package org.apache.nifi.security.kms;

import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.CharBuffer;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.KeyManagementException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.regex.Pattern;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.security.repository.config.RepositoryEncryptionConfiguration;
import org.apache.nifi.util.NiFiBootstrapUtils;
import org.bouncycastle.util.encoders.DecoderException;
import org.bouncycastle.util.encoders.Hex;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/nifi/security/kms/CryptoUtils.class */
public class CryptoUtils {
    public static final String STATIC_KEY_PROVIDER_CLASS_NAME = "org.apache.nifi.security.kms.StaticKeyProvider";
    public static final String FILE_BASED_KEY_PROVIDER_CLASS_NAME = "org.apache.nifi.security.kms.FileBasedKeyProvider";
    public static final String KEY_STORE_KEY_PROVIDER_CLASS_NAME = "org.apache.nifi.security.kms.KeyStoreKeyProvider";
    public static final String LEGACY_SKP_FQCN = "org.apache.nifi.provenance.StaticKeyProvider";
    public static final String LEGACY_FBKP_FQCN = "org.apache.nifi.provenance.FileBasedKeyProvider";
    public static final String ENCRYPTED_FSR_CLASS_NAME = "org.apache.nifi.controller.repository.crypto.EncryptedFileSystemRepository";
    public static final String EWAFFR_CLASS_NAME = "org.apache.nifi.controller.repository.crypto.EncryptedWriteAheadFlowFileRepository";
    private static final Logger logger = LoggerFactory.getLogger(CryptoUtils.class);
    private static final Pattern HEX_PATTERN = Pattern.compile("(?i)^[0-9a-f]+$");
    private static final List<Integer> UNLIMITED_KEY_LENGTHS = Arrays.asList(32, 48, 64);

    public static boolean isUnlimitedStrengthCryptoAvailable() {
        try {
            return Cipher.getMaxAllowedKeyLength("AES") > 128;
        } catch (NoSuchAlgorithmException e) {
            logger.warn("Tried to determine if unlimited strength crypto is available but the AES algorithm is not available");
            return false;
        }
    }

    public static boolean isEmpty(String str) {
        return str == null || str.trim().isEmpty();
    }

    public static byte[] concatByteArrays(byte[]... bArr) {
        int i = 0;
        for (byte[] bArr2 : bArr) {
            i += bArr2.length;
        }
        byte[] bArr3 = new byte[i];
        int i2 = 0;
        for (byte[] bArr4 : bArr) {
            System.arraycopy(bArr4, 0, bArr3, i2, bArr4.length);
            i2 += bArr4.length;
        }
        return bArr3;
    }

    public static boolean isValidRepositoryEncryptionConfiguration(RepositoryEncryptionConfiguration repositoryEncryptionConfiguration) {
        return isValidKeyProvider(repositoryEncryptionConfiguration.getKeyProviderImplementation(), repositoryEncryptionConfiguration.getKeyProviderLocation(), repositoryEncryptionConfiguration.getEncryptionKeyId(), repositoryEncryptionConfiguration.getEncryptionKeys());
    }

    public static boolean isValidKeyProvider(String str, String str2, String str3, Map<String, String> map) {
        try {
            str = handleLegacyPackages(str);
            boolean z = -1;
            switch (str.hashCode()) {
                case -1791728303:
                    if (str.equals(STATIC_KEY_PROVIDER_CLASS_NAME)) {
                        z = false;
                        break;
                    }
                    break;
                case -769782838:
                    if (str.equals(FILE_BASED_KEY_PROVIDER_CLASS_NAME)) {
                        z = true;
                        break;
                    }
                    break;
                case 1726314941:
                    if (str.equals(KEY_STORE_KEY_PROVIDER_CLASS_NAME)) {
                        z = 2;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    return map != null && map.values().stream().allMatch(CryptoUtils::keyIsValid) && StringUtils.isNotEmpty(str3);
                case true:
                case true:
                    return Files.isReadable(Paths.get(str2, new String[0])) && StringUtils.isNotEmpty(str3);
                default:
                    logger.warn("Validation Failed: Key Provider [{}] Location [{}] Key ID [{}]", new Object[]{str, str2, str3});
                    return false;
            }
        } catch (KeyManagementException e) {
            logger.warn("Key Provider [{}] Validation Failed: {}", str, e.getMessage());
            return false;
        }
    }

    static String handleLegacyPackages(String str) throws KeyManagementException {
        if (org.apache.nifi.util.StringUtils.isBlank(str)) {
            throw new KeyManagementException("Invalid key provider implementation provided: " + str);
        }
        return str.equalsIgnoreCase(LEGACY_SKP_FQCN) ? StaticKeyProvider.class.getName() : str.equalsIgnoreCase(LEGACY_FBKP_FQCN) ? FileBasedKeyProvider.class.getName() : str;
    }

    public static boolean keyIsValid(String str) {
        return isHexString(str) && (!isUnlimitedStrengthCryptoAvailable() ? str.length() != 32 : !UNLIMITED_KEY_LENGTHS.contains(Integer.valueOf(str.length())));
    }

    public static boolean isHexString(String str) {
        return StringUtils.isNotEmpty(str) && HEX_PATTERN.matcher(str).matches();
    }

    public static SecretKey getRootKey() throws KeyManagementException {
        try {
            return new SecretKeySpec(Hex.decode(NiFiBootstrapUtils.extractKeyFromBootstrapFile()), "AES");
        } catch (IOException | DecoderException e) {
            logger.error("Encountered an error: ", e);
            throw new KeyManagementException(e);
        }
    }

    public static boolean constantTimeEquals(String str, String str2) {
        return str == null ? str2 == null : str2 != null && constantTimeEquals(str.getBytes(StandardCharsets.UTF_8), str2.getBytes(StandardCharsets.UTF_8));
    }

    public static boolean constantTimeEquals(char[] cArr, char[] cArr2) {
        return constantTimeEquals(convertCharsToBytes(cArr), convertCharsToBytes(cArr2));
    }

    public static boolean constantTimeEquals(byte[] bArr, byte[] bArr2) {
        return MessageDigest.isEqual(bArr, bArr2);
    }

    private static byte[] convertCharsToBytes(char[] cArr) {
        ByteBuffer encode = StandardCharsets.UTF_8.encode(CharBuffer.wrap(cArr));
        return Arrays.copyOfRange(encode.array(), encode.position(), encode.limit());
    }
}
