package org.apache.nifi.processors.standard;

import java.io.File;
import java.io.IOException;
import java.nio.file.Paths;
import java.security.Security;
import java.util.Collection;
import java.util.Iterator;
import org.apache.commons.codec.binary.Hex;
import org.apache.nifi.components.ValidationResult;
import org.apache.nifi.flowfile.FlowFile;
import org.apache.nifi.security.util.EncryptionMethod;
import org.apache.nifi.security.util.KeyDerivationFunction;
import org.apache.nifi.security.util.crypto.CipherUtility;
import org.apache.nifi.security.util.crypto.PasswordBasedEncryptor;
import org.apache.nifi.util.MockFlowFile;
import org.apache.nifi.util.TestRunner;
import org.apache.nifi.util.TestRunners;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.Before;
import org.junit.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/nifi/processors/standard/TestEncryptContent.class */
public class TestEncryptContent {
    private static final Logger logger;
    static final /* synthetic */ boolean $assertionsDisabled;

    @Before
    public void setUp() {
        Security.addProvider(new BouncyCastleProvider());
    }

    @Test
    public void testRoundTrip() throws IOException {
        TestRunner newTestRunner = TestRunners.newTestRunner(new EncryptContent());
        newTestRunner.setProperty(EncryptContent.PASSWORD, "short");
        newTestRunner.setProperty(EncryptContent.KEY_DERIVATION_FUNCTION, KeyDerivationFunction.NIFI_LEGACY.name());
        newTestRunner.setProperty(EncryptContent.ALLOW_WEAK_CRYPTO, "allowed");
        for (EncryptionMethod encryptionMethod : EncryptionMethod.values()) {
            if (!encryptionMethod.isUnlimitedStrength() && !encryptionMethod.isKeyedCipher()) {
                logger.info("Attempting {}", encryptionMethod.name());
                newTestRunner.setProperty(EncryptContent.ENCRYPTION_ALGORITHM, encryptionMethod.name());
                newTestRunner.setProperty(EncryptContent.MODE, "Encrypt");
                newTestRunner.enqueue(Paths.get("src/test/resources/hello.txt", new String[0]));
                newTestRunner.clearTransferState();
                newTestRunner.run();
                newTestRunner.assertAllFlowFilesTransferred(EncryptContent.REL_SUCCESS, 1);
                FlowFile flowFile = (MockFlowFile) newTestRunner.getFlowFilesForRelationship(EncryptContent.REL_SUCCESS).get(0);
                newTestRunner.assertQueueEmpty();
                newTestRunner.setProperty(EncryptContent.MODE, "Decrypt");
                newTestRunner.enqueue(new FlowFile[]{flowFile});
                newTestRunner.clearTransferState();
                newTestRunner.run();
                newTestRunner.assertAllFlowFilesTransferred(EncryptContent.REL_SUCCESS, 1);
                logger.info("Successfully decrypted {}", encryptionMethod.name());
                ((MockFlowFile) newTestRunner.getFlowFilesForRelationship(EncryptContent.REL_SUCCESS).get(0)).assertContentEquals(new File("src/test/resources/hello.txt"));
            }
        }
    }

    @Test
    public void testShouldDetermineMaxKeySizeForAlgorithms() throws IOException {
        String algorithm = EncryptionMethod.MD5_256AES.getAlgorithm();
        String algorithm2 = EncryptionMethod.MD5_DES.getAlgorithm();
        int i = PasswordBasedEncryptor.supportsUnlimitedStrength() ? Integer.MAX_VALUE : 128;
        int i2 = PasswordBasedEncryptor.supportsUnlimitedStrength() ? Integer.MAX_VALUE : 64;
        int maxAllowedKeyLength = PasswordBasedEncryptor.getMaxAllowedKeyLength(algorithm);
        int maxAllowedKeyLength2 = PasswordBasedEncryptor.getMaxAllowedKeyLength(algorithm2);
        if (!$assertionsDisabled && maxAllowedKeyLength != i) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && maxAllowedKeyLength2 != i2) {
            throw new AssertionError();
        }
    }

