package com.joyent.manta.http;

import com.joyent.manta.client.MantaMetadata;
import com.joyent.manta.client.MantaObjectInputStream;
import com.joyent.manta.client.MantaObjectResponse;
import com.joyent.manta.client.crypto.ByteRangeConversion;
import com.joyent.manta.client.crypto.EncryptedMetadataUtils;
import com.joyent.manta.client.crypto.EncryptingEntity;
import com.joyent.manta.client.crypto.EncryptionType;
import com.joyent.manta.client.crypto.MantaEncryptedObjectInputStream;
import com.joyent.manta.client.crypto.SecretKeyUtils;
import com.joyent.manta.client.crypto.SupportedCipherDetails;
import com.joyent.manta.client.crypto.SupportedCiphersLookupMap;
import com.joyent.manta.client.crypto.SupportedHmacsLookupMap;
import com.joyent.manta.config.ConfigContext;
import com.joyent.manta.config.DefaultsConfigContext;
import com.joyent.manta.config.EncryptionAuthenticationMode;
import com.joyent.manta.exception.MantaClientEncryptionException;
import com.joyent.manta.exception.MantaIOException;
import com.joyent.manta.http.entity.NoContentEntity;
import java.io.IOException;
import java.io.UncheckedIOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collections;
import java.util.Map;
import java.util.function.Supplier;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.SecretKey;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.ObjectUtils;
import org.apache.commons.lang3.Validate;
import org.apache.commons.lang3.exception.ContextedRuntimeException;
import org.apache.commons.lang3.exception.ExceptionContext;
import org.apache.http.Header;
import org.apache.http.HttpEntity;
import org.apache.http.HttpRequest;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpHead;
import org.apache.http.client.methods.HttpPut;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.message.BasicNameValuePair;
import org.bouncycastle.crypto.macs.HMac;
import org.bouncycastle.crypto.params.KeyParameter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/joyent/manta/http/EncryptionHttpHelper.class */
public class EncryptionHttpHelper extends StandardHttpHelper {
    private static final Logger LOGGER = LoggerFactory.getLogger(EncryptionHttpHelper.class);
    private static final int MAX_METADATA_CIPHERTEXT_BASE64_SIZE = 4000;
    private final String encryptionKeyId;
    private final boolean permitUnencryptedDownloads;
    private final EncryptionAuthenticationMode encryptionAuthenticationMode;
    private final SecretKey secretKey;
    private final SupportedCipherDetails cipherDetails;

    @Deprecated
    public EncryptionHttpHelper(MantaConnectionContext mantaConnectionContext, MantaConnectionFactory mantaConnectionFactory, ConfigContext configContext) {
        this(mantaConnectionContext, configContext);
    }

    EncryptionHttpHelper(MantaConnectionContext mantaConnectionContext, ConfigContext configContext) {
        this(mantaConnectionContext, new MantaHttpRequestFactory(configContext.getMantaURL()), configContext);
    }

    public EncryptionHttpHelper(MantaConnectionContext mantaConnectionContext, MantaHttpRequestFactory mantaHttpRequestFactory, ConfigContext configContext) {
        super(mantaConnectionContext, mantaHttpRequestFactory, configContext);
        this.encryptionKeyId = (String) ObjectUtils.firstNonNull(new String[]{configContext.getEncryptionKeyId(), "unknown-key"});
        this.permitUnencryptedDownloads = ((Boolean) ObjectUtils.firstNonNull(new Boolean[]{configContext.permitUnencryptedDownloads(), false})).booleanValue();
        this.encryptionAuthenticationMode = (EncryptionAuthenticationMode) ObjectUtils.firstNonNull(new EncryptionAuthenticationMode[]{configContext.getEncryptionAuthenticationMode(), EncryptionAuthenticationMode.DEFAULT_MODE});
        this.cipherDetails = (SupportedCipherDetails) ObjectUtils.firstNonNull(new SupportedCipherDetails[]{SupportedCiphersLookupMap.INSTANCE.getWithCaseInsensitiveKey(configContext.getEncryptionAlgorithm()), DefaultsConfigContext.DEFAULT_CIPHER});
        if (configContext.getEncryptionPrivateKeyPath() == null) {
            if (configContext.getEncryptionPrivateKeyBytes() == null) {
                throw new MantaClientEncryptionException("Either private encryption key path or bytes must be specified");
            }
            this.secretKey = SecretKeyUtils.loadKey(configContext.getEncryptionPrivateKeyBytes(), this.cipherDetails);
        } else {
            Path path = Paths.get(configContext.getEncryptionPrivateKeyPath(), new String[0]);
            try {
                this.secretKey = SecretKeyUtils.loadKeyFromPath(path, this.cipherDetails);
            } catch (IOException e) {
                throw new UncheckedIOException(String.format("Unable to load secret key from file: %s", path), e);
            }
        }
    }

