package com.ksyun.ks3.service.encryption.internal;

import com.ksyun.ks3.config.Constants;
import com.ksyun.ks3.dto.CompleteMultipartUploadResult;
import com.ksyun.ks3.dto.CopyResult;
import com.ksyun.ks3.dto.GetObjectResult;
import com.ksyun.ks3.dto.InitiateMultipartUploadResult;
import com.ksyun.ks3.dto.ObjectMetadata;
import com.ksyun.ks3.dto.PartETag;
import com.ksyun.ks3.dto.PutObjectResult;
import com.ksyun.ks3.exception.Ks3ClientException;
import com.ksyun.ks3.exception.Ks3ServiceException;
import com.ksyun.ks3.service.encryption.S3Direct;
import com.ksyun.ks3.service.encryption.model.CryptoConfiguration;
import com.ksyun.ks3.service.encryption.model.CryptoStorageMode;
import com.ksyun.ks3.service.encryption.model.EncryptedInitiateMultipartUploadRequest;
import com.ksyun.ks3.service.encryption.model.EncryptionMaterials;
import com.ksyun.ks3.service.encryption.model.EncryptionMaterialsProvider;
import com.ksyun.ks3.service.encryption.model.MaterialsDescriptionProvider;
import com.ksyun.ks3.service.request.CompleteMultipartUploadRequest;
import com.ksyun.ks3.service.request.CopyPartRequest;
import com.ksyun.ks3.service.request.GetObjectRequest;
import com.ksyun.ks3.service.request.InitiateMultipartUploadRequest;
import com.ksyun.ks3.service.request.Ks3WebServiceRequest;
import com.ksyun.ks3.service.request.PutObjectRequest;
import com.ksyun.ks3.service.request.UploadPartRequest;
import java.io.File;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;

/* loaded from: input_file:com/ksyun/ks3/service/encryption/internal/S3CryptoModuleEO.class */
class S3CryptoModuleEO extends S3CryptoModuleBase<EncryptedUploadContext> {
    /* JADX INFO: Access modifiers changed from: package-private */
    public S3CryptoModuleEO(S3Direct s3Direct, EncryptionMaterialsProvider encryptionMaterialsProvider, CryptoConfiguration cryptoConfiguration) {
        super(s3Direct, encryptionMaterialsProvider, cryptoConfiguration, new S3CryptoScheme(ContentCryptoScheme.AES_CBC));
    }

    @Override // com.ksyun.ks3.service.encryption.internal.S3CryptoModule
    public PutObjectResult putObjectSecurely(PutObjectRequest putObjectRequest) throws Ks3ClientException, Ks3ServiceException {
        appendUserAgent(putObjectRequest, Constants.KS3_ENCRYPTION_CLIENT_USER_AGENT);
        return this.cryptoConfig.getStorageMode() == CryptoStorageMode.InstructionFile ? putObjectUsingInstructionFile(putObjectRequest) : putObjectUsingMetadata(putObjectRequest);
    }

    @Override // com.ksyun.ks3.service.encryption.internal.S3CryptoModule
    public GetObjectResult getObjectSecurely(GetObjectRequest getObjectRequest) throws Ks3ClientException, Ks3ServiceException {
        throw new IllegalStateException();
    }

    @Override // com.ksyun.ks3.service.encryption.internal.S3CryptoModule
    public ObjectMetadata getObjectSecurely(GetObjectRequest getObjectRequest, File file) throws Ks3ClientException, Ks3ServiceException {
        throw new IllegalStateException();
    }

