package org.apache.nifi.security.util.crypto;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.Security;
import java.util.Map;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.nifi.processor.exception.ProcessException;
import org.apache.nifi.processor.io.StreamCallback;
import org.apache.nifi.security.util.EncryptionMethod;
import org.apache.nifi.security.util.KeyDerivationFunction;
import org.bouncycastle.shaded.jce.provider.BouncyCastleProvider;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;

/* loaded from: input_file:org/apache/nifi/security/util/crypto/PasswordBasedEncryptorTest.class */
public class PasswordBasedEncryptorTest {
    private static final String IV_ATTRIBUTE = "iv";
    private static final char[] FILE_PASSWORD = "thisIsABadPassword".toCharArray();
    private static final String TEST_RESOURCES_PATH = "src/test/resources/TestEncryptContent";
    private static final Path TEST_SALTED_PATH = Paths.get(String.format("%s/salted_128_raw.enc", TEST_RESOURCES_PATH), new String[0]);
    private static final Path TEST_UNSALTED_PATH = Paths.get(String.format("%s/unsalted_128_raw.enc", TEST_RESOURCES_PATH), new String[0]);
    private static final Path TEST_PLAIN_PATH = Paths.get(String.format("%s/plain.txt", TEST_RESOURCES_PATH), new String[0]);
    private static final byte[] PLAINTEXT = {9, 8, 7, 6, 5, 4, 3, 2, 1, 0};
    private static final char[] PASSWORD = {'a', 'b', 'c', 'd', 'e', 'f', 'g'};
    private static final int SALT_LENGTH = RandomIVPBECipherProvider.SALT_DELIMITER.length;
    private static final String INITIALIZATION_VECTOR_LENGTH = Integer.toString(16);
    private static final EncryptionMethod PBE_ENCRYPTION_METHOD = EncryptionMethod.SHA256_256AES;
    private static final EncryptionMethod KDF_ENCRYPTION_METHOD = EncryptionMethod.AES_GCM;

    @Test
    public void testEncryptDecryptLegacy() throws IOException {
        assertEncryptDecryptMatched(new PasswordBasedEncryptor(PBE_ENCRYPTION_METHOD, PASSWORD, KeyDerivationFunction.NIFI_LEGACY));
    }

    @Test
    public void testEncryptDecryptOpenSsl() throws IOException {
        assertEncryptDecryptMatched(new PasswordBasedEncryptor(PBE_ENCRYPTION_METHOD, PASSWORD, KeyDerivationFunction.OPENSSL_EVP_BYTES_TO_KEY));
    }

    @Test
    public void testEncryptDecryptBcrypt() throws IOException {
        assertEncryptDecryptMatched(new PasswordBasedEncryptor(KDF_ENCRYPTION_METHOD, PASSWORD, KeyDerivationFunction.BCRYPT));
    }

    @Test
    public void testEncryptDecryptScrypt() throws IOException {
        assertEncryptDecryptMatched(new PasswordBasedEncryptor(KDF_ENCRYPTION_METHOD, PASSWORD, KeyDerivationFunction.SCRYPT));
    }

    @Test
    public void testEncryptDecryptPbkdf2() throws IOException {
        assertEncryptDecryptMatched(new PasswordBasedEncryptor(KDF_ENCRYPTION_METHOD, PASSWORD, KeyDerivationFunction.PBKDF2));
    }

    @Test
    public void testDecryptOpenSslSalted() throws IOException {
        assertDecryptMatched(new PasswordBasedEncryptor(EncryptionMethod.MD5_128AES, FILE_PASSWORD, KeyDerivationFunction.OPENSSL_EVP_BYTES_TO_KEY), Files.readAllBytes(TEST_SALTED_PATH), Files.readAllBytes(TEST_PLAIN_PATH));
    }

    @Test
    public void testDecryptOpenSslUnsalted() throws IOException {
        assertDecryptMatched(new PasswordBasedEncryptor(EncryptionMethod.MD5_128AES, FILE_PASSWORD, KeyDerivationFunction.OPENSSL_EVP_BYTES_TO_KEY), Files.readAllBytes(TEST_UNSALTED_PATH), Files.readAllBytes(TEST_PLAIN_PATH));
    }

    @Test
    public void testEncryptDecryptArgon2SkippedSaltMissing() throws IOException {
        PasswordBasedEncryptor passwordBasedEncryptor = new PasswordBasedEncryptor(KDF_ENCRYPTION_METHOD, PASSWORD, KeyDerivationFunction.ARGON2);
        StreamCallback decryptionCallback = passwordBasedEncryptor.getDecryptionCallback();
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(encryptBytes(passwordBasedEncryptor));
        Assertions.assertEquals(SALT_LENGTH, byteArrayInputStream.skip(SALT_LENGTH));
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        Assertions.assertThrows(ProcessException.class, () -> {
            decryptionCallback.process(byteArrayInputStream, byteArrayOutputStream);
        });
    }

