package com.amazonaws.services.s3;

import com.amazonaws.AmazonServiceException;
import com.amazonaws.AmazonWebServiceRequest;
import com.amazonaws.ClientConfiguration;
import com.amazonaws.SdkClientException;
import com.amazonaws.annotation.SdkInternalApi;
import com.amazonaws.auth.AWSCredentialsProvider;
import com.amazonaws.metrics.RequestMetricCollector;
import com.amazonaws.regions.Region;
import com.amazonaws.services.kms.AWSKMS;
import com.amazonaws.services.kms.AWSKMSClientBuilder;
import com.amazonaws.services.s3.internal.MultiFileOutputStream;
import com.amazonaws.services.s3.internal.S3Direct;
import com.amazonaws.services.s3.internal.crypto.v2.S3CryptoModule;
import com.amazonaws.services.s3.internal.crypto.v2.S3CryptoModuleAE;
import com.amazonaws.services.s3.internal.crypto.v2.S3CryptoModuleAEStrict;
import com.amazonaws.services.s3.model.AbortMultipartUploadRequest;
import com.amazonaws.services.s3.model.CompleteMultipartUploadRequest;
import com.amazonaws.services.s3.model.CompleteMultipartUploadResult;
import com.amazonaws.services.s3.model.CopyPartRequest;
import com.amazonaws.services.s3.model.CopyPartResult;
import com.amazonaws.services.s3.model.CryptoConfigurationV2;
import com.amazonaws.services.s3.model.CryptoMode;
import com.amazonaws.services.s3.model.CryptoRangeGetMode;
import com.amazonaws.services.s3.model.DeleteObjectRequest;
import com.amazonaws.services.s3.model.EncryptedInitiateMultipartUploadRequest;
import com.amazonaws.services.s3.model.EncryptionMaterialsProvider;
import com.amazonaws.services.s3.model.GetObjectMetadataRequest;
import com.amazonaws.services.s3.model.GetObjectRequest;
import com.amazonaws.services.s3.model.InitiateMultipartUploadRequest;
import com.amazonaws.services.s3.model.InitiateMultipartUploadResult;
import com.amazonaws.services.s3.model.InstructionFileId;
import com.amazonaws.services.s3.model.ObjectMetadata;
import com.amazonaws.services.s3.model.PartETag;
import com.amazonaws.services.s3.model.PutInstructionFileRequest;
import com.amazonaws.services.s3.model.PutObjectRequest;
import com.amazonaws.services.s3.model.PutObjectResult;
import com.amazonaws.services.s3.model.S3Object;
import com.amazonaws.services.s3.model.S3ObjectId;
import com.amazonaws.services.s3.model.UploadObjectRequest;
import com.amazonaws.services.s3.model.UploadPartRequest;
import com.amazonaws.services.s3.model.UploadPartResult;
import com.amazonaws.util.VersionInfoUtils;
import java.io.File;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:com/amazonaws/services/s3/AmazonS3EncryptionClientV2.class */
public class AmazonS3EncryptionClientV2 extends AmazonS3Client implements AmazonS3EncryptionV2 {
    private static final String USER_AGENT_V2 = "S3CryptoV2/" + VersionInfoUtils.getVersion();
    private static final Log log = LogFactory.getLog(AmazonS3EncryptionClientV2.class);
    private final S3CryptoModule<?> crypto;
    private final AWSKMS kmsClient;
    private final boolean isKMSClientInternal;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/amazonaws/services/s3/AmazonS3EncryptionClientV2$S3DirectImpl.class */
    public final class S3DirectImpl extends S3Direct {
        private S3DirectImpl() {
        }

        @Override // com.amazonaws.services.s3.internal.S3Direct, com.amazonaws.services.s3.internal.S3DirectSpi
        public PutObjectResult putObject(PutObjectRequest putObjectRequest) {
            appendUserAgent(putObjectRequest, AmazonS3EncryptionClientV2.USER_AGENT_V2);
            return AmazonS3EncryptionClientV2.super.putObject(putObjectRequest);
        }

        @Override // com.amazonaws.services.s3.internal.S3Direct, com.amazonaws.services.s3.internal.S3DirectSpi
        public S3Object getObject(GetObjectRequest getObjectRequest) {
            appendUserAgent(getObjectRequest, AmazonS3EncryptionClientV2.USER_AGENT_V2);
            return AmazonS3EncryptionClientV2.super.getObject(getObjectRequest);
        }

