package com.amazonaws.services.s3.internal.crypto;

import com.amazonaws.AmazonClientException;
import com.amazonaws.AmazonWebServiceRequest;
import com.amazonaws.ClientConfiguration;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.services.s3.Headers;
import com.amazonaws.services.s3.internal.Mimetypes;
import com.amazonaws.services.s3.internal.RepeatableFileInputStream;
import com.amazonaws.services.s3.internal.S3Direct;
import com.amazonaws.services.s3.internal.crypto.MultipartUploadContext;
import com.amazonaws.services.s3.model.AbortMultipartUploadRequest;
import com.amazonaws.services.s3.model.CryptoConfiguration;
import com.amazonaws.services.s3.model.EncryptionMaterials;
import com.amazonaws.services.s3.model.EncryptionMaterialsProvider;
import com.amazonaws.services.s3.model.MaterialsDescriptionProvider;
import com.amazonaws.services.s3.model.ObjectMetadata;
import com.amazonaws.services.s3.model.PutObjectRequest;
import com.amazonaws.util.LengthCheckInputStream;
import com.amazonaws.util.StringUtils;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.InputStream;
import java.security.Key;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: classes.dex */
public abstract class S3CryptoModuleBase<T extends MultipartUploadContext> extends S3CryptoModule<T> {

    /* renamed from: a, reason: collision with root package name */
    protected static final int f2635a = 2048;

    /* renamed from: b, reason: collision with root package name */
    protected final EncryptionMaterialsProvider f2636b;

    /* renamed from: c, reason: collision with root package name */
    protected final CryptoConfiguration f2637c;
    protected final S3CryptoScheme e;
    protected final ContentCryptoScheme f;
    protected final S3Direct h;

    /* renamed from: d, reason: collision with root package name */
    protected final Log f2638d = LogFactory.getLog(getClass());
    protected final Map<String, T> g = Collections.synchronizedMap(new HashMap());

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public class SecuredCEK {

        /* renamed from: a, reason: collision with root package name */
        final byte[] f2639a;

        /* renamed from: b, reason: collision with root package name */
        final String f2640b;

        SecuredCEK(byte[] bArr, String str) {
            this.f2639a = bArr;
            this.f2640b = str;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public S3CryptoModuleBase(S3Direct s3Direct, AWSCredentialsProvider aWSCredentialsProvider, EncryptionMaterialsProvider encryptionMaterialsProvider, ClientConfiguration clientConfiguration, CryptoConfiguration cryptoConfiguration, S3CryptoScheme s3CryptoScheme) {
        this.f2636b = encryptionMaterialsProvider;
        this.f2637c = cryptoConfiguration;
        this.h = s3Direct;
        this.e = s3CryptoScheme;
        this.f = s3CryptoScheme.b();
    }

    private CipherLiteInputStream a(PutObjectRequest putObjectRequest, ContentCryptoMaterial contentCryptoMaterial, long j) {
        try {
            InputStream n = putObjectRequest.n();
            if (putObjectRequest.j() != null) {
                n = new RepeatableFileInputStream(putObjectRequest.j());
            }
            return new CipherLiteInputStream(j > -1 ? new LengthCheckInputStream(n, j, false) : n, contentCryptoMaterial.d(), 2048);
        } catch (Exception e) {
            throw new AmazonClientException("Unable to create cipher input stream: " + e.getMessage(), e);
        }
    }

    private ContentCryptoMaterial a(EncryptionMaterialsProvider encryptionMaterialsProvider, Provider provider) {
        return b(encryptionMaterialsProvider.a(), provider);
    }

    private ContentCryptoMaterial a(EncryptionMaterialsProvider encryptionMaterialsProvider, Map<String, String> map, Provider provider) {
        return b(encryptionMaterialsProvider.a(map), provider);
    }

    private ContentCryptoMaterial b(EncryptionMaterials encryptionMaterials, Provider provider) {
        SecretKey a2 = a(encryptionMaterials, provider);
        byte[] bArr = new byte[this.f.e()];
        this.e.a().nextBytes(bArr);
        SecuredCEK a3 = a(a2, encryptionMaterials, provider);
        return new ContentCryptoMaterial(encryptionMaterials.c(), a3.f2639a, a3.f2640b, this.f.a(a2, bArr, 1, provider));
    }

    protected abstract long a(long j);

    protected final long a(PutObjectRequest putObjectRequest, ObjectMetadata objectMetadata) {
        if (putObjectRequest.j() != null) {
            return putObjectRequest.j().length();
        }
        if (putObjectRequest.n() == null || objectMetadata.e("Content-Length") == null) {
            return -1L;
        }
        return objectMetadata.i();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final <X extends AmazonWebServiceRequest> X a(X x, String str) {
        x.d().b(str);
        return x;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Multi-variable type inference failed */
    public final ContentCryptoMaterial a(AmazonWebServiceRequest amazonWebServiceRequest) {
        return amazonWebServiceRequest instanceof MaterialsDescriptionProvider ? a(this.f2636b, ((MaterialsDescriptionProvider) amazonWebServiceRequest).f(), this.f2637c.b()) : a(this.f2636b, this.f2637c.b());
    }

