package com.amazonaws.services.s3.internal.crypto;

import com.amazonaws.AmazonClientException;
import com.amazonaws.AmazonServiceException;
import com.amazonaws.AmazonWebServiceRequest;
import com.amazonaws.internal.ReleasableInputStream;
import com.amazonaws.internal.ResettableInputStream;
import com.amazonaws.internal.SdkFilterInputStream;
import com.amazonaws.logging.Log;
import com.amazonaws.services.kms.AWSKMSClient;
import com.amazonaws.services.kms.model.GenerateDataKeyRequest;
import com.amazonaws.services.kms.model.GenerateDataKeyResult;
import com.amazonaws.services.s3.AmazonS3EncryptionClient;
import com.amazonaws.services.s3.internal.InputSubstream;
import com.amazonaws.services.s3.internal.S3Direct;
import com.amazonaws.services.s3.internal.crypto.MultipartUploadCryptoContext;
import com.amazonaws.services.s3.model.AbortMultipartUploadRequest;
import com.amazonaws.services.s3.model.AbstractPutObjectRequest;
import com.amazonaws.services.s3.model.CompleteMultipartUploadRequest;
import com.amazonaws.services.s3.model.CompleteMultipartUploadResult;
import com.amazonaws.services.s3.model.CopyPartRequest;
import com.amazonaws.services.s3.model.CopyPartResult;
import com.amazonaws.services.s3.model.CryptoConfiguration;
import com.amazonaws.services.s3.model.CryptoStorageMode;
import com.amazonaws.services.s3.model.EncryptionMaterials;
import com.amazonaws.services.s3.model.EncryptionMaterialsFactory;
import com.amazonaws.services.s3.model.EncryptionMaterialsProvider;
import com.amazonaws.services.s3.model.GetObjectRequest;
import com.amazonaws.services.s3.model.InitiateMultipartUploadRequest;
import com.amazonaws.services.s3.model.InitiateMultipartUploadResult;
import com.amazonaws.services.s3.model.InstructionFileId;
import com.amazonaws.services.s3.model.MaterialsDescriptionProvider;
import com.amazonaws.services.s3.model.ObjectMetadata;
import com.amazonaws.services.s3.model.PutObjectRequest;
import com.amazonaws.services.s3.model.PutObjectResult;
import com.amazonaws.services.s3.model.S3DataSource;
import com.amazonaws.services.s3.model.S3Object;
import com.amazonaws.services.s3.model.S3ObjectId;
import com.amazonaws.services.s3.model.UploadPartRequest;
import com.amazonaws.services.s3.model.UploadPartResult;
import com.amazonaws.services.s3.util.Mimetypes;
import com.amazonaws.util.BinaryUtils;
import com.amazonaws.util.LengthCheckInputStream;
import com.amazonaws.util.StringUtils;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FilterInputStream;
import java.io.InputStream;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.util.Map;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes.dex */
public abstract class S3CryptoModuleBase<T extends MultipartUploadCryptoContext> extends S3CryptoModule<T> {

    /* renamed from: a, reason: collision with root package name */
    protected final EncryptionMaterialsProvider f10764a;

    /* renamed from: b, reason: collision with root package name */
    protected final Log f10765b;

    /* renamed from: c, reason: collision with root package name */
    protected final S3CryptoScheme f10766c;

    /* renamed from: d, reason: collision with root package name */
    protected final ContentCryptoScheme f10767d;

    /* renamed from: e, reason: collision with root package name */
    protected final CryptoConfiguration f10768e;

    /* renamed from: f, reason: collision with root package name */
    protected final Map f10769f;

    /* renamed from: g, reason: collision with root package name */
    protected final S3Direct f10770g;