        @Override // com.amazonaws.services.s3.internal.S3Direct, com.amazonaws.services.s3.internal.S3DirectSpi
        public ObjectMetadata getObject(GetObjectRequest getObjectRequest, File file) {
            appendUserAgent(getObjectRequest, AmazonS3EncryptionClientV2.USER_AGENT_V2);
            return AmazonS3EncryptionClientV2.super.getObject(getObjectRequest, file);
        }

        @Override // com.amazonaws.services.s3.internal.S3Direct
        public ObjectMetadata getObjectMetadata(GetObjectMetadataRequest getObjectMetadataRequest) {
            appendUserAgent(getObjectMetadataRequest, AmazonS3EncryptionClientV2.USER_AGENT_V2);
            return AmazonS3EncryptionClientV2.super.getObjectMetadata(getObjectMetadataRequest);
        }

        @Override // com.amazonaws.services.s3.internal.S3Direct, com.amazonaws.services.s3.internal.S3DirectSpi
        public CompleteMultipartUploadResult completeMultipartUpload(CompleteMultipartUploadRequest completeMultipartUploadRequest) {
            appendUserAgent(completeMultipartUploadRequest, AmazonS3EncryptionClientV2.USER_AGENT_V2);
            return AmazonS3EncryptionClientV2.super.completeMultipartUpload(completeMultipartUploadRequest);
        }

        @Override // com.amazonaws.services.s3.internal.S3Direct, com.amazonaws.services.s3.internal.S3DirectSpi
        public InitiateMultipartUploadResult initiateMultipartUpload(InitiateMultipartUploadRequest initiateMultipartUploadRequest) {
            appendUserAgent(initiateMultipartUploadRequest, AmazonS3EncryptionClientV2.USER_AGENT_V2);
            return AmazonS3EncryptionClientV2.super.initiateMultipartUpload(initiateMultipartUploadRequest);
        }

        @Override // com.amazonaws.services.s3.internal.S3Direct, com.amazonaws.services.s3.internal.S3DirectSpi
        public UploadPartResult uploadPart(UploadPartRequest uploadPartRequest) throws SdkClientException, AmazonServiceException {
            appendUserAgent(uploadPartRequest, AmazonS3EncryptionClientV2.USER_AGENT_V2);
            return AmazonS3EncryptionClientV2.super.uploadPart(uploadPartRequest);
        }

        @Override // com.amazonaws.services.s3.internal.S3Direct, com.amazonaws.services.s3.internal.S3DirectSpi
        public CopyPartResult copyPart(CopyPartRequest copyPartRequest) {
            appendUserAgent(copyPartRequest, AmazonS3EncryptionClientV2.USER_AGENT_V2);
            return AmazonS3EncryptionClientV2.super.copyPart(copyPartRequest);
        }

        @Override // com.amazonaws.services.s3.internal.S3Direct, com.amazonaws.services.s3.internal.S3DirectSpi
        public void abortMultipartUpload(AbortMultipartUploadRequest abortMultipartUploadRequest) {
            appendUserAgent(abortMultipartUploadRequest, AmazonS3EncryptionClientV2.USER_AGENT_V2);
            AmazonS3EncryptionClientV2.super.abortMultipartUpload(abortMultipartUploadRequest);
        }

        final <X extends AmazonWebServiceRequest> X appendUserAgent(X x, String str) {
            x.getRequestClientOptions().appendUserAgent(str);
            return x;
        }
    }

    public static AmazonS3EncryptionClientV2Builder encryptionBuilder() {
        return AmazonS3EncryptionClientV2Builder.standard();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @SdkInternalApi
    public AmazonS3EncryptionClientV2(AmazonS3EncryptionClientV2Params amazonS3EncryptionClientV2Params) {
        super(amazonS3EncryptionClientV2Params);
        validateParameters(amazonS3EncryptionClientV2Params);
        CryptoConfigurationV2 validateConfigAndCreateReadOnlyCopy = validateConfigAndCreateReadOnlyCopy(amazonS3EncryptionClientV2Params.getCryptoConfiguration());
        this.isKMSClientInternal = amazonS3EncryptionClientV2Params.getKmsClient() == null;
        this.kmsClient = this.isKMSClientInternal ? newAWSKMSClient(amazonS3EncryptionClientV2Params.getClientParams().getCredentialsProvider(), amazonS3EncryptionClientV2Params.getClientParams().getClientConfiguration(), validateConfigAndCreateReadOnlyCopy, amazonS3EncryptionClientV2Params.getClientParams().getRequestMetricCollector()) : amazonS3EncryptionClientV2Params.getKmsClient();
        this.crypto = createCryptoModule(validateConfigAndCreateReadOnlyCopy, this.kmsClient, amazonS3EncryptionClientV2Params.getEncryptionMaterialsProvider(), amazonS3EncryptionClientV2Params.getClientParams().getCredentialsProvider());
        warnOnLegacyCryptoMode(amazonS3EncryptionClientV2Params.getCryptoConfiguration().getCryptoMode());
        warnOnRangeGetsEnabled(amazonS3EncryptionClientV2Params);
    }

