package com.amazonaws.services.s3.a.a;

import com.amazonaws.services.s3.Headers;
import com.amazonaws.services.s3.KeyWrapException;
import com.amazonaws.services.s3.model.ab;
import com.amazonaws.services.s3.model.az;
import com.amazonaws.services.s3.model.ba;
import com.amazonaws.services.s3.model.bd;
import com.amazonaws.services.s3.model.cp;
import com.amazonaws.services.s3.model.dg;
import com.amazonaws.services.s3.model.dm;
import java.nio.ByteBuffer;
import java.security.Key;
import java.security.Provider;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.TreeMap;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

/* compiled from: ContentCryptoMaterial.java */
@Deprecated
/* loaded from: classes.dex */
final class h {

    /* renamed from: a, reason: collision with root package name */
    private final String f1637a;

    /* renamed from: b, reason: collision with root package name */
    private final f f1638b;

    /* renamed from: c, reason: collision with root package name */
    private final Map<String, String> f1639c;

    /* renamed from: d, reason: collision with root package name */
    private final byte[] f1640d;

    h(Map<String, String> map, byte[] bArr, String str, f fVar) {
        this.f1638b = fVar;
        this.f1637a = str;
        this.f1640d = (byte[]) bArr.clone();
        this.f1639c = map;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static h a(dm dmVar, ba baVar, Provider provider, boolean z, com.amazonaws.services.kms.a aVar) {
        return b(dmVar, baVar, provider, (long[]) null, bd.f1836a, z, aVar);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static h a(dm dmVar, ba baVar, Provider provider, long[] jArr, bd bdVar, boolean z, com.amazonaws.services.kms.a aVar) {
        return b(dmVar, baVar, provider, jArr, bdVar, z, aVar);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static h a(Map<String, String> map, ba baVar, Provider provider, boolean z, com.amazonaws.services.kms.a aVar) {
        return b(map, baVar, provider, (long[]) null, bd.f1836a, z, aVar);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static h a(Map<String, String> map, ba baVar, Provider provider, long[] jArr, bd bdVar, boolean z, com.amazonaws.services.kms.a aVar) {
        return b(map, baVar, provider, jArr, bdVar, z, aVar);
    }

    public static h a(SecretKey secretKey, byte[] bArr, i iVar, Provider provider, z zVar) {
        return new h(zVar.c(), zVar.a(), zVar.b(), iVar.a(secretKey, bArr, 1, provider));
    }

    static h a(SecretKey secretKey, byte[] bArr, az azVar, i iVar, w wVar, Provider provider, com.amazonaws.services.kms.a aVar, com.amazonaws.e eVar) {
        return b(secretKey, bArr, azVar, iVar, wVar, provider, aVar, eVar);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static h a(SecretKey secretKey, byte[] bArr, az azVar, w wVar, Provider provider, com.amazonaws.services.kms.a aVar, com.amazonaws.e eVar) {
        return b(secretKey, bArr, azVar, wVar.b(), wVar, provider, aVar, eVar);
    }

    private static z a(SecretKey secretKey, az azVar, x xVar, SecureRandom secureRandom, Provider provider, com.amazonaws.services.kms.a aVar, com.amazonaws.e eVar) {
        if (azVar.e()) {
            Map<String, String> a2 = a(azVar, eVar);
            com.amazonaws.services.kms.model.c a3 = new com.amazonaws.services.kms.model.c().a(a2).a(azVar.f()).a(ByteBuffer.wrap(secretKey.getEncoded()));
            a3.b(eVar.d()).b(eVar.c());
            return new m(com.amazonaws.util.g.a(aVar.a(a3).a()), a2);
        }
        Map<String, String> c2 = azVar.c();
        Key key = azVar.a() != null ? azVar.a().getPublic() : azVar.b();
        String a4 = xVar.a(key, provider);
        try {
            if (a4 != null) {
                Cipher cipher = provider == null ? Cipher.getInstance(a4) : Cipher.getInstance(a4, provider);
                cipher.init(3, key, secureRandom);
                return new z(cipher.wrap(secretKey), a4, c2);
            }
            byte[] encoded = secretKey.getEncoded();
            String algorithm = key.getAlgorithm();
            Cipher cipher2 = provider != null ? Cipher.getInstance(algorithm, provider) : Cipher.getInstance(algorithm);
            cipher2.init(1, key);
            return new z(cipher2.doFinal(encoded), null, c2);
        } catch (Exception e2) {
            throw new com.amazonaws.b("Unable to encrypt symmetric key", e2);
        }
    }