    /* renamed from: h, reason: collision with root package name */
    protected final AWSKMSClient f10771h;

    private PutObjectResult A(PutObjectRequest putObjectRequest) {
        File B5 = putObjectRequest.B();
        InputStream C5 = putObjectRequest.C();
        PutObjectRequest c02 = putObjectRequest.clone().n0(null).c0(null);
        c02.P(c02.D() + ".instruction");
        ContentCryptoMaterial m5 = m(putObjectRequest);
        PutObjectRequest putObjectRequest2 = (PutObjectRequest) H(putObjectRequest, m5);
        try {
            PutObjectResult e5 = this.f10770g.e(putObjectRequest2);
            S3DataSource.Utils.cleanupDataSource(putObjectRequest, B5, C5, putObjectRequest2.C(), this.f10765b);
            this.f10770g.e(D(c02, m5));
            return e5;
        } catch (Throwable th) {
            S3DataSource.Utils.cleanupDataSource(putObjectRequest, B5, C5, putObjectRequest2.C(), this.f10765b);
            throw th;
        }
    }

    private PutObjectResult B(PutObjectRequest putObjectRequest) {
        ContentCryptoMaterial m5 = m(putObjectRequest);
        File B5 = putObjectRequest.B();
        InputStream C5 = putObjectRequest.C();
        PutObjectRequest putObjectRequest2 = (PutObjectRequest) H(putObjectRequest, m5);
        putObjectRequest.R(E(putObjectRequest.E(), putObjectRequest.B(), m5));
        try {
            return this.f10770g.e(putObjectRequest2);
        } finally {
            S3DataSource.Utils.cleanupDataSource(putObjectRequest, B5, C5, putObjectRequest2.C(), this.f10765b);
        }
    }

    private ContentCryptoMaterial i(EncryptionMaterials encryptionMaterials, Provider provider, AmazonWebServiceRequest amazonWebServiceRequest) {
        byte[] bArr = new byte[this.f10767d.h()];
        this.f10766c.c().nextBytes(bArr);
        if (!encryptionMaterials.i()) {
            return ContentCryptoMaterial.c(q(encryptionMaterials, provider), bArr, encryptionMaterials, this.f10766c, provider, this.f10771h, amazonWebServiceRequest);
        }
        Map p5 = ContentCryptoMaterial.p(encryptionMaterials, amazonWebServiceRequest);
        GenerateDataKeyRequest D5 = new GenerateDataKeyRequest().B(p5).C(encryptionMaterials.d()).D(this.f10767d.k());
        D5.s(amazonWebServiceRequest.k()).t(amazonWebServiceRequest.n());
        GenerateDataKeyResult R4 = this.f10771h.R(D5);
        return ContentCryptoMaterial.z(new SecretKeySpec(BinaryUtils.a(R4.c()), this.f10767d.i()), bArr, this.f10767d, provider, new KMSSecuredCEK(BinaryUtils.a(R4.a()), p5));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long[] r(long[] jArr) {
        if (jArr == null) {
            return null;
        }
        long j5 = jArr[0];
        if (j5 > jArr[1]) {
            return null;
        }
        return new long[]{s(j5), t(jArr[1])};
    }

    private static long s(long j5) {
        long j6 = (j5 - (j5 % 16)) - 16;
        if (j6 < 0) {
            return 0L;
        }
        return j6;
    }

    private static long t(long j5) {
        long j6 = j5 + (16 - (j5 % 16)) + 16;
        if (j6 < 0) {
            return Long.MAX_VALUE;
        }
        return j6;
    }

    private ContentCryptoMaterial u(EncryptionMaterialsProvider encryptionMaterialsProvider, Provider provider, AmazonWebServiceRequest amazonWebServiceRequest) {
        EncryptionMaterials a5 = encryptionMaterialsProvider.a();
        if (a5 != null) {
            return i(a5, provider, amazonWebServiceRequest);
        }
        throw new AmazonClientException("No material available from the encryption material provider");
    }

