package com.amazonaws.services.s3.internal.crypto;

import com.amazonaws.AmazonClientException;
import com.amazonaws.AmazonServiceException;
import com.amazonaws.AmazonWebServiceRequest;
import com.amazonaws.internal.ReleasableInputStream;
import com.amazonaws.internal.ResettableInputStream;
import com.amazonaws.internal.SdkFilterInputStream;
import com.amazonaws.logging.Log;
import com.amazonaws.services.kms.AWSKMSClient;
import com.amazonaws.services.kms.model.GenerateDataKeyRequest;
import com.amazonaws.services.kms.model.GenerateDataKeyResult;
import com.amazonaws.services.s3.AmazonS3EncryptionClient;
import com.amazonaws.services.s3.internal.InputSubstream;
import com.amazonaws.services.s3.internal.S3Direct;
import com.amazonaws.services.s3.internal.crypto.MultipartUploadCryptoContext;
import com.amazonaws.services.s3.model.AbortMultipartUploadRequest;
import com.amazonaws.services.s3.model.AbstractPutObjectRequest;
import com.amazonaws.services.s3.model.CompleteMultipartUploadRequest;
import com.amazonaws.services.s3.model.CompleteMultipartUploadResult;
import com.amazonaws.services.s3.model.CopyPartRequest;
import com.amazonaws.services.s3.model.CopyPartResult;
import com.amazonaws.services.s3.model.CryptoConfiguration;
import com.amazonaws.services.s3.model.CryptoStorageMode;
import com.amazonaws.services.s3.model.EncryptionMaterials;
import com.amazonaws.services.s3.model.EncryptionMaterialsFactory;
import com.amazonaws.services.s3.model.EncryptionMaterialsProvider;
import com.amazonaws.services.s3.model.GetObjectRequest;
import com.amazonaws.services.s3.model.InitiateMultipartUploadRequest;
import com.amazonaws.services.s3.model.InitiateMultipartUploadResult;
import com.amazonaws.services.s3.model.InstructionFileId;
import com.amazonaws.services.s3.model.MaterialsDescriptionProvider;
import com.amazonaws.services.s3.model.ObjectMetadata;
import com.amazonaws.services.s3.model.PutObjectRequest;
import com.amazonaws.services.s3.model.PutObjectResult;
import com.amazonaws.services.s3.model.S3DataSource;
import com.amazonaws.services.s3.model.S3Object;
import com.amazonaws.services.s3.model.S3ObjectId;
import com.amazonaws.services.s3.model.UploadPartRequest;
import com.amazonaws.services.s3.model.UploadPartResult;
import com.amazonaws.services.s3.util.Mimetypes;
import com.amazonaws.util.BinaryUtils;
import com.amazonaws.util.LengthCheckInputStream;
import com.amazonaws.util.StringUtils;
import com.facebook.common.time.Clock;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FilterInputStream;
import java.io.InputStream;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.util.Map;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

@Deprecated
/* loaded from: classes.dex */
public abstract class S3CryptoModuleBase<T extends MultipartUploadCryptoContext> extends S3CryptoModule<T> {

    /* renamed from: a, reason: collision with root package name */
    protected final EncryptionMaterialsProvider f12234a;

    /* renamed from: b, reason: collision with root package name */
    protected final Log f12235b;

    /* renamed from: c, reason: collision with root package name */
    protected final S3CryptoScheme f12236c;

    /* renamed from: d, reason: collision with root package name */
    protected final ContentCryptoScheme f12237d;

    /* renamed from: e, reason: collision with root package name */
    protected final CryptoConfiguration f12238e;

    /* renamed from: f, reason: collision with root package name */
    protected final Map<String, T> f12239f;

    /* renamed from: g, reason: collision with root package name */
    protected final S3Direct f12240g;

