package com.amazonaws.services.s3.internal.crypto;

import androidx.core.app.s0;
import com.amazonaws.AmazonClientException;
import com.amazonaws.AmazonWebServiceRequest;
import com.amazonaws.services.kms.AWSKMSClient;
import com.amazonaws.services.kms.model.DecryptRequest;
import com.amazonaws.services.kms.model.EncryptRequest;
import com.amazonaws.services.s3.Headers;
import com.amazonaws.services.s3.KeyWrapException;
import com.amazonaws.services.s3.model.CryptoMode;
import com.amazonaws.services.s3.model.EncryptionMaterials;
import com.amazonaws.services.s3.model.EncryptionMaterialsProvider;
import com.amazonaws.services.s3.model.ExtraMaterialsDescription;
import com.amazonaws.services.s3.model.KMSEncryptionMaterials;
import com.amazonaws.services.s3.model.MaterialsDescriptionProvider;
import com.amazonaws.services.s3.model.ObjectMetadata;
import com.amazonaws.util.Base64;
import com.amazonaws.util.BinaryUtils;
import com.amazonaws.util.json.JsonUtils;
import com.google.common.reflect.m0;
import java.nio.ByteBuffer;
import java.security.Key;
import java.security.Provider;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.TreeMap;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes2.dex */
public final class d {

    /* renamed from: a, reason: collision with root package name */
    public final String f13582a;

    /* renamed from: b, reason: collision with root package name */
    public final c f13583b;

    /* renamed from: c, reason: collision with root package name */
    public final Map f13584c;
    public final byte[] d;

    public d(Map map, byte[] bArr, String str, c cVar) {
        this.f13583b = cVar;
        this.f13582a = str;
        this.d = (byte[]) bArr.clone();
        this.f13584c = map;
    }

    public static SecretKey a(byte[] bArr, String str, EncryptionMaterials encryptionMaterials, Provider provider, e eVar, AWSKMSClient aWSKMSClient) {
        Key symmetricKey;
        if ("kms".equals(str)) {
            return new SecretKeySpec(BinaryUtils.copyAllBytesFrom(aWSKMSClient.decrypt(new DecryptRequest().withEncryptionContext(encryptionMaterials.getMaterialsDescription()).withCiphertextBlob(ByteBuffer.wrap(bArr))).getPlaintext()), eVar.e());
        }
        if (encryptionMaterials.getKeyPair() != null) {
            symmetricKey = encryptionMaterials.getKeyPair().getPrivate();
            if (symmetricKey == null) {
                throw new AmazonClientException("Key encrypting key not available");
            }
        } else {
            symmetricKey = encryptionMaterials.getSymmetricKey();
            if (symmetricKey == null) {
                throw new AmazonClientException("Key encrypting key not available");
            }
        }
        try {
            if (str != null) {
                Cipher cipher = provider == null ? Cipher.getInstance(str) : Cipher.getInstance(str, provider);
                cipher.init(4, symmetricKey);
                return (SecretKey) cipher.unwrap(bArr, str, 3);
            }
            Cipher cipher2 = provider != null ? Cipher.getInstance(symmetricKey.getAlgorithm(), provider) : Cipher.getInstance(symmetricKey.getAlgorithm());
            cipher2.init(2, symmetricKey);
            return new SecretKeySpec(cipher2.doFinal(bArr), JceEncryptionConstants.SYMMETRIC_KEY_ALGORITHM);
        } catch (Exception e10) {
            throw new AmazonClientException("Unable to decrypt symmetric key from object metadata", e10);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static d b(SecretKey secretKey, byte[] bArr, EncryptionMaterials encryptionMaterials, e eVar, o oVar, Provider provider, AWSKMSClient aWSKMSClient, AmazonWebServiceRequest amazonWebServiceRequest) {
        m0 m0Var;
        m0 m0Var2;
        Map<String, String> materialsDescription;
        q qVar = oVar.f13605a;
        SecureRandom secureRandom = o.f13604c;
        if (encryptionMaterials.isKMSEnabled()) {
            Map<String, String> materialsDescription2 = encryptionMaterials.getMaterialsDescription();
            if ((amazonWebServiceRequest instanceof MaterialsDescriptionProvider) && (materialsDescription = ((MaterialsDescriptionProvider) amazonWebServiceRequest).getMaterialsDescription()) != null) {
                TreeMap treeMap = new TreeMap(materialsDescription2);
                treeMap.putAll(materialsDescription);
                materialsDescription2 = treeMap;
            }
            EncryptRequest withPlaintext = new EncryptRequest().withEncryptionContext(materialsDescription2).withKeyId(encryptionMaterials.getCustomerMasterKeyId()).withPlaintext(ByteBuffer.wrap(secretKey.getEncoded()));
            withPlaintext.withGeneralProgressListener(amazonWebServiceRequest.getGeneralProgressListener()).withRequestMetricCollector(amazonWebServiceRequest.getRequestMetricCollector());
            m0Var2 = new h(BinaryUtils.copyAllBytesFrom(aWSKMSClient.encrypt(withPlaintext).getCiphertextBlob()), materialsDescription2);
        } else {
            Map<String, String> materialsDescription3 = encryptionMaterials.getMaterialsDescription();
            Key key = encryptionMaterials.getKeyPair() != null ? encryptionMaterials.getKeyPair().getPublic() : encryptionMaterials.getSymmetricKey();
            String a8 = qVar.a(key, provider);
            try {
                if (a8 != null) {
                    Cipher cipher = provider == null ? Cipher.getInstance(a8) : Cipher.getInstance(a8, provider);
                    cipher.init(3, key, secureRandom);
                    m0Var = new m0(a8, cipher.wrap(secretKey), materialsDescription3);
                } else {
                    byte[] encoded = secretKey.getEncoded();
                    String algorithm = key.getAlgorithm();
                    Cipher cipher2 = provider != null ? Cipher.getInstance(algorithm, provider) : Cipher.getInstance(algorithm);
                    cipher2.init(1, key);
                    m0Var = new m0((String) null, cipher2.doFinal(encoded), materialsDescription3);
                }
                m0Var2 = m0Var;
            } catch (Exception e10) {
                throw new AmazonClientException("Unable to encrypt symmetric key", e10);
            }
        }
        return new d((Map) m0Var2.d, (byte[]) m0Var2.f19870b, (String) m0Var2.f19871c, eVar.a(secretKey, 1, provider, bArr));
    }

