package com.amazonaws.services.s3.internal.crypto;

import com.amazonaws.AmazonClientException;
import com.amazonaws.AmazonServiceException;
import com.amazonaws.AmazonWebServiceRequest;
import com.amazonaws.internal.ReleasableInputStream;
import com.amazonaws.internal.ResettableInputStream;
import com.amazonaws.internal.SdkFilterInputStream;
import com.amazonaws.services.kms.AWSKMSClient;
import com.amazonaws.services.kms.model.GenerateDataKeyRequest;
import com.amazonaws.services.kms.model.GenerateDataKeyResult;
import com.amazonaws.services.s3.AmazonS3EncryptionClient;
import com.amazonaws.services.s3.internal.InputSubstream;
import com.amazonaws.services.s3.internal.S3Direct;
import com.amazonaws.services.s3.internal.crypto.MultipartUploadCryptoContext;
import com.amazonaws.services.s3.model.AbortMultipartUploadRequest;
import com.amazonaws.services.s3.model.AbstractPutObjectRequest;
import com.amazonaws.services.s3.model.CompleteMultipartUploadRequest;
import com.amazonaws.services.s3.model.CompleteMultipartUploadResult;
import com.amazonaws.services.s3.model.CopyPartRequest;
import com.amazonaws.services.s3.model.CopyPartResult;
import com.amazonaws.services.s3.model.CryptoConfiguration;
import com.amazonaws.services.s3.model.CryptoStorageMode;
import com.amazonaws.services.s3.model.EncryptionMaterials;
import com.amazonaws.services.s3.model.EncryptionMaterialsFactory;
import com.amazonaws.services.s3.model.EncryptionMaterialsProvider;
import com.amazonaws.services.s3.model.GetObjectRequest;
import com.amazonaws.services.s3.model.InitiateMultipartUploadRequest;
import com.amazonaws.services.s3.model.InitiateMultipartUploadResult;
import com.amazonaws.services.s3.model.InstructionFileId;
import com.amazonaws.services.s3.model.MaterialsDescriptionProvider;
import com.amazonaws.services.s3.model.ObjectMetadata;
import com.amazonaws.services.s3.model.PutObjectRequest;
import com.amazonaws.services.s3.model.PutObjectResult;
import com.amazonaws.services.s3.model.S3DataSource;
import com.amazonaws.services.s3.model.S3Object;
import com.amazonaws.services.s3.model.S3ObjectId;
import com.amazonaws.services.s3.model.UploadPartRequest;
import com.amazonaws.services.s3.model.UploadPartResult;
import com.amazonaws.services.s3.util.Mimetypes;
import com.amazonaws.util.BinaryUtils;
import com.amazonaws.util.LengthCheckInputStream;
import com.amazonaws.util.StringUtils;
import com.localytics.android.BuildConfig;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FilterInputStream;
import java.io.InputStream;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.util.Map;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.logging.Log;

/* loaded from: classes.dex */
public abstract class S3CryptoModuleBase<T extends MultipartUploadCryptoContext> extends S3CryptoModule<T> {

    /* renamed from: a, reason: collision with root package name */
    protected final EncryptionMaterialsProvider f6805a;

    /* renamed from: b, reason: collision with root package name */
    protected final Log f6806b;

    /* renamed from: c, reason: collision with root package name */
    protected final S3CryptoScheme f6807c;

    /* renamed from: d, reason: collision with root package name */
    protected final ContentCryptoScheme f6808d;

    /* renamed from: e, reason: collision with root package name */
    protected final CryptoConfiguration f6809e;

    /* renamed from: f, reason: collision with root package name */
    protected final Map<String, T> f6810f;

    /* renamed from: g, reason: collision with root package name */
    protected final S3Direct f6811g;

    /* renamed from: h, reason: collision with root package name */
    protected final AWSKMSClient f6812h;

    private PutObjectResult A(PutObjectRequest putObjectRequest) {
        File y4 = putObjectRequest.y();
        InputStream z4 = putObjectRequest.z();
        PutObjectRequest S = putObjectRequest.clone().d0(null).S(null);
        S.J(S.A() + ".instruction");
        ContentCryptoMaterial m4 = m(putObjectRequest);
        PutObjectRequest putObjectRequest2 = (PutObjectRequest) H(putObjectRequest, m4);
        try {
            PutObjectResult g5 = this.f6811g.g(putObjectRequest2);
            S3DataSource.Utils.b(putObjectRequest, y4, z4, putObjectRequest2.z(), this.f6806b);
            this.f6811g.g(D(S, m4));
            return g5;
        } catch (Throwable th) {
            S3DataSource.Utils.b(putObjectRequest, y4, z4, putObjectRequest2.z(), this.f6806b);
            throw th;
        }
    }

