package com.amazonaws.services.s3.internal.crypto;

import com.amazonaws.services.s3.internal.RepeatableFileInputStream;
import com.amazonaws.services.s3.internal.S3Direct;
import com.amazonaws.services.s3.internal.crypto.MultipartUploadContext;
import com.amazonaws.services.s3.model.AbortMultipartUploadRequest;
import com.amazonaws.services.s3.model.CryptoConfiguration;
import com.amazonaws.services.s3.model.EncryptionMaterials;
import com.amazonaws.services.s3.model.EncryptionMaterialsProvider;
import com.amazonaws.services.s3.model.MaterialsDescriptionProvider;
import com.amazonaws.services.s3.model.ObjectMetadata;
import com.amazonaws.services.s3.model.PutObjectRequest;
import com.amazonaws.services.s3.util.Mimetypes;
import defpackage.acq;
import defpackage.acs;
import defpackage.ajg;
import defpackage.ajm;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.InputStream;
import java.security.Key;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import org.apache.commons.logging.Log;

/* loaded from: classes.dex */
public abstract class S3CryptoModuleBase<T extends MultipartUploadContext> extends S3CryptoModule<T> {
    protected final Log Cf;
    protected final EncryptionMaterialsProvider Lc;
    protected final CryptoConfiguration Ld;
    protected final S3CryptoScheme Le;
    protected final ContentCryptoScheme Lf;
    protected final Map<String, T> Lg;
    protected final S3Direct Lh;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public class SecuredCEK {
        final byte[] Li;
        final String Lj;

        SecuredCEK(byte[] bArr, String str) {
            this.Li = bArr;
            this.Lj = str;
        }
    }

    private CipherLiteInputStream a(PutObjectRequest putObjectRequest, ContentCryptoMaterial contentCryptoMaterial, long j) {
        try {
            InputStream inputStream = putObjectRequest.getInputStream();
            if (putObjectRequest.getFile() != null) {
                inputStream = new RepeatableFileInputStream(putObjectRequest.getFile());
            }
            return new CipherLiteInputStream(j > -1 ? new ajg(inputStream, j, false) : inputStream, contentCryptoMaterial.jg(), 2048);
        } catch (Exception e) {
            throw new acq("Unable to create cipher input stream: " + e.getMessage(), e);
        }
    }

    private ContentCryptoMaterial b(EncryptionMaterials encryptionMaterials, Provider provider) {
        SecretKey c = c(encryptionMaterials, provider);
        byte[] bArr = new byte[this.Lf.iU()];
        this.Le.jz().nextBytes(bArr);
        SecuredCEK b = b(c, encryptionMaterials, provider);
        return new ContentCryptoMaterial(encryptionMaterials.js(), b.Li, b.Lj, this.Lf.a(c, bArr, 1, provider));
    }

    private ContentCryptoMaterial b(EncryptionMaterialsProvider encryptionMaterialsProvider, Provider provider) {
        return b(encryptionMaterialsProvider.kC(), provider);
    }

    private ContentCryptoMaterial b(EncryptionMaterialsProvider encryptionMaterialsProvider, Map<String, String> map, Provider provider) {
        return b(encryptionMaterialsProvider.g(map), provider);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final <X extends acs> X a(X x, String str) {
        x.fv().A(str);
        return x;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final ObjectMetadata a(ObjectMetadata objectMetadata, File file, ContentCryptoMaterial contentCryptoMaterial) {
        if (objectMetadata == null) {
            objectMetadata = new ObjectMetadata();
        }
        if (file != null) {
            objectMetadata.setContentType(Mimetypes.lV().i(file));
        }
        return contentCryptoMaterial.b(objectMetadata);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final PutObjectRequest a(PutObjectRequest putObjectRequest, ContentCryptoMaterial contentCryptoMaterial) {
        ObjectMetadata lj = putObjectRequest.lj();
        if (lj == null) {
            lj = new ObjectMetadata();
        }
        if (lj.le() != null) {
            lj.m("x-amz-unencrypted-content-md5", lj.le());
        }
        lj.aY(null);
        long b = b(putObjectRequest, lj);
        if (b >= 0) {
            lj.m("x-amz-unencrypted-content-length", Long.toString(b));
            lj.setContentLength(q(b));
        }
        putObjectRequest.e(lj);
        putObjectRequest.setInputStream(a(putObjectRequest, contentCryptoMaterial, b));
        putObjectRequest.f((File) null);
        return putObjectRequest;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final PutObjectRequest a(String str, String str2, ContentCryptoMaterial contentCryptoMaterial) {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(contentCryptoMaterial.je().getBytes(ajm.UTF8));
        ObjectMetadata objectMetadata = new ObjectMetadata();
        objectMetadata.setContentLength(r0.length);
        objectMetadata.m("x-amz-crypto-instr-file", "");
        return new PutObjectRequest(str, str2 + ".instruction", byteArrayInputStream, objectMetadata);
    }