    public static d c(Map map, EncryptionMaterialsProvider encryptionMaterialsProvider, Provider provider, long[] jArr, ExtraMaterialsDescription extraMaterialsDescription, boolean z2, AWSKMSClient aWSKMSClient) {
        EncryptionMaterials encryptionMaterials;
        int parseInt;
        String str = (String) map.get(Headers.CRYPTO_KEY_V2);
        if (str == null && (str = (String) map.get(Headers.CRYPTO_KEY)) == null) {
            throw new AmazonClientException("Content encrypting key not found.");
        }
        byte[] decode = Base64.decode(str);
        byte[] decode2 = Base64.decode((String) map.get(Headers.CRYPTO_IV));
        if (decode == null || decode2 == null) {
            throw new AmazonClientException("Necessary encryption info not found in the instruction file " + map);
        }
        String str2 = (String) map.get(Headers.CRYPTO_KEYWRAP_ALGORITHM);
        boolean equals = "kms".equals(str2);
        Map<String, String> jsonToMap = JsonUtils.jsonToMap((String) map.get(Headers.MATERIALS_DESCRIPTION));
        Map<String, String> unmodifiableMap = jsonToMap == null ? null : Collections.unmodifiableMap(jsonToMap);
        Map<String, String> mergeInto = (extraMaterialsDescription == null || equals) ? unmodifiableMap : extraMaterialsDescription.mergeInto(unmodifiableMap);
        if (equals) {
            KMSEncryptionMaterials kMSEncryptionMaterials = new KMSEncryptionMaterials(unmodifiableMap.get(KMSEncryptionMaterials.CUSTOMER_MASTER_KEY_ID));
            kMSEncryptionMaterials.addDescriptions(unmodifiableMap);
            encryptionMaterials = kMSEncryptionMaterials;
        } else {
            EncryptionMaterials encryptionMaterials2 = encryptionMaterialsProvider != null ? encryptionMaterialsProvider.getEncryptionMaterials(mergeInto) : null;
            if (encryptionMaterials2 == null) {
                throw new AmazonClientException("Unable to retrieve the encryption materials that originally encrypted object corresponding to instruction file " + map);
            }
            encryptionMaterials = encryptionMaterials2;
        }
        String str3 = (String) map.get(Headers.CRYPTO_CEK_ALGORITHM);
        boolean z3 = jArr != null;
        a b10 = e.b(str3, z3);
        if (z3) {
            decode2 = b10.i(decode2, jArr[0]);
        } else {
            int g10 = b10.g();
            if (g10 > 0 && g10 != (parseInt = Integer.parseInt((String) map.get(Headers.CRYPTO_TAG_LENGTH)))) {
                throw new AmazonClientException(s0.h("Unsupported tag length: ", parseInt, ", expected: ", g10));
            }
        }
        byte[] bArr = decode2;
        if (z2 && str2 == null) {
            throw new KeyWrapException("Missing key-wrap for the content-encrypting-key");
        }
        return new d(mergeInto, decode, str2, b10.a(a(decode, str2, encryptionMaterials, provider, b10, aWSKMSClient), 2, provider, bArr));
    }

