package software.amazon.encryption.s3.internal;

import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.io.IOException;
import java.io.OutputStream;
import java.security.SecureRandom;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.Executors;
import org.slf4j.Logger;
import software.amazon.awssdk.awscore.exception.AwsServiceException;
import software.amazon.awssdk.core.async.AsyncRequestBody;
import software.amazon.awssdk.core.exception.SdkClientException;
import software.amazon.awssdk.core.sync.RequestBody;
import software.amazon.awssdk.services.s3.S3AsyncClient;
import software.amazon.awssdk.services.s3.model.AbortMultipartUploadRequest;
import software.amazon.awssdk.services.s3.model.AbortMultipartUploadResponse;
import software.amazon.awssdk.services.s3.model.CompleteMultipartUploadRequest;
import software.amazon.awssdk.services.s3.model.CompleteMultipartUploadResponse;
import software.amazon.awssdk.services.s3.model.CreateMultipartUploadRequest;
import software.amazon.awssdk.services.s3.model.CreateMultipartUploadResponse;
import software.amazon.awssdk.services.s3.model.SdkPartType;
import software.amazon.awssdk.services.s3.model.UploadPartRequest;
import software.amazon.awssdk.services.s3.model.UploadPartResponse;
import software.amazon.awssdk.utils.IoUtils;
import software.amazon.encryption.s3.S3EncryptionClientException;
import software.amazon.encryption.s3.algorithms.AlgorithmSuite;
import software.amazon.encryption.s3.materials.CryptographicMaterialsManager;
import software.amazon.encryption.s3.materials.EncryptionMaterials;
import software.amazon.encryption.s3.materials.EncryptionMaterialsRequest;

/* loaded from: input_file:software/amazon/encryption/s3/internal/MultipartUploadObjectPipeline.class */
public class MultipartUploadObjectPipeline {
    private final S3AsyncClient _s3AsyncClient;
    private final CryptographicMaterialsManager _cryptoMaterialsManager;
    private final MultipartContentEncryptionStrategy _contentEncryptionStrategy;
    private final ContentMetadataEncodingStrategy _contentMetadataEncodingStrategy;
    private final Map<String, MultipartUploadMaterials> _multipartUploadMaterials;

    /* loaded from: input_file:software/amazon/encryption/s3/internal/MultipartUploadObjectPipeline$Builder.class */
    public static class Builder {
        private final Map<String, MultipartUploadMaterials> _multipartUploadMaterials;
        private final ContentMetadataEncodingStrategy _contentMetadataEncodingStrategy;
        private S3AsyncClient _s3AsyncClient;
        private CryptographicMaterialsManager _cryptoMaterialsManager;
        private SecureRandom _secureRandom;
        private MultipartContentEncryptionStrategy _contentEncryptionStrategy;

        private Builder() {
            this._multipartUploadMaterials = Collections.synchronizedMap(new HashMap());
            this._contentMetadataEncodingStrategy = ContentMetadataStrategy.OBJECT_METADATA;
        }

        @SuppressFBWarnings(value = {"EI_EXPOSE_REP2"}, justification = "Pass mutability into wrapping client")
        public Builder s3AsyncClient(S3AsyncClient s3AsyncClient) {
            this._s3AsyncClient = s3AsyncClient;
            return this;
        }

        public Builder cryptoMaterialsManager(CryptographicMaterialsManager cryptographicMaterialsManager) {
            this._cryptoMaterialsManager = cryptographicMaterialsManager;
            return this;
        }

        public Builder secureRandom(SecureRandom secureRandom) {
            this._secureRandom = secureRandom;
            return this;
        }

        public MultipartUploadObjectPipeline build() {
            if (this._contentEncryptionStrategy == null) {
                this._contentEncryptionStrategy = StreamingAesGcmContentStrategy.builder().secureRandom(this._secureRandom).build();
            }
            return new MultipartUploadObjectPipeline(this);
        }
    }

    private MultipartUploadObjectPipeline(Builder builder) {
        this._s3AsyncClient = builder._s3AsyncClient;
        this._cryptoMaterialsManager = builder._cryptoMaterialsManager;
        this._contentEncryptionStrategy = builder._contentEncryptionStrategy;
        this._contentMetadataEncodingStrategy = builder._contentMetadataEncodingStrategy;
        this._multipartUploadMaterials = builder._multipartUploadMaterials;
    }

    public static Builder builder() {
        return new Builder();
    }

    public CreateMultipartUploadResponse createMultipartUpload(CreateMultipartUploadRequest createMultipartUploadRequest) {
        EncryptionMaterials encryptionMaterials = this._cryptoMaterialsManager.getEncryptionMaterials(EncryptionMaterialsRequest.builder().s3Request(createMultipartUploadRequest).build());
        MultipartEncryptedContent initMultipartEncryption = this._contentEncryptionStrategy.initMultipartEncryption(encryptionMaterials);
        CreateMultipartUploadResponse createMultipartUploadResponse = (CreateMultipartUploadResponse) this._s3AsyncClient.createMultipartUpload((CreateMultipartUploadRequest) createMultipartUploadRequest.toBuilder().overrideConfiguration(ApiNameVersion.API_NAME_INTERCEPTOR).metadata(this._contentMetadataEncodingStrategy.encodeMetadata(encryptionMaterials, initMultipartEncryption.getIv(), new HashMap(createMultipartUploadRequest.metadata()))).build()).join();
        this._multipartUploadMaterials.put(createMultipartUploadResponse.uploadId(), MultipartUploadMaterials.builder().fromEncryptionMaterials(encryptionMaterials).cipher(initMultipartEncryption.getCipher()).build());
        return createMultipartUploadResponse;
    }

