package com.amazonaws.services.s3.internal.crypto;

import com.amazonaws.AmazonClientException;
import com.amazonaws.AmazonServiceException;
import com.amazonaws.AmazonWebServiceRequest;
import com.amazonaws.internal.ResettableInputStream;
import com.amazonaws.internal.SdkFilterInputStream;
import com.amazonaws.logging.Log;
import com.amazonaws.services.kms.AWSKMSClient;
import com.amazonaws.services.kms.model.GenerateDataKeyRequest;
import com.amazonaws.services.kms.model.GenerateDataKeyResult;
import com.amazonaws.services.s3.AmazonS3EncryptionClient;
import com.amazonaws.services.s3.internal.InputSubstream;
import com.amazonaws.services.s3.internal.S3Direct;
import com.amazonaws.services.s3.internal.crypto.MultipartUploadCryptoContext;
import com.amazonaws.services.s3.model.AbortMultipartUploadRequest;
import com.amazonaws.services.s3.model.AbstractPutObjectRequest;
import com.amazonaws.services.s3.model.CompleteMultipartUploadRequest;
import com.amazonaws.services.s3.model.CompleteMultipartUploadResult;
import com.amazonaws.services.s3.model.CopyPartRequest;
import com.amazonaws.services.s3.model.CopyPartResult;
import com.amazonaws.services.s3.model.CryptoConfiguration;
import com.amazonaws.services.s3.model.CryptoStorageMode;
import com.amazonaws.services.s3.model.EncryptionMaterials;
import com.amazonaws.services.s3.model.EncryptionMaterialsFactory;
import com.amazonaws.services.s3.model.EncryptionMaterialsProvider;
import com.amazonaws.services.s3.model.GetObjectRequest;
import com.amazonaws.services.s3.model.InitiateMultipartUploadRequest;
import com.amazonaws.services.s3.model.InitiateMultipartUploadResult;
import com.amazonaws.services.s3.model.InstructionFileId;
import com.amazonaws.services.s3.model.MaterialsDescriptionProvider;
import com.amazonaws.services.s3.model.ObjectMetadata;
import com.amazonaws.services.s3.model.PutObjectRequest;
import com.amazonaws.services.s3.model.PutObjectResult;
import com.amazonaws.services.s3.model.S3DataSource;
import com.amazonaws.services.s3.model.S3Object;
import com.amazonaws.services.s3.model.S3ObjectId;
import com.amazonaws.services.s3.model.UploadPartRequest;
import com.amazonaws.services.s3.model.UploadPartResult;
import com.amazonaws.services.s3.util.Mimetypes;
import com.amazonaws.util.BinaryUtils;
import com.amazonaws.util.StringUtils;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.InputStream;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

@Deprecated
/* loaded from: classes.dex */
public abstract class S3CryptoModuleBase<T extends MultipartUploadCryptoContext> extends S3CryptoModule<T> {
    protected final EncryptionMaterialsProvider a;
    protected final Log b;
    protected final S3CryptoScheme c;
    protected final ContentCryptoScheme d;
    protected final CryptoConfiguration e;
    protected final Map<String, T> f;
    protected final S3Direct g;
    protected final AWSKMSClient h;

    private static long a(AbstractPutObjectRequest abstractPutObjectRequest, ObjectMetadata objectMetadata) {
        if (abstractPutObjectRequest.g != null) {
            return abstractPutObjectRequest.g.length();
        }
        if (abstractPutObjectRequest.h == null || objectMetadata.b("Content-Length") == null) {
            return -1L;
        }
        return objectMetadata.e();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static <X extends AmazonWebServiceRequest> X a(X x, String str) {
        x.b.a(str);
        return x;
    }

