package com.amazonaws.services.s3.internal.crypto;

import androidx.vectordrawable.graphics.drawable.Tq.oYughlwydZJ;
import com.amazonaws.AmazonClientException;
import com.amazonaws.AmazonWebServiceRequest;
import com.amazonaws.services.kms.AWSKMSClient;
import com.amazonaws.services.kms.model.DecryptRequest;
import com.amazonaws.services.kms.model.EncryptRequest;
import com.amazonaws.services.s3.KeyWrapException;
import com.amazonaws.services.s3.model.CryptoMode;
import com.amazonaws.services.s3.model.EncryptionMaterials;
import com.amazonaws.services.s3.model.EncryptionMaterialsAccessor;
import com.amazonaws.services.s3.model.ExtraMaterialsDescription;
import com.amazonaws.services.s3.model.KMSEncryptionMaterials;
import com.amazonaws.services.s3.model.MaterialsDescriptionProvider;
import com.amazonaws.services.s3.model.ObjectMetadata;
import com.amazonaws.util.Base64;
import com.amazonaws.util.BinaryUtils;
import com.amazonaws.util.json.JsonUtils;
import java.nio.ByteBuffer;
import java.security.Key;
import java.security.Provider;
import java.security.SecureRandom;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.TreeMap;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

@Deprecated
/* loaded from: classes.dex */
final class ContentCryptoMaterial {

    /* renamed from: a, reason: collision with root package name */
    private final String f4737a;

    /* renamed from: b, reason: collision with root package name */
    private final CipherLite f4738b;

    /* renamed from: c, reason: collision with root package name */
    private final Map<String, String> f4739c;

    /* renamed from: d, reason: collision with root package name */
    private final byte[] f4740d;

    ContentCryptoMaterial(Map<String, String> map, byte[] bArr, String str, CipherLite cipherLite) {
        this.f4738b = cipherLite;
        this.f4737a = str;
        this.f4740d = (byte[]) bArr.clone();
        this.f4739c = map;
    }

    private static SecretKey a(byte[] bArr, String str, EncryptionMaterials encryptionMaterials, Provider provider, ContentCryptoScheme contentCryptoScheme, AWSKMSClient aWSKMSClient) {
        Key h10;
        if (KMSSecuredCEK.d(str)) {
            return b(bArr, str, encryptionMaterials, contentCryptoScheme, aWSKMSClient);
        }
        if (encryptionMaterials.f() != null) {
            h10 = encryptionMaterials.f().getPrivate();
            if (h10 == null) {
                throw new AmazonClientException("Key encrypting key not available");
            }
        } else {
            h10 = encryptionMaterials.h();
            if (h10 == null) {
                throw new AmazonClientException("Key encrypting key not available");
            }
        }
        try {
            if (str != null) {
                Cipher cipher = provider == null ? Cipher.getInstance(str) : Cipher.getInstance(str, provider);
                cipher.init(4, h10);
                return (SecretKey) cipher.unwrap(bArr, str, 3);
            }
            Cipher cipher2 = provider != null ? Cipher.getInstance(h10.getAlgorithm(), provider) : Cipher.getInstance(h10.getAlgorithm());
            cipher2.init(2, h10);
            return new SecretKeySpec(cipher2.doFinal(bArr), "AES");
        } catch (Exception e10) {
            throw new AmazonClientException("Unable to decrypt symmetric key from object metadata", e10);
        }
    }

    private static SecretKey b(byte[] bArr, String str, EncryptionMaterials encryptionMaterials, ContentCryptoScheme contentCryptoScheme, AWSKMSClient aWSKMSClient) {
        return new SecretKeySpec(BinaryUtils.a(aWSKMSClient.x(new DecryptRequest().u(encryptionMaterials.g()).t(ByteBuffer.wrap(bArr))).c()), contentCryptoScheme.i());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ContentCryptoMaterial c(SecretKey secretKey, byte[] bArr, EncryptionMaterials encryptionMaterials, S3CryptoScheme s3CryptoScheme, Provider provider, AWSKMSClient aWSKMSClient, AmazonWebServiceRequest amazonWebServiceRequest) {
        return d(secretKey, bArr, encryptionMaterials, s3CryptoScheme.b(), s3CryptoScheme, provider, aWSKMSClient, amazonWebServiceRequest);
    }

