package com.amazonaws.services.s3.internal.crypto;

import a.c;
import cj.w1;
import com.amazonaws.AmazonClientException;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.auth.DefaultAWSCredentialsProviderChain;
import com.amazonaws.internal.SdkFilterInputStream;
import com.amazonaws.services.kms.AWSKMSClient;
import com.amazonaws.services.s3.AmazonS3EncryptionClient;
import com.amazonaws.services.s3.KeyWrapException;
import com.amazonaws.services.s3.internal.S3Direct;
import com.amazonaws.services.s3.model.CryptoConfiguration;
import com.amazonaws.services.s3.model.CryptoMode;
import com.amazonaws.services.s3.model.EncryptedGetObjectRequest;
import com.amazonaws.services.s3.model.EncryptionMaterials;
import com.amazonaws.services.s3.model.EncryptionMaterialsProvider;
import com.amazonaws.services.s3.model.ExtraMaterialsDescription;
import com.amazonaws.services.s3.model.GetObjectRequest;
import com.amazonaws.services.s3.model.InitiateMultipartUploadRequest;
import com.amazonaws.services.s3.model.KMSEncryptionMaterials;
import com.amazonaws.services.s3.model.ObjectMetadata;
import com.amazonaws.services.s3.model.S3Object;
import com.amazonaws.services.s3.model.S3ObjectId;
import com.amazonaws.services.s3.model.S3ObjectInputStream;
import com.amazonaws.services.s3.model.StaticEncryptionMaterialsProvider;
import com.amazonaws.services.s3.model.UploadPartRequest;
import com.amazonaws.util.Base64;
import com.amazonaws.util.IOUtils;
import com.amazonaws.util.json.JsonUtils;
import com.facebook.common.time.Clock;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.Provider;
import java.util.Collections;
import java.util.Map;

/* JADX INFO: Access modifiers changed from: package-private */
@Deprecated
/* loaded from: classes.dex */
public class S3CryptoModuleAE extends S3CryptoModuleBase<MultipartUploadCryptoContext> {
    private static final int BIT_SIZE = 8;
    private static final int DEFAULT_BYTE_SIZE = 10240;

    static {
        CryptoRuntime.a();
    }

    public S3CryptoModuleAE(AWSKMSClient aWSKMSClient, S3Direct s3Direct, AWSCredentialsProvider aWSCredentialsProvider, EncryptionMaterialsProvider encryptionMaterialsProvider, CryptoConfiguration cryptoConfiguration) {
        super(aWSKMSClient, s3Direct, aWSCredentialsProvider, encryptionMaterialsProvider, cryptoConfiguration);
        CryptoMode d10 = cryptoConfiguration.d();
        if (d10 != CryptoMode.StrictAuthenticatedEncryption && d10 != CryptoMode.AuthenticatedEncryption) {
            throw new IllegalArgumentException();
        }
    }

    public S3CryptoModuleAE(AWSKMSClient aWSKMSClient, S3Direct s3Direct, EncryptionMaterialsProvider encryptionMaterialsProvider, CryptoConfiguration cryptoConfiguration) {
        this(aWSKMSClient, s3Direct, new DefaultAWSCredentialsProviderChain(), encryptionMaterialsProvider, cryptoConfiguration);
    }

    public S3CryptoModuleAE(S3Direct s3Direct, EncryptionMaterialsProvider encryptionMaterialsProvider, CryptoConfiguration cryptoConfiguration) {
        this(null, s3Direct, new DefaultAWSCredentialsProviderChain(), encryptionMaterialsProvider, cryptoConfiguration);
    }

    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModule
    public S3Object c(GetObjectRequest getObjectRequest) {
        long[] jArr;
        S3Object w5;
        g(getObjectRequest, AmazonS3EncryptionClient.f3915h);
        long[] r3 = getObjectRequest.r();
        if ((this instanceof S3CryptoModuleAEStrict) && (r3 != null || getObjectRequest.q() != null)) {
            throw new SecurityException("Range get and getting a part are not allowed in strict crypto mode");
        }
        if (r3 == null || r3[0] > r3[1]) {
            jArr = null;
        } else {
            jArr = new long[2];
            long j10 = r3[0];
            long j11 = (j10 - (j10 % 16)) - 16;
            if (j11 < 0) {
                j11 = 0;
            }
            jArr[0] = j11;
            long j12 = r3[1];
            long j13 = (16 - (j12 % 16)) + j12 + 16;
            if (j13 < 0) {
                j13 = Clock.MAX_TIME;
            }
            jArr[1] = j13;
        }
        if (jArr != null) {
            getObjectRequest.z(jArr[0], jArr[1]);
        }
        S3Object f10 = this.f3941g.f(getObjectRequest);
        if (f10 == null) {
            return null;
        }
        String C = getObjectRequest instanceof EncryptedGetObjectRequest ? ((EncryptedGetObjectRequest) getObjectRequest).C() : null;
        if (C != null) {
            try {
                if (!C.trim().isEmpty()) {
                    w5 = w(getObjectRequest, r3, jArr, f10, C);
                    return w5;
                }
            } catch (Error e10) {
                IOUtils.closeQuietly(f10, this.f3936b);
                throw e10;
            } catch (RuntimeException e11) {
                IOUtils.closeQuietly(f10, this.f3936b);
                throw e11;
            }
        }
        w5 = v(getObjectRequest, r3, jArr, f10);
        return w5;
    }