    private dm a(dm dmVar) {
        dmVar.a(Headers.CRYPTO_KEY_V2, com.amazonaws.util.e.encodeAsString(f()));
        dmVar.a(Headers.CRYPTO_IV, com.amazonaws.util.e.encodeAsString(this.f1638b.e()));
        dmVar.a(Headers.MATERIALS_DESCRIPTION, i());
        i b2 = b();
        dmVar.a(Headers.CRYPTO_CEK_ALGORITHM, b2.b());
        int f2 = b2.f();
        if (f2 > 0) {
            dmVar.a(Headers.CRYPTO_TAG_LENGTH, String.valueOf(f2));
        }
        String a2 = a();
        if (a2 != null) {
            dmVar.a(Headers.CRYPTO_KEYWRAP_ALGORITHM, a2);
        }
        return dmVar;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    public static Map<String, String> a(az azVar, com.amazonaws.e eVar) {
        Map<String, String> b_;
        Map<String, String> c2 = azVar.c();
        if (!(eVar instanceof dg) || (b_ = ((dg) eVar).b_()) == null) {
            return c2;
        }
        TreeMap treeMap = new TreeMap(c2);
        treeMap.putAll(b_);
        return treeMap;
    }

    private static Map<String, String> a(String str) {
        Map<String, String> a2 = com.amazonaws.util.json.f.a(str);
        if (a2 == null) {
            return null;
        }
        return Collections.unmodifiableMap(a2);
    }

    private static SecretKey a(byte[] bArr, String str, az azVar, i iVar, com.amazonaws.services.kms.a aVar) {
        return new SecretKeySpec(com.amazonaws.util.g.a(aVar.a(new com.amazonaws.services.kms.model.a().a(azVar.c()).a(ByteBuffer.wrap(bArr))).b()), iVar.a());
    }

    private static SecretKey a(byte[] bArr, String str, az azVar, Provider provider, i iVar, com.amazonaws.services.kms.a aVar) {
        Key b2;
        if (m.a(str)) {
            return a(bArr, str, azVar, iVar, aVar);
        }
        if (azVar.a() != null) {
            b2 = azVar.a().getPrivate();
            if (b2 == null) {
                throw new com.amazonaws.b("Key encrypting key not available");
            }
        } else {
            b2 = azVar.b();
            if (b2 == null) {
                throw new com.amazonaws.b("Key encrypting key not available");
            }
        }
        try {
            if (str != null) {
                Cipher cipher = provider == null ? Cipher.getInstance(str) : Cipher.getInstance(str, provider);
                cipher.init(4, b2);
                return (SecretKey) cipher.unwrap(bArr, str, 3);
            }
            Cipher cipher2 = provider != null ? Cipher.getInstance(b2.getAlgorithm(), provider) : Cipher.getInstance(b2.getAlgorithm());
            cipher2.init(2, b2);
            return new SecretKeySpec(cipher2.doFinal(bArr), "AES");
        } catch (Exception e2) {
            throw new com.amazonaws.b("Unable to decrypt symmetric key from object metadata", e2);
        }
    }