    /* JADX WARN: Removed duplicated region for block: B:12:0x002a A[Catch: Exception -> 0x0036, TryCatch #0 {Exception -> 0x0036, blocks: (B:5:0x000a, B:9:0x001b, B:10:0x0022, B:12:0x002a, B:15:0x0030, B:17:0x000f), top: B:2:0x0005 }] */
    /* JADX WARN: Removed duplicated region for block: B:15:0x0030 A[Catch: Exception -> 0x0036, TRY_LEAVE, TryCatch #0 {Exception -> 0x0036, blocks: (B:5:0x000a, B:9:0x001b, B:10:0x0022, B:12:0x002a, B:15:0x0030, B:17:0x000f), top: B:2:0x0005 }] */
    /* JADX WARN: Removed duplicated region for block: B:9:0x001b A[Catch: Exception -> 0x0036, TryCatch #0 {Exception -> 0x0036, blocks: (B:5:0x000a, B:9:0x001b, B:10:0x0022, B:12:0x002a, B:15:0x0030, B:17:0x000f), top: B:2:0x0005 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private static com.amazonaws.services.s3.internal.crypto.CipherLiteInputStream a(com.amazonaws.services.s3.model.AbstractPutObjectRequest r6, com.amazonaws.services.s3.internal.crypto.ContentCryptoMaterial r7, long r8) {
        /*
            java.io.File r0 = r6.g
            java.io.InputStream r1 = r6.h
            r2 = 0
            if (r0 != 0) goto Lf
            if (r1 != 0) goto La
            goto L15
        La:
            com.amazonaws.internal.ReleasableInputStream r3 = com.amazonaws.internal.ReleasableInputStream.a(r1)     // Catch: java.lang.Exception -> L36
            goto L14
        Lf:
            com.amazonaws.internal.ResettableInputStream r3 = new com.amazonaws.internal.ResettableInputStream     // Catch: java.lang.Exception -> L36
            r3.<init>(r0)     // Catch: java.lang.Exception -> L36
        L14:
            r2 = r3
        L15:
            r3 = -1
            int r5 = (r8 > r3 ? 1 : (r8 == r3 ? 0 : -1))
            if (r5 <= 0) goto L22
            com.amazonaws.util.LengthCheckInputStream r3 = new com.amazonaws.util.LengthCheckInputStream     // Catch: java.lang.Exception -> L36
            r4 = 0
            r3.<init>(r2, r8, r4)     // Catch: java.lang.Exception -> L36
            r2 = r3
        L22:
            com.amazonaws.services.s3.internal.crypto.CipherLite r7 = r7.a     // Catch: java.lang.Exception -> L36
            boolean r8 = r7.b()     // Catch: java.lang.Exception -> L36
            if (r8 == 0) goto L30
            com.amazonaws.services.s3.internal.crypto.CipherLiteInputStream r8 = new com.amazonaws.services.s3.internal.crypto.CipherLiteInputStream     // Catch: java.lang.Exception -> L36
            r8.<init>(r2, r7)     // Catch: java.lang.Exception -> L36
            return r8
        L30:
            com.amazonaws.services.s3.internal.crypto.RenewableCipherLiteInputStream r8 = new com.amazonaws.services.s3.internal.crypto.RenewableCipherLiteInputStream     // Catch: java.lang.Exception -> L36
            r8.<init>(r2, r7)     // Catch: java.lang.Exception -> L36
            return r8
        L36:
            r7 = move-exception
            com.amazonaws.services.s3.model.S3DataSource.Utils.a(r6, r0, r1, r2)
            com.amazonaws.AmazonClientException r6 = new com.amazonaws.AmazonClientException
            java.lang.String r8 = "Unable to create cipher input stream"
            r6.<init>(r8, r7)
            throw r6
        */
        throw new UnsupportedOperationException("Method not decompiled: com.amazonaws.services.s3.internal.crypto.S3CryptoModuleBase.a(com.amazonaws.services.s3.model.AbstractPutObjectRequest, com.amazonaws.services.s3.internal.crypto.ContentCryptoMaterial, long):com.amazonaws.services.s3.internal.crypto.CipherLiteInputStream");
    }

