package com.amazonaws.encryptionsdk;

import com.amazonaws.encryptionsdk.exception.AwsCryptoException;
import com.amazonaws.encryptionsdk.exception.BadCiphertextException;
import com.amazonaws.encryptionsdk.internal.DecryptionHandler;
import com.amazonaws.encryptionsdk.internal.EncryptionHandler;
import com.amazonaws.encryptionsdk.internal.LazyMessageCryptoHandler;
import com.amazonaws.encryptionsdk.internal.MessageCryptoHandler;
import com.amazonaws.encryptionsdk.internal.ProcessingSummary;
import com.amazonaws.encryptionsdk.internal.SignaturePolicy;
import com.amazonaws.encryptionsdk.internal.Utils;
import com.amazonaws.encryptionsdk.model.EncryptionMaterials;
import com.amazonaws.encryptionsdk.model.EncryptionMaterialsRequest;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
import java.util.Map;

/* loaded from: input_file:com/amazonaws/encryptionsdk/AwsCrypto.class */
public class AwsCrypto {
    private static final Map<String, String> EMPTY_MAP = Collections.emptyMap();
    private volatile CryptoAlgorithm encryptionAlgorithm_;
    private volatile int encryptionFrameSize_;
    private final CommitmentPolicy commitmentPolicy_;
    private final int maxEncryptedDataKeys_;

    /* loaded from: input_file:com/amazonaws/encryptionsdk/AwsCrypto$Builder.class */
    public static class Builder {
        private CryptoAlgorithm encryptionAlgorithm_;
        private int encryptionFrameSize_;
        private CommitmentPolicy commitmentPolicy_;
        private int maxEncryptedDataKeys_;

        private Builder() {
            this.encryptionFrameSize_ = AwsCrypto.getDefaultFrameSize();
            this.maxEncryptedDataKeys_ = 0;
        }

        private Builder(AwsCrypto awsCrypto) {
            this.encryptionFrameSize_ = AwsCrypto.getDefaultFrameSize();
            this.maxEncryptedDataKeys_ = 0;
            this.encryptionAlgorithm_ = awsCrypto.encryptionAlgorithm_;
            this.encryptionFrameSize_ = awsCrypto.encryptionFrameSize_;
            this.commitmentPolicy_ = awsCrypto.commitmentPolicy_;
            this.maxEncryptedDataKeys_ = awsCrypto.maxEncryptedDataKeys_;
        }

        public Builder withEncryptionAlgorithm(CryptoAlgorithm cryptoAlgorithm) {
            this.encryptionAlgorithm_ = cryptoAlgorithm;
            return this;
        }

        public Builder withEncryptionFrameSize(int i) {
            this.encryptionFrameSize_ = i;
            return this;
        }

        public Builder withCommitmentPolicy(CommitmentPolicy commitmentPolicy) {
            this.commitmentPolicy_ = commitmentPolicy;
            return this;
        }

        public Builder withMaxEncryptedDataKeys(int i) {
            if (i < 1) {
                throw new IllegalArgumentException("maxEncryptedDataKeys must be positive");
            }
            this.maxEncryptedDataKeys_ = i;
            return this;
        }

        public AwsCrypto build() {
            return new AwsCrypto(this);
        }
    }

    @Deprecated
    public AwsCrypto() {
        this.encryptionAlgorithm_ = null;
        this.encryptionFrameSize_ = getDefaultFrameSize();
        this.commitmentPolicy_ = CommitmentPolicy.ForbidEncryptAllowDecrypt;
        this.maxEncryptedDataKeys_ = 0;
    }

    private AwsCrypto(Builder builder) {
        this.encryptionAlgorithm_ = null;
        this.encryptionFrameSize_ = getDefaultFrameSize();
        if (builder.commitmentPolicy_ == null) {
            throw new IllegalArgumentException("Must specify a commitment policy on the client.");
        }
        if (builder.encryptionAlgorithm_ != null && builder.encryptionAlgorithm_.getMessageFormatVersion() != 1) {
            throw new AwsCryptoException("Configuration conflict. Cannot encrypt due to CommitmentPolicy " + builder.commitmentPolicy_ + " requiring only non-committed messages. Algorithm ID was " + builder.encryptionAlgorithm_ + ". See: https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/troubleshooting-migration.html");
        }
        this.encryptionAlgorithm_ = builder.encryptionAlgorithm_;
        this.encryptionFrameSize_ = builder.encryptionFrameSize_;
        this.commitmentPolicy_ = builder.commitmentPolicy_;
        this.maxEncryptedDataKeys_ = builder.maxEncryptedDataKeys_;
    }

