package org.apache.nifi.security.crypto.key.pbkdf2;

import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import org.apache.nifi.security.crypto.key.DerivedKey;
import org.apache.nifi.security.crypto.key.DerivedKeyProvider;
import org.apache.nifi.security.crypto.key.DerivedKeySpec;
import org.apache.nifi.security.crypto.key.DerivedSecretKey;
import org.bouncycastle.crypto.digests.SHA512Digest;
import org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator;

/* loaded from: input_file:org/apache/nifi/security/crypto/key/pbkdf2/Pbkdf2DerivedKeyProvider.class */
public class Pbkdf2DerivedKeyProvider implements DerivedKeyProvider<Pbkdf2DerivedKeyParameterSpec> {
    private static final int BITS = 8;
    private static final Charset PASSWORD_CHARACTER_SET = StandardCharsets.UTF_8;
    private static final Base64.Encoder encoder = Base64.getEncoder().withoutPadding();

    @Override // org.apache.nifi.security.crypto.key.DerivedKeyProvider
    public DerivedKey getDerivedKey(DerivedKeySpec<Pbkdf2DerivedKeyParameterSpec> derivedKeySpec) {
        byte[] derivedKeyBytes = getDerivedKeyBytes(derivedKeySpec);
        return new DerivedSecretKey(derivedKeyBytes, derivedKeySpec.getAlgorithm(), encoder.encodeToString(derivedKeyBytes));
    }

    private byte[] getDerivedKeyBytes(DerivedKeySpec<Pbkdf2DerivedKeyParameterSpec> derivedKeySpec) {
        PKCS5S2ParametersGenerator pKCS5S2ParametersGenerator = new PKCS5S2ParametersGenerator(new SHA512Digest());
        byte[] bytes = new String(derivedKeySpec.getPassword()).getBytes(PASSWORD_CHARACTER_SET);
        Pbkdf2DerivedKeyParameterSpec parameterSpec = derivedKeySpec.getParameterSpec();
        pKCS5S2ParametersGenerator.init(bytes, parameterSpec.getSalt(), parameterSpec.getIterations());
        return pKCS5S2ParametersGenerator.generateDerivedParameters(derivedKeySpec.getDerivedKeyLength() * BITS).getKey();
    }
}
