package org.apache.nifi.security.kms;

import com.bazaarvoice.jolt.modifier.TemplatrSpecBuilder;
import java.io.File;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.CharBuffer;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.KeyManagementException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.regex.Pattern;
import java.util.stream.Stream;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.util.NiFiProperties;
import org.bouncycastle.util.encoders.Hex;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/nifi-security-utils-1.10.0.jar:org/apache/nifi/security/kms/CryptoUtils.class */
public class CryptoUtils {
    private static final String STATIC_KEY_PROVIDER_CLASS_NAME = "org.apache.nifi.security.kms.StaticKeyProvider";
    private static final String FILE_BASED_KEY_PROVIDER_CLASS_NAME = "org.apache.nifi.security.kms.FileBasedKeyProvider";
    private static final String LEGACY_SKP_FQCN = "org.apache.nifi.provenance.StaticKeyProvider";
    private static final String LEGACY_FBKP_FQCN = "org.apache.nifi.provenance.FileBasedKeyProvider";
    private static final String RELATIVE_NIFI_PROPS_PATH = "conf/nifi.properties";
    private static final String BOOTSTRAP_KEY_PREFIX = "nifi.bootstrap.sensitive.key=";
    public static final int IV_LENGTH = 16;
    private static final String ENCRYPTED_FSR_CLASS_NAME = "org.apache.nifi.controller.repository.crypto.EncryptedFileSystemRepository";
    private static final Logger logger = LoggerFactory.getLogger(CryptoUtils.class);
    private static final Pattern HEX_PATTERN = Pattern.compile("(?i)^[0-9a-f]+$");
    private static final List<Integer> UNLIMITED_KEY_LENGTHS = Arrays.asList(32, 48, 64);

    public static boolean isUnlimitedStrengthCryptoAvailable() {
        try {
            return Cipher.getMaxAllowedKeyLength("AES") > 128;
        } catch (NoSuchAlgorithmException e) {
            logger.warn("Tried to determine if unlimited strength crypto is available but the AES algorithm is not available");
            return false;
        }
    }

    public static boolean isEmpty(String str) {
        return str == null || str.trim().isEmpty();
    }

    public static byte[] concatByteArrays(byte[]... bArr) throws IOException {
        int i = 0;
        for (byte[] bArr2 : bArr) {
            i += bArr2.length;
        }
        byte[] bArr3 = new byte[i];
        int i2 = 0;
        for (byte[] bArr4 : bArr) {
            System.arraycopy(bArr4, 0, bArr3, i2, bArr4.length);
            i2 += bArr4.length;
        }
        return bArr3;
    }

    public static boolean isValidKeyProvider(String str, String str2, String str3, Map<String, String> map) {
        logger.debug("Attempting to validate the key provider: keyProviderImplementation = " + str + " , keyProviderLocation = " + str2 + " , keyId = " + str3 + " , encryptionKeys = " + (map == null ? "0" : Integer.valueOf(map.size())));
        try {
            str = handleLegacyPackages(str);
            if (STATIC_KEY_PROVIDER_CLASS_NAME.equals(str)) {
                return map != null && map.values().stream().allMatch(CryptoUtils::keyIsValid) && StringUtils.isNotEmpty(str3);
            }
            if (FILE_BASED_KEY_PROVIDER_CLASS_NAME.equals(str)) {
                File file = new File(str2);
                return file.exists() && file.canRead() && StringUtils.isNotEmpty(str3);
            }
            logger.error("The attempt to validate the key provider failed keyProviderImplementation = " + str + " , keyProviderLocation = " + str2 + " , keyId = " + str3 + " , encryptionKeys = " + (map == null ? "0" : Integer.valueOf(map.size())));
            return false;
        } catch (KeyManagementException e) {
            logger.error("The attempt to validate the key provider failed keyProviderImplementation = " + str + " , keyProviderLocation = " + str2 + " , keyId = " + str3 + " , encryptionKeys = " + (map == null ? "0" : Integer.valueOf(map.size())));
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String handleLegacyPackages(String str) throws KeyManagementException {
        if (org.apache.nifi.util.StringUtils.isBlank(str)) {
            throw new KeyManagementException("Invalid key provider implementation provided: " + str);
        }
        return str.equalsIgnoreCase(LEGACY_SKP_FQCN) ? StaticKeyProvider.class.getName() : str.equalsIgnoreCase(LEGACY_FBKP_FQCN) ? FileBasedKeyProvider.class.getName() : str;
    }

    public static boolean keyIsValid(String str) {
        return isHexString(str) && (!isUnlimitedStrengthCryptoAvailable() ? str.length() != 32 : !UNLIMITED_KEY_LENGTHS.contains(Integer.valueOf(str.length())));
    }

    public static boolean isHexString(String str) {
        return StringUtils.isNotEmpty(str) && HEX_PATTERN.matcher(str).matches();
    }

    public static SecretKey formKeyFromHex(String str) throws KeyManagementException {
        if (keyIsValid(str)) {
            return new SecretKeySpec(Hex.decode(str), "AES");
        }
        throw new KeyManagementException("The provided key material is not valid");
    }

