package com.aliyun.oss.crypto;

import com.aliyun.oss.ClientException;
import com.aliyun.oss.OSSEncryptionClient;
import com.aliyun.oss.common.utils.BinaryUtil;
import com.aliyun.oss.common.utils.CodingUtils;
import com.aliyun.oss.common.utils.IOUtils;
import com.aliyun.oss.common.utils.LogUtils;
import com.aliyun.oss.internal.Mimetypes;
import com.aliyun.oss.internal.OSSUtils;
import com.aliyun.oss.model.GetObjectRequest;
import com.aliyun.oss.model.InitiateMultipartUploadRequest;
import com.aliyun.oss.model.InitiateMultipartUploadResult;
import com.aliyun.oss.model.OSSObject;
import com.aliyun.oss.model.ObjectMetadata;
import com.aliyun.oss.model.PutObjectRequest;
import com.aliyun.oss.model.PutObjectResult;
import com.aliyun.oss.model.UploadPartRequest;
import com.aliyun.oss.model.UploadPartResult;
import com.aliyun.oss.model.WebServiceRequest;
import java.io.BufferedOutputStream;
import java.io.Closeable;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.NoSuchAlgorithmException;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.zip.CheckedInputStream;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import org.apache.http.HttpHeaders;
import org.codehaus.jettison.json.JSONException;
import org.codehaus.jettison.json.JSONObject;

/* loaded from: input_file:com/aliyun/oss/crypto/CryptoModuleBase.class */
public abstract class CryptoModuleBase implements CryptoModule {
    protected static final int DEFAULT_BUFFER_SIZE = 2048;
    protected final EncryptionMaterials encryptionMaterials;
    protected final CryptoScheme contentCryptoScheme;
    protected final CryptoConfiguration cryptoConfig;
    protected final OSSDirect ossDirect;
    protected final String encryptionClientUserAgent;

    /* JADX INFO: Access modifiers changed from: protected */
    public CryptoModuleBase(OSSDirect oSSDirect, EncryptionMaterials encryptionMaterials, CryptoConfiguration cryptoConfiguration) {
        this.encryptionMaterials = encryptionMaterials;
        this.ossDirect = oSSDirect;
        this.cryptoConfig = cryptoConfiguration;
        this.contentCryptoScheme = getCryptoScheme(cryptoConfiguration.getContentCryptoMode());
        this.encryptionClientUserAgent = this.ossDirect.getInnerClientConfiguration().getUserAgent() + OSSEncryptionClient.USER_AGENT_SUFFIX;
    }

    private static final CryptoScheme getCryptoScheme(ContentCryptoMode contentCryptoMode) {
        switch (contentCryptoMode) {
            case AES_CTR_MODE:
            default:
                return CryptoScheme.AES_CTR;
        }
    }

    abstract byte[] generateIV();

    abstract CryptoCipher createCryptoCipherFromContentMaterial(ContentCryptoMaterial contentCryptoMaterial, int i, long[] jArr, long j);

    @Override // com.aliyun.oss.crypto.CryptoModule
    public PutObjectResult putObjectSecurely(PutObjectRequest putObjectRequest) {
        setUserAgent(putObjectRequest, this.encryptionClientUserAgent);
        ContentCryptoMaterial buildContentCryptoMaterials = buildContentCryptoMaterials();
        putObjectRequest.setMetadata(updateMetadataWithContentCryptoMaterial(putObjectRequest.getMetadata(), putObjectRequest.getFile(), buildContentCryptoMaterials));
        File file = putObjectRequest.getFile();
        InputStream inputStream = putObjectRequest.getInputStream();
        PutObjectRequest wrapPutRequestWithCipher = wrapPutRequestWithCipher(putObjectRequest, buildContentCryptoMaterials);
        try {
            PutObjectResult putObject = this.ossDirect.putObject(wrapPutRequestWithCipher);
            safeCloseSource(wrapPutRequestWithCipher.getInputStream());
            putObjectRequest.setFile(file);
            putObjectRequest.setInputStream(inputStream);
            return putObject;
        } catch (Throwable th) {
            safeCloseSource(wrapPutRequestWithCipher.getInputStream());
            putObjectRequest.setFile(file);
            putObjectRequest.setInputStream(inputStream);
            throw th;
        }
    }

