package com.amazonaws.services.s3.internal.crypto;

import com.amazonaws.AmazonClientException;
import com.amazonaws.AmazonServiceException;
import com.amazonaws.AmazonWebServiceRequest;
import com.amazonaws.internal.ReleasableInputStream;
import com.amazonaws.internal.ResettableInputStream;
import com.amazonaws.internal.SdkFilterInputStream;
import com.amazonaws.services.kms.AWSKMSClient;
import com.amazonaws.services.kms.model.GenerateDataKeyRequest;
import com.amazonaws.services.kms.model.GenerateDataKeyResult;
import com.amazonaws.services.s3.AmazonS3EncryptionClient;
import com.amazonaws.services.s3.internal.InputSubstream;
import com.amazonaws.services.s3.internal.S3Direct;
import com.amazonaws.services.s3.internal.crypto.MultipartUploadCryptoContext;
import com.amazonaws.services.s3.model.AbortMultipartUploadRequest;
import com.amazonaws.services.s3.model.AbstractPutObjectRequest;
import com.amazonaws.services.s3.model.CompleteMultipartUploadRequest;
import com.amazonaws.services.s3.model.CompleteMultipartUploadResult;
import com.amazonaws.services.s3.model.CopyPartRequest;
import com.amazonaws.services.s3.model.CopyPartResult;
import com.amazonaws.services.s3.model.CryptoConfiguration;
import com.amazonaws.services.s3.model.CryptoStorageMode;
import com.amazonaws.services.s3.model.EncryptionMaterials;
import com.amazonaws.services.s3.model.EncryptionMaterialsFactory;
import com.amazonaws.services.s3.model.EncryptionMaterialsProvider;
import com.amazonaws.services.s3.model.GetObjectRequest;
import com.amazonaws.services.s3.model.InitiateMultipartUploadRequest;
import com.amazonaws.services.s3.model.InitiateMultipartUploadResult;
import com.amazonaws.services.s3.model.InstructionFileId;
import com.amazonaws.services.s3.model.MaterialsDescriptionProvider;
import com.amazonaws.services.s3.model.ObjectMetadata;
import com.amazonaws.services.s3.model.PutObjectRequest;
import com.amazonaws.services.s3.model.PutObjectResult;
import com.amazonaws.services.s3.model.S3DataSource;
import com.amazonaws.services.s3.model.S3Object;
import com.amazonaws.services.s3.model.S3ObjectId;
import com.amazonaws.services.s3.model.UploadPartRequest;
import com.amazonaws.services.s3.model.UploadPartResult;
import com.amazonaws.services.s3.util.Mimetypes;
import com.amazonaws.util.BinaryUtils;
import com.amazonaws.util.LengthCheckInputStream;
import com.amazonaws.util.StringUtils;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FilterInputStream;
import java.io.InputStream;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.logging.Log;

/* loaded from: classes.dex */
public abstract class S3CryptoModuleBase<T extends MultipartUploadCryptoContext> extends S3CryptoModule<T> {
    protected final EncryptionMaterialsProvider a;
    protected final Log b;
    protected final S3CryptoScheme c;
    protected final ContentCryptoScheme d;
    protected final CryptoConfiguration e;
    protected final Map<String, T> f;
    protected final S3Direct g;
    protected final AWSKMSClient h;

    /* JADX INFO: Access modifiers changed from: package-private */
    public static <X extends AmazonWebServiceRequest> X a(X x, String str) {
        x.requestClientOptions.a(str);
        return x;
    }

    private static CipherLiteInputStream a(AbstractPutObjectRequest abstractPutObjectRequest, ContentCryptoMaterial contentCryptoMaterial, long j) {
        FilterInputStream filterInputStream;
        Exception e;
        File file = abstractPutObjectRequest.file;
        InputStream inputStream = abstractPutObjectRequest.a;
        try {
            if (file == null) {
                filterInputStream = inputStream != null ? ReleasableInputStream.a(inputStream) : null;
            } else {
                filterInputStream = new ResettableInputStream(file);
            }
            if (j > -1) {
                try {
                    filterInputStream = new LengthCheckInputStream(filterInputStream, j, false);
                } catch (Exception e2) {
                    e = e2;
                    S3DataSource.Utils.a(abstractPutObjectRequest, file, inputStream, filterInputStream);
                    throw new AmazonClientException("Unable to create cipher input stream", e);
                }
            }
            CipherLite cipherLite = contentCryptoMaterial.a;
            return cipherLite.b() ? new CipherLiteInputStream(filterInputStream, cipherLite) : new RenewableCipherLiteInputStream(filterInputStream, cipherLite);
        } catch (Exception e3) {
            filterInputStream = null;
            e = e3;
        }
    }

