package org.apache.nifi.processors.standard;

import groovy.time.TimeCategory;
import groovy.time.TimeDuration;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
import java.lang.reflect.Method;
import java.nio.charset.StandardCharsets;
import java.nio.file.Paths;
import java.security.Security;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors;
import org.apache.commons.codec.DecoderException;
import org.apache.commons.codec.binary.Hex;
import org.apache.nifi.components.AllowableValue;
import org.apache.nifi.components.ValidationResult;
import org.apache.nifi.flowfile.FlowFile;
import org.apache.nifi.security.util.EncryptionMethod;
import org.apache.nifi.security.util.KeyDerivationFunction;
import org.apache.nifi.security.util.crypto.Argon2CipherProvider;
import org.apache.nifi.security.util.crypto.Argon2SecureHasher;
import org.apache.nifi.security.util.crypto.CipherUtility;
import org.apache.nifi.security.util.crypto.KeyedEncryptor;
import org.apache.nifi.security.util.crypto.PasswordBasedEncryptor;
import org.apache.nifi.security.util.crypto.RandomIVPBECipherProvider;
import org.apache.nifi.util.MockFlowFile;
import org.apache.nifi.util.MockProcessContext;
import org.apache.nifi.util.StringUtils;
import org.apache.nifi.util.TestRunner;
import org.apache.nifi.util.TestRunners;
import org.bouncycastle.bcpg.BCPGInputStream;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openpgp.PGPUtil;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:org/apache/nifi/processors/standard/TestEncryptContent.class */
public class TestEncryptContent {
    private static final List<EncryptionMethod> SUPPORTED_KEYED_ENCRYPTION_METHODS;
    static final /* synthetic */ boolean $assertionsDisabled;

    private static AllowableValue[] getPGPCipherList() {
        try {
            Method declaredMethod = EncryptContent.class.getDeclaredMethod("buildPGPSymmetricCipherAllowableValues", new Class[0]);
            declaredMethod.setAccessible(true);
            return (AllowableValue[]) declaredMethod.invoke(null, new Object[0]);
        } catch (Exception e) {
            Assertions.fail("Cannot access buildPGPSymmetricCipherAllowableValues");
            return null;
        }
    }

    @BeforeEach
    public void setUp() {
        Security.addProvider(new BouncyCastleProvider());
    }

    @Test
    public void testRoundTrip() throws IOException {
        TestRunner newTestRunner = TestRunners.newTestRunner(new EncryptContent());
        newTestRunner.setProperty(EncryptContent.PASSWORD, "short");
        newTestRunner.setProperty(EncryptContent.KEY_DERIVATION_FUNCTION, KeyDerivationFunction.NIFI_LEGACY.name());
        newTestRunner.setProperty(EncryptContent.ALLOW_WEAK_CRYPTO, "allowed");
        for (EncryptionMethod encryptionMethod : EncryptionMethod.values()) {
            if (!encryptionMethod.isUnlimitedStrength() && !encryptionMethod.isKeyedCipher()) {
                newTestRunner.setProperty(EncryptContent.ENCRYPTION_ALGORITHM, encryptionMethod.name());
                newTestRunner.setProperty(EncryptContent.MODE, "Encrypt");
                newTestRunner.enqueue(Paths.get("src/test/resources/hello.txt", new String[0]));
                newTestRunner.clearTransferState();
                newTestRunner.run();
                newTestRunner.assertAllFlowFilesTransferred(EncryptContent.REL_SUCCESS, 1);
                FlowFile flowFile = (MockFlowFile) newTestRunner.getFlowFilesForRelationship(EncryptContent.REL_SUCCESS).get(0);
                newTestRunner.assertQueueEmpty();
                newTestRunner.setProperty(EncryptContent.MODE, "Decrypt");
                newTestRunner.enqueue(new FlowFile[]{flowFile});
                newTestRunner.clearTransferState();
                newTestRunner.run();
                newTestRunner.assertAllFlowFilesTransferred(EncryptContent.REL_SUCCESS, 1);
                ((MockFlowFile) newTestRunner.getFlowFilesForRelationship(EncryptContent.REL_SUCCESS).get(0)).assertContentEquals(new File("src/test/resources/hello.txt"));
            }
        }
    }

    @Test
    public void testKeyedCiphersRoundTrip() throws IOException {
        TestRunner newTestRunner = TestRunners.newTestRunner(new EncryptContent());
        newTestRunner.setProperty(EncryptContent.RAW_KEY_HEX, StringUtils.repeat("ab", 16));
        newTestRunner.setProperty(EncryptContent.KEY_DERIVATION_FUNCTION, KeyDerivationFunction.NONE.name());
        Iterator<EncryptionMethod> it = SUPPORTED_KEYED_ENCRYPTION_METHODS.iterator();
        while (it.hasNext()) {
            newTestRunner.setProperty(EncryptContent.ENCRYPTION_ALGORITHM, it.next().name());
            newTestRunner.setProperty(EncryptContent.MODE, "Encrypt");
            newTestRunner.enqueue(Paths.get("src/test/resources/hello.txt", new String[0]));
            newTestRunner.clearTransferState();
            newTestRunner.run();
            newTestRunner.assertAllFlowFilesTransferred(EncryptContent.REL_SUCCESS, 1);
            FlowFile flowFile = (MockFlowFile) newTestRunner.getFlowFilesForRelationship(EncryptContent.REL_SUCCESS).get(0);
            newTestRunner.assertQueueEmpty();
            newTestRunner.setProperty(EncryptContent.MODE, "Decrypt");
            newTestRunner.enqueue(new FlowFile[]{flowFile});
            newTestRunner.clearTransferState();
            newTestRunner.run();
            newTestRunner.assertAllFlowFilesTransferred(EncryptContent.REL_SUCCESS, 1);
            ((MockFlowFile) newTestRunner.getFlowFilesForRelationship(EncryptContent.REL_SUCCESS).get(0)).assertContentEquals(new File("src/test/resources/hello.txt"));
        }
    }