    protected final PutObjectRequest wrapPutRequestWithCipher(PutObjectRequest putObjectRequest, ContentCryptoMaterial contentCryptoMaterial) {
        ObjectMetadata metadata = putObjectRequest.getMetadata();
        if (metadata == null) {
            metadata = new ObjectMetadata();
        }
        updateContentMd5(putObjectRequest, metadata);
        updateContentLength(putObjectRequest, metadata);
        putObjectRequest.setInputStream(newOSSCryptoCipherInputStream(putObjectRequest, createCryptoCipherFromContentMaterial(contentCryptoMaterial, 1, null, 0L)));
        putObjectRequest.setFile(null);
        return putObjectRequest;
    }

    private void updateContentMd5(PutObjectRequest putObjectRequest, ObjectMetadata objectMetadata) {
        if (objectMetadata.getContentMD5() != null) {
            objectMetadata.addUserMetadata(CryptoHeaders.CRYPTO_UNENCRYPTION_CONTENT_MD5, objectMetadata.getContentMD5());
            objectMetadata.removeHeader("Content-MD5");
        }
        Map<String, String> headers = putObjectRequest.getHeaders();
        if (headers.containsKey("Content-MD5")) {
            objectMetadata.addUserMetadata(CryptoHeaders.CRYPTO_UNENCRYPTION_CONTENT_MD5, headers.get("Content-MD5"));
            headers.remove("Content-MD5");
        }
        putObjectRequest.setMetadata(objectMetadata);
    }

    private void updateContentLength(PutObjectRequest putObjectRequest, ObjectMetadata objectMetadata) {
        long plaintextLength = plaintextLength(putObjectRequest, objectMetadata);
        if (plaintextLength >= 0) {
            objectMetadata.addUserMetadata(CryptoHeaders.CRYPTO_UNENCRYPTION_CONTENT_LENGTH, Long.toString(plaintextLength));
            objectMetadata.setContentLength(plaintextLength);
        }
        Map<String, String> headers = putObjectRequest.getHeaders();
        if (headers.containsKey("Content-Length")) {
            objectMetadata.addUserMetadata(CryptoHeaders.CRYPTO_UNENCRYPTION_CONTENT_LENGTH, headers.get("Content-Length"));
        }
        putObjectRequest.setMetadata(objectMetadata);
    }

    public static boolean hasEncryptionInfo(ObjectMetadata objectMetadata) {
        Map<String, String> userMetadata = objectMetadata.getUserMetadata();
        return userMetadata != null && userMetadata.containsKey(CryptoHeaders.CRYPTO_KEY) && userMetadata.containsKey(CryptoHeaders.CRYPTO_IV);
    }

    @Override // com.aliyun.oss.crypto.CryptoModule
    public OSSObject getObjectSecurely(GetObjectRequest getObjectRequest) {
        setUserAgent(getObjectRequest, this.encryptionClientUserAgent);
        long[] range = getObjectRequest.getRange();
        long[] adjustedCryptoRange = getAdjustedCryptoRange(range);
        if (adjustedCryptoRange != null) {
            getObjectRequest.setRange(adjustedCryptoRange[0], adjustedCryptoRange[1]);
        }
        OSSObject object = this.ossDirect.getObject(getObjectRequest);
        if (((String) object.getObjectMetadata().getRawMetadata().get(HttpHeaders.CONTENT_RANGE)) == null && adjustedCryptoRange != null) {
            range[0] = 0;
            range[1] = object.getObjectMetadata().getContentLength() - 1;
            adjustedCryptoRange = (long[]) range.clone();
        }
        try {
            return hasEncryptionInfo(object.getObjectMetadata()) ? decipherWithMetadata(getObjectRequest, range, adjustedCryptoRange, object) : adjustToDesiredRange(object, range);
        } catch (Exception e) {
            safeCloseSource(object);
            throw new ClientException(e);
        }
    }

    protected OSSObject decipherWithMetadata(GetObjectRequest getObjectRequest, long[] jArr, long[] jArr2, OSSObject oSSObject) {
        oSSObject.setObjectContent(new CipherInputStream(oSSObject.getObjectContent(), createCryptoCipherFromContentMaterial(createContentMaterialFromMetadata(oSSObject.getObjectMetadata()), 2, jArr2, 0L), 2048));
        return adjustToDesiredRange(oSSObject, jArr);
    }

    protected void safeCloseSource(Closeable closeable) {
        if (closeable != null) {
            try {
                closeable.close();
            } catch (IOException e) {
            }
        }
    }

    protected final OSSObject adjustToDesiredRange(OSSObject oSSObject, long[] jArr) {
        if (jArr == null) {
            return oSSObject;
        }
        try {
            oSSObject.setObjectContent(new AdjustedRangeInputStream(oSSObject.getObjectContent(), jArr[0], jArr[1]));
            return oSSObject;
        } catch (IOException e) {
            throw new ClientException("Error adjusting output to desired byte range: " + e.getMessage());
        }
    }

    private void checkMultipartContext(MultipartUploadCryptoContext multipartUploadCryptoContext) {
        if (multipartUploadCryptoContext == null) {
            throw new IllegalArgumentException("MultipartUploadCryptoContext should not be null.");
        }
        if (0 != multipartUploadCryptoContext.getPartSize() % 16 || multipartUploadCryptoContext.getPartSize() <= 0) {
            throw new IllegalArgumentException("MultipartUploadCryptoContext part size is not 16 bytes alignment.");
        }
    }