    @Override // com.joyent.manta.http.StandardHttpHelper, com.joyent.manta.http.HttpHelper
    public HttpResponse httpHead(String str) throws IOException {
        HttpResponse httpHead = super.httpHead(str);
        attachMetadata(httpHead);
        return httpHead;
    }

    @Override // com.joyent.manta.http.StandardHttpHelper, com.joyent.manta.http.HttpHelper
    public HttpResponse httpGet(String str) throws IOException {
        HttpResponse httpGet = super.httpGet(str);
        attachMetadata(httpGet);
        return httpGet;
    }

    @Override // com.joyent.manta.http.StandardHttpHelper, com.joyent.manta.http.HttpHelper
    public MantaObjectResponse httpPut(String str, MantaHttpHeaders mantaHttpHeaders, HttpEntity httpEntity, MantaMetadata mantaMetadata) throws IOException {
        MantaHttpHeaders mantaHttpHeaders2 = mantaHttpHeaders == null ? new MantaHttpHeaders() : mantaHttpHeaders;
        EncryptingEntity encryptingEntity = new EncryptingEntity(this.secretKey, this.cipherDetails, httpEntity);
        MantaMetadata mantaMetadata2 = mantaMetadata != null ? mantaMetadata : new MantaMetadata();
        String findOriginalContentType = findOriginalContentType(httpEntity, mantaHttpHeaders2);
        if (findOriginalContentType != null && !mantaMetadata2.containsKey(MantaHttpHeaders.ENCRYPTED_CONTENT_TYPE)) {
            mantaMetadata2.put(MantaHttpHeaders.ENCRYPTED_CONTENT_TYPE, findOriginalContentType);
        }
        attachEncryptionCipherHeaders(mantaMetadata2);
        attachEncryptedEntityHeaders(mantaMetadata2, encryptingEntity.getCipher());
        attachEncryptionPlaintextLengthHeader(mantaMetadata2, encryptingEntity);
        attachEncryptedMetadata(mantaMetadata2);
        MantaObjectResponse httpPut = super.httpPut(str, mantaHttpHeaders2, encryptingEntity, mantaMetadata2);
        httpPut.setContentType(findOriginalContentType);
        if (httpEntity.getContentLength() < 0 && this.cipherDetails.plaintextSizeCalculationIsAnEstimate()) {
            appendPlaintextContentLength(str, encryptingEntity, mantaMetadata2, httpPut);
        }
        return httpPut;
    }