    @Test
    public void testPGPCiphersRoundTrip() {
        TestRunner newTestRunner = TestRunners.newTestRunner(new EncryptContent());
        newTestRunner.setProperty(EncryptContent.PASSWORD, "passwordpassword");
        newTestRunner.setProperty(EncryptContent.KEY_DERIVATION_FUNCTION, KeyDerivationFunction.NONE.name());
        ArrayList arrayList = new ArrayList();
        arrayList.add("PGP");
        arrayList.add("PGP_ASCII_ARMOR");
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            newTestRunner.setProperty(EncryptContent.ENCRYPTION_ALGORITHM, (String) it.next());
            for (AllowableValue allowableValue : (AllowableValue[]) Objects.requireNonNull(getPGPCipherList())) {
                newTestRunner.setProperty(EncryptContent.PGP_SYMMETRIC_ENCRYPTION_CIPHER, allowableValue.getValue());
                newTestRunner.setProperty(EncryptContent.MODE, "Encrypt");
                newTestRunner.enqueue("A cool plaintext!");
                newTestRunner.clearTransferState();
                newTestRunner.run();
                newTestRunner.assertAllFlowFilesTransferred(EncryptContent.REL_SUCCESS, 1);
                FlowFile flowFile = (MockFlowFile) newTestRunner.getFlowFilesForRelationship(EncryptContent.REL_SUCCESS).get(0);
                newTestRunner.assertQueueEmpty();
                newTestRunner.setProperty(EncryptContent.MODE, "Decrypt");
                newTestRunner.setProperty(EncryptContent.PGP_SYMMETRIC_ENCRYPTION_CIPHER, "1");
                newTestRunner.enqueue(new FlowFile[]{flowFile});
                newTestRunner.clearTransferState();
                newTestRunner.run();
                newTestRunner.assertAllFlowFilesTransferred(EncryptContent.REL_SUCCESS, 1);
                ((MockFlowFile) newTestRunner.getFlowFilesForRelationship(EncryptContent.REL_SUCCESS).get(0)).assertContentEquals("A cool plaintext!");
            }
        }
    }

    @Test
    public void testPGPCiphers() throws Exception {
        TestRunner newTestRunner = TestRunners.newTestRunner(new EncryptContent());
        newTestRunner.setProperty(EncryptContent.PASSWORD, "passwordpassword");
        newTestRunner.setProperty(EncryptContent.KEY_DERIVATION_FUNCTION, KeyDerivationFunction.NONE.name());
        ArrayList arrayList = new ArrayList();
        arrayList.add("PGP");
        arrayList.add("PGP_ASCII_ARMOR");
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            newTestRunner.setProperty(EncryptContent.ENCRYPTION_ALGORITHM, (String) it.next());
            for (AllowableValue allowableValue : (AllowableValue[]) Objects.requireNonNull(getPGPCipherList())) {
                newTestRunner.setProperty(EncryptContent.PGP_SYMMETRIC_ENCRYPTION_CIPHER, allowableValue.getValue());
                newTestRunner.setProperty(EncryptContent.MODE, "Encrypt");
                newTestRunner.enqueue("A cool plaintext!");
                newTestRunner.clearTransferState();
                newTestRunner.run();
                newTestRunner.assertAllFlowFilesTransferred(EncryptContent.REL_SUCCESS, 1);
                MockFlowFile mockFlowFile = (MockFlowFile) newTestRunner.getFlowFilesForRelationship(EncryptContent.REL_SUCCESS).get(0);
                newTestRunner.assertQueueEmpty();
                BCPGInputStream bCPGInputStream = new BCPGInputStream(PGPUtil.getDecoderStream(new ByteArrayInputStream(mockFlowFile.toByteArray())));
                if (!$assertionsDisabled && bCPGInputStream.nextPacketTag() != 3) {
                    throw new AssertionError();
                }
                if (!$assertionsDisabled && bCPGInputStream.readPacket().getEncAlgorithm() != Integer.valueOf(allowableValue.getValue()).intValue()) {
                    throw new AssertionError();
                }
                bCPGInputStream.close();
            }
        }
    }

    @Test
    public void testShouldDetermineMaxKeySizeForAlgorithms() {
        String algorithm = EncryptionMethod.MD5_256AES.getAlgorithm();
        String algorithm2 = EncryptionMethod.MD5_DES.getAlgorithm();
        int maxAllowedKeyLength = PasswordBasedEncryptor.getMaxAllowedKeyLength(algorithm);
        int maxAllowedKeyLength2 = PasswordBasedEncryptor.getMaxAllowedKeyLength(algorithm2);
        Assertions.assertEquals(Integer.MAX_VALUE, maxAllowedKeyLength);
        Assertions.assertEquals(Integer.MAX_VALUE, maxAllowedKeyLength2);
    }

    @Test
    public void testShouldDecryptOpenSSLRawSalted() throws IOException {
        TestRunner newTestRunner = TestRunners.newTestRunner(new EncryptContent());
        EncryptionMethod encryptionMethod = EncryptionMethod.MD5_256AES;
        KeyDerivationFunction keyDerivationFunction = KeyDerivationFunction.OPENSSL_EVP_BYTES_TO_KEY;
        newTestRunner.setProperty(EncryptContent.PASSWORD, "thisIsABadPassword");
        newTestRunner.setProperty(EncryptContent.KEY_DERIVATION_FUNCTION, keyDerivationFunction.name());
        newTestRunner.setProperty(EncryptContent.ENCRYPTION_ALGORITHM, encryptionMethod.name());
        newTestRunner.setProperty(EncryptContent.MODE, "Decrypt");
        newTestRunner.enqueue(Paths.get("src/test/resources/TestEncryptContent/salted_raw.enc", new String[0]));
        newTestRunner.clearTransferState();
        newTestRunner.run();
        newTestRunner.assertAllFlowFilesTransferred(EncryptContent.REL_SUCCESS, 1);
        newTestRunner.assertQueueEmpty();
        ((MockFlowFile) newTestRunner.getFlowFilesForRelationship(EncryptContent.REL_SUCCESS).get(0)).assertContentEquals(new File("src/test/resources/TestEncryptContent/plain.txt"));
    }

    @Test
    public void testShouldDecryptOpenSSLRawUnsalted() throws IOException {
        TestRunner newTestRunner = TestRunners.newTestRunner(new EncryptContent());
        EncryptionMethod encryptionMethod = EncryptionMethod.MD5_256AES;
        KeyDerivationFunction keyDerivationFunction = KeyDerivationFunction.OPENSSL_EVP_BYTES_TO_KEY;
        newTestRunner.setProperty(EncryptContent.PASSWORD, "thisIsABadPassword");
        newTestRunner.setProperty(EncryptContent.KEY_DERIVATION_FUNCTION, keyDerivationFunction.name());
        newTestRunner.setProperty(EncryptContent.ENCRYPTION_ALGORITHM, encryptionMethod.name());
        newTestRunner.setProperty(EncryptContent.MODE, "Decrypt");
        newTestRunner.enqueue(Paths.get("src/test/resources/TestEncryptContent/unsalted_raw.enc", new String[0]));
        newTestRunner.clearTransferState();
        newTestRunner.run();
        newTestRunner.assertAllFlowFilesTransferred(EncryptContent.REL_SUCCESS, 1);
        newTestRunner.assertQueueEmpty();
        ((MockFlowFile) newTestRunner.getFlowFilesForRelationship(EncryptContent.REL_SUCCESS).get(0)).assertContentEquals(new File("src/test/resources/TestEncryptContent/plain.txt"));
    }

