package com.amazonaws.services.s3.internal.crypto;

import com.amazonaws.AmazonClientException;
import com.amazonaws.AmazonServiceException;
import com.amazonaws.AmazonWebServiceRequest;
import com.amazonaws.internal.ReleasableInputStream;
import com.amazonaws.internal.ResettableInputStream;
import com.amazonaws.internal.SdkFilterInputStream;
import com.amazonaws.logging.Log;
import com.amazonaws.services.kms.AWSKMSClient;
import com.amazonaws.services.kms.model.GenerateDataKeyRequest;
import com.amazonaws.services.kms.model.GenerateDataKeyResult;
import com.amazonaws.services.s3.AmazonS3EncryptionClient;
import com.amazonaws.services.s3.internal.InputSubstream;
import com.amazonaws.services.s3.internal.S3Direct;
import com.amazonaws.services.s3.internal.crypto.MultipartUploadCryptoContext;
import com.amazonaws.services.s3.model.AbortMultipartUploadRequest;
import com.amazonaws.services.s3.model.AbstractPutObjectRequest;
import com.amazonaws.services.s3.model.CompleteMultipartUploadRequest;
import com.amazonaws.services.s3.model.CompleteMultipartUploadResult;
import com.amazonaws.services.s3.model.CryptoConfiguration;
import com.amazonaws.services.s3.model.CryptoStorageMode;
import com.amazonaws.services.s3.model.EncryptionMaterials;
import com.amazonaws.services.s3.model.EncryptionMaterialsFactory;
import com.amazonaws.services.s3.model.EncryptionMaterialsProvider;
import com.amazonaws.services.s3.model.GetObjectRequest;
import com.amazonaws.services.s3.model.InitiateMultipartUploadRequest;
import com.amazonaws.services.s3.model.InitiateMultipartUploadResult;
import com.amazonaws.services.s3.model.InstructionFileId;
import com.amazonaws.services.s3.model.MaterialsDescriptionProvider;
import com.amazonaws.services.s3.model.ObjectMetadata;
import com.amazonaws.services.s3.model.PutObjectRequest;
import com.amazonaws.services.s3.model.PutObjectResult;
import com.amazonaws.services.s3.model.S3DataSource;
import com.amazonaws.services.s3.model.S3Object;
import com.amazonaws.services.s3.model.S3ObjectId;
import com.amazonaws.services.s3.model.UploadPartRequest;
import com.amazonaws.services.s3.model.UploadPartResult;
import com.amazonaws.services.s3.util.Mimetypes;
import com.amazonaws.util.BinaryUtils;
import com.amazonaws.util.LengthCheckInputStream;
import com.amazonaws.util.StringUtils;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FilterInputStream;
import java.io.InputStream;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.util.Map;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

@Deprecated
/* loaded from: classes.dex */
public abstract class S3CryptoModuleBase<T extends MultipartUploadCryptoContext> extends S3CryptoModule<T> {

    /* renamed from: a, reason: collision with root package name */
    protected final EncryptionMaterialsProvider f5715a;

    /* renamed from: b, reason: collision with root package name */
    protected final Log f5716b;

    /* renamed from: c, reason: collision with root package name */
    protected final S3CryptoScheme f5717c;

    /* renamed from: d, reason: collision with root package name */
    protected final ContentCryptoScheme f5718d;

    /* renamed from: e, reason: collision with root package name */
    protected final CryptoConfiguration f5719e;

    /* renamed from: f, reason: collision with root package name */
    protected final Map f5720f;

    /* renamed from: g, reason: collision with root package name */
    protected final S3Direct f5721g;

    /* renamed from: h, reason: collision with root package name */
    protected final AWSKMSClient f5722h;

    private PutObjectResult A(PutObjectRequest putObjectRequest) {
        ContentCryptoMaterial l10 = l(putObjectRequest);
        File x10 = putObjectRequest.x();
        InputStream y10 = putObjectRequest.y();
        PutObjectRequest putObjectRequest2 = (PutObjectRequest) G(putObjectRequest, l10);
        putObjectRequest.L(D(putObjectRequest.A(), putObjectRequest.x(), l10));
        try {
            return this.f5721g.f(putObjectRequest2);
        } finally {
            S3DataSource.Utils.cleanupDataSource(putObjectRequest, x10, y10, putObjectRequest2.y(), this.f5716b);
        }
    }