    private static CipherLiteInputStream a(UploadPartRequest uploadPartRequest, CipherLite cipherLite) {
        InputStream resettableInputStream;
        File file = uploadPartRequest.o;
        InputStream inputStream = uploadPartRequest.n;
        InputStream inputStream2 = null;
        try {
            if (file != null) {
                resettableInputStream = new ResettableInputStream(file);
            } else {
                if (inputStream == null) {
                    throw new IllegalArgumentException("A File or InputStream must be specified when uploading part");
                }
                resettableInputStream = inputStream;
            }
        } catch (Exception e) {
            e = e;
        }
        try {
            InputSubstream inputSubstream = new InputSubstream(resettableInputStream, uploadPartRequest.p, uploadPartRequest.l, uploadPartRequest.q);
            return cipherLite.b() ? new CipherLiteInputStream(inputSubstream, cipherLite, true, uploadPartRequest.q) : new RenewableCipherLiteInputStream(inputSubstream, cipherLite, uploadPartRequest.q);
        } catch (Exception e2) {
            e = e2;
            inputStream2 = resettableInputStream;
            S3DataSource.Utils.a(uploadPartRequest, file, inputStream, inputStream2);
            throw new AmazonClientException("Unable to create cipher input stream", e);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private ContentCryptoMaterial a(AmazonWebServiceRequest amazonWebServiceRequest) {
        EncryptionMaterials a;
        if ((amazonWebServiceRequest instanceof EncryptionMaterialsFactory) && (a = ((EncryptionMaterialsFactory) amazonWebServiceRequest).a()) != null) {
            return a(a, this.e.c, amazonWebServiceRequest);
        }
        if (amazonWebServiceRequest instanceof MaterialsDescriptionProvider) {
            Map<String, String> b_ = ((MaterialsDescriptionProvider) amazonWebServiceRequest).b_();
            ContentCryptoMaterial a2 = a(this.a, b_, this.e.c, amazonWebServiceRequest);
            if (a2 != null) {
                return a2;
            }
            if (b_ != null && !this.a.a().d()) {
                throw new AmazonClientException("No material available from the encryption material provider for description ".concat(String.valueOf(b_)));
            }
        }
        return a(this.a, this.e.c, amazonWebServiceRequest);
    }

    private ContentCryptoMaterial a(EncryptionMaterials encryptionMaterials, Provider provider, AmazonWebServiceRequest amazonWebServiceRequest) {
        byte[] bArr = new byte[this.d.e()];
        S3CryptoScheme.a().nextBytes(bArr);
        if (!encryptionMaterials.d()) {
            return ContentCryptoMaterial.a(a(encryptionMaterials, provider), bArr, encryptionMaterials, this.c, provider, this.h, amazonWebServiceRequest);
        }
        Map<String, String> a = ContentCryptoMaterial.a(encryptionMaterials, amazonWebServiceRequest);
        GenerateDataKeyRequest generateDataKeyRequest = new GenerateDataKeyRequest();
        generateDataKeyRequest.f = a;
        generateDataKeyRequest.e = encryptionMaterials.e();
        generateDataKeyRequest.h = this.d.h();
        generateDataKeyRequest.b(amazonWebServiceRequest.c_()).c = amazonWebServiceRequest.c;
        GenerateDataKeyResult a2 = this.h.a(generateDataKeyRequest);
        return ContentCryptoMaterial.a(new SecretKeySpec(BinaryUtils.a(a2.b), this.d.a()), bArr, this.d, provider, new KMSSecuredCEK(BinaryUtils.a(a2.a), a));
    }

    private ContentCryptoMaterial a(EncryptionMaterialsProvider encryptionMaterialsProvider, Provider provider, AmazonWebServiceRequest amazonWebServiceRequest) {
        EncryptionMaterials a = encryptionMaterialsProvider.a();
        if (a != null) {
            return a(a, provider, amazonWebServiceRequest);
        }
        throw new AmazonClientException("No material available from the encryption material provider");
    }

    private ContentCryptoMaterial a(EncryptionMaterialsProvider encryptionMaterialsProvider, Map<String, String> map, Provider provider, AmazonWebServiceRequest amazonWebServiceRequest) {
        EncryptionMaterials a = encryptionMaterialsProvider.a(map);
        if (a == null) {
            return null;
        }
        return a(a, provider, amazonWebServiceRequest);
    }

