package org.gaul.s3proxy;

import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import com.google.common.collect.ImmutableSet;
import com.google.common.hash.HashCode;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.digest.DigestUtils;
import org.gaul.s3proxy.crypto.Constants;
import org.gaul.s3proxy.crypto.Decryption;
import org.gaul.s3proxy.crypto.Encryption;
import org.jclouds.blobstore.BlobStore;
import org.jclouds.blobstore.domain.Blob;
import org.jclouds.blobstore.domain.BlobAccess;
import org.jclouds.blobstore.domain.BlobMetadata;
import org.jclouds.blobstore.domain.MultipartPart;
import org.jclouds.blobstore.domain.MultipartUpload;
import org.jclouds.blobstore.domain.MutableBlobMetadata;
import org.jclouds.blobstore.domain.PageSet;
import org.jclouds.blobstore.domain.StorageMetadata;
import org.jclouds.blobstore.domain.internal.MutableBlobMetadataImpl;
import org.jclouds.blobstore.domain.internal.PageSetImpl;
import org.jclouds.blobstore.options.CopyOptions;
import org.jclouds.blobstore.options.GetOptions;
import org.jclouds.blobstore.options.ListContainerOptions;
import org.jclouds.blobstore.options.PutOptions;
import org.jclouds.blobstore.util.ForwardingBlobStore;
import org.jclouds.io.MutableContentMetadata;
import org.jclouds.io.Payload;
import org.jclouds.io.Payloads;
import org.jclouds.io.payloads.InputStreamPayload;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/gaul/s3proxy/EncryptedBlobStore.class */
public final class EncryptedBlobStore extends ForwardingBlobStore {
    private final Logger logger;
    private SecretKeySpec secretKey;

    private EncryptedBlobStore(BlobStore blobStore, Properties properties) throws IllegalArgumentException {
        super(blobStore);
        this.logger = LoggerFactory.getLogger((Class<?>) EncryptedBlobStore.class);
        String property = properties.getProperty(S3ProxyConstants.PROPERTY_ENCRYPTED_BLOBSTORE_PASSWORD);
        Preconditions.checkArgument(!Strings.isNullOrEmpty(property), "Password for encrypted blobstore is not set");
        String property2 = properties.getProperty(S3ProxyConstants.PROPERTY_ENCRYPTED_BLOBSTORE_SALT);
        Preconditions.checkArgument(!Strings.isNullOrEmpty(property2), "Salt for encrypted blobstore is not set");
        initStore(property, property2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static BlobStore newEncryptedBlobStore(BlobStore blobStore, Properties properties) throws IOException {
        return new EncryptedBlobStore(blobStore, properties);
    }

    private void initStore(String str, String str2) throws IllegalArgumentException {
        try {
            this.secretKey = new SecretKeySpec(SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256").generateSecret(new PBEKeySpec(str.toCharArray(), str2.getBytes(), 65536, 128)).getEncoded(), "AES");
        } catch (Exception e) {
            throw new IllegalArgumentException(e);
        }
    }

    private Blob cipheredBlob(String str, Blob blob, InputStream inputStream, long j, boolean z) {
        MutableBlobMetadata metadata = blob.getMetadata();
        MutableContentMetadata contentMetadata = blob.getMetadata().getContentMetadata();
        Map<String, String> userMetadata = metadata.getUserMetadata();
        String contentType = contentMetadata.getContentType();
        if (z) {
            metadata = setEncryptedSuffix(metadata);
        } else if (!metadata.getUserMetadata().containsKey(Constants.METADATA_IS_ENCRYPTED_MULTIPART)) {
            metadata = removeEncryptedSuffix(metadata);
        }
        Blob build = blobBuilder(str).name(metadata.getName()).type(metadata.getType()).tier(metadata.getTier()).userMetadata(userMetadata).payload(inputStream).cacheControl(contentMetadata.getCacheControl()).contentDisposition(contentMetadata.getContentDisposition()).contentEncoding(contentMetadata.getContentEncoding()).contentLanguage(contentMetadata.getContentLanguage()).contentLength(j).contentType(contentType).build();
        build.getMetadata().setUri(metadata.getUri());
        build.getMetadata().setETag(metadata.getETag());
        build.getMetadata().setLastModified(metadata.getLastModified());
        build.getMetadata().setSize(metadata.getSize());
        build.getMetadata().setPublicUri(metadata.getPublicUri());
        build.getMetadata().setContainer(metadata.getContainer());
        return build;
    }