    public UploadPartResponse uploadPart(UploadPartRequest uploadPartRequest, RequestBody requestBody) throws AwsServiceException, SdkClientException {
        long longValue;
        int cipherBlockSizeBytes = AlgorithmSuite.ALG_AES_256_GCM_IV12_TAG16_NO_KDF.cipherBlockSizeBytes();
        if (uploadPartRequest.contentLength() == null) {
            longValue = ((Long) requestBody.optionalContentLength().orElse(-1L)).longValue();
        } else {
            if (requestBody.optionalContentLength().isPresent() && !uploadPartRequest.contentLength().equals(requestBody.optionalContentLength().get())) {
                throw new S3EncryptionClientException("The contentLength provided in the request object MUST match the contentLength in the request body");
            }
            longValue = !requestBody.optionalContentLength().isPresent() ? uploadPartRequest.contentLength().longValue() : uploadPartRequest.contentLength().longValue();
        }
        boolean z = uploadPartRequest.sdkPartType() != null && uploadPartRequest.sdkPartType().equals(SdkPartType.LAST);
        long cipherTagLengthBytes = longValue + (z ? r0.cipherTagLengthBytes() : 0);
        boolean z2 = 0 == longValue % ((long) cipherBlockSizeBytes);
        if (!z && !z2) {
            throw new S3EncryptionClientException("Invalid part size: part sizes for encrypted multipart uploads must be multiples of the cipher block size (" + cipherBlockSizeBytes + ") with the exception of the last part.");
        }
        UploadPartRequest uploadPartRequest2 = (UploadPartRequest) uploadPartRequest.toBuilder().overrideConfiguration(ApiNameVersion.API_NAME_INTERCEPTOR).contentLength(Long.valueOf(cipherTagLengthBytes)).build();
        String uploadId = uploadPartRequest2.uploadId();
        MultipartUploadMaterials multipartUploadMaterials = this._multipartUploadMaterials.get(uploadId);
        if (multipartUploadMaterials == null) {
            throw new S3EncryptionClientException("No client-side information available on upload ID " + uploadId);
        }
        multipartUploadMaterials.beginPartUpload(uploadPartRequest2.partNumber().intValue(), longValue);
        try {
            CipherAsyncRequestBody cipherAsyncRequestBody = new CipherAsyncRequestBody(AsyncRequestBody.fromInputStream(requestBody.contentStreamProvider().newStream(), Long.valueOf(longValue), Executors.newSingleThreadExecutor()), Long.valueOf(cipherTagLengthBytes), multipartUploadMaterials, multipartUploadMaterials.getCipher(multipartUploadMaterials.getIv()).getIV(), z);
            if (z && multipartUploadMaterials.hasFinalPartBeenSeen()) {
                throw new S3EncryptionClientException("This part was specified as the last part in a multipart upload, but a previous part was already marked as the last part. Only the last part of the upload should be marked as the last part.");
            }
            UploadPartResponse uploadPartResponse = (UploadPartResponse) this._s3AsyncClient.uploadPart(uploadPartRequest2, new NoRetriesAsyncRequestBody(cipherAsyncRequestBody)).join();
            multipartUploadMaterials.endPartUpload();
            if (z) {
                multipartUploadMaterials.setHasFinalPartBeenSeen(true);
            }
            return uploadPartResponse;
        } catch (Throwable th) {
            multipartUploadMaterials.endPartUpload();
            throw th;
        }
    }

    public CompleteMultipartUploadResponse completeMultipartUpload(CompleteMultipartUploadRequest completeMultipartUploadRequest) throws AwsServiceException, SdkClientException {
        String uploadId = completeMultipartUploadRequest.uploadId();
        MultipartUploadMaterials multipartUploadMaterials = this._multipartUploadMaterials.get(uploadId);
        if (multipartUploadMaterials != null && !multipartUploadMaterials.hasFinalPartBeenSeen()) {
            throw new S3EncryptionClientException("Unable to complete an encrypted multipart upload without being told which part was the last.  Without knowing which part was the last, the encrypted data in Amazon S3 is incomplete and corrupt.");
        }
        CompleteMultipartUploadResponse completeMultipartUploadResponse = (CompleteMultipartUploadResponse) this._s3AsyncClient.completeMultipartUpload((CompleteMultipartUploadRequest) completeMultipartUploadRequest.toBuilder().overrideConfiguration(ApiNameVersion.API_NAME_INTERCEPTOR).build()).join();
        this._multipartUploadMaterials.remove(uploadId);
        return completeMultipartUploadResponse;
    }

    public AbortMultipartUploadResponse abortMultipartUpload(AbortMultipartUploadRequest abortMultipartUploadRequest) {
        this._multipartUploadMaterials.remove(abortMultipartUploadRequest.uploadId());
        return (AbortMultipartUploadResponse) this._s3AsyncClient.abortMultipartUpload((AbortMultipartUploadRequest) abortMultipartUploadRequest.toBuilder().overrideConfiguration(ApiNameVersion.API_NAME_INTERCEPTOR).build()).join();
    }

    public void putLocalObject(RequestBody requestBody, String str, OutputStream outputStream) throws IOException {
        MultipartUploadMaterials multipartUploadMaterials = this._multipartUploadMaterials.get(str);
        try {
            IoUtils.copy(new AuthenticatedCipherInputStream(requestBody.contentStreamProvider().newStream(), multipartUploadMaterials.getCipher(multipartUploadMaterials.getIv())), outputStream);
            multipartUploadMaterials.setHasFinalPartBeenSeen(true);
            IoUtils.closeQuietly(outputStream, (Logger) null);
        } catch (Throwable th) {
            IoUtils.closeQuietly(outputStream, (Logger) null);
            throw th;
        }
    }
}