    private static ContentCryptoMaterial d(SecretKey secretKey, byte[] bArr, EncryptionMaterials encryptionMaterials, ContentCryptoScheme contentCryptoScheme, S3CryptoScheme s3CryptoScheme, Provider provider, AWSKMSClient aWSKMSClient, AmazonWebServiceRequest amazonWebServiceRequest) {
        return z(secretKey, bArr, contentCryptoScheme, provider, r(secretKey, encryptionMaterials, s3CryptoScheme.c(), s3CryptoScheme.d(), provider, aWSKMSClient, amazonWebServiceRequest));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ContentCryptoMaterial e(Map<String, String> map, EncryptionMaterialsAccessor encryptionMaterialsAccessor, Provider provider, long[] jArr, ExtraMaterialsDescription extraMaterialsDescription, boolean z10, AWSKMSClient aWSKMSClient) {
        return f(map, encryptionMaterialsAccessor, provider, jArr, extraMaterialsDescription, z10, aWSKMSClient);
    }

    private static ContentCryptoMaterial f(Map<String, String> map, EncryptionMaterialsAccessor encryptionMaterialsAccessor, Provider provider, long[] jArr, ExtraMaterialsDescription extraMaterialsDescription, boolean z10, AWSKMSClient aWSKMSClient) {
        EncryptionMaterials b10;
        int parseInt;
        String str = map.get("x-amz-key-v2");
        if (str == null && (str = map.get("x-amz-key")) == null) {
            throw new AmazonClientException("Content encrypting key not found.");
        }
        byte[] decode = Base64.decode(str);
        byte[] decode2 = Base64.decode(map.get("x-amz-iv"));
        if (decode == null || decode2 == null) {
            throw new AmazonClientException("Necessary encryption info not found in the instruction file " + map);
        }
        String str2 = map.get("x-amz-wrap-alg");
        boolean d10 = KMSSecuredCEK.d(str2);
        Map<String, String> o10 = o(map.get("x-amz-matdesc"));
        Map<String, String> a10 = (extraMaterialsDescription == null || d10) ? o10 : extraMaterialsDescription.a(o10);
        if (d10) {
            b10 = new KMSEncryptionMaterials(o10.get("kms_cmk_id"));
            b10.b(o10);
        } else {
            b10 = encryptionMaterialsAccessor == null ? null : encryptionMaterialsAccessor.b(a10);
            if (b10 == null) {
                throw new AmazonClientException("Unable to retrieve the encryption materials that originally encrypted object corresponding to instruction file " + map);
            }
        }
        EncryptionMaterials encryptionMaterials = b10;
        String str3 = map.get("x-amz-cek-alg");
        boolean z11 = jArr != null;
        ContentCryptoScheme e10 = ContentCryptoScheme.e(str3, z11);
        if (z11) {
            decode2 = e10.a(decode2, jArr[0]);
        } else {
            int m10 = e10.m();
            if (m10 > 0 && m10 != (parseInt = Integer.parseInt(map.get("x-amz-tag-len")))) {
                throw new AmazonClientException("Unsupported tag length: " + parseInt + ", expected: " + m10);
            }
        }
        byte[] bArr = decode2;
        if (z10 && str2 == null) {
            throw q();
        }
        return new ContentCryptoMaterial(a10, decode, str2, e10.c(a(decode, str2, encryptionMaterials, provider, e10, aWSKMSClient), bArr, 2, provider));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ContentCryptoMaterial g(ObjectMetadata objectMetadata, EncryptionMaterialsAccessor encryptionMaterialsAccessor, Provider provider, long[] jArr, ExtraMaterialsDescription extraMaterialsDescription, boolean z10, AWSKMSClient aWSKMSClient) {
        return h(objectMetadata, encryptionMaterialsAccessor, provider, jArr, extraMaterialsDescription, z10, aWSKMSClient);
    }

