package org.apache.nifi.processors.pgp;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.UncheckedIOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import org.apache.nifi.annotation.behavior.InputRequirement;
import org.apache.nifi.annotation.behavior.WritesAttribute;
import org.apache.nifi.annotation.behavior.WritesAttributes;
import org.apache.nifi.annotation.documentation.CapabilityDescription;
import org.apache.nifi.annotation.documentation.SeeAlso;
import org.apache.nifi.annotation.documentation.Tags;
import org.apache.nifi.components.AllowableValue;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.components.PropertyValue;
import org.apache.nifi.components.ValidationContext;
import org.apache.nifi.components.ValidationResult;
import org.apache.nifi.flowfile.FlowFile;
import org.apache.nifi.pgp.service.api.KeyIdentifierConverter;
import org.apache.nifi.pgp.service.api.PGPPrivateKeyService;
import org.apache.nifi.processor.AbstractProcessor;
import org.apache.nifi.processor.ProcessContext;
import org.apache.nifi.processor.ProcessSession;
import org.apache.nifi.processor.Relationship;
import org.apache.nifi.processor.io.StreamCallback;
import org.apache.nifi.processor.util.StandardValidators;
import org.apache.nifi.processors.pgp.attributes.DecryptionStrategy;
import org.apache.nifi.processors.pgp.exception.PGPDecryptionException;
import org.apache.nifi.processors.pgp.exception.PGPProcessException;
import org.apache.nifi.stream.io.StreamUtils;
import org.apache.nifi.util.StringUtils;
import org.bouncycastle.openpgp.PGPCompressedData;
import org.bouncycastle.openpgp.PGPEncryptedData;
import org.bouncycastle.openpgp.PGPEncryptedDataList;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPLiteralData;
import org.bouncycastle.openpgp.PGPObjectFactory;
import org.bouncycastle.openpgp.PGPPBEEncryptedData;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPPublicKeyEncryptedData;
import org.bouncycastle.openpgp.PGPUtil;
import org.bouncycastle.openpgp.jcajce.JcaPGPObjectFactory;
import org.bouncycastle.openpgp.operator.bc.BcPBEDataDecryptorFactory;
import org.bouncycastle.openpgp.operator.bc.BcPGPDigestCalculatorProvider;
import org.bouncycastle.openpgp.operator.bc.BcPublicKeyDataDecryptorFactory;

@CapabilityDescription("Decrypt contents of OpenPGP messages. Using the Packaged Decryption Strategy preserves OpenPGP encoding to support subsequent signature verification.")
@InputRequirement(InputRequirement.Requirement.INPUT_REQUIRED)
@Tags({"PGP", "GPG", "OpenPGP", "Encryption", "RFC 4880"})
@SeeAlso({EncryptContentPGP.class, SignContentPGP.class, VerifyContentPGP.class})
@WritesAttributes({@WritesAttribute(attribute = "pgp.literal.data.filename", description = "Filename from decrypted Literal Data"), @WritesAttribute(attribute = "pgp.literal.data.modified", description = "Modified Date from decrypted Literal Data"), @WritesAttribute(attribute = "pgp.symmetric.key.algorithm.block.cipher", description = "Symmetric-Key Algorithm Block Cipher"), @WritesAttribute(attribute = "pgp.symmetric.key.algorithm.id", description = "Symmetric-Key Algorithm Identifier")})
/* loaded from: input_file:org/apache/nifi/processors/pgp/DecryptContentPGP.class */
public class DecryptContentPGP extends AbstractProcessor {
    public static final Relationship SUCCESS = new Relationship.Builder().name("success").description("Decryption Succeeded").build();
    public static final Relationship FAILURE = new Relationship.Builder().name("failure").description("Decryption Failed").build();
    public static final PropertyDescriptor DECRYPTION_STRATEGY = new PropertyDescriptor.Builder().name("decryption-strategy").displayName("Decryption Strategy").description("Strategy for writing files to success after decryption").required(true).defaultValue(DecryptionStrategy.DECRYPTED.name()).allowableValues((AllowableValue[]) Arrays.stream(DecryptionStrategy.values()).map(decryptionStrategy -> {
        return new AllowableValue(decryptionStrategy.name(), decryptionStrategy.name(), decryptionStrategy.getDescription());
    }).toArray(i -> {
        return new AllowableValue[i];
    })).build();
    public static final PropertyDescriptor PASSPHRASE = new PropertyDescriptor.Builder().name("passphrase").displayName("Passphrase").description("Passphrase used for decrypting data encrypted with Password-Based Encryption").sensitive(true).addValidator(StandardValidators.NON_EMPTY_VALIDATOR).build();
    public static final PropertyDescriptor PRIVATE_KEY_SERVICE = new PropertyDescriptor.Builder().name("private-key-service").displayName("Private Key Service").description("PGP Private Key Service for decrypting data encrypted with Public Key Encryption").identifiesControllerService(PGPPrivateKeyService.class).build();
    private static final Set<Relationship> RELATIONSHIPS = new HashSet(Arrays.asList(SUCCESS, FAILURE));
    private static final List<PropertyDescriptor> DESCRIPTORS = Arrays.asList(DECRYPTION_STRATEGY, PASSPHRASE, PRIVATE_KEY_SERVICE);
    private static final String PASSWORD_BASED_ENCRYPTION = "Password-Based Encryption";
    private static final String PUBLIC_KEY_ENCRYPTION = "Public Key Encryption";

