package org.apache.nifi.encrypt;

import java.util.Objects;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.apache.nifi.security.crypto.key.DerivedKey;
import org.apache.nifi.security.crypto.key.StandardDerivedKeySpec;
import org.apache.nifi.security.crypto.key.argon2.Argon2DerivedKeyParameterSpec;
import org.apache.nifi.security.crypto.key.argon2.Argon2DerivedKeyProvider;
import org.apache.nifi.security.crypto.key.pbkdf2.Pbkdf2DerivedKeyParameterSpec;
import org.apache.nifi.security.crypto.key.pbkdf2.Pbkdf2DerivedKeyProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/nifi/encrypt/StandardPropertySecretKeyProvider.class */
class StandardPropertySecretKeyProvider implements PropertySecretKeyProvider {
    private static final String SECRET_KEY_ALGORITHM = "AES";
    private static final Logger LOGGER = LoggerFactory.getLogger(StandardPropertySecretKeyProvider.class);
    private static final byte[] APPLICATION_SALT = {78, 105, 70, 105, 32, 83, 116, 97, 116, 105, 99, 32, 83, 97, 108, 116};
    private static final Argon2DerivedKeyParameterSpec ARGON2_PARAMETER_SPEC = new Argon2DerivedKeyParameterSpec(65536, 5, 8, APPLICATION_SALT);
    private static final Pbkdf2DerivedKeyParameterSpec PBKDF2_PARAMETER_SPEC = new Pbkdf2DerivedKeyParameterSpec(160000, APPLICATION_SALT);
    private static final int MINIMUM_PASSWORD_LENGTH = 12;
    private static final String PASSWORD_LENGTH_MESSAGE = String.format("Key Password length less than required [%d]", Integer.valueOf(MINIMUM_PASSWORD_LENGTH));
    private static final Argon2DerivedKeyProvider argon2DerivedKeyProvider = new Argon2DerivedKeyProvider();
    private static final Pbkdf2DerivedKeyProvider pbkdf2DerivedKeyProvider = new Pbkdf2DerivedKeyProvider();

    @Override // org.apache.nifi.encrypt.PropertySecretKeyProvider
    public SecretKey getSecretKey(PropertyEncryptionMethod propertyEncryptionMethod, String str) {
        Objects.requireNonNull(propertyEncryptionMethod, "Property Encryption Method is required");
        Objects.requireNonNull(str, "Password is required");
        if (str.length() < MINIMUM_PASSWORD_LENGTH) {
            throw new EncryptionException(PASSWORD_LENGTH_MESSAGE);
        }
        LOGGER.debug("Generating [{}-{}] Secret Key using [{}]", new Object[]{SECRET_KEY_ALGORITHM, Integer.valueOf(propertyEncryptionMethod.getKeyLength()), propertyEncryptionMethod.name()});
        return new SecretKeySpec(getDerivedKey(propertyEncryptionMethod, str).getEncoded(), SECRET_KEY_ALGORITHM);
    }

    private DerivedKey getDerivedKey(PropertyEncryptionMethod propertyEncryptionMethod, String str) {
        char[] charArray = str.toCharArray();
        int derivedKeyLength = propertyEncryptionMethod.getDerivedKeyLength();
        if (PropertyEncryptionMethod.NIFI_ARGON2_AES_GCM_256 == propertyEncryptionMethod) {
            return argon2DerivedKeyProvider.getDerivedKey(new StandardDerivedKeySpec(charArray, derivedKeyLength, SECRET_KEY_ALGORITHM, ARGON2_PARAMETER_SPEC));
        }
        if (PropertyEncryptionMethod.NIFI_PBKDF2_AES_GCM_256 == propertyEncryptionMethod) {
            return pbkdf2DerivedKeyProvider.getDerivedKey(new StandardDerivedKeySpec(charArray, derivedKeyLength, SECRET_KEY_ALGORITHM, PBKDF2_PARAMETER_SPEC));
        }
        throw new EncryptionException(String.format("Property Encryption Method [%s] not supported", propertyEncryptionMethod));
    }
}