    /* renamed from: h, reason: collision with root package name */
    protected final AWSKMSClient f12241h;

    private PutObjectResult A(PutObjectRequest putObjectRequest) {
        File A = putObjectRequest.A();
        InputStream B = putObjectRequest.B();
        PutObjectRequest W = putObjectRequest.clone().i0(null).W(null);
        W.M(W.C() + ".instruction");
        ContentCryptoMaterial m2 = m(putObjectRequest);
        PutObjectRequest putObjectRequest2 = (PutObjectRequest) H(putObjectRequest, m2);
        try {
            PutObjectResult A2 = this.f12240g.A(putObjectRequest2);
            S3DataSource.Utils.a(putObjectRequest, A, B, putObjectRequest2.B(), this.f12235b);
            this.f12240g.A(D(W, m2));
            return A2;
        } catch (Throwable th) {
            S3DataSource.Utils.a(putObjectRequest, A, B, putObjectRequest2.B(), this.f12235b);
            throw th;
        }
    }

    private PutObjectResult B(PutObjectRequest putObjectRequest) {
        ContentCryptoMaterial m2 = m(putObjectRequest);
        File A = putObjectRequest.A();
        InputStream B = putObjectRequest.B();
        PutObjectRequest putObjectRequest2 = (PutObjectRequest) H(putObjectRequest, m2);
        putObjectRequest.N(E(putObjectRequest.D(), putObjectRequest.A(), m2));
        try {
            return this.f12240g.A(putObjectRequest2);
        } finally {
            S3DataSource.Utils.a(putObjectRequest, A, B, putObjectRequest2.B(), this.f12235b);
        }
    }

    private ContentCryptoMaterial i(EncryptionMaterials encryptionMaterials, Provider provider, AmazonWebServiceRequest amazonWebServiceRequest) {
        byte[] bArr = new byte[this.f12237d.h()];
        this.f12236c.c().nextBytes(bArr);
        if (!encryptionMaterials.i()) {
            return ContentCryptoMaterial.c(q(encryptionMaterials, provider), bArr, encryptionMaterials, this.f12236c, provider, this.f12241h, amazonWebServiceRequest);
        }
        Map<String, String> p2 = ContentCryptoMaterial.p(encryptionMaterials, amazonWebServiceRequest);
        GenerateDataKeyRequest C = new GenerateDataKeyRequest().A(p2).B(encryptionMaterials.d()).C(this.f12237d.k());
        C.n(amazonWebServiceRequest.g()).o(amazonWebServiceRequest.j());
        GenerateDataKeyResult r0 = this.f12241h.r0(C);
        return ContentCryptoMaterial.z(new SecretKeySpec(BinaryUtils.a(r0.c()), this.f12237d.i()), bArr, this.f12237d, provider, new KMSSecuredCEK(BinaryUtils.a(r0.a()), p2));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long[] r(long[] jArr) {
        if (jArr == null) {
            return null;
        }
        long j2 = jArr[0];
        if (j2 > jArr[1]) {
            return null;
        }
        return new long[]{s(j2), t(jArr[1])};
    }

    private static long s(long j2) {
        long j3 = (j2 - (j2 % 16)) - 16;
        if (j3 < 0) {
            return 0L;
        }
        return j3;
    }

    private static long t(long j2) {
        long j3 = j2 + (16 - (j2 % 16)) + 16;
        return j3 < 0 ? Clock.MAX_TIME : j3;
    }

    private ContentCryptoMaterial u(EncryptionMaterialsProvider encryptionMaterialsProvider, Provider provider, AmazonWebServiceRequest amazonWebServiceRequest) {
        EncryptionMaterials a2 = encryptionMaterialsProvider.a();
        if (a2 != null) {
            return i(a2, provider, amazonWebServiceRequest);
        }
        throw new AmazonClientException("No material available from the encryption material provider");
    }

    private ContentCryptoMaterial v(EncryptionMaterialsProvider encryptionMaterialsProvider, Map<String, String> map, Provider provider, AmazonWebServiceRequest amazonWebServiceRequest) {
        EncryptionMaterials b2 = encryptionMaterialsProvider.b(map);
        if (b2 == null) {
            return null;
        }
        return i(b2, provider, amazonWebServiceRequest);
    }

    private CipherLiteInputStream x(AbstractPutObjectRequest abstractPutObjectRequest, ContentCryptoMaterial contentCryptoMaterial, long j2) {
        File A = abstractPutObjectRequest.A();
        InputStream B = abstractPutObjectRequest.B();
        FilterInputStream filterInputStream = null;
        try {
            if (A != null) {
                filterInputStream = new ResettableInputStream(A);
            } else if (B != null) {
                filterInputStream = ReleasableInputStream.i(B);
            }
            if (j2 > -1) {
                filterInputStream = new LengthCheckInputStream(filterInputStream, j2, false);
            }
            CipherLite i2 = contentCryptoMaterial.i();
            return i2.i() ? new CipherLiteInputStream(filterInputStream, i2, 2048) : new RenewableCipherLiteInputStream(filterInputStream, i2, 2048);
        } catch (Exception e2) {
            S3DataSource.Utils.a(abstractPutObjectRequest, A, B, null, this.f12235b);
            throw new AmazonClientException("Unable to create cipher input stream", e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void C(ContentCryptoMaterial contentCryptoMaterial, S3ObjectWrapper s3ObjectWrapper) {
    }

