package com.amazonaws.services.s3.internal.crypto;

import com.amazonaws.AmazonClientException;
import com.amazonaws.services.s3.model.EncryptionMaterials;
import com.amazonaws.services.s3.model.EncryptionMaterialsAccessor;
import com.amazonaws.services.s3.model.ObjectMetadata;
import com.amazonaws.services.s3.model.S3Object;
import com.amazonaws.util.Base64;
import com.amazonaws.util.StringUtils;
import com.amazonaws.util.json.JsonUtils;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.security.Provider;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

/* loaded from: classes10.dex */
final class ContentCryptoMaterial {
    private final CipherLite cipherLite;
    private final byte[] encryptedCEK;
    private final Map<String, String> kekMaterialsDescription;
    private final String keyWrappingAlgorithm;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ContentCryptoMaterial(Map<String, String> map, byte[] bArr, String str, CipherLite cipherLite) {
        this.cipherLite = cipherLite;
        this.keyWrappingAlgorithm = str;
        this.encryptedCEK = (byte[]) bArr.clone();
        this.kekMaterialsDescription = map;
    }

    private static SecretKey cek(byte[] bArr, String str, EncryptionMaterials encryptionMaterials, Provider provider) {
        SecretKey secretKey = encryptionMaterials.foO() != null ? encryptionMaterials.foO().getPrivate() : encryptionMaterials.foP();
        try {
            if (str != null) {
                Cipher cipher = provider == null ? Cipher.getInstance(str) : Cipher.getInstance(str, provider);
                cipher.init(4, secretKey);
                return (SecretKey) cipher.unwrap(bArr, str, 3);
            }
            Cipher cipher2 = provider != null ? Cipher.getInstance(secretKey.getAlgorithm(), provider) : Cipher.getInstance(secretKey.getAlgorithm());
            cipher2.init(2, secretKey);
            return new SecretKeySpec(cipher2.doFinal(bArr), JceEncryptionConstants.SYMMETRIC_KEY_ALGORITHM);
        } catch (Exception e) {
            throw new AmazonClientException("Unable to decrypt symmetric key from object metadata : " + e.getMessage(), e);
        }
    }

    private static String convertStreamToString(InputStream inputStream) throws IOException {
        if (inputStream == null) {
            return "";
        }
        StringBuilder sb = new StringBuilder();
        try {
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream, StringUtils.rJR));
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    inputStream.close();
                    return sb.toString();
                }
                sb.append(readLine);
            }
        } catch (Throwable th) {
            inputStream.close();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ContentCryptoMaterial fromInstructionFile(Map<String, String> map, EncryptionMaterialsAccessor encryptionMaterialsAccessor, Provider provider, long[] jArr) {
        return fromInstructionFile0(map, encryptionMaterialsAccessor, provider, jArr);
    }

    private static ContentCryptoMaterial fromInstructionFile0(Map<String, String> map, EncryptionMaterialsAccessor encryptionMaterialsAccessor, Provider provider, long[] jArr) {
        byte[] bArr;
        int parseInt;
        String str = map.get("x-amz-key-v2");
        if (str == null && (str = map.get("x-amz-key")) == null) {
            throw new AmazonClientException("Content encrypting key not found.");
        }
        byte[] decode = Base64.decode(str);
        byte[] decode2 = Base64.decode(map.get("x-amz-iv"));
        if (decode == null || decode2 == null) {
            throw new AmazonClientException("Necessary encryption info not found in the instruction file " + map);
        }
        Map<String, String> matdescFromJson = matdescFromJson(map.get("x-amz-matdesc"));
        EncryptionMaterials v = encryptionMaterialsAccessor == null ? null : encryptionMaterialsAccessor.v(matdescFromJson);
        if (v == null) {
            throw new AmazonClientException("Unable to retrieve the encryption materials that originally encrypted object corresponding to instruction file " + map);
        }
        String str2 = map.get("x-amz-cek-alg");
        boolean z = jArr != null;
        ContentCryptoScheme fromCEKAlgo = ContentCryptoScheme.fromCEKAlgo(str2, z);
        if (z) {
            bArr = fromCEKAlgo.adjustIV(decode2, jArr[0]);
        } else {
            int tagLengthInBits = fromCEKAlgo.getTagLengthInBits();
            if (tagLengthInBits > 0 && tagLengthInBits != (parseInt = Integer.parseInt(map.get("x-amz-tag-len")))) {
                throw new AmazonClientException("Unsupported tag length: " + parseInt + ", expected: " + tagLengthInBits);
            }
            bArr = decode2;
        }
        String str3 = map.get("x-amz-wrap-alg");
        return new ContentCryptoMaterial(matdescFromJson, decode, str3, fromCEKAlgo.createCipherLite(cek(decode, str3, v, provider), bArr, 2, provider));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ContentCryptoMaterial fromObjectMetadata(ObjectMetadata objectMetadata, EncryptionMaterialsAccessor encryptionMaterialsAccessor, Provider provider, long[] jArr) {
        byte[] bArr;
        int parseInt;
        Map<String, String> fpi = objectMetadata.fpi();
        String str = fpi.get("x-amz-key-v2");
        if (str == null && (str = fpi.get("x-amz-key")) == null) {
            throw new AmazonClientException("Content encrypting key not found.");
        }
        byte[] decode = Base64.decode(str);
        byte[] decode2 = Base64.decode(fpi.get("x-amz-iv"));
        if (decode == null || decode2 == null) {
            throw new AmazonClientException("Content encrypting key or IV not found.");
        }
        Map<String, String> matdescFromJson = matdescFromJson(fpi.get("x-amz-matdesc"));
        EncryptionMaterials v = encryptionMaterialsAccessor == null ? null : encryptionMaterialsAccessor.v(matdescFromJson);
        if (v == null) {
            throw new AmazonClientException("Unable to retrieve the client encryption materials");
        }
        String str2 = fpi.get("x-amz-cek-alg");
        boolean z = jArr != null;
        ContentCryptoScheme fromCEKAlgo = ContentCryptoScheme.fromCEKAlgo(str2, z);
        if (z) {
            bArr = fromCEKAlgo.adjustIV(decode2, jArr[0]);
        } else {
            int tagLengthInBits = fromCEKAlgo.getTagLengthInBits();
            if (tagLengthInBits > 0 && tagLengthInBits != (parseInt = Integer.parseInt(fpi.get("x-amz-tag-len")))) {
                throw new AmazonClientException("Unsupported tag length: " + parseInt + ", expected: " + tagLengthInBits);
            }
            bArr = decode2;
        }
        String str3 = fpi.get("x-amz-wrap-alg");
        return new ContentCryptoMaterial(matdescFromJson, decode, str3, fromCEKAlgo.createCipherLite(cek(decode, str3, v, provider), bArr, 2, provider));
    }