    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModuleBase
    public final CipherLite i(MultipartUploadCryptoContext multipartUploadCryptoContext) {
        return multipartUploadCryptoContext.h();
    }

    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModuleBase
    public final long j(long j10) {
        return j10 + (this.f3938d.k() / 8);
    }

    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModuleBase
    public final long k(UploadPartRequest uploadPartRequest) {
        return uploadPartRequest.u() + (this.f3938d.k() / 8);
    }

    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModuleBase
    public final MultipartUploadCryptoContext o(InitiateMultipartUploadRequest initiateMultipartUploadRequest, ContentCryptoMaterial contentCryptoMaterial) {
        return new MultipartUploadCryptoContext(initiateMultipartUploadRequest.m(), initiateMultipartUploadRequest.o(), contentCryptoMaterial);
    }

    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModuleBase
    public final void r(MultipartUploadCryptoContext multipartUploadCryptoContext, SdkFilterInputStream sdkFilterInputStream) {
    }

    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModuleBase
    public final SdkFilterInputStream s(CipherLiteInputStream cipherLiteInputStream, long j10) {
        return cipherLiteInputStream;
    }

    public final S3ObjectWrapper u(S3ObjectWrapper s3ObjectWrapper, long[] jArr, Map<String, String> map) {
        if (jArr == null) {
            return s3ObjectWrapper;
        }
        long u5 = (s3ObjectWrapper.f().u() - (s3ObjectWrapper.a(map).k() / 8)) - 1;
        if (jArr[1] > u5) {
            jArr[1] = u5;
            if (jArr[0] > jArr[1]) {
                IOUtils.closeQuietly(s3ObjectWrapper.e(), this.f3936b);
                s3ObjectWrapper.l(new ByteArrayInputStream(new byte[0]));
                return s3ObjectWrapper;
            }
        }
        if (jArr[0] > jArr[1]) {
            return s3ObjectWrapper;
        }
        try {
            S3ObjectInputStream e10 = s3ObjectWrapper.e();
            s3ObjectWrapper.k(new S3ObjectInputStream(new AdjustedRangeInputStream(e10, jArr[0], jArr[1]), e10.e()));
            return s3ObjectWrapper;
        } catch (IOException e11) {
            StringBuilder c10 = c.c("Error adjusting output to desired byte range: ");
            c10.append(e11.getMessage());
            throw new AmazonClientException(c10.toString());
        }
    }