    @Test
    public void testDecryptSmallerThanSaltSize() {
        TestRunner newTestRunner = TestRunners.newTestRunner(EncryptContent.class);
        newTestRunner.setProperty(EncryptContent.PASSWORD, "Hello, World!");
        newTestRunner.setProperty(EncryptContent.MODE, "Decrypt");
        newTestRunner.setProperty(EncryptContent.KEY_DERIVATION_FUNCTION, KeyDerivationFunction.NIFI_LEGACY.name());
        newTestRunner.setProperty(EncryptContent.ENCRYPTION_ALGORITHM, EncryptionMethod.MD5_128AES.name());
        newTestRunner.enqueue(new byte[4]);
        newTestRunner.run();
        newTestRunner.assertAllFlowFilesTransferred(EncryptContent.REL_FAILURE, 1);
    }

    @Test
    public void testPGPDecrypt() throws IOException {
        TestRunner newTestRunner = TestRunners.newTestRunner(EncryptContent.class);
        newTestRunner.setProperty(EncryptContent.MODE, "Decrypt");
        newTestRunner.setProperty(EncryptContent.ENCRYPTION_ALGORITHM, EncryptionMethod.PGP_ASCII_ARMOR.name());
        newTestRunner.setProperty(EncryptContent.PASSWORD, "Hello, World!");
        newTestRunner.enqueue(Paths.get("src/test/resources/TestEncryptContent/text.txt.asc", new String[0]));
        newTestRunner.run();
        newTestRunner.assertAllFlowFilesTransferred(EncryptContent.REL_SUCCESS, 1);
        ((MockFlowFile) newTestRunner.getFlowFilesForRelationship(EncryptContent.REL_SUCCESS).get(0)).assertContentEquals(Paths.get("src/test/resources/TestEncryptContent/text.txt", new String[0]));
    }

    @Test
    public void testShouldValidatePGPPublicKeyringRequiresUserId() {
        TestRunner newTestRunner = TestRunners.newTestRunner(EncryptContent.class);
        newTestRunner.setProperty(EncryptContent.MODE, "Encrypt");
        newTestRunner.setProperty(EncryptContent.ENCRYPTION_ALGORITHM, EncryptionMethod.PGP.name());
        newTestRunner.setProperty(EncryptContent.PUBLIC_KEYRING, "src/test/resources/TestEncryptContent/pubring.gpg");
        newTestRunner.enqueue(new byte[0]);
        Collection validate = newTestRunner.getProcessContext().validate();
        Assertions.assertEquals(1, validate.size());
        ValidationResult validationResult = (ValidationResult) validate.toArray()[0];
        String str = " encryption without a " + EncryptContent.PASSWORD.getDisplayName() + " requires both " + EncryptContent.PUBLIC_KEYRING.getDisplayName() + " and " + EncryptContent.PUBLIC_KEY_USERID.getDisplayName();
        Assertions.assertTrue(validationResult.toString().contains(str), "'" + validationResult.toString() + "' contains '" + str + "'");
    }

    @Test
    public void testShouldValidatePGPPublicKeyringExists() {
        TestRunner newTestRunner = TestRunners.newTestRunner(EncryptContent.class);
        newTestRunner.setProperty(EncryptContent.MODE, "Encrypt");
        newTestRunner.setProperty(EncryptContent.ENCRYPTION_ALGORITHM, EncryptionMethod.PGP.name());
        newTestRunner.setProperty(EncryptContent.PUBLIC_KEYRING, "src/test/resources/TestEncryptContent/pubring.gpg.missing");
        newTestRunner.setProperty(EncryptContent.PUBLIC_KEY_USERID, "USERID");
        newTestRunner.enqueue(new byte[0]);
        Collection validate = newTestRunner.getProcessContext().validate();
        Assertions.assertEquals(1, validate.size());
        ValidationResult validationResult = (ValidationResult) validate.toArray()[0];
        Assertions.assertTrue(validationResult.toString().contains("java.io.FileNotFoundException"), "'" + validationResult.toString() + "' contains 'java.io.FileNotFoundException'");
    }

    @Test
    public void testShouldValidatePGPPublicKeyringIsProperFormat() {
        TestRunner newTestRunner = TestRunners.newTestRunner(EncryptContent.class);
        newTestRunner.setProperty(EncryptContent.MODE, "Encrypt");
        newTestRunner.setProperty(EncryptContent.ENCRYPTION_ALGORITHM, EncryptionMethod.PGP.name());
        newTestRunner.setProperty(EncryptContent.PUBLIC_KEYRING, "src/test/resources/TestEncryptContent/text.txt");
        newTestRunner.setProperty(EncryptContent.PUBLIC_KEY_USERID, "USERID");
        newTestRunner.enqueue(new byte[0]);
        Collection validate = newTestRunner.getProcessContext().validate();
        Assertions.assertEquals(1, validate.size());
        ValidationResult validationResult = (ValidationResult) validate.toArray()[0];
        Assertions.assertTrue(validationResult.toString().contains(" java.io.IOException: invalid header encountered"), "'" + validationResult.toString() + "' contains ' java.io.IOException: invalid header encountered'");
    }

    @Test
    public void testShouldValidatePGPPublicKeyringContainsUserId() {
        TestRunner newTestRunner = TestRunners.newTestRunner(EncryptContent.class);
        newTestRunner.setProperty(EncryptContent.MODE, "Encrypt");
        newTestRunner.setProperty(EncryptContent.ENCRYPTION_ALGORITHM, EncryptionMethod.PGP.name());
        newTestRunner.setProperty(EncryptContent.PUBLIC_KEYRING, "src/test/resources/TestEncryptContent/pubring.gpg");
        newTestRunner.setProperty(EncryptContent.PUBLIC_KEY_USERID, "USERID");
        newTestRunner.enqueue(new byte[0]);
        Collection validate = newTestRunner.getProcessContext().validate();
        Assertions.assertEquals(1, validate.size());
        ValidationResult validationResult = (ValidationResult) validate.toArray()[0];
        Assertions.assertTrue(validationResult.toString().contains("PGPException: Could not find a public key with the given userId"), "'" + validationResult.toString() + "' contains 'PGPException: Could not find a public key with the given userId'");
    }

    @Test
    public void testShouldExtractPGPPublicKeyFromKeyring() {
        TestRunner newTestRunner = TestRunners.newTestRunner(EncryptContent.class);
        newTestRunner.setProperty(EncryptContent.MODE, "Encrypt");
        newTestRunner.setProperty(EncryptContent.ENCRYPTION_ALGORITHM, EncryptionMethod.PGP.name());
        newTestRunner.setProperty(EncryptContent.PUBLIC_KEYRING, "src/test/resources/TestEncryptContent/pubring.gpg");
        newTestRunner.setProperty(EncryptContent.PUBLIC_KEY_USERID, "NiFi PGP Test Key (Short test key for NiFi PGP unit tests) <alopresto.apache+test@gmail.com>");
        newTestRunner.enqueue(new byte[0]);
        Assertions.assertEquals(0, newTestRunner.getProcessContext().validate().size());
    }