    private PutObjectResult B(PutObjectRequest putObjectRequest) {
        ContentCryptoMaterial m4 = m(putObjectRequest);
        File y4 = putObjectRequest.y();
        InputStream z4 = putObjectRequest.z();
        PutObjectRequest putObjectRequest2 = (PutObjectRequest) H(putObjectRequest, m4);
        putObjectRequest.K(E(putObjectRequest.B(), putObjectRequest.y(), m4));
        try {
            return this.f6811g.g(putObjectRequest2);
        } finally {
            S3DataSource.Utils.b(putObjectRequest, y4, z4, putObjectRequest2.z(), this.f6806b);
        }
    }

    private ContentCryptoMaterial i(EncryptionMaterials encryptionMaterials, Provider provider, AmazonWebServiceRequest amazonWebServiceRequest) {
        byte[] bArr = new byte[this.f6808d.h()];
        this.f6807c.c().nextBytes(bArr);
        if (!encryptionMaterials.i()) {
            return ContentCryptoMaterial.c(q(encryptionMaterials, provider), bArr, encryptionMaterials, this.f6807c, provider, this.f6812h, amazonWebServiceRequest);
        }
        Map<String, String> p4 = ContentCryptoMaterial.p(encryptionMaterials, amazonWebServiceRequest);
        GenerateDataKeyRequest A = new GenerateDataKeyRequest().y(p4).z(encryptionMaterials.d()).A(this.f6808d.k());
        A.r(amazonWebServiceRequest.i()).s(amazonWebServiceRequest.l());
        GenerateDataKeyResult r02 = this.f6812h.r0(A);
        return ContentCryptoMaterial.z(new SecretKeySpec(BinaryUtils.a(r02.c()), this.f6808d.i()), bArr, this.f6808d, provider, new KMSSecuredCEK(BinaryUtils.a(r02.a()), p4));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static long[] r(long[] jArr) {
        if (jArr == null) {
            return null;
        }
        long j4 = jArr[0];
        if (j4 > jArr[1]) {
            return null;
        }
        return new long[]{s(j4), t(jArr[1])};
    }

    private static long s(long j4) {
        long j5 = (j4 - (j4 % 16)) - 16;
        if (j5 < 0) {
            return 0L;
        }
        return j5;
    }

    private static long t(long j4) {
        long j5 = j4 + (16 - (j4 % 16)) + 16;
        if (j5 < 0) {
            return Long.MAX_VALUE;
        }
        return j5;
    }

    private ContentCryptoMaterial u(EncryptionMaterialsProvider encryptionMaterialsProvider, Provider provider, AmazonWebServiceRequest amazonWebServiceRequest) {
        EncryptionMaterials a5 = encryptionMaterialsProvider.a();
        if (a5 != null) {
            return i(a5, provider, amazonWebServiceRequest);
        }
        throw new AmazonClientException("No material available from the encryption material provider");
    }

    private ContentCryptoMaterial v(EncryptionMaterialsProvider encryptionMaterialsProvider, Map<String, String> map, Provider provider, AmazonWebServiceRequest amazonWebServiceRequest) {
        EncryptionMaterials b5 = encryptionMaterialsProvider.b(map);
        if (b5 == null) {
            return null;
        }
        return i(b5, provider, amazonWebServiceRequest);
    }

    private CipherLiteInputStream x(AbstractPutObjectRequest abstractPutObjectRequest, ContentCryptoMaterial contentCryptoMaterial, long j4) {
        File y4 = abstractPutObjectRequest.y();
        InputStream z4 = abstractPutObjectRequest.z();
        FilterInputStream filterInputStream = null;
        try {
            if (y4 != null) {
                filterInputStream = new ResettableInputStream(y4);
            } else if (z4 != null) {
                filterInputStream = ReleasableInputStream.h(z4);
            }
            if (j4 > -1) {
                filterInputStream = new LengthCheckInputStream(filterInputStream, j4, false);
            }
            CipherLite i5 = contentCryptoMaterial.i();
            return i5.i() ? new CipherLiteInputStream(filterInputStream, i5, 2048) : new RenewableCipherLiteInputStream(filterInputStream, i5, 2048);
        } catch (Exception e5) {
            S3DataSource.Utils.b(abstractPutObjectRequest, y4, z4, null, this.f6806b);
            throw new AmazonClientException("Unable to create cipher input stream", e5);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void C(ContentCryptoMaterial contentCryptoMaterial, S3ObjectWrapper s3ObjectWrapper) {
    }