    private String kekMaterialDescAsJson() {
        Map<String, String> kEKMaterialsDescription = getKEKMaterialsDescription();
        if (kEKMaterialsDescription == null) {
            kEKMaterialsDescription = Collections.emptyMap();
        }
        return JsonUtils.x(kEKMaterialsDescription);
    }

    private static Map<String, String> matdescFromJson(String str) {
        Map<String, String> Oe;
        if (str == null || (Oe = JsonUtils.Oe(str)) == null) {
            return null;
        }
        return Collections.unmodifiableMap(Oe);
    }

    static String parseInstructionFile(S3Object s3Object) {
        try {
            return convertStreamToString(s3Object.getObjectContent());
        } catch (Exception e) {
            throw new AmazonClientException("Error parsing JSON instruction file: " + e.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final CipherLite getCipherLite() {
        return this.cipherLite;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final ContentCryptoScheme getContentCryptoScheme() {
        return this.cipherLite.getContentCryptoScheme();
    }

    final byte[] getEncryptedCEK() {
        return (byte[]) this.encryptedCEK.clone();
    }

    final Map<String, String> getKEKMaterialsDescription() {
        return this.kekMaterialsDescription;
    }

    final String getKeyWrappingAlgorithm() {
        return this.keyWrappingAlgorithm;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final String toJsonString() {
        HashMap hashMap = new HashMap();
        hashMap.put("x-amz-key-v2", Base64.ay(getEncryptedCEK()));
        hashMap.put("x-amz-iv", Base64.ay(this.cipherLite.getIV()));
        hashMap.put("x-amz-matdesc", kekMaterialDescAsJson());
        ContentCryptoScheme contentCryptoScheme = getContentCryptoScheme();
        hashMap.put("x-amz-cek-alg", contentCryptoScheme.getCipherAlgorithm());
        int tagLengthInBits = contentCryptoScheme.getTagLengthInBits();
        if (tagLengthInBits > 0) {
            hashMap.put("x-amz-tag-len", String.valueOf(tagLengthInBits));
        }
        String keyWrappingAlgorithm = getKeyWrappingAlgorithm();
        if (keyWrappingAlgorithm != null) {
            hashMap.put("x-amz-wrap-alg", keyWrappingAlgorithm);
        }
        return JsonUtils.x(hashMap);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final ObjectMetadata toObjectMetadata(ObjectMetadata objectMetadata) {
        objectMetadata.ec("x-amz-key-v2", Base64.ay(getEncryptedCEK()));
        objectMetadata.ec("x-amz-iv", Base64.ay(this.cipherLite.getIV()));
        objectMetadata.ec("x-amz-matdesc", kekMaterialDescAsJson());
        ContentCryptoScheme contentCryptoScheme = getContentCryptoScheme();
        objectMetadata.ec("x-amz-cek-alg", contentCryptoScheme.getCipherAlgorithm());
        int tagLengthInBits = contentCryptoScheme.getTagLengthInBits();
        if (tagLengthInBits > 0) {
            objectMetadata.ec("x-amz-tag-len", String.valueOf(tagLengthInBits));
        }
        String keyWrappingAlgorithm = getKeyWrappingAlgorithm();
        if (keyWrappingAlgorithm != null) {
            objectMetadata.ec("x-amz-wrap-alg", keyWrappingAlgorithm);
        }
        return objectMetadata;
    }
}
