package org.apache.nifi.security.util.crypto;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.SecureRandom;
import javax.crypto.Cipher;
import org.apache.nifi.processor.exception.ProcessException;
import org.apache.nifi.security.util.EncryptionMethod;
import org.apache.nifi.stream.io.StreamUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Deprecated
/* loaded from: input_file:WEB-INF/lib/nifi-security-utils-1.10.0.jar:org/apache/nifi/security/util/crypto/NiFiLegacyCipherProvider.class */
public class NiFiLegacyCipherProvider extends OpenSSLPKCS5CipherProvider implements PBECipherProvider {
    private static final Logger logger = LoggerFactory.getLogger(NiFiLegacyCipherProvider.class);
    private static final int ITERATION_COUNT = 1000;

    @Override // org.apache.nifi.security.util.crypto.OpenSSLPKCS5CipherProvider, org.apache.nifi.security.util.crypto.PBECipherProvider
    public Cipher getCipher(EncryptionMethod encryptionMethod, String str, byte[] bArr, int i, boolean z) throws Exception {
        try {
            return getInitializedCipher(encryptionMethod, str, bArr, z);
        } catch (IllegalArgumentException e) {
            throw e;
        } catch (Exception e2) {
            throw new ProcessException("Error initializing the cipher", e2);
        }
    }

    public byte[] generateSalt(EncryptionMethod encryptionMethod) {
        byte[] bArr = new byte[calculateSaltLength(encryptionMethod)];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    @Override // org.apache.nifi.security.util.crypto.OpenSSLPKCS5CipherProvider
    protected void validateSalt(EncryptionMethod encryptionMethod, byte[] bArr) {
        int calculateSaltLength = calculateSaltLength(encryptionMethod);
        if (bArr.length != calculateSaltLength && bArr.length != 0) {
            throw new IllegalArgumentException("Salt must be " + calculateSaltLength + " bytes or empty");
        }
    }

    private int calculateSaltLength(EncryptionMethod encryptionMethod) {
        try {
            Cipher cipher = Cipher.getInstance(encryptionMethod.getAlgorithm(), encryptionMethod.getProvider());
            return cipher.getBlockSize() > 0 ? cipher.getBlockSize() : getDefaultSaltLength();
        } catch (Exception e) {
            logger.warn("Encountered exception determining salt length from encryption method {}", encryptionMethod.getAlgorithm(), e);
            int defaultSaltLength = getDefaultSaltLength();
            logger.warn("Returning default length: {} bytes", Integer.valueOf(defaultSaltLength));
            return defaultSaltLength;
        }
    }

    @Override // org.apache.nifi.security.util.crypto.OpenSSLPKCS5CipherProvider, org.apache.nifi.security.util.crypto.PBECipherProvider
    public byte[] readSalt(InputStream inputStream) throws IOException, ProcessException {
        return readSalt(EncryptionMethod.AES_CBC, inputStream);
    }

    public byte[] readSalt(EncryptionMethod encryptionMethod, InputStream inputStream) throws IOException {
        if (inputStream == null) {
            throw new IllegalArgumentException("Cannot read salt from null InputStream");
        }
        int calculateSaltLength = calculateSaltLength(encryptionMethod);
        if (inputStream.available() < calculateSaltLength) {
            throw new ProcessException("The cipher stream is too small to contain the salt");
        }
        byte[] bArr = new byte[calculateSaltLength];
        StreamUtils.fillBuffer(inputStream, bArr);
        return bArr;
    }

    @Override // org.apache.nifi.security.util.crypto.OpenSSLPKCS5CipherProvider, org.apache.nifi.security.util.crypto.PBECipherProvider
    public void writeSalt(byte[] bArr, OutputStream outputStream) throws IOException {
        if (outputStream == null) {
            throw new IllegalArgumentException("Cannot write salt to null OutputStream");
        }
        outputStream.write(bArr);
    }

    @Override // org.apache.nifi.security.util.crypto.OpenSSLPKCS5CipherProvider
    protected int getIterationCount() {
        return 1000;
    }
}