    private ContentCryptoMaterial h(EncryptionMaterials encryptionMaterials, Provider provider, AmazonWebServiceRequest amazonWebServiceRequest) {
        byte[] bArr = new byte[this.f5718d.h()];
        this.f5717c.c().nextBytes(bArr);
        if (!encryptionMaterials.i()) {
            return ContentCryptoMaterial.c(p(encryptionMaterials, provider), bArr, encryptionMaterials, this.f5717c, provider, this.f5722h, amazonWebServiceRequest);
        }
        Map p10 = ContentCryptoMaterial.p(encryptionMaterials, amazonWebServiceRequest);
        GenerateDataKeyRequest C = new GenerateDataKeyRequest().z(p10).A(encryptionMaterials.d()).C(this.f5718d.k());
        C.p(amazonWebServiceRequest.i()).r(amazonWebServiceRequest.l());
        GenerateDataKeyResult R = this.f5722h.R(C);
        return ContentCryptoMaterial.z(new SecretKeySpec(BinaryUtils.a(R.d()), this.f5718d.i()), bArr, this.f5718d, provider, new KMSSecuredCEK(BinaryUtils.a(R.a()), p10));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long[] q(long[] jArr) {
        if (jArr == null) {
            return null;
        }
        long j10 = jArr[0];
        if (j10 > jArr[1]) {
            return null;
        }
        return new long[]{r(j10), s(jArr[1])};
    }

    private static long r(long j10) {
        long j11 = (j10 - (j10 % 16)) - 16;
        if (j11 < 0) {
            return 0L;
        }
        return j11;
    }

    private static long s(long j10) {
        long j11 = j10 + (16 - (j10 % 16)) + 16;
        if (j11 < 0) {
            return Long.MAX_VALUE;
        }
        return j11;
    }

    private ContentCryptoMaterial t(EncryptionMaterialsProvider encryptionMaterialsProvider, Provider provider, AmazonWebServiceRequest amazonWebServiceRequest) {
        EncryptionMaterials a10 = encryptionMaterialsProvider.a();
        if (a10 != null) {
            return h(a10, provider, amazonWebServiceRequest);
        }
        throw new AmazonClientException("No material available from the encryption material provider");
    }

    private ContentCryptoMaterial u(EncryptionMaterialsProvider encryptionMaterialsProvider, Map map, Provider provider, AmazonWebServiceRequest amazonWebServiceRequest) {
        EncryptionMaterials b10 = encryptionMaterialsProvider.b(map);
        if (b10 == null) {
            return null;
        }
        return h(b10, provider, amazonWebServiceRequest);
    }

    private CipherLiteInputStream w(AbstractPutObjectRequest abstractPutObjectRequest, ContentCryptoMaterial contentCryptoMaterial, long j10) {
        File x10 = abstractPutObjectRequest.x();
        InputStream y10 = abstractPutObjectRequest.y();
        FilterInputStream filterInputStream = null;
        try {
            if (x10 != null) {
                filterInputStream = new ResettableInputStream(x10);
            } else if (y10 != null) {
                filterInputStream = ReleasableInputStream.e(y10);
            }
            if (j10 > -1) {
                filterInputStream = new LengthCheckInputStream(filterInputStream, j10, false);
            }
            CipherLite i10 = contentCryptoMaterial.i();
            return i10.i() ? new CipherLiteInputStream(filterInputStream, i10, 2048) : new RenewableCipherLiteInputStream(filterInputStream, i10, 2048);
        } catch (Exception e10) {
            S3DataSource.Utils.cleanupDataSource(abstractPutObjectRequest, x10, y10, null, this.f5716b);
            throw new AmazonClientException("Unable to create cipher input stream", e10);
        }
    }

    private PutObjectResult z(PutObjectRequest putObjectRequest) {
        File x10 = putObjectRequest.x();
        InputStream y10 = putObjectRequest.y();
        PutObjectRequest W = putObjectRequest.clone().i0(null).W(null);
        W.K(W.z() + ".instruction");
        ContentCryptoMaterial l10 = l(putObjectRequest);
        PutObjectRequest putObjectRequest2 = (PutObjectRequest) G(putObjectRequest, l10);
        try {
            PutObjectResult f10 = this.f5721g.f(putObjectRequest2);
            S3DataSource.Utils.cleanupDataSource(putObjectRequest, x10, y10, putObjectRequest2.y(), this.f5716b);
            this.f5721g.f(C(W, l10));
            return f10;
        } catch (Throwable th) {
            S3DataSource.Utils.cleanupDataSource(putObjectRequest, x10, y10, putObjectRequest2.y(), this.f5716b);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void B(ContentCryptoMaterial contentCryptoMaterial, S3ObjectWrapper s3ObjectWrapper) {
    }

