package com.amazonaws.services.s3.internal.crypto;

import com.amazonaws.AmazonClientException;
import com.amazonaws.services.s3.internal.InputSubstream;
import com.amazonaws.services.s3.internal.RepeatableCipherInputStream;
import com.amazonaws.services.s3.internal.RepeatableFileInputStream;
import com.amazonaws.services.s3.model.EncryptionMaterials;
import com.amazonaws.services.s3.model.EncryptionMaterialsProvider;
import com.amazonaws.services.s3.model.ObjectMetadata;
import com.amazonaws.services.s3.model.PutObjectRequest;
import com.amazonaws.services.s3.model.UploadPartRequest;
import com.amazonaws.util.json.JSONException;
import com.amazonaws.util.json.JSONObject;
import java.io.FilterInputStream;
import java.io.InputStream;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.SecureRandom;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import org.apache.commons.codec.binary.Base64;

/* loaded from: classes.dex */
public final class EncryptionUtils {
    public static JSONObject convertInstructionToJSONObject(EncryptionInstruction encryptionInstruction) {
        JSONObject jSONObject = new JSONObject();
        try {
            JSONObject jSONObject2 = new JSONObject((Map) encryptionInstruction.materialsDescription);
            byte[] encodeBase64 = Base64.encodeBase64(encryptionInstruction.symmetricCipher.getIV());
            byte[] encodeBase642 = Base64.encodeBase64(encryptionInstruction.encryptedSymmetricKey);
            jSONObject.put("x-amz-matdesc", jSONObject2.toString());
            jSONObject.put("x-amz-key", new String(encodeBase642));
            jSONObject.put("x-amz-iv", new String(encodeBase64));
        } catch (JSONException e) {
        }
        return jSONObject;
    }

    public static Cipher createSymmetricCipher(SecretKey secretKey, int i, Provider provider, byte[] bArr) {
        try {
            Cipher cipher = provider != null ? Cipher.getInstance(JceEncryptionConstants.SYMMETRIC_CIPHER_METHOD, provider) : Cipher.getInstance(JceEncryptionConstants.SYMMETRIC_CIPHER_METHOD);
            if (bArr != null) {
                cipher.init(i, secretKey, new IvParameterSpec(bArr));
            } else {
                cipher.init(i, secretKey);
            }
            return cipher;
        } catch (Exception e) {
            throw new AmazonClientException("Unable to build cipher: " + e.getMessage() + "\nMake sure you have the JCE unlimited strength policy files installed and configured for your JVM: http://www.ngs.ac.uk/tools/jcepolicyfiles", e);
        }
    }

    public static PutObjectRequest encryptRequestUsingInstruction(PutObjectRequest putObjectRequest, EncryptionInstruction encryptionInstruction) {
        long j;
        ObjectMetadata objectMetadata = putObjectRequest.metadata;
        if (objectMetadata == null) {
            objectMetadata = new ObjectMetadata();
        }
        if (objectMetadata.getContentMD5() != null) {
            objectMetadata.addUserMetadata("x-amz-unencrypted-content-md5", objectMetadata.getContentMD5());
        }
        objectMetadata.setContentMD5(null);
        long unencryptedContentLength = getUnencryptedContentLength(putObjectRequest, objectMetadata);
        if (unencryptedContentLength >= 0) {
            objectMetadata.addUserMetadata("x-amz-unencrypted-content-length", Long.toString(unencryptedContentLength));
        }
        Cipher cipher = encryptionInstruction.symmetricCipher;
        long unencryptedContentLength2 = getUnencryptedContentLength(putObjectRequest, objectMetadata);
        if (unencryptedContentLength2 == 0) {
            j = 0;
        } else if (unencryptedContentLength2 < 0) {
            j = -1;
        } else {
            long blockSize = cipher.getBlockSize();
            j = (blockSize - (unencryptedContentLength2 % blockSize)) + unencryptedContentLength2;
        }
        if (j >= 0) {
            objectMetadata.setContentLength(j);
        }
        putObjectRequest.metadata = objectMetadata;
        putObjectRequest.inputStream = getEncryptedInputStream(putObjectRequest, encryptionInstruction.symmetricCipherFactory);
        putObjectRequest.file = null;
        return putObjectRequest;
    }