    private static ContentCryptoMaterial h(ObjectMetadata objectMetadata, EncryptionMaterialsAccessor encryptionMaterialsAccessor, Provider provider, long[] jArr, ExtraMaterialsDescription extraMaterialsDescription, boolean z10, AWSKMSClient aWSKMSClient) {
        EncryptionMaterials b10;
        int parseInt;
        Map<String, String> D = objectMetadata.D();
        String str = D.get("x-amz-key-v2");
        if (str == null && (str = D.get("x-amz-key")) == null) {
            throw new AmazonClientException("Content encrypting key not found.");
        }
        byte[] decode = Base64.decode(str);
        byte[] decode2 = Base64.decode(D.get("x-amz-iv"));
        if (decode == null || decode2 == null) {
            throw new AmazonClientException("Content encrypting key or IV not found.");
        }
        String str2 = D.get("x-amz-matdesc");
        String str3 = D.get("x-amz-wrap-alg");
        boolean d10 = KMSSecuredCEK.d(str3);
        Map<String, String> o10 = o(str2);
        Map<String, String> a10 = (d10 || extraMaterialsDescription == null) ? o10 : extraMaterialsDescription.a(o10);
        if (d10) {
            b10 = new KMSEncryptionMaterials(o10.get("kms_cmk_id"));
            b10.b(o10);
        } else {
            b10 = encryptionMaterialsAccessor == null ? null : encryptionMaterialsAccessor.b(a10);
            if (b10 == null) {
                throw new AmazonClientException("Unable to retrieve the client encryption materials");
            }
        }
        EncryptionMaterials encryptionMaterials = b10;
        String str4 = D.get("x-amz-cek-alg");
        boolean z11 = jArr != null;
        ContentCryptoScheme e10 = ContentCryptoScheme.e(str4, z11);
        if (z11) {
            decode2 = e10.a(decode2, jArr[0]);
        } else {
            int m10 = e10.m();
            if (m10 > 0 && m10 != (parseInt = Integer.parseInt(D.get("x-amz-tag-len")))) {
                throw new AmazonClientException("Unsupported tag length: " + parseInt + ", expected: " + m10);
            }
        }
        byte[] bArr = decode2;
        if (z10 && str3 == null) {
            throw q();
        }
        return new ContentCryptoMaterial(a10, decode, str3, e10.c(a(decode, str3, encryptionMaterials, provider, e10, aWSKMSClient), bArr, 2, provider));
    }

    private String n() {
        Map<String, String> l10 = l();
        if (l10 == null) {
            l10 = Collections.emptyMap();
        }
        return JsonUtils.f(l10);
    }

    private static Map<String, String> o(String str) {
        Map<String, String> d10 = JsonUtils.d(str);
        if (d10 == null) {
            return null;
        }
        return Collections.unmodifiableMap(d10);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    public static Map<String, String> p(EncryptionMaterials encryptionMaterials, AmazonWebServiceRequest amazonWebServiceRequest) {
        Map<String, String> a10;
        Map<String, String> g10 = encryptionMaterials.g();
        if (!(amazonWebServiceRequest instanceof MaterialsDescriptionProvider) || (a10 = ((MaterialsDescriptionProvider) amazonWebServiceRequest).a()) == null) {
            return g10;
        }
        TreeMap treeMap = new TreeMap(g10);
        treeMap.putAll(a10);
        return treeMap;
    }

    private static KeyWrapException q() {
        return new KeyWrapException("Missing key-wrap for the content-encrypting-key");
    }