    @Override // com.joyent.manta.http.StandardHttpHelper, com.joyent.manta.http.HttpHelper
    public MantaObjectInputStream httpRequestAsInputStream(HttpUriRequest httpUriRequest, MantaHttpHeaders mantaHttpHeaders) throws IOException {
        Long l;
        Long l2;
        Long l3;
        Long l4;
        boolean z = (mantaHttpHeaders == null || mantaHttpHeaders.getRange() == null) ? false : true;
        if (z && this.encryptionAuthenticationMode.equals(EncryptionAuthenticationMode.Mandatory)) {
            ContextedRuntimeException mantaClientEncryptionException = new MantaClientEncryptionException("HTTP range requests (random reads) aren't supported when using client-side encryption in mandatory authentication mode.");
            HttpHelper.annotateContextedException(mantaClientEncryptionException, httpUriRequest, null);
            throw mantaClientEncryptionException;
        }
        if (z) {
            PlaintextByteRangePosition calculateSkipBytesAndPlaintextLength = calculateSkipBytesAndPlaintextLength(httpUriRequest, mantaHttpHeaders);
            l = Long.valueOf(calculateSkipBytesAndPlaintextLength.getInitialPlaintextSkipBytes());
            l2 = Long.valueOf(calculateSkipBytesAndPlaintextLength.getPlaintextRangeLength());
            l3 = Long.valueOf(calculateSkipBytesAndPlaintextLength.getPlaintextStart());
            l4 = Long.valueOf(calculateSkipBytesAndPlaintextLength.getPlaintextEnd());
        } else {
            l = null;
            l2 = null;
            l3 = null;
            l4 = null;
        }
        MantaObjectInputStream httpRequestAsInputStream = super.httpRequestAsInputStream(httpUriRequest, mantaHttpHeaders);
        HttpResponse httpResponse = (HttpResponse) httpRequestAsInputStream.getHttpResponse();
        String headerAsString = httpRequestAsInputStream.getHeaderAsString(MantaHttpHeaders.ENCRYPTION_CIPHER);
        if (headerAsString == null) {
            if (this.permitUnencryptedDownloads) {
                return httpRequestAsInputStream;
            }
            ContextedRuntimeException mantaClientEncryptionException2 = new MantaClientEncryptionException("Unable to download a unencrypted file when client-side encryption is enabled unless the permit unencrypted downloads configuration setting is enabled");
            HttpHelper.annotateContextedException(mantaClientEncryptionException2, httpUriRequest, httpResponse);
            throw mantaClientEncryptionException2;
        }
        enforceCipherAndMode(headerAsString, httpUriRequest, httpResponse);
        String headerAsString2 = httpRequestAsInputStream.getHeaderAsString(MantaHttpHeaders.ENCRYPTION_TYPE);
        String headerAsString3 = httpRequestAsInputStream.getHeaderAsString(MantaHttpHeaders.ENCRYPTION_METADATA_IV);
        String headerAsString4 = httpRequestAsInputStream.getHeaderAsString(MantaHttpHeaders.ENCRYPTION_METADATA);
        String headerAsString5 = httpRequestAsInputStream.getHeaderAsString(MantaHttpHeaders.ENCRYPTION_HMAC_TYPE);
        String headerAsString6 = httpRequestAsInputStream.getHeaderAsString(MantaHttpHeaders.ENCRYPTION_METADATA_HMAC);
        if (headerAsString4 != null) {
            httpRequestAsInputStream.getMetadata().putAll(buildEncryptedMetadata(headerAsString2, headerAsString3, headerAsString4, headerAsString5, headerAsString6, httpUriRequest, httpResponse));
        }
        if (!z) {
            return new MantaEncryptedObjectInputStream(httpRequestAsInputStream, this.cipherDetails, this.secretKey, true);
        }
        boolean z2 = l4.longValue() >= this.cipherDetails.getMaximumPlaintextSizeInBytes() || l4.longValue() < 0;
        String headerAsString7 = httpRequestAsInputStream.getHeaderAsString(MantaHttpHeaders.ENCRYPTION_PLAINTEXT_CONTENT_LENGTH);
        if (headerAsString7 != null && headerAsString7.length() > 0) {
            Long valueOf = Long.valueOf(Long.parseLong(headerAsString7));
            if (l2.longValue() == 0 || l2.longValue() >= valueOf.longValue()) {
                l2 = Long.valueOf(valueOf.longValue() - l3.longValue());
            }
            if (l3.longValue() <= 0 || l4.longValue() < valueOf.longValue()) {
                z2 = l4.longValue() < 0;
            } else {
                l2 = Long.valueOf(valueOf.longValue() - l3.longValue());
                z2 = false;
            }
        }
        return new MantaEncryptedObjectInputStream(httpRequestAsInputStream, this.cipherDetails, this.secretKey, false, l, l2, z2);
    }

