package com.amazonaws.services.s3.internal.crypto;

import com.amazonaws.AmazonClientException;
import com.amazonaws.AmazonWebServiceRequest;
import com.amazonaws.services.s3.internal.RepeatableFileInputStream;
import com.amazonaws.services.s3.internal.S3Direct;
import com.amazonaws.services.s3.model.AbortMultipartUploadRequest;
import com.amazonaws.services.s3.model.CryptoConfiguration;
import com.amazonaws.services.s3.model.EncryptionMaterials;
import com.amazonaws.services.s3.model.EncryptionMaterialsProvider;
import com.amazonaws.services.s3.model.MaterialsDescriptionProvider;
import com.amazonaws.services.s3.model.ObjectMetadata;
import com.amazonaws.services.s3.model.PutObjectRequest;
import com.amazonaws.services.s3.util.Mimetypes;
import com.amazonaws.util.LengthCheckInputStream;
import com.amazonaws.util.StringUtils;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.InputStream;
import java.security.Key;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import org.apache.commons.logging.Log;

/* compiled from: ZeroCamera */
/* loaded from: classes.dex */
public abstract class S3CryptoModuleBase extends S3CryptoModule {

    /* renamed from: a, reason: collision with root package name */
    protected final EncryptionMaterialsProvider f314a;
    protected final CryptoConfiguration b;
    protected final Log c;
    protected final S3CryptoScheme d;
    protected final ContentCryptoScheme e;
    protected final Map f;
    protected final S3Direct g;

    /* JADX INFO: Access modifiers changed from: private */
    /* compiled from: ZeroCamera */
    /* loaded from: classes.dex */
    public static class SecuredCEK {

        /* renamed from: a, reason: collision with root package name */
        final byte[] f315a;
        final String b;

        SecuredCEK(byte[] bArr, String str) {
            this.f315a = bArr;
            this.b = str;
        }
    }

    private CipherLiteInputStream a(PutObjectRequest putObjectRequest, ContentCryptoMaterial contentCryptoMaterial, long j) {
        try {
            InputStream l = putObjectRequest.l();
            if (putObjectRequest.h() != null) {
                l = new RepeatableFileInputStream(putObjectRequest.h());
            }
            return new CipherLiteInputStream(j > -1 ? new LengthCheckInputStream(l, j, false) : l, contentCryptoMaterial.d(), 2048);
        } catch (Exception e) {
            throw new AmazonClientException("Unable to create cipher input stream: " + e.getMessage(), e);
        }
    }

    private ContentCryptoMaterial a(EncryptionMaterialsProvider encryptionMaterialsProvider, Provider provider) {
        return b(encryptionMaterialsProvider.a(), provider);
    }

    private ContentCryptoMaterial a(EncryptionMaterialsProvider encryptionMaterialsProvider, Map map, Provider provider) {
        return b(encryptionMaterialsProvider.a(map), provider);
    }

    private ContentCryptoMaterial b(EncryptionMaterials encryptionMaterials, Provider provider) {
        SecretKey a2 = a(encryptionMaterials, provider);
        byte[] bArr = new byte[this.e.e()];
        this.d.a().nextBytes(bArr);
        SecuredCEK a3 = a(a2, encryptionMaterials, provider);
        return new ContentCryptoMaterial(encryptionMaterials.c(), a3.f315a, a3.b, this.e.a(a2, bArr, 1, provider));
    }

    protected abstract long a(long j);

    protected final long a(PutObjectRequest putObjectRequest, ObjectMetadata objectMetadata) {
        if (putObjectRequest.h() != null) {
            return putObjectRequest.h().length();
        }
        if (putObjectRequest.l() == null || objectMetadata.f("Content-Length") == null) {
            return -1L;
        }
        return objectMetadata.g();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final AmazonWebServiceRequest a(AmazonWebServiceRequest amazonWebServiceRequest, String str) {
        amazonWebServiceRequest.b().a(str);
        return amazonWebServiceRequest;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Multi-variable type inference failed */
    public final ContentCryptoMaterial a(AmazonWebServiceRequest amazonWebServiceRequest) {
        return amazonWebServiceRequest instanceof MaterialsDescriptionProvider ? a(this.f314a, ((MaterialsDescriptionProvider) amazonWebServiceRequest).d(), this.b.b()) : a(this.f314a, this.b.b());
    }