    private ContentCryptoMaterial v(EncryptionMaterialsProvider encryptionMaterialsProvider, Map map, Provider provider, AmazonWebServiceRequest amazonWebServiceRequest) {
        EncryptionMaterials b5 = encryptionMaterialsProvider.b(map);
        if (b5 == null) {
            return null;
        }
        return i(b5, provider, amazonWebServiceRequest);
    }

    private CipherLiteInputStream x(AbstractPutObjectRequest abstractPutObjectRequest, ContentCryptoMaterial contentCryptoMaterial, long j5) {
        File B5 = abstractPutObjectRequest.B();
        InputStream C5 = abstractPutObjectRequest.C();
        FilterInputStream filterInputStream = null;
        try {
            if (B5 != null) {
                filterInputStream = new ResettableInputStream(B5);
            } else if (C5 != null) {
                filterInputStream = ReleasableInputStream.j(C5);
            }
            if (j5 > -1) {
                filterInputStream = new LengthCheckInputStream(filterInputStream, j5, false);
            }
            CipherLite i5 = contentCryptoMaterial.i();
            return i5.i() ? new CipherLiteInputStream(filterInputStream, i5, 2048) : new RenewableCipherLiteInputStream(filterInputStream, i5, 2048);
        } catch (Exception e5) {
            S3DataSource.Utils.cleanupDataSource(abstractPutObjectRequest, B5, C5, null, this.f10765b);
            throw new AmazonClientException("Unable to create cipher input stream", e5);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void C(ContentCryptoMaterial contentCryptoMaterial, S3ObjectWrapper s3ObjectWrapper) {
    }

    protected final PutObjectRequest D(PutObjectRequest putObjectRequest, ContentCryptoMaterial contentCryptoMaterial) {
        byte[] bytes = contentCryptoMaterial.t(this.f10768e.f()).getBytes(StringUtils.f11505a);
        ObjectMetadata E5 = putObjectRequest.E();
        if (E5 == null) {
            E5 = new ObjectMetadata();
            putObjectRequest.R(E5);
        }
        E5.M(bytes.length);
        E5.q("x-amz-crypto-instr-file", "");
        putObjectRequest.R(E5);
        putObjectRequest.f(new ByteArrayInputStream(bytes));
        return putObjectRequest;
    }

    protected final ObjectMetadata E(ObjectMetadata objectMetadata, File file, ContentCryptoMaterial contentCryptoMaterial) {
        if (objectMetadata == null) {
            objectMetadata = new ObjectMetadata();
        }
        if (file != null) {
            objectMetadata.P(Mimetypes.a().b(file));
        }
        return contentCryptoMaterial.w(objectMetadata, this.f10768e.f());
    }

    abstract void F(MultipartUploadCryptoContext multipartUploadCryptoContext, SdkFilterInputStream sdkFilterInputStream);

    abstract SdkFilterInputStream G(CipherLiteInputStream cipherLiteInputStream, long j5);

    protected final AbstractPutObjectRequest H(AbstractPutObjectRequest abstractPutObjectRequest, ContentCryptoMaterial contentCryptoMaterial) {
        ObjectMetadata E5 = abstractPutObjectRequest.E();
        if (E5 == null) {
            E5 = new ObjectMetadata();
        }
        if (E5.t() != null) {
            E5.q("x-amz-unencrypted-content-md5", E5.t());
        }
        E5.N(null);
        long z5 = z(abstractPutObjectRequest, E5);
        if (z5 >= 0) {
            E5.q("x-amz-unencrypted-content-length", Long.toString(z5));
            E5.M(k(z5));
        }
        abstractPutObjectRequest.R(E5);
        abstractPutObjectRequest.f(x(abstractPutObjectRequest, contentCryptoMaterial, z5));
        abstractPutObjectRequest.c(null);
        return abstractPutObjectRequest;
    }

    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModule
    public final void a(AbortMultipartUploadRequest abortMultipartUploadRequest) {
        this.f10770g.c(abortMultipartUploadRequest);
        this.f10769f.remove(abortMultipartUploadRequest.x());
    }

