package org.apache.nifi.security.util.crypto;

import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.util.Date;
import java.util.Iterator;
import java.util.Map;
import org.apache.nifi.processor.exception.ProcessException;
import org.apache.nifi.processor.io.StreamCallback;
import org.apache.nifi.processors.standard.EncryptContent;
import org.bouncycastle.shaded.bcpg.ArmoredOutputStream;
import org.bouncycastle.shaded.openpgp.PGPCompressedData;
import org.bouncycastle.shaded.openpgp.PGPCompressedDataGenerator;
import org.bouncycastle.shaded.openpgp.PGPEncryptedDataGenerator;
import org.bouncycastle.shaded.openpgp.PGPEncryptedDataList;
import org.bouncycastle.shaded.openpgp.PGPException;
import org.bouncycastle.shaded.openpgp.PGPLiteralData;
import org.bouncycastle.shaded.openpgp.PGPLiteralDataGenerator;
import org.bouncycastle.shaded.openpgp.PGPObjectFactory;
import org.bouncycastle.shaded.openpgp.PGPOnePassSignatureList;
import org.bouncycastle.shaded.openpgp.PGPPrivateKey;
import org.bouncycastle.shaded.openpgp.PGPPublicKey;
import org.bouncycastle.shaded.openpgp.PGPPublicKeyEncryptedData;
import org.bouncycastle.shaded.openpgp.PGPPublicKeyRing;
import org.bouncycastle.shaded.openpgp.PGPPublicKeyRingCollection;
import org.bouncycastle.shaded.openpgp.PGPSecretKey;
import org.bouncycastle.shaded.openpgp.PGPSecretKeyRing;
import org.bouncycastle.shaded.openpgp.PGPSecretKeyRingCollection;
import org.bouncycastle.shaded.openpgp.PGPUtil;
import org.bouncycastle.shaded.openpgp.jcajce.JcaPGPObjectFactory;
import org.bouncycastle.shaded.openpgp.operator.PBESecretKeyDecryptor;
import org.bouncycastle.shaded.openpgp.operator.bc.BcKeyFingerprintCalculator;
import org.bouncycastle.shaded.openpgp.operator.jcajce.JcePBESecretKeyDecryptorBuilder;
import org.bouncycastle.shaded.openpgp.operator.jcajce.JcePGPDataEncryptorBuilder;
import org.bouncycastle.shaded.openpgp.operator.jcajce.JcePublicKeyDataDecryptorFactoryBuilder;
import org.bouncycastle.shaded.openpgp.operator.jcajce.JcePublicKeyKeyEncryptionMethodGenerator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/nifi/security/util/crypto/OpenPGPKeyBasedEncryptor.class */
public class OpenPGPKeyBasedEncryptor implements EncryptContent.Encryptor {
    private static final Logger logger = LoggerFactory.getLogger(OpenPGPPasswordBasedEncryptor.class);
    private String algorithm;
    private Integer cipher;
    private String provider;
    private String keyring;
    private String userId;
    private char[] passphrase;
    private String filename;

    /* loaded from: input_file:org/apache/nifi/security/util/crypto/OpenPGPKeyBasedEncryptor$OpenPGPDecryptCallback.class */
    private static class OpenPGPDecryptCallback implements StreamCallback {
        private String provider;
        private String secretKeyringFile;
        private char[] passphrase;

        OpenPGPDecryptCallback(String str, String str2, char[] cArr) {
            this.provider = str;
            this.secretKeyringFile = str2;
            this.passphrase = cArr;
        }