    /* JADX WARN: Code restructure failed: missing block: B:52:0x01dd, code lost:
    
        if (r0.isEmpty() == false) goto L45;
     */
    /* JADX WARN: Code restructure failed: missing block: B:54:0x01e9, code lost:
    
        throw new java.security.KeyManagementException("The provided file contained no valid keys");
     */
    /* JADX WARN: Code restructure failed: missing block: B:55:0x01ea, code lost:
    
        org.apache.nifi.security.kms.CryptoUtils.logger.info("Read " + r0.size() + " keys from FileBasedKeyProvider " + r6);
     */
    /* JADX WARN: Code restructure failed: missing block: B:56:0x0218, code lost:
    
        if (r0 == null) goto L53;
     */
    /* JADX WARN: Code restructure failed: missing block: B:58:0x021d, code lost:
    
        if (0 == 0) goto L52;
     */
    /* JADX WARN: Code restructure failed: missing block: B:59:0x0234, code lost:
    
        r0.close();
     */
    /* JADX WARN: Code restructure failed: missing block: B:61:0x0220, code lost:
    
        r0.close();
     */
    /* JADX WARN: Code restructure failed: missing block: B:63:0x0228, code lost:
    
        r16 = move-exception;
     */
    /* JADX WARN: Code restructure failed: missing block: B:64:0x022a, code lost:
    
        r0.addSuppressed(r16);
     */
    /* JADX WARN: Failed to calculate best type for var: r10v1 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r10v1 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Failed to calculate best type for var: r11v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r11v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.RegisterArg.getSVar()" because the return value of "jadx.core.dex.nodes.InsnNode.getResult()" is null
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.collectRelatedVars(AbstractTypeConstraint.java:31)
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.<init>(AbstractTypeConstraint.java:19)
    	at jadx.core.dex.visitors.typeinference.TypeSearch$1.<init>(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeMoveConstraint(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeConstraint(TypeSearch.java:361)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.collectConstraints(TypeSearch.java:341)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:60)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Not initialized variable reg: 10, insn: 0x0247: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r10 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:71:0x0247 */
    /* JADX WARN: Not initialized variable reg: 11, insn: 0x024c: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r11 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:73:0x024c */
    /* JADX WARN: Type inference failed for: r10v1, types: [java.io.BufferedReader] */
    /* JADX WARN: Type inference failed for: r11v0, types: [java.lang.Throwable] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static java.util.Map<java.lang.String, javax.crypto.SecretKey> readKeys(java.lang.String r6, javax.crypto.SecretKey r7) throws java.security.KeyManagementException {
        /*
            Method dump skipped, instructions count: 652
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.nifi.security.kms.CryptoUtils.readKeys(java.lang.String, javax.crypto.SecretKey):java.util.Map");
    }

    public static boolean isProvenanceRepositoryEncryptionConfigured(NiFiProperties niFiProperties) {
        if ("org.apache.nifi.provenance.EncryptedWriteAheadProvenanceRepository".equals(niFiProperties.getProperty("nifi.provenance.repository.implementation"))) {
            return isValidKeyProvider(niFiProperties.getProperty("nifi.provenance.repository.encryption.key.provider.implementation"), niFiProperties.getProperty("nifi.provenance.repository.encryption.key.provider.location"), niFiProperties.getProvenanceRepoEncryptionKeyId(), niFiProperties.getProvenanceRepoEncryptionKeys());
        }
        return false;
    }

    public static boolean isContentRepositoryEncryptionConfigured(NiFiProperties niFiProperties) {
        if (ENCRYPTED_FSR_CLASS_NAME.equals(niFiProperties.getProperty("nifi.content.repository.implementation"))) {
            return isValidKeyProvider(niFiProperties.getProperty("nifi.content.repository.encryption.key.provider.implementation"), niFiProperties.getProperty("nifi.content.repository.encryption.key.provider.location"), niFiProperties.getContentRepositoryEncryptionKeyId(), niFiProperties.getContentRepositoryEncryptionKeys());
        }
        return false;
    }

    public static SecretKey getMasterKey() throws KeyManagementException {
        try {
            return new SecretKeySpec(Hex.decode(extractKeyFromBootstrapFile()), "AES");
        } catch (IOException e) {
            logger.error("Encountered an error: ", e);
            throw new KeyManagementException(e);
        }
    }

    public static String extractKeyFromBootstrapFile() throws IOException {
        return extractKeyFromBootstrapFile("");
    }