    @Test
    public void testValidation() {
        TestRunner newTestRunner = TestRunners.newTestRunner(EncryptContent.class);
        newTestRunner.enqueue(new byte[0]);
        Collection validate = newTestRunner.getProcessContext().validate();
        HashSet hashSet = new HashSet();
        hashSet.add("'raw-key-hex' is invalid because Raw Key (hexadecimal) is required when using algorithm AES/GCM/NoPadding and KDF KeyDerivationFunction[KDF Name=None,Description=The cipher is given a raw key conforming to the algorithm specifications]. See Admin Guide.");
        Assertions.assertEquals(hashSet.size(), validate.size(), validate.toString());
        Iterator it = validate.iterator();
        while (it.hasNext()) {
            Assertions.assertTrue(hashSet.contains(((ValidationResult) it.next()).toString()));
        }
        newTestRunner.enqueue(new byte[0]);
        newTestRunner.setProperty(EncryptContent.ENCRYPTION_ALGORITHM, EncryptionMethod.MD5_128AES.name());
        newTestRunner.setProperty(EncryptContent.KEY_DERIVATION_FUNCTION, KeyDerivationFunction.NIFI_LEGACY.name());
        newTestRunner.setProperty(EncryptContent.PASSWORD, "ThisIsAPasswordThatIsLongerThanSixteenCharacters");
        Collection validate2 = newTestRunner.getProcessContext().validate();
        Assertions.assertEquals(0, validate2.size(), validate2.toString());
        newTestRunner.removeProperty(EncryptContent.PASSWORD);
        newTestRunner.setProperty(EncryptContent.ENCRYPTION_ALGORITHM, EncryptionMethod.PGP.name());
        newTestRunner.setProperty(EncryptContent.PUBLIC_KEYRING, "src/test/resources/TestEncryptContent/text.txt");
        newTestRunner.enqueue(new byte[0]);
        Collection validate3 = newTestRunner.getProcessContext().validate();
        Assertions.assertEquals(1, validate3.size());
        Iterator it2 = validate3.iterator();
        while (it2.hasNext()) {
            Assertions.assertTrue(((ValidationResult) it2.next()).toString().contains(" encryption without a " + EncryptContent.PASSWORD.getDisplayName() + " requires both " + EncryptContent.PUBLIC_KEYRING.getDisplayName() + " and " + EncryptContent.PUBLIC_KEY_USERID.getDisplayName()));
        }
        newTestRunner.removeProperty(EncryptContent.PUBLIC_KEYRING);
        newTestRunner.removeProperty(EncryptContent.PUBLIC_KEY_USERID);
        newTestRunner.setProperty(EncryptContent.MODE, "Decrypt");
        newTestRunner.setProperty(EncryptContent.PRIVATE_KEYRING, "src/test/resources/TestEncryptContent/secring.gpg");
        newTestRunner.enqueue(new byte[0]);
        Collection validate4 = newTestRunner.getProcessContext().validate();
        Assertions.assertEquals(1, validate4.size());
        Iterator it3 = validate4.iterator();
        while (it3.hasNext()) {
            Assertions.assertTrue(((ValidationResult) it3.next()).toString().contains(" decryption without a " + EncryptContent.PASSWORD.getDisplayName() + " requires both " + EncryptContent.PRIVATE_KEYRING.getDisplayName() + " and " + EncryptContent.PRIVATE_KEYRING_PASSPHRASE.getDisplayName()));
        }
        newTestRunner.setProperty(EncryptContent.PRIVATE_KEYRING_PASSPHRASE, "PASSWORD");
        newTestRunner.enqueue(new byte[0]);
        Collection validate5 = newTestRunner.getProcessContext().validate();
        Assertions.assertEquals(1, validate5.size());
        Iterator it4 = validate5.iterator();
        while (it4.hasNext()) {
            Assertions.assertTrue(((ValidationResult) it4.next()).toString().contains(" could not be opened with the provided " + EncryptContent.PRIVATE_KEYRING_PASSPHRASE.getDisplayName()));
        }
        newTestRunner.removeProperty(EncryptContent.PRIVATE_KEYRING_PASSPHRASE);
        newTestRunner.setProperty(EncryptContent.MODE, "Encrypt");
        newTestRunner.setProperty(EncryptContent.ENCRYPTION_ALGORITHM, "PGP");
        newTestRunner.setProperty(EncryptContent.PASSWORD, "PASSWORD");
        newTestRunner.setProperty(EncryptContent.PGP_SYMMETRIC_ENCRYPTION_CIPHER, "256");
        newTestRunner.assertNotValid();
        newTestRunner.setProperty(EncryptContent.MODE, "Encrypt");
        newTestRunner.setProperty(EncryptContent.ENCRYPTION_ALGORITHM, "PGP");
        newTestRunner.setProperty(EncryptContent.PASSWORD, "PASSWORD");
        newTestRunner.setProperty(EncryptContent.PGP_SYMMETRIC_ENCRYPTION_CIPHER, "5");
        newTestRunner.assertNotValid();
        newTestRunner.setProperty(EncryptContent.MODE, "Decrypt");
        newTestRunner.setProperty(EncryptContent.ENCRYPTION_ALGORITHM, "PGP");
        newTestRunner.setProperty(EncryptContent.PASSWORD, "PASSWORD");
        newTestRunner.removeProperty(EncryptContent.PGP_SYMMETRIC_ENCRYPTION_CIPHER);
        newTestRunner.assertValid();
        newTestRunner.setProperty(EncryptContent.MODE, "Encrypt");
        newTestRunner.setProperty(EncryptContent.ENCRYPTION_ALGORITHM, "PGP");
        newTestRunner.setProperty(EncryptContent.PASSWORD, "PASSWORD");
        newTestRunner.removeProperty(EncryptContent.PGP_SYMMETRIC_ENCRYPTION_CIPHER);
        newTestRunner.assertValid();
    }

    @Test
    void testShouldValidateMaxKeySizeForAlgorithmsOnUnlimitedStrengthJVM() {
        TestRunner newTestRunner = TestRunners.newTestRunner(EncryptContent.class);
        EncryptionMethod encryptionMethod = EncryptionMethod.AES_CBC;
        String repeat = StringUtils.repeat("ab", (Math.min(PasswordBasedEncryptor.getMaxAllowedKeyLength(encryptionMethod.getAlgorithm()), 256) / 8) + 1);
        newTestRunner.setProperty(EncryptContent.MODE, "Encrypt");
        newTestRunner.setProperty(EncryptContent.ENCRYPTION_ALGORITHM, encryptionMethod.name());
        newTestRunner.setProperty(EncryptContent.KEY_DERIVATION_FUNCTION, KeyDerivationFunction.NONE.name());
        newTestRunner.setProperty(EncryptContent.RAW_KEY_HEX, repeat);
        newTestRunner.enqueue(new byte[0]);
        Collection validate = newTestRunner.getProcessContext().validate();
        Assertions.assertEquals(1, validate.size());
        ValidationResult validationResult = (ValidationResult) validate.iterator().next();
        Assertions.assertTrue(validationResult.toString().contains("'raw-key-hex' is invalid because Key must be valid length [128, 192, 256]"), "'" + validationResult.toString() + "' contains ''raw-key-hex' is invalid because Key must be valid length [128, 192, 256]'");
    }

