package com.amazonaws.services.s3.internal.crypto;

import com.amazonaws.AmazonWebServiceRequest;
import com.amazonaws.services.kms.AWSKMSClient;
import com.amazonaws.services.kms.model.DecryptRequest;
import com.amazonaws.services.kms.model.EncryptRequest;
import com.amazonaws.services.s3.Headers;
import com.amazonaws.services.s3.KeyWrapException;
import com.amazonaws.services.s3.model.CryptoMode;
import com.amazonaws.services.s3.model.EncryptionMaterials;
import com.amazonaws.services.s3.model.EncryptionMaterialsAccessor;
import com.amazonaws.services.s3.model.ExtraMaterialsDescription;
import com.amazonaws.services.s3.model.KMSEncryptionMaterials;
import com.amazonaws.services.s3.model.MaterialsDescriptionProvider;
import com.amazonaws.services.s3.model.ObjectMetadata;
import com.amazonaws.services.s3.model.S3Object;
import com.amazonaws.util.Base64;
import com.amazonaws.util.BinaryUtils;
import com.amazonaws.util.StringUtils;
import com.amazonaws.util.json.JsonUtils;
import f0.C9145p;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.nio.ByteBuffer;
import java.security.Key;
import java.security.Provider;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.TreeMap;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

@Deprecated
/* loaded from: classes2.dex */
final class ContentCryptoMaterial {

    /* renamed from: a, reason: collision with root package name */
    public final String f54516a;

    /* renamed from: b, reason: collision with root package name */
    public final CipherLite f54517b;

    /* renamed from: c, reason: collision with root package name */
    public final Map<String, String> f54518c;

    /* renamed from: d, reason: collision with root package name */
    public final byte[] f54519d;

    public ContentCryptoMaterial(Map<String, String> map, byte[] bArr, String str, CipherLite cipherLite) {
        this.f54517b = cipherLite;
        this.f54516a = str;
        this.f54519d = (byte[]) bArr.clone();
        this.f54518c = map;
    }

    public static ContentCryptoMaterial G(SecretKey secretKey, byte[] bArr, ContentCryptoScheme contentCryptoScheme, Provider provider, SecuredCEK securedCEK) {
        return new ContentCryptoMaterial(securedCEK.c(), securedCEK.a(), securedCEK.b(), contentCryptoScheme.d(secretKey, bArr, 1, provider));
    }

    public static SecretKey a(byte[] bArr, String str, EncryptionMaterials encryptionMaterials, Provider provider, ContentCryptoScheme contentCryptoScheme, AWSKMSClient aWSKMSClient) {
        Key h10;
        if (KMSSecuredCEK.f54564d.equals(str)) {
            return b(bArr, str, encryptionMaterials, contentCryptoScheme, aWSKMSClient);
        }
        if (encryptionMaterials.f() != null) {
            h10 = encryptionMaterials.f().getPrivate();
            if (h10 == null) {
                throw new RuntimeException("Key encrypting key not available");
            }
        } else {
            h10 = encryptionMaterials.h();
            if (h10 == null) {
                throw new RuntimeException("Key encrypting key not available");
            }
        }
        try {
            if (str != null) {
                Cipher cipher = provider == null ? Cipher.getInstance(str) : Cipher.getInstance(str, provider);
                cipher.init(4, h10);
                return (SecretKey) cipher.unwrap(bArr, str, 3);
            }
            Cipher cipher2 = provider != null ? Cipher.getInstance(h10.getAlgorithm(), provider) : Cipher.getInstance(h10.getAlgorithm());
            cipher2.init(2, h10);
            return new SecretKeySpec(cipher2.doFinal(bArr), "AES");
        } catch (Exception e10) {
            throw new RuntimeException("Unable to decrypt symmetric key from object metadata", e10);
        }
    }

    public static SecretKey b(byte[] bArr, String str, EncryptionMaterials encryptionMaterials, ContentCryptoScheme contentCryptoScheme, AWSKMSClient aWSKMSClient) {
        DecryptRequest decryptRequest = new DecryptRequest();
        decryptRequest.f52177I0 = encryptionMaterials.g();
        decryptRequest.f52176H0 = ByteBuffer.wrap(bArr);
        return new SecretKeySpec(BinaryUtils.a(aWSKMSClient.Q1(decryptRequest).d()), contentCryptoScheme.j());
    }

