package com.amazonaws.services.s3.internal.crypto;

import com.amazonaws.AmazonClientException;
import com.amazonaws.AmazonServiceException;
import com.amazonaws.AmazonWebServiceRequest;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.internal.ReleasableInputStream;
import com.amazonaws.internal.ResettableInputStream;
import com.amazonaws.logging.Log;
import com.amazonaws.logging.LogFactory;
import com.amazonaws.services.kms.AWSKMSClient;
import com.amazonaws.services.kms.model.GenerateDataKeyRequest;
import com.amazonaws.services.kms.model.GenerateDataKeyResult;
import com.amazonaws.services.s3.AmazonS3EncryptionClient;
import com.amazonaws.services.s3.internal.S3Direct;
import com.amazonaws.services.s3.model.AbstractPutObjectRequest;
import com.amazonaws.services.s3.model.CryptoConfiguration;
import com.amazonaws.services.s3.model.CryptoStorageMode;
import com.amazonaws.services.s3.model.EncryptionMaterials;
import com.amazonaws.services.s3.model.EncryptionMaterialsFactory;
import com.amazonaws.services.s3.model.EncryptionMaterialsProvider;
import com.amazonaws.services.s3.model.GetObjectRequest;
import com.amazonaws.services.s3.model.MaterialsDescriptionProvider;
import com.amazonaws.services.s3.model.ObjectMetadata;
import com.amazonaws.services.s3.model.PutObjectRequest;
import com.amazonaws.services.s3.model.PutObjectResult;
import com.amazonaws.services.s3.model.S3DataSource;
import com.amazonaws.services.s3.model.S3Object;
import com.amazonaws.services.s3.model.S3ObjectId;
import com.amazonaws.services.s3.util.Mimetypes;
import com.amazonaws.util.BinaryUtils;
import com.amazonaws.util.LengthCheckInputStream;
import com.amazonaws.util.StringUtils;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FilterInputStream;
import java.io.InputStream;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

@Deprecated
/* loaded from: classes.dex */
public abstract class S3CryptoModuleBase<T> extends S3CryptoModule<T> {

    /* renamed from: a, reason: collision with root package name */
    protected final EncryptionMaterialsProvider f4760a;

    /* renamed from: c, reason: collision with root package name */
    protected final S3CryptoScheme f4762c;

    /* renamed from: d, reason: collision with root package name */
    protected final ContentCryptoScheme f4763d;

    /* renamed from: e, reason: collision with root package name */
    protected final CryptoConfiguration f4764e;

    /* renamed from: g, reason: collision with root package name */
    protected final S3Direct f4766g;

    /* renamed from: h, reason: collision with root package name */
    protected final AWSKMSClient f4767h;

    /* renamed from: b, reason: collision with root package name */
    protected final Log f4761b = LogFactory.b(getClass());

    /* renamed from: f, reason: collision with root package name */
    protected final Map<String, T> f4765f = Collections.synchronizedMap(new HashMap());

    /* JADX INFO: Access modifiers changed from: protected */
    public S3CryptoModuleBase(AWSKMSClient aWSKMSClient, S3Direct s3Direct, AWSCredentialsProvider aWSCredentialsProvider, EncryptionMaterialsProvider encryptionMaterialsProvider, CryptoConfiguration cryptoConfiguration) {
        if (!cryptoConfiguration.h()) {
            throw new IllegalArgumentException("The crypto configuration parameter is required to be read-only");
        }
        this.f4760a = encryptionMaterialsProvider;
        this.f4766g = s3Direct;
        this.f4764e = cryptoConfiguration;
        S3CryptoScheme a10 = S3CryptoScheme.a(cryptoConfiguration.d());
        this.f4762c = a10;
        this.f4763d = a10.b();
        this.f4767h = aWSKMSClient;
    }

    private ContentCryptoMaterial d(EncryptionMaterials encryptionMaterials, Provider provider, AmazonWebServiceRequest amazonWebServiceRequest) {
        byte[] bArr = new byte[this.f4763d.h()];
        this.f4762c.d().nextBytes(bArr);
        if (!encryptionMaterials.i()) {
            return ContentCryptoMaterial.c(i(encryptionMaterials, provider), bArr, encryptionMaterials, this.f4762c, provider, this.f4767h, amazonWebServiceRequest);
        }
        Map<String, String> p10 = ContentCryptoMaterial.p(encryptionMaterials, amazonWebServiceRequest);
        GenerateDataKeyRequest v10 = new GenerateDataKeyRequest().t(p10).u(encryptionMaterials.d()).v(this.f4763d.k());
        v10.m(amazonWebServiceRequest.e()).n(amazonWebServiceRequest.h());
        GenerateDataKeyResult z10 = this.f4767h.z(v10);
        return ContentCryptoMaterial.z(new SecretKeySpec(BinaryUtils.a(z10.c()), this.f4763d.i()), bArr, this.f4763d, provider, new KMSSecuredCEK(BinaryUtils.a(z10.a()), p10));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long[] j(long[] jArr) {
        if (jArr == null || jArr[0] > jArr[1]) {
            return null;
        }
        return new long[]{k(jArr[0]), l(jArr[1])};
    }