    public static Builder builder() {
        return new Builder();
    }

    public Builder toBuilder() {
        return new Builder();
    }

    @Deprecated
    public static CryptoAlgorithm getDefaultCryptoAlgorithm() {
        return CryptoAlgorithm.ALG_AES_256_GCM_IV12_TAG16_HKDF_SHA384_ECDSA_P384;
    }

    public static int getDefaultFrameSize() {
        return 4096;
    }

    public void setEncryptionAlgorithm(CryptoAlgorithm cryptoAlgorithm) {
        if (cryptoAlgorithm.getMessageFormatVersion() != 1) {
            throw new AwsCryptoException("Configuration conflict. Cannot encrypt due to CommitmentPolicy " + this.commitmentPolicy_ + " requiring only non-committed messages. Algorithm ID was " + cryptoAlgorithm + ". See: https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/troubleshooting-migration.html");
        }
        this.encryptionAlgorithm_ = cryptoAlgorithm;
    }

    public CryptoAlgorithm getEncryptionAlgorithm() {
        return this.encryptionAlgorithm_;
    }

    public void setEncryptionFrameSize(int i) {
        if (i < 0) {
            throw new IllegalArgumentException("frameSize must be non-negative");
        }
        this.encryptionFrameSize_ = i;
    }

    public int getEncryptionFrameSize() {
        return this.encryptionFrameSize_;
    }

    public <K extends MasterKey<K>> long estimateCiphertextSize(MasterKeyProvider<K> masterKeyProvider, int i, Map<String, String> map) {
        return estimateCiphertextSize(new DefaultCryptoMaterialsManager(masterKeyProvider), i, map);
    }

    public long estimateCiphertextSize(CryptoMaterialsManager cryptoMaterialsManager, int i, Map<String, String> map) {
        return new EncryptionHandler(getEncryptionFrameSize(), checkAlgorithm(cryptoMaterialsManager.getMaterialsForEncrypt(EncryptionMaterialsRequest.newBuilder().setContext(map).setRequestedAlgorithm(getEncryptionAlgorithm()).setPlaintextSize(0L).build()))).estimateOutputSize(i);
    }

    public <K extends MasterKey<K>> long estimateCiphertextSize(MasterKeyProvider<K> masterKeyProvider, int i) {
        return estimateCiphertextSize(masterKeyProvider, i, EMPTY_MAP);
    }

    public long estimateCiphertextSize(CryptoMaterialsManager cryptoMaterialsManager, int i) {
        return estimateCiphertextSize(cryptoMaterialsManager, i, EMPTY_MAP);
    }

    public <K extends MasterKey<K>> CryptoResult<byte[], K> encryptData(MasterKeyProvider<K> masterKeyProvider, byte[] bArr, Map<String, String> map) {
        return (CryptoResult<byte[], K>) encryptData(new DefaultCryptoMaterialsManager(masterKeyProvider), bArr, map);
    }

    public CryptoResult<byte[], ?> encryptData(CryptoMaterialsManager cryptoMaterialsManager, byte[] bArr, Map<String, String> map) {
        EncryptionHandler encryptionHandler = new EncryptionHandler(getEncryptionFrameSize(), checkMaxEncryptedDataKeys(checkAlgorithm(cryptoMaterialsManager.getMaterialsForEncrypt(EncryptionMaterialsRequest.newBuilder().setContext(map).setRequestedAlgorithm(getEncryptionAlgorithm()).setPlaintext(bArr).build()))));
        byte[] bArr2 = new byte[encryptionHandler.estimateOutputSize(bArr.length)];
        int bytesWritten = encryptionHandler.processBytes(bArr, 0, bArr.length, bArr2, 0).getBytesWritten();
        return new CryptoResult<>(Utils.truncate(bArr2, bytesWritten + encryptionHandler.doFinal(bArr2, bytesWritten)), encryptionHandler.getMasterKeys(), encryptionHandler.getHeaders());
    }

    public <K extends MasterKey<K>> CryptoResult<byte[], K> encryptData(MasterKeyProvider<K> masterKeyProvider, byte[] bArr) {
        return encryptData(masterKeyProvider, bArr, EMPTY_MAP);
    }

    public CryptoResult<byte[], ?> encryptData(CryptoMaterialsManager cryptoMaterialsManager, byte[] bArr) {
        return encryptData(cryptoMaterialsManager, bArr, EMPTY_MAP);
    }