    public static String c(InputStream inputStream) throws IOException {
        if (inputStream == null) {
            return "";
        }
        StringBuilder sb2 = new StringBuilder();
        try {
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream, StringUtils.f55655b));
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    inputStream.close();
                    return sb2.toString();
                }
                sb2.append(readLine);
            }
        } catch (Throwable th2) {
            inputStream.close();
            throw th2;
        }
    }

    public static ContentCryptoMaterial d(SecretKey secretKey, byte[] bArr, EncryptionMaterials encryptionMaterials, ContentCryptoScheme contentCryptoScheme, S3CryptoScheme s3CryptoScheme, Provider provider, AWSKMSClient aWSKMSClient, AmazonWebServiceRequest amazonWebServiceRequest) {
        return f(secretKey, bArr, encryptionMaterials, contentCryptoScheme, s3CryptoScheme, provider, aWSKMSClient, amazonWebServiceRequest);
    }

    public static ContentCryptoMaterial e(SecretKey secretKey, byte[] bArr, EncryptionMaterials encryptionMaterials, S3CryptoScheme s3CryptoScheme, Provider provider, AWSKMSClient aWSKMSClient, AmazonWebServiceRequest amazonWebServiceRequest) {
        return f(secretKey, bArr, encryptionMaterials, s3CryptoScheme.f54591b, s3CryptoScheme, provider, aWSKMSClient, amazonWebServiceRequest);
    }

    public static ContentCryptoMaterial f(SecretKey secretKey, byte[] bArr, EncryptionMaterials encryptionMaterials, ContentCryptoScheme contentCryptoScheme, S3CryptoScheme s3CryptoScheme, Provider provider, AWSKMSClient aWSKMSClient, AmazonWebServiceRequest amazonWebServiceRequest) {
        return G(secretKey, bArr, contentCryptoScheme, provider, y(secretKey, encryptionMaterials, s3CryptoScheme.f54590a, S3CryptoScheme.f54589e, provider, aWSKMSClient, amazonWebServiceRequest));
    }

    public static ContentCryptoMaterial g(Map<String, String> map, EncryptionMaterialsAccessor encryptionMaterialsAccessor, Provider provider, boolean z10, AWSKMSClient aWSKMSClient) {
        return i(map, encryptionMaterialsAccessor, provider, null, ExtraMaterialsDescription.f54811Z, z10, aWSKMSClient);
    }

    public static ContentCryptoMaterial h(Map<String, String> map, EncryptionMaterialsAccessor encryptionMaterialsAccessor, Provider provider, long[] jArr, ExtraMaterialsDescription extraMaterialsDescription, boolean z10, AWSKMSClient aWSKMSClient) {
        return i(map, encryptionMaterialsAccessor, provider, jArr, extraMaterialsDescription, z10, aWSKMSClient);
    }

    public static ContentCryptoMaterial i(Map<String, String> map, EncryptionMaterialsAccessor encryptionMaterialsAccessor, Provider provider, long[] jArr, ExtraMaterialsDescription extraMaterialsDescription, boolean z10, AWSKMSClient aWSKMSClient) {
        EncryptionMaterials c10;
        int parseInt;
        String str = map.get(Headers.f52624U);
        if (str == null && (str = map.get(Headers.f52623T)) == null) {
            throw new RuntimeException("Content encrypting key not found.");
        }
        byte[] decode = Base64.decode(str);
        byte[] decode2 = Base64.decode(map.get(Headers.f52625V));
        if (decode == null || decode2 == null) {
            throw new RuntimeException("Necessary encryption info not found in the instruction file " + map);
        }
        String str2 = map.get(Headers.f52635c0);
        boolean equals = KMSSecuredCEK.f54564d.equals(str2);
        Map<String, String> s10 = s(map.get(Headers.f52626W));
        Map<String, String> c11 = (extraMaterialsDescription == null || equals) ? s10 : extraMaterialsDescription.c(s10);
        if (equals) {
            c10 = new KMSEncryptionMaterials(s10.get(KMSEncryptionMaterials.f54895F0));
            c10.b(s10);
        } else {
            c10 = encryptionMaterialsAccessor == null ? null : encryptionMaterialsAccessor.c(c11);
            if (c10 == null) {
                throw new RuntimeException("Unable to retrieve the encryption materials that originally encrypted object corresponding to instruction file " + map);
            }
        }
        EncryptionMaterials encryptionMaterials = c10;
        String str3 = map.get(Headers.f52637d0);
        boolean z11 = jArr != null;
        ContentCryptoScheme f10 = ContentCryptoScheme.f(str3, z11);
        if (z11) {
            decode2 = f10.a(decode2, jArr[0]);
        } else {
            int o10 = f10.o();
            if (o10 > 0 && o10 != (parseInt = Integer.parseInt(map.get(Headers.f52639e0)))) {
                throw new RuntimeException(C9145p.a("Unsupported tag length: ", parseInt, ", expected: ", o10));
            }
        }
        byte[] bArr = decode2;
        if (z10 && str2 == null) {
            throw u();
        }
        return new ContentCryptoMaterial(c11, decode, str2, f10.d(a(decode, str2, encryptionMaterials, provider, f10, aWSKMSClient), bArr, 2, provider));
    }