    private void validateParameters(AmazonS3EncryptionClientV2Params amazonS3EncryptionClientV2Params) {
        assertParameterNotNull(amazonS3EncryptionClientV2Params.getEncryptionMaterialsProvider(), "EncryptionMaterialsProvider parameter must not be null.");
        assertParameterNotNull(amazonS3EncryptionClientV2Params.getCryptoConfiguration(), "CryptoConfiguration parameter must not be null.");
    }

    private S3CryptoModule<?> createCryptoModule(CryptoConfigurationV2 cryptoConfigurationV2, AWSKMS awskms, EncryptionMaterialsProvider encryptionMaterialsProvider, AWSCredentialsProvider aWSCredentialsProvider) {
        if (cryptoConfigurationV2.getCryptoMode() == CryptoMode.AuthenticatedEncryption) {
            return new S3CryptoModuleAE(awskms, new S3DirectImpl(), aWSCredentialsProvider, encryptionMaterialsProvider, cryptoConfigurationV2);
        }
        if (cryptoConfigurationV2.getCryptoMode() == CryptoMode.StrictAuthenticatedEncryption) {
            return new S3CryptoModuleAEStrict(awskms, new S3DirectImpl(), aWSCredentialsProvider, encryptionMaterialsProvider, cryptoConfigurationV2);
        }
        throw new UnsupportedOperationException("Cannot encrypt using mode " + cryptoConfigurationV2.getCryptoMode());
    }

    private CryptoConfigurationV2 validateConfigAndCreateReadOnlyCopy(CryptoConfigurationV2 cryptoConfigurationV2) {
        CryptoConfigurationV2 mo2486clone = cryptoConfigurationV2.mo2486clone();
        if (mo2486clone.getCryptoMode() == null) {
            mo2486clone.setCryptoMode(CryptoMode.StrictAuthenticatedEncryption);
        }
        if (CryptoMode.AuthenticatedEncryption != mo2486clone.getCryptoMode() && CryptoMode.StrictAuthenticatedEncryption != mo2486clone.getCryptoMode()) {
            throw new IllegalArgumentException("Invalid value for CryptoMode : " + mo2486clone.getCryptoMode());
        }
        if (cryptoConfigurationV2.isUnsafeUndecryptableObjectPassthrough() && CryptoMode.StrictAuthenticatedEncryption == cryptoConfigurationV2.getCryptoMode()) {
            throw new IllegalArgumentException(String.format("unsafeUndecryptableObjectPassthrough must not be enabled in %s mode", CryptoMode.StrictAuthenticatedEncryption));
        }
        return mo2486clone.readOnly();
    }

    /* JADX WARN: Multi-variable type inference failed */
    private AWSKMS newAWSKMSClient(AWSCredentialsProvider aWSCredentialsProvider, ClientConfiguration clientConfiguration, CryptoConfigurationV2 cryptoConfigurationV2, RequestMetricCollector requestMetricCollector) {
        AWSKMSClientBuilder aWSKMSClientBuilder = (AWSKMSClientBuilder) ((AWSKMSClientBuilder) ((AWSKMSClientBuilder) AWSKMSClientBuilder.standard().withCredentials(aWSCredentialsProvider)).withClientConfiguration(clientConfiguration)).withMetricsCollector(requestMetricCollector);
        Region awsKmsRegion = cryptoConfigurationV2.getAwsKmsRegion();
        if (awsKmsRegion != null) {
            aWSKMSClientBuilder.withRegion(awsKmsRegion.getName());
        }
        return aWSKMSClientBuilder.build();
    }

    private void assertParameterNotNull(Object obj, String str) {
        if (obj == null) {
            throw new IllegalArgumentException(str);
        }
    }

    public AWSKMS getKmsClient() {
        if (this.isKMSClientInternal) {
            return null;
        }
        return this.kmsClient;
    }

    public EncryptionMaterialsProvider getEncryptionMaterialsProvider() {
        return this.crypto.getEncryptionMaterialsProvider();
    }

    public CryptoConfigurationV2 getCryptoConfiguration() {
        return this.crypto.getCryptoConfiguration();
    }

