package com.qcloud.cos.internal.crypto;

import com.qcloud.cos.auth.COSCredentialsProvider;
import com.qcloud.cos.exception.CosClientException;
import com.qcloud.cos.internal.COSDirect;
import com.qcloud.cos.model.COSObject;
import com.qcloud.cos.model.COSObjectId;
import com.qcloud.cos.model.COSObjectInputStream;
import com.qcloud.cos.model.EncryptedGetObjectRequest;
import com.qcloud.cos.model.GetObjectRequest;
import com.qcloud.cos.model.InitiateMultipartUploadRequest;
import com.qcloud.cos.model.ObjectMetadata;
import com.qcloud.cos.model.UploadPartRequest;
import com.qcloud.cos.utils.IOUtils;
import com.qcloud.cos.utils.Jackson;
import java.io.BufferedOutputStream;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.util.Collections;
import java.util.Map;

/* loaded from: input_file:WEB-INF/lib/cos_api-5.6.24.jar:com/qcloud/cos/internal/crypto/COSCryptoModuleAE.class */
public class COSCryptoModuleAE extends COSCryptoModuleBase {
    public COSCryptoModuleAE(COSDirect cOSDirect, COSCredentialsProvider cOSCredentialsProvider, EncryptionMaterialsProvider encryptionMaterialsProvider, CryptoConfiguration cryptoConfiguration) {
        this(null, cOSDirect, cOSCredentialsProvider, encryptionMaterialsProvider, cryptoConfiguration);
    }

    public COSCryptoModuleAE(QCLOUDKMS qcloudkms, COSDirect cOSDirect, COSCredentialsProvider cOSCredentialsProvider, EncryptionMaterialsProvider encryptionMaterialsProvider, CryptoConfiguration cryptoConfiguration) {
        super(qcloudkms, cOSDirect, cOSCredentialsProvider, encryptionMaterialsProvider, cryptoConfiguration);
    }

    protected boolean isStrict() {
        return false;
    }

    @Override // com.qcloud.cos.internal.crypto.COSCryptoModule
    public COSObject getObjectSecurely(GetObjectRequest getObjectRequest) {
        COSObject decipherWithInstFileSuffix;
        long[] range = getObjectRequest.getRange();
        if (isStrict() && range != null) {
            throw new SecurityException("Range get and getting a part are not allowed in strict crypto mode");
        }
        long[] adjustedCryptoRange = getAdjustedCryptoRange(range);
        if (adjustedCryptoRange != null) {
            getObjectRequest.setRange(adjustedCryptoRange[0], adjustedCryptoRange[1]);
        }
        COSObject object = this.cos.getObject(getObjectRequest);
        if (object == null) {
            return null;
        }
        String str = null;
        if (getObjectRequest instanceof EncryptedGetObjectRequest) {
            str = ((EncryptedGetObjectRequest) getObjectRequest).getInstructionFileSuffix();
        }
        if (str != null) {
            try {
                if (!str.trim().isEmpty()) {
                    decipherWithInstFileSuffix = decipherWithInstFileSuffix(getObjectRequest, range, adjustedCryptoRange, object, str);
                    return decipherWithInstFileSuffix;
                }
            } catch (Error e) {
                IOUtils.closeQuietly(object, this.log);
                throw e;
            } catch (RuntimeException e2) {
                IOUtils.closeQuietly(object, this.log);
                throw e2;
            }
        }
        decipherWithInstFileSuffix = decipher(getObjectRequest, range, adjustedCryptoRange, object);
        return decipherWithInstFileSuffix;
    }