    private Blob encryptBlob(String str, Blob blob) {
        try {
            return cipheredBlob(str, blob, new Encryption(this.secretKey, blob.getPayload().openStream(), 1).openStream(), blob.getMetadata().getContentMetadata().getContentLength().longValue() + 64, true);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private Payload encryptPayload(Payload payload, int i) {
        try {
            InputStreamPayload newInputStreamPayload = Payloads.newInputStreamPayload(new Encryption(this.secretKey, payload.openStream(), i).openStream());
            payload.getContentMetadata().setContentMD5((HashCode) null);
            newInputStreamPayload.setContentMetadata(payload.getContentMetadata());
            newInputStreamPayload.setSensitive(payload.isSensitive());
            newInputStreamPayload.getContentMetadata().setContentLength(Long.valueOf(payload.getContentMetadata().getContentLength().longValue() + 64));
            return newInputStreamPayload;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private Blob decryptBlob(Decryption decryption, String str, Blob blob) {
        if (blob == null) {
            return null;
        }
        try {
            InputStream openStream = decryption.openStream(blob.getPayload().openStream());
            long longValue = blob.getMetadata().getContentMetadata().getContentLength().longValue();
            if (decryption.isEncrypted()) {
                longValue = decryption.getContentLength();
            }
            return cipheredBlob(str, blob, openStream, longValue, false);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private PageSet<? extends StorageMetadata> filteredList(PageSet<? extends StorageMetadata> pageSet) {
        ImmutableSet.Builder builder = ImmutableSet.builder();
        for (StorageMetadata storageMetadata : pageSet) {
            if (storageMetadata instanceof BlobMetadata) {
                MutableBlobMetadata mutableBlobMetadataImpl = new MutableBlobMetadataImpl((BlobMetadata) storageMetadata);
                if (isEncrypted(mutableBlobMetadataImpl)) {
                    mutableBlobMetadataImpl = calculateBlobSize(removeEncryptedSuffix((BlobMetadata) storageMetadata));
                }
                builder.add((ImmutableSet.Builder) mutableBlobMetadataImpl);
            } else {
                builder.add((ImmutableSet.Builder) storageMetadata);
            }
        }
        String nextMarker = pageSet.getNextMarker();
        if (nextMarker != null && isEncrypted(nextMarker)) {
            nextMarker = removeEncryptedSuffix(nextMarker);
        }
        return new PageSetImpl(builder.build(), nextMarker);
    }

    private boolean isEncrypted(BlobMetadata blobMetadata) {
        return isEncrypted(blobMetadata.getName());
    }

    private boolean isEncrypted(String str) {
        return str.endsWith(Constants.S3_ENC_SUFFIX);
    }

    private MutableBlobMetadata setEncryptedSuffix(BlobMetadata blobMetadata) {
        MutableBlobMetadataImpl mutableBlobMetadataImpl = new MutableBlobMetadataImpl(blobMetadata);
        if (blobMetadata.getName() != null && !isEncrypted(blobMetadata.getName())) {
            mutableBlobMetadataImpl.setName(blobNameWithSuffix(blobMetadata.getName()));
        }
        return mutableBlobMetadataImpl;
    }

    private String removeEncryptedSuffix(String str) {
        return str.substring(0, str.length() - Constants.S3_ENC_SUFFIX.length());
    }

    private MutableBlobMetadata removeEncryptedSuffix(BlobMetadata blobMetadata) {
        MutableBlobMetadataImpl mutableBlobMetadataImpl = new MutableBlobMetadataImpl(blobMetadata);
        if (isEncrypted(mutableBlobMetadataImpl.getName())) {
            mutableBlobMetadataImpl.setName(removeEncryptedSuffix(mutableBlobMetadataImpl.getName()));
        }
        return mutableBlobMetadataImpl;
    }