    public static EncryptionInstruction generateInstruction(EncryptionMaterialsProvider encryptionMaterialsProvider, Provider provider) {
        SecretKey generateOneTimeUseSymmetricKey = generateOneTimeUseSymmetricKey();
        CipherFactory cipherFactory = new CipherFactory(generateOneTimeUseSymmetricKey, 1, null, provider);
        return new EncryptionInstruction(new HashMap(), getEncryptedSymmetricKey(generateOneTimeUseSymmetricKey, encryptionMaterialsProvider.getEncryptionMaterials(), provider), generateOneTimeUseSymmetricKey, cipherFactory);
    }

    public static SecretKey generateOneTimeUseSymmetricKey() {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(JceEncryptionConstants.SYMMETRIC_KEY_ALGORITHM);
            keyGenerator.init(JceEncryptionConstants.SYMMETRIC_KEY_LENGTH, new SecureRandom());
            return keyGenerator.generateKey();
        } catch (NoSuchAlgorithmException e) {
            throw new AmazonClientException("Unable to generate envelope symmetric key:" + e.getMessage(), e);
        }
    }

    private static InputStream getEncryptedInputStream(PutObjectRequest putObjectRequest, CipherFactory cipherFactory) {
        try {
            InputStream inputStream = putObjectRequest.inputStream;
            if (putObjectRequest.file != null) {
                inputStream = new RepeatableFileInputStream(putObjectRequest.file);
            }
            return new RepeatableCipherInputStream(inputStream, cipherFactory);
        } catch (Exception e) {
            throw new AmazonClientException("Unable to create cipher input stream: " + e.getMessage(), e);
        }
    }

    public static InputStream getEncryptedInputStream(UploadPartRequest uploadPartRequest, CipherFactory cipherFactory) {
        try {
            InputStream inputStream = uploadPartRequest.inputStream;
            if (uploadPartRequest.file != null) {
                inputStream = new InputSubstream(new RepeatableFileInputStream(uploadPartRequest.file), uploadPartRequest.fileOffset, uploadPartRequest.partSize, uploadPartRequest.isLastPart);
            }
            FilterInputStream repeatableCipherInputStream = new RepeatableCipherInputStream(inputStream, cipherFactory);
            if (!uploadPartRequest.isLastPart) {
                repeatableCipherInputStream = new InputSubstream(repeatableCipherInputStream, 0L, uploadPartRequest.partSize, false);
            }
            long j = uploadPartRequest.partSize;
            return new ByteRangeCapturingInputStream(repeatableCipherInputStream, j - cipherFactory.createCipher().getBlockSize(), j);
        } catch (Exception e) {
            throw new AmazonClientException("Unable to create cipher input stream: " + e.getMessage(), e);
        }
    }

    public static byte[] getEncryptedSymmetricKey(SecretKey secretKey, EncryptionMaterials encryptionMaterials, Provider provider) {
        Key key = encryptionMaterials.keyPair != null ? encryptionMaterials.keyPair.getPublic() : encryptionMaterials.symmetricKey;
        try {
            byte[] encoded = secretKey.getEncoded();
            Cipher cipher = provider != null ? Cipher.getInstance(key.getAlgorithm(), provider) : Cipher.getInstance(key.getAlgorithm());
            cipher.init(1, key);
            return cipher.doFinal(encoded);
        } catch (Exception e) {
            throw new AmazonClientException("Unable to encrypt symmetric key: " + e.getMessage(), e);
        }
    }

    private static long getUnencryptedContentLength(PutObjectRequest putObjectRequest, ObjectMetadata objectMetadata) {
        if (putObjectRequest.file != null) {
            return putObjectRequest.file.length();
        }
        if (putObjectRequest.inputStream == null || objectMetadata.getContentLength() <= 0) {
            return -1L;
        }
        return objectMetadata.getContentLength();
    }

    public static void updateMetadata(ObjectMetadata objectMetadata, byte[] bArr, Cipher cipher, Map<String, String> map) {
        if (bArr != null) {
            objectMetadata.addUserMetadata("x-amz-key", new String(Base64.encodeBase64(bArr)));
        }
        objectMetadata.addUserMetadata("x-amz-iv", new String(Base64.encodeBase64(cipher.getIV())));
        objectMetadata.addUserMetadata("x-amz-matdesc", new JSONObject((Map) map).toString());
    }
}