    public static d d(ObjectMetadata objectMetadata, EncryptionMaterialsProvider encryptionMaterialsProvider, Provider provider, long[] jArr, ExtraMaterialsDescription extraMaterialsDescription, boolean z2, AWSKMSClient aWSKMSClient) {
        EncryptionMaterials encryptionMaterials;
        int parseInt;
        Map<String, String> userMetadata = objectMetadata.getUserMetadata();
        String str = userMetadata.get(Headers.CRYPTO_KEY_V2);
        if (str == null && (str = userMetadata.get(Headers.CRYPTO_KEY)) == null) {
            throw new AmazonClientException("Content encrypting key not found.");
        }
        byte[] decode = Base64.decode(str);
        byte[] decode2 = Base64.decode(userMetadata.get(Headers.CRYPTO_IV));
        if (decode == null || decode2 == null) {
            throw new AmazonClientException("Content encrypting key or IV not found.");
        }
        String str2 = userMetadata.get(Headers.MATERIALS_DESCRIPTION);
        String str3 = userMetadata.get(Headers.CRYPTO_KEYWRAP_ALGORITHM);
        boolean equals = "kms".equals(str3);
        Map<String, String> jsonToMap = JsonUtils.jsonToMap(str2);
        Map<String, String> unmodifiableMap = jsonToMap == null ? null : Collections.unmodifiableMap(jsonToMap);
        Map<String, String> mergeInto = (equals || extraMaterialsDescription == null) ? unmodifiableMap : extraMaterialsDescription.mergeInto(unmodifiableMap);
        if (equals) {
            KMSEncryptionMaterials kMSEncryptionMaterials = new KMSEncryptionMaterials(unmodifiableMap.get(KMSEncryptionMaterials.CUSTOMER_MASTER_KEY_ID));
            kMSEncryptionMaterials.addDescriptions(unmodifiableMap);
            encryptionMaterials = kMSEncryptionMaterials;
        } else {
            EncryptionMaterials encryptionMaterials2 = encryptionMaterialsProvider != null ? encryptionMaterialsProvider.getEncryptionMaterials(mergeInto) : null;
            if (encryptionMaterials2 == null) {
                throw new AmazonClientException("Unable to retrieve the client encryption materials");
            }
            encryptionMaterials = encryptionMaterials2;
        }
        String str4 = userMetadata.get(Headers.CRYPTO_CEK_ALGORITHM);
        boolean z3 = jArr != null;
        a b10 = e.b(str4, z3);
        if (z3) {
            decode2 = b10.i(decode2, jArr[0]);
        } else {
            int g10 = b10.g();
            if (g10 > 0 && g10 != (parseInt = Integer.parseInt(userMetadata.get(Headers.CRYPTO_TAG_LENGTH)))) {
                throw new AmazonClientException(s0.h("Unsupported tag length: ", parseInt, ", expected: ", g10));
            }
        }
        byte[] bArr = decode2;
        if (z2 && str3 == null) {
            throw new KeyWrapException("Missing key-wrap for the content-encrypting-key");
        }
        return new d(mergeInto, decode, str3, b10.a(a(decode, str3, encryptionMaterials, provider, b10, aWSKMSClient), 2, provider, bArr));
    }

    public final String e() {
        Map map = this.f13584c;
        if (map == null) {
            map = Collections.emptyMap();
        }
        return JsonUtils.mapToString(map);
    }