    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModule
    public CompleteMultipartUploadResult b(CompleteMultipartUploadRequest completeMultipartUploadRequest) {
        h(completeMultipartUploadRequest, AmazonS3EncryptionClient.f10603x);
        String y5 = completeMultipartUploadRequest.y();
        MultipartUploadCryptoContext multipartUploadCryptoContext = (MultipartUploadCryptoContext) this.f10769f.get(y5);
        if (multipartUploadCryptoContext != null && !multipartUploadCryptoContext.c()) {
            throw new AmazonClientException("Unable to complete an encrypted multipart upload without being told which part was the last.  Without knowing which part was the last, the encrypted data in Amazon S3 is incomplete and corrupt.");
        }
        CompleteMultipartUploadResult m5 = this.f10770g.m(completeMultipartUploadRequest);
        if (multipartUploadCryptoContext != null && this.f10768e.h() == CryptoStorageMode.InstructionFile) {
            this.f10770g.e(o(multipartUploadCryptoContext.a(), multipartUploadCryptoContext.b(), multipartUploadCryptoContext.i()));
        }
        this.f10769f.remove(y5);
        return m5;
    }

    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModule
    public final CopyPartResult c(CopyPartRequest copyPartRequest) {
        MultipartUploadCryptoContext multipartUploadCryptoContext = (MultipartUploadCryptoContext) this.f10769f.get(copyPartRequest.M());
        CopyPartResult j5 = this.f10770g.j(copyPartRequest);
        if (multipartUploadCryptoContext != null && !multipartUploadCryptoContext.c()) {
            multipartUploadCryptoContext.d(true);
        }
        return j5;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModule
    public InitiateMultipartUploadResult e(InitiateMultipartUploadRequest initiateMultipartUploadRequest) {
        h(initiateMultipartUploadRequest, AmazonS3EncryptionClient.f10603x);
        ContentCryptoMaterial m5 = m(initiateMultipartUploadRequest);
        if (this.f10768e.h() == CryptoStorageMode.ObjectMetadata) {
            ObjectMetadata A5 = initiateMultipartUploadRequest.A();
            if (A5 == null) {
                A5 = new ObjectMetadata();
            }
            initiateMultipartUploadRequest.H(E(A5, null, m5));
        }
        InitiateMultipartUploadResult s5 = this.f10770g.s(initiateMultipartUploadRequest);
        MultipartUploadCryptoContext y5 = y(initiateMultipartUploadRequest, m5);
        if (initiateMultipartUploadRequest instanceof MaterialsDescriptionProvider) {
            y5.e(((MaterialsDescriptionProvider) initiateMultipartUploadRequest).b());
        }
        this.f10769f.put(s5.e(), y5);
        return s5;
    }

    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModule
    public PutObjectResult f(PutObjectRequest putObjectRequest) {
        h(putObjectRequest, AmazonS3EncryptionClient.f10603x);
        return this.f10768e.h() == CryptoStorageMode.InstructionFile ? A(putObjectRequest) : B(putObjectRequest);
    }