    @Override // com.ksyun.ks3.service.encryption.internal.S3CryptoModule
    public CompleteMultipartUploadResult completeMultipartUploadSecurely(CompleteMultipartUploadRequest completeMultipartUploadRequest) throws Ks3ClientException, Ks3ServiceException {
        appendUserAgent(completeMultipartUploadRequest, Constants.KS3_ENCRYPTION_CLIENT_USER_AGENT);
        String uploadId = completeMultipartUploadRequest.getUploadId();
        EncryptedUploadContext encryptedUploadContext = (EncryptedUploadContext) this.multipartUploadContexts.get(uploadId);
        if (!encryptedUploadContext.hasFinalPartBeenSeen()) {
            throw new Ks3ClientException("Unable to complete an encrypted multipart upload without being told which part was the last.  Without knowing which part was the last, the encrypted data in KS3 is incomplete and corrupt.");
        }
        CompleteMultipartUploadResult completeMultipartUpload = this.s3.completeMultipartUpload(completeMultipartUploadRequest);
        if (this.cryptoConfig.getStorageMode() == CryptoStorageMode.InstructionFile) {
            Cipher createSymmetricCipher = EncryptionUtils.createSymmetricCipher(encryptedUploadContext.getEnvelopeEncryptionKey(), 1, this.cryptoConfig.getCryptoProvider(), encryptedUploadContext.getFirstInitializationVector());
            EncryptionMaterials encryptionMaterials = encryptedUploadContext.getMaterialsDescription() != null ? this.kekMaterialsProvider.getEncryptionMaterials(encryptedUploadContext.getMaterialsDescription()) : this.kekMaterialsProvider.getEncryptionMaterials();
            this.s3.putObject(EncryptionUtils.createInstructionPutRequest(encryptedUploadContext.getBucketName(), encryptedUploadContext.getKey(), new EncryptionInstruction(encryptionMaterials.getMaterialsDescription(), EncryptionUtils.getEncryptedSymmetricKey(encryptedUploadContext.getEnvelopeEncryptionKey(), encryptionMaterials, this.cryptoConfig.getCryptoProvider()), encryptedUploadContext.getEnvelopeEncryptionKey(), createSymmetricCipher)));
        }
        this.multipartUploadContexts.remove(uploadId);
        return completeMultipartUpload;
    }

    @Override // com.ksyun.ks3.service.encryption.internal.S3CryptoModule
    public InitiateMultipartUploadResult initiateMultipartUploadSecurely(InitiateMultipartUploadRequest initiateMultipartUploadRequest) throws Ks3ClientException, Ks3ServiceException {
        appendUserAgent(initiateMultipartUploadRequest, Constants.KS3_ENCRYPTION_CLIENT_USER_AGENT);
        SecretKey generateOneTimeUseSymmetricKey = EncryptionUtils.generateOneTimeUseSymmetricKey();
        Cipher createSymmetricCipher = EncryptionUtils.createSymmetricCipher(generateOneTimeUseSymmetricKey, 1, this.cryptoConfig.getCryptoProvider(), null);
        if (this.cryptoConfig.getStorageMode() == CryptoStorageMode.ObjectMetadata) {
            EncryptionMaterials encryptionMaterials = initiateMultipartUploadRequest instanceof EncryptedInitiateMultipartUploadRequest ? this.kekMaterialsProvider.getEncryptionMaterials(((EncryptedInitiateMultipartUploadRequest) initiateMultipartUploadRequest).getMaterialsDescription()) : this.kekMaterialsProvider.getEncryptionMaterials();
            initiateMultipartUploadRequest.setObjectMeta(EncryptionUtils.updateMetadataWithEncryptionInfo(initiateMultipartUploadRequest, EncryptionUtils.getEncryptedSymmetricKey(generateOneTimeUseSymmetricKey, encryptionMaterials, this.cryptoConfig.getCryptoProvider()), createSymmetricCipher, encryptionMaterials.getMaterialsDescription()));
        }
        InitiateMultipartUploadResult initiateMultipartUpload = this.s3.initiateMultipartUpload(initiateMultipartUploadRequest);
        EncryptedUploadContext encryptedUploadContext = new EncryptedUploadContext(initiateMultipartUploadRequest.getBucket(), initiateMultipartUploadRequest.getKey(), generateOneTimeUseSymmetricKey);
        encryptedUploadContext.setNextInitializationVector(createSymmetricCipher.getIV());
        encryptedUploadContext.setFirstInitializationVector(createSymmetricCipher.getIV());
        if (initiateMultipartUploadRequest instanceof EncryptedInitiateMultipartUploadRequest) {
            encryptedUploadContext.setMaterialsDescription(((EncryptedInitiateMultipartUploadRequest) initiateMultipartUploadRequest).getMaterialsDescription());
        }
        this.multipartUploadContexts.put(initiateMultipartUpload.getUploadId(), encryptedUploadContext);
        return initiateMultipartUpload;
    }