    /* loaded from: input_file:org/apache/nifi/processors/pgp/DecryptContentPGP$DecryptStreamCallback.class */
    private class DecryptStreamCallback implements StreamCallback {
        private final char[] passphrase;
        private final PGPPrivateKeyService privateKeyService;
        private final DecryptionStrategy decryptionStrategy;
        private final Map<String, String> attributes = new HashMap();

        public DecryptStreamCallback(char[] cArr, PGPPrivateKeyService pGPPrivateKeyService, DecryptionStrategy decryptionStrategy) {
            this.passphrase = cArr;
            this.privateKeyService = pGPPrivateKeyService;
            this.decryptionStrategy = decryptionStrategy;
        }

        public void process(InputStream inputStream, OutputStream outputStream) throws IOException {
            PGPEncryptedData findSupportedEncryptedData = findSupportedEncryptedData(getEncryptedDataList(inputStream));
            if (DecryptionStrategy.PACKAGED == this.decryptionStrategy) {
                try {
                    StreamUtils.copy(getDecryptedDataStream(findSupportedEncryptedData), outputStream);
                } catch (PGPException e) {
                    throw new PGPDecryptionException(String.format("PGP Decryption Failed [%s]", getEncryptedDataType(findSupportedEncryptedData)), e);
                }
            } else {
                PGPLiteralData literalData = getLiteralData(findSupportedEncryptedData);
                this.attributes.put("pgp.literal.data.filename", literalData.getFileName());
                this.attributes.put("pgp.literal.data.modified", Long.toString(literalData.getModificationTime().getTime()));
                DecryptContentPGP.this.getLogger().debug("PGP Decrypted File Name [{}] Modified [{}]", new Object[]{literalData.getFileName(), literalData.getModificationTime()});
                StreamUtils.copy(literalData.getInputStream(), outputStream);
            }
            if (!isVerified(findSupportedEncryptedData)) {
                throw new PGPDecryptionException(String.format("PGP Encrypted Data [%s] Not Verified", findSupportedEncryptedData.getClass().getSimpleName()));
            }
            DecryptContentPGP.this.getLogger().debug("PGP Encrypted Data Verified");
        }

        /* JADX WARN: Code restructure failed: missing block: B:36:0x00ed, code lost:
        
            if (r0.hasNext() != false) goto L25;
         */
        /* JADX WARN: Code restructure failed: missing block: B:38:0x00f7, code lost:
        
            if (r0.hasNext() == false) goto L45;
         */
        /* JADX WARN: Code restructure failed: missing block: B:39:0x00fa, code lost:
        
            r0 = (org.bouncycastle.openpgp.PGPPublicKeyEncryptedData) r0.next();
            r0 = r0.getKeyID();
         */
        /* JADX WARN: Code restructure failed: missing block: B:40:0x011f, code lost:
        
            if (r7.privateKeyService.findPrivateKey(r0).isPresent() == false) goto L47;
         */
        /* JADX WARN: Code restructure failed: missing block: B:42:0x0122, code lost:
        
            r9 = r0;
            r7.this$0.getLogger().debug("PGP Private Key [{}] Found for Public Key Encrypted Data", new java.lang.Object[]{org.apache.nifi.pgp.service.api.KeyIdentifierConverter.format(r0)});
         */
        /*
            Code decompiled incorrectly, please refer to instructions dump.
            To view partially-correct add '--show-bad-code' argument
        */
        private org.bouncycastle.openpgp.PGPEncryptedData findSupportedEncryptedData(org.bouncycastle.openpgp.PGPEncryptedDataList r8) {
            /*
                Method dump skipped, instructions count: 381
                To view this dump add '--comments-level debug' option
            */
            throw new UnsupportedOperationException("Method not decompiled: org.apache.nifi.processors.pgp.DecryptContentPGP.DecryptStreamCallback.findSupportedEncryptedData(org.bouncycastle.openpgp.PGPEncryptedDataList):org.bouncycastle.openpgp.PGPEncryptedData");
        }