    private PlaintextByteRangePosition calculateSkipBytesAndPlaintextLength(HttpUriRequest httpUriRequest, MantaHttpHeaders mantaHttpHeaders) throws IOException {
        long ciphertextStartPositionInclusive;
        Long valueOf;
        long ciphertextEndPositionInclusive;
        Long l = 0L;
        long[] byteRangeAsNullSafe = byteRangeAsNullSafe(mantaHttpHeaders.getByteRange(), this.cipherDetails);
        long j = byteRangeAsNullSafe[0];
        long j2 = byteRangeAsNullSafe[1];
        boolean z = j2 < 0;
        if (j == 0 && z) {
            String path = httpUriRequest.getURI().getPath();
            HttpHead head = getRequestFactory().head(path);
            MantaHttpRequestFactory.addHeaders(head, httpUriRequest.getAllHeaders());
            head.removeHeaders("Range");
            MantaObjectResponse mantaObjectResponse = new MantaObjectResponse(path, new MantaHttpHeaders(super.executeAndCloseRequest(head, "HEAD   {} response [{}] {} ", new Object[0]).getAllHeaders()));
            httpUriRequest.setHeader("If-Match", mantaObjectResponse.getEtag());
            httpUriRequest.setHeader("If-Unmodified-Since", mantaObjectResponse.getHeaderAsString("Last-Modified"));
            Long contentLength = mantaObjectResponse.getContentLength();
            Validate.notNull(contentLength, "Manta should always return a content-size", new Object[0]);
            long attemptToFindPlaintextSize = HttpHelper.attemptToFindPlaintextSize(mantaObjectResponse, contentLength.longValue(), this.cipherDetails);
            valueOf = Long.valueOf(j2 + attemptToFindPlaintextSize);
            ciphertextStartPositionInclusive = this.cipherDetails.translateByteRange(valueOf.longValue(), attemptToFindPlaintextSize - 1).getCiphertextStartPositionInclusive();
            ciphertextEndPositionInclusive = contentLength.longValue();
        } else {
            long j3 = j2;
            if (j2 == this.cipherDetails.getMaximumPlaintextSizeInBytes()) {
                j3--;
            }
            ByteRangeConversion translateByteRange = this.cipherDetails.translateByteRange(j, j3);
            ciphertextStartPositionInclusive = translateByteRange.getCiphertextStartPositionInclusive();
            valueOf = Long.valueOf(translateByteRange.getPlaintextBytesToSkipInitially() + translateByteRange.getCiphertextStartPositionInclusive());
            ciphertextEndPositionInclusive = translateByteRange.getCiphertextEndPositionInclusive() > 0 ? translateByteRange.getCiphertextEndPositionInclusive() : 0L;
            l = Long.valueOf((j3 - j) + 1);
        }
        if (ciphertextEndPositionInclusive == 0) {
            mantaHttpHeaders.setRange(String.format("bytes=%d-", Long.valueOf(ciphertextStartPositionInclusive)));
        } else {
            mantaHttpHeaders.setRange(String.format("bytes=%d-%d", Long.valueOf(ciphertextStartPositionInclusive), Long.valueOf(ciphertextEndPositionInclusive)));
        }
        if (j2 >= this.cipherDetails.getMaximumPlaintextSizeInBytes()) {
            l = 0L;
        }
        return new PlaintextByteRangePosition().setInitialPlaintextSkipBytes(valueOf.longValue()).setPlaintextRangeLength(l.longValue()).setPlaintextStart(j).setPlaintextEnd(j2);
    }

    @Override // com.joyent.manta.http.StandardHttpHelper, com.joyent.manta.http.HttpHelper
    public MantaObjectResponse httpPutMetadata(String str, MantaHttpHeaders mantaHttpHeaders, MantaMetadata mantaMetadata) throws IOException {
        HttpResponse httpHead = httpHead(str);
        boolean z = httpHead.getFirstHeader(MantaHttpHeaders.ENCRYPTION_CIPHER) != null;
        Header firstHeader = httpHead.getFirstHeader("Content-Type");
        if (firstHeader == null) {
            MantaIOException mantaIOException = new MantaIOException("Content-Type value expected from Manta unavailable");
            HttpHelper.annotateContextedException(mantaIOException, null, httpHead);
            throw mantaIOException;
        }
        boolean equals = firstHeader.getValue().equals(MantaObjectResponse.DIRECTORY_RESPONSE_CONTENT_TYPE);
        if (!z || equals) {
            return super.httpPutMetadata(str, mantaHttpHeaders, mantaMetadata);
        }
        if (httpHead.getFirstHeader(MantaHttpHeaders.ENCRYPTION_CIPHER) == null) {
            return super.httpPutMetadata(str, mantaHttpHeaders, mantaMetadata);
        }
        Header firstHeader2 = httpHead.getFirstHeader("ETag");
        if (firstHeader2 == null) {
            MantaIOException mantaIOException2 = new MantaIOException("ETag value expected from Manta unavailable");
            HttpHelper.annotateContextedException(mantaIOException2, null, httpHead);
            throw mantaIOException2;
        }
        Header firstHeader3 = httpHead.getFirstHeader("Last-Modified");
        if (firstHeader3 == null) {
            MantaIOException mantaIOException3 = new MantaIOException("Last-Modified value expected from Manta unavailable");
            HttpHelper.annotateContextedException(mantaIOException3, null, httpHead);
            throw mantaIOException3;
        }
        Header firstHeader4 = httpHead.getFirstHeader(MantaHttpHeaders.ENCRYPTED_CONTENT_TYPE);
        if (firstHeader4 != null) {
            mantaMetadata.putIfAbsent(MantaHttpHeaders.ENCRYPTED_CONTENT_TYPE, firstHeader4.getValue());
        }
        for (String str2 : MantaHttpHeaders.ENCRYPTED_ENTITY_HEADERS) {
            Header firstHeader5 = httpHead.getFirstHeader(str2);
            if (firstHeader5 != null) {
                mantaMetadata.putIfAbsent(str2, firstHeader5.getValue());
            }
        }
        mantaHttpHeaders.put("If-Match", (Object) firstHeader2.getValue());
        mantaHttpHeaders.put("If-Unmodified-Since", (Object) firstHeader3.getValue());
        attachEncryptionCipherHeaders(mantaMetadata);
        attachEncryptedMetadata(mantaMetadata);
        return super.httpPutMetadata(str, mantaHttpHeaders, mantaMetadata);
    }

