package com.amazonaws.services.s3.internal.t0;

import com.amazonaws.AmazonClientException;
import com.amazonaws.services.kms.model.DecryptRequest;
import com.amazonaws.services.kms.model.EncryptRequest;
import com.amazonaws.services.s3.KeyWrapException;
import com.amazonaws.services.s3.model.CryptoMode;
import com.amazonaws.services.s3.model.EncryptionMaterials;
import com.amazonaws.services.s3.model.ExtraMaterialsDescription;
import com.amazonaws.services.s3.model.KMSEncryptionMaterials;
import com.amazonaws.services.s3.model.ObjectMetadata;
import com.amazonaws.services.s3.model.S3Object;
import com.amazonaws.util.Base64;
import com.amazonaws.util.json.JsonUtils;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.nio.ByteBuffer;
import java.security.Key;
import java.security.Provider;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.TreeMap;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

/* compiled from: ContentCryptoMaterial.java */
@Deprecated
/* loaded from: classes.dex */
final class i {

    /* renamed from: a, reason: collision with root package name */
    private final String f5700a;

    /* renamed from: b, reason: collision with root package name */
    private final g f5701b;

    /* renamed from: c, reason: collision with root package name */
    private final Map<String, String> f5702c;

    /* renamed from: d, reason: collision with root package name */
    private final byte[] f5703d;

    i(Map<String, String> map, byte[] bArr, String str, g gVar) {
        this.f5701b = gVar;
        this.f5700a = str;
        this.f5703d = (byte[]) bArr.clone();
        this.f5702c = map;
    }

    private String B() {
        HashMap hashMap = new HashMap();
        hashMap.put(com.amazonaws.services.s3.e.T, Base64.encodeAsString(o()));
        hashMap.put(com.amazonaws.services.s3.e.V, Base64.encodeAsString(this.f5701b.m()));
        hashMap.put(com.amazonaws.services.s3.e.W, r());
        return JsonUtils.f(hashMap);
    }

    private ObjectMetadata C(ObjectMetadata objectMetadata) {
        objectMetadata.addUserMetadata(com.amazonaws.services.s3.e.U, Base64.encodeAsString(o()));
        objectMetadata.addUserMetadata(com.amazonaws.services.s3.e.V, Base64.encodeAsString(this.f5701b.m()));
        objectMetadata.addUserMetadata(com.amazonaws.services.s3.e.W, r());
        j n = n();
        objectMetadata.addUserMetadata(com.amazonaws.services.s3.e.d0, n.h());
        int o = n.o();
        if (o > 0) {
            objectMetadata.addUserMetadata(com.amazonaws.services.s3.e.e0, String.valueOf(o));
        }
        String q = q();
        if (q != null) {
            objectMetadata.addUserMetadata(com.amazonaws.services.s3.e.c0, q);
        }
        return objectMetadata;
    }

    private ObjectMetadata E(ObjectMetadata objectMetadata) {
        objectMetadata.addUserMetadata(com.amazonaws.services.s3.e.T, Base64.encodeAsString(o()));
        objectMetadata.addUserMetadata(com.amazonaws.services.s3.e.V, Base64.encodeAsString(this.f5701b.m()));
        objectMetadata.addUserMetadata(com.amazonaws.services.s3.e.W, r());
        return objectMetadata;
    }

    private boolean F() {
        return r.d(this.f5700a);
    }

    public static i G(SecretKey secretKey, byte[] bArr, j jVar, Provider provider, e0 e0Var) {
        return new i(e0Var.c(), e0Var.a(), e0Var.b(), jVar.d(secretKey, bArr, 1, provider));
    }