    protected final PutObjectRequest C(PutObjectRequest putObjectRequest, ContentCryptoMaterial contentCryptoMaterial) {
        byte[] bytes = contentCryptoMaterial.t(this.f5719e.c()).getBytes(StringUtils.f6409a);
        ObjectMetadata A = putObjectRequest.A();
        if (A == null) {
            A = new ObjectMetadata();
            putObjectRequest.L(A);
        }
        A.N(bytes.length);
        A.k("x-amz-crypto-instr-file", "");
        putObjectRequest.L(A);
        putObjectRequest.f(new ByteArrayInputStream(bytes));
        return putObjectRequest;
    }

    protected final ObjectMetadata D(ObjectMetadata objectMetadata, File file, ContentCryptoMaterial contentCryptoMaterial) {
        if (objectMetadata == null) {
            objectMetadata = new ObjectMetadata();
        }
        if (file != null) {
            objectMetadata.Q(Mimetypes.a().b(file));
        }
        return contentCryptoMaterial.w(objectMetadata, this.f5719e.c());
    }

    abstract void E(MultipartUploadCryptoContext multipartUploadCryptoContext, SdkFilterInputStream sdkFilterInputStream);

    abstract SdkFilterInputStream F(CipherLiteInputStream cipherLiteInputStream, long j10);

    protected final AbstractPutObjectRequest G(AbstractPutObjectRequest abstractPutObjectRequest, ContentCryptoMaterial contentCryptoMaterial) {
        ObjectMetadata A = abstractPutObjectRequest.A();
        if (A == null) {
            A = new ObjectMetadata();
        }
        if (A.r() != null) {
            A.k("x-amz-unencrypted-content-md5", A.r());
        }
        A.O(null);
        long y10 = y(abstractPutObjectRequest, A);
        if (y10 >= 0) {
            A.k("x-amz-unencrypted-content-length", Long.toString(y10));
            A.N(j(y10));
        }
        abstractPutObjectRequest.L(A);
        abstractPutObjectRequest.f(w(abstractPutObjectRequest, contentCryptoMaterial, y10));
        abstractPutObjectRequest.c(null);
        return abstractPutObjectRequest;
    }

    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModule
    public final void a(AbortMultipartUploadRequest abortMultipartUploadRequest) {
        this.f5721g.d(abortMultipartUploadRequest);
        this.f5720f.remove(abortMultipartUploadRequest.u());
    }

    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModule
    public CompleteMultipartUploadResult b(CompleteMultipartUploadRequest completeMultipartUploadRequest) {
        g(completeMultipartUploadRequest, AmazonS3EncryptionClient.f5527x);
        String v10 = completeMultipartUploadRequest.v();
        MultipartUploadCryptoContext multipartUploadCryptoContext = (MultipartUploadCryptoContext) this.f5720f.get(v10);
        if (multipartUploadCryptoContext != null && !multipartUploadCryptoContext.c()) {
            throw new AmazonClientException("Unable to complete an encrypted multipart upload without being told which part was the last.  Without knowing which part was the last, the encrypted data in Amazon S3 is incomplete and corrupt.");
        }
        CompleteMultipartUploadResult o10 = this.f5721g.o(completeMultipartUploadRequest);
        if (multipartUploadCryptoContext != null && this.f5719e.g() == CryptoStorageMode.InstructionFile) {
            this.f5721g.f(n(multipartUploadCryptoContext.a(), multipartUploadCryptoContext.b(), multipartUploadCryptoContext.i()));
        }
        this.f5720f.remove(v10);
        return o10;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModule
    public InitiateMultipartUploadResult d(InitiateMultipartUploadRequest initiateMultipartUploadRequest) {
        g(initiateMultipartUploadRequest, AmazonS3EncryptionClient.f5527x);
        ContentCryptoMaterial l10 = l(initiateMultipartUploadRequest);
        if (this.f5719e.g() == CryptoStorageMode.ObjectMetadata) {
            ObjectMetadata w10 = initiateMultipartUploadRequest.w();
            if (w10 == null) {
                w10 = new ObjectMetadata();
            }
            initiateMultipartUploadRequest.E(D(w10, null, l10));
        }
        InitiateMultipartUploadResult u10 = this.f5721g.u(initiateMultipartUploadRequest);
        MultipartUploadCryptoContext x10 = x(initiateMultipartUploadRequest, l10);
        if (initiateMultipartUploadRequest instanceof MaterialsDescriptionProvider) {
            x10.e(((MaterialsDescriptionProvider) initiateMultipartUploadRequest).b());
        }
        this.f5720f.put(u10.d(), x10);
        return u10;
    }