    private static long k(long j10) {
        long j11 = (j10 - (j10 % 16)) - 16;
        if (j11 < 0) {
            return 0L;
        }
        return j11;
    }

    private static long l(long j10) {
        long j11 = j10 + (16 - (j10 % 16)) + 16;
        if (j11 < 0) {
            return Long.MAX_VALUE;
        }
        return j11;
    }

    private ContentCryptoMaterial m(EncryptionMaterialsProvider encryptionMaterialsProvider, Provider provider, AmazonWebServiceRequest amazonWebServiceRequest) {
        EncryptionMaterials a10 = encryptionMaterialsProvider.a();
        if (a10 != null) {
            return d(a10, provider, amazonWebServiceRequest);
        }
        throw new AmazonClientException("No material available from the encryption material provider");
    }

    private ContentCryptoMaterial n(EncryptionMaterialsProvider encryptionMaterialsProvider, Map<String, String> map, Provider provider, AmazonWebServiceRequest amazonWebServiceRequest) {
        EncryptionMaterials b10 = encryptionMaterialsProvider.b(map);
        if (b10 == null) {
            return null;
        }
        return d(b10, provider, amazonWebServiceRequest);
    }

    private CipherLiteInputStream o(AbstractPutObjectRequest abstractPutObjectRequest, ContentCryptoMaterial contentCryptoMaterial, long j10) {
        File t10 = abstractPutObjectRequest.t();
        InputStream u10 = abstractPutObjectRequest.u();
        FilterInputStream filterInputStream = null;
        try {
            if (t10 != null) {
                filterInputStream = new ResettableInputStream(t10);
            } else if (u10 != null) {
                filterInputStream = ReleasableInputStream.j(u10);
            }
            if (j10 > -1) {
                filterInputStream = new LengthCheckInputStream(filterInputStream, j10, false);
            }
            CipherLite i10 = contentCryptoMaterial.i();
            return i10.h() ? new CipherLiteInputStream(filterInputStream, i10, 2048) : new RenewableCipherLiteInputStream(filterInputStream, i10, 2048);
        } catch (Exception e10) {
            S3DataSource.Utils.cleanupDataSource(abstractPutObjectRequest, t10, u10, null, this.f4761b);
            throw new AmazonClientException("Unable to create cipher input stream", e10);
        }
    }

    private PutObjectResult q(PutObjectRequest putObjectRequest) {
        File t10 = putObjectRequest.t();
        InputStream u10 = putObjectRequest.u();
        PutObjectRequest P = putObjectRequest.clone().Z(null).P(null);
        P.G(P.v() + ".instruction");
        ContentCryptoMaterial f10 = f(putObjectRequest);
        PutObjectRequest putObjectRequest2 = (PutObjectRequest) v(putObjectRequest, f10);
        try {
            PutObjectResult b10 = this.f4766g.b(putObjectRequest2);
            S3DataSource.Utils.cleanupDataSource(putObjectRequest, t10, u10, putObjectRequest2.u(), this.f4761b);
            this.f4766g.b(t(P, f10));
            return b10;
        } catch (Throwable th) {
            S3DataSource.Utils.cleanupDataSource(putObjectRequest, t10, u10, putObjectRequest2.u(), this.f4761b);
            throw th;
        }
    }

    private PutObjectResult r(PutObjectRequest putObjectRequest) {
        ContentCryptoMaterial f10 = f(putObjectRequest);
        File t10 = putObjectRequest.t();
        InputStream u10 = putObjectRequest.u();
        PutObjectRequest putObjectRequest2 = (PutObjectRequest) v(putObjectRequest, f10);
        putObjectRequest.H(u(putObjectRequest.w(), putObjectRequest.t(), f10));
        try {
            return this.f4766g.b(putObjectRequest2);
        } finally {
            S3DataSource.Utils.cleanupDataSource(putObjectRequest, t10, u10, putObjectRequest2.u(), this.f4761b);
        }
    }

    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModule
    public PutObjectResult b(PutObjectRequest putObjectRequest) {
        c(putObjectRequest, AmazonS3EncryptionClient.f4674z);
        return this.f4764e.f() == CryptoStorageMode.InstructionFile ? q(putObjectRequest) : r(putObjectRequest);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final <X extends AmazonWebServiceRequest> X c(X x10, String str) {
        x10.f().a(str);
        return x10;
    }

    protected abstract long e(long j10);

