package com.amazonaws.services.s3.internal.crypto;

import com.amazonaws.AmazonClientException;
import com.amazonaws.AmazonWebServiceRequest;
import com.amazonaws.ClientConfiguration;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.services.s3.Headers;
import com.amazonaws.services.s3.internal.RepeatableFileInputStream;
import com.amazonaws.services.s3.internal.S3Direct;
import com.amazonaws.services.s3.internal.crypto.MultipartUploadContext;
import com.amazonaws.services.s3.model.AbortMultipartUploadRequest;
import com.amazonaws.services.s3.model.CryptoConfiguration;
import com.amazonaws.services.s3.model.EncryptionMaterials;
import com.amazonaws.services.s3.model.EncryptionMaterialsProvider;
import com.amazonaws.services.s3.model.MaterialsDescriptionProvider;
import com.amazonaws.services.s3.model.ObjectMetadata;
import com.amazonaws.services.s3.model.PutObjectRequest;
import com.amazonaws.services.s3.util.Mimetypes;
import com.amazonaws.util.LengthCheckInputStream;
import com.amazonaws.util.StringUtils;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.InputStream;
import java.security.Key;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: classes2.dex */
public abstract class S3CryptoModuleBase<T extends MultipartUploadContext> extends S3CryptoModule<T> {

    /* renamed from: h, reason: collision with root package name */
    protected static final int f31411h = 2048;

    /* renamed from: a, reason: collision with root package name */
    protected final EncryptionMaterialsProvider f31412a;

    /* renamed from: b, reason: collision with root package name */
    protected final CryptoConfiguration f31413b;

    /* renamed from: d, reason: collision with root package name */
    protected final S3CryptoScheme f31415d;

    /* renamed from: e, reason: collision with root package name */
    protected final ContentCryptoScheme f31416e;

    /* renamed from: g, reason: collision with root package name */
    protected final S3Direct f31418g;

    /* renamed from: c, reason: collision with root package name */
    protected final Log f31414c = LogFactory.getLog(getClass());

    /* renamed from: f, reason: collision with root package name */
    protected final Map<String, T> f31417f = Collections.synchronizedMap(new HashMap());

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static class SecuredCEK {

        /* renamed from: a, reason: collision with root package name */
        final byte[] f31419a;

        /* renamed from: b, reason: collision with root package name */
        final String f31420b;

        SecuredCEK(byte[] bArr, String str) {
            this.f31419a = bArr;
            this.f31420b = str;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public S3CryptoModuleBase(S3Direct s3Direct, AWSCredentialsProvider aWSCredentialsProvider, EncryptionMaterialsProvider encryptionMaterialsProvider, ClientConfiguration clientConfiguration, CryptoConfiguration cryptoConfiguration, S3CryptoScheme s3CryptoScheme) {
        this.f31412a = encryptionMaterialsProvider;
        this.f31413b = cryptoConfiguration;
        this.f31418g = s3Direct;
        this.f31415d = s3CryptoScheme;
        this.f31416e = s3CryptoScheme.b();
    }

    private ContentCryptoMaterial j(EncryptionMaterials encryptionMaterials, Provider provider) {
        SecretKey n10 = n(encryptionMaterials, provider);
        byte[] bArr = new byte[this.f31416e.i()];
        this.f31415d.d().nextBytes(bArr);
        SecuredCEK t10 = t(n10, encryptionMaterials, provider);
        return new ContentCryptoMaterial(encryptionMaterials.c(), t10.f31419a, t10.f31420b, this.f31416e.d(n10, bArr, 1, provider));
    }

    private ContentCryptoMaterial p(EncryptionMaterialsProvider encryptionMaterialsProvider, Provider provider) {
        return j(encryptionMaterialsProvider.c(), provider);
    }

    private ContentCryptoMaterial q(EncryptionMaterialsProvider encryptionMaterialsProvider, Map<String, String> map, Provider provider) {
        return j(encryptionMaterialsProvider.b(map), provider);
    }

    private CipherLiteInputStream r(PutObjectRequest putObjectRequest, ContentCryptoMaterial contentCryptoMaterial, long j10) {
        try {
            InputStream o10 = putObjectRequest.o();
            if (putObjectRequest.m() != null) {
                o10 = new RepeatableFileInputStream(putObjectRequest.m());
            }
            if (j10 > -1) {
                o10 = new LengthCheckInputStream(o10, j10, false);
            }
            return new CipherLiteInputStream(o10, contentCryptoMaterial.f(), 2048);
        } catch (Exception e10) {
            throw new AmazonClientException("Unable to create cipher input stream: " + e10.getMessage(), e10);
        }
    }

    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModule
    public final void a(AbortMultipartUploadRequest abortMultipartUploadRequest) {
        this.f31418g.a(abortMultipartUploadRequest);
        this.f31417f.remove(abortMultipartUploadRequest.k());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final <X extends AmazonWebServiceRequest> X i(X x10, String str) {
        x10.b().b(str);
        return x10;
    }

    protected abstract long k(long j10);