    private <R extends AbstractPutObjectRequest> R a(R r, ContentCryptoMaterial contentCryptoMaterial) {
        ObjectMetadata objectMetadata = r.i;
        if (objectMetadata == null) {
            objectMetadata = new ObjectMetadata();
        }
        if (objectMetadata.j() != null) {
            objectMetadata.a("x-amz-unencrypted-content-md5", objectMetadata.j());
        }
        objectMetadata.g(null);
        long a = a(r, objectMetadata);
        if (a >= 0) {
            objectMetadata.a("x-amz-unencrypted-content-length", Long.toString(a));
            objectMetadata.a(a(a));
        }
        r.i = objectMetadata;
        r.h = a(r, contentCryptoMaterial, a);
        r.g = null;
        return r;
    }

    private ObjectMetadata a(ObjectMetadata objectMetadata, File file, ContentCryptoMaterial contentCryptoMaterial) {
        if (objectMetadata == null) {
            objectMetadata = new ObjectMetadata();
        }
        if (file != null) {
            objectMetadata.f(Mimetypes.a().a(file));
        }
        return contentCryptoMaterial.a(objectMetadata, this.e.a);
    }

    private SecretKey a(EncryptionMaterials encryptionMaterials, Provider provider) {
        boolean z;
        String a = this.d.a();
        try {
            KeyGenerator keyGenerator = provider == null ? KeyGenerator.getInstance(a) : KeyGenerator.getInstance(a, provider);
            keyGenerator.init(this.d.c(), S3CryptoScheme.a());
            KeyPair a2 = encryptionMaterials.a();
            if (a2 == null || this.c.a.a(a2.getPublic(), provider) != null) {
                z = false;
            } else {
                Provider provider2 = keyGenerator.getProvider();
                z = "BC".equals(provider2 == null ? null : provider2.getName());
            }
            SecretKey generateKey = keyGenerator.generateKey();
            if (z && generateKey.getEncoded()[0] == 0) {
                for (int i = 0; i < 9; i++) {
                    SecretKey generateKey2 = keyGenerator.generateKey();
                    if (generateKey2.getEncoded()[0] != 0) {
                        return generateKey2;
                    }
                }
                throw new AmazonClientException("Failed to generate secret key");
            }
            return generateKey;
        } catch (NoSuchAlgorithmException e) {
            throw new AmazonClientException("Unable to generate envelope symmetric key:" + e.getMessage(), e);
        }
    }

    private PutObjectResult b(PutObjectRequest putObjectRequest) {
        ContentCryptoMaterial a = a((AmazonWebServiceRequest) putObjectRequest);
        File file = putObjectRequest.g;
        InputStream inputStream = putObjectRequest.h;
        PutObjectRequest putObjectRequest2 = (PutObjectRequest) a((S3CryptoModuleBase<T>) putObjectRequest, a);
        putObjectRequest.i = a(putObjectRequest.i, putObjectRequest.g, a);
        try {
            return this.g.a(putObjectRequest2);
        } finally {
            S3DataSource.Utils.a(putObjectRequest, file, inputStream, putObjectRequest2.h);
        }
    }

    private PutObjectResult c(PutObjectRequest putObjectRequest) {
        File file = putObjectRequest.g;
        InputStream inputStream = putObjectRequest.h;
        PutObjectRequest b = putObjectRequest.clone().b((File) null).b((InputStream) null);
        b.f += ".instruction";
        ContentCryptoMaterial a = a((AmazonWebServiceRequest) putObjectRequest);
        PutObjectRequest putObjectRequest2 = (PutObjectRequest) a((S3CryptoModuleBase<T>) putObjectRequest, a);
        try {
            PutObjectResult a2 = this.g.a(putObjectRequest2);
            S3DataSource.Utils.a(putObjectRequest, file, inputStream, putObjectRequest2.h);
            S3Direct s3Direct = this.g;
            byte[] bytes = a.a(this.e.a).getBytes(StringUtils.a);
            ObjectMetadata objectMetadata = b.i;
            if (objectMetadata == null) {
                objectMetadata = new ObjectMetadata();
                b.i = objectMetadata;
            }
            objectMetadata.a(bytes.length);
            objectMetadata.a("x-amz-crypto-instr-file", "");
            b.i = objectMetadata;
            b.h = new ByteArrayInputStream(bytes);
            s3Direct.a(b);
            return a2;
        } catch (Throwable th) {
            S3DataSource.Utils.a(putObjectRequest, file, inputStream, putObjectRequest2.h);
            throw th;
        }
    }