    @Deprecated
    public <K extends MasterKey<K>> CryptoResult<String, K> encryptString(MasterKeyProvider<K> masterKeyProvider, String str, Map<String, String> map) {
        return (CryptoResult<String, K>) encryptString(new DefaultCryptoMaterialsManager(masterKeyProvider), str, map);
    }

    @Deprecated
    public CryptoResult<String, ?> encryptString(CryptoMaterialsManager cryptoMaterialsManager, String str, Map<String, String> map) {
        CryptoResult<byte[], ?> encryptData = encryptData(cryptoMaterialsManager, str.getBytes(StandardCharsets.UTF_8), map);
        return new CryptoResult<>(Utils.encodeBase64String(encryptData.getResult()), encryptData.getMasterKeys(), encryptData.getHeaders());
    }

    @Deprecated
    public <K extends MasterKey<K>> CryptoResult<String, K> encryptString(MasterKeyProvider<K> masterKeyProvider, String str) {
        return encryptString(masterKeyProvider, str, EMPTY_MAP);
    }

    @Deprecated
    public CryptoResult<String, ?> encryptString(CryptoMaterialsManager cryptoMaterialsManager, String str) {
        return encryptString(cryptoMaterialsManager, str, EMPTY_MAP);
    }

    public <K extends MasterKey<K>> CryptoResult<byte[], K> decryptData(MasterKeyProvider<K> masterKeyProvider, byte[] bArr) {
        return decryptData((MasterKeyProvider) Utils.assertNonNull(masterKeyProvider, "provider"), new ParsedCiphertext(bArr, this.maxEncryptedDataKeys_));
    }

    public CryptoResult<byte[], ?> decryptData(CryptoMaterialsManager cryptoMaterialsManager, byte[] bArr) {
        return decryptData((CryptoMaterialsManager) Utils.assertNonNull(cryptoMaterialsManager, "materialsManager"), new ParsedCiphertext(bArr, this.maxEncryptedDataKeys_));
    }

    public <K extends MasterKey<K>> CryptoResult<byte[], K> decryptData(MasterKeyProvider<K> masterKeyProvider, ParsedCiphertext parsedCiphertext) {
        Utils.assertNonNull(masterKeyProvider, "provider");
        return (CryptoResult<byte[], K>) decryptData(new DefaultCryptoMaterialsManager(masterKeyProvider), parsedCiphertext);
    }

    public CryptoResult<byte[], ?> decryptData(CryptoMaterialsManager cryptoMaterialsManager, ParsedCiphertext parsedCiphertext) {
        Utils.assertNonNull(cryptoMaterialsManager, "materialsManager");
        DecryptionHandler<?> create = DecryptionHandler.create(cryptoMaterialsManager, parsedCiphertext, this.commitmentPolicy_, SignaturePolicy.AllowEncryptAllowDecrypt, this.maxEncryptedDataKeys_);
        byte[] ciphertext = parsedCiphertext.getCiphertext();
        int length = ciphertext.length - parsedCiphertext.getOffset();
        byte[] bArr = new byte[create.estimateOutputSize(length)];
        ProcessingSummary processBytes = create.processBytes(ciphertext, parsedCiphertext.getOffset(), length, bArr, 0);
        if (processBytes.getBytesProcessed() != length) {
            throw new BadCiphertextException("Unable to process entire ciphertext. May have trailing data.");
        }
        int bytesWritten = processBytes.getBytesWritten();
        return new CryptoResult<>(Utils.truncate(bArr, bytesWritten + create.doFinal(bArr, bytesWritten)), create.getMasterKeys(), create.getHeaders());
    }