    @Test
    public void testShouldDecryptOpenSSLRawSalted() throws IOException {
        Assume.assumeTrue("Test is being skipped due to this JVM lacking JCE Unlimited Strength Jurisdiction Policy file.", PasswordBasedEncryptor.supportsUnlimitedStrength());
        TestRunner newTestRunner = TestRunners.newTestRunner(new EncryptContent());
        EncryptionMethod encryptionMethod = EncryptionMethod.MD5_256AES;
        KeyDerivationFunction keyDerivationFunction = KeyDerivationFunction.OPENSSL_EVP_BYTES_TO_KEY;
        newTestRunner.setProperty(EncryptContent.PASSWORD, "thisIsABadPassword");
        newTestRunner.setProperty(EncryptContent.KEY_DERIVATION_FUNCTION, keyDerivationFunction.name());
        newTestRunner.setProperty(EncryptContent.ENCRYPTION_ALGORITHM, encryptionMethod.name());
        newTestRunner.setProperty(EncryptContent.MODE, "Decrypt");
        newTestRunner.enqueue(Paths.get("src/test/resources/TestEncryptContent/salted_raw.enc", new String[0]));
        newTestRunner.clearTransferState();
        newTestRunner.run();
        newTestRunner.assertAllFlowFilesTransferred(EncryptContent.REL_SUCCESS, 1);
        newTestRunner.assertQueueEmpty();
        MockFlowFile mockFlowFile = (MockFlowFile) newTestRunner.getFlowFilesForRelationship(EncryptContent.REL_SUCCESS).get(0);
        logger.info("Decrypted contents (hex): {}", Hex.encodeHexString(mockFlowFile.toByteArray()));
        logger.info("Decrypted contents: {}", new String(mockFlowFile.toByteArray(), "UTF-8"));
        mockFlowFile.assertContentEquals(new File("src/test/resources/TestEncryptContent/plain.txt"));
    }

    @Test
    public void testShouldDecryptOpenSSLRawUnsalted() throws IOException {
        Assume.assumeTrue("Test is being skipped due to this JVM lacking JCE Unlimited Strength Jurisdiction Policy file.", PasswordBasedEncryptor.supportsUnlimitedStrength());
        TestRunner newTestRunner = TestRunners.newTestRunner(new EncryptContent());
        EncryptionMethod encryptionMethod = EncryptionMethod.MD5_256AES;
        KeyDerivationFunction keyDerivationFunction = KeyDerivationFunction.OPENSSL_EVP_BYTES_TO_KEY;
        newTestRunner.setProperty(EncryptContent.PASSWORD, "thisIsABadPassword");
        newTestRunner.setProperty(EncryptContent.KEY_DERIVATION_FUNCTION, keyDerivationFunction.name());
        newTestRunner.setProperty(EncryptContent.ENCRYPTION_ALGORITHM, encryptionMethod.name());
        newTestRunner.setProperty(EncryptContent.MODE, "Decrypt");
        newTestRunner.enqueue(Paths.get("src/test/resources/TestEncryptContent/unsalted_raw.enc", new String[0]));
        newTestRunner.clearTransferState();
        newTestRunner.run();
        newTestRunner.assertAllFlowFilesTransferred(EncryptContent.REL_SUCCESS, 1);
        newTestRunner.assertQueueEmpty();
        MockFlowFile mockFlowFile = (MockFlowFile) newTestRunner.getFlowFilesForRelationship(EncryptContent.REL_SUCCESS).get(0);
        logger.info("Decrypted contents (hex): {}", Hex.encodeHexString(mockFlowFile.toByteArray()));
        logger.info("Decrypted contents: {}", new String(mockFlowFile.toByteArray(), "UTF-8"));
        mockFlowFile.assertContentEquals(new File("src/test/resources/TestEncryptContent/plain.txt"));
    }