    private MutableBlobMetadata calculateBlobSize(BlobMetadata blobMetadata) {
        MutableBlobMetadata removeEncryptedSuffix = removeEncryptedSuffix(blobMetadata);
        if (removeEncryptedSuffix.getUserMetadata().containsKey(Constants.METADATA_ENCRYPTION_PARTS)) {
            long longValue = blobMetadata.getSize().longValue() - (64 * Integer.parseInt(removeEncryptedSuffix.getUserMetadata().get(Constants.METADATA_ENCRYPTION_PARTS)));
            removeEncryptedSuffix.setSize(Long.valueOf(longValue));
            removeEncryptedSuffix.getContentMetadata().setContentLength(Long.valueOf(longValue));
        } else {
            if (Constants.MPU_ETAG_SUFFIX_PATTERN.matcher(blobMetadata.getETag()).find()) {
                long longValue2 = blobMetadata.getSize().longValue() - (64 * Integer.parseInt(r0.group(1)));
                removeEncryptedSuffix.setSize(Long.valueOf(longValue2));
                removeEncryptedSuffix.getContentMetadata().setContentLength(Long.valueOf(longValue2));
            } else {
                long longValue3 = blobMetadata.getSize().longValue() - 64;
                removeEncryptedSuffix.setSize(Long.valueOf(longValue3));
                removeEncryptedSuffix.getContentMetadata().setContentLength(Long.valueOf(longValue3));
            }
        }
        return removeEncryptedSuffix;
    }

    private boolean multipartRequiresStub() {
        return Quirks.MULTIPART_REQUIRES_STUB.contains(getBlobStoreType());
    }

    private String blobNameWithSuffix(String str, String str2) {
        String blobNameWithSuffix = blobNameWithSuffix(str2);
        if (delegate().blobExists(str, blobNameWithSuffix)) {
            str2 = blobNameWithSuffix;
        }
        return str2;
    }

    private String blobNameWithSuffix(String str) {
        return str + ".s3enc";
    }

    private String getBlobStoreType() {
        return delegate().getContext().unwrap().getProviderMetadata().getId();
    }

    private String generateUploadId(String str, String str2) {
        return DigestUtils.sha256Hex(str + "/" + str2);
    }

    @Override // org.jclouds.blobstore.util.ForwardingBlobStore, org.jclouds.blobstore.BlobStore
    public Blob getBlob(String str, String str2) {
        return getBlob(str, str2, new GetOptions());
    }

    @Override // org.jclouds.blobstore.util.ForwardingBlobStore, org.jclouds.blobstore.BlobStore
    public Blob getBlob(String str, String str2, GetOptions getOptions) {
        String blobNameWithSuffix = blobNameWithSuffix(str2);
        BlobMetadata blobMetadata = delegate().blobMetadata(str, blobNameWithSuffix);
        try {
            if (blobMetadata == null) {
                return delegate().getBlob(str, removeEncryptedSuffix(blobNameWithSuffix), getOptions);
            }
            long j = 0;
            long j2 = 0;
            long j3 = -1;
            if (getOptions.getRanges().size() > 0) {
                String[] split = getOptions.getRanges().get(0).split("-", 2);
                if (split[0].isEmpty()) {
                    j2 = Long.parseLong(split[1]);
                    j3 = j2;
                } else if (split[1].isEmpty()) {
                    j = Long.parseLong(split[0]);
                } else {
                    j = Long.parseLong(split[0]);
                    j2 = Long.parseLong(split[1]);
                    j3 = (j2 - j) + 1;
                }
            }
            Decryption decryption = new Decryption(this.secretKey, delegate(), blobMetadata, j, j3);
            if (decryption.isEncrypted() && getOptions.getRanges().size() > 0) {
                getOptions.getRanges().clear();
                long startAt = decryption.getStartAt();
                long encryptedSize = decryption.getEncryptedSize();
                if (j == 0 && j2 > 0 && j3 == j2) {
                    startAt = decryption.calculateTail();
                } else if (j > 0 && j2 > 0) {
                    encryptedSize = decryption.calculateEndAt(j2);
                }
                getOptions.range(startAt, encryptedSize);
            }
            return decryptBlob(decryption, str, delegate().getBlob(str, blobNameWithSuffix, getOptions));
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    @Override // org.jclouds.blobstore.util.ForwardingBlobStore, org.jclouds.blobstore.BlobStore
    public String putBlob(String str, Blob blob) {
        return delegate().putBlob(str, encryptBlob(str, blob));
    }