        public void process(InputStream inputStream, OutputStream outputStream) throws IOException {
            InputStream decoderStream = PGPUtil.getDecoderStream(inputStream);
            try {
                PGPObjectFactory pGPObjectFactory = new PGPObjectFactory(decoderStream, new BcKeyFingerprintCalculator());
                Object nextObject = pGPObjectFactory.nextObject();
                if (!(nextObject instanceof PGPEncryptedDataList)) {
                    nextObject = pGPObjectFactory.nextObject();
                    if (!(nextObject instanceof PGPEncryptedDataList)) {
                        throw new ProcessException("Invalid OpenPGP data");
                    }
                }
                try {
                    PGPPrivateKey pGPPrivateKey = null;
                    PGPPublicKeyEncryptedData pGPPublicKeyEncryptedData = null;
                    Iterator encryptedDataObjects = ((PGPEncryptedDataList) nextObject).getEncryptedDataObjects();
                    while (pGPPrivateKey == null && encryptedDataObjects.hasNext()) {
                        Object next = encryptedDataObjects.next();
                        if (!(next instanceof PGPPublicKeyEncryptedData)) {
                            throw new ProcessException("Invalid OpenPGP data");
                        }
                        pGPPublicKeyEncryptedData = (PGPPublicKeyEncryptedData) next;
                        try {
                            pGPPrivateKey = OpenPGPKeyBasedEncryptor.getDecryptedPrivateKey(this.provider, this.secretKeyringFile, pGPPublicKeyEncryptedData.getKeyID(), this.passphrase);
                        } catch (PGPException e) {
                        }
                    }
                    if (pGPPrivateKey == null) {
                        throw new ProcessException("Secret keyring does not contain the key required to decrypt");
                    }
                    InputStream dataStream = pGPPublicKeyEncryptedData.getDataStream(new JcePublicKeyDataDecryptorFactoryBuilder().setProvider(this.provider).build(pGPPrivateKey));
                    try {
                        Object nextObject2 = new JcaPGPObjectFactory(dataStream).nextObject();
                        if (nextObject2 instanceof PGPCompressedData) {
                            nextObject2 = new JcaPGPObjectFactory(((PGPCompressedData) nextObject2).getDataStream()).nextObject();
                        }
                        if (!(nextObject2 instanceof PGPLiteralData)) {
                            if (!(nextObject2 instanceof PGPOnePassSignatureList)) {
                                throw new PGPException("message is not a simple encrypted file - type unknown.");
                            }
                            throw new PGPException("encrypted message contains a signed message - not literal data.");
                        }
                        InputStream inputStream2 = ((PGPLiteralData) nextObject2).getInputStream();
                        try {
                            byte[] bArr = new byte[org.apache.nifi.processors.standard.util.PGPUtil.BLOCK_SIZE];
                            while (true) {
                                int read = inputStream2.read(bArr);
                                if (read < 0) {
                                    break;
                                } else {
                                    outputStream.write(bArr, 0, read);
                                }
                            }
                            if (inputStream2 != null) {
                                inputStream2.close();
                            }
                            if (!pGPPublicKeyEncryptedData.isIntegrityProtected()) {
                                OpenPGPKeyBasedEncryptor.logger.warn("No message integrity check");
                            } else if (!pGPPublicKeyEncryptedData.verify()) {
                                throw new PGPException("Failed message integrity check");
                            }
                            if (dataStream != null) {
                                dataStream.close();
                            }
                            if (decoderStream != null) {
                                decoderStream.close();
                            }
                        } catch (Throwable th) {
                            if (inputStream2 != null) {
                                try {
                                    inputStream2.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            }
                            throw th;
                        }
                    } catch (Throwable th3) {
                        if (dataStream != null) {
                            try {
                                dataStream.close();
                            } catch (Throwable th4) {
                                th3.addSuppressed(th4);
                            }
                        }
                        throw th3;
                    }
                } catch (Exception e2) {
                    throw new ProcessException(e2.getMessage());
                }
            } catch (Throwable th5) {
                if (decoderStream != null) {
                    try {
                        decoderStream.close();
                    } catch (Throwable th6) {
                        th5.addSuppressed(th6);
                    }
                }
                throw th5;
            }
        }
    }