    @Override // com.aliyun.oss.crypto.CryptoModule
    public ObjectMetadata getObjectSecurely(GetObjectRequest getObjectRequest, File file) {
        CodingUtils.assertParameterNotNull(file, "file");
        OSSObject objectSecurely = getObjectSecurely(getObjectRequest);
        BufferedOutputStream bufferedOutputStream = null;
        try {
            try {
                bufferedOutputStream = new BufferedOutputStream(new FileOutputStream(file));
                byte[] bArr = new byte[2048];
                while (true) {
                    int readNBytes = IOUtils.readNBytes(objectSecurely.getObjectContent(), bArr, 0, bArr.length);
                    if (readNBytes <= 0) {
                        break;
                    }
                    bufferedOutputStream.write(bArr, 0, readNBytes);
                }
                if (this.ossDirect.getInnerClientConfiguration().isCrcCheckEnabled() && getObjectRequest.getRange() == null) {
                    Long l = null;
                    InputStream objectContent = objectSecurely.getObjectContent();
                    if (objectContent instanceof CipherInputStream) {
                        InputStream delegateStream = ((CipherInputStream) objectContent).getDelegateStream();
                        if (delegateStream instanceof CheckedInputStream) {
                            l = Long.valueOf(((CheckedInputStream) delegateStream).getChecksum().getValue());
                        }
                    } else {
                        l = IOUtils.getCRCValue(objectSecurely.getObjectContent());
                    }
                    OSSUtils.checkChecksum(l, objectSecurely.getServerCRC(), objectSecurely.getRequestId());
                }
                ObjectMetadata objectMetadata = objectSecurely.getObjectMetadata();
                IOUtils.safeClose(bufferedOutputStream);
                IOUtils.safeClose(objectSecurely.getObjectContent());
                return objectMetadata;
            } catch (IOException e) {
                LogUtils.logException("Cannot read object content stream: ", e);
                throw new ClientException(OSSUtils.OSS_RESOURCE_MANAGER.getString("CannotReadContentStream"), e);
            }
        } catch (Throwable th) {
            IOUtils.safeClose(bufferedOutputStream);
            IOUtils.safeClose(objectSecurely.getObjectContent());
            throw th;
        }
    }

    @Override // com.aliyun.oss.crypto.CryptoModule
    public InitiateMultipartUploadResult initiateMultipartUploadSecurely(InitiateMultipartUploadRequest initiateMultipartUploadRequest, MultipartUploadCryptoContext multipartUploadCryptoContext) {
        checkMultipartContext(multipartUploadCryptoContext);
        setUserAgent(initiateMultipartUploadRequest, this.encryptionClientUserAgent);
        ContentCryptoMaterial buildContentCryptoMaterials = buildContentCryptoMaterials();
        ObjectMetadata objectMetadata = initiateMultipartUploadRequest.getObjectMetadata();
        if (objectMetadata == null) {
            objectMetadata = new ObjectMetadata();
        }
        initiateMultipartUploadRequest.setObjectMetadata(updateMetadataWithUploadContext(updateMetadataWithContentCryptoMaterial(objectMetadata, null, buildContentCryptoMaterials), multipartUploadCryptoContext));
        InitiateMultipartUploadResult initiateMultipartUpload = this.ossDirect.initiateMultipartUpload(initiateMultipartUploadRequest);
        multipartUploadCryptoContext.setUploadId(initiateMultipartUpload.getUploadId());
        multipartUploadCryptoContext.setContentCryptoMaterial(buildContentCryptoMaterials);
        return initiateMultipartUpload;
    }

