package com.amazonaws.services.s3.internal.crypto;

import A0.AbstractC0024d;
import com.amazonaws.AmazonClientException;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.internal.SdkFilterInputStream;
import com.amazonaws.services.kms.AWSKMSClient;
import com.amazonaws.services.s3.AmazonS3EncryptionClient;
import com.amazonaws.services.s3.Headers;
import com.amazonaws.services.s3.internal.S3Direct;
import com.amazonaws.services.s3.model.CryptoConfiguration;
import com.amazonaws.services.s3.model.CryptoMode;
import com.amazonaws.services.s3.model.EncryptedGetObjectRequest;
import com.amazonaws.services.s3.model.EncryptionMaterialsProvider;
import com.amazonaws.services.s3.model.ExtraMaterialsDescription;
import com.amazonaws.services.s3.model.GetObjectRequest;
import com.amazonaws.services.s3.model.InitiateMultipartUploadRequest;
import com.amazonaws.services.s3.model.ObjectMetadata;
import com.amazonaws.services.s3.model.S3Object;
import com.amazonaws.services.s3.model.S3ObjectId;
import com.amazonaws.services.s3.model.S3ObjectInputStream;
import com.amazonaws.services.s3.model.UploadPartRequest;
import com.amazonaws.util.IOUtils;
import com.amazonaws.util.json.JsonUtils;
import java.io.BufferedOutputStream;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.util.Collections;
import java.util.Map;

/* JADX INFO: Access modifiers changed from: package-private */
@Deprecated
/* loaded from: classes.dex */
public class S3CryptoModuleAE extends S3CryptoModuleBase<MultipartUploadCryptoContext> {
    static {
        CryptoRuntime.enableBouncyCastle();
    }

    public S3CryptoModuleAE(AWSKMSClient aWSKMSClient, S3Direct s3Direct, AWSCredentialsProvider aWSCredentialsProvider, EncryptionMaterialsProvider encryptionMaterialsProvider, CryptoConfiguration cryptoConfiguration) {
        super(aWSKMSClient, s3Direct, aWSCredentialsProvider, encryptionMaterialsProvider, cryptoConfiguration);
        CryptoMode cryptoMode = cryptoConfiguration.getCryptoMode();
        if (cryptoMode != CryptoMode.StrictAuthenticatedEncryption && cryptoMode != CryptoMode.AuthenticatedEncryption) {
            throw new IllegalArgumentException();
        }
    }

    public final S3ObjectWrapper a(S3ObjectWrapper s3ObjectWrapper, long[] jArr, Map map) {
        if (jArr == null) {
            return s3ObjectWrapper;
        }
        S3Object s3Object = s3ObjectWrapper.f23067a;
        long instanceLength = (s3Object.getObjectMetadata().getInstanceLength() - ((map != null ? ContentCryptoScheme.d((String) map.get(Headers.CRYPTO_CEK_ALGORITHM), false) : ContentCryptoScheme.d(s3Object.getObjectMetadata().getUserMetadata().get(Headers.CRYPTO_CEK_ALGORITHM), false)).k() / 8)) - 1;
        if (jArr[1] > instanceLength) {
            jArr[1] = instanceLength;
            if (jArr[0] > instanceLength) {
                IOUtils.closeQuietly(s3Object.getObjectContent(), this.log);
                s3Object.setObjectContent(new ByteArrayInputStream(new byte[0]));
                return s3ObjectWrapper;
            }
        }
        if (jArr[0] > jArr[1]) {
            return s3ObjectWrapper;
        }
        try {
            s3Object.setObjectContent(new S3ObjectInputStream(new AdjustedRangeInputStream(s3Object.getObjectContent(), jArr[0], jArr[1])));
            return s3ObjectWrapper;
        } catch (IOException e10) {
            throw new AmazonClientException("Error adjusting output to desired byte range: " + e10.getMessage());
        }
    }

