package org.apache.nifi.security.util.crypto;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.spec.InvalidKeySpecException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.processor.exception.ProcessException;
import org.apache.nifi.security.util.EncryptionMethod;
import org.apache.nifi.stream.io.StreamUtils;

/* loaded from: input_file:WEB-INF/lib/nifi-security-utils-1.9.2.jar:org/apache/nifi/security/util/crypto/CipherUtility.class */
public class CipherUtility {
    public static final int BUFFER_SIZE = 65536;
    private static final Pattern KEY_LENGTH_PATTERN = Pattern.compile("([\\d]+)BIT");
    private static final Map<String, Integer> MAX_PASSWORD_LENGTH_BY_ALGORITHM;
    private static final int DEFAULT_MAX_ALLOWED_KEY_LENGTH = 128;

    public static String parseCipherFromAlgorithm(String str) {
        if (StringUtils.isEmpty(str)) {
            return str;
        }
        String upperCase = str.toUpperCase();
        for (String str2 : Arrays.asList("AES", "TRIPLEDES", "DESEDE", "DES", "RC4", "RC2", "TWOFISH")) {
            if (upperCase.contains(str2)) {
                return (str2.equals("TRIPLEDES") || str2.equals("DESEDE")) ? "DESede" : str2;
            }
        }
        return str;
    }

    public static int parseKeyLengthFromAlgorithm(String str) {
        int parseActualKeyLengthFromAlgorithm = parseActualKeyLengthFromAlgorithm(str);
        return parseActualKeyLengthFromAlgorithm != -1 ? parseActualKeyLengthFromAlgorithm : getDefaultKeyLengthForCipher(parseCipherFromAlgorithm(str));
    }

    private static int parseActualKeyLengthFromAlgorithm(String str) {
        Matcher matcher = KEY_LENGTH_PATTERN.matcher(str);
        if (matcher.find()) {
            return Integer.parseInt(matcher.group(1));
        }
        return -1;
    }

    public static boolean isValidKeyLength(int i, String str) {
        if (StringUtils.isEmpty(str)) {
            return false;
        }
        return getValidKeyLengthsForAlgorithm(str).contains(Integer.valueOf(i));
    }

    public static boolean isValidKeyLengthForAlgorithm(int i, String str) {
        if (StringUtils.isEmpty(str)) {
            return false;
        }
        return getValidKeyLengthsForAlgorithm(str).contains(Integer.valueOf(i));
    }

    public static List<Integer> getValidKeyLengthsForAlgorithm(String str) {
        ArrayList arrayList = new ArrayList();
        if (StringUtils.isEmpty(str)) {
            return arrayList;
        }
        int parseActualKeyLengthFromAlgorithm = parseActualKeyLengthFromAlgorithm(str);
        if (parseActualKeyLengthFromAlgorithm != -1) {
            arrayList.add(Integer.valueOf(parseActualKeyLengthFromAlgorithm));
            return arrayList;
        }
        String upperCase = parseCipherFromAlgorithm(str).toUpperCase();
        boolean z = -1;
        switch (upperCase.hashCode()) {
            case -193249660:
                if (upperCase.equals("TWOFISH")) {
                    z = 6;
                    break;
                }
                break;
            case 64687:
                if (upperCase.equals("AES")) {
                    z = 5;
                    break;
                }
                break;
            case 67570:
                if (upperCase.equals("DES")) {
                    z = true;
                    break;
                }
                break;
            case 80929:
                if (upperCase.equals("RC2")) {
                    z = 2;
                    break;
                }
                break;
            case 80931:
                if (upperCase.equals("RC4")) {
                    z = 3;
                    break;
                }
                break;
            case 80932:
                if (upperCase.equals("RC5")) {
                    z = 4;
                    break;
                }
                break;
            case 2013046356:
                if (upperCase.equals("DESEDE")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return Arrays.asList(56, 64, 112, 128, 168, 192);
            case true:
                return Arrays.asList(56, 64);
            case true:
            case true:
            case true:
                for (int i = 40; i <= 2048; i++) {
                    arrayList.add(Integer.valueOf(i));
                }
                return arrayList;
            case true:
            case true:
                return Arrays.asList(128, 192, 256);
            default:
                return arrayList;
        }
    }

    private static int getDefaultKeyLengthForCipher(String str) {
        if (StringUtils.isEmpty(str)) {
            return -1;
        }
        String upperCase = str.toUpperCase();
        boolean z = -1;
        switch (upperCase.hashCode()) {
            case 67570:
                if (upperCase.equals("DES")) {
                    z = true;
                    break;
                }
                break;
            case 80929:
                if (upperCase.equals("RC2")) {
                    z = 2;
                    break;
                }
                break;
            case 80931:
                if (upperCase.equals("RC4")) {
                    z = 3;
                    break;
                }
                break;
            case 80932:
                if (upperCase.equals("RC5")) {
                    z = 4;
                    break;
                }
                break;
            case 2013046356:
                if (upperCase.equals("DESEDE")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return 112;
            case true:
                return 64;
            case true:
            case true:
            case true:
            default:
                return 128;
        }
    }

    public static void processStreams(Cipher cipher, InputStream inputStream, OutputStream outputStream) {
        try {
            byte[] bArr = new byte[65536];
            while (true) {
                int read = inputStream.read(bArr);
                if (read <= 0) {
                    outputStream.write(cipher.doFinal());
                    return;
                } else {
                    byte[] update = cipher.update(bArr, 0, read);
                    if (update != null) {
                        outputStream.write(update);
                    }
                }
            }
        } catch (Exception e) {
            throw new ProcessException(e);
        }
    }