    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModule
    public UploadPartResult g(UploadPartRequest uploadPartRequest) {
        h(uploadPartRequest, AmazonS3EncryptionClient.f10603x);
        int f5 = this.f10767d.f();
        boolean I5 = uploadPartRequest.I();
        String H5 = uploadPartRequest.H();
        long F5 = uploadPartRequest.F();
        boolean z5 = 0 == F5 % ((long) f5);
        if (!I5 && !z5) {
            throw new AmazonClientException("Invalid part size: part sizes for encrypted multipart uploads must be multiples of the cipher block size (" + f5 + ") with the exception of the last part.");
        }
        MultipartUploadCryptoContext multipartUploadCryptoContext = (MultipartUploadCryptoContext) this.f10769f.get(H5);
        if (multipartUploadCryptoContext == null) {
            throw new AmazonClientException("No client-side information available on upload ID " + H5);
        }
        multipartUploadCryptoContext.f(uploadPartRequest.E());
        CipherLite j5 = j(multipartUploadCryptoContext);
        File w5 = uploadPartRequest.w();
        InputStream A5 = uploadPartRequest.A();
        CipherLiteInputStream cipherLiteInputStream = null;
        try {
            CipherLiteInputStream w6 = w(uploadPartRequest, j5);
            try {
                SdkFilterInputStream G5 = G(w6, F5);
                uploadPartRequest.f(G5);
                uploadPartRequest.c(null);
                uploadPartRequest.M(0L);
                if (I5) {
                    long l5 = l(uploadPartRequest);
                    if (l5 > -1) {
                        uploadPartRequest.R(l5);
                    }
                    if (multipartUploadCryptoContext.c()) {
                        throw new AmazonClientException("This part was specified as the last part in a multipart upload, but a previous part was already marked as the last part.  Only the last part of the upload should be marked as the last part.");
                    }
                }
                UploadPartResult a5 = this.f10770g.a(uploadPartRequest);
                S3DataSource.Utils.cleanupDataSource(uploadPartRequest, w5, A5, G5, this.f10765b);
                multipartUploadCryptoContext.g();
                if (I5) {
                    multipartUploadCryptoContext.d(true);
                }
                F(multipartUploadCryptoContext, G5);
                return a5;
            } catch (Throwable th) {
                th = th;
                cipherLiteInputStream = w6;
                S3DataSource.Utils.cleanupDataSource(uploadPartRequest, w5, A5, cipherLiteInputStream, this.f10765b);
                multipartUploadCryptoContext.g();
                throw th;
            }
        } catch (Throwable th2) {
            th = th2;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final AmazonWebServiceRequest h(AmazonWebServiceRequest amazonWebServiceRequest, String str) {
        amazonWebServiceRequest.l().a(str);
        return amazonWebServiceRequest;
    }

    abstract CipherLite j(MultipartUploadCryptoContext multipartUploadCryptoContext);

    protected abstract long k(long j5);

    abstract long l(UploadPartRequest uploadPartRequest);

    /* JADX WARN: Multi-variable type inference failed */
    protected final ContentCryptoMaterial m(AmazonWebServiceRequest amazonWebServiceRequest) {
        EncryptionMaterials a5;
        if ((amazonWebServiceRequest instanceof EncryptionMaterialsFactory) && (a5 = ((EncryptionMaterialsFactory) amazonWebServiceRequest).a()) != null) {
            return i(a5, this.f10768e.g(), amazonWebServiceRequest);
        }
        if (amazonWebServiceRequest instanceof MaterialsDescriptionProvider) {
            Map b5 = ((MaterialsDescriptionProvider) amazonWebServiceRequest).b();
            ContentCryptoMaterial v5 = v(this.f10764a, b5, this.f10768e.g(), amazonWebServiceRequest);
            if (v5 != null) {
                return v5;
            }
            if (b5 != null && !this.f10764a.a().i()) {
                throw new AmazonClientException("No material available from the encryption material provider for description " + b5);
            }
        }
        return u(this.f10764a, this.f10768e.g(), amazonWebServiceRequest);
    }

    final GetObjectRequest n(S3ObjectId s3ObjectId, String str) {
        return new GetObjectRequest(s3ObjectId.e(str));
    }

