package org.apache.nifi.security.util.crypto;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.processor.exception.ProcessException;
import org.apache.nifi.security.util.EncryptionMethod;
import org.apache.nifi.stream.io.StreamUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/nifi-security-utils-1.9.2.jar:org/apache/nifi/security/util/crypto/OpenSSLPKCS5CipherProvider.class */
public class OpenSSLPKCS5CipherProvider implements PBECipherProvider {
    private static final int ITERATION_COUNT = 0;
    private static final int DEFAULT_SALT_LENGTH = 8;
    private static final String OPENSSL_EVP_HEADER_MARKER = "Salted__";
    private static final int OPENSSL_EVP_HEADER_SIZE = 8;
    private static final Logger logger = LoggerFactory.getLogger(OpenSSLPKCS5CipherProvider.class);
    private static final byte[] EMPTY_SALT = new byte[8];

    @Override // org.apache.nifi.security.util.crypto.PBECipherProvider
    public Cipher getCipher(EncryptionMethod encryptionMethod, String str, byte[] bArr, int i, boolean z) throws Exception {
        try {
            return getInitializedCipher(encryptionMethod, str, bArr, z);
        } catch (IllegalArgumentException e) {
            throw e;
        } catch (Exception e2) {
            throw new ProcessException("Error initializing the cipher", e2);
        }
    }

    public Cipher getCipher(EncryptionMethod encryptionMethod, String str, boolean z) throws Exception {
        return getCipher(encryptionMethod, str, new byte[0], -1, z);
    }

    public Cipher getCipher(EncryptionMethod encryptionMethod, String str, byte[] bArr, boolean z) throws Exception {
        return getCipher(encryptionMethod, str, bArr, -1, z);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Cipher getInitializedCipher(EncryptionMethod encryptionMethod, String str, byte[] bArr, boolean z) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException {
        if (encryptionMethod == null) {
            throw new IllegalArgumentException("The encryption method must be specified");
        }
        if (StringUtils.isEmpty(str)) {
            throw new IllegalArgumentException("Encryption with an empty password is not supported");
        }
        validateSalt(encryptionMethod, bArr);
        String algorithm = encryptionMethod.getAlgorithm();
        String provider = encryptionMethod.getProvider();
        SecretKey generateSecret = SecretKeyFactory.getInstance(algorithm, provider).generateSecret(new PBEKeySpec(str.toCharArray()));
        PBEParameterSpec pBEParameterSpec = new PBEParameterSpec(bArr, getIterationCount());
        Cipher cipher = Cipher.getInstance(algorithm, provider);
        cipher.init(z ? 1 : 2, generateSecret, pBEParameterSpec);
        return cipher;
    }

    protected void validateSalt(EncryptionMethod encryptionMethod, byte[] bArr) {
        if (bArr.length != 8 && bArr.length != 0) {
            throw new IllegalArgumentException("Salt must be 8 bytes US-ASCII encoded or empty");
        }
    }

    protected int getIterationCount() {
        return 0;
    }

    @Override // org.apache.nifi.security.util.crypto.PBECipherProvider
    public byte[] generateSalt() {
        byte[] bArr = new byte[getDefaultSaltLength()];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    @Override // org.apache.nifi.security.util.crypto.PBECipherProvider
    public int getDefaultSaltLength() {
        return 8;
    }

    @Override // org.apache.nifi.security.util.crypto.PBECipherProvider
    public byte[] readSalt(InputStream inputStream) throws IOException {
        if (inputStream == null) {
            throw new IllegalArgumentException("Cannot read salt from null InputStream");
        }
        byte[] bArr = new byte[8];
        byte[] bArr2 = new byte[8];
        inputStream.mark(9);
        StreamUtils.fillBuffer(inputStream, bArr2);
        if (!Arrays.equals(OPENSSL_EVP_HEADER_MARKER.getBytes(StandardCharsets.US_ASCII), bArr2)) {
            bArr = new byte[0];
            inputStream.reset();
        }
        StreamUtils.fillBuffer(inputStream, bArr);
        return bArr;
    }

    @Override // org.apache.nifi.security.util.crypto.PBECipherProvider
    public void writeSalt(byte[] bArr, OutputStream outputStream) throws IOException {
        if (outputStream == null) {
            throw new IllegalArgumentException("Cannot write salt to null OutputStream");
        }
        outputStream.write(OPENSSL_EVP_HEADER_MARKER.getBytes(StandardCharsets.US_ASCII));
        outputStream.write(bArr);
    }
}