    @Test
    public void testDecryptShouldDefaultToBcrypt() throws IOException {
        Assert.assertEquals("Decrypt should default to Legacy KDF", TestRunners.newTestRunner(new EncryptContent()).getProcessor().getPropertyDescriptor(EncryptContent.KEY_DERIVATION_FUNCTION.getName()).getDefaultValue(), KeyDerivationFunction.BCRYPT.name());
    }

    @Test
    public void testDecryptSmallerThanSaltSize() {
        TestRunner newTestRunner = TestRunners.newTestRunner(EncryptContent.class);
        newTestRunner.setProperty(EncryptContent.PASSWORD, "Hello, World!");
        newTestRunner.setProperty(EncryptContent.MODE, "Decrypt");
        newTestRunner.setProperty(EncryptContent.KEY_DERIVATION_FUNCTION, KeyDerivationFunction.NIFI_LEGACY.name());
        newTestRunner.enqueue(new byte[4]);
        newTestRunner.run();
        newTestRunner.assertAllFlowFilesTransferred(EncryptContent.REL_FAILURE, 1);
    }

    @Test
    public void testPGPDecrypt() throws IOException {
        TestRunner newTestRunner = TestRunners.newTestRunner(EncryptContent.class);
        newTestRunner.setProperty(EncryptContent.MODE, "Decrypt");
        newTestRunner.setProperty(EncryptContent.ENCRYPTION_ALGORITHM, EncryptionMethod.PGP_ASCII_ARMOR.name());
        newTestRunner.setProperty(EncryptContent.PASSWORD, "Hello, World!");
        newTestRunner.enqueue(Paths.get("src/test/resources/TestEncryptContent/text.txt.asc", new String[0]));
        newTestRunner.run();
        newTestRunner.assertAllFlowFilesTransferred(EncryptContent.REL_SUCCESS, 1);
        ((MockFlowFile) newTestRunner.getFlowFilesForRelationship(EncryptContent.REL_SUCCESS).get(0)).assertContentEquals(Paths.get("src/test/resources/TestEncryptContent/text.txt", new String[0]));
    }

    @Test
    public void testShouldValidatePGPPublicKeyringRequiresUserId() {
        TestRunner newTestRunner = TestRunners.newTestRunner(EncryptContent.class);
        newTestRunner.setProperty(EncryptContent.MODE, "Encrypt");
        newTestRunner.setProperty(EncryptContent.ENCRYPTION_ALGORITHM, EncryptionMethod.PGP.name());
        newTestRunner.setProperty(EncryptContent.PUBLIC_KEYRING, "src/test/resources/TestEncryptContent/pubring.gpg");
        newTestRunner.enqueue(new byte[0]);
        Collection validate = newTestRunner.getProcessContext().validate();
        Assert.assertEquals(1L, validate.size());
        ValidationResult validationResult = (ValidationResult) validate.toArray()[0];
        String str = " encryption without a " + EncryptContent.PASSWORD.getDisplayName() + " requires both " + EncryptContent.PUBLIC_KEYRING.getDisplayName() + " and " + EncryptContent.PUBLIC_KEY_USERID.getDisplayName();
        Assert.assertTrue("'" + validationResult.toString() + "' contains '" + str + "'", validationResult.toString().contains(str));
    }

    @Test
    public void testShouldValidatePGPPublicKeyringExists() {
        TestRunner newTestRunner = TestRunners.newTestRunner(EncryptContent.class);
        newTestRunner.setProperty(EncryptContent.MODE, "Encrypt");
        newTestRunner.setProperty(EncryptContent.ENCRYPTION_ALGORITHM, EncryptionMethod.PGP.name());
        newTestRunner.setProperty(EncryptContent.PUBLIC_KEYRING, "src/test/resources/TestEncryptContent/pubring.gpg.missing");
        newTestRunner.setProperty(EncryptContent.PUBLIC_KEY_USERID, "USERID");
        newTestRunner.enqueue(new byte[0]);
        Collection validate = newTestRunner.getProcessContext().validate();
        Assert.assertEquals(1L, validate.size());
        ValidationResult validationResult = (ValidationResult) validate.toArray()[0];
        Assert.assertTrue("'" + validationResult.toString() + "' contains 'java.io.FileNotFoundException'", validationResult.toString().contains("java.io.FileNotFoundException"));
    }