    @Test
    void testShouldValidateKeyFormatAndSizeForAlgorithms() {
        TestRunner newTestRunner = TestRunners.newTestRunner(EncryptContent.class);
        EncryptionMethod encryptionMethod = EncryptionMethod.AES_CBC;
        String repeat = StringUtils.repeat("ab", 15);
        newTestRunner.setProperty(EncryptContent.MODE, "Encrypt");
        newTestRunner.setProperty(EncryptContent.ENCRYPTION_ALGORITHM, encryptionMethod.name());
        newTestRunner.setProperty(EncryptContent.KEY_DERIVATION_FUNCTION, KeyDerivationFunction.NONE.name());
        newTestRunner.setProperty(EncryptContent.RAW_KEY_HEX, repeat);
        newTestRunner.enqueue(new byte[0]);
        Collection validate = newTestRunner.getProcessContext().validate();
        Assertions.assertEquals(1, validate.size());
        ValidationResult validationResult = (ValidationResult) validate.iterator().next();
        Assertions.assertTrue(validationResult.toString().contains("'raw-key-hex' is invalid because Key must be valid length [128, 192, 256]"), "'" + validationResult.toString() + "' contains ''raw-key-hex' is invalid because Key must be valid length [128, 192, 256]'");
    }

    @Test
    void testShouldValidateKDFWhenKeyedCipherSelected() {
        TestRunner newTestRunner = TestRunners.newTestRunner(EncryptContent.class);
        String repeat = StringUtils.repeat("ab", 16);
        newTestRunner.setProperty(EncryptContent.MODE, "Encrypt");
        for (EncryptionMethod encryptionMethod : SUPPORTED_KEYED_ENCRYPTION_METHODS) {
            newTestRunner.setProperty(EncryptContent.ENCRYPTION_ALGORITHM, encryptionMethod.name());
            Iterator it = Arrays.asList(KeyDerivationFunction.NIFI_LEGACY, KeyDerivationFunction.OPENSSL_EVP_BYTES_TO_KEY).iterator();
            while (it.hasNext()) {
                newTestRunner.setProperty(EncryptContent.KEY_DERIVATION_FUNCTION, ((KeyDerivationFunction) it.next()).name());
                newTestRunner.setProperty(EncryptContent.RAW_KEY_HEX, repeat);
                newTestRunner.removeProperty(EncryptContent.PASSWORD);
                newTestRunner.enqueue(new byte[0]);
                Collection validate = newTestRunner.getProcessContext().validate();
                Assertions.assertEquals(1, validate.size());
                ValidationResult validationResult = (ValidationResult) validate.iterator().next();
                String format = String.format("'key-derivation-function' is invalid because Key Derivation Function is required to be BCRYPT, SCRYPT, PBKDF2, ARGON2, NONE when using algorithm %s", encryptionMethod.getAlgorithm());
                Assertions.assertTrue(validationResult.toString().contains(format), "'" + validationResult.toString() + "' contains '" + format + "'");
            }
            newTestRunner.setProperty(EncryptContent.KEY_DERIVATION_FUNCTION, KeyDerivationFunction.NONE.name());
            newTestRunner.setProperty(EncryptContent.RAW_KEY_HEX, repeat);
            newTestRunner.removeProperty(EncryptContent.PASSWORD);
            newTestRunner.enqueue(new byte[0]);
            Assertions.assertTrue(newTestRunner.getProcessContext().validate().isEmpty());
            Iterator it2 = Arrays.asList(KeyDerivationFunction.BCRYPT, KeyDerivationFunction.SCRYPT, KeyDerivationFunction.PBKDF2, KeyDerivationFunction.ARGON2).iterator();
            while (it2.hasNext()) {
                newTestRunner.setProperty(EncryptContent.KEY_DERIVATION_FUNCTION, ((KeyDerivationFunction) it2.next()).name());
                newTestRunner.setProperty(EncryptContent.PASSWORD, "thisIsABadPassword");
                newTestRunner.removeProperty(EncryptContent.RAW_KEY_HEX);
                newTestRunner.enqueue(new byte[0]);
                Assertions.assertTrue(newTestRunner.getProcessContext().validate().isEmpty());
            }
        }
    }

    @Test
    void testShouldValidateKeyMaterialSourceWhenKeyedCipherSelected() {
        TestRunner newTestRunner = TestRunners.newTestRunner(EncryptContent.class);
        String repeat = StringUtils.repeat("ab", 16);
        newTestRunner.setProperty(EncryptContent.MODE, "Encrypt");
        KeyDerivationFunction keyDerivationFunction = KeyDerivationFunction.NONE;
        for (EncryptionMethod encryptionMethod : SUPPORTED_KEYED_ENCRYPTION_METHODS) {
            newTestRunner.setProperty(EncryptContent.ENCRYPTION_ALGORITHM, encryptionMethod.name());
            newTestRunner.setProperty(EncryptContent.KEY_DERIVATION_FUNCTION, keyDerivationFunction.name());
            newTestRunner.setProperty(EncryptContent.RAW_KEY_HEX, repeat);
            newTestRunner.removeProperty(EncryptContent.PASSWORD);
            newTestRunner.enqueue(new byte[0]);
            Assertions.assertTrue(newTestRunner.getProcessContext().validate().isEmpty());
            for (KeyDerivationFunction keyDerivationFunction2 : (List) Arrays.stream(KeyDerivationFunction.values()).filter(keyDerivationFunction3 -> {
                return keyDerivationFunction3.isStrongKDF();
            }).collect(Collectors.toList())) {
                newTestRunner.setProperty(EncryptContent.ENCRYPTION_ALGORITHM, encryptionMethod.name());
                newTestRunner.setProperty(EncryptContent.KEY_DERIVATION_FUNCTION, keyDerivationFunction2.name());
                newTestRunner.removeProperty(EncryptContent.RAW_KEY_HEX);
                newTestRunner.setProperty(EncryptContent.PASSWORD, "thisIsABadPassword");
                newTestRunner.enqueue(new byte[0]);
                Assertions.assertTrue(newTestRunner.getProcessContext().validate().isEmpty());
            }
        }
    }