    private static CipherLiteInputStream a(UploadPartRequest uploadPartRequest, CipherLite cipherLite) {
        InputStream resettableInputStream;
        File file = uploadPartRequest.file;
        InputStream inputStream = uploadPartRequest.a;
        InputSubstream inputSubstream = null;
        try {
            if (file != null) {
                resettableInputStream = new ResettableInputStream(file);
            } else {
                if (inputStream == null) {
                    throw new IllegalArgumentException("A File or InputStream must be specified when uploading part");
                }
                resettableInputStream = inputStream;
            }
            InputSubstream inputSubstream2 = new InputSubstream(resettableInputStream, uploadPartRequest.fileOffset, uploadPartRequest.partSize, uploadPartRequest.isLastPart);
            try {
                return cipherLite.b() ? new CipherLiteInputStream(inputSubstream2, cipherLite, true, uploadPartRequest.isLastPart) : new RenewableCipherLiteInputStream(inputSubstream2, cipherLite, uploadPartRequest.isLastPart);
            } catch (Exception e) {
                inputSubstream = inputSubstream2;
                e = e;
                S3DataSource.Utils.a(uploadPartRequest, file, inputStream, inputSubstream);
                throw new AmazonClientException("Unable to create cipher input stream", e);
            }
        } catch (Exception e2) {
            e = e2;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private ContentCryptoMaterial a(AmazonWebServiceRequest amazonWebServiceRequest) {
        EncryptionMaterials a;
        if ((amazonWebServiceRequest instanceof EncryptionMaterialsFactory) && (a = ((EncryptionMaterialsFactory) amazonWebServiceRequest).a()) != null) {
            return a(a, this.e.cryptoProvider, amazonWebServiceRequest);
        }
        if (amazonWebServiceRequest instanceof MaterialsDescriptionProvider) {
            Map<String, String> b_ = ((MaterialsDescriptionProvider) amazonWebServiceRequest).b_();
            EncryptionMaterialsProvider encryptionMaterialsProvider = this.a;
            Provider provider = this.e.cryptoProvider;
            EncryptionMaterials a2 = encryptionMaterialsProvider.a(b_);
            ContentCryptoMaterial a3 = a2 == null ? null : a(a2, provider, amazonWebServiceRequest);
            if (a3 != null) {
                return a3;
            }
            if (b_ != null && !this.a.a().d()) {
                throw new AmazonClientException("No material available from the encryption material provider for description " + b_);
            }
        }
        EncryptionMaterialsProvider encryptionMaterialsProvider2 = this.a;
        Provider provider2 = this.e.cryptoProvider;
        EncryptionMaterials a4 = encryptionMaterialsProvider2.a();
        if (a4 == null) {
            throw new AmazonClientException("No material available from the encryption material provider");
        }
        return a(a4, provider2, amazonWebServiceRequest);
    }