    @Override // com.aliyun.oss.crypto.CryptoModule
    public UploadPartResult uploadPartSecurely(UploadPartRequest uploadPartRequest, MultipartUploadCryptoContext multipartUploadCryptoContext) {
        checkMultipartContext(multipartUploadCryptoContext);
        if (!multipartUploadCryptoContext.getUploadId().equals(uploadPartRequest.getUploadId())) {
            throw new ClientException("The multipartUploadCryptoContextcontext input upload id is invalid.context uploadid:" + multipartUploadCryptoContext.getUploadId() + ",uploadRequest uploadid:" + uploadPartRequest.getUploadId());
        }
        setUserAgent(uploadPartRequest, this.encryptionClientUserAgent);
        CryptoCipher createCryptoCipherFromContentMaterial = createCryptoCipherFromContentMaterial(multipartUploadCryptoContext.getContentCryptoMaterial(), 1, null, (multipartUploadCryptoContext.getPartSize() * (uploadPartRequest.getPartNumber() - 1)) / 16);
        InputStream inputStream = uploadPartRequest.getInputStream();
        RenewableCipherInputStream renewableCipherInputStream = null;
        try {
            renewableCipherInputStream = new RenewableCipherInputStream(inputStream, createCryptoCipherFromContentMaterial, 2048);
            uploadPartRequest.setInputStream(renewableCipherInputStream);
            UploadPartResult uploadPart = this.ossDirect.uploadPart(uploadPartRequest);
            safeCloseSource(renewableCipherInputStream);
            uploadPartRequest.setInputStream(inputStream);
            return uploadPart;
        } catch (Throwable th) {
            safeCloseSource(renewableCipherInputStream);
            uploadPartRequest.setInputStream(inputStream);
            throw th;
        }
    }

    private CipherInputStream newOSSCryptoCipherInputStream(PutObjectRequest putObjectRequest, CryptoCipher cryptoCipher) {
        File file = putObjectRequest.getFile();
        InputStream inputStream = putObjectRequest.getInputStream();
        InputStream inputStream2 = inputStream;
        if (file != null) {
            try {
                inputStream2 = new FileInputStream(file);
            } catch (Exception e) {
                safeCloseSource(inputStream2);
                putObjectRequest.setFile(file);
                putObjectRequest.setInputStream(inputStream);
                throw new ClientException("Unable to create cipher input stream." + e.getMessage(), e);
            }
        }
        return new RenewableCipherInputStream(inputStream2, cryptoCipher, 2048);
    }

    protected final long plaintextLength(PutObjectRequest putObjectRequest, ObjectMetadata objectMetadata) {
        if (putObjectRequest.getFile() != null) {
            return putObjectRequest.getFile().length();
        }
        if (putObjectRequest.getInputStream() == null || objectMetadata.getRawMetadata().get("Content-Length") == null) {
            return -1L;
        }
        return objectMetadata.getContentLength();
    }

    long[] getAdjustedCryptoRange(long[] jArr) {
        if (jArr == null) {
            return null;
        }
        if (jArr[0] > jArr[1] || jArr[0] < 0 || jArr[1] <= 0) {
            throw new ClientException("Your input get-range is illegal. + range:" + jArr[0] + "~" + jArr[1]);
        }
        return new long[]{getCipherBlockLowerBound(jArr[0]), jArr[1]};
    }

    private long getCipherBlockLowerBound(long j) {
        return j - (j % 16);
    }

    protected final ContentCryptoMaterial buildContentCryptoMaterials() {
        byte[] generateIV = generateIV();
        SecretKey generateCEK = generateCEK();
        ContentCryptoMaterialRW contentCryptoMaterialRW = new ContentCryptoMaterialRW();
        contentCryptoMaterialRW.setIV(generateIV);
        contentCryptoMaterialRW.setCEK(generateCEK);
        contentCryptoMaterialRW.setContentCryptoAlgorithm(this.contentCryptoScheme.getContentChiperAlgorithm());
        this.encryptionMaterials.encryptCEK(contentCryptoMaterialRW);
        return contentCryptoMaterialRW;
    }

    protected final ObjectMetadata updateMetadataWithUploadContext(ObjectMetadata objectMetadata, MultipartUploadCryptoContext multipartUploadCryptoContext) {
        if (objectMetadata == null) {
            objectMetadata = new ObjectMetadata();
        }
        objectMetadata.addUserMetadata(CryptoHeaders.CRYPTO_PART_SIZE, String.valueOf(multipartUploadCryptoContext.getPartSize()));
        if (multipartUploadCryptoContext.getDataSize() > 0) {
            objectMetadata.addUserMetadata(CryptoHeaders.CRYPTO_DATA_SIZE, String.valueOf(multipartUploadCryptoContext.getDataSize()));
        }
        return objectMetadata;
    }