    protected final long b(PutObjectRequest putObjectRequest, ObjectMetadata objectMetadata) {
        if (putObjectRequest.getFile() != null) {
            return putObjectRequest.getFile().length();
        }
        if (putObjectRequest.getInputStream() == null || objectMetadata.aW("Content-Length") == null) {
            return -1L;
        }
        return objectMetadata.getContentLength();
    }

    protected final SecuredCEK b(SecretKey secretKey, EncryptionMaterials encryptionMaterials, Provider provider) {
        Key key = encryptionMaterials.kz() != null ? encryptionMaterials.kz().getPublic() : encryptionMaterials.kA();
        String a = this.Le.jA().a(key);
        try {
            if (a != null) {
                Cipher cipher = provider == null ? Cipher.getInstance(a) : Cipher.getInstance(a, provider);
                cipher.init(3, key, this.Le.jz());
                return new SecuredCEK(cipher.wrap(secretKey), a);
            }
            byte[] encoded = secretKey.getEncoded();
            String algorithm = key.getAlgorithm();
            Cipher cipher2 = provider != null ? Cipher.getInstance(algorithm, provider) : Cipher.getInstance(algorithm);
            cipher2.init(1, key);
            return new SecuredCEK(cipher2.doFinal(encoded), null);
        } catch (Exception e) {
            throw new acq("Unable to encrypt symmetric key: " + e.getMessage(), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final PutObjectRequest b(PutObjectRequest putObjectRequest, ContentCryptoMaterial contentCryptoMaterial) {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(contentCryptoMaterial.je().getBytes(ajm.UTF8));
        ObjectMetadata lj = putObjectRequest.lj();
        if (lj == null) {
            lj = new ObjectMetadata();
            putObjectRequest.e(lj);
        }
        lj.setContentLength(r1.length);
        lj.m("x-amz-crypto-instr-file", "");
        putObjectRequest.setKey(putObjectRequest.getKey() + ".instruction");
        putObjectRequest.e(lj);
        putObjectRequest.setInputStream(byteArrayInputStream);
        putObjectRequest.f((File) null);
        return putObjectRequest;
    }

    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModule
    public final void b(AbortMultipartUploadRequest abortMultipartUploadRequest) {
        this.Lh.a(abortMultipartUploadRequest);
        this.Lg.remove(abortMultipartUploadRequest.jN());
    }

    protected final SecretKey c(EncryptionMaterials encryptionMaterials, Provider provider) {
        boolean z;
        String iQ = this.Lf.iQ();
        try {
            KeyGenerator keyGenerator = provider == null ? KeyGenerator.getInstance(iQ) : KeyGenerator.getInstance(iQ, provider);
            keyGenerator.init(this.Lf.iS(), this.Le.jz());
            KeyPair kz = encryptionMaterials.kz();
            if (kz == null || this.Le.jA().a(kz.getPublic()) != null) {
                z = false;
            } else {
                Provider provider2 = keyGenerator.getProvider();
                z = "BC".equals(provider2 == null ? null : provider2.getName());
            }
            if (!z) {
                return keyGenerator.generateKey();
            }
            for (int i = 0; i < 10; i++) {
                SecretKey generateKey = keyGenerator.generateKey();
                if (generateKey.getEncoded()[0] != 0) {
                    return generateKey;
                }
            }
            throw new acq("Failed to generate secret key");
        } catch (NoSuchAlgorithmException e) {
            throw new acq("Unable to generate envelope symmetric key:" + e.getMessage(), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Multi-variable type inference failed */
    public final ContentCryptoMaterial g(acs acsVar) {
        return acsVar instanceof MaterialsDescriptionProvider ? b(this.Lc, ((MaterialsDescriptionProvider) acsVar).js(), this.Ld.ky()) : b(this.Lc, this.Ld.ky());
    }

    protected abstract long q(long j);
}