    private static SecretKey a(byte[] bArr, String str, EncryptionMaterials encryptionMaterials, Provider provider, j jVar, com.amazonaws.q.c.b bVar) {
        Key symmetricKey;
        if (r.d(str)) {
            return b(bArr, str, encryptionMaterials, jVar, bVar);
        }
        if (encryptionMaterials.getKeyPair() != null) {
            symmetricKey = encryptionMaterials.getKeyPair().getPrivate();
            if (symmetricKey == null) {
                throw new AmazonClientException("Key encrypting key not available");
            }
        } else {
            symmetricKey = encryptionMaterials.getSymmetricKey();
            if (symmetricKey == null) {
                throw new AmazonClientException("Key encrypting key not available");
            }
        }
        try {
            if (str != null) {
                Cipher cipher = provider == null ? Cipher.getInstance(str) : Cipher.getInstance(str, provider);
                cipher.init(4, symmetricKey);
                return (SecretKey) cipher.unwrap(bArr, str, 3);
            }
            Cipher cipher2 = provider != null ? Cipher.getInstance(symmetricKey.getAlgorithm(), provider) : Cipher.getInstance(symmetricKey.getAlgorithm());
            cipher2.init(2, symmetricKey);
            return new SecretKeySpec(cipher2.doFinal(bArr), q.f5732a);
        } catch (Exception e2) {
            throw new AmazonClientException("Unable to decrypt symmetric key from object metadata", e2);
        }
    }

    private static SecretKey b(byte[] bArr, String str, EncryptionMaterials encryptionMaterials, j jVar, com.amazonaws.q.c.b bVar) {
        return new SecretKeySpec(com.amazonaws.util.g.a(bVar.J3(new DecryptRequest().withEncryptionContext(encryptionMaterials.getMaterialsDescription()).withCiphertextBlob(ByteBuffer.wrap(bArr))).getPlaintext()), jVar.j());
    }

    private static String c(InputStream inputStream) throws IOException {
        if (inputStream == null) {
            return "";
        }
        StringBuilder sb = new StringBuilder();
        try {
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream, com.amazonaws.util.v.f6276b));
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    inputStream.close();
                    return sb.toString();
                }
                sb.append(readLine);
            }
        } catch (Throwable th) {
            inputStream.close();
            throw th;
        }
    }

    static i d(SecretKey secretKey, byte[] bArr, EncryptionMaterials encryptionMaterials, j jVar, b0 b0Var, Provider provider, com.amazonaws.q.c.b bVar, com.amazonaws.b bVar2) {
        return f(secretKey, bArr, encryptionMaterials, jVar, b0Var, provider, bVar, bVar2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static i e(SecretKey secretKey, byte[] bArr, EncryptionMaterials encryptionMaterials, b0 b0Var, Provider provider, com.amazonaws.q.c.b bVar, com.amazonaws.b bVar2) {
        return f(secretKey, bArr, encryptionMaterials, b0Var.b(), b0Var, provider, bVar, bVar2);
    }

    private static i f(SecretKey secretKey, byte[] bArr, EncryptionMaterials encryptionMaterials, j jVar, b0 b0Var, Provider provider, com.amazonaws.q.c.b bVar, com.amazonaws.b bVar2) {
        return G(secretKey, bArr, jVar, provider, y(secretKey, encryptionMaterials, b0Var.c(), b0Var.d(), provider, bVar, bVar2));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static i g(Map<String, String> map, com.amazonaws.services.s3.model.e eVar, Provider provider, boolean z, com.amazonaws.q.c.b bVar) {
        return i(map, eVar, provider, null, ExtraMaterialsDescription.NONE, z, bVar);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static i h(Map<String, String> map, com.amazonaws.services.s3.model.e eVar, Provider provider, long[] jArr, ExtraMaterialsDescription extraMaterialsDescription, boolean z, com.amazonaws.q.c.b bVar) {
        return i(map, eVar, provider, jArr, extraMaterialsDescription, z, bVar);
    }