        private PGPLiteralData getLiteralData(PGPEncryptedData pGPEncryptedData) {
            try {
                return getLiteralData((PGPObjectFactory) new JcaPGPObjectFactory(getDecryptedDataStream(pGPEncryptedData)));
            } catch (PGPException e) {
                throw new PGPDecryptionException(String.format("PGP Decryption Failed [%s]", getEncryptedDataType(pGPEncryptedData)), e);
            }
        }

        private PGPLiteralData getLiteralData(PGPObjectFactory pGPObjectFactory) throws PGPException {
            PGPLiteralData pGPLiteralData = null;
            Iterator it = pGPObjectFactory.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Object next = it.next();
                if (next instanceof PGPCompressedData) {
                    PGPCompressedData pGPCompressedData = (PGPCompressedData) next;
                    DecryptContentPGP.this.getLogger().debug("PGP Compressed Data Algorithm [{}] Found", new Object[]{Integer.valueOf(pGPCompressedData.getAlgorithm())});
                    pGPLiteralData = getLiteralData((PGPObjectFactory) new JcaPGPObjectFactory(pGPCompressedData.getDataStream()));
                    break;
                }
                if (next instanceof PGPLiteralData) {
                    pGPLiteralData = (PGPLiteralData) next;
                    break;
                }
            }
            if (pGPLiteralData == null) {
                throw new PGPProcessException("PGP Literal Data not found");
            }
            return pGPLiteralData;
        }

        private InputStream getDecryptedDataStream(PGPEncryptedData pGPEncryptedData) throws PGPException {
            DecryptContentPGP.this.getLogger().debug("PGP Encrypted Data [{}] Found", new Object[]{getEncryptedDataType(pGPEncryptedData)});
            if (pGPEncryptedData instanceof PGPPBEEncryptedData) {
                return getDecryptedDataStream((PGPPBEEncryptedData) pGPEncryptedData);
            }
            if (pGPEncryptedData instanceof PGPPublicKeyEncryptedData) {
                return getDecryptedDataStream((PGPPublicKeyEncryptedData) pGPEncryptedData);
            }
            throw new UnsupportedOperationException(String.format("PGP Encrypted Data [%s] Not Supported", getEncryptedDataType(pGPEncryptedData)));
        }

        private InputStream getDecryptedDataStream(PGPPBEEncryptedData pGPPBEEncryptedData) throws PGPException {
            if (this.passphrase == null) {
                throw new PGPProcessException("PGP Password-Based Encryption Found: Passphrase not configured");
            }
            BcPBEDataDecryptorFactory bcPBEDataDecryptorFactory = new BcPBEDataDecryptorFactory(this.passphrase, new BcPGPDigestCalculatorProvider());
            setSymmetricKeyAlgorithmAttributes(pGPPBEEncryptedData.getSymmetricAlgorithm(bcPBEDataDecryptorFactory));
            return pGPPBEEncryptedData.getDataStream(bcPBEDataDecryptorFactory);
        }

        private InputStream getDecryptedDataStream(PGPPublicKeyEncryptedData pGPPublicKeyEncryptedData) throws PGPException {
            if (this.privateKeyService == null) {
                throw new PGPProcessException("PGP Public Key Encryption Found: Private Key Service not configured");
            }
            long keyID = pGPPublicKeyEncryptedData.getKeyID();
            Optional findPrivateKey = this.privateKeyService.findPrivateKey(keyID);
            if (!findPrivateKey.isPresent()) {
                throw new PGPDecryptionException(String.format("PGP Private Key [%s] not found for Public Key Encryption", KeyIdentifierConverter.format(keyID)));
            }
            BcPublicKeyDataDecryptorFactory bcPublicKeyDataDecryptorFactory = new BcPublicKeyDataDecryptorFactory((PGPPrivateKey) findPrivateKey.get());
            setSymmetricKeyAlgorithmAttributes(pGPPublicKeyEncryptedData.getSymmetricAlgorithm(bcPublicKeyDataDecryptorFactory));
            return pGPPublicKeyEncryptedData.getDataStream(bcPublicKeyDataDecryptorFactory);
        }

        private void setSymmetricKeyAlgorithmAttributes(int i) {
            this.attributes.put("pgp.symmetric.key.algorithm.block.cipher", PGPUtil.getSymmetricCipherName(i));
            this.attributes.put("pgp.symmetric.key.algorithm.id", Integer.toString(i));
        }