    public final S3Object v(GetObjectRequest getObjectRequest, long[] jArr, long[] jArr2, S3Object s3Object) {
        EncryptionMaterials b10;
        int parseInt;
        S3ObjectWrapper s3ObjectWrapper = new S3ObjectWrapper(s3Object, getObjectRequest.t());
        if (!s3ObjectWrapper.i()) {
            S3ObjectWrapper m10 = m(getObjectRequest.t(), null);
            if (m10 != null) {
                try {
                    if (m10.j()) {
                        return x(getObjectRequest, jArr, jArr2, s3ObjectWrapper, m10);
                    }
                } finally {
                    IOUtils.closeQuietly(m10, this.f3936b);
                }
            }
            if (!(this instanceof S3CryptoModuleAEStrict) && this.f3939e.g()) {
                this.f3936b.j(String.format("Unable to detect encryption information for object '%s' in bucket '%s'. Returning object without decryption.", s3Object.b(), s3Object.a()));
                u(s3ObjectWrapper, jArr, null);
                return s3ObjectWrapper.g();
            }
            IOUtils.closeQuietly(s3ObjectWrapper, this.f3936b);
            StringBuilder c10 = c.c("Instruction file not found for S3 object with bucket name: ");
            c10.append(s3Object.a());
            c10.append(", key: ");
            c10.append(s3Object.b());
            throw new SecurityException(c10.toString());
        }
        ExtraMaterialsDescription extraMaterialsDescription = ExtraMaterialsDescription.f3954a;
        boolean z10 = this instanceof S3CryptoModuleAEStrict;
        if (getObjectRequest instanceof EncryptedGetObjectRequest) {
            EncryptedGetObjectRequest encryptedGetObjectRequest = (EncryptedGetObjectRequest) getObjectRequest;
            extraMaterialsDescription = encryptedGetObjectRequest.B();
            if (!z10) {
                z10 = encryptedGetObjectRequest.D();
            }
        }
        ObjectMetadata f10 = s3ObjectWrapper.f();
        EncryptionMaterialsProvider encryptionMaterialsProvider = this.f3935a;
        Provider e10 = this.f3939e.e();
        AWSKMSClient aWSKMSClient = this.f3942h;
        Map<String, String> C = f10.C();
        String str = C.get("x-amz-key-v2");
        if (str == null && (str = C.get("x-amz-key")) == null) {
            throw new AmazonClientException("Content encrypting key not found.");
        }
        byte[] decode = Base64.decode(str);
        byte[] decode2 = Base64.decode(C.get("x-amz-iv"));
        if (decode == null || decode2 == null) {
            throw new AmazonClientException("Content encrypting key or IV not found.");
        }
        String str2 = C.get("x-amz-matdesc");
        String str3 = C.get("x-amz-wrap-alg");
        boolean d10 = KMSSecuredCEK.d(str3);
        Map<String, String> d11 = JsonUtils.d(str2);
        Map<String, String> unmodifiableMap = d11 == null ? null : Collections.unmodifiableMap(d11);
        Map<String, String> a10 = (d10 || extraMaterialsDescription == null) ? unmodifiableMap : extraMaterialsDescription.a(unmodifiableMap);
        if (d10) {
            b10 = new KMSEncryptionMaterials(unmodifiableMap.get("kms_cmk_id"));
            b10.b(unmodifiableMap);
        } else {
            b10 = encryptionMaterialsProvider == null ? null : ((StaticEncryptionMaterialsProvider) encryptionMaterialsProvider).b(a10);
            if (b10 == null) {
                throw new AmazonClientException("Unable to retrieve the client encryption materials");
            }
        }
        EncryptionMaterials encryptionMaterials = b10;
        String str4 = C.get("x-amz-cek-alg");
        boolean z11 = jArr2 != null;
        ContentCryptoScheme d12 = ContentCryptoScheme.d(str4, z11);
        if (z11) {
            decode2 = d12.a(decode2, jArr2[0]);
        } else {
            int k10 = d12.k();
            if (k10 > 0 && k10 != (parseInt = Integer.parseInt(C.get("x-amz-tag-len")))) {
                throw new AmazonClientException(w1.c("Unsupported tag length: ", parseInt, ", expected: ", k10));
            }
        }
        byte[] bArr = decode2;
        if (z10 && str3 == null) {
            throw new KeyWrapException("Missing key-wrap for the content-encrypting-key");
        }
        ContentCryptoMaterial contentCryptoMaterial = new ContentCryptoMaterial(a10, decode, str3, d12.c(ContentCryptoMaterial.a(decode, str3, encryptionMaterials, e10, d12, aWSKMSClient), bArr, 2, e10));
        p(contentCryptoMaterial, s3ObjectWrapper);
        y(s3ObjectWrapper, contentCryptoMaterial);
        u(s3ObjectWrapper, jArr, null);
        return s3ObjectWrapper.g();
    }

    public final S3Object w(GetObjectRequest getObjectRequest, long[] jArr, long[] jArr2, S3Object s3Object, String str) {
        S3ObjectId t10 = getObjectRequest.t();
        S3ObjectWrapper m10 = m(t10, str);
        if (m10 == null) {
            throw new AmazonClientException("Instruction file with suffix " + str + " is not found for " + s3Object);
        }
        try {
            if (m10.j()) {
                return x(getObjectRequest, jArr, jArr2, new S3ObjectWrapper(s3Object, t10), m10);
            }
            throw new AmazonClientException("Invalid Instruction file with suffix " + str + " detected for " + s3Object);
        } finally {
            IOUtils.closeQuietly(m10, this.f3936b);
        }
    }

