package org.apache.nifi.security.util.crypto;

import java.nio.charset.StandardCharsets;
import java.security.SecureRandom;
import java.util.concurrent.TimeUnit;
import org.bouncycastle.crypto.generators.Argon2BytesGenerator;
import org.bouncycastle.crypto.params.Argon2Parameters;
import org.bouncycastle.util.encoders.Base64;
import org.bouncycastle.util.encoders.Hex;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/nifi-security-utils-1.11.3.jar:org/apache/nifi/security/util/crypto/Argon2SecureHasher.class */
public class Argon2SecureHasher implements SecureHasher {
    private static final int DEFAULT_HASH_LENGTH = 32;
    private static final int DEFAULT_PARALLELISM = 1;
    private static final int DEFAULT_MEMORY = 4096;
    private static final int DEFAULT_ITERATIONS = 3;
    private final int hashLength;
    private final int memory;
    private final int parallelism;
    private final int iterations;
    private final int saltLength;
    private final boolean usingStaticSalt;
    private static final Logger logger = LoggerFactory.getLogger(Argon2SecureHasher.class);
    private static final byte[] staticSalt = "NiFi Static Salt".getBytes(StandardCharsets.UTF_8);

    public Argon2SecureHasher() {
        this(32, 4096, 1, 3, 0);
    }

    public Argon2SecureHasher(int i, int i2, int i3, int i4) {
        this(i, i2, i3, i4, 0);
    }

    public Argon2SecureHasher(int i, int i2, int i3, int i4, int i5) {
        this.hashLength = i;
        this.memory = i2;
        this.parallelism = i3;
        this.iterations = i4;
        this.saltLength = i5;
        if (i5 > 0) {
            this.usingStaticSalt = false;
        } else {
            this.usingStaticSalt = true;
            logger.debug("Configured to use static salt");
        }
    }

    public boolean isUsingStaticSalt() {
        return this.usingStaticSalt;
    }

    byte[] getSalt() {
        if (isUsingStaticSalt()) {
            return staticSalt;
        }
        SecureRandom secureRandom = new SecureRandom();
        byte[] bArr = new byte[this.saltLength];
        secureRandom.nextBytes(bArr);
        return bArr;
    }

    @Override // org.apache.nifi.security.util.crypto.SecureHasher
    public String hashHex(String str) {
        if (str == null) {
            logger.warn("Attempting to generate an Argon2 hash of null input; using empty input");
            str = "";
        }
        return Hex.toHexString(hash(str.getBytes(StandardCharsets.UTF_8)));
    }

    @Override // org.apache.nifi.security.util.crypto.SecureHasher
    public String hashBase64(String str) {
        if (str == null) {
            logger.warn("Attempting to generate an Argon2 hash of null input; using empty input");
            str = "";
        }
        return Base64.toBase64String(hash(str.getBytes(StandardCharsets.UTF_8)));
    }

    @Override // org.apache.nifi.security.util.crypto.SecureHasher
    public byte[] hashRaw(byte[] bArr) {
        return hash(bArr);
    }

    private byte[] hash(byte[] bArr) {
        byte[] salt = getSalt();
        byte[] bArr2 = new byte[this.hashLength];
        logger.debug("Creating {} byte Argon2 hash with salt [{}]", Integer.valueOf(this.hashLength), Hex.toHexString(salt));
        long nanoTime = System.nanoTime();
        Argon2Parameters build = new Argon2Parameters.Builder(2).withSalt(salt).withParallelism(this.parallelism).withMemoryAsKB(this.memory).withIterations(this.iterations).build();
        Argon2BytesGenerator argon2BytesGenerator = new Argon2BytesGenerator();
        argon2BytesGenerator.init(build);
        long nanoTime2 = System.nanoTime();
        argon2BytesGenerator.generateBytes(bArr, bArr2);
        long nanoTime3 = System.nanoTime();
        long micros = TimeUnit.NANOSECONDS.toMicros(nanoTime2 - nanoTime);
        long micros2 = TimeUnit.NANOSECONDS.toMicros(nanoTime3 - nanoTime2);
        logger.debug("Generated Argon2 hash in {} ms (init: {} µs, generate: {} µs)", new Object[]{Long.valueOf(TimeUnit.MICROSECONDS.toMillis(micros + micros2)), Long.valueOf(micros), Long.valueOf(micros2)});
        return bArr2;
    }
}