    @Test
    void testShouldValidateKDFWhenPBECipherSelected() {
        TestRunner newTestRunner = TestRunners.newTestRunner(EncryptContent.class);
        List<EncryptionMethod> list = (List) Arrays.stream(EncryptionMethod.values()).filter(encryptionMethod -> {
            return encryptionMethod.getAlgorithm().startsWith("PBE");
        }).collect(Collectors.toList());
        newTestRunner.setProperty(EncryptContent.MODE, "Encrypt");
        newTestRunner.setProperty(EncryptContent.PASSWORD, "short");
        newTestRunner.setProperty(EncryptContent.ALLOW_WEAK_CRYPTO, "allowed");
        for (EncryptionMethod encryptionMethod2 : list) {
            newTestRunner.setProperty(EncryptContent.ENCRYPTION_ALGORITHM, encryptionMethod2.name());
            Iterator it = Arrays.asList(KeyDerivationFunction.NONE, KeyDerivationFunction.BCRYPT, KeyDerivationFunction.SCRYPT, KeyDerivationFunction.PBKDF2, KeyDerivationFunction.ARGON2).iterator();
            while (it.hasNext()) {
                newTestRunner.setProperty(EncryptContent.KEY_DERIVATION_FUNCTION, ((KeyDerivationFunction) it.next()).name());
                newTestRunner.enqueue(new byte[0]);
                Collection validate = newTestRunner.getProcessContext().validate();
                Assertions.assertEquals(1, validate.size());
                ValidationResult validationResult = (ValidationResult) validate.iterator().next();
                String format = String.format("'Key Derivation Function' is invalid because Key Derivation Function is required to be NIFI_LEGACY, OPENSSL_EVP_BYTES_TO_KEY when using algorithm %s", encryptionMethod2.getAlgorithm());
                Assertions.assertTrue(validationResult.toString().contains(format), "'" + validationResult.toString() + "' contains '" + format + "'");
            }
            Iterator it2 = Arrays.asList(KeyDerivationFunction.NIFI_LEGACY, KeyDerivationFunction.OPENSSL_EVP_BYTES_TO_KEY).iterator();
            while (it2.hasNext()) {
                newTestRunner.setProperty(EncryptContent.KEY_DERIVATION_FUNCTION, ((KeyDerivationFunction) it2.next()).name());
                newTestRunner.enqueue(new byte[0]);
                Assertions.assertEquals(0, newTestRunner.getProcessContext().validate().size());
            }
        }
    }

    @Test
    void testDecryptAesCbcNoPadding() throws DecoderException, IOException {
        TestRunner newTestRunner = TestRunners.newTestRunner(new EncryptContent());
        String repeat = StringUtils.repeat("ab", 16);
        newTestRunner.setProperty(EncryptContent.RAW_KEY_HEX, repeat);
        newTestRunner.setProperty(EncryptContent.KEY_DERIVATION_FUNCTION, KeyDerivationFunction.NONE.name());
        newTestRunner.setProperty(EncryptContent.ENCRYPTION_ALGORITHM, EncryptionMethod.AES_CBC_NO_PADDING.name());
        newTestRunner.setProperty(EncryptContent.MODE, "Decrypt");
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream("ExactBlockSizeRequiredForProcess".getBytes(StandardCharsets.UTF_8));
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        new KeyedEncryptor(EncryptionMethod.AES_CBC_NO_PADDING, Hex.decodeHex(repeat)).getEncryptionCallback().process(byteArrayInputStream, byteArrayOutputStream);
        byteArrayOutputStream.close();
        newTestRunner.enqueue(byteArrayOutputStream.toByteArray());
        newTestRunner.run();
        newTestRunner.assertAllFlowFilesTransferred(EncryptContent.REL_SUCCESS, 1);
        ((MockFlowFile) newTestRunner.getFlowFilesForRelationship(EncryptContent.REL_SUCCESS).get(0)).assertContentEquals("ExactBlockSizeRequiredForProcess");
    }

    @Test
    void testArgon2EncryptionShouldWriteAttributesWithEncryptionMetadata() throws ParseException {
        TestRunner newTestRunner = TestRunners.newTestRunner(new EncryptContent());
        KeyDerivationFunction keyDerivationFunction = KeyDerivationFunction.ARGON2;
        EncryptionMethod encryptionMethod = EncryptionMethod.AES_CBC;
        newTestRunner.setProperty(EncryptContent.PASSWORD, "thisIsABadPassword");
        newTestRunner.setProperty(EncryptContent.KEY_DERIVATION_FUNCTION, keyDerivationFunction.name());
        newTestRunner.setProperty(EncryptContent.ENCRYPTION_ALGORITHM, encryptionMethod.name());
        newTestRunner.setProperty(EncryptContent.MODE, "Encrypt");
        newTestRunner.enqueue("This is a plaintext message. ");
        newTestRunner.clearTransferState();
        newTestRunner.run();
        newTestRunner.assertAllFlowFilesTransferred(EncryptContent.REL_SUCCESS, 1);
        MockFlowFile mockFlowFile = (MockFlowFile) newTestRunner.getFlowFilesForRelationship(EncryptContent.REL_SUCCESS).get(0);
        newTestRunner.assertQueueEmpty();
        byte[] data = mockFlowFile.getData();
        int findSequence = CipherUtility.findSequence(data, RandomIVPBECipherProvider.IV_DELIMITER);
        byte[] extractFullSaltFromCipherBytes = extractFullSaltFromCipherBytes(data);
        String str = new String(extractFullSaltFromCipherBytes);
        String extractRawSaltHexFromFullSalt = extractRawSaltHexFromFullSalt(extractFullSaltFromCipherBytes, keyDerivationFunction);
        String encodeHexString = Hex.encodeHexString(Arrays.copyOfRange(data, findSequence - 16, findSequence));
        Assertions.assertTrue(calculateTimestampDifference(new Date(), mockFlowFile.getAttribute("encryptcontent.timestamp")).toMilliseconds() < 1000);
        Assertions.assertEquals(encryptionMethod.name(), mockFlowFile.getAttribute("encryptcontent.algorithm"));
        Assertions.assertEquals(keyDerivationFunction.name(), mockFlowFile.getAttribute("encryptcontent.kdf"));
        Assertions.assertEquals("encrypted", mockFlowFile.getAttribute("encryptcontent.action"));
        Assertions.assertEquals(extractRawSaltHexFromFullSalt, mockFlowFile.getAttribute("encryptcontent.salt"));
        Assertions.assertEquals("16", mockFlowFile.getAttribute("encryptcontent.salt_length"));
        Assertions.assertEquals(str, mockFlowFile.getAttribute("encryptcontent.kdf_salt"));
        int intValue = Integer.valueOf(mockFlowFile.getAttribute("encryptcontent.kdf_salt_length")).intValue();
        Assertions.assertTrue(intValue >= 29 && intValue <= 54);
        Assertions.assertEquals(encodeHexString, mockFlowFile.getAttribute("encryptcontent.iv"));
        Assertions.assertEquals("16", mockFlowFile.getAttribute("encryptcontent.iv_length"));
        Assertions.assertEquals(String.valueOf("This is a plaintext message. ".length()), mockFlowFile.getAttribute("encryptcontent.plaintext_length"));
        Assertions.assertEquals(String.valueOf(data.length), mockFlowFile.getAttribute("encryptcontent.cipher_text_length"));
    }