    @Override // org.jclouds.blobstore.util.ForwardingBlobStore, org.jclouds.blobstore.BlobStore
    public String putBlob(String str, Blob blob, PutOptions putOptions) {
        return delegate().putBlob(str, encryptBlob(str, blob), putOptions);
    }

    @Override // org.jclouds.blobstore.util.ForwardingBlobStore, org.jclouds.blobstore.BlobStore
    public String copyBlob(String str, String str2, String str3, String str4, CopyOptions copyOptions) {
        String blobNameWithSuffix = blobNameWithSuffix(str2);
        if (delegate().blobExists(str, blobNameWithSuffix)) {
            str2 = blobNameWithSuffix;
            str4 = blobNameWithSuffix(str4);
        }
        return delegate().copyBlob(str, str2, str3, str4, copyOptions);
    }

    @Override // org.jclouds.blobstore.util.ForwardingBlobStore, org.jclouds.blobstore.BlobStore
    public void removeBlob(String str, String str2) {
        delegate().removeBlob(str, blobNameWithSuffix(str, str2));
    }

    @Override // org.jclouds.blobstore.util.ForwardingBlobStore, org.jclouds.blobstore.BlobStore
    public void removeBlobs(String str, Iterable<String> iterable) {
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = iterable.iterator();
        while (it.hasNext()) {
            arrayList.add(blobNameWithSuffix(str, it.next()));
        }
        delegate().removeBlobs(str, arrayList);
    }

    @Override // org.jclouds.blobstore.util.ForwardingBlobStore, org.jclouds.blobstore.BlobStore
    public BlobAccess getBlobAccess(String str, String str2) {
        return delegate().getBlobAccess(str, blobNameWithSuffix(str, str2));
    }

    @Override // org.jclouds.blobstore.util.ForwardingBlobStore, org.jclouds.blobstore.BlobStore
    public boolean blobExists(String str, String str2) {
        return delegate().blobExists(str, blobNameWithSuffix(str, str2));
    }

    @Override // org.jclouds.blobstore.util.ForwardingBlobStore, org.jclouds.blobstore.BlobStore
    public void setBlobAccess(String str, String str2, BlobAccess blobAccess) {
        delegate().setBlobAccess(str, blobNameWithSuffix(str, str2), blobAccess);
    }

    @Override // org.jclouds.blobstore.util.ForwardingBlobStore, org.jclouds.blobstore.BlobStore
    public PageSet<? extends StorageMetadata> list() {
        return filteredList(delegate().list());
    }

    @Override // org.jclouds.blobstore.util.ForwardingBlobStore, org.jclouds.blobstore.BlobStore
    public PageSet<? extends StorageMetadata> list(String str) {
        return filteredList(delegate().list(str));
    }

    @Override // org.jclouds.blobstore.util.ForwardingBlobStore, org.jclouds.blobstore.BlobStore
    public PageSet<? extends StorageMetadata> list(String str, ListContainerOptions listContainerOptions) {
        return filteredList(delegate().list(str, listContainerOptions));
    }

