package org.apache.nifi.processors.pgp;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import org.apache.nifi.annotation.behavior.InputRequirement;
import org.apache.nifi.annotation.behavior.WritesAttribute;
import org.apache.nifi.annotation.behavior.WritesAttributes;
import org.apache.nifi.annotation.documentation.CapabilityDescription;
import org.apache.nifi.annotation.documentation.SeeAlso;
import org.apache.nifi.annotation.documentation.Tags;
import org.apache.nifi.components.AllowableValue;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.components.PropertyValue;
import org.apache.nifi.components.ValidationContext;
import org.apache.nifi.components.ValidationResult;
import org.apache.nifi.expression.ExpressionLanguageScope;
import org.apache.nifi.flowfile.FlowFile;
import org.apache.nifi.flowfile.attributes.CoreAttributes;
import org.apache.nifi.pgp.service.api.PGPPublicKeyService;
import org.apache.nifi.processor.AbstractProcessor;
import org.apache.nifi.processor.ProcessContext;
import org.apache.nifi.processor.ProcessSession;
import org.apache.nifi.processor.Relationship;
import org.apache.nifi.processor.io.InputStreamCallback;
import org.apache.nifi.processor.io.StreamCallback;
import org.apache.nifi.processor.util.StandardValidators;
import org.apache.nifi.processors.pgp.attributes.CompressionAlgorithm;
import org.apache.nifi.processors.pgp.attributes.FileEncoding;
import org.apache.nifi.processors.pgp.attributes.SymmetricKeyAlgorithm;
import org.apache.nifi.processors.pgp.exception.PGPEncryptionException;
import org.apache.nifi.processors.pgp.io.EncodingStreamCallback;
import org.apache.nifi.stream.io.StreamUtils;
import org.apache.nifi.util.StringUtils;
import org.bouncycastle.shaded.bcpg.BCPGInputStream;
import org.bouncycastle.shaded.openpgp.PGPEncryptedDataGenerator;
import org.bouncycastle.shaded.openpgp.PGPException;
import org.bouncycastle.shaded.openpgp.PGPPublicKey;
import org.bouncycastle.shaded.openpgp.PGPUtil;
import org.bouncycastle.shaded.openpgp.operator.PGPKeyEncryptionMethodGenerator;
import org.bouncycastle.shaded.openpgp.operator.bc.BcPGPDataEncryptorBuilder;
import org.bouncycastle.shaded.openpgp.operator.bc.BcPublicKeyKeyEncryptionMethodGenerator;
import org.bouncycastle.shaded.openpgp.operator.jcajce.JcePBEKeyEncryptionMethodGenerator;