    private static i i(Map<String, String> map, com.amazonaws.services.s3.model.e eVar, Provider provider, long[] jArr, ExtraMaterialsDescription extraMaterialsDescription, boolean z, com.amazonaws.q.c.b bVar) {
        EncryptionMaterials encryptionMaterials;
        byte[] bArr;
        byte[] bArr2;
        String str = map.get(com.amazonaws.services.s3.e.U);
        if (str == null && (str = map.get(com.amazonaws.services.s3.e.T)) == null) {
            throw new AmazonClientException("Content encrypting key not found.");
        }
        byte[] decode = Base64.decode(str);
        byte[] decode2 = Base64.decode(map.get(com.amazonaws.services.s3.e.V));
        if (decode == null || decode2 == null) {
            throw new AmazonClientException("Necessary encryption info not found in the instruction file " + map);
        }
        String str2 = map.get(com.amazonaws.services.s3.e.c0);
        boolean d2 = r.d(str2);
        Map<String, String> s = s(map.get(com.amazonaws.services.s3.e.W));
        Map<String, String> mergeInto = (extraMaterialsDescription == null || d2) ? s : extraMaterialsDescription.mergeInto(s);
        if (d2) {
            KMSEncryptionMaterials kMSEncryptionMaterials = new KMSEncryptionMaterials(s.get(KMSEncryptionMaterials.CUSTOMER_MASTER_KEY_ID));
            kMSEncryptionMaterials.addDescriptions(s);
            encryptionMaterials = kMSEncryptionMaterials;
        } else {
            EncryptionMaterials encryptionMaterials2 = eVar == null ? null : eVar.getEncryptionMaterials(mergeInto);
            if (encryptionMaterials2 == null) {
                throw new AmazonClientException("Unable to retrieve the encryption materials that originally encrypted object corresponding to instruction file " + map);
            }
            encryptionMaterials = encryptionMaterials2;
        }
        String str3 = map.get(com.amazonaws.services.s3.e.d0);
        boolean z2 = jArr != null;
        j f2 = j.f(str3, z2);
        if (z2) {
            bArr2 = f2.a(decode2, jArr[0]);
        } else {
            int o = f2.o();
            if (o > 0) {
                int parseInt = Integer.parseInt(map.get(com.amazonaws.services.s3.e.e0));
                if (o != parseInt) {
                    throw new AmazonClientException("Unsupported tag length: " + parseInt + ", expected: " + o);
                }
                bArr = decode2;
            } else {
                bArr = decode2;
            }
            bArr2 = bArr;
        }
        if (z && str2 == null) {
            throw u();
        }
        return new i(mergeInto, decode, str2, f2.d(a(decode, str2, encryptionMaterials, provider, f2, bVar), bArr2, 2, provider));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static i j(ObjectMetadata objectMetadata, com.amazonaws.services.s3.model.e eVar, Provider provider, boolean z, com.amazonaws.q.c.b bVar) {
        return l(objectMetadata, eVar, provider, null, ExtraMaterialsDescription.NONE, z, bVar);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static i k(ObjectMetadata objectMetadata, com.amazonaws.services.s3.model.e eVar, Provider provider, long[] jArr, ExtraMaterialsDescription extraMaterialsDescription, boolean z, com.amazonaws.q.c.b bVar) {
        return l(objectMetadata, eVar, provider, jArr, extraMaterialsDescription, z, bVar);
    }