    /* JADX WARN: Multi-variable type inference failed */
    protected final ContentCryptoMaterial f(AmazonWebServiceRequest amazonWebServiceRequest) {
        EncryptionMaterials a10;
        if ((amazonWebServiceRequest instanceof EncryptionMaterialsFactory) && (a10 = ((EncryptionMaterialsFactory) amazonWebServiceRequest).a()) != null) {
            return d(a10, this.f4764e.e(), amazonWebServiceRequest);
        }
        if (amazonWebServiceRequest instanceof MaterialsDescriptionProvider) {
            Map<String, String> a11 = ((MaterialsDescriptionProvider) amazonWebServiceRequest).a();
            ContentCryptoMaterial n10 = n(this.f4760a, a11, this.f4764e.e(), amazonWebServiceRequest);
            if (n10 != null) {
                return n10;
            }
            if (a11 != null && !this.f4760a.a().i()) {
                throw new AmazonClientException("No material available from the encryption material provider for description " + a11);
            }
        }
        return m(this.f4760a, this.f4764e.e(), amazonWebServiceRequest);
    }

    final GetObjectRequest g(S3ObjectId s3ObjectId, String str) {
        return new GetObjectRequest(s3ObjectId.e(str));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final S3ObjectWrapper h(S3ObjectId s3ObjectId, String str) {
        try {
            S3Object a10 = this.f4766g.a(g(s3ObjectId, str));
            if (a10 == null) {
                return null;
            }
            return new S3ObjectWrapper(a10, s3ObjectId);
        } catch (AmazonServiceException e10) {
            if (this.f4761b.isDebugEnabled()) {
                this.f4761b.debug("Unable to retrieve instruction file : " + e10.getMessage());
            }
            return null;
        }
    }

    protected final SecretKey i(EncryptionMaterials encryptionMaterials, Provider provider) {
        boolean z10;
        String i10 = this.f4763d.i();
        try {
            KeyGenerator keyGenerator = provider == null ? KeyGenerator.getInstance(i10) : KeyGenerator.getInstance(i10, provider);
            keyGenerator.init(this.f4763d.j(), this.f4762c.d());
            KeyPair f10 = encryptionMaterials.f();
            if (f10 == null || this.f4762c.c().a(f10.getPublic(), provider) != null) {
                z10 = false;
            } else {
                Provider provider2 = keyGenerator.getProvider();
                z10 = BouncyCastleProvider.PROVIDER_NAME.equals(provider2 == null ? null : provider2.getName());
            }
            SecretKey generateKey = keyGenerator.generateKey();
            if (z10 && generateKey.getEncoded()[0] == 0) {
                for (int i11 = 0; i11 < 9; i11++) {
                    SecretKey generateKey2 = keyGenerator.generateKey();
                    if (generateKey2.getEncoded()[0] != 0) {
                        return generateKey2;
                    }
                }
                throw new AmazonClientException("Failed to generate secret key");
            }
            return generateKey;
        } catch (NoSuchAlgorithmException e10) {
            throw new AmazonClientException("Unable to generate envelope symmetric key:" + e10.getMessage(), e10);
        }
    }

    protected final long p(AbstractPutObjectRequest abstractPutObjectRequest, ObjectMetadata objectMetadata) {
        if (abstractPutObjectRequest.t() != null) {
            return abstractPutObjectRequest.t().length();
        }
        if (abstractPutObjectRequest.u() == null || objectMetadata.A("Content-Length") == null) {
            return -1L;
        }
        return objectMetadata.q();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void s(ContentCryptoMaterial contentCryptoMaterial, S3ObjectWrapper s3ObjectWrapper) {
    }

    protected final PutObjectRequest t(PutObjectRequest putObjectRequest, ContentCryptoMaterial contentCryptoMaterial) {
        byte[] bytes = contentCryptoMaterial.t(this.f4764e.d()).getBytes(StringUtils.f5259a);
        ObjectMetadata w10 = putObjectRequest.w();
        if (w10 == null) {
            w10 = new ObjectMetadata();
            putObjectRequest.H(w10);
        }
        w10.G(bytes.length);
        w10.m("x-amz-crypto-instr-file", "");
        putObjectRequest.H(w10);
        putObjectRequest.b(new ByteArrayInputStream(bytes));
        return putObjectRequest;
    }

    protected final ObjectMetadata u(ObjectMetadata objectMetadata, File file, ContentCryptoMaterial contentCryptoMaterial) {
        if (objectMetadata == null) {
            objectMetadata = new ObjectMetadata();
        }
        if (file != null) {
            objectMetadata.I(Mimetypes.a().b(file));
        }
        return contentCryptoMaterial.w(objectMetadata, this.f4764e.d());
    }

    protected final <R extends AbstractPutObjectRequest> R v(R r10, ContentCryptoMaterial contentCryptoMaterial) {
        ObjectMetadata w10 = r10.w();
        if (w10 == null) {
            w10 = new ObjectMetadata();
        }
        if (w10.r() != null) {
            w10.m("x-amz-unencrypted-content-md5", w10.r());
        }
        w10.H(null);
        long p10 = p(r10, w10);
        if (p10 >= 0) {
            w10.m("x-amz-unencrypted-content-length", Long.toString(p10));
            w10.G(e(p10));
        }
        r10.H(w10);
        r10.b(o(r10, contentCryptoMaterial, p10));
        r10.a(null);
        return r10;
    }
}