    protected abstract long a(long j);

    abstract <I extends CipherLiteInputStream> SdkFilterInputStream a(I i, long j);

    abstract CipherLite a(T t);

    abstract T a(InitiateMultipartUploadRequest initiateMultipartUploadRequest, ContentCryptoMaterial contentCryptoMaterial);

    /* JADX INFO: Access modifiers changed from: package-private */
    public final S3ObjectWrapper a(S3ObjectId s3ObjectId, String str) {
        try {
            S3Object a = this.g.a(new GetObjectRequest(s3ObjectId.a(str)));
            if (a == null) {
                return null;
            }
            return new S3ObjectWrapper(a, s3ObjectId);
        } catch (AmazonServiceException e) {
            if (this.b.a()) {
                this.b.b("Unable to retrieve instruction file : " + e.getMessage());
            }
            return null;
        }
    }

    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModule
    public final CompleteMultipartUploadResult a(CompleteMultipartUploadRequest completeMultipartUploadRequest) {
        a(completeMultipartUploadRequest, AmazonS3EncryptionClient.i);
        String str = completeMultipartUploadRequest.g;
        T t = this.f.get(str);
        if (t != null && !t.d) {
            throw new AmazonClientException("Unable to complete an encrypted multipart upload without being told which part was the last.  Without knowing which part was the last, the encrypted data in Amazon S3 is incomplete and corrupt.");
        }
        CompleteMultipartUploadResult a = this.g.a(completeMultipartUploadRequest);
        if (t != null && this.e.b == CryptoStorageMode.InstructionFile) {
            S3Direct s3Direct = this.g;
            String str2 = t.b;
            String str3 = t.c;
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(t.f.a(this.e.a).getBytes(StringUtils.a));
            ObjectMetadata objectMetadata = new ObjectMetadata();
            objectMetadata.a(r1.length);
            objectMetadata.a("x-amz-crypto-instr-file", "");
            InstructionFileId a2 = new S3ObjectId(str2, str3).a();
            s3Direct.a(new PutObjectRequest(a2.a, a2.b, byteArrayInputStream, objectMetadata));
        }
        this.f.remove(str);
        return a;
    }

    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModule
    public final CopyPartResult a(CopyPartRequest copyPartRequest) {
        T t = this.f.get(copyPartRequest.e);
        CopyPartResult a = this.g.a(copyPartRequest);
        if (t != null && !t.d) {
            t.d = true;
        }
        return a;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModule
    public final InitiateMultipartUploadResult a(InitiateMultipartUploadRequest initiateMultipartUploadRequest) {
        a(initiateMultipartUploadRequest, AmazonS3EncryptionClient.i);
        ContentCryptoMaterial a = a((AmazonWebServiceRequest) initiateMultipartUploadRequest);
        if (this.e.b == CryptoStorageMode.ObjectMetadata) {
            ObjectMetadata objectMetadata = initiateMultipartUploadRequest.i;
            if (objectMetadata == null) {
                objectMetadata = new ObjectMetadata();
            }
            initiateMultipartUploadRequest.i = a(objectMetadata, (File) null, a);
        }
        InitiateMultipartUploadResult a2 = this.g.a(initiateMultipartUploadRequest);
        T a3 = a(initiateMultipartUploadRequest, a);
        if (initiateMultipartUploadRequest instanceof MaterialsDescriptionProvider) {
            Map<String, String> b_ = ((MaterialsDescriptionProvider) initiateMultipartUploadRequest).b_();
            a3.e = b_ != null ? Collections.unmodifiableMap(new HashMap(b_)) : null;
        }
        this.f.put(a2.c, a3);
        return a2;
    }