        private boolean isVerified(PGPEncryptedData pGPEncryptedData) {
            boolean verify;
            if (pGPEncryptedData.isIntegrityProtected()) {
                try {
                    verify = pGPEncryptedData.verify();
                } catch (PGPException e) {
                    throw new PGPDecryptionException("PGP Encrypted Data Verification Failed", e);
                } catch (IOException e2) {
                    throw new UncheckedIOException("PGP Encrypted Data Reading Signature Failed", e2);
                }
            } else {
                verify = true;
            }
            return verify;
        }

        private PGPEncryptedDataList getEncryptedDataList(InputStream inputStream) throws IOException {
            PGPEncryptedDataList findEncryptedDataList = findEncryptedDataList(PGPUtil.getDecoderStream(inputStream));
            if (findEncryptedDataList == null) {
                throw new PGPProcessException("PGP Encrypted Data Packets not found");
            }
            DecryptContentPGP.this.getLogger().debug("PGP Encrypted Data Packets found [{}]", new Object[]{Integer.valueOf(findEncryptedDataList.size())});
            return findEncryptedDataList;
        }

        private PGPEncryptedDataList findEncryptedDataList(InputStream inputStream) {
            PGPEncryptedDataList pGPEncryptedDataList = null;
            Iterator it = new JcaPGPObjectFactory(inputStream).iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Object next = it.next();
                DecryptContentPGP.this.getLogger().debug("PGP Object Read [{}]", new Object[]{next.getClass().getSimpleName()});
                if (next instanceof PGPEncryptedDataList) {
                    pGPEncryptedDataList = (PGPEncryptedDataList) next;
                    break;
                }
            }
            return pGPEncryptedDataList;
        }

        private String getEncryptedDataType(PGPEncryptedData pGPEncryptedData) {
            String simpleName = pGPEncryptedData.getClass().getSimpleName();
            if (pGPEncryptedData instanceof PGPPBEEncryptedData) {
                simpleName = DecryptContentPGP.PASSWORD_BASED_ENCRYPTION;
            } else if (pGPEncryptedData instanceof PGPPublicKeyEncryptedData) {
                simpleName = DecryptContentPGP.PUBLIC_KEY_ENCRYPTION;
            }
            return simpleName;
        }
    }

    public Set<Relationship> getRelationships() {
        return RELATIONSHIPS;
    }

    public final List<PropertyDescriptor> getSupportedPropertyDescriptors() {
        return DESCRIPTORS;
    }

    public void onTrigger(ProcessContext processContext, ProcessSession processSession) {
        FlowFile flowFile = processSession.get();
        if (flowFile == null) {
            return;
        }
        DecryptStreamCallback decryptStreamCallback = new DecryptStreamCallback(getPassphrase(processContext), getPrivateKeyService(processContext), getDecryptionStrategy(processContext));
        try {
            flowFile = processSession.putAllAttributes(processSession.write(flowFile, decryptStreamCallback), decryptStreamCallback.attributes);
            processSession.transfer(flowFile, SUCCESS);
        } catch (RuntimeException e) {
            getLogger().error("Decryption Failed {}", new Object[]{flowFile, e});
            processSession.transfer(flowFile, FAILURE);
        }
    }

    protected Collection<ValidationResult> customValidate(ValidationContext validationContext) {
        ArrayList arrayList = new ArrayList();
        if (StringUtils.isBlank(validationContext.getProperty(PASSPHRASE).getValue()) && validationContext.getProperty(PRIVATE_KEY_SERVICE).asControllerService(PGPPrivateKeyService.class) == null) {
            arrayList.add(new ValidationResult.Builder().valid(false).subject(getClass().getSimpleName()).explanation(String.format("Neither [%s] nor [%s] configured", PASSPHRASE.getDisplayName(), PRIVATE_KEY_SERVICE.getDisplayName())).build());
        }
        return arrayList;
    }

    private char[] getPassphrase(ProcessContext processContext) {
        char[] cArr = null;
        PropertyValue property = processContext.getProperty(PASSPHRASE);
        if (property.isSet()) {
            cArr = property.getValue().toCharArray();
        }
        return cArr;
    }

    private PGPPrivateKeyService getPrivateKeyService(ProcessContext processContext) {
        PGPPrivateKeyService pGPPrivateKeyService = null;
        PropertyValue property = processContext.getProperty(PRIVATE_KEY_SERVICE);
        if (property.isSet()) {
            pGPPrivateKeyService = (PGPPrivateKeyService) property.asControllerService(PGPPrivateKeyService.class);
        }
        return pGPPrivateKeyService;
    }

    private DecryptionStrategy getDecryptionStrategy(ProcessContext processContext) {
        return DecryptionStrategy.valueOf(processContext.getProperty(DECRYPTION_STRATEGY).getValue());
    }
}