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Multi-variable type inference failed */
    public final ContentCryptoMaterial l(AmazonWebServiceRequest amazonWebServiceRequest) {
        return amazonWebServiceRequest instanceof MaterialsDescriptionProvider ? q(this.f31412a, ((MaterialsDescriptionProvider) amazonWebServiceRequest).a(), this.f31413b.c()) : p(this.f31412a, this.f31413b.c());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final PutObjectRequest m(String str, String str2, ContentCryptoMaterial contentCryptoMaterial) {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(contentCryptoMaterial.n().getBytes(StringUtils.f32063b));
        ObjectMetadata objectMetadata = new ObjectMetadata();
        objectMetadata.M(r7.length);
        objectMetadata.r(Headers.V, "");
        return new PutObjectRequest(str, str2 + ".instruction", byteArrayInputStream, objectMetadata);
    }

    protected final SecretKey n(EncryptionMaterials encryptionMaterials, Provider provider) {
        boolean z10;
        String j10 = this.f31416e.j();
        try {
            KeyGenerator keyGenerator = provider == null ? KeyGenerator.getInstance(j10) : KeyGenerator.getInstance(j10, provider);
            keyGenerator.init(this.f31416e.k(), this.f31415d.d());
            KeyPair b10 = encryptionMaterials.b();
            if (b10 == null || this.f31415d.c().a(b10.getPublic()) != null) {
                z10 = false;
            } else {
                Provider provider2 = keyGenerator.getProvider();
                z10 = "BC".equals(provider2 == null ? null : provider2.getName());
            }
            if (!z10) {
                return keyGenerator.generateKey();
            }
            for (int i10 = 0; i10 < 10; i10++) {
                SecretKey generateKey = keyGenerator.generateKey();
                if (generateKey.getEncoded()[0] != 0) {
                    return generateKey;
                }
            }
            throw new AmazonClientException("Failed to generate secret key");
        } catch (NoSuchAlgorithmException e10) {
            throw new AmazonClientException("Unable to generate envelope symmetric key:" + e10.getMessage(), e10);
        }
    }

    public final S3CryptoScheme o() {
        return this.f31415d;
    }

    protected final long s(PutObjectRequest putObjectRequest, ObjectMetadata objectMetadata) {
        if (putObjectRequest.m() != null) {
            return putObjectRequest.m().length();
        }
        if (putObjectRequest.o() == null || objectMetadata.E("Content-Length") == null) {
            return -1L;
        }
        return objectMetadata.w();
    }

    protected final SecuredCEK t(SecretKey secretKey, EncryptionMaterials encryptionMaterials, Provider provider) {
        Key key = encryptionMaterials.b() != null ? encryptionMaterials.b().getPublic() : encryptionMaterials.d();
        String a10 = this.f31415d.c().a(key);
        try {
            if (a10 != null) {
                Cipher cipher = provider == null ? Cipher.getInstance(a10) : Cipher.getInstance(a10, provider);
                cipher.init(3, key, this.f31415d.d());
                return new SecuredCEK(cipher.wrap(secretKey), a10);
            }
            byte[] encoded = secretKey.getEncoded();
            String algorithm = key.getAlgorithm();
            Cipher cipher2 = provider != null ? Cipher.getInstance(algorithm, provider) : Cipher.getInstance(algorithm);
            cipher2.init(1, key);
            return new SecuredCEK(cipher2.doFinal(encoded), null);
        } catch (Exception e10) {
            throw new AmazonClientException("Unable to encrypt symmetric key: " + e10.getMessage(), e10);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final PutObjectRequest u(PutObjectRequest putObjectRequest, ContentCryptoMaterial contentCryptoMaterial) {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(contentCryptoMaterial.n().getBytes(StringUtils.f32063b));
        ObjectMetadata q10 = putObjectRequest.q();
        if (q10 == null) {
            q10 = new ObjectMetadata();
            putObjectRequest.C(q10);
        }
        q10.M(r6.length);
        q10.r(Headers.V, "");
        putObjectRequest.B(putObjectRequest.p() + ".instruction");
        putObjectRequest.C(q10);
        putObjectRequest.A(byteArrayInputStream);
        putObjectRequest.y(null);
        return putObjectRequest;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final ObjectMetadata v(ObjectMetadata objectMetadata, File file, ContentCryptoMaterial contentCryptoMaterial) {
        if (objectMetadata == null) {
            objectMetadata = new ObjectMetadata();
        }
        if (file != null) {
            objectMetadata.O(Mimetypes.a().b(file));
        }
        return contentCryptoMaterial.o(objectMetadata);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final PutObjectRequest w(PutObjectRequest putObjectRequest, ContentCryptoMaterial contentCryptoMaterial) {
        ObjectMetadata q10 = putObjectRequest.q();
        if (q10 == null) {
            q10 = new ObjectMetadata();
        }
        if (q10.x() != null) {
            q10.r(Headers.X, q10.x());
        }
        q10.N(null);
        long s10 = s(putObjectRequest, q10);
        if (s10 >= 0) {
            q10.r(Headers.W, Long.toString(s10));
            q10.M(k(s10));
        }
        putObjectRequest.C(q10);
        putObjectRequest.A(r(putObjectRequest, contentCryptoMaterial, s10));
        putObjectRequest.y(null);
        return putObjectRequest;
    }
}