    @Deprecated
    public <K extends MasterKey<K>> CryptoResult<String, K> decryptString(MasterKeyProvider<K> masterKeyProvider, String str) {
        return (CryptoResult<String, K>) decryptString(new DefaultCryptoMaterialsManager(masterKeyProvider), str);
    }

    @Deprecated
    public CryptoResult<String, ?> decryptString(CryptoMaterialsManager cryptoMaterialsManager, String str) {
        Utils.assertNonNull(cryptoMaterialsManager, "provider");
        try {
            CryptoResult<byte[], ?> decryptData = decryptData(cryptoMaterialsManager, Utils.decodeBase64String((String) Utils.assertNonNull(str, "ciphertext")));
            return new CryptoResult<>(new String(decryptData.getResult(), StandardCharsets.UTF_8), decryptData.getMasterKeys(), decryptData.getHeaders());
        } catch (IllegalArgumentException e) {
            throw new BadCiphertextException("Invalid base 64", e);
        }
    }

    public <K extends MasterKey<K>> CryptoOutputStream<K> createEncryptingStream(MasterKeyProvider<K> masterKeyProvider, OutputStream outputStream, Map<String, String> map) {
        return (CryptoOutputStream<K>) createEncryptingStream(new DefaultCryptoMaterialsManager(masterKeyProvider), outputStream, map);
    }

    public CryptoOutputStream<?> createEncryptingStream(CryptoMaterialsManager cryptoMaterialsManager, OutputStream outputStream, Map<String, String> map) {
        return new CryptoOutputStream<>(outputStream, getEncryptingStreamHandler(cryptoMaterialsManager, map));
    }

    public <K extends MasterKey<K>> CryptoOutputStream<K> createEncryptingStream(MasterKeyProvider<K> masterKeyProvider, OutputStream outputStream) {
        return createEncryptingStream(masterKeyProvider, outputStream, EMPTY_MAP);
    }

    public CryptoOutputStream<?> createEncryptingStream(CryptoMaterialsManager cryptoMaterialsManager, OutputStream outputStream) {
        return createEncryptingStream(cryptoMaterialsManager, outputStream, EMPTY_MAP);
    }

    public <K extends MasterKey<K>> CryptoInputStream<K> createEncryptingStream(MasterKeyProvider<K> masterKeyProvider, InputStream inputStream, Map<String, String> map) {
        return (CryptoInputStream<K>) createEncryptingStream(new DefaultCryptoMaterialsManager(masterKeyProvider), inputStream, map);
    }

    public CryptoInputStream<?> createEncryptingStream(CryptoMaterialsManager cryptoMaterialsManager, InputStream inputStream, Map<String, String> map) {
        return new CryptoInputStream<>(inputStream, getEncryptingStreamHandler(cryptoMaterialsManager, map));
    }

    public <K extends MasterKey<K>> CryptoInputStream<K> createEncryptingStream(MasterKeyProvider<K> masterKeyProvider, InputStream inputStream) {
        return createEncryptingStream(masterKeyProvider, inputStream, EMPTY_MAP);
    }

    public CryptoInputStream<?> createEncryptingStream(CryptoMaterialsManager cryptoMaterialsManager, InputStream inputStream) {
        return createEncryptingStream(cryptoMaterialsManager, inputStream, EMPTY_MAP);
    }

    public <K extends MasterKey<K>> CryptoOutputStream<K> createUnsignedMessageDecryptingStream(MasterKeyProvider<K> masterKeyProvider, OutputStream outputStream) {
        return new CryptoOutputStream<>(outputStream, DecryptionHandler.create(masterKeyProvider, this.commitmentPolicy_, SignaturePolicy.AllowEncryptForbidDecrypt, this.maxEncryptedDataKeys_));
    }

    public <K extends MasterKey<K>> CryptoInputStream<K> createUnsignedMessageDecryptingStream(MasterKeyProvider<K> masterKeyProvider, InputStream inputStream) {
        return new CryptoInputStream<>(inputStream, DecryptionHandler.create(masterKeyProvider, this.commitmentPolicy_, SignaturePolicy.AllowEncryptForbidDecrypt, this.maxEncryptedDataKeys_));
    }