    private static h b(dm dmVar, ba baVar, Provider provider, long[] jArr, bd bdVar, boolean z, com.amazonaws.services.kms.a aVar) {
        az a2;
        int parseInt;
        Map<String, String> d2 = dmVar.d();
        String str = d2.get(Headers.CRYPTO_KEY_V2);
        if (str == null && (str = d2.get(Headers.CRYPTO_KEY)) == null) {
            throw new com.amazonaws.b("Content encrypting key not found.");
        }
        byte[] decode = com.amazonaws.util.e.decode(str);
        byte[] decode2 = com.amazonaws.util.e.decode(d2.get(Headers.CRYPTO_IV));
        if (decode == null || decode2 == null) {
            throw new com.amazonaws.b("Content encrypting key or IV not found.");
        }
        String str2 = d2.get(Headers.MATERIALS_DESCRIPTION);
        String str3 = d2.get(Headers.CRYPTO_KEYWRAP_ALGORITHM);
        boolean a3 = m.a(str3);
        Map<String, String> a4 = a(str2);
        Map<String, String> a5 = (a3 || bdVar == null) ? a4 : bdVar.a(a4);
        if (a3) {
            a2 = new cp(a4.get("kms_cmk_id"));
            a2.a(a4);
        } else {
            a2 = baVar == null ? null : baVar.a(a5);
            if (a2 == null) {
                throw new com.amazonaws.b("Unable to retrieve the client encryption materials");
            }
        }
        az azVar = a2;
        String str4 = d2.get(Headers.CRYPTO_CEK_ALGORITHM);
        boolean z2 = jArr != null;
        i a6 = i.a(str4, z2);
        if (z2) {
            decode2 = a6.a(decode2, jArr[0]);
        } else {
            int f2 = a6.f();
            if (f2 > 0 && f2 != (parseInt = Integer.parseInt(d2.get(Headers.CRYPTO_TAG_LENGTH)))) {
                throw new com.amazonaws.b("Unsupported tag length: " + parseInt + ", expected: " + f2);
            }
        }
        byte[] bArr = decode2;
        if (z && str3 == null) {
            throw j();
        }
        return new h(a5, decode, str3, a6.a(a(decode, str3, azVar, provider, a6, aVar), bArr, 2, provider));
    }

    private static h b(Map<String, String> map, ba baVar, Provider provider, long[] jArr, bd bdVar, boolean z, com.amazonaws.services.kms.a aVar) {
        az a2;
        int parseInt;
        String str = map.get(Headers.CRYPTO_KEY_V2);
        if (str == null && (str = map.get(Headers.CRYPTO_KEY)) == null) {
            throw new com.amazonaws.b("Content encrypting key not found.");
        }
        byte[] decode = com.amazonaws.util.e.decode(str);
        byte[] decode2 = com.amazonaws.util.e.decode(map.get(Headers.CRYPTO_IV));
        if (decode == null || decode2 == null) {
            throw new com.amazonaws.b("Necessary encryption info not found in the instruction file " + map);
        }
        String str2 = map.get(Headers.CRYPTO_KEYWRAP_ALGORITHM);
        boolean a3 = m.a(str2);
        Map<String, String> a4 = a(map.get(Headers.MATERIALS_DESCRIPTION));
        Map<String, String> a5 = (bdVar == null || a3) ? a4 : bdVar.a(a4);
        if (a3) {
            a2 = new cp(a4.get("kms_cmk_id"));
            a2.a(a4);
        } else {
            a2 = baVar == null ? null : baVar.a(a5);
            if (a2 == null) {
                throw new com.amazonaws.b("Unable to retrieve the encryption materials that originally encrypted object corresponding to instruction file " + map);
            }
        }
        az azVar = a2;
        String str3 = map.get(Headers.CRYPTO_CEK_ALGORITHM);
        boolean z2 = jArr != null;
        i a6 = i.a(str3, z2);
        if (z2) {
            decode2 = a6.a(decode2, jArr[0]);
        } else {
            int f2 = a6.f();
            if (f2 > 0 && f2 != (parseInt = Integer.parseInt(map.get(Headers.CRYPTO_TAG_LENGTH)))) {
                throw new com.amazonaws.b("Unsupported tag length: " + parseInt + ", expected: " + f2);
            }
        }
        byte[] bArr = decode2;
        if (z && str2 == null) {
            throw j();
        }
        return new h(a5, decode, str2, a6.a(a(decode, str2, azVar, provider, a6, aVar), bArr, 2, provider));
    }

    private static h b(SecretKey secretKey, byte[] bArr, az azVar, i iVar, w wVar, Provider provider, com.amazonaws.services.kms.a aVar, com.amazonaws.e eVar) {
        return a(secretKey, bArr, iVar, provider, a(secretKey, azVar, wVar.c(), wVar.a(), provider, aVar, eVar));
    }