@CapabilityDescription("Encrypt contents using OpenPGP. The processor reads input and detects OpenPGP messages to avoid unnecessary additional wrapping in Literal Data packets.")
@InputRequirement(InputRequirement.Requirement.INPUT_REQUIRED)
@Tags({"PGP", "GPG", "OpenPGP", "Encryption", "RFC 4880"})
@SeeAlso({DecryptContentPGP.class, SignContentPGP.class, VerifyContentPGP.class})
@WritesAttributes({@WritesAttribute(attribute = "pgp.symmetric.key.algorithm", description = "Symmetric-Key Algorithm"), @WritesAttribute(attribute = "pgp.symmetric.key.algorithm.block.cipher", description = "Symmetric-Key Algorithm Block Cipher"), @WritesAttribute(attribute = "pgp.symmetric.key.algorithm.key.size", description = "Symmetric-Key Algorithm Key Size"), @WritesAttribute(attribute = "pgp.symmetric.key.algorithm.id", description = "Symmetric-Key Algorithm Identifier"), @WritesAttribute(attribute = "pgp.file.encoding", description = "File Encoding"), @WritesAttribute(attribute = "pgp.compression.algorithm", description = "Compression Algorithm"), @WritesAttribute(attribute = "pgp.compression.algorithm.id", description = "Compression Algorithm Identifier")})
/* loaded from: input_file:org/apache/nifi/processors/pgp/EncryptContentPGP.class */
public class EncryptContentPGP extends AbstractProcessor {
    private static final boolean ENCRYPTION_INTEGRITY_PACKET_ENABLED = true;
    public static final Relationship SUCCESS = new Relationship.Builder().name("success").description("Encryption Succeeded").build();
    public static final Relationship FAILURE = new Relationship.Builder().name("failure").description("Encryption Failed").build();
    public static final PropertyDescriptor SYMMETRIC_KEY_ALGORITHM = new PropertyDescriptor.Builder().name("symmetric-key-algorithm").displayName("Symmetric-Key Algorithm").description("Symmetric-Key Algorithm for encryption").required(true).defaultValue(SymmetricKeyAlgorithm.AES_256.toString()).allowableValues(SymmetricKeyAlgorithm.values()).build();
    public static final PropertyDescriptor COMPRESSION_ALGORITHM = new PropertyDescriptor.Builder().name("compression-algorithm").displayName("Compression Algorithm").description("Compression Algorithm for encryption").required(true).defaultValue(CompressionAlgorithm.ZIP.toString()).allowableValues(CompressionAlgorithm.values()).build();
    public static final PropertyDescriptor FILE_ENCODING = new PropertyDescriptor.Builder().name("file-encoding").displayName("File Encoding").description("File Encoding for encryption").required(true).defaultValue(FileEncoding.BINARY.toString()).allowableValues(FileEncoding.values()).build();
    public static final PropertyDescriptor PASSPHRASE = new PropertyDescriptor.Builder().name("passphrase").displayName("Passphrase").description("Passphrase used for encrypting data with Password-Based Encryption").sensitive(true).addValidator(StandardValidators.NON_EMPTY_VALIDATOR).build();
    public static final PropertyDescriptor PUBLIC_KEY_SERVICE = new PropertyDescriptor.Builder().name("public-key-service").displayName("Public Key Service").description("PGP Public Key Service for encrypting data with Public Key Encryption").identifiesControllerService(PGPPublicKeyService.class).build();
    public static final PropertyDescriptor PUBLIC_KEY_SEARCH = new PropertyDescriptor.Builder().name("public-key-search").displayName("Public Key Search").description("PGP Public Key Search will be used to match against the User ID or Key ID when formatted as uppercase hexadecimal string of 16 characters").expressionLanguageSupported(ExpressionLanguageScope.FLOWFILE_ATTRIBUTES).addValidator(StandardValidators.NON_EMPTY_EL_VALIDATOR).dependsOn(PUBLIC_KEY_SERVICE, new AllowableValue[0]).build();
    private static final Set<Relationship> RELATIONSHIPS = new HashSet(Arrays.asList(SUCCESS, FAILURE));
    private static final List<PropertyDescriptor> DESCRIPTORS = Arrays.asList(SYMMETRIC_KEY_ALGORITHM, COMPRESSION_ALGORITHM, FILE_ENCODING, PASSPHRASE, PUBLIC_KEY_SERVICE, PUBLIC_KEY_SEARCH);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/nifi/processors/pgp/EncryptContentPGP$EncryptStreamCallback.class */
    public static class EncryptStreamCallback extends EncodingStreamCallback {
        private final boolean packetFound;
        private final PGPEncryptedDataGenerator encryptedDataGenerator;

        public EncryptStreamCallback(FileEncoding fileEncoding, CompressionAlgorithm compressionAlgorithm, String str, boolean z, PGPEncryptedDataGenerator pGPEncryptedDataGenerator) {
            super(fileEncoding, compressionAlgorithm, str);
            this.packetFound = z;
            this.encryptedDataGenerator = pGPEncryptedDataGenerator;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.apache.nifi.processors.pgp.io.EncodingStreamCallback
        public void processEncoding(InputStream inputStream, OutputStream outputStream) throws IOException, PGPException {
            OutputStream open = this.encryptedDataGenerator.open(outputStream, createOutputBuffer());
            try {
                if (this.packetFound) {
                    StreamUtils.copy(inputStream, open);
                } else {
                    super.processEncoding(inputStream, open);
                }
                if (open != null) {
                    open.close();
                }
                this.encryptedDataGenerator.close();
            } catch (Throwable th) {
                if (open != null) {
                    try {
                        open.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }
    }