    public CryptoOutputStream<?> createUnsignedMessageDecryptingStream(CryptoMaterialsManager cryptoMaterialsManager, OutputStream outputStream) {
        return new CryptoOutputStream<>(outputStream, DecryptionHandler.create(cryptoMaterialsManager, this.commitmentPolicy_, SignaturePolicy.AllowEncryptForbidDecrypt, this.maxEncryptedDataKeys_));
    }

    public CryptoInputStream<?> createUnsignedMessageDecryptingStream(CryptoMaterialsManager cryptoMaterialsManager, InputStream inputStream) {
        return new CryptoInputStream<>(inputStream, DecryptionHandler.create(cryptoMaterialsManager, this.commitmentPolicy_, SignaturePolicy.AllowEncryptForbidDecrypt, this.maxEncryptedDataKeys_));
    }

    public <K extends MasterKey<K>> CryptoOutputStream<K> createDecryptingStream(MasterKeyProvider<K> masterKeyProvider, OutputStream outputStream) {
        return new CryptoOutputStream<>(outputStream, DecryptionHandler.create(masterKeyProvider, this.commitmentPolicy_, SignaturePolicy.AllowEncryptAllowDecrypt, this.maxEncryptedDataKeys_));
    }

    public <K extends MasterKey<K>> CryptoInputStream<K> createDecryptingStream(MasterKeyProvider<K> masterKeyProvider, InputStream inputStream) {
        return new CryptoInputStream<>(inputStream, DecryptionHandler.create(masterKeyProvider, this.commitmentPolicy_, SignaturePolicy.AllowEncryptAllowDecrypt, this.maxEncryptedDataKeys_));
    }

    public CryptoOutputStream<?> createDecryptingStream(CryptoMaterialsManager cryptoMaterialsManager, OutputStream outputStream) {
        return new CryptoOutputStream<>(outputStream, DecryptionHandler.create(cryptoMaterialsManager, this.commitmentPolicy_, SignaturePolicy.AllowEncryptAllowDecrypt, this.maxEncryptedDataKeys_));
    }

    public CryptoInputStream<?> createDecryptingStream(CryptoMaterialsManager cryptoMaterialsManager, InputStream inputStream) {
        return new CryptoInputStream<>(inputStream, DecryptionHandler.create(cryptoMaterialsManager, this.commitmentPolicy_, SignaturePolicy.AllowEncryptAllowDecrypt, this.maxEncryptedDataKeys_));
    }

    private MessageCryptoHandler getEncryptingStreamHandler(CryptoMaterialsManager cryptoMaterialsManager, Map<String, String> map) {
        Utils.assertNonNull(cryptoMaterialsManager, "materialsManager");
        Utils.assertNonNull(map, "encryptionContext");
        EncryptionMaterialsRequest.Builder requestedAlgorithm = EncryptionMaterialsRequest.newBuilder().setContext(map).setRequestedAlgorithm(getEncryptionAlgorithm());
        return new LazyMessageCryptoHandler(lateBoundInfo -> {
            if (lateBoundInfo.getMaxInputSize() != -1) {
                requestedAlgorithm.setPlaintextSize(lateBoundInfo.getMaxInputSize());
            }
            return new EncryptionHandler(getEncryptionFrameSize(), checkMaxEncryptedDataKeys(checkAlgorithm(cryptoMaterialsManager.getMaterialsForEncrypt(requestedAlgorithm.build()))));
        });
    }

    private EncryptionMaterials checkAlgorithm(EncryptionMaterials encryptionMaterials) {
        if (this.encryptionAlgorithm_ == null || encryptionMaterials.getAlgorithm() == this.encryptionAlgorithm_) {
            return encryptionMaterials;
        }
        throw new AwsCryptoException(String.format("Materials manager ignored requested algorithm; algorithm %s was set on AwsCrypto but %s was selected", this.encryptionAlgorithm_, encryptionMaterials.getAlgorithm()));
    }

    private EncryptionMaterials checkMaxEncryptedDataKeys(EncryptionMaterials encryptionMaterials) {
        if (this.maxEncryptedDataKeys_ <= 0 || encryptionMaterials.getEncryptedDataKeys().size() <= this.maxEncryptedDataKeys_) {
            return encryptionMaterials;
        }
        throw new AwsCryptoException("Encrypted data keys exceed maxEncryptedDataKeys");
    }
}