    public final S3Object x(GetObjectRequest getObjectRequest, long[] jArr, long[] jArr2, S3ObjectWrapper s3ObjectWrapper, S3ObjectWrapper s3ObjectWrapper2) {
        EncryptionMaterials encryptionMaterials;
        int parseInt;
        ExtraMaterialsDescription extraMaterialsDescription = ExtraMaterialsDescription.f3954a;
        boolean z10 = this instanceof S3CryptoModuleAEStrict;
        if (getObjectRequest instanceof EncryptedGetObjectRequest) {
            EncryptedGetObjectRequest encryptedGetObjectRequest = (EncryptedGetObjectRequest) getObjectRequest;
            extraMaterialsDescription = encryptedGetObjectRequest.B();
            if (!z10) {
                z10 = encryptedGetObjectRequest.D();
            }
        }
        Map<String, String> unmodifiableMap = Collections.unmodifiableMap(JsonUtils.d(s3ObjectWrapper2.m()));
        EncryptionMaterialsProvider encryptionMaterialsProvider = this.f3935a;
        Provider e10 = this.f3939e.e();
        AWSKMSClient aWSKMSClient = this.f3942h;
        String str = unmodifiableMap.get("x-amz-key-v2");
        if (str == null && (str = unmodifiableMap.get("x-amz-key")) == null) {
            throw new AmazonClientException("Content encrypting key not found.");
        }
        byte[] decode = Base64.decode(str);
        byte[] decode2 = Base64.decode(unmodifiableMap.get("x-amz-iv"));
        if (decode == null || decode2 == null) {
            throw new AmazonClientException("Necessary encryption info not found in the instruction file " + unmodifiableMap);
        }
        String str2 = unmodifiableMap.get("x-amz-wrap-alg");
        boolean d10 = KMSSecuredCEK.d(str2);
        Map<String, String> d11 = JsonUtils.d(unmodifiableMap.get("x-amz-matdesc"));
        Map<String, String> unmodifiableMap2 = d11 == null ? null : Collections.unmodifiableMap(d11);
        Map<String, String> a10 = (extraMaterialsDescription == null || d10) ? unmodifiableMap2 : extraMaterialsDescription.a(unmodifiableMap2);
        if (d10) {
            KMSEncryptionMaterials kMSEncryptionMaterials = new KMSEncryptionMaterials(unmodifiableMap2.get("kms_cmk_id"));
            kMSEncryptionMaterials.b(unmodifiableMap2);
            encryptionMaterials = kMSEncryptionMaterials;
        } else {
            EncryptionMaterials b10 = encryptionMaterialsProvider != null ? ((StaticEncryptionMaterialsProvider) encryptionMaterialsProvider).b(a10) : null;
            if (b10 == null) {
                throw new AmazonClientException("Unable to retrieve the encryption materials that originally encrypted object corresponding to instruction file " + unmodifiableMap);
            }
            encryptionMaterials = b10;
        }
        String str3 = unmodifiableMap.get("x-amz-cek-alg");
        boolean z11 = jArr2 != null;
        ContentCryptoScheme d12 = ContentCryptoScheme.d(str3, z11);
        if (z11) {
            decode2 = d12.a(decode2, jArr2[0]);
        } else {
            int k10 = d12.k();
            if (k10 > 0 && k10 != (parseInt = Integer.parseInt(unmodifiableMap.get("x-amz-tag-len")))) {
                throw new AmazonClientException(w1.c("Unsupported tag length: ", parseInt, ", expected: ", k10));
            }
        }
        byte[] bArr = decode2;
        if (z10 && str2 == null) {
            throw new KeyWrapException("Missing key-wrap for the content-encrypting-key");
        }
        ContentCryptoMaterial contentCryptoMaterial = new ContentCryptoMaterial(a10, decode, str2, d12.c(ContentCryptoMaterial.a(decode, str2, encryptionMaterials, e10, d12, aWSKMSClient), bArr, 2, e10));
        p(contentCryptoMaterial, s3ObjectWrapper);
        y(s3ObjectWrapper, contentCryptoMaterial);
        u(s3ObjectWrapper, jArr, unmodifiableMap);
        return s3ObjectWrapper.g();
    }

    public final S3ObjectWrapper y(S3ObjectWrapper s3ObjectWrapper, ContentCryptoMaterial contentCryptoMaterial) {
        S3ObjectInputStream e10 = s3ObjectWrapper.e();
        s3ObjectWrapper.k(new S3ObjectInputStream(new CipherLiteInputStream(e10, contentCryptoMaterial.b(), 2048), e10.e()));
        return s3ObjectWrapper;
    }
}