    private ContentCryptoMaterial a(EncryptionMaterials encryptionMaterials, Provider provider, AmazonWebServiceRequest amazonWebServiceRequest) {
        byte[] bArr = new byte[this.d.e()];
        S3CryptoScheme.a().nextBytes(bArr);
        if (!encryptionMaterials.d()) {
            return ContentCryptoMaterial.a(a(encryptionMaterials, provider), bArr, encryptionMaterials, this.c, provider, this.h, amazonWebServiceRequest);
        }
        Map<String, String> a = ContentCryptoMaterial.a(encryptionMaterials, amazonWebServiceRequest);
        GenerateDataKeyRequest generateDataKeyRequest = new GenerateDataKeyRequest();
        generateDataKeyRequest.encryptionContext = a;
        generateDataKeyRequest.keyId = encryptionMaterials.e();
        ContentCryptoScheme contentCryptoScheme = this.d;
        generateDataKeyRequest.keySpec = contentCryptoScheme.a() + "_" + contentCryptoScheme.c();
        generateDataKeyRequest.b(amazonWebServiceRequest.c_()).requestMetricCollector = amazonWebServiceRequest.requestMetricCollector;
        GenerateDataKeyResult a2 = this.h.a(generateDataKeyRequest);
        return ContentCryptoMaterial.a(new SecretKeySpec(BinaryUtils.a(a2.plaintext), this.d.a()), bArr, this.d, provider, new KMSSecuredCEK(BinaryUtils.a(a2.ciphertextBlob), a));
    }

    private <R extends AbstractPutObjectRequest> R a(R r, ContentCryptoMaterial contentCryptoMaterial) {
        ObjectMetadata objectMetadata = r.metadata;
        if (objectMetadata == null) {
            objectMetadata = new ObjectMetadata();
        }
        if (objectMetadata.g() != null) {
            objectMetadata.a("x-amz-unencrypted-content-md5", objectMetadata.g());
        }
        objectMetadata.g(null);
        long length = r.file != null ? r.file.length() : (r.a == null || objectMetadata.b("Content-Length") == null) ? -1L : objectMetadata.d();
        if (length >= 0) {
            objectMetadata.a("x-amz-unencrypted-content-length", Long.toString(length));
            objectMetadata.a(a(length));
        }
        r.metadata = objectMetadata;
        r.a = a(r, contentCryptoMaterial, length);
        r.file = null;
        return r;
    }

    private ObjectMetadata a(ObjectMetadata objectMetadata, File file, ContentCryptoMaterial contentCryptoMaterial) {
        if (objectMetadata == null) {
            objectMetadata = new ObjectMetadata();
        }
        if (file != null) {
            objectMetadata.f(Mimetypes.a().a(file));
        }
        return contentCryptoMaterial.a(objectMetadata, this.e.cryptoMode);
    }

    private SecretKey a(EncryptionMaterials encryptionMaterials, Provider provider) {
        boolean z;
        String a = this.d.a();
        try {
            KeyGenerator keyGenerator = provider == null ? KeyGenerator.getInstance(a) : KeyGenerator.getInstance(a, provider);
            keyGenerator.init(this.d.c(), S3CryptoScheme.a());
            KeyPair a2 = encryptionMaterials.a();
            if (a2 == null || this.c.a.a(a2.getPublic()) != null) {
                z = false;
            } else {
                Provider provider2 = keyGenerator.getProvider();
                z = "BC".equals(provider2 == null ? null : provider2.getName());
            }
            SecretKey generateKey = keyGenerator.generateKey();
            if (z && generateKey.getEncoded()[0] == 0) {
                for (int i = 0; i < 9; i++) {
                    generateKey = keyGenerator.generateKey();
                    if (generateKey.getEncoded()[0] == 0) {
                    }
                }
                throw new AmazonClientException("Failed to generate secret key");
            }
            return generateKey;
        } catch (NoSuchAlgorithmException e) {
            throw new AmazonClientException("Unable to generate envelope symmetric key:" + e.getMessage(), e);
        }
    }

    private PutObjectResult b(PutObjectRequest putObjectRequest) {
        ContentCryptoMaterial a = a((AmazonWebServiceRequest) putObjectRequest);
        File file = putObjectRequest.file;
        InputStream inputStream = putObjectRequest.a;
        PutObjectRequest putObjectRequest2 = (PutObjectRequest) a((S3CryptoModuleBase<T>) putObjectRequest, a);
        putObjectRequest.metadata = a(putObjectRequest.metadata, putObjectRequest.file, a);
        try {
            return this.g.a(putObjectRequest2);
        } finally {
            S3DataSource.Utils.a(putObjectRequest, file, inputStream, putObjectRequest2.a);
        }
    }

