package org.apache.nifi.encrypt;

import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.util.Objects;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.deprecation.log.DeprecationLogger;
import org.apache.nifi.deprecation.log.DeprecationLoggerFactory;
import org.apache.nifi.security.util.KeyDerivationFunction;
import org.apache.nifi.security.util.crypto.Argon2SecureHasher;
import org.apache.nifi.security.util.crypto.KeyDerivationBcryptSecureHasher;
import org.apache.nifi.security.util.crypto.PBKDF2SecureHasher;
import org.apache.nifi.security.util.crypto.ScryptSecureHasher;
import org.apache.nifi.security.util.crypto.SecureHasher;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/nifi/encrypt/StandardPropertySecretKeyProvider.class */
class StandardPropertySecretKeyProvider implements PropertySecretKeyProvider {
    private static final Logger LOGGER = LoggerFactory.getLogger(StandardPropertySecretKeyProvider.class);
    private static final Charset PASSWORD_CHARSET = StandardCharsets.UTF_8;
    private static final int MINIMUM_PASSWORD_LENGTH = 12;
    private static final String PASSWORD_LENGTH_MESSAGE = String.format("Key Password length less than required [%d]", Integer.valueOf(MINIMUM_PASSWORD_LENGTH));
    private static final String SECRET_KEY_ALGORITHM = "AES";

    @Override // org.apache.nifi.encrypt.PropertySecretKeyProvider
    public SecretKey getSecretKey(PropertyEncryptionMethod propertyEncryptionMethod, String str) {
        Objects.requireNonNull(propertyEncryptionMethod, "Property Encryption Method is required");
        Objects.requireNonNull(str, "Password is required");
        if (StringUtils.length(str) < MINIMUM_PASSWORD_LENGTH) {
            throw new EncryptionException(PASSWORD_LENGTH_MESSAGE);
        }
        KeyDerivationFunction keyDerivationFunction = propertyEncryptionMethod.getKeyDerivationFunction();
        LOGGER.debug("Generating [{}-{}] Secret Key using [{}]", new Object[]{SECRET_KEY_ALGORITHM, Integer.valueOf(propertyEncryptionMethod.getKeyLength()), keyDerivationFunction.getKdfName()});
        logDeprecated(propertyEncryptionMethod);
        return new SecretKeySpec(getSecureHasher(propertyEncryptionMethod).hashRaw(str.getBytes(PASSWORD_CHARSET)), SECRET_KEY_ALGORITHM);
    }

    private static SecureHasher getSecureHasher(PropertyEncryptionMethod propertyEncryptionMethod) {
        KeyDerivationFunction keyDerivationFunction = propertyEncryptionMethod.getKeyDerivationFunction();
        int hashLength = propertyEncryptionMethod.getHashLength();
        if (KeyDerivationFunction.ARGON2.equals(keyDerivationFunction)) {
            return new Argon2SecureHasher(Integer.valueOf(hashLength));
        }
        if (KeyDerivationFunction.BCRYPT.equals(keyDerivationFunction)) {
            return new KeyDerivationBcryptSecureHasher(hashLength);
        }
        if (KeyDerivationFunction.PBKDF2.equals(keyDerivationFunction)) {
            return new PBKDF2SecureHasher(hashLength);
        }
        if (KeyDerivationFunction.SCRYPT.equals(keyDerivationFunction)) {
            return new ScryptSecureHasher(hashLength);
        }
        throw new EncryptionException(String.format("Key Derivation Function [%s] not supported", keyDerivationFunction.getKdfName()));
    }

    private static void logDeprecated(PropertyEncryptionMethod propertyEncryptionMethod) {
        DeprecationLogger logger = DeprecationLoggerFactory.getLogger(StandardPropertySecretKeyProvider.class);
        PropertyEncryptionMethod propertyEncryptionMethod2 = PropertyEncryptionMethod.NIFI_PBKDF2_AES_GCM_256;
        KeyDerivationFunction keyDerivationFunction = propertyEncryptionMethod.getKeyDerivationFunction();
        int keyLength = propertyEncryptionMethod.getKeyLength();
        if (KeyDerivationFunction.BCRYPT == keyDerivationFunction || KeyDerivationFunction.SCRYPT == keyDerivationFunction) {
            logger.warn("Sensitive Properties Algorithm [{}] is deprecated in favor of [{}]", new Object[]{propertyEncryptionMethod, propertyEncryptionMethod2});
        } else if (keyLength == 128) {
            logger.warn("Sensitive Properties Algorithm [{}] Key Length [{}] should be upgraded to Key Length [{}]", new Object[]{propertyEncryptionMethod, Integer.valueOf(keyLength), Integer.valueOf(propertyEncryptionMethod2.getKeyLength())});
        }
    }
}