    @Override // org.jclouds.blobstore.util.ForwardingBlobStore, org.jclouds.blobstore.BlobStore
    public MultipartUpload initiateMultipartUpload(String str, BlobMetadata blobMetadata, PutOptions putOptions) {
        MutableBlobMetadata encryptedSuffix = setEncryptedSuffix(new MutableBlobMetadataImpl(blobMetadata));
        MultipartUpload initiateMultipartUpload = delegate().initiateMultipartUpload(str, encryptedSuffix, putOptions);
        if (multipartRequiresStub()) {
            encryptedSuffix.getUserMetadata().put(Constants.METADATA_IS_ENCRYPTED_MULTIPART, "true");
            if (getBlobStoreType().equals("azureblob")) {
                delegate().uploadMultipartPart(initiateMultipartUpload, 0, Payloads.newStringPayload("dummy"));
                initiateMultipartUpload = MultipartUpload.create(initiateMultipartUpload.containerName(), initiateMultipartUpload.blobName(), generateUploadId(str, encryptedSuffix.getName()), initiateMultipartUpload.blobMetadata(), putOptions);
            } else if (getBlobStoreType().equals("google-cloud-storage")) {
                encryptedSuffix.getUserMetadata().put(Constants.METADATA_MULTIPART_KEY, encryptedSuffix.getName());
                String generateUploadId = generateUploadId(str, encryptedSuffix.getName());
                delegate().putBlob(str, blobBuilder(".mpu/" + generateUploadId).payload("").userMetadata(encryptedSuffix.getUserMetadata()).build(), putOptions);
                initiateMultipartUpload = MultipartUpload.create(initiateMultipartUpload.containerName(), initiateMultipartUpload.blobName(), generateUploadId, initiateMultipartUpload.blobMetadata(), putOptions);
            }
        }
        return initiateMultipartUpload;
    }

    @Override // org.jclouds.blobstore.util.ForwardingBlobStore, org.jclouds.blobstore.BlobStore
    public List<MultipartUpload> listMultipartUploads(String str) {
        List<MultipartUpload> arrayList = new ArrayList();
        if (getBlobStoreType().equals("google-cloud-storage")) {
            for (StorageMetadata storageMetadata : delegate().list(str, new ListContainerOptions().prefix(Constants.MPU_FOLDER))) {
                Map<String, String> userMetadata = storageMetadata.getUserMetadata();
                if (userMetadata.containsKey(Constants.METADATA_MULTIPART_KEY)) {
                    arrayList.add(MultipartUpload.create(str, userMetadata.get(Constants.METADATA_MULTIPART_KEY), storageMetadata.getName().substring(storageMetadata.getName().lastIndexOf("/") + 1), null, null));
                }
            }
        } else {
            arrayList = delegate().listMultipartUploads(str);
        }
        ArrayList arrayList2 = new ArrayList();
        for (MultipartUpload multipartUpload : arrayList) {
            if (isEncrypted(multipartUpload.blobName())) {
                String removeEncryptedSuffix = removeEncryptedSuffix(multipartUpload.blobName());
                String id = multipartUpload.id();
                if (getBlobStoreType().equals("azureblob")) {
                    id = generateUploadId(str, multipartUpload.blobName());
                }
                arrayList2.add(MultipartUpload.create(multipartUpload.containerName(), removeEncryptedSuffix, id, multipartUpload.blobMetadata(), multipartUpload.putOptions()));
            } else {
                arrayList2.add(multipartUpload);
            }
        }
        return arrayList2;
    }

    @Override // org.jclouds.blobstore.util.ForwardingBlobStore, org.jclouds.blobstore.BlobStore
    public List<MultipartPart> listMultipartUpload(MultipartUpload multipartUpload) {
        List<MultipartPart> listMultipartUpload = delegate().listMultipartUpload(filterMultipartUpload(multipartUpload));
        ArrayList arrayList = new ArrayList();
        for (MultipartPart multipartPart : listMultipartUpload) {
            if (!getBlobStoreType().equals("azureblob") || multipartPart.partNumber() != 0) {
                arrayList.add(MultipartPart.create(multipartPart.partNumber(), multipartPart.partSize() - 64, multipartPart.partETag(), multipartPart.lastModified()));
            }
        }
        return arrayList;
    }