    protected final ObjectMetadata updateMetadataWithContentCryptoMaterial(ObjectMetadata objectMetadata, File file, ContentCryptoMaterial contentCryptoMaterial) {
        if (objectMetadata == null) {
            objectMetadata = new ObjectMetadata();
        }
        if (file != null) {
            objectMetadata.setContentType(Mimetypes.getInstance().getMimetype(file));
        }
        objectMetadata.addUserMetadata(CryptoHeaders.CRYPTO_KEY, BinaryUtil.toBase64String(contentCryptoMaterial.getEncryptedCEK()));
        objectMetadata.addUserMetadata(CryptoHeaders.CRYPTO_IV, BinaryUtil.toBase64String(contentCryptoMaterial.getEncryptedIV()));
        objectMetadata.addUserMetadata(CryptoHeaders.CRYPTO_CEK_ALG, contentCryptoMaterial.getContentCryptoAlgorithm());
        objectMetadata.addUserMetadata(CryptoHeaders.CRYPTO_WRAP_ALG, contentCryptoMaterial.getKeyWrapAlgorithm());
        Map<String, String> materialsDescription = contentCryptoMaterial.getMaterialsDescription();
        if (materialsDescription != null && materialsDescription.size() > 0) {
            objectMetadata.addUserMetadata(CryptoHeaders.CRYPTO_MATDESC, new JSONObject(materialsDescription).toString());
        }
        return objectMetadata;
    }

    protected ContentCryptoMaterial createContentMaterialFromMetadata(ObjectMetadata objectMetadata) {
        Map<String, String> userMetadata = objectMetadata.getUserMetadata();
        String str = userMetadata.get(CryptoHeaders.CRYPTO_KEY);
        String str2 = userMetadata.get(CryptoHeaders.CRYPTO_IV);
        if (str == null || str2 == null) {
            throw new ClientException("Content encrypted key  or encrypted iv not found.");
        }
        byte[] fromBase64String = BinaryUtil.fromBase64String(str);
        byte[] fromBase64String2 = BinaryUtil.fromBase64String(str2);
        String str3 = userMetadata.get(CryptoHeaders.CRYPTO_WRAP_ALG);
        if (str3 == null) {
            throw new ClientException("Key wrap algorithm should not be null.");
        }
        String str4 = userMetadata.get(CryptoHeaders.CRYPTO_CEK_ALG);
        Map<String, String> descFromJsonString = getDescFromJsonString(userMetadata.get(CryptoHeaders.CRYPTO_MATDESC));
        ContentCryptoMaterialRW contentCryptoMaterialRW = new ContentCryptoMaterialRW();
        contentCryptoMaterialRW.setEncryptedCEK(fromBase64String);
        contentCryptoMaterialRW.setEncryptedIV(fromBase64String2);
        contentCryptoMaterialRW.setMaterialsDescription(descFromJsonString);
        contentCryptoMaterialRW.setContentCryptoAlgorithm(str4);
        contentCryptoMaterialRW.setKeyWrapAlgorithm(str3);
        this.encryptionMaterials.decryptCEK(contentCryptoMaterialRW);
        return contentCryptoMaterialRW;
    }

    protected static Map<String, String> getDescFromJsonString(String str) {
        HashMap hashMap = new HashMap();
        if (str == null) {
            return hashMap;
        }
        try {
            JSONObject jSONObject = new JSONObject(str);
            Iterator keys = jSONObject.keys();
            while (keys.hasNext()) {
                String str2 = (String) keys.next();
                hashMap.put(str2, jSONObject.getString(str2));
            }
            return hashMap;
        } catch (JSONException e) {
            throw new ClientException("Unable to parse Json string:json", e);
        }
    }

    protected SecretKey generateCEK() {
        String keyGeneratorAlgorithm = this.contentCryptoScheme.getKeyGeneratorAlgorithm();
        int keyLengthInBits = this.contentCryptoScheme.getKeyLengthInBits();
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(keyGeneratorAlgorithm);
            keyGenerator.init(keyLengthInBits, this.cryptoConfig.getSecureRandom());
            keyGenerator.generateKey();
            for (int i = 0; i < 9; i++) {
                SecretKey generateKey = keyGenerator.generateKey();
                if (generateKey.getEncoded()[0] != 0) {
                    return generateKey;
                }
            }
            throw new ClientException("Failed to generate secret key");
        } catch (NoSuchAlgorithmException e) {
            throw new ClientException("No such algorithm:" + keyGeneratorAlgorithm + ", " + e.getMessage(), e);
        }
    }

    protected void setUserAgent(WebServiceRequest webServiceRequest, String str) {
        webServiceRequest.addHeader("User-Agent", str);
    }
}
