package org.apache.nifi.processors.cipher;

import com.exceptionfactory.jagged.EncryptingChannelFactory;
import com.exceptionfactory.jagged.RecipientStanzaWriter;
import com.exceptionfactory.jagged.framework.armor.ArmoredEncryptingChannelFactory;
import com.exceptionfactory.jagged.framework.stream.StandardEncryptingChannelFactory;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.channels.WritableByteChannel;
import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.nifi.annotation.behavior.InputRequirement;
import org.apache.nifi.annotation.behavior.SupportsBatching;
import org.apache.nifi.annotation.documentation.CapabilityDescription;
import org.apache.nifi.annotation.documentation.SeeAlso;
import org.apache.nifi.annotation.documentation.Tags;
import org.apache.nifi.annotation.lifecycle.OnScheduled;
import org.apache.nifi.components.ConfigVerificationResult;
import org.apache.nifi.components.DescribedValue;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.components.resource.ResourceCardinality;
import org.apache.nifi.components.resource.ResourceReference;
import org.apache.nifi.components.resource.ResourceType;
import org.apache.nifi.context.PropertyContext;
import org.apache.nifi.flowfile.FlowFile;
import org.apache.nifi.logging.ComponentLog;
import org.apache.nifi.processor.AbstractProcessor;
import org.apache.nifi.processor.ProcessContext;
import org.apache.nifi.processor.ProcessSession;
import org.apache.nifi.processor.Relationship;
import org.apache.nifi.processor.VerifiableProcessor;
import org.apache.nifi.processors.cipher.age.AgeKeyIndicator;
import org.apache.nifi.processors.cipher.age.AgeKeyReader;
import org.apache.nifi.processors.cipher.age.AgeKeyValidator;
import org.apache.nifi.processors.cipher.age.AgePublicKeyReader;
import org.apache.nifi.processors.cipher.age.FileEncoding;
import org.apache.nifi.processors.cipher.age.KeySource;
import org.apache.nifi.processors.cipher.io.ChannelStreamCallback;

@CapabilityDescription("Encrypt content using the age-encryption.org/v1 specification. Supports binary or ASCII armored content encoding using configurable properties. The age standard uses ChaCha20-Poly1305 for authenticated encryption of the payload. The age-keygen command supports generating X25519 key pairs for encryption and decryption operations.")
@InputRequirement(InputRequirement.Requirement.INPUT_REQUIRED)
@SupportsBatching
@Tags({"age", "age-encryption.org", "encryption", "ChaCha20-Poly1305", "X25519"})
@SeeAlso({DecryptContentAge.class})
/* loaded from: input_file:org/apache/nifi/processors/cipher/EncryptContentAge.class */
public class EncryptContentAge extends AbstractProcessor implements VerifiableProcessor {
    static final Relationship SUCCESS = new Relationship.Builder().name("success").description("Encryption Completed").build();
    static final Relationship FAILURE = new Relationship.Builder().name("failure").description("Encryption Failed").build();
    static final PropertyDescriptor FILE_ENCODING = new PropertyDescriptor.Builder().name("File Encoding").displayName("File Encoding").description("Output encoding for encrypted files. Binary encoding provides optimal processing performance.").required(true).defaultValue(FileEncoding.BINARY).allowableValues(FileEncoding.class).build();
    static final PropertyDescriptor PUBLIC_KEY_SOURCE = new PropertyDescriptor.Builder().name("Public Key Source").displayName("Public Key Source").description("Source of information determines the loading strategy for X25519 Public Key Recipients").required(true).defaultValue(KeySource.PROPERTIES).allowableValues(KeySource.class).build();
    static final PropertyDescriptor PUBLIC_KEY_RECIPIENTS = new PropertyDescriptor.Builder().name("Public Key Recipients").displayName("Public Key Recipients").description("One or more X25519 Public Key Recipients, separated with newlines, encoded according to the age specification, starting with age1").required(true).sensitive(true).addValidator(new AgeKeyValidator(AgeKeyIndicator.PUBLIC_KEY)).identifiesExternalResource(ResourceCardinality.SINGLE, ResourceType.TEXT, new ResourceType[0]).dependsOn(PUBLIC_KEY_SOURCE, KeySource.PROPERTIES, new DescribedValue[0]).build();
    static final PropertyDescriptor PUBLIC_KEY_RECIPIENT_RESOURCES = new PropertyDescriptor.Builder().name("Public Key Recipient Resources").displayName("Public Key Recipient Resources").description("One or more files or URLs containing X25519 Public Key Recipients, separated with newlines, encoded according to the age specification, starting with age1").required(true).addValidator(new AgeKeyValidator(AgeKeyIndicator.PUBLIC_KEY)).identifiesExternalResource(ResourceCardinality.MULTIPLE, ResourceType.FILE, new ResourceType[]{ResourceType.URL}).dependsOn(PUBLIC_KEY_SOURCE, KeySource.RESOURCES, new DescribedValue[0]).build();
    private static final Set<Relationship> RELATIONSHIPS = Set.of(SUCCESS, FAILURE);
    private static final List<PropertyDescriptor> PROPERTY_DESCRIPTORS = List.of(FILE_ENCODING, PUBLIC_KEY_SOURCE, PUBLIC_KEY_RECIPIENTS, PUBLIC_KEY_RECIPIENT_RESOURCES);
    private static final AgeKeyReader<RecipientStanzaWriter> PUBLIC_KEY_READER = new AgePublicKeyReader();
    private static final int BUFFER_CAPACITY = 65535;
    private static final String KEY_VERIFICATION_STEP = "Verify Public Key Recipients";
    private static final String NOT_FOUND_EXPLANATION = "Public Key Recipients not found";
    private volatile List<RecipientStanzaWriter> configuredRecipientStanzaWriters = Collections.emptyList();