    private COSObject decipher(GetObjectRequest getObjectRequest, long[] jArr, long[] jArr2, COSObject cOSObject) {
        COSObjectWrapper cOSObjectWrapper = new COSObjectWrapper(cOSObject, getObjectRequest.getCOSObjectId());
        if (cOSObjectWrapper.hasEncryptionInfo()) {
            return decipherWithMetadata(getObjectRequest, jArr, jArr2, cOSObjectWrapper);
        }
        COSObjectWrapper fetchInstructionFile = fetchInstructionFile(getObjectRequest.getCOSObjectId(), null);
        if (fetchInstructionFile != null) {
            try {
                COSObject decipherWithInstructionFile = decipherWithInstructionFile(getObjectRequest, jArr, jArr2, cOSObjectWrapper, fetchInstructionFile);
                IOUtils.closeQuietly(fetchInstructionFile, this.log);
                return decipherWithInstructionFile;
            } catch (Throwable th) {
                IOUtils.closeQuietly(fetchInstructionFile, this.log);
                throw th;
            }
        }
        if (isStrict() || !this.cryptoConfig.isIgnoreMissingInstructionFile()) {
            IOUtils.closeQuietly(cOSObjectWrapper, this.log);
            throw new SecurityException("Instruction file not found for COS object with bucket name: " + cOSObject.getBucketName() + ", key: " + cOSObject.getKey());
        }
        this.log.warn(String.format("Unable to detect encryption information for object '%s' in bucket '%s'. Returning object without decryption.", cOSObject.getKey(), cOSObject.getBucketName()));
        return adjustToDesiredRange(cOSObjectWrapper, jArr, null).getCOSObject();
    }

    private COSObject decipherWithInstFileSuffix(GetObjectRequest getObjectRequest, long[] jArr, long[] jArr2, COSObject cOSObject, String str) {
        COSObjectId cOSObjectId = getObjectRequest.getCOSObjectId();
        COSObjectWrapper fetchInstructionFile = fetchInstructionFile(cOSObjectId, str);
        if (fetchInstructionFile == null) {
            throw new CosClientException("Instruction file with suffix " + str + " is not found for " + cOSObject);
        }
        try {
            COSObject decipherWithInstructionFile = decipherWithInstructionFile(getObjectRequest, jArr, jArr2, new COSObjectWrapper(cOSObject, cOSObjectId), fetchInstructionFile);
            IOUtils.closeQuietly(fetchInstructionFile, this.log);
            return decipherWithInstructionFile;
        } catch (Throwable th) {
            IOUtils.closeQuietly(fetchInstructionFile, this.log);
            throw th;
        }
    }

    private COSObject decipherWithInstructionFile(GetObjectRequest getObjectRequest, long[] jArr, long[] jArr2, COSObjectWrapper cOSObjectWrapper, COSObjectWrapper cOSObjectWrapper2) {
        boolean isStrict = isStrict();
        if (getObjectRequest instanceof EncryptedGetObjectRequest) {
            EncryptedGetObjectRequest encryptedGetObjectRequest = (EncryptedGetObjectRequest) getObjectRequest;
            if (!isStrict) {
                isStrict = encryptedGetObjectRequest.isKeyWrapExpected();
            }
        }
        Map<String, String> unmodifiableMap = Collections.unmodifiableMap((Map) Jackson.fromJsonString(cOSObjectWrapper2.toJsonString(), Map.class));
        ContentCryptoMaterial fromInstructionFile = ContentCryptoMaterial.fromInstructionFile(unmodifiableMap, this.kekMaterialsProvider, this.cryptoConfig.getCryptoProvider(), jArr2, isStrict, this.kms);
        securityCheck(fromInstructionFile, cOSObjectWrapper);
        return adjustToDesiredRange(decrypt(cOSObjectWrapper, fromInstructionFile, jArr2), jArr, unmodifiableMap).getCOSObject();
    }

    private COSObject decipherWithMetadata(GetObjectRequest getObjectRequest, long[] jArr, long[] jArr2, COSObjectWrapper cOSObjectWrapper) {
        boolean isStrict = isStrict();
        if (getObjectRequest instanceof EncryptedGetObjectRequest) {
            EncryptedGetObjectRequest encryptedGetObjectRequest = (EncryptedGetObjectRequest) getObjectRequest;
            if (!isStrict) {
                isStrict = encryptedGetObjectRequest.isKeyWrapExpected();
            }
        }
        ContentCryptoMaterial fromObjectMetadata = ContentCryptoMaterial.fromObjectMetadata(cOSObjectWrapper.getObjectMetadata(), this.kekMaterialsProvider, this.cryptoConfig.getCryptoProvider(), jArr2, isStrict, this.kms);
        securityCheck(fromObjectMetadata, cOSObjectWrapper);
        return adjustToDesiredRange(decrypt(cOSObjectWrapper, fromObjectMetadata, jArr2), jArr, null).getCOSObject();
    }