    public static ContentCryptoMaterial j(ObjectMetadata objectMetadata, EncryptionMaterialsAccessor encryptionMaterialsAccessor, Provider provider, boolean z10, AWSKMSClient aWSKMSClient) {
        return l(objectMetadata, encryptionMaterialsAccessor, provider, null, ExtraMaterialsDescription.f54811Z, z10, aWSKMSClient);
    }

    public static ContentCryptoMaterial k(ObjectMetadata objectMetadata, EncryptionMaterialsAccessor encryptionMaterialsAccessor, Provider provider, long[] jArr, ExtraMaterialsDescription extraMaterialsDescription, boolean z10, AWSKMSClient aWSKMSClient) {
        return l(objectMetadata, encryptionMaterialsAccessor, provider, jArr, extraMaterialsDescription, z10, aWSKMSClient);
    }

    public static ContentCryptoMaterial l(ObjectMetadata objectMetadata, EncryptionMaterialsAccessor encryptionMaterialsAccessor, Provider provider, long[] jArr, ExtraMaterialsDescription extraMaterialsDescription, boolean z10, AWSKMSClient aWSKMSClient) {
        EncryptionMaterials c10;
        int parseInt;
        Map<String, String> O10 = objectMetadata.O();
        String str = O10.get(Headers.f52624U);
        if (str == null && (str = O10.get(Headers.f52623T)) == null) {
            throw new RuntimeException("Content encrypting key not found.");
        }
        byte[] decode = Base64.decode(str);
        byte[] decode2 = Base64.decode(O10.get(Headers.f52625V));
        if (decode == null || decode2 == null) {
            throw new RuntimeException("Content encrypting key or IV not found.");
        }
        String str2 = O10.get(Headers.f52626W);
        String str3 = O10.get(Headers.f52635c0);
        boolean equals = KMSSecuredCEK.f54564d.equals(str3);
        Map<String, String> s10 = s(str2);
        Map<String, String> c11 = (equals || extraMaterialsDescription == null) ? s10 : extraMaterialsDescription.c(s10);
        if (equals) {
            c10 = new KMSEncryptionMaterials(s10.get(KMSEncryptionMaterials.f54895F0));
            c10.b(s10);
        } else {
            c10 = encryptionMaterialsAccessor == null ? null : encryptionMaterialsAccessor.c(c11);
            if (c10 == null) {
                throw new RuntimeException("Unable to retrieve the client encryption materials");
            }
        }
        EncryptionMaterials encryptionMaterials = c10;
        String str4 = O10.get(Headers.f52637d0);
        boolean z11 = jArr != null;
        ContentCryptoScheme f10 = ContentCryptoScheme.f(str4, z11);
        if (z11) {
            decode2 = f10.a(decode2, jArr[0]);
        } else {
            int o10 = f10.o();
            if (o10 > 0 && o10 != (parseInt = Integer.parseInt(O10.get(Headers.f52639e0)))) {
                throw new RuntimeException(C9145p.a("Unsupported tag length: ", parseInt, ", expected: ", o10));
            }
        }
        byte[] bArr = decode2;
        if (z10 && str3 == null) {
            throw u();
        }
        return new ContentCryptoMaterial(c11, decode, str3, f10.d(a(decode, str3, encryptionMaterials, provider, f10, aWSKMSClient), bArr, 2, provider));
    }

    public static Map<String, String> s(String str) {
        Map<String, String> e10 = JsonUtils.e(str);
        if (e10 == null) {
            return null;
        }
        return Collections.unmodifiableMap(e10);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static Map<String, String> t(EncryptionMaterials encryptionMaterials, AmazonWebServiceRequest amazonWebServiceRequest) {
        Map<String, String> h10;
        Map<String, String> g10 = encryptionMaterials.g();
        if (!(amazonWebServiceRequest instanceof MaterialsDescriptionProvider) || (h10 = ((MaterialsDescriptionProvider) amazonWebServiceRequest).h()) == null) {
            return g10;
        }
        TreeMap treeMap = new TreeMap(g10);
        treeMap.putAll(h10);
        return treeMap;
    }