    protected final PutObjectRequest D(PutObjectRequest putObjectRequest, ContentCryptoMaterial contentCryptoMaterial) {
        byte[] bytes = contentCryptoMaterial.t(this.f12238e.c()).getBytes(StringUtils.f13164a);
        ObjectMetadata D = putObjectRequest.D();
        if (D == null) {
            D = new ObjectMetadata();
            putObjectRequest.N(D);
        }
        D.P(bytes.length);
        D.l("x-amz-crypto-instr-file", "");
        putObjectRequest.N(D);
        putObjectRequest.c(new ByteArrayInputStream(bytes));
        return putObjectRequest;
    }

    protected final ObjectMetadata E(ObjectMetadata objectMetadata, File file, ContentCryptoMaterial contentCryptoMaterial) {
        if (objectMetadata == null) {
            objectMetadata = new ObjectMetadata();
        }
        if (file != null) {
            objectMetadata.R(Mimetypes.a().b(file));
        }
        return contentCryptoMaterial.w(objectMetadata, this.f12238e.c());
    }

    abstract void F(T t2, SdkFilterInputStream sdkFilterInputStream);

    abstract <I extends CipherLiteInputStream> SdkFilterInputStream G(I i2, long j2);

    protected final <R extends AbstractPutObjectRequest> R H(R r2, ContentCryptoMaterial contentCryptoMaterial) {
        ObjectMetadata D = r2.D();
        if (D == null) {
            D = new ObjectMetadata();
        }
        if (D.r() != null) {
            D.l("x-amz-unencrypted-content-md5", D.r());
        }
        D.Q(null);
        long z2 = z(r2, D);
        if (z2 >= 0) {
            D.l("x-amz-unencrypted-content-length", Long.toString(z2));
            D.P(k(z2));
        }
        r2.N(D);
        r2.c(x(r2, contentCryptoMaterial, z2));
        r2.b(null);
        return r2;
    }

    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModule
    public final void a(AbortMultipartUploadRequest abortMultipartUploadRequest) {
        this.f12240g.z(abortMultipartUploadRequest);
        this.f12239f.remove(abortMultipartUploadRequest.r());
    }

    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModule
    public CompleteMultipartUploadResult b(CompleteMultipartUploadRequest completeMultipartUploadRequest) {
        h(completeMultipartUploadRequest, AmazonS3EncryptionClient.f12070z);
        String t2 = completeMultipartUploadRequest.t();
        T t3 = this.f12239f.get(t2);
        if (t3 != null && !t3.c()) {
            throw new AmazonClientException("Unable to complete an encrypted multipart upload without being told which part was the last.  Without knowing which part was the last, the encrypted data in Amazon S3 is incomplete and corrupt.");
        }
        CompleteMultipartUploadResult h2 = this.f12240g.h(completeMultipartUploadRequest);
        if (t3 != null && this.f12238e.e() == CryptoStorageMode.InstructionFile) {
            this.f12240g.A(o(t3.a(), t3.b(), t3.i()));
        }
        this.f12239f.remove(t2);
        return h2;
    }

    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModule
    public final CopyPartResult c(CopyPartRequest copyPartRequest) {
        T t2 = this.f12239f.get(copyPartRequest.K());
        CopyPartResult d2 = this.f12240g.d(copyPartRequest);
        if (t2 != null && !t2.c()) {
            t2.d(true);
        }
        return d2;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModule
    public InitiateMultipartUploadResult e(InitiateMultipartUploadRequest initiateMultipartUploadRequest) {
        h(initiateMultipartUploadRequest, AmazonS3EncryptionClient.f12070z);
        ContentCryptoMaterial m2 = m(initiateMultipartUploadRequest);
        if (this.f12238e.e() == CryptoStorageMode.ObjectMetadata) {
            ObjectMetadata z2 = initiateMultipartUploadRequest.z();
            if (z2 == null) {
                z2 = new ObjectMetadata();
            }
            initiateMultipartUploadRequest.H(E(z2, null, m2));
        }
        InitiateMultipartUploadResult l2 = this.f12240g.l(initiateMultipartUploadRequest);
        T y2 = y(initiateMultipartUploadRequest, m2);
        if (initiateMultipartUploadRequest instanceof MaterialsDescriptionProvider) {
            y2.e(((MaterialsDescriptionProvider) initiateMultipartUploadRequest).d());
        }
        this.f12239f.put(l2.k(), y2);
        return l2;
    }