    /* loaded from: input_file:org/apache/nifi/processors/cipher/EncryptContentAge$EncryptingStreamCallback.class */
    private static class EncryptingStreamCallback extends ChannelStreamCallback {
        private final List<RecipientStanzaWriter> recipientStanzaWriters;
        private final EncryptingChannelFactory encryptingChannelFactory;

        private EncryptingStreamCallback(List<RecipientStanzaWriter> list, EncryptingChannelFactory encryptingChannelFactory) {
            super(EncryptContentAge.BUFFER_CAPACITY);
            this.recipientStanzaWriters = list;
            this.encryptingChannelFactory = encryptingChannelFactory;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.apache.nifi.processors.cipher.io.ChannelStreamCallback
        public WritableByteChannel getWritableChannel(OutputStream outputStream) throws IOException {
            try {
                return this.encryptingChannelFactory.newEncryptingChannel(super.getWritableChannel(outputStream), this.recipientStanzaWriters);
            } catch (GeneralSecurityException e) {
                throw new IOException("Channel initialization failed", e);
            }
        }
    }

    public Set<Relationship> getRelationships() {
        return RELATIONSHIPS;
    }

    public final List<PropertyDescriptor> getSupportedPropertyDescriptors() {
        return PROPERTY_DESCRIPTORS;
    }

    public List<ConfigVerificationResult> verify(ProcessContext processContext, ComponentLog componentLog, Map<String, String> map) {
        ArrayList arrayList = new ArrayList();
        ConfigVerificationResult.Builder verificationStepName = new ConfigVerificationResult.Builder().verificationStepName(KEY_VERIFICATION_STEP);
        try {
            List<RecipientStanzaWriter> recipientStanzaWriters = getRecipientStanzaWriters(processContext);
            if (recipientStanzaWriters.isEmpty()) {
                componentLog.warn(NOT_FOUND_EXPLANATION);
                verificationStepName.outcome(ConfigVerificationResult.Outcome.FAILED).explanation(NOT_FOUND_EXPLANATION);
            } else {
                String format = String.format("Public Key Recipients found: %d", Integer.valueOf(recipientStanzaWriters.size()));
                componentLog.info(format);
                verificationStepName.outcome(ConfigVerificationResult.Outcome.SUCCESSFUL).explanation(format);
            }
        } catch (Exception e) {
            String format2 = String.format("Public Key Recipients not found: %s", e.getMessage());
            componentLog.warn(NOT_FOUND_EXPLANATION, e);
            verificationStepName.outcome(ConfigVerificationResult.Outcome.FAILED).explanation(format2);
        }
        arrayList.add(verificationStepName.build());
        return arrayList;
    }

    @OnScheduled
    public void onScheduled(ProcessContext processContext) throws IOException {
        this.configuredRecipientStanzaWriters = getRecipientStanzaWriters(processContext);
    }

    public void onTrigger(ProcessContext processContext, ProcessSession processSession) {
        FlowFile flowFile = processSession.get();
        if (flowFile == null) {
            return;
        }
        try {
            flowFile = processSession.write(flowFile, new EncryptingStreamCallback(this.configuredRecipientStanzaWriters, getEncryptingChannelFactory((FileEncoding) processContext.getProperty(FILE_ENCODING).asAllowableValue(FileEncoding.class))));
            processSession.transfer(flowFile, SUCCESS);
        } catch (Exception e) {
            getLogger().error("Encryption Failed {}", new Object[]{flowFile, e});
            processSession.transfer(flowFile, FAILURE);
        }
    }

    private EncryptingChannelFactory getEncryptingChannelFactory(FileEncoding fileEncoding) {
        switch (fileEncoding) {
            case ASCII:
                return new ArmoredEncryptingChannelFactory();
            case BINARY:
                return new StandardEncryptingChannelFactory();
            default:
                throw new MatchException((String) null, (Throwable) null);
        }
    }

    private List<RecipientStanzaWriter> getRecipientStanzaWriters(PropertyContext propertyContext) throws IOException {
        List asList;
        switch ((KeySource) propertyContext.getProperty(PUBLIC_KEY_SOURCE).asAllowableValue(KeySource.class)) {
            case PROPERTIES:
                asList = List.of(propertyContext.getProperty(PUBLIC_KEY_RECIPIENTS).asResource());
                break;
            case RESOURCES:
                asList = propertyContext.getProperty(PUBLIC_KEY_RECIPIENT_RESOURCES).asResources().asList();
                break;
            default:
                throw new MatchException((String) null, (Throwable) null);
        }
        List list = asList;
        ArrayList arrayList = new ArrayList();
        Iterator it = list.iterator();
        while (it.hasNext()) {
            InputStream read = ((ResourceReference) it.next()).read();
            try {
                arrayList.addAll(PUBLIC_KEY_READER.read(read));
                if (read != null) {
                    read.close();
                }
            } catch (Throwable th) {
                if (read != null) {
                    try {
                        read.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }
        if (arrayList.isEmpty()) {
            throw new IOException(NOT_FOUND_EXPLANATION);
        }
        return arrayList;
    }
}