    public final S3Object b(GetObjectRequest getObjectRequest, long[] jArr, long[] jArr2, S3Object s3Object) {
        S3ObjectWrapper s3ObjectWrapper = new S3ObjectWrapper(s3Object, getObjectRequest.getS3ObjectId());
        if (s3ObjectWrapper.a()) {
            ExtraMaterialsDescription extraMaterialsDescription = ExtraMaterialsDescription.NONE;
            boolean z10 = this instanceof S3CryptoModuleAEStrict;
            if (getObjectRequest instanceof EncryptedGetObjectRequest) {
                EncryptedGetObjectRequest encryptedGetObjectRequest = (EncryptedGetObjectRequest) getObjectRequest;
                extraMaterialsDescription = encryptedGetObjectRequest.getExtraMaterialDescription();
                if (!z10) {
                    z10 = encryptedGetObjectRequest.isKeyWrapExpected();
                }
            }
            ContentCryptoMaterial d10 = ContentCryptoMaterial.d(s3Object.getObjectMetadata(), this.kekMaterialsProvider, this.cryptoConfig.getCryptoProvider(), jArr2, extraMaterialsDescription, z10, this.kms);
            securityCheck(d10, s3ObjectWrapper);
            s3Object.setObjectContent(new S3ObjectInputStream(new CipherLiteInputStream(s3Object.getObjectContent(), d10.f23039b, 2048)));
            a(s3ObjectWrapper, jArr, null);
            return s3Object;
        }
        S3ObjectWrapper fetchInstructionFile = fetchInstructionFile(getObjectRequest.getS3ObjectId(), null);
        if (fetchInstructionFile != null) {
            try {
                if (fetchInstructionFile.b()) {
                    return d(getObjectRequest, jArr, jArr2, s3ObjectWrapper, fetchInstructionFile);
                }
            } finally {
                IOUtils.closeQuietly(fetchInstructionFile, this.log);
            }
        }
        if (!(this instanceof S3CryptoModuleAEStrict) && this.cryptoConfig.isIgnoreMissingInstructionFile()) {
            this.log.warn(AbstractC0024d.n("Unable to detect encryption information for object '", s3Object.getKey(), "' in bucket '", s3Object.getBucketName(), "'. Returning object without decryption."));
            a(s3ObjectWrapper, jArr, null);
            return s3Object;
        }
        IOUtils.closeQuietly(s3ObjectWrapper, this.log);
        throw new SecurityException("Instruction file not found for S3 object with bucket name: " + s3Object.getBucketName() + ", key: " + s3Object.getKey());
    }

    public final S3Object c(GetObjectRequest getObjectRequest, long[] jArr, long[] jArr2, S3Object s3Object, String str) {
        S3ObjectId s3ObjectId = getObjectRequest.getS3ObjectId();
        S3ObjectWrapper fetchInstructionFile = fetchInstructionFile(s3ObjectId, str);
        if (fetchInstructionFile == null) {
            throw new AmazonClientException("Instruction file with suffix " + str + " is not found for " + s3Object);
        }
        try {
            if (fetchInstructionFile.b()) {
                return d(getObjectRequest, jArr, jArr2, new S3ObjectWrapper(s3Object, s3ObjectId), fetchInstructionFile);
            }
            throw new AmazonClientException("Invalid Instruction file with suffix " + str + " detected for " + s3Object);
        } finally {
            IOUtils.closeQuietly(fetchInstructionFile, this.log);
        }
    }

    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModuleBase
    public final CipherLite cipherLiteForNextPart(MultipartUploadCryptoContext multipartUploadCryptoContext) {
        return multipartUploadCryptoContext.f23058a.f23039b;
    }

    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModuleBase
    public final long ciphertextLength(long j10) {
        return j10 + (this.contentCryptoScheme.k() / 8);
    }

    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModuleBase
    public final long computeLastPartSize(UploadPartRequest uploadPartRequest) {
        return uploadPartRequest.getPartSize() + (this.contentCryptoScheme.k() / 8);
    }

    public final S3Object d(GetObjectRequest getObjectRequest, long[] jArr, long[] jArr2, S3ObjectWrapper s3ObjectWrapper, S3ObjectWrapper s3ObjectWrapper2) {
        ExtraMaterialsDescription extraMaterialsDescription = ExtraMaterialsDescription.NONE;
        boolean z10 = this instanceof S3CryptoModuleAEStrict;
        if (getObjectRequest instanceof EncryptedGetObjectRequest) {
            EncryptedGetObjectRequest encryptedGetObjectRequest = (EncryptedGetObjectRequest) getObjectRequest;
            extraMaterialsDescription = encryptedGetObjectRequest.getExtraMaterialDescription();
            if (!z10) {
                z10 = encryptedGetObjectRequest.isKeyWrapExpected();
            }
        }
        Map unmodifiableMap = Collections.unmodifiableMap(JsonUtils.jsonToMap(s3ObjectWrapper2.c()));
        ContentCryptoMaterial c10 = ContentCryptoMaterial.c(unmodifiableMap, this.kekMaterialsProvider, this.cryptoConfig.getCryptoProvider(), jArr2, extraMaterialsDescription, z10, this.kms);
        securityCheck(c10, s3ObjectWrapper);
        S3Object s3Object = s3ObjectWrapper.f23067a;
        s3Object.setObjectContent(new S3ObjectInputStream(new CipherLiteInputStream(s3Object.getObjectContent(), c10.f23039b, 2048)));
        a(s3ObjectWrapper, jArr, unmodifiableMap);
        return s3Object;
    }

