package org.apache.nifi.processors.standard.util;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Paths;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.util.Date;
import java.util.Iterator;
import org.apache.nifi.processor.exception.ProcessException;
import org.apache.nifi.processor.io.StreamCallback;
import org.apache.nifi.processors.standard.EncryptContent;
import org.bouncycastle.bcpg.ArmoredOutputStream;
import org.bouncycastle.openpgp.PGPCompressedData;
import org.bouncycastle.openpgp.PGPCompressedDataGenerator;
import org.bouncycastle.openpgp.PGPEncryptedDataGenerator;
import org.bouncycastle.openpgp.PGPEncryptedDataList;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPLiteralData;
import org.bouncycastle.openpgp.PGPLiteralDataGenerator;
import org.bouncycastle.openpgp.PGPObjectFactory;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyEncryptedData;
import org.bouncycastle.openpgp.PGPPublicKeyRing;
import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
import org.bouncycastle.openpgp.PGPUtil;

/* loaded from: input_file:org/apache/nifi/processors/standard/util/OpenPGPKeyBasedEncryptor.class */
public class OpenPGPKeyBasedEncryptor implements EncryptContent.Encryptor {
    private String algorithm;
    private String provider;
    private String keyring;
    private String userId;
    private char[] passphrase;
    private String filename;
    public static final String SECURE_RANDOM_ALGORITHM = "SHA1PRNG";

    /* loaded from: input_file:org/apache/nifi/processors/standard/util/OpenPGPKeyBasedEncryptor$OpenPGPDecryptCallback.class */
    private class OpenPGPDecryptCallback implements StreamCallback {
        private String provider;
        private String secretKeyring;
        private char[] passphrase;

        OpenPGPDecryptCallback(String str, String str2, char[] cArr) {
            this.provider = str;
            this.secretKeyring = str2;
            this.passphrase = cArr;
        }

        public void process(InputStream inputStream, OutputStream outputStream) throws IOException {
            PGPObjectFactory pGPObjectFactory = new PGPObjectFactory(PGPUtil.getDecoderStream(inputStream));
            Object nextObject = pGPObjectFactory.nextObject();
            if (!(nextObject instanceof PGPEncryptedDataList)) {
                nextObject = pGPObjectFactory.nextObject();
                if (!(nextObject instanceof PGPEncryptedDataList)) {
                    throw new ProcessException("Invalid OpenPGP data");
                }
            }
            PGPEncryptedDataList pGPEncryptedDataList = (PGPEncryptedDataList) nextObject;
            try {
                PGPSecretKeyRingCollection pGPSecretKeyRingCollection = new PGPSecretKeyRingCollection(PGPUtil.getDecoderStream(Files.newInputStream(Paths.get(this.secretKeyring, new String[0]), new OpenOption[0])));
                try {
                    PGPPrivateKey pGPPrivateKey = null;
                    PGPPublicKeyEncryptedData pGPPublicKeyEncryptedData = null;
                    Iterator encryptedDataObjects = pGPEncryptedDataList.getEncryptedDataObjects();
                    while (pGPPrivateKey == null && encryptedDataObjects.hasNext()) {
                        Object next = encryptedDataObjects.next();
                        if (!(next instanceof PGPPublicKeyEncryptedData)) {
                            throw new ProcessException("Invalid OpenPGP data");
                        }
                        pGPPublicKeyEncryptedData = (PGPPublicKeyEncryptedData) next;
                        PGPSecretKey secretKey = pGPSecretKeyRingCollection.getSecretKey(pGPPublicKeyEncryptedData.getKeyID());
                        if (secretKey != null) {
                            pGPPrivateKey = secretKey.extractPrivateKey(this.passphrase, this.provider);
                        }
                    }
                    if (pGPPrivateKey == null) {
                        throw new ProcessException("Secret keyring does not contain the key required to decrypt");
                    }
                    Object nextObject2 = new PGPObjectFactory(pGPPublicKeyEncryptedData.getDataStream(pGPPrivateKey, this.provider)).nextObject();
                    if (nextObject2 instanceof PGPCompressedData) {
                        nextObject2 = new PGPObjectFactory(((PGPCompressedData) nextObject2).getDataStream()).nextObject();
                    }
                    InputStream inputStream2 = ((PGPLiteralData) nextObject2).getInputStream();
                    byte[] bArr = new byte[4096];
                    while (true) {
                        int read = inputStream2.read(bArr);
                        if (read < 0) {
                            return;
                        } else {
                            outputStream.write(bArr, 0, read);
                        }
                    }
                } catch (Exception e) {
                    throw new ProcessException(e.getMessage());
                }
            } catch (Exception e2) {
                throw new ProcessException("Invalid secret keyring - " + e2.getMessage());
            }
        }
    }

