package org.apache.nifi.controller.repository;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.security.KeyManagementException;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.security.kms.EncryptionException;
import org.apache.nifi.security.kms.KeyProvider;
import org.apache.nifi.security.repository.RepositoryEncryptorUtils;
import org.apache.nifi.security.repository.block.aes.RepositoryObjectAESGCMEncryptor;
import org.apache.nifi.security.repository.config.FlowFileRepositoryEncryptionConfiguration;
import org.apache.nifi.stream.io.StreamUtils;
import org.apache.nifi.util.NiFiProperties;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.wali.SerDe;
import org.wali.UpdateType;

/* loaded from: input_file:org/apache/nifi/controller/repository/EncryptedSchemaRepositoryRecordSerde.class */
public class EncryptedSchemaRepositoryRecordSerde implements SerDe<SerializedRepositoryRecord> {
    private static final Logger logger = LoggerFactory.getLogger(EncryptedSchemaRepositoryRecordSerde.class);
    private final SerDe<SerializedRepositoryRecord> wrappedSerDe;
    private final KeyProvider keyProvider;
    private String activeKeyId;

    public EncryptedSchemaRepositoryRecordSerde(SerDe<SerializedRepositoryRecord> serDe, FlowFileRepositoryEncryptionConfiguration flowFileRepositoryEncryptionConfiguration) throws IOException {
        if (serDe == null) {
            throw new IllegalArgumentException("This implementation must be provided another serde instance to function");
        }
        this.wrappedSerDe = serDe;
        this.keyProvider = RepositoryEncryptorUtils.validateAndBuildRepositoryKeyProvider(flowFileRepositoryEncryptionConfiguration);
        setActiveKeyId(flowFileRepositoryEncryptionConfiguration.getEncryptionKeyId());
    }

    public EncryptedSchemaRepositoryRecordSerde(SerDe<SerializedRepositoryRecord> serDe, NiFiProperties niFiProperties) throws IOException {
        this(serDe, new FlowFileRepositoryEncryptionConfiguration(niFiProperties));
    }

    String getActiveKeyId() {
        return this.activeKeyId;
    }

    public void setActiveKeyId(String str) {
        if (!StringUtils.isNotBlank(str) || !this.keyProvider.keyExists(str)) {
            logger.warn("Attempted to set active key ID to '" + str + "' but that is not a valid or available key ID. Keeping active key ID as '" + this.activeKeyId + "'");
        } else {
            this.activeKeyId = str;
            logger.debug("Set active key ID to '" + str + "'");
        }
    }

    public void writeHeader(DataOutputStream dataOutputStream) throws IOException {
        this.wrappedSerDe.writeHeader(dataOutputStream);
        if (logger.isDebugEnabled()) {
            logger.debug("Wrote schema header ({} bytes) to output stream", Integer.valueOf(dataOutputStream.size()));
        }
    }

    public void readHeader(DataInputStream dataInputStream) throws IOException {
        this.wrappedSerDe.readHeader(dataInputStream);
    }

    @Deprecated
    public void serializeEdit(SerializedRepositoryRecord serializedRepositoryRecord, SerializedRepositoryRecord serializedRepositoryRecord2, DataOutputStream dataOutputStream) throws IOException {
        serializeRecord(serializedRepositoryRecord2, dataOutputStream);
    }

    public void serializeRecord(SerializedRepositoryRecord serializedRepositoryRecord, DataOutputStream dataOutputStream) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        DataOutputStream dataOutputStream2 = new DataOutputStream(byteArrayOutputStream);
        String obj = getRecordIdentifier(serializedRepositoryRecord).toString();
        this.wrappedSerDe.serializeRecord(serializedRepositoryRecord, dataOutputStream2);
        dataOutputStream2.flush();
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        logger.debug("Serialized flowfile record {} to temp stream with length {}", obj, Integer.valueOf(byteArray.length));
        encryptToStream(byteArray, obj, dataOutputStream);
        logger.debug("Encrypted serialized flowfile record {} to actual output stream", obj);
    }