    @Override // com.amazonaws.services.s3.AmazonS3Client, com.amazonaws.services.s3.AmazonS3, com.amazonaws.services.s3.internal.S3DirectSpi
    public PutObjectResult putObject(PutObjectRequest putObjectRequest) {
        return this.crypto.putObjectSecurely(putObjectRequest.mo3clone());
    }

    @Override // com.amazonaws.services.s3.AmazonS3Client, com.amazonaws.services.s3.AmazonS3, com.amazonaws.services.s3.internal.S3DirectSpi
    public S3Object getObject(GetObjectRequest getObjectRequest) {
        return this.crypto.getObjectSecurely(getObjectRequest);
    }

    @Override // com.amazonaws.services.s3.AmazonS3Client, com.amazonaws.services.s3.AmazonS3, com.amazonaws.services.s3.internal.S3DirectSpi
    public ObjectMetadata getObject(GetObjectRequest getObjectRequest, File file) {
        return this.crypto.getObjectSecurely(getObjectRequest, file);
    }

    @Override // com.amazonaws.services.s3.AmazonS3Client, com.amazonaws.services.s3.AmazonS3
    public void deleteObject(DeleteObjectRequest deleteObjectRequest) {
        deleteObjectRequest.getRequestClientOptions().appendUserAgent(USER_AGENT_V2);
        super.deleteObject(deleteObjectRequest);
        InstructionFileId instructionFileId = new S3ObjectId(deleteObjectRequest.getBucketName(), deleteObjectRequest.getKey()).instructionFileId();
        DeleteObjectRequest deleteObjectRequest2 = (DeleteObjectRequest) deleteObjectRequest.mo3clone();
        deleteObjectRequest2.withBucketName(instructionFileId.getBucket()).withKey(instructionFileId.getKey());
        super.deleteObject(deleteObjectRequest2);
    }

    @Override // com.amazonaws.services.s3.AmazonS3Client, com.amazonaws.services.s3.AmazonS3, com.amazonaws.services.s3.internal.S3DirectSpi
    public CompleteMultipartUploadResult completeMultipartUpload(CompleteMultipartUploadRequest completeMultipartUploadRequest) {
        return this.crypto.completeMultipartUploadSecurely(completeMultipartUploadRequest);
    }

    @Override // com.amazonaws.services.s3.AmazonS3Client, com.amazonaws.services.s3.AmazonS3, com.amazonaws.services.s3.internal.S3DirectSpi
    public InitiateMultipartUploadResult initiateMultipartUpload(InitiateMultipartUploadRequest initiateMultipartUploadRequest) {
        boolean z = true;
        if (initiateMultipartUploadRequest instanceof EncryptedInitiateMultipartUploadRequest) {
            z = ((EncryptedInitiateMultipartUploadRequest) initiateMultipartUploadRequest).isCreateEncryptionMaterial();
        }
        return z ? this.crypto.initiateMultipartUploadSecurely(initiateMultipartUploadRequest) : super.initiateMultipartUpload(initiateMultipartUploadRequest);
    }

    @Override // com.amazonaws.services.s3.AmazonS3Client, com.amazonaws.services.s3.AmazonS3, com.amazonaws.services.s3.internal.S3DirectSpi
    public UploadPartResult uploadPart(UploadPartRequest uploadPartRequest) throws SdkClientException, AmazonServiceException {
        return this.crypto.uploadPartSecurely(uploadPartRequest);
    }

    @Override // com.amazonaws.services.s3.AmazonS3Client, com.amazonaws.services.s3.AmazonS3, com.amazonaws.services.s3.internal.S3DirectSpi
    public CopyPartResult copyPart(CopyPartRequest copyPartRequest) {
        return this.crypto.copyPartSecurely(copyPartRequest);
    }

    @Override // com.amazonaws.services.s3.AmazonS3Client, com.amazonaws.services.s3.AmazonS3, com.amazonaws.services.s3.internal.S3DirectSpi
    public void abortMultipartUpload(AbortMultipartUploadRequest abortMultipartUploadRequest) {
        this.crypto.abortMultipartUploadSecurely(abortMultipartUploadRequest);
    }

