package org.apache.nifi.security.util.crypto;

import java.io.EOFException;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.NoSuchAlgorithmException;
import javax.crypto.Cipher;
import javax.crypto.spec.PBEKeySpec;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.processor.exception.ProcessException;
import org.apache.nifi.processor.io.StreamCallback;
import org.apache.nifi.processors.standard.EncryptContent;
import org.apache.nifi.security.util.EncryptionMethod;
import org.apache.nifi.security.util.KeyDerivationFunction;

/* loaded from: input_file:org/apache/nifi/security/util/crypto/PasswordBasedEncryptor.class */
public class PasswordBasedEncryptor implements EncryptContent.Encryptor {
    private EncryptionMethod encryptionMethod;
    private PBEKeySpec password;
    private KeyDerivationFunction kdf;
    private static final int DEFAULT_MAX_ALLOWED_KEY_LENGTH = 128;
    private static final int MINIMUM_SAFE_PASSWORD_LENGTH = 10;
    private static boolean isUnlimitedStrengthCryptographyEnabled;

    /* loaded from: input_file:org/apache/nifi/security/util/crypto/PasswordBasedEncryptor$DecryptCallback.class */
    private class DecryptCallback implements StreamCallback {
        public DecryptCallback() {
        }

        public void process(InputStream inputStream, OutputStream outputStream) throws IOException {
            Cipher cipher;
            NiFiLegacyCipherProvider niFiLegacyCipherProvider = (PBECipherProvider) CipherProviderFactory.getCipherProvider(PasswordBasedEncryptor.this.kdf);
            try {
                byte[] readSalt = niFiLegacyCipherProvider instanceof NiFiLegacyCipherProvider ? niFiLegacyCipherProvider.readSalt(PasswordBasedEncryptor.this.encryptionMethod, inputStream) : niFiLegacyCipherProvider.readSalt(inputStream);
                int parseKeyLengthFromAlgorithm = CipherUtility.parseKeyLengthFromAlgorithm(PasswordBasedEncryptor.this.encryptionMethod.getAlgorithm());
                try {
                    if (niFiLegacyCipherProvider instanceof RandomIVPBECipherProvider) {
                        RandomIVPBECipherProvider randomIVPBECipherProvider = (RandomIVPBECipherProvider) niFiLegacyCipherProvider;
                        cipher = randomIVPBECipherProvider.getCipher(PasswordBasedEncryptor.this.encryptionMethod, new String(PasswordBasedEncryptor.this.password.getPassword()), readSalt, randomIVPBECipherProvider.readIV(inputStream), parseKeyLengthFromAlgorithm, false);
                    } else {
                        cipher = niFiLegacyCipherProvider.getCipher(PasswordBasedEncryptor.this.encryptionMethod, new String(PasswordBasedEncryptor.this.password.getPassword()), readSalt, parseKeyLengthFromAlgorithm, false);
                    }
                    CipherUtility.processStreams(cipher, inputStream, outputStream);
                } catch (Exception e) {
                    throw new ProcessException(e);
                }
            } catch (EOFException e2) {
                throw new ProcessException("Cannot decrypt because file size is smaller than salt size", e2);
            }
        }
    }

    /* loaded from: input_file:org/apache/nifi/security/util/crypto/PasswordBasedEncryptor$EncryptCallback.class */
    private class EncryptCallback implements StreamCallback {
        public EncryptCallback() {
        }

        public void process(InputStream inputStream, OutputStream outputStream) throws IOException {
            NiFiLegacyCipherProvider niFiLegacyCipherProvider = (PBECipherProvider) CipherProviderFactory.getCipherProvider(PasswordBasedEncryptor.this.kdf);
            byte[] generateSalt = niFiLegacyCipherProvider instanceof NiFiLegacyCipherProvider ? niFiLegacyCipherProvider.generateSalt(PasswordBasedEncryptor.this.encryptionMethod) : niFiLegacyCipherProvider.generateSalt();
            niFiLegacyCipherProvider.writeSalt(generateSalt, outputStream);
            try {
                Cipher cipher = niFiLegacyCipherProvider.getCipher(PasswordBasedEncryptor.this.encryptionMethod, new String(PasswordBasedEncryptor.this.password.getPassword()), generateSalt, CipherUtility.parseKeyLengthFromAlgorithm(PasswordBasedEncryptor.this.encryptionMethod.getAlgorithm()), true);
                if (niFiLegacyCipherProvider instanceof RandomIVPBECipherProvider) {
                    ((RandomIVPBECipherProvider) niFiLegacyCipherProvider).writeIV(cipher.getIV(), outputStream);
                }
                CipherUtility.processStreams(cipher, inputStream, outputStream);
            } catch (Exception e) {
                throw new ProcessException(e);
            }
        }
    }

    public PasswordBasedEncryptor(EncryptionMethod encryptionMethod, char[] cArr, KeyDerivationFunction keyDerivationFunction) {
        try {
            if (encryptionMethod == null) {
                throw new IllegalArgumentException("Cannot initialize password-based encryptor with null encryption method");
            }
            this.encryptionMethod = encryptionMethod;
            if (keyDerivationFunction == null || keyDerivationFunction.equals(KeyDerivationFunction.NONE)) {
                throw new IllegalArgumentException("Cannot initialize password-based encryptor with null KDF");
            }
            this.kdf = keyDerivationFunction;
            if (cArr == null || cArr.length == 0) {
                throw new IllegalArgumentException("Cannot initialize password-based encryptor with empty password");
            }
            this.password = new PBEKeySpec(cArr);
        } catch (Exception e) {
            throw new ProcessException(e);
        }
    }

    public static int getMaxAllowedKeyLength(String str) {
        if (StringUtils.isEmpty(str)) {
            return DEFAULT_MAX_ALLOWED_KEY_LENGTH;
        }
        try {
            return Cipher.getMaxAllowedKeyLength(CipherUtility.parseCipherFromAlgorithm(str));
        } catch (NoSuchAlgorithmException e) {
            return DEFAULT_MAX_ALLOWED_KEY_LENGTH;
        }
    }

    public static int getMinimumSafePasswordLength() {
        return 10;
    }

    public static boolean supportsUnlimitedStrength() {
        return isUnlimitedStrengthCryptographyEnabled;
    }

    @Override // org.apache.nifi.processors.standard.EncryptContent.Encryptor
    public StreamCallback getEncryptionCallback() throws ProcessException {
        return new EncryptCallback();
    }

    @Override // org.apache.nifi.processors.standard.EncryptContent.Encryptor
    public StreamCallback getDecryptionCallback() throws ProcessException {
        return new DecryptCallback();
    }

    static {
        try {
            isUnlimitedStrengthCryptographyEnabled = Cipher.getMaxAllowedKeyLength("AES") > DEFAULT_MAX_ALLOWED_KEY_LENGTH;
        } catch (NoSuchAlgorithmException e) {
            isUnlimitedStrengthCryptographyEnabled = false;
        }
    }
}