    private PutObjectResult c(PutObjectRequest putObjectRequest) {
        File file = putObjectRequest.file;
        InputStream inputStream = putObjectRequest.a;
        PutObjectRequest b = putObjectRequest.clone().b((File) null).b((InputStream) null);
        b.key += ".instruction";
        ContentCryptoMaterial a = a((AmazonWebServiceRequest) putObjectRequest);
        PutObjectRequest putObjectRequest2 = (PutObjectRequest) a((S3CryptoModuleBase<T>) putObjectRequest, a);
        try {
            PutObjectResult a2 = this.g.a(putObjectRequest2);
            S3DataSource.Utils.a(putObjectRequest, file, inputStream, putObjectRequest2.a);
            S3Direct s3Direct = this.g;
            byte[] bytes = a.a(this.e.cryptoMode).getBytes(StringUtils.a);
            ObjectMetadata objectMetadata = b.metadata;
            if (objectMetadata == null) {
                objectMetadata = new ObjectMetadata();
                b.metadata = objectMetadata;
            }
            objectMetadata.a(bytes.length);
            objectMetadata.a("x-amz-crypto-instr-file", "");
            b.metadata = objectMetadata;
            b.a = new ByteArrayInputStream(bytes);
            s3Direct.a(b);
            return a2;
        } catch (Throwable th) {
            S3DataSource.Utils.a(putObjectRequest, file, inputStream, putObjectRequest2.a);
            throw th;
        }
    }

    protected abstract long a(long j);

    abstract <I extends CipherLiteInputStream> SdkFilterInputStream a(I i, long j);

    abstract CipherLite a(T t);

    abstract T a(InitiateMultipartUploadRequest initiateMultipartUploadRequest, ContentCryptoMaterial contentCryptoMaterial);

    /* JADX INFO: Access modifiers changed from: package-private */
    public final S3ObjectWrapper a(S3ObjectId s3ObjectId, String str) {
        try {
            S3Object a = this.g.a(new GetObjectRequest(s3ObjectId.a(str)));
            if (a == null) {
                return null;
            }
            return new S3ObjectWrapper(a, s3ObjectId);
        } catch (AmazonServiceException e) {
            if (!this.b.isDebugEnabled()) {
                return null;
            }
            this.b.debug("Unable to retrieve instruction file : " + e.getMessage());
            return null;
        }
    }

    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModule
    public final CompleteMultipartUploadResult a(CompleteMultipartUploadRequest completeMultipartUploadRequest) {
        a(completeMultipartUploadRequest, AmazonS3EncryptionClient.j);
        String str = completeMultipartUploadRequest.uploadId;
        T t = this.f.get(str);
        if (t != null && !t.d) {
            throw new AmazonClientException("Unable to complete an encrypted multipart upload without being told which part was the last.  Without knowing which part was the last, the encrypted data in Amazon S3 is incomplete and corrupt.");
        }
        CompleteMultipartUploadResult a = this.g.a(completeMultipartUploadRequest);
        if (t != null && this.e.storageMode == CryptoStorageMode.InstructionFile) {
            S3Direct s3Direct = this.g;
            String str2 = t.b;
            String str3 = t.c;
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(t.f.a(this.e.cryptoMode).getBytes(StringUtils.a));
            ObjectMetadata objectMetadata = new ObjectMetadata();
            objectMetadata.a(r0.length);
            objectMetadata.a("x-amz-crypto-instr-file", "");
            InstructionFileId a2 = new S3ObjectId(str2, str3).a();
            s3Direct.a(new PutObjectRequest(a2.bucket, a2.key, byteArrayInputStream, objectMetadata));
        }
        this.f.remove(str);
        return a;
    }