    @Override // org.jclouds.blobstore.util.ForwardingBlobStore, org.jclouds.blobstore.BlobStore
    public MultipartPart uploadMultipartPart(MultipartUpload multipartUpload, int i, Payload payload) {
        return delegate().uploadMultipartPart(filterMultipartUpload(multipartUpload), i, encryptPayload(payload, i));
    }

    private MultipartUpload filterMultipartUpload(MultipartUpload multipartUpload) {
        MutableBlobMetadata mutableBlobMetadata = null;
        if (multipartUpload.blobMetadata() != null) {
            mutableBlobMetadata = setEncryptedSuffix(new MutableBlobMetadataImpl(multipartUpload.blobMetadata()));
        }
        String blobName = multipartUpload.blobName();
        if (!isEncrypted(blobName)) {
            blobName = blobNameWithSuffix(blobName);
        }
        return MultipartUpload.create(multipartUpload.containerName(), blobName, multipartUpload.id(), mutableBlobMetadata, multipartUpload.putOptions());
    }

    @Override // org.jclouds.blobstore.util.ForwardingBlobStore, org.jclouds.blobstore.BlobStore
    public String completeMultipartUpload(MultipartUpload multipartUpload, List<MultipartPart> list) {
        MutableBlobMetadata mutableBlobMetadataImpl = new MutableBlobMetadataImpl(multipartUpload.blobMetadata());
        String blobName = multipartUpload.blobName();
        if (getBlobStoreType().equals("google-cloud-storage") && multipartUpload.blobName().startsWith(multipartUpload.id())) {
            this.logger.debug("skip suffix on gcp");
        } else {
            mutableBlobMetadataImpl = setEncryptedSuffix(mutableBlobMetadataImpl);
            if (!isEncrypted(multipartUpload.blobName())) {
                blobName = blobNameWithSuffix(blobName);
            }
        }
        MultipartUpload create = MultipartUpload.create(multipartUpload.containerName(), blobName, multipartUpload.id(), mutableBlobMetadataImpl, multipartUpload.putOptions());
        if (multipartRequiresStub()) {
            long size = list.size();
            if (getBlobStoreType().equals("google-cloud-storage")) {
                size = 0;
                Iterator<MultipartPart> it = list.iterator();
                while (it.hasNext()) {
                    BlobMetadata blobMetadata = delegate().blobMetadata(multipartUpload.containerName(), String.format("%s_%08d", multipartUpload.id(), Integer.valueOf(it.next().partNumber())));
                    size = (blobMetadata == null || !blobMetadata.getUserMetadata().containsKey(Constants.METADATA_ENCRYPTION_PARTS)) ? size + 1 : size + Long.parseLong(blobMetadata.getUserMetadata().get(Constants.METADATA_ENCRYPTION_PARTS));
                }
            }
            create.blobMetadata().getUserMetadata().put(Constants.METADATA_ENCRYPTION_PARTS, String.valueOf(size));
            create.blobMetadata().getUserMetadata().remove(Constants.METADATA_IS_ENCRYPTED_MULTIPART);
        }
        String completeMultipartUpload = delegate().completeMultipartUpload(create, list);
        if (getBlobStoreType().equals("google-cloud-storage")) {
            delegate().removeBlob(multipartUpload.containerName(), ".mpu/" + multipartUpload.id());
        }
        return completeMultipartUpload;
    }

    @Override // org.jclouds.blobstore.util.ForwardingBlobStore, org.jclouds.blobstore.BlobStore
    public BlobMetadata blobMetadata(String str, String str2) {
        BlobMetadata blobMetadata = delegate().blobMetadata(str, blobNameWithSuffix(str, str2));
        if (blobMetadata != null && isEncrypted(blobMetadata) && !blobMetadata.getUserMetadata().containsKey(Constants.METADATA_IS_ENCRYPTED_MULTIPART)) {
            blobMetadata = calculateBlobSize(removeEncryptedSuffix(blobMetadata));
        }
        return blobMetadata;
    }

    @Override // org.jclouds.blobstore.util.ForwardingBlobStore, org.jclouds.blobstore.BlobStore
    public long getMaximumMultipartPartSize() {
        return delegate().getMaximumMultipartPartSize() - 64;
    }
}