    @Test
    public void testShouldValidatePGPPublicKeyringIsProperFormat() {
        TestRunner newTestRunner = TestRunners.newTestRunner(EncryptContent.class);
        newTestRunner.setProperty(EncryptContent.MODE, "Encrypt");
        newTestRunner.setProperty(EncryptContent.ENCRYPTION_ALGORITHM, EncryptionMethod.PGP.name());
        newTestRunner.setProperty(EncryptContent.PUBLIC_KEYRING, "src/test/resources/TestEncryptContent/text.txt");
        newTestRunner.setProperty(EncryptContent.PUBLIC_KEY_USERID, "USERID");
        newTestRunner.enqueue(new byte[0]);
        Collection validate = newTestRunner.getProcessContext().validate();
        Assert.assertEquals(1L, validate.size());
        ValidationResult validationResult = (ValidationResult) validate.toArray()[0];
        Assert.assertTrue("'" + validationResult.toString() + "' contains ' java.io.IOException: invalid header encountered'", validationResult.toString().contains(" java.io.IOException: invalid header encountered"));
    }

    @Test
    public void testShouldValidatePGPPublicKeyringContainsUserId() {
        TestRunner newTestRunner = TestRunners.newTestRunner(EncryptContent.class);
        newTestRunner.setProperty(EncryptContent.MODE, "Encrypt");
        newTestRunner.setProperty(EncryptContent.ENCRYPTION_ALGORITHM, EncryptionMethod.PGP.name());
        newTestRunner.setProperty(EncryptContent.PUBLIC_KEYRING, "src/test/resources/TestEncryptContent/pubring.gpg");
        newTestRunner.setProperty(EncryptContent.PUBLIC_KEY_USERID, "USERID");
        newTestRunner.enqueue(new byte[0]);
        Collection validate = newTestRunner.getProcessContext().validate();
        Assert.assertEquals(1L, validate.size());
        ValidationResult validationResult = (ValidationResult) validate.toArray()[0];
        Assert.assertTrue("'" + validationResult.toString() + "' contains 'PGPException: Could not find a public key with the given userId'", validationResult.toString().contains("PGPException: Could not find a public key with the given userId"));
    }

    @Test
    public void testShouldExtractPGPPublicKeyFromKeyring() {
        TestRunner newTestRunner = TestRunners.newTestRunner(EncryptContent.class);
        newTestRunner.setProperty(EncryptContent.MODE, "Encrypt");
        newTestRunner.setProperty(EncryptContent.ENCRYPTION_ALGORITHM, EncryptionMethod.PGP.name());
        newTestRunner.setProperty(EncryptContent.PUBLIC_KEYRING, "src/test/resources/TestEncryptContent/pubring.gpg");
        newTestRunner.setProperty(EncryptContent.PUBLIC_KEY_USERID, "NiFi PGP Test Key (Short test key for NiFi PGP unit tests) <alopresto.apache+test@gmail.com>");
        newTestRunner.enqueue(new byte[0]);
        Assert.assertEquals(0L, newTestRunner.getProcessContext().validate().size());
    }

