package org.apache.nifi.security.util.crypto;

import java.util.concurrent.TimeUnit;
import org.antlr.runtime.misc.LookaheadStream;
import org.bouncycastle.crypto.generators.Argon2BytesGenerator;
import org.bouncycastle.crypto.params.Argon2Parameters;
import org.bouncycastle.util.encoders.Hex;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/nifi-security-utils-1.12.0.jar:org/apache/nifi/security/util/crypto/Argon2SecureHasher.class */
public class Argon2SecureHasher extends AbstractSecureHasher {
    private static final int DEFAULT_HASH_LENGTH = 32;
    public static final int DEFAULT_PARALLELISM = 8;
    public static final int DEFAULT_MEMORY = 65536;
    public static final int DEFAULT_ITERATIONS = 5;
    private static final int DEFAULT_SALT_LENGTH = 16;
    private static final int MIN_MEMORY_SIZE_KB = 8;
    private static final int MIN_PARALLELISM = 1;
    private static final int MIN_HASH_LENGTH = 4;
    private static final int MIN_ITERATIONS = 1;
    private static final int MIN_SALT_LENGTH = 8;
    private final Integer hashLength;
    private final Integer memory;
    private final int parallelism;
    private final Integer iterations;
    private static final Logger logger = LoggerFactory.getLogger(Argon2SecureHasher.class);
    private static final int MAX_PARALLELISM = Double.valueOf(Math.pow(2.0d, 24.0d)).intValue() - 1;

    public Argon2SecureHasher() {
        this(32, 65536, 8, 5, 0);
    }

    public Argon2SecureHasher(Integer num) {
        this(num, 65536, 8, 5, 0);
    }

    public Argon2SecureHasher(Integer num, Integer num2, int i, Integer num3) {
        this(num, num2, i, num3, 0);
    }

    public Argon2SecureHasher(Integer num, Integer num2, int i, Integer num3, Integer num4) {
        validateParameters(num, num2, i, num3, num4);
        this.hashLength = num;
        this.memory = num2;
        this.parallelism = i;
        this.iterations = num3;
        this.saltLength = num4.intValue();
    }

    private void validateParameters(Integer num, Integer num2, int i, Integer num3, Integer num4) {
        if (!isHashLengthValid(num)) {
            logger.error("The provided hash length {} is outside the boundary of 4 to 2^32 - 1.", num);
            throw new IllegalArgumentException("Invalid hash length is not within the hashLength boundary.");
        }
        if (!isMemorySizeValid(num2)) {
            logger.error("The provided memory size {} KiB is outside the boundary of 8p to 2^32 - 1.", num2);
            throw new IllegalArgumentException("Invalid memory size is not within the memory boundary.");
        }
        if (!isParallelismValid(i)) {
            logger.error("The provided parallelization factor {} is outside the boundary of 1 to 2^24 - 1.", Integer.valueOf(i));
            throw new IllegalArgumentException("Invalid parallelization factor exceeds the parallelism boundary.");
        }
        if (isIterationsValid(num3)) {
            initializeSalt(num4);
        } else {
            logger.error("The iteration count {} is outside the boundary of 1 to 2^32 - 1.", num3);
            throw new IllegalArgumentException("Invalid iteration count exceeds the iterations boundary.");
        }
    }

    @Override // org.apache.nifi.security.util.crypto.AbstractSecureHasher
    String getAlgorithmName() {
        return "Argon2";
    }

    @Override // org.apache.nifi.security.util.crypto.AbstractSecureHasher
    boolean acceptsEmptyInput() {
        return true;
    }

    public static boolean isHashLengthValid(Integer num) {
        return num.intValue() >= 4 && num.intValue() <= UPPER_BOUNDARY.intValue();
    }

    public static boolean isMemorySizeValid(Integer num) {
        if (num.intValue() < 65536) {
            logger.warn("The provided memory size {} KiB is below the recommended minimum {} KiB.", num, 65536);
        }
        return num.intValue() >= 8 && num.intValue() <= UPPER_BOUNDARY.intValue();
    }

    public static boolean isParallelismValid(int i) {
        if (i < 8) {
            logger.warn("The provided parallelization factor {} is below the recommended minimum {}.", Integer.valueOf(i), 8);
        }
        return i >= 1 && i <= MAX_PARALLELISM;
    }

    public static boolean isIterationsValid(Integer num) {
        if (num.intValue() < 5) {
            logger.warn("The provided iteration count {} is below the recommended minimum {}.", num, 5);
        }
        return num.intValue() >= 1 && num.intValue() <= UPPER_BOUNDARY.intValue();
    }

    @Override // org.apache.nifi.security.util.crypto.AbstractSecureHasher
    int getDefaultSaltLength() {
        return 16;
    }

    @Override // org.apache.nifi.security.util.crypto.AbstractSecureHasher
    int getMinSaltLength() {
        return 8;
    }

    @Override // org.apache.nifi.security.util.crypto.AbstractSecureHasher
    int getMaxSaltLength() {
        return LookaheadStream.UNINITIALIZED_EOF_ELEMENT_INDEX;
    }

    @Override // org.apache.nifi.security.util.crypto.AbstractSecureHasher
    byte[] hash(byte[] bArr) {
        return hash(bArr, getSalt());
    }

    @Override // org.apache.nifi.security.util.crypto.AbstractSecureHasher
    byte[] hash(byte[] bArr, byte[] bArr2) {
        logger.debug("Creating {} byte Argon2 hash with salt [{}]", this.hashLength, Hex.toHexString(bArr2));
        if (!isSaltLengthValid(Integer.valueOf(bArr2.length))) {
            throw new IllegalArgumentException("The salt length (" + bArr2.length + " bytes) is invalid");
        }
        byte[] bArr3 = new byte[this.hashLength.intValue()];
        long nanoTime = System.nanoTime();
        Argon2Parameters build = new Argon2Parameters.Builder(2).withSalt(bArr2).withParallelism(this.parallelism).withMemoryAsKB(this.memory.intValue()).withIterations(this.iterations.intValue()).build();
        Argon2BytesGenerator argon2BytesGenerator = new Argon2BytesGenerator();
        argon2BytesGenerator.init(build);
        long nanoTime2 = System.nanoTime();
        argon2BytesGenerator.generateBytes(bArr, bArr3);
        long nanoTime3 = System.nanoTime();
        long micros = TimeUnit.NANOSECONDS.toMicros(nanoTime2 - nanoTime);
        long micros2 = TimeUnit.NANOSECONDS.toMicros(nanoTime3 - nanoTime2);
        logger.debug("Generated Argon2 hash in {} ms (init: {} µs, generate: {} µs)", new Object[]{Long.valueOf(TimeUnit.MICROSECONDS.toMillis(micros + micros2)), Long.valueOf(micros), Long.valueOf(micros2)});
        return bArr3;
    }
}