    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModule
    public PutObjectResult e(PutObjectRequest putObjectRequest) {
        g(putObjectRequest, AmazonS3EncryptionClient.f5527x);
        return this.f5719e.g() == CryptoStorageMode.InstructionFile ? z(putObjectRequest) : A(putObjectRequest);
    }

    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModule
    public UploadPartResult f(UploadPartRequest uploadPartRequest) {
        g(uploadPartRequest, AmazonS3EncryptionClient.f5527x);
        int f10 = this.f5718d.f();
        boolean G = uploadPartRequest.G();
        String E = uploadPartRequest.E();
        long C = uploadPartRequest.C();
        boolean z10 = 0 == C % ((long) f10);
        if (!G && !z10) {
            throw new AmazonClientException("Invalid part size: part sizes for encrypted multipart uploads must be multiples of the cipher block size (" + f10 + ") with the exception of the last part.");
        }
        MultipartUploadCryptoContext multipartUploadCryptoContext = (MultipartUploadCryptoContext) this.f5720f.get(E);
        if (multipartUploadCryptoContext == null) {
            throw new AmazonClientException("No client-side information available on upload ID " + E);
        }
        multipartUploadCryptoContext.f(uploadPartRequest.A());
        CipherLite i10 = i(multipartUploadCryptoContext);
        File t10 = uploadPartRequest.t();
        InputStream w10 = uploadPartRequest.w();
        CipherLiteInputStream cipherLiteInputStream = null;
        try {
            CipherLiteInputStream v10 = v(uploadPartRequest, i10);
            try {
                SdkFilterInputStream F = F(v10, C);
                uploadPartRequest.f(F);
                uploadPartRequest.c(null);
                uploadPartRequest.I(0L);
                if (G) {
                    long k10 = k(uploadPartRequest);
                    if (k10 > -1) {
                        uploadPartRequest.L(k10);
                    }
                    if (multipartUploadCryptoContext.c()) {
                        throw new AmazonClientException("This part was specified as the last part in a multipart upload, but a previous part was already marked as the last part.  Only the last part of the upload should be marked as the last part.");
                    }
                }
                UploadPartResult b10 = this.f5721g.b(uploadPartRequest);
                S3DataSource.Utils.cleanupDataSource(uploadPartRequest, t10, w10, F, this.f5716b);
                multipartUploadCryptoContext.g();
                if (G) {
                    multipartUploadCryptoContext.d(true);
                }
                E(multipartUploadCryptoContext, F);
                return b10;
            } catch (Throwable th) {
                th = th;
                cipherLiteInputStream = v10;
                S3DataSource.Utils.cleanupDataSource(uploadPartRequest, t10, w10, cipherLiteInputStream, this.f5716b);
                multipartUploadCryptoContext.g();
                throw th;
            }
        } catch (Throwable th2) {
            th = th2;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final AmazonWebServiceRequest g(AmazonWebServiceRequest amazonWebServiceRequest, String str) {
        amazonWebServiceRequest.j().a(str);
        return amazonWebServiceRequest;
    }

    abstract CipherLite i(MultipartUploadCryptoContext multipartUploadCryptoContext);

    protected abstract long j(long j10);

    abstract long k(UploadPartRequest uploadPartRequest);

    /* JADX WARN: Multi-variable type inference failed */
    protected final ContentCryptoMaterial l(AmazonWebServiceRequest amazonWebServiceRequest) {
        EncryptionMaterials a10;
        if ((amazonWebServiceRequest instanceof EncryptionMaterialsFactory) && (a10 = ((EncryptionMaterialsFactory) amazonWebServiceRequest).a()) != null) {
            return h(a10, this.f5719e.f(), amazonWebServiceRequest);
        }
        if (amazonWebServiceRequest instanceof MaterialsDescriptionProvider) {
            Map b10 = ((MaterialsDescriptionProvider) amazonWebServiceRequest).b();
            ContentCryptoMaterial u10 = u(this.f5715a, b10, this.f5719e.f(), amazonWebServiceRequest);
            if (u10 != null) {
                return u10;
            }
            if (b10 != null && !this.f5715a.a().i()) {
                throw new AmazonClientException("No material available from the encryption material provider for description " + b10);
            }
        }
        return t(this.f5715a, this.f5719e.f(), amazonWebServiceRequest);
    }