    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModule
    public final CopyPartResult a(CopyPartRequest copyPartRequest) {
        T t = this.f.get(copyPartRequest.uploadId);
        CopyPartResult a = this.g.a(copyPartRequest);
        if (t != null && !t.d) {
            t.d = true;
        }
        return a;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModule
    public final InitiateMultipartUploadResult a(InitiateMultipartUploadRequest initiateMultipartUploadRequest) {
        a(initiateMultipartUploadRequest, AmazonS3EncryptionClient.j);
        ContentCryptoMaterial a = a((AmazonWebServiceRequest) initiateMultipartUploadRequest);
        if (this.e.storageMode == CryptoStorageMode.ObjectMetadata) {
            ObjectMetadata objectMetadata = initiateMultipartUploadRequest.objectMetadata;
            if (objectMetadata == null) {
                objectMetadata = new ObjectMetadata();
            }
            initiateMultipartUploadRequest.objectMetadata = a(objectMetadata, (File) null, a);
        }
        InitiateMultipartUploadResult a2 = this.g.a(initiateMultipartUploadRequest);
        T a3 = a(initiateMultipartUploadRequest, a);
        if (initiateMultipartUploadRequest instanceof MaterialsDescriptionProvider) {
            Map<String, String> b_ = ((MaterialsDescriptionProvider) initiateMultipartUploadRequest).b_();
            a3.e = b_ == null ? null : Collections.unmodifiableMap(new HashMap(b_));
        }
        this.f.put(a2.c, a3);
        return a2;
    }

    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModule
    public final PutObjectResult a(PutObjectRequest putObjectRequest) {
        a(putObjectRequest, AmazonS3EncryptionClient.j);
        return this.e.storageMode == CryptoStorageMode.InstructionFile ? c(putObjectRequest) : b(putObjectRequest);
    }

    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModule
    public final UploadPartResult a(UploadPartRequest uploadPartRequest) {
        a(uploadPartRequest, AmazonS3EncryptionClient.j);
        int d = this.d.d();
        boolean z = uploadPartRequest.isLastPart;
        String str = uploadPartRequest.uploadId;
        long j = uploadPartRequest.partSize;
        boolean z2 = 0 == j % ((long) d);
        if (!z && !z2) {
            throw new AmazonClientException("Invalid part size: part sizes for encrypted multipart uploads must be multiples of the cipher block size (" + d + ") with the exception of the last part.");
        }
        T t = this.f.get(str);
        if (t == null) {
            throw new AmazonClientException("No client-side information available on upload ID " + str);
        }
        int i = uploadPartRequest.partNumber;
        if (i <= 0) {
            throw new IllegalArgumentException("part number must be at least 1");
        }
        if (t.h) {
            throw new AmazonClientException("Parts are required to be uploaded in series");
        }
        synchronized (t) {
            if (i - t.g > 1) {
                throw new AmazonClientException("Parts are required to be uploaded in series (partNumber=" + t.g + ", nextPartNumber=" + i + ")");
            }
            t.g = i;
            t.h = true;
        }
        CipherLite a = a((S3CryptoModuleBase<T>) t);
        File file = uploadPartRequest.file;
        InputStream inputStream = uploadPartRequest.a;
        try {
            SdkFilterInputStream a2 = a((S3CryptoModuleBase<T>) a(uploadPartRequest, a), j);
            uploadPartRequest.a = a2;
            uploadPartRequest.file = null;
            uploadPartRequest.fileOffset = 0L;
            if (z) {
                long b = b(uploadPartRequest);
                if (b > -1) {
                    uploadPartRequest.partSize = b;
                }
                if (t.d) {
                    throw new AmazonClientException("This part was specified as the last part in a multipart upload, but a previous part was already marked as the last part.  Only the last part of the upload should be marked as the last part.");
                }
            }
            UploadPartResult a3 = this.g.a(uploadPartRequest);
            S3DataSource.Utils.a(uploadPartRequest, file, inputStream, a2);
            t.h = false;
            if (z) {
                t.d = true;
            }
            a((S3CryptoModuleBase<T>) t, a2);
            return a3;
        } catch (Throwable th) {
            S3DataSource.Utils.a(uploadPartRequest, file, inputStream, null);
            t.h = false;
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void a(ContentCryptoMaterial contentCryptoMaterial, S3ObjectWrapper s3ObjectWrapper) {
    }

    abstract void a(T t, SdkFilterInputStream sdkFilterInputStream);

    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModule
    public final void a(AbortMultipartUploadRequest abortMultipartUploadRequest) {
        this.g.a(abortMultipartUploadRequest);
        this.f.remove(abortMultipartUploadRequest.uploadId);
    }

    abstract long b(UploadPartRequest uploadPartRequest);
}