    /* loaded from: input_file:org/apache/nifi/processors/pgp/EncryptContentPGP$PacketReadInputStreamCallback.class */
    private class PacketReadInputStreamCallback implements InputStreamCallback {
        private boolean packetFound;

        private PacketReadInputStreamCallback() {
        }

        public void process(InputStream inputStream) {
            try {
                if (new BCPGInputStream(PGPUtil.getDecoderStream(inputStream)).readPacket() == null) {
                    EncryptContentPGP.this.getLogger().debug("PGP Packet not found");
                } else {
                    this.packetFound = true;
                }
            } catch (IOException e) {
                EncryptContentPGP.this.getLogger().debug("PGP Packet read failed", e);
            }
        }
    }

    public Set<Relationship> getRelationships() {
        return RELATIONSHIPS;
    }

    public final List<PropertyDescriptor> getSupportedPropertyDescriptors() {
        return DESCRIPTORS;
    }

    public void onTrigger(ProcessContext processContext, ProcessSession processSession) {
        FlowFile flowFile = processSession.get();
        if (flowFile == null) {
            return;
        }
        try {
            PacketReadInputStreamCallback packetReadInputStreamCallback = new PacketReadInputStreamCallback();
            processSession.read(flowFile, packetReadInputStreamCallback);
            SymmetricKeyAlgorithm symmetricKeyAlgorithm = getSymmetricKeyAlgorithm(processContext);
            FileEncoding fileEncoding = getFileEncoding(processContext);
            CompressionAlgorithm compressionAlgorithm = getCompressionAlgorithm(processContext);
            flowFile = processSession.putAllAttributes(processSession.write(flowFile, getEncryptStreamCallback(processContext, flowFile, symmetricKeyAlgorithm, compressionAlgorithm, fileEncoding, packetReadInputStreamCallback.packetFound)), getAttributes(symmetricKeyAlgorithm, fileEncoding, compressionAlgorithm));
            processSession.transfer(flowFile, SUCCESS);
        } catch (RuntimeException e) {
            getLogger().error("Encryption Failed {}", new Object[]{flowFile, e});
            processSession.transfer(flowFile, FAILURE);
        }
    }

    protected Collection<ValidationResult> customValidate(ValidationContext validationContext) {
        ArrayList arrayList = new ArrayList();
        if (StringUtils.isBlank(validationContext.getProperty(PASSPHRASE).getValue()) && validationContext.getProperty(PUBLIC_KEY_SERVICE).asControllerService(PGPPublicKeyService.class) == null) {
            arrayList.add(new ValidationResult.Builder().valid(false).subject(getClass().getSimpleName()).explanation(String.format("Neither [%s] nor [%s] configured", PASSPHRASE.getDisplayName(), PUBLIC_KEY_SERVICE.getDisplayName())).build());
        }
        if (validationContext.getProperty(PUBLIC_KEY_SERVICE).isSet()) {
            arrayList.add(new ValidationResult.Builder().valid(validationContext.getProperty(PUBLIC_KEY_SEARCH).isSet()).subject(PUBLIC_KEY_SERVICE.getDisplayName()).explanation(String.format("[%s] requires [%s]", PUBLIC_KEY_SERVICE.getDisplayName(), PUBLIC_KEY_SEARCH.getDisplayName())).build());
        }
        if (validationContext.getProperty(PUBLIC_KEY_SEARCH).isSet()) {
            arrayList.add(new ValidationResult.Builder().valid(validationContext.getProperty(PUBLIC_KEY_SERVICE).isSet()).subject(PUBLIC_KEY_SERVICE.getDisplayName()).explanation(String.format("[%s] requires [%s]", PUBLIC_KEY_SEARCH.getDisplayName(), PUBLIC_KEY_SERVICE.getDisplayName())).build());
        }
        return arrayList;
    }