    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModule
    public PutObjectResult f(PutObjectRequest putObjectRequest) {
        h(putObjectRequest, AmazonS3EncryptionClient.f12070z);
        return this.f12238e.e() == CryptoStorageMode.InstructionFile ? A(putObjectRequest) : B(putObjectRequest);
    }

    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModule
    public UploadPartResult g(UploadPartRequest uploadPartRequest) {
        h(uploadPartRequest, AmazonS3EncryptionClient.f12070z);
        int f2 = this.f12237d.f();
        boolean I = uploadPartRequest.I();
        String H = uploadPartRequest.H();
        long E = uploadPartRequest.E();
        boolean z2 = 0 == E % ((long) f2);
        if (!I && !z2) {
            throw new AmazonClientException("Invalid part size: part sizes for encrypted multipart uploads must be multiples of the cipher block size (" + f2 + ") with the exception of the last part.");
        }
        T t2 = this.f12239f.get(H);
        if (t2 == null) {
            throw new AmazonClientException("No client-side information available on upload ID " + H);
        }
        t2.f(uploadPartRequest.D());
        CipherLite j2 = j(t2);
        File q2 = uploadPartRequest.q();
        InputStream z3 = uploadPartRequest.z();
        CipherLiteInputStream cipherLiteInputStream = null;
        try {
            CipherLiteInputStream w2 = w(uploadPartRequest, j2);
            try {
                SdkFilterInputStream G = G(w2, E);
                uploadPartRequest.c(G);
                uploadPartRequest.b(null);
                uploadPartRequest.K(0L);
                if (I) {
                    long l2 = l(uploadPartRequest);
                    if (l2 > -1) {
                        uploadPartRequest.N(l2);
                    }
                    if (t2.c()) {
                        throw new AmazonClientException("This part was specified as the last part in a multipart upload, but a previous part was already marked as the last part.  Only the last part of the upload should be marked as the last part.");
                    }
                }
                UploadPartResult b2 = this.f12240g.b(uploadPartRequest);
                S3DataSource.Utils.a(uploadPartRequest, q2, z3, G, this.f12235b);
                t2.g();
                if (I) {
                    t2.d(true);
                }
                F(t2, G);
                return b2;
            } catch (Throwable th) {
                th = th;
                cipherLiteInputStream = w2;
                S3DataSource.Utils.a(uploadPartRequest, q2, z3, cipherLiteInputStream, this.f12235b);
                t2.g();
                throw th;
            }
        } catch (Throwable th2) {
            th = th2;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final <X extends AmazonWebServiceRequest> X h(X x2, String str) {
        x2.h().a(str);
        return x2;
    }

    abstract CipherLite j(T t2);

    protected abstract long k(long j2);

    abstract long l(UploadPartRequest uploadPartRequest);

    /* JADX WARN: Multi-variable type inference failed */
    protected final ContentCryptoMaterial m(AmazonWebServiceRequest amazonWebServiceRequest) {
        EncryptionMaterials a2;
        if ((amazonWebServiceRequest instanceof EncryptionMaterialsFactory) && (a2 = ((EncryptionMaterialsFactory) amazonWebServiceRequest).a()) != null) {
            return i(a2, this.f12238e.d(), amazonWebServiceRequest);
        }
        if (amazonWebServiceRequest instanceof MaterialsDescriptionProvider) {
            Map<String, String> d2 = ((MaterialsDescriptionProvider) amazonWebServiceRequest).d();
            ContentCryptoMaterial v2 = v(this.f12234a, d2, this.f12238e.d(), amazonWebServiceRequest);
            if (v2 != null) {
                return v2;
            }
            if (d2 != null && !this.f12234a.a().i()) {
                throw new AmazonClientException("No material available from the encryption material provider for description " + d2);
            }
        }
        return u(this.f12234a, this.f12238e.d(), amazonWebServiceRequest);
    }

    final GetObjectRequest n(S3ObjectId s3ObjectId, String str) {
        return new GetObjectRequest(s3ObjectId.e(str));
    }