    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModule
    public final ObjectMetadata getObjectSecurely(GetObjectRequest getObjectRequest, File file) {
        BufferedOutputStream bufferedOutputStream;
        if (file == null) {
            throw new IllegalArgumentException("The destination file parameter must be specified when downloading an object directly to a file");
        }
        S3Object objectSecurely = getObjectSecurely(getObjectRequest);
        BufferedOutputStream bufferedOutputStream2 = null;
        try {
            if (objectSecurely == null) {
                return null;
            }
            try {
                bufferedOutputStream = new BufferedOutputStream(new FileOutputStream(file));
            } catch (IOException e10) {
                e = e10;
            }
            try {
                byte[] bArr = new byte[10240];
                while (true) {
                    int read = objectSecurely.getObjectContent().read(bArr);
                    if (read <= -1) {
                        IOUtils.closeQuietly(bufferedOutputStream, this.log);
                        IOUtils.closeQuietly(objectSecurely.getObjectContent(), this.log);
                        return objectSecurely.getObjectMetadata();
                    }
                    bufferedOutputStream.write(bArr, 0, read);
                }
            } catch (IOException e11) {
                e = e11;
                throw new AmazonClientException("Unable to store object contents to disk: " + e.getMessage(), e);
            } catch (Throwable th) {
                th = th;
                bufferedOutputStream2 = bufferedOutputStream;
                IOUtils.closeQuietly(bufferedOutputStream2, this.log);
                IOUtils.closeQuietly(objectSecurely.getObjectContent(), this.log);
                throw th;
            }
        } catch (Throwable th2) {
            th = th2;
        }
    }

    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModule
    public final S3Object getObjectSecurely(GetObjectRequest getObjectRequest) {
        S3Object c10;
        appendUserAgent(getObjectRequest, AmazonS3EncryptionClient.USER_AGENT);
        long[] range = getObjectRequest.getRange();
        if ((this instanceof S3CryptoModuleAEStrict) && (range != null || getObjectRequest.getPartNumber() != null)) {
            throw new SecurityException("Range get and getting a part are not allowed in strict crypto mode");
        }
        long[] adjustedCryptoRange = S3CryptoModuleBase.getAdjustedCryptoRange(range);
        if (adjustedCryptoRange != null) {
            getObjectRequest.setRange(adjustedCryptoRange[0], adjustedCryptoRange[1]);
        }
        S3Object object = this.f23061s3.getObject(getObjectRequest);
        if (object == null) {
            return null;
        }
        String instructionFileSuffix = getObjectRequest instanceof EncryptedGetObjectRequest ? ((EncryptedGetObjectRequest) getObjectRequest).getInstructionFileSuffix() : null;
        if (instructionFileSuffix != null) {
            try {
                if (!instructionFileSuffix.trim().isEmpty()) {
                    c10 = c(getObjectRequest, range, adjustedCryptoRange, object, instructionFileSuffix);
                    return c10;
                }
            } catch (Error e10) {
                IOUtils.closeQuietly(object, this.log);
                throw e10;
            } catch (RuntimeException e11) {
                IOUtils.closeQuietly(object, this.log);
                throw e11;
            }
        }
        c10 = b(getObjectRequest, range, adjustedCryptoRange, object);
        return c10;
    }

    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModuleBase
    public final MultipartUploadCryptoContext newUploadContext(InitiateMultipartUploadRequest initiateMultipartUploadRequest, ContentCryptoMaterial contentCryptoMaterial) {
        return new MultipartUploadCryptoContext(initiateMultipartUploadRequest.getBucketName(), initiateMultipartUploadRequest.getKey(), contentCryptoMaterial);
    }

    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModuleBase
    public final void updateUploadContext(MultipartUploadCryptoContext multipartUploadCryptoContext, SdkFilterInputStream sdkFilterInputStream) {
    }

    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModuleBase
    public final SdkFilterInputStream wrapForMultipart(CipherLiteInputStream cipherLiteInputStream, long j10) {
        return cipherLiteInputStream;
    }
}