    protected final SecuredCEK a(SecretKey secretKey, EncryptionMaterials encryptionMaterials, Provider provider) {
        Key key = encryptionMaterials.a() != null ? encryptionMaterials.a().getPublic() : encryptionMaterials.b();
        String a2 = this.e.c().a(key);
        try {
            if (a2 != null) {
                Cipher cipher = provider == null ? Cipher.getInstance(a2) : Cipher.getInstance(a2, provider);
                cipher.init(3, key, this.e.a());
                return new SecuredCEK(cipher.wrap(secretKey), a2);
            }
            byte[] encoded = secretKey.getEncoded();
            String algorithm = key.getAlgorithm();
            Cipher cipher2 = provider != null ? Cipher.getInstance(algorithm, provider) : Cipher.getInstance(algorithm);
            cipher2.init(1, key);
            return new SecuredCEK(cipher2.doFinal(encoded), null);
        } catch (Exception e) {
            throw new AmazonClientException("Unable to encrypt symmetric key: " + e.getMessage(), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final ObjectMetadata a(ObjectMetadata objectMetadata, File file, ContentCryptoMaterial contentCryptoMaterial) {
        if (objectMetadata == null) {
            objectMetadata = new ObjectMetadata();
        }
        if (file != null) {
            objectMetadata.f(Mimetypes.a().a(file));
        }
        return contentCryptoMaterial.a(objectMetadata);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final PutObjectRequest a(PutObjectRequest putObjectRequest, ContentCryptoMaterial contentCryptoMaterial) {
        ObjectMetadata k = putObjectRequest.k();
        if (k == null) {
            k = new ObjectMetadata();
        }
        if (k.n() != null) {
            k.a(Headers.V, k.n());
        }
        k.i(null);
        long a2 = a(putObjectRequest, k);
        if (a2 >= 0) {
            k.a(Headers.U, Long.toString(a2));
            k.a(a(a2));
        }
        putObjectRequest.a(k);
        putObjectRequest.a(a(putObjectRequest, contentCryptoMaterial, a2));
        putObjectRequest.a((File) null);
        return putObjectRequest;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final PutObjectRequest a(String str, String str2, ContentCryptoMaterial contentCryptoMaterial) {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(contentCryptoMaterial.c().getBytes(StringUtils.f3180a));
        ObjectMetadata objectMetadata = new ObjectMetadata();
        objectMetadata.a(r0.length);
        objectMetadata.a(Headers.T, "");
        return new PutObjectRequest(str, str2 + ".instruction", byteArrayInputStream, objectMetadata);
    }

    protected final SecretKey a(EncryptionMaterials encryptionMaterials, Provider provider) {
        boolean z;
        String a2 = this.f.a();
        try {
            KeyGenerator keyGenerator = provider == null ? KeyGenerator.getInstance(a2) : KeyGenerator.getInstance(a2, provider);
            keyGenerator.init(this.f.c(), this.e.a());
            KeyPair a3 = encryptionMaterials.a();
            if (a3 == null || this.e.c().a(a3.getPublic()) != null) {
                z = false;
            } else {
                Provider provider2 = keyGenerator.getProvider();
                z = "BC".equals(provider2 == null ? null : provider2.getName());
            }
            if (!z) {
                return keyGenerator.generateKey();
            }
            for (int i = 0; i < 10; i++) {
                SecretKey generateKey = keyGenerator.generateKey();
                if (generateKey.getEncoded()[0] != 0) {
                    return generateKey;
                }
            }
            throw new AmazonClientException("Failed to generate secret key");
        } catch (NoSuchAlgorithmException e) {
            throw new AmazonClientException("Unable to generate envelope symmetric key:" + e.getMessage(), e);
        }
    }

    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModule
    public final void a(AbortMultipartUploadRequest abortMultipartUploadRequest) {
        this.h.a(abortMultipartUploadRequest);
        this.g.remove(abortMultipartUploadRequest.h());
    }

    public final S3CryptoScheme b() {
        return this.e;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final PutObjectRequest b(PutObjectRequest putObjectRequest, ContentCryptoMaterial contentCryptoMaterial) {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(contentCryptoMaterial.c().getBytes(StringUtils.f3180a));
        ObjectMetadata k = putObjectRequest.k();
        if (k == null) {
            k = new ObjectMetadata();
            putObjectRequest.a(k);
        }
        k.a(r1.length);
        k.a(Headers.T, "");
        putObjectRequest.d(putObjectRequest.h() + ".instruction");
        putObjectRequest.a(k);
        putObjectRequest.a(byteArrayInputStream);
        putObjectRequest.a((File) null);
        return putObjectRequest;
    }
}