    protected final SecuredCEK a(SecretKey secretKey, EncryptionMaterials encryptionMaterials, Provider provider) {
        Key key = encryptionMaterials.a() != null ? encryptionMaterials.a().getPublic() : encryptionMaterials.b();
        String a2 = this.d.b().a(key);
        try {
            if (a2 != null) {
                Cipher cipher = provider == null ? Cipher.getInstance(a2) : Cipher.getInstance(a2, provider);
                cipher.init(3, key, this.d.a());
                return new SecuredCEK(cipher.wrap(secretKey), a2);
            }
            byte[] encoded = secretKey.getEncoded();
            String algorithm = key.getAlgorithm();
            Cipher cipher2 = provider != null ? Cipher.getInstance(algorithm, provider) : Cipher.getInstance(algorithm);
            cipher2.init(1, key);
            return new SecuredCEK(cipher2.doFinal(encoded), null);
        } catch (Exception e) {
            throw new AmazonClientException("Unable to encrypt symmetric key: " + e.getMessage(), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final ObjectMetadata a(ObjectMetadata objectMetadata, File file, ContentCryptoMaterial contentCryptoMaterial) {
        if (objectMetadata == null) {
            objectMetadata = new ObjectMetadata();
        }
        if (file != null) {
            objectMetadata.g(Mimetypes.a().a(file));
        }
        return contentCryptoMaterial.a(objectMetadata);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final PutObjectRequest a(PutObjectRequest putObjectRequest, ContentCryptoMaterial contentCryptoMaterial) {
        ObjectMetadata i = putObjectRequest.i();
        if (i == null) {
            i = new ObjectMetadata();
        }
        if (i.l() != null) {
            i.a("x-amz-unencrypted-content-md5", i.l());
        }
        i.j(null);
        long a2 = a(putObjectRequest, i);
        if (a2 >= 0) {
            i.a("x-amz-unencrypted-content-length", Long.toString(a2));
            i.a(a(a2));
        }
        putObjectRequest.a(i);
        putObjectRequest.a(a(putObjectRequest, contentCryptoMaterial, a2));
        putObjectRequest.a((File) null);
        return putObjectRequest;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final PutObjectRequest a(String str, String str2, ContentCryptoMaterial contentCryptoMaterial) {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(contentCryptoMaterial.c().getBytes(StringUtils.f494a));
        ObjectMetadata objectMetadata = new ObjectMetadata();
        objectMetadata.a(r0.length);
        objectMetadata.a("x-amz-crypto-instr-file", "");
        return new PutObjectRequest(str, str2 + ".instruction", byteArrayInputStream, objectMetadata);
    }

    protected final SecretKey a(EncryptionMaterials encryptionMaterials, Provider provider) {
        boolean z;
        String a2 = this.e.a();
        try {
            KeyGenerator keyGenerator = provider == null ? KeyGenerator.getInstance(a2) : KeyGenerator.getInstance(a2, provider);
            keyGenerator.init(this.e.c(), this.d.a());
            KeyPair a3 = encryptionMaterials.a();
            if (a3 == null || this.d.b().a(a3.getPublic()) != null) {
                z = false;
            } else {
                Provider provider2 = keyGenerator.getProvider();
                z = "BC".equals(provider2 == null ? null : provider2.getName());
            }
            if (!z) {
                return keyGenerator.generateKey();
            }
            for (int i = 0; i < 10; i++) {
                SecretKey generateKey = keyGenerator.generateKey();
                if (generateKey.getEncoded()[0] != 0) {
                    return generateKey;
                }
            }
            throw new AmazonClientException("Failed to generate secret key");
        } catch (NoSuchAlgorithmException e) {
            throw new AmazonClientException("Unable to generate envelope symmetric key:" + e.getMessage(), e);
        }
    }

    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModule
    public final void a(AbortMultipartUploadRequest abortMultipartUploadRequest) {
        this.g.a(abortMultipartUploadRequest);
        this.f.remove(abortMultipartUploadRequest.f());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final PutObjectRequest b(PutObjectRequest putObjectRequest, ContentCryptoMaterial contentCryptoMaterial) {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(contentCryptoMaterial.c().getBytes(StringUtils.f494a));
        ObjectMetadata i = putObjectRequest.i();
        if (i == null) {
            i = new ObjectMetadata();
            putObjectRequest.a(i);
        }
        i.a(r1.length);
        i.a("x-amz-crypto-instr-file", "");
        putObjectRequest.a(putObjectRequest.f() + ".instruction");
        putObjectRequest.a(i);
        putObjectRequest.a(byteArrayInputStream);
        putObjectRequest.a((File) null);
        return putObjectRequest;
    }
}