    protected final PutObjectRequest D(PutObjectRequest putObjectRequest, ContentCryptoMaterial contentCryptoMaterial) {
        byte[] bytes = contentCryptoMaterial.t(this.f6809e.e()).getBytes(StringUtils.f7577a);
        ObjectMetadata B = putObjectRequest.B();
        if (B == null) {
            B = new ObjectMetadata();
            putObjectRequest.K(B);
        }
        B.M(bytes.length);
        B.o("x-amz-crypto-instr-file", BuildConfig.FLAVOR);
        putObjectRequest.K(B);
        putObjectRequest.e(new ByteArrayInputStream(bytes));
        return putObjectRequest;
    }

    protected final ObjectMetadata E(ObjectMetadata objectMetadata, File file, ContentCryptoMaterial contentCryptoMaterial) {
        if (objectMetadata == null) {
            objectMetadata = new ObjectMetadata();
        }
        if (file != null) {
            objectMetadata.P(Mimetypes.a().b(file));
        }
        return contentCryptoMaterial.w(objectMetadata, this.f6809e.e());
    }

    abstract void F(T t4, SdkFilterInputStream sdkFilterInputStream);

    abstract <I extends CipherLiteInputStream> SdkFilterInputStream G(I i5, long j4);

    protected final <R extends AbstractPutObjectRequest> R H(R r4, ContentCryptoMaterial contentCryptoMaterial) {
        ObjectMetadata B = r4.B();
        if (B == null) {
            B = new ObjectMetadata();
        }
        if (B.v() != null) {
            B.o("x-amz-unencrypted-content-md5", B.v());
        }
        B.N(null);
        long z4 = z(r4, B);
        if (z4 >= 0) {
            B.o("x-amz-unencrypted-content-length", Long.toString(z4));
            B.M(k(z4));
        }
        r4.K(B);
        r4.e(x(r4, contentCryptoMaterial, z4));
        r4.d(null);
        return r4;
    }

    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModule
    public final void a(AbortMultipartUploadRequest abortMultipartUploadRequest) {
        this.f6811g.d(abortMultipartUploadRequest);
        this.f6810f.remove(abortMultipartUploadRequest.v());
    }

    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModule
    public CompleteMultipartUploadResult b(CompleteMultipartUploadRequest completeMultipartUploadRequest) {
        h(completeMultipartUploadRequest, AmazonS3EncryptionClient.f6644w);
        String w4 = completeMultipartUploadRequest.w();
        T t4 = this.f6810f.get(w4);
        if (t4 != null && !t4.c()) {
            throw new AmazonClientException("Unable to complete an encrypted multipart upload without being told which part was the last.  Without knowing which part was the last, the encrypted data in Amazon S3 is incomplete and corrupt.");
        }
        CompleteMultipartUploadResult p4 = this.f6811g.p(completeMultipartUploadRequest);
        if (t4 != null && this.f6809e.g() == CryptoStorageMode.InstructionFile) {
            this.f6811g.g(o(t4.a(), t4.b(), t4.i()));
        }
        this.f6810f.remove(w4);
        return p4;
    }

    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModule
    public final CopyPartResult c(CopyPartRequest copyPartRequest) {
        T t4 = this.f6810f.get(copyPartRequest.I());
        CopyPartResult j4 = this.f6811g.j(copyPartRequest);
        if (t4 != null && !t4.c()) {
            t4.d(true);
        }
        return j4;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModule
    public InitiateMultipartUploadResult e(InitiateMultipartUploadRequest initiateMultipartUploadRequest) {
        h(initiateMultipartUploadRequest, AmazonS3EncryptionClient.f6644w);
        ContentCryptoMaterial m4 = m(initiateMultipartUploadRequest);
        if (this.f6809e.g() == CryptoStorageMode.ObjectMetadata) {
            ObjectMetadata x4 = initiateMultipartUploadRequest.x();
            if (x4 == null) {
                x4 = new ObjectMetadata();
            }
            initiateMultipartUploadRequest.F(E(x4, null, m4));
        }
        InitiateMultipartUploadResult y4 = this.f6811g.y(initiateMultipartUploadRequest);
        T y5 = y(initiateMultipartUploadRequest, m4);
        if (initiateMultipartUploadRequest instanceof MaterialsDescriptionProvider) {
            y5.e(((MaterialsDescriptionProvider) initiateMultipartUploadRequest).c());
        }
        this.f6810f.put(y4.b(), y5);
        return y4;
    }