    @Override // com.ksyun.ks3.service.encryption.internal.S3CryptoModule
    public PartETag uploadPartSecurely(UploadPartRequest uploadPartRequest) throws Ks3ClientException, Ks3ServiceException {
        appendUserAgent(uploadPartRequest, Constants.KS3_ENCRYPTION_CLIENT_USER_AGENT);
        boolean isLastPart = uploadPartRequest.isLastPart();
        String uploadId = uploadPartRequest.getUploadId();
        boolean z = uploadPartRequest.getInstancePartSize() % ((long) JceEncryptionConstants.SYMMETRIC_CIPHER_BLOCK_SIZE) == 0;
        if (!isLastPart && !z) {
            throw new Ks3ClientException("Invalid part size: part sizes for encrypted multipart uploads must be multiples of the cipher block size (" + JceEncryptionConstants.SYMMETRIC_CIPHER_BLOCK_SIZE + ") with the exception of the last part.  Otherwise encryption adds extra padding that will corrupt the final object.");
        }
        EncryptedUploadContext encryptedUploadContext = (EncryptedUploadContext) this.multipartUploadContexts.get(uploadId);
        if (encryptedUploadContext == null) {
            throw new Ks3ClientException("No client-side information available on upload ID " + uploadId);
        }
        CipherFactory cipherFactory = new CipherFactory(encryptedUploadContext.getEnvelopeEncryptionKey(), 1, encryptedUploadContext.getNextInitializationVector(), this.cryptoConfig.getCryptoProvider());
        ByteRangeCapturingInputStream encryptedInputStream = EncryptionUtils.getEncryptedInputStream(uploadPartRequest, cipherFactory);
        uploadPartRequest.setInputStream(encryptedInputStream);
        if (uploadPartRequest.isLastPart()) {
            long calculateCryptoContentLength = EncryptionUtils.calculateCryptoContentLength(cipherFactory.createCipher(), uploadPartRequest);
            if (calculateCryptoContentLength > 0) {
                uploadPartRequest.setPartSize(calculateCryptoContentLength);
            }
            if (encryptedUploadContext.hasFinalPartBeenSeen()) {
                throw new Ks3ClientException("This part was specified as the last part in a multipart upload, but a previous part was already marked as the last part.  Only the last part of the upload should be marked as the last part, otherwise it will cause the encrypted data to be corrupted.");
            }
            encryptedUploadContext.setHasFinalPartBeenSeen(true);
        }
        uploadPartRequest.setFile(null);
        uploadPartRequest.setFileoffset(0L);
        PartETag uploadPart = this.s3.uploadPart(uploadPartRequest);
        encryptedUploadContext.setNextInitializationVector(encryptedInputStream.getBlock());
        return uploadPart;
    }

    @Override // com.ksyun.ks3.service.encryption.internal.S3CryptoModule
    public CopyResult copyPartSecurely(CopyPartRequest copyPartRequest) {
        EncryptedUploadContext encryptedUploadContext = (EncryptedUploadContext) this.multipartUploadContexts.get(copyPartRequest.getUploadId());
        if (!encryptedUploadContext.hasFinalPartBeenSeen()) {
            encryptedUploadContext.setHasFinalPartBeenSeen(true);
        }
        return this.s3.copyPart(copyPartRequest);
    }

    private PutObjectResult putObjectUsingMetadata(PutObjectRequest putObjectRequest) throws Ks3ClientException, Ks3ServiceException {
        EncryptionInstruction encryptionInstructionOf = encryptionInstructionOf(putObjectRequest);
        PutObjectRequest encryptRequestUsingInstruction = EncryptionUtils.encryptRequestUsingInstruction(putObjectRequest, encryptionInstructionOf);
        EncryptionUtils.updateMetadataWithEncryptionInstruction(putObjectRequest, encryptionInstructionOf);
        return this.s3.putObject(encryptRequestUsingInstruction);
    }

    private PutObjectResult putObjectUsingInstructionFile(PutObjectRequest putObjectRequest) throws Ks3ClientException, Ks3ServiceException {
        EncryptionInstruction encryptionInstructionOf = encryptionInstructionOf(putObjectRequest);
        PutObjectResult putObject = this.s3.putObject(EncryptionUtils.encryptRequestUsingInstruction(putObjectRequest, encryptionInstructionOf));
        this.s3.putObject(EncryptionUtils.createInstructionPutRequest(putObjectRequest, encryptionInstructionOf));
        return putObject;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private EncryptionInstruction encryptionInstructionOf(Ks3WebServiceRequest ks3WebServiceRequest) {
        return ks3WebServiceRequest instanceof MaterialsDescriptionProvider ? EncryptionUtils.generateInstruction(this.kekMaterialsProvider, ((MaterialsDescriptionProvider) ks3WebServiceRequest).getMaterialsDescription(), this.cryptoConfig.getCryptoProvider()) : EncryptionUtils.generateInstruction(this.kekMaterialsProvider, this.cryptoConfig.getCryptoProvider());
    }

    @Override // com.ksyun.ks3.service.encryption.internal.S3CryptoModuleBase
    protected final long ciphertextLength(long j) {
        long blockSizeInBytes = this.contentCryptoScheme.getBlockSizeInBytes();
        return j + (blockSizeInBytes - (j % blockSizeInBytes));
    }
}