    public final d f(EncryptionMaterials encryptionMaterials, EncryptionMaterialsProvider encryptionMaterialsProvider, o oVar, Provider provider, AWSKMSClient aWSKMSClient, AmazonWebServiceRequest amazonWebServiceRequest) {
        boolean i10 = i();
        Map<String, String> map = this.f13584c;
        if (!i10 && encryptionMaterials.getMaterialsDescription().equals(map)) {
            throw new SecurityException("Material description of the new KEK must differ from the current one");
        }
        EncryptionMaterials kMSEncryptionMaterials = i() ? new KMSEncryptionMaterials(map.get(KMSEncryptionMaterials.CUSTOMER_MASTER_KEY_ID)) : encryptionMaterialsProvider.getEncryptionMaterials(map);
        byte[] bArr = this.d;
        String str = this.f13582a;
        c cVar = this.f13583b;
        d b10 = b(a(bArr, str, kMSEncryptionMaterials, provider, cVar.f13580b, aWSKMSClient), cVar.b(), encryptionMaterials, cVar.f13580b, oVar, provider, aWSKMSClient, amazonWebServiceRequest);
        if (Arrays.equals(b10.d, this.d)) {
            throw new SecurityException("The new KEK must differ from the original");
        }
        return b10;
    }

    public final d g(Map map, EncryptionMaterialsProvider encryptionMaterialsProvider, o oVar, Provider provider, AWSKMSClient aWSKMSClient, AmazonWebServiceRequest amazonWebServiceRequest) {
        boolean i10 = i();
        Map<String, String> map2 = this.f13584c;
        if (!i10 && map.equals(map2)) {
            throw new SecurityException("Material description of the new KEK must differ from the current one");
        }
        EncryptionMaterials kMSEncryptionMaterials = i() ? new KMSEncryptionMaterials(map2.get(KMSEncryptionMaterials.CUSTOMER_MASTER_KEY_ID)) : encryptionMaterialsProvider.getEncryptionMaterials(map2);
        EncryptionMaterials encryptionMaterials = encryptionMaterialsProvider.getEncryptionMaterials(map);
        if (encryptionMaterials == null) {
            throw new AmazonClientException("No material available with the description " + map + " from the encryption material provider");
        }
        byte[] bArr = this.d;
        String str = this.f13582a;
        c cVar = this.f13583b;
        d b10 = b(a(bArr, str, kMSEncryptionMaterials, provider, cVar.f13580b, aWSKMSClient), cVar.b(), encryptionMaterials, cVar.f13580b, oVar, provider, aWSKMSClient, amazonWebServiceRequest);
        if (Arrays.equals(b10.d, this.d)) {
            throw new SecurityException("The new KEK must differ from the original");
        }
        return b10;
    }

    public final String h(CryptoMode cryptoMode) {
        CryptoMode cryptoMode2 = CryptoMode.EncryptionOnly;
        byte[] bArr = this.d;
        c cVar = this.f13583b;
        if (cryptoMode == cryptoMode2 && !i()) {
            HashMap hashMap = new HashMap();
            hashMap.put(Headers.CRYPTO_KEY, Base64.encodeAsString((byte[]) bArr.clone()));
            hashMap.put(Headers.CRYPTO_IV, Base64.encodeAsString(cVar.b()));
            hashMap.put(Headers.MATERIALS_DESCRIPTION, e());
            return JsonUtils.mapToString(hashMap);
        }
        HashMap hashMap2 = new HashMap();
        hashMap2.put(Headers.CRYPTO_KEY_V2, Base64.encodeAsString((byte[]) bArr.clone()));
        hashMap2.put(Headers.CRYPTO_IV, Base64.encodeAsString(cVar.b()));
        hashMap2.put(Headers.MATERIALS_DESCRIPTION, e());
        e eVar = cVar.f13580b;
        hashMap2.put(Headers.CRYPTO_CEK_ALGORITHM, eVar.d());
        int g10 = eVar.g();
        if (g10 > 0) {
            hashMap2.put(Headers.CRYPTO_TAG_LENGTH, String.valueOf(g10));
        }
        String str = this.f13582a;
        if (str != null) {
            hashMap2.put(Headers.CRYPTO_KEYWRAP_ALGORITHM, str);
        }
        return JsonUtils.mapToString(hashMap2);
    }

    public final boolean i() {
        return "kms".equals(this.f13582a);
    }
}
