package org.apache.nifi.security.kms.reader;

import java.io.FileInputStream;
import java.io.IOException;
import java.nio.file.Path;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import java.util.Properties;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: input_file:org/apache/nifi/security/kms/reader/StandardFileBasedKeyReader.class */
public class StandardFileBasedKeyReader implements FileBasedKeyReader {
    protected static final String CIPHER_ALGORITHM = "AES/GCM/NoPadding";
    protected static final int IV_LENGTH_BYTES = 16;
    protected static final int TAG_SIZE_BITS = 128;
    private static final Base64.Decoder DECODER = Base64.getDecoder();
    private static final String SECRET_KEY_ALGORITHM = "AES";

    @Override // org.apache.nifi.security.kms.reader.FileBasedKeyReader
    public Map<String, SecretKey> readSecretKeys(Path path, SecretKey secretKey) {
        Objects.requireNonNull(path, "Path required");
        Objects.requireNonNull(secretKey, "Root Key required");
        HashMap hashMap = new HashMap();
        Properties properties = getProperties(path);
        for (String str : properties.stringPropertyNames()) {
            hashMap.put(str, readSecretKey(str, properties.getProperty(str), secretKey));
        }
        return hashMap;
    }

    private Properties getProperties(Path path) {
        Properties properties = new Properties();
        try {
            FileInputStream fileInputStream = new FileInputStream(path.toFile());
            Throwable th = null;
            try {
                try {
                    properties.load(fileInputStream);
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                    return properties;
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            throw new KeyReaderException(String.format("Reading Secret Keys Failed [%s]", path), e);
        }
    }

    private SecretKey readSecretKey(String str, String str2, SecretKey secretKey) {
        byte[] decode = DECODER.decode(str2);
        try {
            return new SecretKeySpec(getCipher(str, decode, secretKey).doFinal(Arrays.copyOfRange(decode, IV_LENGTH_BYTES, decode.length)), SECRET_KEY_ALGORITHM);
        } catch (BadPaddingException | IllegalBlockSizeException e) {
            throw new KeyReaderException(String.format("Key Identifier [%s] decryption failed", str), e);
        }
    }

    private Cipher getCipher(String str, byte[] bArr, SecretKey secretKey) {
        byte[] copyOfRange = Arrays.copyOfRange(bArr, 0, IV_LENGTH_BYTES);
        Cipher cipher = getCipher();
        try {
            cipher.init(2, secretKey, new GCMParameterSpec(TAG_SIZE_BITS, copyOfRange));
            return cipher;
        } catch (InvalidAlgorithmParameterException | InvalidKeyException e) {
            throw new KeyReaderException(String.format("Cipher initialization failed for Key Identifier [%s]", str), e);
        }
    }

    private Cipher getCipher() {
        try {
            return Cipher.getInstance(CIPHER_ALGORITHM);
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
            throw new KeyReaderException(String.format("Cipher Algorithm [%s] initialization failed", CIPHER_ALGORITHM), e);
        }
    }
}