    private void attachMetadata(HttpResponse httpResponse) {
        Map<String, String> extractEncryptionHeadersFromResponse;
        Header firstHeader = httpResponse.getFirstHeader("Content-Type");
        String value = firstHeader == null ? null : firstHeader.getValue();
        if ((value == null || !value.equals(MantaObjectResponse.DIRECTORY_RESPONSE_CONTENT_TYPE)) && (extractEncryptionHeadersFromResponse = extractEncryptionHeadersFromResponse(httpResponse)) != null) {
            for (Map.Entry<String, String> entry : extractEncryptionHeadersFromResponse.entrySet()) {
                httpResponse.setHeader(entry.getKey(), entry.getValue());
            }
            String str = extractEncryptionHeadersFromResponse.get(MantaHttpHeaders.ENCRYPTED_CONTENT_TYPE);
            if (str != null) {
                if (LOGGER.isDebugEnabled()) {
                    LOGGER.debug("Encrypted content-type [{}] overwriting returned content-type [{}]", str, httpResponse.getFirstHeader("Content-Type"));
                }
                httpResponse.setHeader("Content-Type", str);
            }
        }
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Code restructure failed: missing block: B:27:0x00ef, code lost:
    
        switch(r23) {
            case 0: goto L30;
            case 1: goto L31;
            case 2: goto L32;
            case 3: goto L33;
            case 4: goto L34;
            case 5: goto L35;
            default: goto L48;
        };
     */
    /* JADX WARN: Code restructure failed: missing block: B:28:0x0114, code lost:
    
        r12 = r0.getValue();
     */
    /* JADX WARN: Code restructure failed: missing block: B:31:0x011f, code lost:
    
        r13 = r0.getValue();
     */
    /* JADX WARN: Code restructure failed: missing block: B:33:0x012b, code lost:
    
        r11 = r0.getValue();
     */
    /* JADX WARN: Code restructure failed: missing block: B:35:0x0136, code lost:
    
        r14 = r0.getValue();
     */
    /* JADX WARN: Code restructure failed: missing block: B:37:0x0142, code lost:
    
        r15 = r0.getValue();
     */
    /* JADX WARN: Code restructure failed: missing block: B:39:0x014e, code lost:
    
        r16 = r0.getValue();
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private java.util.Map<java.lang.String, java.lang.String> extractEncryptionHeadersFromResponse(org.apache.http.HttpResponse r10) {
        /*
            Method dump skipped, instructions count: 388
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.joyent.manta.http.EncryptionHttpHelper.extractEncryptionHeadersFromResponse(org.apache.http.HttpResponse):java.util.Map");
    }