    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModule
    public final PutObjectResult a(PutObjectRequest putObjectRequest) {
        a(putObjectRequest, AmazonS3EncryptionClient.i);
        return this.e.b == CryptoStorageMode.InstructionFile ? c(putObjectRequest) : b(putObjectRequest);
    }

    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModule
    public final UploadPartResult a(UploadPartRequest uploadPartRequest) {
        SdkFilterInputStream sdkFilterInputStream;
        a(uploadPartRequest, AmazonS3EncryptionClient.i);
        int d = this.d.d();
        boolean z = uploadPartRequest.q;
        String str = uploadPartRequest.j;
        long j = uploadPartRequest.l;
        boolean z2 = 0 == j % ((long) d);
        if (!z && !z2) {
            throw new AmazonClientException("Invalid part size: part sizes for encrypted multipart uploads must be multiples of the cipher block size (" + d + ") with the exception of the last part.");
        }
        T t = this.f.get(str);
        if (t == null) {
            throw new AmazonClientException("No client-side information available on upload ID ".concat(String.valueOf(str)));
        }
        int i = uploadPartRequest.k;
        if (i <= 0) {
            throw new IllegalArgumentException("part number must be at least 1");
        }
        if (t.h) {
            throw new AmazonClientException("Parts are required to be uploaded in series");
        }
        synchronized (t) {
            if (i - t.g > 1) {
                throw new AmazonClientException("Parts are required to be uploaded in series (partNumber=" + t.g + ", nextPartNumber=" + i + ")");
            }
            t.g = i;
            t.h = true;
        }
        CipherLite a = a((S3CryptoModuleBase<T>) t);
        File file = uploadPartRequest.o;
        InputStream inputStream = uploadPartRequest.n;
        try {
            CipherLiteInputStream a2 = a(uploadPartRequest, a);
            try {
                sdkFilterInputStream = a((S3CryptoModuleBase<T>) a2, j);
                try {
                    uploadPartRequest.n = sdkFilterInputStream;
                    uploadPartRequest.o = null;
                    uploadPartRequest.p = 0L;
                    if (z) {
                        long b = b(uploadPartRequest);
                        if (b > -1) {
                            uploadPartRequest.l = b;
                        }
                        if (t.d) {
                            throw new AmazonClientException("This part was specified as the last part in a multipart upload, but a previous part was already marked as the last part.  Only the last part of the upload should be marked as the last part.");
                        }
                    }
                    UploadPartResult a3 = this.g.a(uploadPartRequest);
                    S3DataSource.Utils.a(uploadPartRequest, file, inputStream, sdkFilterInputStream);
                    t.h = false;
                    if (z) {
                        t.d = true;
                    }
                    a((S3CryptoModuleBase<T>) t, sdkFilterInputStream);
                    return a3;
                } catch (Throwable th) {
                    th = th;
                    S3DataSource.Utils.a(uploadPartRequest, file, inputStream, sdkFilterInputStream);
                    t.h = false;
                    throw th;
                }
            } catch (Throwable th2) {
                th = th2;
                sdkFilterInputStream = a2;
            }
        } catch (Throwable th3) {
            th = th3;
            sdkFilterInputStream = null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void a(ContentCryptoMaterial contentCryptoMaterial, S3ObjectWrapper s3ObjectWrapper) {
    }

    abstract void a(T t, SdkFilterInputStream sdkFilterInputStream);

    @Override // com.amazonaws.services.s3.internal.crypto.S3CryptoModule
    public final void a(AbortMultipartUploadRequest abortMultipartUploadRequest) {
        this.g.a(abortMultipartUploadRequest);
        this.f.remove(abortMultipartUploadRequest.g);
    }

    abstract long b(UploadPartRequest uploadPartRequest);
}
