package org.apache.nifi.controller;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import org.apache.nifi.repository.encryption.configuration.EncryptedRepositoryType;
import org.apache.nifi.repository.encryption.configuration.kms.StandardRepositoryKeyProviderFactory;
import org.apache.nifi.util.NiFiProperties;

/* loaded from: input_file:org/apache/nifi/controller/EncryptedFileSystemSwapManager.class */
public class EncryptedFileSystemSwapManager extends FileSystemSwapManager {
    private static final String CIPHER_TRANSFORMATION = "AES/GCM/NoPadding";
    private static final int SIZE_IV_AES_BYTES = 16;
    private static final int SIZE_TAG_GCM_BITS = 128;
    private static final SecureRandom secureRandom = new SecureRandom();
    private final SecretKey secretKey;

    public EncryptedFileSystemSwapManager(NiFiProperties niFiProperties) throws GeneralSecurityException {
        super(niFiProperties);
        this.secretKey = new StandardRepositoryKeyProviderFactory().getKeyProvider(EncryptedRepositoryType.FLOWFILE, niFiProperties).getKey(niFiProperties.getFlowFileRepoEncryptionKeyId());
    }

    @Override // org.apache.nifi.controller.FileSystemSwapManager
    protected InputStream getInputStream(File file) throws IOException {
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            byte[] bArr = new byte[16];
            int read = fileInputStream.read(bArr);
            if (read != 16) {
                throw new IOException(String.format("problem reading IV [expected=%d, actual=%d]", 16, Integer.valueOf(read)));
            }
            Cipher cipher = Cipher.getInstance(CIPHER_TRANSFORMATION);
            cipher.init(2, this.secretKey, new GCMParameterSpec(SIZE_TAG_GCM_BITS, bArr));
            return new CipherInputStream(fileInputStream, cipher);
        } catch (GeneralSecurityException e) {
            throw new IOException(String.format("Preparing Cipher Failed for File [%s]", file.getAbsolutePath()), e);
        }
    }

    @Override // org.apache.nifi.controller.FileSystemSwapManager
    protected OutputStream getOutputStream(File file) throws IOException {
        byte[] bArr = new byte[16];
        secureRandom.nextBytes(bArr);
        FileOutputStream fileOutputStream = new FileOutputStream(file);
        fileOutputStream.write(bArr);
        try {
            Cipher cipher = Cipher.getInstance(CIPHER_TRANSFORMATION);
            cipher.init(1, this.secretKey, new GCMParameterSpec(SIZE_TAG_GCM_BITS, bArr));
            return new CipherOutputStream(fileOutputStream, cipher);
        } catch (GeneralSecurityException e) {
            throw new IOException(String.format("Preparing Cipher Failed for File [%s]", file.getAbsolutePath()), e);
        }
    }
}