    /* JADX WARN: Type inference failed for: r3v3, types: [byte[], byte[][]] */
    public static byte[] readBytesFromInputStream(InputStream inputStream, String str, int i, byte[] bArr) throws IOException, ProcessException {
        if (inputStream == null) {
            throw new IllegalArgumentException("Cannot read " + str + " from null InputStream");
        }
        inputStream.mark(i);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        if (StreamUtils.copyExclusive(inputStream, byteArrayOutputStream, i + bArr.length, new byte[]{bArr}) != null) {
            return byteArrayOutputStream.toByteArray();
        }
        inputStream.reset();
        return null;
    }

    public static void writeBytesToOutputStream(OutputStream outputStream, byte[] bArr, String str, byte[] bArr2) throws IOException {
        if (outputStream == null) {
            throw new IllegalArgumentException("Cannot write " + str + " to null OutputStream");
        }
        outputStream.write(bArr);
        outputStream.write(bArr2);
    }

    public static String encodeBase64NoPadding(byte[] bArr) {
        return Base64.encodeBase64URLSafeString(bArr).replaceAll("-", "+").replaceAll("_", "/");
    }

    public static boolean passwordLengthIsValidForAlgorithmOnLimitedStrengthCrypto(int i, EncryptionMethod encryptionMethod) {
        if (encryptionMethod == null) {
            throw new IllegalArgumentException("Cannot evaluate an empty encryption method algorithm");
        }
        return i <= getMaximumPasswordLengthForAlgorithmOnLimitedStrengthCrypto(encryptionMethod);
    }

    public static int getMaximumPasswordLengthForAlgorithmOnLimitedStrengthCrypto(EncryptionMethod encryptionMethod) {
        if (encryptionMethod == null) {
            throw new IllegalArgumentException("Cannot evaluate an empty encryption method algorithm");
        }
        return MAX_PASSWORD_LENGTH_BY_ALGORITHM.getOrDefault(encryptionMethod.getAlgorithm(), -1).intValue();
    }

    public static boolean isUnlimitedStrengthCryptoSupported() {
        try {
            return Cipher.getMaxAllowedKeyLength("AES") > 128;
        } catch (NoSuchAlgorithmException e) {
            return false;
        }
    }

    public static boolean isPBECipher(String str) {
        EncryptionMethod forAlgorithm = EncryptionMethod.forAlgorithm(str);
        return forAlgorithm != null && forAlgorithm.isPBECipher();
    }

    public static boolean isKeyedCipher(String str) {
        EncryptionMethod forAlgorithm = EncryptionMethod.forAlgorithm(str);
        return forAlgorithm != null && forAlgorithm.isKeyedCipher();
    }

    public static Cipher initPBECipher(String str, String str2, String str3, byte[] bArr, int i, boolean z) throws IllegalArgumentException {
        try {
            SecretKey generateSecret = SecretKeyFactory.getInstance(str, str2).generateSecret(new PBEKeySpec(str3.toCharArray()));
            PBEParameterSpec pBEParameterSpec = new PBEParameterSpec(bArr, i);
            Cipher cipher = Cipher.getInstance(str, str2);
            cipher.init(z ? 1 : 2, generateSecret, pBEParameterSpec);
            return cipher;
        } catch (InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException | NoSuchPaddingException e) {
            throw new IllegalArgumentException("One or more parameters to initialize the PBE cipher were invalid", e);
        }
    }

    public static int getIterationCountForAlgorithm(String str) {
        int i = 0;
        if (str.matches("DES|RC|SHAA|SHA256")) {
            i = 1000;
        }
        return i;
    }

    public static int getSaltLengthForAlgorithm(String str) {
        int i = 16;
        if (str.contains("DES") || str.contains("RC")) {
            i = 8;
        }
        return i;
    }

    static {
        HashMap hashMap = new HashMap();
        hashMap.put("PBEWITHMD5AND128BITAES-CBC-OPENSSL", 16);
        hashMap.put("PBEWITHMD5AND192BITAES-CBC-OPENSSL", 16);
        hashMap.put("PBEWITHMD5AND256BITAES-CBC-OPENSSL", 16);
        hashMap.put("PBEWITHMD5ANDDES", 16);
        hashMap.put("PBEWITHMD5ANDRC2", 16);
        hashMap.put("PBEWITHSHA1ANDRC2", 16);
        hashMap.put("PBEWITHSHA1ANDDES", 16);
        hashMap.put("PBEWITHSHAAND128BITAES-CBC-BC", 7);
        hashMap.put("PBEWITHSHAAND192BITAES-CBC-BC", 7);
        hashMap.put("PBEWITHSHAAND256BITAES-CBC-BC", 7);
        hashMap.put("PBEWITHSHAAND40BITRC2-CBC", 7);
        hashMap.put("PBEWITHSHAAND128BITRC2-CBC", 7);
        hashMap.put("PBEWITHSHAAND40BITRC4", 7);
        hashMap.put("PBEWITHSHAAND128BITRC4", 7);
        hashMap.put("PBEWITHSHA256AND128BITAES-CBC-BC", 7);
        hashMap.put("PBEWITHSHA256AND192BITAES-CBC-BC", 7);
        hashMap.put("PBEWITHSHA256AND256BITAES-CBC-BC", 7);
        hashMap.put("PBEWITHSHAAND2-KEYTRIPLEDES-CBC", 7);
        hashMap.put("PBEWITHSHAAND3-KEYTRIPLEDES-CBC", 7);
        hashMap.put("PBEWITHSHAANDTWOFISH-CBC", 7);
        MAX_PASSWORD_LENGTH_BY_ALGORITHM = Collections.unmodifiableMap(hashMap);
    }
}