    final GetObjectRequest m(S3ObjectId s3ObjectId, String str) {
        return new GetObjectRequest(s3ObjectId.e(str));
    }

    protected final PutObjectRequest n(String str, String str2, ContentCryptoMaterial contentCryptoMaterial) {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(contentCryptoMaterial.t(this.f5719e.c()).getBytes(StringUtils.f6409a));
        ObjectMetadata objectMetadata = new ObjectMetadata();
        objectMetadata.N(r7.length);
        objectMetadata.k("x-amz-crypto-instr-file", "");
        InstructionFileId d10 = new S3ObjectId(str, str2).d();
        return new PutObjectRequest(d10.a(), d10.b(), byteArrayInputStream, objectMetadata);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final S3ObjectWrapper o(S3ObjectId s3ObjectId, String str) {
        try {
            S3Object q10 = this.f5721g.q(m(s3ObjectId, str));
            if (q10 == null) {
                return null;
            }
            return new S3ObjectWrapper(q10, s3ObjectId);
        } catch (AmazonServiceException e10) {
            if (this.f5716b.c()) {
                this.f5716b.a("Unable to retrieve instruction file : " + e10.getMessage());
            }
            return null;
        }
    }

    protected final SecretKey p(EncryptionMaterials encryptionMaterials, Provider provider) {
        boolean z10;
        String i10 = this.f5718d.i();
        try {
            KeyGenerator keyGenerator = provider == null ? KeyGenerator.getInstance(i10) : KeyGenerator.getInstance(i10, provider);
            keyGenerator.init(this.f5718d.j(), this.f5717c.c());
            KeyPair f10 = encryptionMaterials.f();
            if (f10 == null || this.f5717c.b().a(f10.getPublic(), provider) != null) {
                z10 = false;
            } else {
                Provider provider2 = keyGenerator.getProvider();
                z10 = "BC".equals(provider2 == null ? null : provider2.getName());
            }
            SecretKey generateKey = keyGenerator.generateKey();
            if (z10 && generateKey.getEncoded()[0] == 0) {
                for (int i11 = 0; i11 < 9; i11++) {
                    SecretKey generateKey2 = keyGenerator.generateKey();
                    if (generateKey2.getEncoded()[0] != 0) {
                        return generateKey2;
                    }
                }
                throw new AmazonClientException("Failed to generate secret key");
            }
            return generateKey;
        } catch (NoSuchAlgorithmException e10) {
            throw new AmazonClientException("Unable to generate envelope symmetric key:" + e10.getMessage(), e10);
        }
    }

    protected final CipherLiteInputStream v(UploadPartRequest uploadPartRequest, CipherLite cipherLite) {
        InputStream resettableInputStream;
        InputSubstream inputSubstream;
        File t10 = uploadPartRequest.t();
        InputStream w10 = uploadPartRequest.w();
        InputSubstream inputSubstream2 = null;
        try {
            if (t10 != null) {
                resettableInputStream = new ResettableInputStream(t10);
            } else {
                if (w10 == null) {
                    throw new IllegalArgumentException("A File or InputStream must be specified when uploading part");
                }
                resettableInputStream = w10;
            }
            inputSubstream = new InputSubstream(resettableInputStream, uploadPartRequest.u(), uploadPartRequest.C(), uploadPartRequest.G());
        } catch (Exception e10) {
            e = e10;
        }
        try {
            return cipherLite.i() ? new CipherLiteInputStream(inputSubstream, cipherLite, 2048, true, uploadPartRequest.G()) : new RenewableCipherLiteInputStream(inputSubstream, cipherLite, 2048, true, uploadPartRequest.G());
        } catch (Exception e11) {
            e = e11;
            inputSubstream2 = inputSubstream;
            S3DataSource.Utils.cleanupDataSource(uploadPartRequest, t10, w10, inputSubstream2, this.f5716b);
            throw new AmazonClientException("Unable to create cipher input stream", e);
        }
    }

    abstract MultipartUploadCryptoContext x(InitiateMultipartUploadRequest initiateMultipartUploadRequest, ContentCryptoMaterial contentCryptoMaterial);

    protected final long y(AbstractPutObjectRequest abstractPutObjectRequest, ObjectMetadata objectMetadata) {
        if (abstractPutObjectRequest.x() != null) {
            return abstractPutObjectRequest.x().length();
        }
        if (abstractPutObjectRequest.y() == null || objectMetadata.z("Content-Length") == null) {
            return -1L;
        }
        return objectMetadata.p();
    }
}