    private dm b(dm dmVar) {
        dmVar.a(Headers.CRYPTO_KEY, com.amazonaws.util.e.encodeAsString(f()));
        dmVar.a(Headers.CRYPTO_IV, com.amazonaws.util.e.encodeAsString(this.f1638b.e()));
        dmVar.a(Headers.MATERIALS_DESCRIPTION, i());
        return dmVar;
    }

    private boolean g() {
        return m.a(this.f1637a);
    }

    private String h() {
        HashMap hashMap = new HashMap();
        hashMap.put(Headers.CRYPTO_KEY, com.amazonaws.util.e.encodeAsString(f()));
        hashMap.put(Headers.CRYPTO_IV, com.amazonaws.util.e.encodeAsString(this.f1638b.e()));
        hashMap.put(Headers.MATERIALS_DESCRIPTION, i());
        return com.amazonaws.util.json.f.a(hashMap);
    }

    private String i() {
        Map<String, String> e2 = e();
        if (e2 == null) {
            e2 = Collections.emptyMap();
        }
        return com.amazonaws.util.json.f.a(e2);
    }

    private static KeyWrapException j() {
        return new KeyWrapException("Missing key-wrap for the content-encrypting-key");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public h a(az azVar, ba baVar, w wVar, Provider provider, com.amazonaws.services.kms.a aVar, com.amazonaws.e eVar) {
        if (!g() && azVar.c().equals(this.f1639c)) {
            throw new SecurityException("Material description of the new KEK must differ from the current one");
        }
        h a2 = a(a(this.f1640d, this.f1637a, g() ? new cp(this.f1639c.get("kms_cmk_id")) : baVar.a(this.f1639c), provider, b(), aVar), this.f1638b.e(), azVar, b(), wVar, provider, aVar, eVar);
        if (Arrays.equals(a2.f1640d, this.f1640d)) {
            throw new SecurityException("The new KEK must differ from the original");
        }
        return a2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public h a(Map<String, String> map, ba baVar, w wVar, Provider provider, com.amazonaws.services.kms.a aVar, com.amazonaws.e eVar) {
        if (!g() && map.equals(this.f1639c)) {
            throw new SecurityException("Material description of the new KEK must differ from the current one");
        }
        az cpVar = g() ? new cp(this.f1639c.get("kms_cmk_id")) : baVar.a(this.f1639c);
        az a2 = baVar.a(map);
        if (a2 != null) {
            h a3 = a(a(this.f1640d, this.f1637a, cpVar, provider, b(), aVar), this.f1638b.e(), a2, b(), wVar, provider, aVar, eVar);
            if (Arrays.equals(a3.f1640d, this.f1640d)) {
                throw new SecurityException("The new KEK must differ from the original");
            }
            return a3;
        }
        throw new com.amazonaws.b("No material available with the description " + map + " from the encryption material provider");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public dm a(dm dmVar, ab abVar) {
        return (abVar != ab.EncryptionOnly || g()) ? a(dmVar) : b(dmVar);
    }

    String a() {
        return this.f1637a;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String a(ab abVar) {
        return (abVar != ab.EncryptionOnly || g()) ? c() : h();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public i b() {
        return this.f1638b.d();
    }

    String c() {
        HashMap hashMap = new HashMap();
        hashMap.put(Headers.CRYPTO_KEY_V2, com.amazonaws.util.e.encodeAsString(f()));
        hashMap.put(Headers.CRYPTO_IV, com.amazonaws.util.e.encodeAsString(this.f1638b.e()));
        hashMap.put(Headers.MATERIALS_DESCRIPTION, i());
        i b2 = b();
        hashMap.put(Headers.CRYPTO_CEK_ALGORITHM, b2.b());
        int f2 = b2.f();
        if (f2 > 0) {
            hashMap.put(Headers.CRYPTO_TAG_LENGTH, String.valueOf(f2));
        }
        String a2 = a();
        if (a2 != null) {
            hashMap.put(Headers.CRYPTO_KEYWRAP_ALGORITHM, a2);
        }
        return com.amazonaws.util.json.f.a(hashMap);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public f d() {
        return this.f1638b;
    }

    Map<String, String> e() {
        return this.f1639c;
    }

    byte[] f() {
        return (byte[]) this.f1640d.clone();
    }
}