    @Test
    public void testValidation() {
        TestRunner newTestRunner = TestRunners.newTestRunner(EncryptContent.class);
        newTestRunner.enqueue(new byte[0]);
        Collection validate = newTestRunner.getProcessContext().validate();
        Assert.assertEquals(validate.toString(), 1L, validate.size());
        Iterator it = validate.iterator();
        while (it.hasNext()) {
            Assert.assertTrue(((ValidationResult) it.next()).toString().contains(EncryptContent.PASSWORD.getDisplayName() + " is required when using algorithm"));
        }
        newTestRunner.enqueue(new byte[0]);
        EncryptionMethod encryptionMethod = EncryptionMethod.MD5_128AES;
        newTestRunner.setProperty(EncryptContent.ENCRYPTION_ALGORITHM, encryptionMethod.name());
        newTestRunner.setProperty(EncryptContent.KEY_DERIVATION_FUNCTION, KeyDerivationFunction.NIFI_LEGACY.name());
        newTestRunner.setProperty(EncryptContent.PASSWORD, "ThisIsAPasswordThatIsLongerThanSixteenCharacters");
        Collection validate2 = newTestRunner.getProcessContext().validate();
        if (PasswordBasedEncryptor.supportsUnlimitedStrength()) {
            Assert.assertEquals(validate2.toString(), 0L, validate2.size());
        } else {
            logger.info(validate2.toString());
            Assert.assertEquals(1L, validate2.size());
            Iterator it2 = validate2.iterator();
            while (it2.hasNext()) {
                Assert.assertTrue("Did not successfully catch validation error of a long password in a non-JCE Unlimited Strength environment", ((ValidationResult) it2.next()).toString().contains("Password length greater than " + CipherUtility.getMaximumPasswordLengthForAlgorithmOnLimitedStrengthCrypto(encryptionMethod) + " characters is not supported by this JVM due to lacking JCE Unlimited Strength Jurisdiction Policy files."));
            }
        }
        newTestRunner.removeProperty(EncryptContent.PASSWORD);
        newTestRunner.setProperty(EncryptContent.ENCRYPTION_ALGORITHM, EncryptionMethod.PGP.name());
        newTestRunner.setProperty(EncryptContent.PUBLIC_KEYRING, "src/test/resources/TestEncryptContent/text.txt");
        newTestRunner.enqueue(new byte[0]);
        Collection validate3 = newTestRunner.getProcessContext().validate();
        Assert.assertEquals(1L, validate3.size());
        Iterator it3 = validate3.iterator();
        while (it3.hasNext()) {
            Assert.assertTrue(((ValidationResult) it3.next()).toString().contains(" encryption without a " + EncryptContent.PASSWORD.getDisplayName() + " requires both " + EncryptContent.PUBLIC_KEYRING.getDisplayName() + " and " + EncryptContent.PUBLIC_KEY_USERID.getDisplayName()));
        }
        newTestRunner.removeProperty(EncryptContent.PUBLIC_KEYRING);
        newTestRunner.removeProperty(EncryptContent.PUBLIC_KEY_USERID);
        newTestRunner.setProperty(EncryptContent.MODE, "Decrypt");
        newTestRunner.setProperty(EncryptContent.PRIVATE_KEYRING, "src/test/resources/TestEncryptContent/secring.gpg");
        newTestRunner.enqueue(new byte[0]);
        Collection validate4 = newTestRunner.getProcessContext().validate();
        Assert.assertEquals(1L, validate4.size());
        Iterator it4 = validate4.iterator();
        while (it4.hasNext()) {
            Assert.assertTrue(((ValidationResult) it4.next()).toString().contains(" decryption without a " + EncryptContent.PASSWORD.getDisplayName() + " requires both " + EncryptContent.PRIVATE_KEYRING.getDisplayName() + " and " + EncryptContent.PRIVATE_KEYRING_PASSPHRASE.getDisplayName()));
        }
        newTestRunner.setProperty(EncryptContent.PRIVATE_KEYRING_PASSPHRASE, "PASSWORD");
        newTestRunner.enqueue(new byte[0]);
        Collection validate5 = newTestRunner.getProcessContext().validate();
        Assert.assertEquals(1L, validate5.size());
        Iterator it5 = validate5.iterator();
        while (it5.hasNext()) {
            Assert.assertTrue(((ValidationResult) it5.next()).toString().contains(" could not be opened with the provided " + EncryptContent.PRIVATE_KEYRING_PASSPHRASE.getDisplayName()));
        }
    }

    static {
        $assertionsDisabled = !TestEncryptContent.class.desiredAssertionStatus();
        logger = LoggerFactory.getLogger(TestEncryptContent.class);
    }
}