    private StreamCallback getEncryptStreamCallback(ProcessContext processContext, FlowFile flowFile, SymmetricKeyAlgorithm symmetricKeyAlgorithm, CompressionAlgorithm compressionAlgorithm, FileEncoding fileEncoding, boolean z) {
        SecureRandom secureRandom = new SecureRandom();
        PGPEncryptedDataGenerator pGPEncryptedDataGenerator = new PGPEncryptedDataGenerator(new BcPGPDataEncryptorBuilder(symmetricKeyAlgorithm.getId()).setSecureRandom(secureRandom).setWithIntegrityPacket(true));
        List<PGPKeyEncryptionMethodGenerator> encryptionMethodGenerators = getEncryptionMethodGenerators(processContext, flowFile, secureRandom);
        Objects.requireNonNull(pGPEncryptedDataGenerator);
        encryptionMethodGenerators.forEach(pGPEncryptedDataGenerator::addMethod);
        return new EncryptStreamCallback(fileEncoding, compressionAlgorithm, flowFile.getAttribute(CoreAttributes.FILENAME.key()), z, pGPEncryptedDataGenerator);
    }

    private List<PGPKeyEncryptionMethodGenerator> getEncryptionMethodGenerators(ProcessContext processContext, FlowFile flowFile, SecureRandom secureRandom) {
        ArrayList arrayList = new ArrayList();
        PropertyValue property = processContext.getProperty(PASSPHRASE);
        if (property.isSet()) {
            arrayList.add(new JcePBEKeyEncryptionMethodGenerator(property.getValue().toCharArray()).setSecureRandom(secureRandom));
        }
        String value = processContext.getProperty(PUBLIC_KEY_SEARCH).evaluateAttributeExpressions(flowFile).getValue();
        if (StringUtils.isNotBlank(value)) {
            getLogger().debug("Public Key Search [{}]", new Object[]{value});
            Optional findPublicKey = processContext.getProperty(PUBLIC_KEY_SERVICE).asControllerService(PGPPublicKeyService.class).findPublicKey(value);
            if (!findPublicKey.isPresent()) {
                throw new PGPEncryptionException(String.format("Public Key not found using search [%s]", value));
            }
            arrayList.add(new BcPublicKeyKeyEncryptionMethodGenerator((PGPPublicKey) findPublicKey.get()).setSecureRandom(secureRandom));
        }
        return arrayList;
    }

    private SymmetricKeyAlgorithm getSymmetricKeyAlgorithm(ProcessContext processContext) {
        return SymmetricKeyAlgorithm.valueOf(processContext.getProperty(SYMMETRIC_KEY_ALGORITHM).getValue());
    }

    private CompressionAlgorithm getCompressionAlgorithm(ProcessContext processContext) {
        return CompressionAlgorithm.valueOf(processContext.getProperty(COMPRESSION_ALGORITHM).getValue());
    }

    private FileEncoding getFileEncoding(ProcessContext processContext) {
        return FileEncoding.valueOf(processContext.getProperty(FILE_ENCODING).getValue());
    }

    private Map<String, String> getAttributes(SymmetricKeyAlgorithm symmetricKeyAlgorithm, FileEncoding fileEncoding, CompressionAlgorithm compressionAlgorithm) {
        HashMap hashMap = new HashMap();
        hashMap.put("pgp.symmetric.key.algorithm", symmetricKeyAlgorithm.toString());
        hashMap.put("pgp.symmetric.key.algorithm.block.cipher", symmetricKeyAlgorithm.getBlockCipher().toString());
        hashMap.put("pgp.symmetric.key.algorithm.key.size", Integer.toString(symmetricKeyAlgorithm.getKeySize()));
        hashMap.put("pgp.symmetric.key.algorithm.id", Integer.toString(symmetricKeyAlgorithm.getId()));
        hashMap.put("pgp.file.encoding", fileEncoding.toString());
        hashMap.put("pgp.compression.algorithm", compressionAlgorithm.toString());
        hashMap.put("pgp.compression.algorithm.id", Integer.toString(compressionAlgorithm.getId()));
        return hashMap;
    }
}