    private Map<String, String> buildEncryptedMetadata(String str, String str2, String str3, String str4, String str5, HttpRequest httpRequest, HttpResponse httpResponse) {
        try {
            EncryptionType.validateEncryptionTypeIsSupported(str);
            Cipher buildMetadataDecryptCipher = buildMetadataDecryptCipher(Base64.getDecoder().decode(str2));
            if (str3 == null) {
                ContextedRuntimeException mantaClientEncryptionException = new MantaClientEncryptionException("No encrypted metadata stored on object");
                HttpHelper.annotateContextedException(mantaClientEncryptionException, httpRequest, httpResponse);
                throw mantaClientEncryptionException;
            }
            byte[] decode = Base64.getDecoder().decode(str3);
            if (!this.cipherDetails.isAEADCipher()) {
                if (str4 == null) {
                    ContextedRuntimeException mantaClientEncryptionException2 = new MantaClientEncryptionException("No HMAC algorithm specified for metadata ciphertext authentication");
                    HttpHelper.annotateContextedException(mantaClientEncryptionException2, httpRequest, httpResponse);
                    throw mantaClientEncryptionException2;
                }
                Supplier<HMac> supplier = SupportedHmacsLookupMap.INSTANCE.get(str4);
                if (supplier == null) {
                    ContextedRuntimeException mantaClientEncryptionException3 = new MantaClientEncryptionException(String.format("Unsupported HMAC specified: %s", str4));
                    HttpHelper.annotateContextedException(mantaClientEncryptionException3, httpRequest, httpResponse);
                    throw mantaClientEncryptionException3;
                }
                HMac hMac = supplier.get();
                initHmac(this.secretKey, hMac);
                hMac.update(decode, 0, decode.length);
                byte[] bArr = new byte[hMac.getMacSize()];
                hMac.doFinal(bArr, 0);
                if (str5 == null) {
                    ContextedRuntimeException mantaClientEncryptionException4 = new MantaClientEncryptionException("No metadata HMAC is available to authenticate metadata ciphertext");
                    HttpHelper.annotateContextedException(mantaClientEncryptionException4, httpRequest, httpResponse);
                    throw mantaClientEncryptionException4;
                }
                byte[] decode2 = Base64.getDecoder().decode(str5);
                if (!Arrays.equals(decode2, bArr)) {
                    ExceptionContext mantaClientEncryptionException5 = new MantaClientEncryptionException("The expected HMAC value for metadata ciphertext didn't equal the actual value");
                    HttpHelper.annotateContextedException(mantaClientEncryptionException5, httpRequest, null);
                    mantaClientEncryptionException5.setContextValue("expected", Hex.encodeHexString(decode2));
                    mantaClientEncryptionException5.setContextValue("actual", Hex.encodeHexString(bArr));
                    throw mantaClientEncryptionException5;
                }
            }
            return EncryptedMetadataUtils.plaintextMetadataAsMap(decryptMetadata(decode, buildMetadataDecryptCipher));
        } catch (MantaClientEncryptionException e) {
            HttpHelper.annotateContextedException(e, httpRequest, httpResponse);
            throw e;
        }
    }

    public void attachEncryptionCipherHeaders(MantaMetadata mantaMetadata) {
        mantaMetadata.put(MantaHttpHeaders.ENCRYPTION_KEY_ID, this.encryptionKeyId);
        LOGGER.debug("Secret key id: {}", this.encryptionKeyId);
        mantaMetadata.put(MantaHttpHeaders.ENCRYPTION_TYPE, EncryptionType.CLIENT.toString());
        LOGGER.debug("Encryption type: {}", EncryptionType.CLIENT);
        mantaMetadata.put(MantaHttpHeaders.ENCRYPTION_CIPHER, this.cipherDetails.getCipherId());
        LOGGER.debug("Encryption cipher: {}", this.cipherDetails.getCipherId());
    }