    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModule
    public PutObjectResult f(PutObjectRequest putObjectRequest) {
        h(putObjectRequest, AmazonS3EncryptionClient.f6644w);
        return this.f6809e.g() == CryptoStorageMode.InstructionFile ? A(putObjectRequest) : B(putObjectRequest);
    }

    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModule
    public UploadPartResult g(UploadPartRequest uploadPartRequest) {
        h(uploadPartRequest, AmazonS3EncryptionClient.f6644w);
        int f5 = this.f6808d.f();
        boolean G = uploadPartRequest.G();
        String F = uploadPartRequest.F();
        long D = uploadPartRequest.D();
        boolean z4 = 0 == D % ((long) f5);
        if (!G && !z4) {
            throw new AmazonClientException("Invalid part size: part sizes for encrypted multipart uploads must be multiples of the cipher block size (" + f5 + ") with the exception of the last part.");
        }
        T t4 = this.f6810f.get(F);
        if (t4 == null) {
            throw new AmazonClientException("No client-side information available on upload ID " + F);
        }
        t4.f(uploadPartRequest.B());
        CipherLite j4 = j(t4);
        File u4 = uploadPartRequest.u();
        InputStream x4 = uploadPartRequest.x();
        CipherLiteInputStream cipherLiteInputStream = null;
        try {
            CipherLiteInputStream w4 = w(uploadPartRequest, j4);
            try {
                SdkFilterInputStream G2 = G(w4, D);
                uploadPartRequest.e(G2);
                uploadPartRequest.d(null);
                uploadPartRequest.I(0L);
                if (G) {
                    long l4 = l(uploadPartRequest);
                    if (l4 > -1) {
                        uploadPartRequest.L(l4);
                    }
                    if (t4.c()) {
                        throw new AmazonClientException("This part was specified as the last part in a multipart upload, but a previous part was already marked as the last part.  Only the last part of the upload should be marked as the last part.");
                    }
                }
                UploadPartResult b5 = this.f6811g.b(uploadPartRequest);
                S3DataSource.Utils.b(uploadPartRequest, u4, x4, G2, this.f6806b);
                t4.g();
                if (G) {
                    t4.d(true);
                }
                F(t4, G2);
                return b5;
            } catch (Throwable th) {
                th = th;
                cipherLiteInputStream = w4;
                S3DataSource.Utils.b(uploadPartRequest, u4, x4, cipherLiteInputStream, this.f6806b);
                t4.g();
                throw th;
            }
        } catch (Throwable th2) {
            th = th2;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final <X extends AmazonWebServiceRequest> X h(X x4, String str) {
        x4.j().a(str);
        return x4;
    }

    abstract CipherLite j(T t4);

    protected abstract long k(long j4);

    abstract long l(UploadPartRequest uploadPartRequest);

    /* JADX WARN: Multi-variable type inference failed */
    protected final ContentCryptoMaterial m(AmazonWebServiceRequest amazonWebServiceRequest) {
        EncryptionMaterials a5;
        if ((amazonWebServiceRequest instanceof EncryptionMaterialsFactory) && (a5 = ((EncryptionMaterialsFactory) amazonWebServiceRequest).a()) != null) {
            return i(a5, this.f6809e.f(), amazonWebServiceRequest);
        }
        if (amazonWebServiceRequest instanceof MaterialsDescriptionProvider) {
            Map<String, String> c5 = ((MaterialsDescriptionProvider) amazonWebServiceRequest).c();
            ContentCryptoMaterial v4 = v(this.f6805a, c5, this.f6809e.f(), amazonWebServiceRequest);
            if (v4 != null) {
                return v4;
            }
            if (c5 != null && !this.f6805a.a().i()) {
                throw new AmazonClientException("No material available from the encryption material provider for description " + c5);
            }
        }
        return u(this.f6805a, this.f6809e.f(), amazonWebServiceRequest);
    }

    final GetObjectRequest n(S3ObjectId s3ObjectId, String str) {
        return new GetObjectRequest(s3ObjectId.e(str));
    }