    /* loaded from: input_file:org/apache/nifi/processors/standard/util/OpenPGPKeyBasedEncryptor$OpenPGPEncryptCallback.class */
    private class OpenPGPEncryptCallback implements StreamCallback {
        private String algorithm;
        private String provider;
        private String publicKeyring;
        private String userId;
        private String filename;

        OpenPGPEncryptCallback(String str, String str2, String str3, String str4, String str5) {
            this.algorithm = str;
            this.provider = str2;
            this.publicKeyring = str3;
            this.userId = str4;
            this.filename = str5;
        }

        public void process(InputStream inputStream, OutputStream outputStream) throws IOException {
            try {
                PGPPublicKey publicKey = OpenPGPKeyBasedEncryptor.getPublicKey(this.userId, this.publicKeyring);
                try {
                    SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
                    OutputStream outputStream2 = outputStream;
                    if (EncryptContent.isPGPArmoredAlgorithm(this.algorithm)) {
                        outputStream2 = new ArmoredOutputStream(outputStream);
                    }
                    PGPEncryptedDataGenerator pGPEncryptedDataGenerator = new PGPEncryptedDataGenerator(3, false, secureRandom, this.provider);
                    pGPEncryptedDataGenerator.addMethod(publicKey);
                    OutputStream open = pGPEncryptedDataGenerator.open(outputStream2, new byte[65536]);
                    OutputStream open2 = new PGPCompressedDataGenerator(1, 1).open(open, new byte[65536]);
                    OutputStream open3 = new PGPLiteralDataGenerator().open(open2, 'b', this.filename, new Date(), new byte[65536]);
                    byte[] bArr = new byte[4096];
                    while (true) {
                        int read = inputStream.read(bArr);
                        if (read < 0) {
                            open3.close();
                            open2.close();
                            open.close();
                            outputStream2.close();
                            return;
                        }
                        open3.write(bArr, 0, read);
                    }
                } catch (Exception e) {
                    throw new ProcessException(e.getMessage());
                }
            } catch (Exception e2) {
                throw new ProcessException("Invalid public keyring - " + e2.getMessage());
            }
        }
    }

    public OpenPGPKeyBasedEncryptor(String str, String str2, String str3, String str4, char[] cArr, String str5) {
        this.algorithm = str;
        this.provider = str2;
        this.keyring = str3;
        this.userId = str4;
        this.passphrase = cArr;
        this.filename = str5;
    }

    @Override // org.apache.nifi.processors.standard.EncryptContent.Encryptor
    public StreamCallback getEncryptionCallback() throws Exception {
        return new OpenPGPEncryptCallback(this.algorithm, this.provider, this.keyring, this.userId, this.filename);
    }

    @Override // org.apache.nifi.processors.standard.EncryptContent.Encryptor
    public StreamCallback getDecryptionCallback() throws Exception {
        return new OpenPGPDecryptCallback(this.provider, this.keyring, this.passphrase);
    }

    public static boolean validateKeyring(String str, String str2, char[] cArr) throws IOException, PGPException, NoSuchProviderException {
        Iterator keyRings = new PGPSecretKeyRingCollection(PGPUtil.getDecoderStream(Files.newInputStream(Paths.get(str2, new String[0]), new OpenOption[0]))).getKeyRings();
        if (!keyRings.hasNext()) {
            return false;
        }
        ((PGPSecretKeyRing) keyRings.next()).getSecretKey().extractPrivateKey(cArr, str);
        return true;
    }

    public static PGPPublicKey getPublicKey(String str, String str2) throws IOException, PGPException {
        Iterator keyRings = new PGPPublicKeyRingCollection(PGPUtil.getDecoderStream(Files.newInputStream(Paths.get(str2, new String[0]), new OpenOption[0]))).getKeyRings();
        while (keyRings.hasNext()) {
            Iterator publicKeys = ((PGPPublicKeyRing) keyRings.next()).getPublicKeys();
            while (publicKeys.hasNext()) {
                PGPPublicKey pGPPublicKey = (PGPPublicKey) publicKeys.next();
                boolean z = false;
                Iterator userIDs = pGPPublicKey.getUserIDs();
                while (true) {
                    if (!userIDs.hasNext()) {
                        break;
                    }
                    if (userIDs.next().toString().contains(str)) {
                        z = true;
                        break;
                    }
                }
                if (pGPPublicKey.isEncryptionKey() && z) {
                    return pGPPublicKey;
                }
            }
        }
        return null;
    }
}