    private static SecuredCEK r(SecretKey secretKey, EncryptionMaterials encryptionMaterials, S3KeyWrapScheme s3KeyWrapScheme, SecureRandom secureRandom, Provider provider, AWSKMSClient aWSKMSClient, AmazonWebServiceRequest amazonWebServiceRequest) {
        if (encryptionMaterials.i()) {
            Map<String, String> p10 = p(encryptionMaterials, amazonWebServiceRequest);
            EncryptRequest v10 = new EncryptRequest().t(p10).u(encryptionMaterials.d()).v(ByteBuffer.wrap(secretKey.getEncoded()));
            v10.m(amazonWebServiceRequest.e()).n(amazonWebServiceRequest.h());
            return new KMSSecuredCEK(BinaryUtils.a(aWSKMSClient.y(v10).a()), p10);
        }
        Map<String, String> g10 = encryptionMaterials.g();
        Key key = encryptionMaterials.f() != null ? encryptionMaterials.f().getPublic() : encryptionMaterials.h();
        String a10 = s3KeyWrapScheme.a(key, provider);
        try {
            if (a10 != null) {
                Cipher cipher = provider == null ? Cipher.getInstance(a10) : Cipher.getInstance(a10, provider);
                cipher.init(3, key, secureRandom);
                return new SecuredCEK(cipher.wrap(secretKey), a10, g10);
            }
            byte[] encoded = secretKey.getEncoded();
            String algorithm = key.getAlgorithm();
            Cipher cipher2 = provider != null ? Cipher.getInstance(algorithm, provider) : Cipher.getInstance(algorithm);
            cipher2.init(1, key);
            return new SecuredCEK(cipher2.doFinal(encoded), null, g10);
        } catch (Exception e10) {
            throw new AmazonClientException("Unable to encrypt symmetric key", e10);
        }
    }

    private String u() {
        HashMap hashMap = new HashMap();
        hashMap.put("x-amz-key", Base64.encodeAsString(k()));
        hashMap.put("x-amz-iv", Base64.encodeAsString(this.f4738b.f()));
        hashMap.put("x-amz-matdesc", n());
        return JsonUtils.f(hashMap);
    }

    private ObjectMetadata v(ObjectMetadata objectMetadata) {
        objectMetadata.m("x-amz-key-v2", Base64.encodeAsString(k()));
        objectMetadata.m("x-amz-iv", Base64.encodeAsString(this.f4738b.f()));
        objectMetadata.m("x-amz-matdesc", n());
        ContentCryptoScheme j10 = j();
        objectMetadata.m("x-amz-cek-alg", j10.g());
        int m10 = j10.m();
        if (m10 > 0) {
            objectMetadata.m("x-amz-tag-len", String.valueOf(m10));
        }
        String m11 = m();
        if (m11 != null) {
            objectMetadata.m("x-amz-wrap-alg", m11);
        }
        return objectMetadata;
    }

    private ObjectMetadata x(ObjectMetadata objectMetadata) {
        objectMetadata.m("x-amz-key", Base64.encodeAsString(k()));
        objectMetadata.m("x-amz-iv", Base64.encodeAsString(this.f4738b.f()));
        objectMetadata.m("x-amz-matdesc", n());
        return objectMetadata;
    }

    private boolean y() {
        return KMSSecuredCEK.d(this.f4737a);
    }

    public static ContentCryptoMaterial z(SecretKey secretKey, byte[] bArr, ContentCryptoScheme contentCryptoScheme, Provider provider, SecuredCEK securedCEK) {
        return new ContentCryptoMaterial(securedCEK.c(), securedCEK.a(), securedCEK.b(), contentCryptoScheme.c(secretKey, bArr, 1, provider));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CipherLite i() {
        return this.f4738b;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ContentCryptoScheme j() {
        return this.f4738b.e();
    }

    byte[] k() {
        return (byte[]) this.f4740d.clone();
    }

    Map<String, String> l() {
        return this.f4739c;
    }

    String m() {
        return this.f4737a;
    }

    String s() {
        HashMap hashMap = new HashMap();
        hashMap.put("x-amz-key-v2", Base64.encodeAsString(k()));
        hashMap.put("x-amz-iv", Base64.encodeAsString(this.f4738b.f()));
        hashMap.put("x-amz-matdesc", n());
        ContentCryptoScheme j10 = j();
        hashMap.put("x-amz-cek-alg", j10.g());
        int m10 = j10.m();
        if (m10 > 0) {
            hashMap.put("x-amz-tag-len", String.valueOf(m10));
        }
        String m11 = m();
        if (m11 != null) {
            hashMap.put(oYughlwydZJ.mseyfOX, m11);
        }
        return JsonUtils.f(hashMap);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String t(CryptoMode cryptoMode) {
        return (cryptoMode != CryptoMode.EncryptionOnly || y()) ? s() : u();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ObjectMetadata w(ObjectMetadata objectMetadata, CryptoMode cryptoMode) {
        return (cryptoMode != CryptoMode.EncryptionOnly || y()) ? v(objectMetadata) : x(objectMetadata);
    }
}