    /* JADX WARN: Type inference failed for: r0v0, types: [com.amazonaws.services.s3.KeyWrapException, java.lang.SecurityException] */
    public static KeyWrapException u() {
        return new SecurityException("Missing key-wrap for the content-encrypting-key");
    }

    public static String v(S3Object s3Object) {
        try {
            return c(s3Object.i());
        } catch (Exception e10) {
            throw new RuntimeException("Error parsing JSON instruction file", e10);
        }
    }

    public static SecuredCEK y(SecretKey secretKey, EncryptionMaterials encryptionMaterials, S3KeyWrapScheme s3KeyWrapScheme, SecureRandom secureRandom, Provider provider, AWSKMSClient aWSKMSClient, AmazonWebServiceRequest amazonWebServiceRequest) {
        if (encryptionMaterials.i()) {
            Map<String, String> t10 = t(encryptionMaterials, amazonWebServiceRequest);
            EncryptRequest encryptRequest = new EncryptRequest();
            encryptRequest.f52210J0 = t10;
            encryptRequest.f52208H0 = encryptionMaterials.d();
            encryptRequest.f52209I0 = ByteBuffer.wrap(secretKey.getEncoded());
            encryptRequest.f49276X = amazonWebServiceRequest.n();
            encryptRequest.f49278Z = amazonWebServiceRequest.q();
            return new KMSSecuredCEK(BinaryUtils.a(aWSKMSClient.n0(encryptRequest).a()), t10);
        }
        Map<String, String> g10 = encryptionMaterials.g();
        Key key = encryptionMaterials.f() != null ? encryptionMaterials.f().getPublic() : encryptionMaterials.h();
        String a10 = s3KeyWrapScheme.a(key, provider);
        try {
            if (a10 != null) {
                Cipher cipher = provider == null ? Cipher.getInstance(a10) : Cipher.getInstance(a10, provider);
                cipher.init(3, key, secureRandom);
                return new SecuredCEK(cipher.wrap(secretKey), a10, g10);
            }
            byte[] encoded = secretKey.getEncoded();
            String algorithm = key.getAlgorithm();
            Cipher cipher2 = provider != null ? Cipher.getInstance(algorithm, provider) : Cipher.getInstance(algorithm);
            cipher2.init(1, key);
            return new SecuredCEK(cipher2.doFinal(encoded), null, g10);
        } catch (Exception e10) {
            throw new RuntimeException("Unable to encrypt symmetric key", e10);
        }
    }

    public String A(CryptoMode cryptoMode) {
        return (cryptoMode != CryptoMode.EncryptionOnly || F()) ? z() : B();
    }

    public final String B() {
        HashMap hashMap = new HashMap();
        hashMap.put(Headers.f52623T, Base64.encodeAsString(o()));
        hashMap.put(Headers.f52625V, Base64.encodeAsString(this.f54517b.f54501a.getIV()));
        hashMap.put(Headers.f52626W, r());
        return JsonUtils.g(hashMap);
    }

    public final ObjectMetadata C(ObjectMetadata objectMetadata) {
        objectMetadata.r(Headers.f52624U, Base64.encodeAsString(o()));
        objectMetadata.r(Headers.f52625V, Base64.encodeAsString(this.f54517b.f54501a.getIV()));
        objectMetadata.r(Headers.f52626W, r());
        ContentCryptoScheme contentCryptoScheme = this.f54517b.f54502b;
        objectMetadata.r(Headers.f52637d0, contentCryptoScheme.h());
        int o10 = contentCryptoScheme.o();
        if (o10 > 0) {
            objectMetadata.r(Headers.f52639e0, String.valueOf(o10));
        }
        String str = this.f54516a;
        if (str != null) {
            objectMetadata.r(Headers.f52635c0, str);
        }
        return objectMetadata;
    }

    public ObjectMetadata D(ObjectMetadata objectMetadata, CryptoMode cryptoMode) {
        if (cryptoMode != CryptoMode.EncryptionOnly || F()) {
            C(objectMetadata);
        } else {
            E(objectMetadata);
        }
        return objectMetadata;
    }