    private void encryptToStream(byte[] bArr, String str, DataOutputStream dataOutputStream) throws IOException {
        try {
            RepositoryObjectAESGCMEncryptor repositoryObjectAESGCMEncryptor = new RepositoryObjectAESGCMEncryptor();
            repositoryObjectAESGCMEncryptor.initialize(this.keyProvider);
            logger.debug("Initialized {} for flowfile record {}", repositoryObjectAESGCMEncryptor.toString(), str);
            byte[] encrypt = repositoryObjectAESGCMEncryptor.encrypt(bArr, str, getActiveKeyId());
            logger.debug("Encrypted {} bytes for flowfile record {}", Integer.valueOf(encrypt.length), str);
            dataOutputStream.writeInt(encrypt.length);
            dataOutputStream.write(encrypt);
            logger.debug("Wrote {} bytes (encrypted, including length) for flowfile record {} to output stream", Integer.valueOf(encrypt.length + 4), str);
        } catch (KeyManagementException | EncryptionException e) {
            logger.error("Encountered an error encrypting & serializing flowfile record {} due to {}", str, e.getLocalizedMessage());
            if (logger.isDebugEnabled()) {
                logger.debug(e.getLocalizedMessage(), e);
            }
            throw new IOException("Encountered an error encrypting & serializing flowfile record " + str, e);
        }
    }

    @Deprecated
    public SerializedRepositoryRecord deserializeEdit(DataInputStream dataInputStream, Map<Object, SerializedRepositoryRecord> map, int i) throws IOException {
        return m2deserializeRecord(dataInputStream, i);
    }

    /* renamed from: deserializeRecord, reason: merged with bridge method [inline-methods] */
    public SerializedRepositoryRecord m2deserializeRecord(DataInputStream dataInputStream, int i) throws IOException {
        int readInt = dataInputStream.readInt();
        if (readInt == -1) {
            return null;
        }
        byte[] bArr = new byte[readInt];
        StreamUtils.fillBuffer(dataInputStream, bArr);
        logger.debug("Read {} bytes (encrypted, including length) from actual input stream", Integer.valueOf(readInt + 4));
        SerializedRepositoryRecord serializedRepositoryRecord = (SerializedRepositoryRecord) this.wrappedSerDe.deserializeRecord(decryptToStream(bArr), i);
        logger.debug("Deserialized flowfile record {} from temp stream", getRecordIdentifier(serializedRepositoryRecord));
        return serializedRepositoryRecord;
    }

    private DataInputStream decryptToStream(byte[] bArr) throws IOException {
        try {
            RepositoryObjectAESGCMEncryptor repositoryObjectAESGCMEncryptor = new RepositoryObjectAESGCMEncryptor();
            repositoryObjectAESGCMEncryptor.initialize(this.keyProvider);
            logger.debug("Initialized {} for decrypting flowfile record", repositoryObjectAESGCMEncryptor.toString());
            byte[] decrypt = repositoryObjectAESGCMEncryptor.decrypt(bArr, "[pending record ID]");
            logger.debug("Decrypted {} bytes for flowfile record", Integer.valueOf(bArr.length));
            return new DataInputStream(new ByteArrayInputStream(decrypt));
        } catch (KeyManagementException | EncryptionException e) {
            logger.error("Encountered an error decrypting & deserializing flowfile record due to {}", e.getLocalizedMessage());
            if (logger.isDebugEnabled()) {
                logger.debug(e.getLocalizedMessage(), e);
            }
            throw new IOException("Encountered an error decrypting & deserializing flowfile record", e);
        }
    }

    public Object getRecordIdentifier(SerializedRepositoryRecord serializedRepositoryRecord) {
        return this.wrappedSerDe.getRecordIdentifier(serializedRepositoryRecord);
    }

    public UpdateType getUpdateType(SerializedRepositoryRecord serializedRepositoryRecord) {
        return this.wrappedSerDe.getUpdateType(serializedRepositoryRecord);
    }

    public String getLocation(SerializedRepositoryRecord serializedRepositoryRecord) {
        return this.wrappedSerDe.getLocation(serializedRepositoryRecord);
    }

    public int getVersion() {
        return this.wrappedSerDe.getVersion();
    }

    @Deprecated
    /* renamed from: deserializeEdit, reason: collision with other method in class */
    public /* bridge */ /* synthetic */ Object m3deserializeEdit(DataInputStream dataInputStream, Map map, int i) throws IOException {
        return deserializeEdit(dataInputStream, (Map<Object, SerializedRepositoryRecord>) map, i);
    }
}