    private static i l(ObjectMetadata objectMetadata, com.amazonaws.services.s3.model.e eVar, Provider provider, long[] jArr, ExtraMaterialsDescription extraMaterialsDescription, boolean z, com.amazonaws.q.c.b bVar) {
        EncryptionMaterials encryptionMaterials;
        byte[] bArr;
        int parseInt;
        Map<String, String> userMetadata = objectMetadata.getUserMetadata();
        String str = userMetadata.get(com.amazonaws.services.s3.e.U);
        if (str == null && (str = userMetadata.get(com.amazonaws.services.s3.e.T)) == null) {
            throw new AmazonClientException("Content encrypting key not found.");
        }
        byte[] decode = Base64.decode(str);
        byte[] decode2 = Base64.decode(userMetadata.get(com.amazonaws.services.s3.e.V));
        if (decode == null || decode2 == null) {
            throw new AmazonClientException("Content encrypting key or IV not found.");
        }
        String str2 = userMetadata.get(com.amazonaws.services.s3.e.W);
        String str3 = userMetadata.get(com.amazonaws.services.s3.e.c0);
        boolean d2 = r.d(str3);
        Map<String, String> s = s(str2);
        Map<String, String> mergeInto = (d2 || extraMaterialsDescription == null) ? s : extraMaterialsDescription.mergeInto(s);
        if (d2) {
            KMSEncryptionMaterials kMSEncryptionMaterials = new KMSEncryptionMaterials(s.get(KMSEncryptionMaterials.CUSTOMER_MASTER_KEY_ID));
            kMSEncryptionMaterials.addDescriptions(s);
            encryptionMaterials = kMSEncryptionMaterials;
        } else {
            EncryptionMaterials encryptionMaterials2 = eVar == null ? null : eVar.getEncryptionMaterials(mergeInto);
            if (encryptionMaterials2 == null) {
                throw new AmazonClientException("Unable to retrieve the client encryption materials");
            }
            encryptionMaterials = encryptionMaterials2;
        }
        String str4 = userMetadata.get(com.amazonaws.services.s3.e.d0);
        boolean z2 = jArr != null;
        j f2 = j.f(str4, z2);
        if (z2) {
            bArr = f2.a(decode2, jArr[0]);
        } else {
            int o = f2.o();
            if (o > 0 && o != (parseInt = Integer.parseInt(userMetadata.get(com.amazonaws.services.s3.e.e0)))) {
                throw new AmazonClientException("Unsupported tag length: " + parseInt + ", expected: " + o);
            }
            bArr = decode2;
        }
        if (z && str3 == null) {
            throw u();
        }
        return new i(mergeInto, decode, str3, f2.d(a(decode, str3, encryptionMaterials, provider, f2, bVar), bArr, 2, provider));
    }

    private String r() {
        Map<String, String> p = p();
        if (p == null) {
            p = Collections.emptyMap();
        }
        return JsonUtils.f(p);
    }

    private static Map<String, String> s(String str) {
        Map<String, String> e2 = JsonUtils.e(str);
        if (e2 == null) {
            return null;
        }
        return Collections.unmodifiableMap(e2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    public static Map<String, String> t(EncryptionMaterials encryptionMaterials, com.amazonaws.b bVar) {
        Map<String, String> materialsDescription;
        Map<String, String> materialsDescription2 = encryptionMaterials.getMaterialsDescription();
        if (!(bVar instanceof com.amazonaws.services.s3.model.y) || (materialsDescription = ((com.amazonaws.services.s3.model.y) bVar).getMaterialsDescription()) == null) {
            return materialsDescription2;
        }
        TreeMap treeMap = new TreeMap(materialsDescription2);
        treeMap.putAll(materialsDescription);
        return treeMap;
    }

    private static KeyWrapException u() {
        return new KeyWrapException("Missing key-wrap for the content-encrypting-key");
    }

    static String v(S3Object s3Object) {
        try {
            return c(s3Object.getObjectContent());
        } catch (Exception e2) {
            throw new AmazonClientException("Error parsing JSON instruction file", e2);
        }
    }

    private static e0 y(SecretKey secretKey, EncryptionMaterials encryptionMaterials, c0 c0Var, SecureRandom secureRandom, Provider provider, com.amazonaws.q.c.b bVar, com.amazonaws.b bVar2) {
        if (encryptionMaterials.isKMSEnabled()) {
            Map<String, String> t = t(encryptionMaterials, bVar2);
            EncryptRequest withPlaintext = new EncryptRequest().withEncryptionContext(t).withKeyId(encryptionMaterials.getCustomerMasterKeyId()).withPlaintext(ByteBuffer.wrap(secretKey.getEncoded()));
            withPlaintext.withGeneralProgressListener(bVar2.getGeneralProgressListener()).withRequestMetricCollector(bVar2.getRequestMetricCollector());
            return new r(com.amazonaws.util.g.a(bVar.Y0(withPlaintext).getCiphertextBlob()), t);
        }
        Map<String, String> materialsDescription = encryptionMaterials.getMaterialsDescription();
        Key key = encryptionMaterials.getKeyPair() != null ? encryptionMaterials.getKeyPair().getPublic() : encryptionMaterials.getSymmetricKey();
        String a2 = c0Var.a(key, provider);
        try {
            if (a2 != null) {
                Cipher cipher = provider == null ? Cipher.getInstance(a2) : Cipher.getInstance(a2, provider);
                cipher.init(3, key, secureRandom);
                return new e0(cipher.wrap(secretKey), a2, materialsDescription);
            }
            byte[] encoded = secretKey.getEncoded();
            String algorithm = key.getAlgorithm();
            Cipher cipher2 = provider != null ? Cipher.getInstance(algorithm, provider) : Cipher.getInstance(algorithm);
            cipher2.init(1, key);
            return new e0(cipher2.doFinal(encoded), null, materialsDescription);
        } catch (Exception e2) {
            throw new AmazonClientException("Unable to encrypt symmetric key", e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String A(CryptoMode cryptoMode) {
        return (cryptoMode != CryptoMode.EncryptionOnly || F()) ? z() : B();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ObjectMetadata D(ObjectMetadata objectMetadata, CryptoMode cryptoMode) {
        return (cryptoMode != CryptoMode.EncryptionOnly || F()) ? C(objectMetadata) : E(objectMetadata);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public g m() {
        return this.f5701b;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public j n() {
        return this.f5701b.l();
    }