    @Test
    void testKeyedEncryptionShouldWriteAttributesWithEncryptionMetadata() throws ParseException {
        TestRunner newTestRunner = TestRunners.newTestRunner(new EncryptContent());
        KeyDerivationFunction keyDerivationFunction = KeyDerivationFunction.NONE;
        EncryptionMethod encryptionMethod = EncryptionMethod.AES_CBC;
        newTestRunner.setProperty(EncryptContent.RAW_KEY_HEX, "0123456789ABCDEFFEDCBA9876543210");
        newTestRunner.setProperty(EncryptContent.KEY_DERIVATION_FUNCTION, keyDerivationFunction.name());
        newTestRunner.setProperty(EncryptContent.ENCRYPTION_ALGORITHM, encryptionMethod.name());
        newTestRunner.setProperty(EncryptContent.MODE, "Encrypt");
        newTestRunner.enqueue("This is a plaintext message. ");
        newTestRunner.clearTransferState();
        newTestRunner.run();
        newTestRunner.assertAllFlowFilesTransferred(EncryptContent.REL_SUCCESS, 1);
        MockFlowFile mockFlowFile = (MockFlowFile) newTestRunner.getFlowFilesForRelationship(EncryptContent.REL_SUCCESS).get(0);
        newTestRunner.assertQueueEmpty();
        byte[] data = mockFlowFile.getData();
        int findSequence = CipherUtility.findSequence(data, RandomIVPBECipherProvider.IV_DELIMITER);
        Assertions.assertEquals(16, findSequence);
        Assertions.assertTrue(calculateTimestampDifference(new Date(), mockFlowFile.getAttribute("encryptcontent.timestamp")).toMilliseconds() < 1000);
        String encodeHexString = Hex.encodeHexString(Arrays.copyOfRange(data, 0, findSequence));
        int calculateCipherTextLength = CipherUtility.calculateCipherTextLength("This is a plaintext message. ".length(), 0);
        Assertions.assertEquals(encryptionMethod.name(), mockFlowFile.getAttribute("encryptcontent.algorithm"));
        Assertions.assertEquals(keyDerivationFunction.name(), mockFlowFile.getAttribute("encryptcontent.kdf"));
        Assertions.assertEquals("encrypted", mockFlowFile.getAttribute("encryptcontent.action"));
        Assertions.assertEquals(encodeHexString, mockFlowFile.getAttribute("encryptcontent.iv"));
        Assertions.assertEquals("16", mockFlowFile.getAttribute("encryptcontent.iv_length"));
        Assertions.assertEquals(String.valueOf("This is a plaintext message. ".length()), mockFlowFile.getAttribute("encryptcontent.plaintext_length"));
        Assertions.assertEquals(String.valueOf(calculateCipherTextLength), mockFlowFile.getAttribute("encryptcontent.cipher_text_length"));
    }

    @Test
    void testDifferentCompatibleConfigurations() throws Exception {
        TestRunner newTestRunner = TestRunners.newTestRunner(new EncryptContent());
        KeyDerivationFunction keyDerivationFunction = KeyDerivationFunction.ARGON2;
        EncryptionMethod encryptionMethod = EncryptionMethod.AES_CBC;
        int parseKeyLengthFromAlgorithm = CipherUtility.parseKeyLengthFromAlgorithm(encryptionMethod.getAlgorithm());
        newTestRunner.setProperty(EncryptContent.PASSWORD, "thisIsABadPassword");
        newTestRunner.setProperty(EncryptContent.KEY_DERIVATION_FUNCTION, keyDerivationFunction.name());
        newTestRunner.setProperty(EncryptContent.ENCRYPTION_ALGORITHM, encryptionMethod.name());
        newTestRunner.setProperty(EncryptContent.MODE, "Encrypt");
        newTestRunner.enqueue("This is a plaintext message. ");
        newTestRunner.clearTransferState();
        newTestRunner.run();
        MockFlowFile mockFlowFile = (MockFlowFile) newTestRunner.getFlowFilesForRelationship(EncryptContent.REL_SUCCESS).get(0);
        byte[] data = mockFlowFile.getData();
        String attribute = mockFlowFile.getAttribute("encryptcontent.kdf_salt");
        Argon2SecureHasher argon2SecureHasher = new Argon2SecureHasher(Integer.valueOf(parseKeyLengthFromAlgorithm / 8));
        byte[] bytes = attribute.getBytes(StandardCharsets.UTF_8);
        String encodeHexString = Hex.encodeHexString(argon2SecureHasher.hashRaw("thisIsABadPassword".getBytes(StandardCharsets.UTF_8), Hex.decodeHex(mockFlowFile.getAttribute("encryptcontent.salt"))));
        byte[] doFinal = new Argon2CipherProvider().getCipher(encryptionMethod, "thisIsABadPassword", bytes, Hex.decodeHex(mockFlowFile.getAttribute("encryptcontent.iv")), CipherUtility.parseKeyLengthFromAlgorithm(encryptionMethod.getAlgorithm()), false).doFinal(Arrays.copyOfRange(data, data.length - 32, data.length));
        KeyDerivationFunction keyDerivationFunction2 = KeyDerivationFunction.NONE;
        EncryptionMethod encryptionMethod2 = EncryptionMethod.AES_CBC;
        newTestRunner.setProperty(EncryptContent.RAW_KEY_HEX, encodeHexString);
        newTestRunner.setProperty(EncryptContent.KEY_DERIVATION_FUNCTION, keyDerivationFunction2.name());
        newTestRunner.setProperty(EncryptContent.ENCRYPTION_ALGORITHM, encryptionMethod2.name());
        newTestRunner.setProperty(EncryptContent.MODE, "Decrypt");
        newTestRunner.removeProperty(EncryptContent.PASSWORD);
        newTestRunner.enqueue(data);
        newTestRunner.clearTransferState();
        newTestRunner.run();
        newTestRunner.assertAllFlowFilesTransferred(EncryptContent.REL_SUCCESS, 1);
        MockFlowFile mockFlowFile2 = (MockFlowFile) newTestRunner.getFlowFilesForRelationship(EncryptContent.REL_SUCCESS).get(0);
        newTestRunner.assertQueueEmpty();
        Assertions.assertArrayEquals(doFinal, mockFlowFile2.getData());
    }