    protected final PutObjectRequest o(String str, String str2, ContentCryptoMaterial contentCryptoMaterial) {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(contentCryptoMaterial.t(this.f10768e.f()).getBytes(StringUtils.f11505a));
        ObjectMetadata objectMetadata = new ObjectMetadata();
        objectMetadata.M(r7.length);
        objectMetadata.q("x-amz-crypto-instr-file", "");
        InstructionFileId d5 = new S3ObjectId(str, str2).d();
        return new PutObjectRequest(d5.a(), d5.b(), byteArrayInputStream, objectMetadata);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final S3ObjectWrapper p(S3ObjectId s3ObjectId, String str) {
        try {
            S3Object o5 = this.f10770g.o(n(s3ObjectId, str));
            if (o5 == null) {
                return null;
            }
            return new S3ObjectWrapper(o5, s3ObjectId);
        } catch (AmazonServiceException e5) {
            if (this.f10765b.d()) {
                this.f10765b.a("Unable to retrieve instruction file : " + e5.getMessage());
            }
            return null;
        }
    }

    protected final SecretKey q(EncryptionMaterials encryptionMaterials, Provider provider) {
        boolean z5;
        String i5 = this.f10767d.i();
        try {
            KeyGenerator keyGenerator = provider == null ? KeyGenerator.getInstance(i5) : KeyGenerator.getInstance(i5, provider);
            keyGenerator.init(this.f10767d.j(), this.f10766c.c());
            KeyPair f5 = encryptionMaterials.f();
            if (f5 == null || this.f10766c.b().a(f5.getPublic()) != null) {
                z5 = false;
            } else {
                Provider provider2 = keyGenerator.getProvider();
                z5 = "BC".equals(provider2 == null ? null : provider2.getName());
            }
            SecretKey generateKey = keyGenerator.generateKey();
            if (z5 && generateKey.getEncoded()[0] == 0) {
                for (int i6 = 0; i6 < 9; i6++) {
                    SecretKey generateKey2 = keyGenerator.generateKey();
                    if (generateKey2.getEncoded()[0] != 0) {
                        return generateKey2;
                    }
                }
                throw new AmazonClientException("Failed to generate secret key");
            }
            return generateKey;
        } catch (NoSuchAlgorithmException e5) {
            throw new AmazonClientException("Unable to generate envelope symmetric key:" + e5.getMessage(), e5);
        }
    }

    protected final CipherLiteInputStream w(UploadPartRequest uploadPartRequest, CipherLite cipherLite) {
        InputStream resettableInputStream;
        File w5 = uploadPartRequest.w();
        InputStream A5 = uploadPartRequest.A();
        InputSubstream inputSubstream = null;
        try {
            if (w5 != null) {
                resettableInputStream = new ResettableInputStream(w5);
            } else {
                if (A5 == null) {
                    throw new IllegalArgumentException("A File or InputStream must be specified when uploading part");
                }
                resettableInputStream = A5;
            }
            InputSubstream inputSubstream2 = new InputSubstream(resettableInputStream, uploadPartRequest.x(), uploadPartRequest.F(), uploadPartRequest.I());
            try {
                return cipherLite.i() ? new CipherLiteInputStream(inputSubstream2, cipherLite, 2048, true, uploadPartRequest.I()) : new RenewableCipherLiteInputStream(inputSubstream2, cipherLite, 2048, true, uploadPartRequest.I());
            } catch (Exception e5) {
                e = e5;
                inputSubstream = inputSubstream2;
                S3DataSource.Utils.cleanupDataSource(uploadPartRequest, w5, A5, inputSubstream, this.f10765b);
                throw new AmazonClientException("Unable to create cipher input stream", e);
            }
        } catch (Exception e6) {
            e = e6;
        }
    }

    abstract MultipartUploadCryptoContext y(InitiateMultipartUploadRequest initiateMultipartUploadRequest, ContentCryptoMaterial contentCryptoMaterial);

    protected final long z(AbstractPutObjectRequest abstractPutObjectRequest, ObjectMetadata objectMetadata) {
        if (abstractPutObjectRequest.B() != null) {
            return abstractPutObjectRequest.B().length();
        }
        if (abstractPutObjectRequest.C() == null || objectMetadata.D("Content-Length") == null) {
            return -1L;
        }
        return objectMetadata.s();
    }
}