    @Override // com.amazonaws.services.s3.AmazonS3EncryptionV2
    public PutObjectResult putInstructionFile(PutInstructionFileRequest putInstructionFileRequest) {
        return this.crypto.putInstructionFileSecurely(putInstructionFileRequest);
    }

    @Override // com.amazonaws.services.s3.AmazonS3Client
    public CompleteMultipartUploadResult uploadObject(UploadObjectRequest uploadObjectRequest) throws IOException, InterruptedException, ExecutionException {
        ExecutorService executorService = uploadObjectRequest.getExecutorService();
        boolean z = executorService == null;
        if (executorService == null) {
            executorService = Executors.newFixedThreadPool(this.clientConfiguration.getMaxConnections());
        }
        UploadObjectObserver uploadObjectObserver = uploadObjectRequest.getUploadObjectObserver();
        if (uploadObjectObserver == null) {
            uploadObjectObserver = new UploadObjectObserver();
        }
        uploadObjectObserver.init(uploadObjectRequest, new S3DirectImpl(), this, executorService);
        String onUploadInitiation = uploadObjectObserver.onUploadInitiation(uploadObjectRequest);
        ArrayList arrayList = new ArrayList();
        MultiFileOutputStream multiFileOutputStream = uploadObjectRequest.getMultiFileOutputStream();
        if (multiFileOutputStream == null) {
            multiFileOutputStream = new MultiFileOutputStream();
        }
        try {
            try {
                try {
                    try {
                        try {
                            multiFileOutputStream.init(uploadObjectObserver, uploadObjectRequest.getPartSize(), uploadObjectRequest.getDiskLimit());
                            this.crypto.putLocalObjectSecurely(uploadObjectRequest, onUploadInitiation, multiFileOutputStream);
                            Iterator<Future<UploadPartResult>> it = uploadObjectObserver.getFutures().iterator();
                            while (it.hasNext()) {
                                UploadPartResult uploadPartResult = it.next().get();
                                arrayList.add(new PartETag(uploadPartResult.getPartNumber(), uploadPartResult.getETag()));
                            }
                            return uploadObjectObserver.onCompletion(arrayList);
                        } catch (IOException e) {
                            throw ((IOException) onAbort(uploadObjectObserver, e));
                        }
                    } catch (ExecutionException e2) {
                        throw ((ExecutionException) onAbort(uploadObjectObserver, e2));
                    }
                } catch (RuntimeException e3) {
                    throw ((RuntimeException) onAbort(uploadObjectObserver, e3));
                }
            } catch (Error e4) {
                throw ((Error) onAbort(uploadObjectObserver, e4));
            } catch (InterruptedException e5) {
                throw ((InterruptedException) onAbort(uploadObjectObserver, e5));
            }
        } finally {
            if (z) {
                executorService.shutdownNow();
            }
            multiFileOutputStream.cleanup();
        }
    }

    @Override // com.amazonaws.AmazonWebServiceClient, com.amazonaws.services.athena.AmazonAthena
    public void shutdown() {
        super.shutdown();
        if (this.isKMSClientInternal) {
            this.kmsClient.shutdown();
        }
    }

    private <T extends Throwable> T onAbort(UploadObjectObserver uploadObjectObserver, T t) {
        uploadObjectObserver.onAbort();
        return t;
    }

    private static void warnOnRangeGetsEnabled(AmazonS3EncryptionClientV2Params amazonS3EncryptionClientV2Params) {
        if (amazonS3EncryptionClientV2Params.getCryptoConfiguration().getRangeGetMode() != CryptoRangeGetMode.DISABLED) {
            log.warn("The S3 Encryption Client is configured to support range get requests. Range gets do not provide authenticated encryption properties even when used with an authenticated mode (AES-GCM). See https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html");
        }
    }

    private static void warnOnLegacyCryptoMode(CryptoMode cryptoMode) {
        if (cryptoMode == CryptoMode.AuthenticatedEncryption) {
            log.warn("The S3 Encryption Client is configured to read encrypted data with legacy encryption modes through the CryptoMode setting. If you don't have objects encrypted with these legacy modes, you should disable support for them to enhance security. See https://docs.aws.amazon.com/general/latest/gr/aws_sdk_cryptography.html");
        }
    }
}