    protected final COSObjectWrapper adjustToDesiredRange(COSObjectWrapper cOSObjectWrapper, long[] jArr, Map<String, String> map) {
        if (jArr == null) {
            return cOSObjectWrapper;
        }
        long instanceLength = (cOSObjectWrapper.getObjectMetadata().getInstanceLength() - (cOSObjectWrapper.encryptionSchemeOf(map).getTagLengthInBits() / 8)) - 1;
        if (jArr[1] > instanceLength) {
            jArr[1] = instanceLength;
            if (jArr[0] > jArr[1]) {
                IOUtils.closeQuietly(cOSObjectWrapper.getObjectContent(), this.log);
                cOSObjectWrapper.setObjectContent(new ByteArrayInputStream(new byte[0]));
                return cOSObjectWrapper;
            }
        }
        if (jArr[0] > jArr[1]) {
            return cOSObjectWrapper;
        }
        try {
            COSObjectInputStream objectContent = cOSObjectWrapper.getObjectContent();
            cOSObjectWrapper.setObjectContent(new COSObjectInputStream(new AdjustedRangeInputStream(objectContent, jArr[0], jArr[1]), objectContent.getHttpRequest()));
            return cOSObjectWrapper;
        } catch (IOException e) {
            throw new CosClientException("Error adjusting output to desired byte range: " + e.getMessage());
        }
    }

    @Override // com.qcloud.cos.internal.crypto.COSCryptoModule
    public ObjectMetadata getObjectSecurely(GetObjectRequest getObjectRequest, File file) {
        assertParameterNotNull(file, "The destination file parameter must be specified when downloading an object directly to a file");
        COSObject objectSecurely = getObjectSecurely(getObjectRequest);
        if (objectSecurely == null) {
            return null;
        }
        BufferedOutputStream bufferedOutputStream = null;
        try {
            try {
                bufferedOutputStream = new BufferedOutputStream(new FileOutputStream(file));
                byte[] bArr = new byte[10240];
                while (true) {
                    int read = objectSecurely.getObjectContent().read(bArr);
                    if (read <= -1) {
                        IOUtils.closeQuietly(bufferedOutputStream, this.log);
                        IOUtils.closeQuietly(objectSecurely.getObjectContent(), this.log);
                        return objectSecurely.getObjectMetadata();
                    }
                    bufferedOutputStream.write(bArr, 0, read);
                }
            } catch (IOException e) {
                throw new CosClientException("Unable to store object contents to disk: " + e.getMessage(), e);
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly(bufferedOutputStream, this.log);
            IOUtils.closeQuietly(objectSecurely.getObjectContent(), this.log);
            throw th;
        }
    }

    @Override // com.qcloud.cos.internal.crypto.COSCryptoModuleBase
    final MultipartUploadCryptoContext newUploadContext(InitiateMultipartUploadRequest initiateMultipartUploadRequest, ContentCryptoMaterial contentCryptoMaterial) {
        return new MultipartUploadCryptoContext(initiateMultipartUploadRequest.getBucketName(), initiateMultipartUploadRequest.getKey(), contentCryptoMaterial);
    }

    @Override // com.qcloud.cos.internal.crypto.COSCryptoModuleBase
    final CipherLite cipherLiteForNextPart(MultipartUploadCryptoContext multipartUploadCryptoContext) {
        return multipartUploadCryptoContext.getCipherLite();
    }

    @Override // com.qcloud.cos.internal.crypto.COSCryptoModuleBase
    final long computeLastPartSize(UploadPartRequest uploadPartRequest) {
        return uploadPartRequest.getPartSize() + (this.contentCryptoScheme.getTagLengthInBits() / 8);
    }

    private COSObjectWrapper decrypt(COSObjectWrapper cOSObjectWrapper, ContentCryptoMaterial contentCryptoMaterial, long[] jArr) {
        COSObjectInputStream objectContent = cOSObjectWrapper.getObjectContent();
        cOSObjectWrapper.setObjectContent(new COSObjectInputStream(new CipherLiteInputStream(objectContent, contentCryptoMaterial.getCipherLite(), 2048), objectContent.getHttpRequest()));
        return cOSObjectWrapper;
    }

    private void assertParameterNotNull(Object obj, String str) {
        if (obj == null) {
            throw new IllegalArgumentException(str);
        }
    }

    @Override // com.qcloud.cos.internal.crypto.COSCryptoModuleBase
    protected final long ciphertextLength(long j) {
        return j + (this.contentCryptoScheme.getTagLengthInBits() / 8);
    }

    static {
        CryptoRuntime.enableBouncyCastle();
    }
}