    @Test
    void testShouldCheckLengthOfPasswordWhenNotAllowed() {
        TestRunner newTestRunner = TestRunners.newTestRunner(new EncryptContent());
        newTestRunner.setProperty(EncryptContent.KEY_DERIVATION_FUNCTION, KeyDerivationFunction.NIFI_LEGACY.name());
        List<EncryptionMethod> list = (List) Arrays.stream(EncryptionMethod.values()).filter(encryptionMethod -> {
            return encryptionMethod.getAlgorithm().startsWith("PBE");
        }).collect(Collectors.toList());
        newTestRunner.setProperty(EncryptContent.ALLOW_WEAK_CRYPTO, "not-allowed");
        for (EncryptionMethod encryptionMethod2 : list) {
            String repeat = StringUtils.repeat("x", Math.min(PasswordBasedEncryptor.getMinimumSafePasswordLength() - 1, CipherUtility.getMaximumPasswordLengthForAlgorithmOnLimitedStrengthCrypto(encryptionMethod2) - 1));
            if (!encryptionMethod2.isUnlimitedStrength() && !encryptionMethod2.isKeyedCipher()) {
                newTestRunner.setProperty(EncryptContent.PASSWORD, repeat);
                newTestRunner.setProperty(EncryptContent.ENCRYPTION_ALGORITHM, encryptionMethod2.name());
                newTestRunner.setProperty(EncryptContent.MODE, "Encrypt");
                newTestRunner.clearTransferState();
                newTestRunner.enqueue(new byte[0]);
                Collection validate = newTestRunner.getProcessContext().validate();
                Assertions.assertEquals(1, validate.size());
                ValidationResult validationResult = (ValidationResult) validate.iterator().next();
                String format = String.format("'Password' is invalid because Password length less than %s characters is potentially unsafe. See Admin Guide.", Integer.valueOf(PasswordBasedEncryptor.getMinimumSafePasswordLength()));
                Assertions.assertTrue(validationResult.toString().contains(format), "'" + validationResult.toString() + "' contains '" + format + "'");
            }
        }
    }

    @Test
    void testShouldNotCheckLengthOfPasswordWhenAllowed() {
        TestRunner newTestRunner = TestRunners.newTestRunner(new EncryptContent());
        newTestRunner.setProperty(EncryptContent.KEY_DERIVATION_FUNCTION, KeyDerivationFunction.NIFI_LEGACY.name());
        List<EncryptionMethod> list = (List) Arrays.stream(EncryptionMethod.values()).filter(encryptionMethod -> {
            return encryptionMethod.getAlgorithm().startsWith("PBE");
        }).collect(Collectors.toList());
        newTestRunner.setProperty(EncryptContent.ALLOW_WEAK_CRYPTO, "allowed");
        for (EncryptionMethod encryptionMethod2 : list) {
            String repeat = StringUtils.repeat("x", Math.min(PasswordBasedEncryptor.getMinimumSafePasswordLength() - 1, CipherUtility.getMaximumPasswordLengthForAlgorithmOnLimitedStrengthCrypto(encryptionMethod2) - 1));
            if (!encryptionMethod2.isUnlimitedStrength() && !encryptionMethod2.isKeyedCipher()) {
                newTestRunner.setProperty(EncryptContent.PASSWORD, repeat);
                newTestRunner.setProperty(EncryptContent.ENCRYPTION_ALGORITHM, encryptionMethod2.name());
                newTestRunner.setProperty(EncryptContent.MODE, "Encrypt");
                newTestRunner.clearTransferState();
                newTestRunner.enqueue(new byte[0]);
                Collection validate = newTestRunner.getProcessContext().validate();
                Assertions.assertEquals(0, validate.size(), validate.toString());
            }
        }
    }

    @Test
    void testPGPPasswordShouldSupportExpressionLanguage() {
        TestRunner newTestRunner = TestRunners.newTestRunner(new EncryptContent());
        newTestRunner.setProperty(EncryptContent.MODE, "Decrypt");
        newTestRunner.setProperty(EncryptContent.ENCRYPTION_ALGORITHM, EncryptionMethod.PGP.name());
        newTestRunner.setProperty(EncryptContent.PRIVATE_KEYRING, "src/test/resources/TestEncryptContent/secring.gpg");
        newTestRunner.setProperty(EncryptContent.PRIVATE_KEYRING_PASSPHRASE, "thisIsABadPassword");
        newTestRunner.clearTransferState();
        newTestRunner.enqueue(new byte[0]);
        MockProcessContext processContext = newTestRunner.getProcessContext();
        Collection validate = processContext.validate();
        Assertions.assertEquals(0, validate.size(), validate.toString());
        newTestRunner.setProperty(EncryptContent.PRIVATE_KEYRING_PASSPHRASE, "${literal('thisIsABadPassword')}");
        newTestRunner.clearTransferState();
        newTestRunner.enqueue(new byte[0]);
        Collection validate2 = processContext.validate();
        Assertions.assertEquals(0, validate2.size(), validate2.toString());
    }

    @Test
    void testArgon2ShouldIncludeFullSalt() throws IOException {
        TestRunner newTestRunner = TestRunners.newTestRunner(new EncryptContent());
        newTestRunner.setProperty(EncryptContent.PASSWORD, "thisIsABadPassword");
        newTestRunner.setProperty(EncryptContent.KEY_DERIVATION_FUNCTION, KeyDerivationFunction.ARGON2.name());
        newTestRunner.setProperty(EncryptContent.ENCRYPTION_ALGORITHM, EncryptionMethod.AES_CBC.name());
        newTestRunner.setProperty(EncryptContent.MODE, "Encrypt");
        newTestRunner.enqueue(Paths.get("src/test/resources/hello.txt", new String[0]));
        newTestRunner.clearTransferState();
        newTestRunner.run();
        newTestRunner.assertAllFlowFilesTransferred(EncryptContent.REL_SUCCESS, 1);
        MockFlowFile mockFlowFile = (MockFlowFile) newTestRunner.getFlowFilesForRelationship(EncryptContent.REL_SUCCESS).get(0);
        newTestRunner.assertQueueEmpty();
        String content = mockFlowFile.getContent();
        String substring = content.substring(0, content.indexOf(new String(RandomIVPBECipherProvider.SALT_DELIMITER, StandardCharsets.UTF_8)));
        Assertions.assertTrue(Argon2CipherProvider.isArgon2FormattedSalt(substring));
        Assertions.assertTrue(substring.getBytes().length >= 49 && substring.getBytes().length <= 57);
    }

    private static byte[] extractFullSaltFromCipherBytes(byte[] bArr) {
        return Arrays.copyOfRange(bArr, 0, CipherUtility.findSequence(bArr, RandomIVPBECipherProvider.SALT_DELIMITER));
    }

    private static String extractRawSaltHexFromFullSalt(byte[] bArr, KeyDerivationFunction keyDerivationFunction) {
        return Hex.encodeHexString(CipherUtility.extractRawSalt(bArr, keyDerivationFunction));
    }

    private static TimeDuration calculateTimestampDifference(Date date, String str) throws ParseException {
        return TimeCategory.minus(date, new SimpleDateFormat("yyyy-MM-dd HH:mm:ss.SSS Z").parse(str));
    }

    static {
        $assertionsDisabled = !TestEncryptContent.class.desiredAssertionStatus();
        SUPPORTED_KEYED_ENCRYPTION_METHODS = (List) Arrays.stream(EncryptionMethod.values()).filter(encryptionMethod -> {
            return encryptionMethod.isKeyedCipher() && encryptionMethod != EncryptionMethod.AES_CBC_NO_PADDING;
        }).collect(Collectors.toList());
    }
}