    /* loaded from: input_file:org/apache/nifi/security/util/crypto/OpenPGPKeyBasedEncryptor$OpenPGPEncryptCallback.class */
    private static class OpenPGPEncryptCallback implements StreamCallback {
        private String algorithm;
        private Integer cipher;
        private String provider;
        private String publicKeyring;
        private String userId;
        private String filename;

        OpenPGPEncryptCallback(String str, Integer num, String str2, String str3, String str4, String str5) {
            this.algorithm = str;
            this.cipher = num;
            this.provider = str2;
            this.publicKeyring = str3;
            this.userId = str4;
            this.filename = str5;
        }

        /* JADX WARN: Finally extract failed */
        public void process(InputStream inputStream, OutputStream outputStream) throws IOException {
            boolean isPGPArmoredAlgorithm = EncryptContent.isPGPArmoredAlgorithm(this.algorithm);
            try {
                PGPPublicKey publicKey = OpenPGPKeyBasedEncryptor.getPublicKey(this.userId, this.publicKeyring);
                OutputStream outputStream2 = outputStream;
                if (isPGPArmoredAlgorithm) {
                    try {
                        outputStream2 = new ArmoredOutputStream(outputStream);
                    } catch (Exception e) {
                        throw new ProcessException(e.getMessage());
                    }
                }
                try {
                    PGPEncryptedDataGenerator pGPEncryptedDataGenerator = new PGPEncryptedDataGenerator(new JcePGPDataEncryptorBuilder(this.cipher.intValue()).setWithIntegrityPacket(true).setSecureRandom(new SecureRandom()).setProvider(this.provider));
                    pGPEncryptedDataGenerator.addMethod(new JcePublicKeyKeyEncryptionMethodGenerator(publicKey).setProvider(this.provider));
                    OutputStream open = pGPEncryptedDataGenerator.open(outputStream2, new byte[org.apache.nifi.processors.standard.util.PGPUtil.BUFFER_SIZE]);
                    try {
                        OutputStream open2 = new PGPCompressedDataGenerator(1, 1).open(open, new byte[org.apache.nifi.processors.standard.util.PGPUtil.BUFFER_SIZE]);
                        try {
                            OutputStream open3 = new PGPLiteralDataGenerator().open(open2, 'b', this.filename, new Date(), new byte[org.apache.nifi.processors.standard.util.PGPUtil.BUFFER_SIZE]);
                            try {
                                byte[] bArr = new byte[org.apache.nifi.processors.standard.util.PGPUtil.BLOCK_SIZE];
                                while (true) {
                                    int read = inputStream.read(bArr);
                                    if (read < 0) {
                                        break;
                                    } else {
                                        open3.write(bArr, 0, read);
                                    }
                                }
                                if (open3 != null) {
                                    open3.close();
                                }
                                if (open2 != null) {
                                    open2.close();
                                }
                                if (open != null) {
                                    open.close();
                                }
                                if (isPGPArmoredAlgorithm) {
                                    outputStream2.close();
                                }
                            } catch (Throwable th) {
                                if (open3 != null) {
                                    try {
                                        open3.close();
                                    } catch (Throwable th2) {
                                        th.addSuppressed(th2);
                                    }
                                }
                                throw th;
                            }
                        } catch (Throwable th3) {
                            if (open2 != null) {
                                try {
                                    open2.close();
                                } catch (Throwable th4) {
                                    th3.addSuppressed(th4);
                                }
                            }
                            throw th3;
                        }
                    } catch (Throwable th5) {
                        if (open != null) {
                            try {
                                open.close();
                            } catch (Throwable th6) {
                                th5.addSuppressed(th6);
                            }
                        }
                        throw th5;
                    }
                } catch (Throwable th7) {
                    if (isPGPArmoredAlgorithm) {
                        outputStream2.close();
                    }
                    throw th7;
                }
            } catch (Exception e2) {
                throw new ProcessException("Invalid public keyring - " + e2.getMessage());
            }
        }
    }

    public OpenPGPKeyBasedEncryptor(String str, Integer num, String str2, String str3, String str4, char[] cArr, String str5) {
        this.algorithm = str;
        this.cipher = num;
        this.provider = str2;
        this.keyring = str3;
        this.userId = str4;
        this.passphrase = cArr;
        this.filename = str5;
    }

