package org.apache.nifi.processors.cipher;

import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.function.Function;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.nifi.annotation.behavior.InputRequirement;
import org.apache.nifi.annotation.behavior.SupportsBatching;
import org.apache.nifi.annotation.behavior.WritesAttribute;
import org.apache.nifi.annotation.behavior.WritesAttributes;
import org.apache.nifi.annotation.documentation.CapabilityDescription;
import org.apache.nifi.annotation.documentation.Tags;
import org.apache.nifi.annotation.lifecycle.OnScheduled;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.components.ValidationContext;
import org.apache.nifi.components.ValidationResult;
import org.apache.nifi.expression.ExpressionLanguageScope;
import org.apache.nifi.flowfile.FlowFile;
import org.apache.nifi.processor.AbstractProcessor;
import org.apache.nifi.processor.ProcessContext;
import org.apache.nifi.processor.ProcessSession;
import org.apache.nifi.processor.Relationship;
import org.apache.nifi.processor.exception.ProcessException;
import org.apache.nifi.processor.util.StandardValidators;
import org.bouncycastle.util.encoders.Hex;

@CapabilityDescription("Calculates a Message Authentication Code using the provided Secret Key and compares it with the provided MAC property")
@InputRequirement(InputRequirement.Requirement.INPUT_REQUIRED)
@SupportsBatching
@Tags({"Authentication", "Signing", "MAC", "HMAC"})
@WritesAttributes({@WritesAttribute(attribute = VerifyContentMAC.MAC_CALCULATED_ATTRIBUTE, description = "Calculated Message Authentication Code encoded by the selected encoding"), @WritesAttribute(attribute = VerifyContentMAC.MAC_ENCODING_ATTRIBUTE, description = "The Encoding of the Hashed Message Authentication Code"), @WritesAttribute(attribute = VerifyContentMAC.MAC_ALGORITHM_ATTRIBUTE, description = "Hashed Message Authentication Code Algorithm")})
/* loaded from: input_file:org/apache/nifi/processors/cipher/VerifyContentMAC.class */
public class VerifyContentMAC extends AbstractProcessor {
    protected static final String MAC_CALCULATED_ATTRIBUTE = "mac.calculated";
    protected static final String MAC_ALGORITHM_ATTRIBUTE = "mac.algorithm";
    protected static final String MAC_ENCODING_ATTRIBUTE = "mac.encoding";
    private static final int BUFFER_SIZE = 512000;
    private SecretKeySpec secretKeySpec;
    private String macAlgorithm;
    private String macEncoding;
    protected static final String HMAC_SHA256 = "HmacSHA256";
    protected static final String HMAC_SHA512 = "HmacSHA512";
    protected static final PropertyDescriptor MAC_ALGORITHM = new PropertyDescriptor.Builder().name("mac-algorithm").displayName("Message Authentication Code Algorithm").description("Hashed Message Authentication Code Function").allowableValues(new String[]{HMAC_SHA256, HMAC_SHA512}).required(true).addValidator(StandardValidators.NON_EMPTY_VALIDATOR).build();
    protected static final PropertyDescriptor MAC_ENCODING = new PropertyDescriptor.Builder().name("message-authentication-code-encoding").displayName("Message Authentication Code Encoding").description("Encoding of the Message Authentication Code").required(true).addValidator(StandardValidators.NON_EMPTY_VALIDATOR).allowableValues(new String[]{Encoding.HEXADECIMAL.name(), Encoding.BASE64.name()}).defaultValue(Encoding.HEXADECIMAL.name()).build();
    protected static final PropertyDescriptor MAC = new PropertyDescriptor.Builder().name("message-authentication-code").displayName("Message Authentication Code").description("The MAC to compare with the calculated value").required(true).addValidator(StandardValidators.NON_EMPTY_VALIDATOR).expressionLanguageSupported(ExpressionLanguageScope.FLOWFILE_ATTRIBUTES).build();
    protected static final PropertyDescriptor SECRET_KEY_ENCODING = new PropertyDescriptor.Builder().name("secret-key-encoding").displayName("Secret Key Encoding").description("Encoding of the Secret Key").required(true).addValidator(StandardValidators.NON_EMPTY_VALIDATOR).allowableValues(new String[]{Encoding.UTF8.name(), Encoding.HEXADECIMAL.name(), Encoding.BASE64.name()}).defaultValue(Encoding.HEXADECIMAL.name()).build();
    protected static final PropertyDescriptor SECRET_KEY = new PropertyDescriptor.Builder().name("secret-key").displayName("Secret Key").description("Secret key to calculate the hash").required(true).addValidator(StandardValidators.NON_EMPTY_VALIDATOR).sensitive(true).build();
    protected static final Relationship FAILURE = new Relationship.Builder().name("failure").description("Signature Verification Failed").build();
    protected static final Relationship SUCCESS = new Relationship.Builder().name("success").description("Signature Verification Succeeded").build();
    private static final List<PropertyDescriptor> PROPERTIES = Collections.unmodifiableList(Arrays.asList(MAC_ALGORITHM, MAC_ENCODING, MAC, SECRET_KEY_ENCODING, SECRET_KEY));
    private static final Set<Relationship> RELATIONSHIPS = Collections.unmodifiableSet(new HashSet(Arrays.asList(SUCCESS, FAILURE)));