    /* JADX WARN: Type inference failed for: r0v48, types: [java.util.stream.Stream, java.lang.String] */
    /* JADX WARN: Type inference failed for: r0v49, types: [java.lang.Throwable, java.io.File] */
    public static String extractKeyFromBootstrapFile(String str) throws IOException {
        File file;
        if (StringUtils.isBlank(str)) {
            File file2 = new File(new File((String) getDefaultFilePath()).getParent());
            if (!file2.exists() || !file2.canRead()) {
                logger.error("Cannot read from bootstrap.conf file at {} to extract encryption key -- conf/ directory is missing or permissions are incorrect", file2.getAbsolutePath());
                throw new IOException("Cannot read from bootstrap.conf");
            }
            file = new File(file2, "bootstrap.conf");
        } else {
            file = new File(str);
        }
        if (!file.exists() || !file.canRead()) {
            logger.error("Cannot read from bootstrap.conf file at {} to extract encryption key -- file is missing or permissions are incorrect", file.getAbsolutePath());
            throw new IOException("Cannot read from bootstrap.conf");
        }
        try {
            try {
                Stream<String> lines = Files.lines(Paths.get(file.getAbsolutePath(), new String[0]));
                Throwable th = null;
                Optional<String> findFirst = lines.filter(str2 -> {
                    return str2.startsWith(BOOTSTRAP_KEY_PREFIX);
                }).findFirst();
                if (findFirst.isPresent()) {
                    String str3 = findFirst.get().split(TemplatrSpecBuilder.FUNCTION, 2)[1];
                    if (lines != null) {
                        if (0 != 0) {
                            try {
                                lines.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            lines.close();
                        }
                    }
                    return str3;
                }
                logger.warn("No encryption key present in the bootstrap.conf file at {}", file.getAbsolutePath());
                if (lines != null) {
                    if (0 != 0) {
                        try {
                            lines.close();
                        } catch (Throwable th3) {
                            th.addSuppressed(th3);
                        }
                    } else {
                        lines.close();
                    }
                }
                return "";
            } finally {
            }
        } catch (IOException e) {
            logger.error("Cannot read from bootstrap.conf file at {} to extract encryption key", file.getAbsolutePath());
            throw new IOException("Cannot read from bootstrap.conf", e);
        }
        logger.error("Cannot read from bootstrap.conf file at {} to extract encryption key", file.getAbsolutePath());
        throw new IOException("Cannot read from bootstrap.conf", e);
    }

    public static String getDefaultFilePath() {
        String property = System.getProperty("nifi.properties.file.path");
        if (property == null || property.trim().isEmpty()) {
            logger.warn("The system variable {} is not set, so it is being set to '{}'", "nifi.properties.file.path", RELATIVE_NIFI_PROPS_PATH);
            System.setProperty("nifi.properties.file.path", RELATIVE_NIFI_PROPS_PATH);
            property = RELATIVE_NIFI_PROPS_PATH;
        }
        logger.info("Determined default nifi.properties path to be '{}'", property);
        return property;
    }

    public static boolean constantTimeEquals(String str, String str2) {
        return str == null ? str2 == null : str2 != null && constantTimeEquals(str.getBytes(StandardCharsets.UTF_8), str2.getBytes(StandardCharsets.UTF_8));
    }

    public static boolean constantTimeEquals(char[] cArr, char[] cArr2) {
        return constantTimeEquals(convertCharsToBytes(cArr), convertCharsToBytes(cArr2));
    }

    public static boolean constantTimeEquals(byte[] bArr, byte[] bArr2) {
        return MessageDigest.isEqual(bArr, bArr2);
    }

    private static byte[] convertCharsToBytes(char[] cArr) {
        ByteBuffer encode = Charset.forName("UTF-8").encode(CharBuffer.wrap(cArr));
        return Arrays.copyOfRange(encode.array(), encode.position(), encode.limit());
    }
}