    @Override // org.apache.nifi.processors.standard.EncryptContent.Encryptor
    public void updateAttributes(Map<String, String> map) throws ProcessException {
    }

    @Override // org.apache.nifi.processors.standard.EncryptContent.Encryptor
    public StreamCallback getEncryptionCallback() throws Exception {
        return new OpenPGPEncryptCallback(this.algorithm, this.cipher, this.provider, this.keyring, this.userId, this.filename);
    }

    @Override // org.apache.nifi.processors.standard.EncryptContent.Encryptor
    public StreamCallback getDecryptionCallback() throws Exception {
        return new OpenPGPDecryptCallback(this.provider, this.keyring, this.passphrase);
    }

    public static boolean validateKeyring(String str, String str2, char[] cArr) throws IOException, PGPException, NoSuchProviderException {
        try {
            getDecryptedPrivateKey(str, str2, cArr);
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    private static PGPPrivateKey getDecryptedPrivateKey(String str, String str2, char[] cArr) throws IOException, PGPException {
        return getDecryptedPrivateKey(str, str2, 0L, cArr);
    }

    private static PGPPrivateKey getDecryptedPrivateKey(String str, String str2, long j, char[] cArr) throws IOException, PGPException {
        FileInputStream fileInputStream = new FileInputStream(str2);
        try {
            PGPSecretKeyRingCollection pGPSecretKeyRingCollection = new PGPSecretKeyRingCollection(fileInputStream, new BcKeyFingerprintCalculator());
            PBESecretKeyDecryptor build = new JcePBESecretKeyDecryptorBuilder().setProvider(str).build(cArr);
            Iterator keyRings = pGPSecretKeyRingCollection.getKeyRings();
            while (keyRings.hasNext()) {
                PGPSecretKeyRing pGPSecretKeyRing = (PGPSecretKeyRing) keyRings.next();
                if (j != 0) {
                    try {
                        PGPPrivateKey extractPrivateKey = pGPSecretKeyRing.getSecretKey(j).extractPrivateKey(build);
                        fileInputStream.close();
                        return extractPrivateKey;
                    } catch (Exception e) {
                        throw new PGPException("No private key available using passphrase", e);
                    }
                }
                Iterator secretKeys = pGPSecretKeyRing.getSecretKeys();
                while (secretKeys.hasNext()) {
                    try {
                        PGPPrivateKey extractPrivateKey2 = ((PGPSecretKey) secretKeys.next()).extractPrivateKey(build);
                        fileInputStream.close();
                        return extractPrivateKey2;
                    } catch (Exception e2) {
                    }
                }
            }
            fileInputStream.close();
            throw new PGPException("No private key available using passphrase");
        } catch (Throwable th) {
            try {
                fileInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    public static PGPPublicKey getPublicKey(String str, String str2) throws IOException, PGPException {
        FileInputStream fileInputStream = new FileInputStream(str2);
        try {
            Iterator keyRings = new PGPPublicKeyRingCollection(fileInputStream, new BcKeyFingerprintCalculator()).getKeyRings();
            while (keyRings.hasNext()) {
                Iterator publicKeys = ((PGPPublicKeyRing) keyRings.next()).getPublicKeys();
                while (publicKeys.hasNext()) {
                    PGPPublicKey pGPPublicKey = (PGPPublicKey) publicKeys.next();
                    Iterator userIDs = pGPPublicKey.getUserIDs();
                    while (userIDs.hasNext()) {
                        if (str.equalsIgnoreCase((String) userIDs.next())) {
                            fileInputStream.close();
                            return pGPPublicKey;
                        }
                    }
                }
            }
            fileInputStream.close();
            throw new PGPException("Could not find a public key with the given userId");
        } catch (Throwable th) {
            try {
                fileInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }
}