    @Test
    public void testEncryptDecryptArgon2SaltDelimiterMissing() throws IOException {
        PasswordBasedEncryptor passwordBasedEncryptor = new PasswordBasedEncryptor(KDF_ENCRYPTION_METHOD, PASSWORD, KeyDerivationFunction.ARGON2);
        StreamCallback decryptionCallback = passwordBasedEncryptor.getDecryptionCallback();
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(ArrayUtils.removeElements(encryptBytes(passwordBasedEncryptor), RandomIVPBECipherProvider.SALT_DELIMITER));
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        Assertions.assertThrows(ProcessException.class, () -> {
            decryptionCallback.process(byteArrayInputStream, byteArrayOutputStream);
        });
    }

    @Test
    public void testEncryptDecryptArgon2InitializationVectorMissing() throws IOException {
        PasswordBasedEncryptor passwordBasedEncryptor = new PasswordBasedEncryptor(KDF_ENCRYPTION_METHOD, PASSWORD, KeyDerivationFunction.ARGON2);
        StreamCallback decryptionCallback = passwordBasedEncryptor.getDecryptionCallback();
        StreamCallback encryptionCallback = passwordBasedEncryptor.getEncryptionCallback();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        encryptionCallback.process(new ByteArrayInputStream(PLAINTEXT), byteArrayOutputStream);
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(ArrayUtils.removeElements(byteArrayOutputStream.toByteArray(), ((String) passwordBasedEncryptor.flowfileAttributes.get(getAttributeName(IV_ATTRIBUTE))).getBytes(StandardCharsets.UTF_8)));
        ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
        Assertions.assertThrows(ProcessException.class, () -> {
            decryptionCallback.process(byteArrayInputStream, byteArrayOutputStream2);
        });
    }

    @Test
    public void testEncryptDecryptArgon2InitializationVectorDelimiterMissing() throws IOException {
        PasswordBasedEncryptor passwordBasedEncryptor = new PasswordBasedEncryptor(KDF_ENCRYPTION_METHOD, PASSWORD, KeyDerivationFunction.ARGON2);
        StreamCallback decryptionCallback = passwordBasedEncryptor.getDecryptionCallback();
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(ArrayUtils.removeElements(encryptBytes(passwordBasedEncryptor), RandomIVPBECipherProvider.IV_DELIMITER));
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        Assertions.assertThrows(ProcessException.class, () -> {
            decryptionCallback.process(byteArrayInputStream, byteArrayOutputStream);
        });
    }

    private byte[] encryptBytes(PasswordBasedEncryptor passwordBasedEncryptor) throws IOException {
        StreamCallback encryptionCallback = passwordBasedEncryptor.getEncryptionCallback();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        encryptionCallback.process(new ByteArrayInputStream(PLAINTEXT), byteArrayOutputStream);
        return byteArrayOutputStream.toByteArray();
    }

    private void assertEncryptDecryptMatched(PasswordBasedEncryptor passwordBasedEncryptor) throws IOException {
        StreamCallback encryptionCallback = passwordBasedEncryptor.getEncryptionCallback();
        StreamCallback decryptionCallback = passwordBasedEncryptor.getDecryptionCallback();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        encryptionCallback.process(new ByteArrayInputStream(PLAINTEXT), byteArrayOutputStream);
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(byteArrayOutputStream.toByteArray());
        ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
        decryptionCallback.process(byteArrayInputStream, byteArrayOutputStream2);
        Assertions.assertArrayEquals(PLAINTEXT, byteArrayOutputStream2.toByteArray());
        assertFlowFileAttributesFound(passwordBasedEncryptor.flowfileAttributes);
    }

    private void assertFlowFileAttributesFound(Map<String, String> map) {
        Assertions.assertTrue(map.containsKey(getAttributeName("algorithm")));
        Assertions.assertTrue(map.containsKey(getAttributeName("timestamp")));
        Assertions.assertTrue(map.containsKey(getAttributeName("cipher_text_length")));
        Assertions.assertEquals("decrypted", map.get(getAttributeName("action")));
        Assertions.assertEquals(Integer.toString(PLAINTEXT.length), map.get(getAttributeName("plaintext_length")));
        Assertions.assertTrue(map.containsKey(getAttributeName("salt")));
        Assertions.assertTrue(map.containsKey(getAttributeName("salt_length")));
        Assertions.assertTrue(map.containsKey(getAttributeName(IV_ATTRIBUTE)));
        Assertions.assertEquals(INITIALIZATION_VECTOR_LENGTH, map.get(getAttributeName("iv_length")));
        Assertions.assertTrue(map.containsKey(getAttributeName("kdf")));
    }

    private void assertDecryptMatched(PasswordBasedEncryptor passwordBasedEncryptor, byte[] bArr, byte[] bArr2) throws IOException {
        StreamCallback decryptionCallback = passwordBasedEncryptor.getDecryptionCallback();
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        decryptionCallback.process(new ByteArrayInputStream(bArr), byteArrayOutputStream);
        Assertions.assertArrayEquals(bArr2, byteArrayOutputStream.toByteArray());
    }

    private String getAttributeName(String str) {
        return String.format("encryptcontent.%s", str);
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