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/nifi/processors/cipher/VerifyContentMAC$Encoding.class */
    public enum Encoding {
        HEXADECIMAL(Hex::toHexString, Hex::decode),
        BASE64(bArr -> {
            return Base64.getEncoder().encodeToString(bArr);
        }, str -> {
            return Base64.getDecoder().decode(str);
        }),
        UTF8(bArr2 -> {
            return new String(bArr2, StandardCharsets.UTF_8);
        }, str2 -> {
            return str2.getBytes(StandardCharsets.UTF_8);
        });

        private final Function<byte[], String> encodeFunction;
        private final Function<String, byte[]> decodeFunction;

        Encoding(Function function, Function function2) {
            this.decodeFunction = function2;
            this.encodeFunction = function;
        }

        public byte[] decode(String str) {
            return this.decodeFunction.apply(str);
        }

        public String encode(byte[] bArr) {
            return this.encodeFunction.apply(bArr);
        }
    }

    @OnScheduled
    public void setUp(ProcessContext processContext) {
        this.macAlgorithm = processContext.getProperty(MAC_ALGORITHM).getValue();
        this.macEncoding = processContext.getProperty(MAC_ENCODING).getValue();
        String value = processContext.getProperty(SECRET_KEY_ENCODING).getValue();
        this.secretKeySpec = new SecretKeySpec(Encoding.valueOf(value).decode(processContext.getProperty(SECRET_KEY).getValue()), this.macAlgorithm);
    }

    public Set<Relationship> getRelationships() {
        return RELATIONSHIPS;
    }

    public void onTrigger(ProcessContext processContext, ProcessSession processSession) {
        FlowFile flowFile = processSession.get();
        if (flowFile == null) {
            return;
        }
        try {
            byte[] decode = Encoding.valueOf(this.macEncoding).decode(processContext.getProperty(MAC).evaluateAttributeExpressions(flowFile).getValue());
            byte[] calculatedMac = getCalculatedMac(processSession, flowFile);
            FlowFile flowFileAttributes = setFlowFileAttributes(processSession, flowFile, calculatedMac);
            if (MessageDigest.isEqual(decode, calculatedMac)) {
                processSession.transfer(flowFileAttributes, SUCCESS);
            } else {
                getLogger().info("Verification Failed with Message Authentication Code Algorithm [{}]", new Object[]{this.macAlgorithm});
                processSession.transfer(flowFileAttributes, FAILURE);
            }
        } catch (Exception e) {
            getLogger().error("Processing Failed with Message Authentication Code Algorithm [{}]", new Object[]{this.macAlgorithm, e});
            processSession.transfer(flowFile, FAILURE);
        }
    }

    protected List<PropertyDescriptor> getSupportedPropertyDescriptors() {
        return PROPERTIES;
    }

    protected Collection<ValidationResult> customValidate(ValidationContext validationContext) {
        ArrayList arrayList = new ArrayList(super.customValidate(validationContext));
        String value = validationContext.getProperty(SECRET_KEY_ENCODING).getValue();
        try {
            Encoding.valueOf(value).decode(validationContext.getProperty(SECRET_KEY).getValue());
        } catch (Exception e) {
            arrayList.add(new ValidationResult.Builder().valid(false).subject(SECRET_KEY.getDisplayName()).explanation("The provided Secret Key is not a valid " + value + " value").build());
        }
        return arrayList;
    }

    private FlowFile setFlowFileAttributes(ProcessSession processSession, FlowFile flowFile, byte[] bArr) {
        HashMap hashMap = new HashMap();
        hashMap.put(MAC_ALGORITHM_ATTRIBUTE, this.macAlgorithm);
        hashMap.put(MAC_ENCODING_ATTRIBUTE, this.macEncoding);
        hashMap.put(MAC_CALCULATED_ATTRIBUTE, Encoding.valueOf(this.macEncoding).encode(bArr));
        return processSession.putAllAttributes(flowFile, hashMap);
    }

    private Mac getInitializedMac() {
        try {
            Mac mac = Mac.getInstance(this.macAlgorithm);
            mac.init(this.secretKeySpec);
            return mac;
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw new ProcessException("HMAC initialization failed", e);
        }
    }

    private byte[] getCalculatedMac(ProcessSession processSession, FlowFile flowFile) {
        Mac initializedMac = getInitializedMac();
        byte[] bArr = new byte[BUFFER_SIZE];
        try {
            InputStream read = processSession.read(flowFile);
            Throwable th = null;
            while (true) {
                try {
                    try {
                        int read2 = read.read(bArr);
                        if (read2 == -1) {
                            break;
                        }
                        initializedMac.update(bArr, 0, read2);
                    } finally {
                    }
                } finally {
                }
            }
            if (read != null) {
                if (0 != 0) {
                    try {
                        read.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    read.close();
                }
            }
            return initializedMac.doFinal();
        } catch (IOException e) {
            throw new ProcessException("File processing failed", e);
        }
    }
}