    protected final PutObjectRequest o(String str, String str2, ContentCryptoMaterial contentCryptoMaterial) {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(contentCryptoMaterial.t(this.f6809e.e()).getBytes(StringUtils.f7577a));
        ObjectMetadata objectMetadata = new ObjectMetadata();
        objectMetadata.M(r3.length);
        objectMetadata.o("x-amz-crypto-instr-file", BuildConfig.FLAVOR);
        InstructionFileId d5 = new S3ObjectId(str, str2).d();
        return new PutObjectRequest(d5.a(), d5.b(), byteArrayInputStream, objectMetadata);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final S3ObjectWrapper p(S3ObjectId s3ObjectId, String str) {
        try {
            S3Object Q = this.f6811g.Q(n(s3ObjectId, str));
            if (Q == null) {
                return null;
            }
            return new S3ObjectWrapper(Q, s3ObjectId);
        } catch (AmazonServiceException e5) {
            if (this.f6806b.isDebugEnabled()) {
                this.f6806b.debug("Unable to retrieve instruction file : " + e5.getMessage());
            }
            return null;
        }
    }

    protected final SecretKey q(EncryptionMaterials encryptionMaterials, Provider provider) {
        boolean z4;
        String i5 = this.f6808d.i();
        try {
            KeyGenerator keyGenerator = provider == null ? KeyGenerator.getInstance(i5) : KeyGenerator.getInstance(i5, provider);
            keyGenerator.init(this.f6808d.j(), this.f6807c.c());
            KeyPair f5 = encryptionMaterials.f();
            if (f5 == null || this.f6807c.b().a(f5.getPublic()) != null) {
                z4 = false;
            } else {
                Provider provider2 = keyGenerator.getProvider();
                z4 = "BC".equals(provider2 == null ? null : provider2.getName());
            }
            SecretKey generateKey = keyGenerator.generateKey();
            if (z4 && generateKey.getEncoded()[0] == 0) {
                for (int i6 = 0; i6 < 9; i6++) {
                    SecretKey generateKey2 = keyGenerator.generateKey();
                    if (generateKey2.getEncoded()[0] != 0) {
                        return generateKey2;
                    }
                }
                throw new AmazonClientException("Failed to generate secret key");
            }
            return generateKey;
        } catch (NoSuchAlgorithmException e5) {
            throw new AmazonClientException("Unable to generate envelope symmetric key:" + e5.getMessage(), e5);
        }
    }

    protected final CipherLiteInputStream w(UploadPartRequest uploadPartRequest, CipherLite cipherLite) {
        InputStream resettableInputStream;
        InputSubstream inputSubstream;
        File u4 = uploadPartRequest.u();
        InputStream x4 = uploadPartRequest.x();
        InputSubstream inputSubstream2 = null;
        try {
            if (u4 != null) {
                resettableInputStream = new ResettableInputStream(u4);
            } else {
                if (x4 == null) {
                    throw new IllegalArgumentException("A File or InputStream must be specified when uploading part");
                }
                resettableInputStream = x4;
            }
            inputSubstream = new InputSubstream(resettableInputStream, uploadPartRequest.v(), uploadPartRequest.D(), uploadPartRequest.G());
        } catch (Exception e5) {
            e = e5;
        }
        try {
            return cipherLite.i() ? new CipherLiteInputStream(inputSubstream, cipherLite, 2048, true, uploadPartRequest.G()) : new RenewableCipherLiteInputStream(inputSubstream, cipherLite, 2048, true, uploadPartRequest.G());
        } catch (Exception e6) {
            e = e6;
            inputSubstream2 = inputSubstream;
            S3DataSource.Utils.b(uploadPartRequest, u4, x4, inputSubstream2, this.f6806b);
            throw new AmazonClientException("Unable to create cipher input stream", e);
        }
    }

    abstract T y(InitiateMultipartUploadRequest initiateMultipartUploadRequest, ContentCryptoMaterial contentCryptoMaterial);

    protected final long z(AbstractPutObjectRequest abstractPutObjectRequest, ObjectMetadata objectMetadata) {
        if (abstractPutObjectRequest.y() != null) {
            return abstractPutObjectRequest.y().length();
        }
        if (abstractPutObjectRequest.z() == null || objectMetadata.E("Content-Length") == null) {
            return -1L;
        }
        return objectMetadata.u();
    }
}