    public void attachEncryptedEntityHeaders(MantaMetadata mantaMetadata, Cipher cipher) throws IOException {
        Validate.notNull(mantaMetadata, "Metadata object must not be null", new Object[0]);
        Validate.notNull(cipher, "Cipher object must not be null", new Object[0]);
        byte[] iv = cipher.getIV();
        Validate.notNull(iv, "Cipher IV must not be null", new Object[0]);
        mantaMetadata.put(MantaHttpHeaders.ENCRYPTION_IV, Base64.getEncoder().encodeToString(iv));
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("IV: {}", Hex.encodeHexString(cipher.getIV()));
        }
        if (this.cipherDetails.isAEADCipher()) {
            mantaMetadata.put(MantaHttpHeaders.ENCRYPTION_AEAD_TAG_LENGTH, String.valueOf(this.cipherDetails.getAuthenticationTagOrHmacLengthInBytes()));
            LOGGER.debug("AEAD tag length: {}", Integer.valueOf(this.cipherDetails.getAuthenticationTagOrHmacLengthInBytes()));
        } else {
            String hmacNameFromInstance = SupportedHmacsLookupMap.hmacNameFromInstance(this.cipherDetails.getAuthenticationHmac());
            mantaMetadata.put(MantaHttpHeaders.ENCRYPTION_HMAC_TYPE, hmacNameFromInstance);
            LOGGER.debug("HMAC algorithm: {}", hmacNameFromInstance);
        }
    }

    public void attachEncryptionPlaintextLengthHeader(MantaMetadata mantaMetadata, long j) {
        if (j > -1) {
            String valueOf = String.valueOf(j);
            mantaMetadata.put(MantaHttpHeaders.ENCRYPTION_PLAINTEXT_CONTENT_LENGTH, valueOf);
            LOGGER.debug("Plaintext content-length: {}", valueOf);
        }
    }

    public void attachEncryptionPlaintextLengthHeader(MantaMetadata mantaMetadata, EncryptingEntity encryptingEntity) {
        attachEncryptionPlaintextLengthHeader(mantaMetadata, encryptingEntity.getOriginalLength());
    }

    /* JADX WARN: Type inference failed for: r0v44, types: [java.lang.Throwable, com.joyent.manta.exception.MantaClientEncryptionException] */
    public void attachEncryptedMetadata(MantaMetadata mantaMetadata) throws IOException {
        Cipher buildMetadataEncryptCipher = buildMetadataEncryptCipher();
        mantaMetadata.put(MantaHttpHeaders.ENCRYPTION_CIPHER, this.cipherDetails.getCipherId());
        String encodeToString = Base64.getEncoder().encodeToString(buildMetadataEncryptCipher.getIV());
        mantaMetadata.put(MantaHttpHeaders.ENCRYPTION_METADATA_IV, encodeToString);
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Encrypted metadata IV: {}", Hex.encodeHexString(buildMetadataEncryptCipher.getIV()));
        }
        String encryptedMetadataAsString = EncryptedMetadataUtils.encryptedMetadataAsString(mantaMetadata);
        LOGGER.debug("Encrypted metadata plaintext:\n{}", encryptedMetadataAsString);
        LOGGER.debug("Encrypted metadata ciphertext: {}", encodeToString);
        byte[] encryptMetadata = encryptMetadata(encryptedMetadataAsString, buildMetadataEncryptCipher);
        String encodeToString2 = Base64.getEncoder().encodeToString(encryptMetadata);
        if (encodeToString2.length() > MAX_METADATA_CIPHERTEXT_BASE64_SIZE) {
            ?? mantaClientEncryptionException = new MantaClientEncryptionException("Encrypted metadata exceeded the maximum size allowed");
            mantaClientEncryptionException.setContextValue("max_size", Integer.valueOf(MAX_METADATA_CIPHERTEXT_BASE64_SIZE));
            mantaClientEncryptionException.setContextValue("actual_size", Integer.valueOf(encodeToString2.length()));
            throw mantaClientEncryptionException;
        }
        mantaMetadata.put(MantaHttpHeaders.ENCRYPTION_METADATA, encodeToString2);
        if (this.cipherDetails.isAEADCipher()) {
            mantaMetadata.put(MantaHttpHeaders.ENCRYPTION_METADATA_AEAD_TAG_LENGTH, String.valueOf(this.cipherDetails.getAuthenticationTagOrHmacLengthInBytes()));
            return;
        }
        HMac authenticationHmac = this.cipherDetails.getAuthenticationHmac();
        initHmac(this.secretKey, authenticationHmac);
        authenticationHmac.update(encryptMetadata, 0, encryptMetadata.length);
        byte[] bArr = new byte[authenticationHmac.getMacSize()];
        authenticationHmac.doFinal(bArr, 0);
        String encodeToString3 = Base64.getEncoder().encodeToString(bArr);
        mantaMetadata.put(MantaHttpHeaders.ENCRYPTION_METADATA_HMAC, encodeToString3);
        LOGGER.debug("Encrypted metadata HMAC: {}", encodeToString3);
    }