    byte[] o() {
        return (byte[]) this.f5703d.clone();
    }

    Map<String, String> p() {
        return this.f5702c;
    }

    String q() {
        return this.f5700a;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public i w(EncryptionMaterials encryptionMaterials, com.amazonaws.services.s3.model.e eVar, b0 b0Var, Provider provider, com.amazonaws.q.c.b bVar, com.amazonaws.b bVar2) {
        if (!F() && encryptionMaterials.getMaterialsDescription().equals(this.f5702c)) {
            throw new SecurityException("Material description of the new KEK must differ from the current one");
        }
        i d2 = d(a(this.f5703d, this.f5700a, F() ? new KMSEncryptionMaterials(this.f5702c.get(KMSEncryptionMaterials.CUSTOMER_MASTER_KEY_ID)) : eVar.getEncryptionMaterials(this.f5702c), provider, n(), bVar), this.f5701b.m(), encryptionMaterials, n(), b0Var, provider, bVar, bVar2);
        if (Arrays.equals(d2.f5703d, this.f5703d)) {
            throw new SecurityException("The new KEK must differ from the original");
        }
        return d2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public i x(Map<String, String> map, com.amazonaws.services.s3.model.e eVar, b0 b0Var, Provider provider, com.amazonaws.q.c.b bVar, com.amazonaws.b bVar2) {
        if (!F() && map.equals(this.f5702c)) {
            throw new SecurityException("Material description of the new KEK must differ from the current one");
        }
        EncryptionMaterials kMSEncryptionMaterials = F() ? new KMSEncryptionMaterials(this.f5702c.get(KMSEncryptionMaterials.CUSTOMER_MASTER_KEY_ID)) : eVar.getEncryptionMaterials(this.f5702c);
        EncryptionMaterials encryptionMaterials = eVar.getEncryptionMaterials(map);
        if (encryptionMaterials != null) {
            i d2 = d(a(this.f5703d, this.f5700a, kMSEncryptionMaterials, provider, n(), bVar), this.f5701b.m(), encryptionMaterials, n(), b0Var, provider, bVar, bVar2);
            if (Arrays.equals(d2.f5703d, this.f5703d)) {
                throw new SecurityException("The new KEK must differ from the original");
            }
            return d2;
        }
        throw new AmazonClientException("No material available with the description " + map + " from the encryption material provider");
    }

    String z() {
        HashMap hashMap = new HashMap();
        hashMap.put(com.amazonaws.services.s3.e.U, Base64.encodeAsString(o()));
        hashMap.put(com.amazonaws.services.s3.e.V, Base64.encodeAsString(this.f5701b.m()));
        hashMap.put(com.amazonaws.services.s3.e.W, r());
        j n = n();
        hashMap.put(com.amazonaws.services.s3.e.d0, n.h());
        int o = n.o();
        if (o > 0) {
            hashMap.put(com.amazonaws.services.s3.e.e0, String.valueOf(o));
        }
        String q = q();
        if (q != null) {
            hashMap.put(com.amazonaws.services.s3.e.c0, q);
        }
        return JsonUtils.f(hashMap);
    }
}