    public final ObjectMetadata E(ObjectMetadata objectMetadata) {
        objectMetadata.r(Headers.f52623T, Base64.encodeAsString(o()));
        objectMetadata.r(Headers.f52625V, Base64.encodeAsString(this.f54517b.f54501a.getIV()));
        objectMetadata.r(Headers.f52626W, r());
        return objectMetadata;
    }

    public final boolean F() {
        return KMSSecuredCEK.f54564d.equals(this.f54516a);
    }

    public CipherLite m() {
        return this.f54517b;
    }

    public ContentCryptoScheme n() {
        return this.f54517b.f54502b;
    }

    public byte[] o() {
        return (byte[]) this.f54519d.clone();
    }

    public Map<String, String> p() {
        return this.f54518c;
    }

    public String q() {
        return this.f54516a;
    }

    public final String r() {
        Map<String, String> map = this.f54518c;
        if (map == null) {
            map = Collections.emptyMap();
        }
        return JsonUtils.g(map);
    }

    public ContentCryptoMaterial w(EncryptionMaterials encryptionMaterials, EncryptionMaterialsAccessor encryptionMaterialsAccessor, S3CryptoScheme s3CryptoScheme, Provider provider, AWSKMSClient aWSKMSClient, AmazonWebServiceRequest amazonWebServiceRequest) {
        if (!F() && encryptionMaterials.g().equals(this.f54518c)) {
            throw new SecurityException("Material description of the new KEK must differ from the current one");
        }
        ContentCryptoMaterial f10 = f(a(this.f54519d, this.f54516a, F() ? new KMSEncryptionMaterials(this.f54518c.get(KMSEncryptionMaterials.f54895F0)) : encryptionMaterialsAccessor.c(this.f54518c), provider, this.f54517b.f54502b, aWSKMSClient), this.f54517b.f54501a.getIV(), encryptionMaterials, this.f54517b.f54502b, s3CryptoScheme, provider, aWSKMSClient, amazonWebServiceRequest);
        if (Arrays.equals(f10.f54519d, this.f54519d)) {
            throw new SecurityException("The new KEK must differ from the original");
        }
        return f10;
    }

    public ContentCryptoMaterial x(Map<String, String> map, EncryptionMaterialsAccessor encryptionMaterialsAccessor, S3CryptoScheme s3CryptoScheme, Provider provider, AWSKMSClient aWSKMSClient, AmazonWebServiceRequest amazonWebServiceRequest) {
        if (!F() && map.equals(this.f54518c)) {
            throw new SecurityException("Material description of the new KEK must differ from the current one");
        }
        EncryptionMaterials kMSEncryptionMaterials = F() ? new KMSEncryptionMaterials(this.f54518c.get(KMSEncryptionMaterials.f54895F0)) : encryptionMaterialsAccessor.c(this.f54518c);
        EncryptionMaterials c10 = encryptionMaterialsAccessor.c(map);
        if (c10 != null) {
            ContentCryptoMaterial f10 = f(a(this.f54519d, this.f54516a, kMSEncryptionMaterials, provider, this.f54517b.f54502b, aWSKMSClient), this.f54517b.f54501a.getIV(), c10, this.f54517b.f54502b, s3CryptoScheme, provider, aWSKMSClient, amazonWebServiceRequest);
            if (Arrays.equals(f10.f54519d, this.f54519d)) {
                throw new SecurityException("The new KEK must differ from the original");
            }
            return f10;
        }
        throw new RuntimeException("No material available with the description " + map + " from the encryption material provider");
    }

    public String z() {
        HashMap hashMap = new HashMap();
        hashMap.put(Headers.f52624U, Base64.encodeAsString(o()));
        hashMap.put(Headers.f52625V, Base64.encodeAsString(this.f54517b.f54501a.getIV()));
        hashMap.put(Headers.f52626W, r());
        ContentCryptoScheme contentCryptoScheme = this.f54517b.f54502b;
        hashMap.put(Headers.f52637d0, contentCryptoScheme.h());
        int o10 = contentCryptoScheme.o();
        if (o10 > 0) {
            hashMap.put(Headers.f52639e0, String.valueOf(o10));
        }
        String str = this.f54516a;
        if (str != null) {
            hashMap.put(Headers.f52635c0, str);
        }
        return JsonUtils.g(hashMap);
    }
}
