = keyedCipherProvider.readIV(inputStream);
                }
                CipherUtility.processStreams(keyedCipherProvider.getCipher(KeyedEncryptor.this.encryptionMethod, KeyedEncryptor.this.key, KeyedEncryptor.this.iv, false), inputStream, outputStream);
            } catch (Exception e) {
                throw new ProcessException(e);
            }
        }
    }

    /* loaded from: input_file:org/apache/nifi/processors/standard/util/crypto/KeyedEncryptor$EncryptCallback.class */
    private class EncryptCallback implements StreamCallback {
        public EncryptCallback() {
        }

        public void process(InputStream inputStream, OutputStream outputStream) throws IOException {
            KeyedCipherProvider keyedCipherProvider = (KeyedCipherProvider) CipherProviderFactory.getCipherProvider(KeyDerivationFunction.NONE);
            try {
                Cipher cipher = keyedCipherProvider.getCipher(KeyedEncryptor.this.encryptionMethod, KeyedEncryptor.this.key, KeyedEncryptor.this.iv, true);
                keyedCipherProvider.writeIV(cipher.getIV(), outputStream);
                CipherUtility.processStreams(cipher, inputStream, outputStream);
            } catch (Exception e) {
                throw new ProcessException(e);
            }
        }
    }

    public KeyedEncryptor(EncryptionMethod encryptionMethod, SecretKey secretKey) {
        this(encryptionMethod, secretKey == null ? new byte[0] : secretKey.getEncoded(), new byte[0]);
    }

    public KeyedEncryptor(EncryptionMethod encryptionMethod, SecretKey secretKey, byte[] bArr) {
        this(encryptionMethod, secretKey == null ? new byte[0] : secretKey.getEncoded(), bArr);
    }

    public KeyedEncryptor(EncryptionMethod encryptionMethod, byte[] bArr) {
        this(encryptionMethod, bArr, new byte[0]);
    }

    public KeyedEncryptor(EncryptionMethod encryptionMethod, byte[] bArr, byte[] bArr2) {
        try {
            if (encryptionMethod == null) {
                throw new IllegalArgumentException("Cannot instantiate a keyed encryptor with null encryption method");
            }
            if (!encryptionMethod.isKeyedCipher()) {
                throw new IllegalArgumentException("Cannot instantiate a keyed encryptor with encryption method " + encryptionMethod.name());
            }
            this.encryptionMethod = encryptionMethod;
            if (bArr == null || bArr.length == 0) {
                throw new IllegalArgumentException("Cannot instantiate a keyed encryptor with empty key");
            }
            if (!CipherUtility.isValidKeyLengthForAlgorithm(bArr.length * 8, encryptionMethod.getAlgorithm())) {
                throw new IllegalArgumentException("Cannot instantiate a keyed encryptor with key of length " + bArr.length);
            }
            this.key = new SecretKeySpec(bArr, CipherUtility.parseCipherFromAlgorithm(encryptionMethod.getAlgorithm()));
            this.iv = bArr2;
        } catch (Exception e) {
            throw new ProcessException(e);
        }
    }

    public static int getMaxAllowedKeyLength(String str) {
        if (StringUtils.isEmpty(str)) {
            return DEFAULT_MAX_ALLOWED_KEY_LENGTH;
        }
        try {
            return Cipher.getMaxAllowedKeyLength(CipherUtility.parseCipherFromAlgorithm(str));
        } catch (NoSuchAlgorithmException e) {
            return DEFAULT_MAX_ALLOWED_KEY_LENGTH;
        }
    }

    public static boolean supportsUnlimitedStrength() {
        return isUnlimitedStrengthCryptographyEnabled;
    }

    @Override // org.apache.nifi.processors.standard.EncryptContent.Encryptor
    public StreamCallback getEncryptionCallback() throws ProcessException {
        return new EncryptCallback();
    }

    @Override // org.apache.nifi.processors.standard.EncryptContent.Encryptor
    public StreamCallback getDecryptionCallback() throws ProcessException {
        return new DecryptCallback();
    }

    static {
        try {
            isUnlimitedStrengthCryptographyEnabled = Cipher.getMaxAllowedKeyLength("AES") > DEFAULT_MAX_ALLOWED_KEY_LENGTH;
        } catch (NoSuchAlgorithmException e) {
            isUnlimitedStrengthCryptographyEnabled = false;
        }
    }
}