    protected final PutObjectRequest o(String str, String str2, ContentCryptoMaterial contentCryptoMaterial) {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(contentCryptoMaterial.t(this.f12238e.c()).getBytes(StringUtils.f13164a));
        ObjectMetadata objectMetadata = new ObjectMetadata();
        objectMetadata.P(r7.length);
        objectMetadata.l("x-amz-crypto-instr-file", "");
        InstructionFileId d2 = new S3ObjectId(str, str2).d();
        return new PutObjectRequest(d2.a(), d2.b(), byteArrayInputStream, objectMetadata);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final S3ObjectWrapper p(S3ObjectId s3ObjectId, String str) {
        try {
            S3Object w2 = this.f12240g.w(n(s3ObjectId, str));
            if (w2 == null) {
                return null;
            }
            return new S3ObjectWrapper(w2, s3ObjectId);
        } catch (AmazonServiceException e2) {
            if (this.f12235b.isDebugEnabled()) {
                this.f12235b.debug("Unable to retrieve instruction file : " + e2.getMessage());
            }
            return null;
        }
    }

    protected final SecretKey q(EncryptionMaterials encryptionMaterials, Provider provider) {
        boolean z2;
        String i2 = this.f12237d.i();
        try {
            KeyGenerator keyGenerator = provider == null ? KeyGenerator.getInstance(i2) : KeyGenerator.getInstance(i2, provider);
            keyGenerator.init(this.f12237d.j(), this.f12236c.c());
            KeyPair f2 = encryptionMaterials.f();
            if (f2 == null || this.f12236c.b().a(f2.getPublic(), provider) != null) {
                z2 = false;
            } else {
                Provider provider2 = keyGenerator.getProvider();
                z2 = "BC".equals(provider2 == null ? null : provider2.getName());
            }
            SecretKey generateKey = keyGenerator.generateKey();
            if (z2 && generateKey.getEncoded()[0] == 0) {
                for (int i3 = 0; i3 < 9; i3++) {
                    SecretKey generateKey2 = keyGenerator.generateKey();
                    if (generateKey2.getEncoded()[0] != 0) {
                        return generateKey2;
                    }
                }
                throw new AmazonClientException("Failed to generate secret key");
            }
            return generateKey;
        } catch (NoSuchAlgorithmException e2) {
            throw new AmazonClientException("Unable to generate envelope symmetric key:" + e2.getMessage(), e2);
        }
    }

    protected final CipherLiteInputStream w(UploadPartRequest uploadPartRequest, CipherLite cipherLite) {
        InputStream resettableInputStream;
        InputSubstream inputSubstream;
        File q2 = uploadPartRequest.q();
        InputStream z2 = uploadPartRequest.z();
        InputSubstream inputSubstream2 = null;
        try {
            if (q2 != null) {
                resettableInputStream = new ResettableInputStream(q2);
            } else {
                if (z2 == null) {
                    throw new IllegalArgumentException("A File or InputStream must be specified when uploading part");
                }
                resettableInputStream = z2;
            }
            inputSubstream = new InputSubstream(resettableInputStream, uploadPartRequest.r(), uploadPartRequest.E(), uploadPartRequest.I());
        } catch (Exception e2) {
            e = e2;
        }
        try {
            return cipherLite.i() ? new CipherLiteInputStream(inputSubstream, cipherLite, 2048, true, uploadPartRequest.I()) : new RenewableCipherLiteInputStream(inputSubstream, cipherLite, 2048, true, uploadPartRequest.I());
        } catch (Exception e3) {
            e = e3;
            inputSubstream2 = inputSubstream;
            S3DataSource.Utils.a(uploadPartRequest, q2, z2, inputSubstream2, this.f12235b);
            throw new AmazonClientException("Unable to create cipher input stream", e);
        }
    }

    abstract T y(InitiateMultipartUploadRequest initiateMultipartUploadRequest, ContentCryptoMaterial contentCryptoMaterial);

    protected final long z(AbstractPutObjectRequest abstractPutObjectRequest, ObjectMetadata objectMetadata) {
        if (abstractPutObjectRequest.A() != null) {
            return abstractPutObjectRequest.A().length();
        }
        if (abstractPutObjectRequest.B() == null || objectMetadata.G("Content-Length") == null) {
            return -1L;
        }
        return objectMetadata.q();
    }
}