    public SupportedCipherDetails getCipherDetails() {
        return this.cipherDetails;
    }

    private String findOriginalContentType(HttpEntity httpEntity, MantaHttpHeaders mantaHttpHeaders) {
        return (String) ObjectUtils.firstNonNull(new String[]{mantaHttpHeaders.getContentType(), httpEntity.getContentType() == null ? null : httpEntity.getContentType().getValue()});
    }

    private void appendPlaintextContentLength(String str, EncryptingEntity encryptingEntity, MantaMetadata mantaMetadata, MantaObjectResponse mantaObjectResponse) throws IOException {
        HttpPut put = getRequestFactory().put(str, Collections.singletonList(new BasicNameValuePair("metadata", "true")));
        mantaMetadata.put(MantaHttpHeaders.ENCRYPTION_PLAINTEXT_CONTENT_LENGTH, String.valueOf(encryptingEntity.getOriginalLength()));
        MantaHttpHeaders mantaHttpHeaders = new MantaHttpHeaders();
        mantaHttpHeaders.putAll(mantaMetadata);
        mantaHttpHeaders.put("If-Match", (Object) mantaObjectResponse.getEtag());
        mantaHttpHeaders.put("If-Unmodified-Since", (Object) mantaObjectResponse.getLastModifiedTime());
        put.setHeaders(mantaHttpHeaders.asApacheHttpHeaders());
        put.setEntity(NoContentEntity.INSTANCE);
        CloseableHttpResponse execute = getConnectionContext().getHttpClient().execute(put);
        IOUtils.closeQuietly(execute);
        int statusCode = execute.getStatusLine().getStatusCode();
        if (statusCode == 204 || statusCode == 412) {
            return;
        }
        MantaIOException mantaIOException = new MantaIOException("Unable to update metadata with original plaintext content length");
        HttpHelper.annotateContextedException(mantaIOException, put, execute);
        throw mantaIOException;
    }

    /* JADX WARN: Type inference failed for: r0v2, types: [java.lang.Throwable, com.joyent.manta.exception.MantaClientEncryptionException] */
    private byte[] encryptMetadata(String str, Cipher cipher) {
        try {
            return cipher.doFinal(str.getBytes(StandardCharsets.US_ASCII));
        } catch (BadPaddingException | IllegalBlockSizeException e) {
            ?? mantaClientEncryptionException = new MantaClientEncryptionException("There was a problem encrypting the object's metadata", e);
            mantaClientEncryptionException.setContextValue("key_details", String.format("key=%s, algorithm=%s", this.secretKey.getAlgorithm(), this.secretKey.getFormat()));
            throw mantaClientEncryptionException;
        }
    }

    /* JADX WARN: Type inference failed for: r0v0, types: [java.lang.Throwable, com.joyent.manta.exception.MantaClientEncryptionException] */
    private byte[] decryptMetadata(byte[] bArr, Cipher cipher) {
        try {
            return cipher.doFinal(bArr);
        } catch (BadPaddingException | IllegalBlockSizeException e) {
            ?? mantaClientEncryptionException = new MantaClientEncryptionException("There was a problem decrypting the object's metadata", e);
            mantaClientEncryptionException.setContextValue("key_details", String.format("key=%s, algorithm=%s", this.secretKey.getAlgorithm(), this.secretKey.getFormat()));
            throw mantaClientEncryptionException;
        }
    }

    /* JADX WARN: Type inference failed for: r0v6, types: [java.lang.Throwable, com.joyent.manta.exception.MantaClientEncryptionException] */
    private Cipher buildMetadataEncryptCipher() {
        byte[] generateIv = this.cipherDetails.generateIv();
        Cipher cipher = this.cipherDetails.getCipher();
        try {
            cipher.init(1, this.secretKey, this.cipherDetails.getEncryptionParameterSpec(generateIv));
            return cipher;
        } catch (InvalidAlgorithmParameterException e) {
            throw new MantaClientEncryptionException("There was a problem with the passed algorithm parameters", e);
        } catch (InvalidKeyException e2) {
            ?? mantaClientEncryptionException = new MantaClientEncryptionException("There was a problem loading private key", e2);
            mantaClientEncryptionException.setContextValue("key_details", String.format("key=%s, algorithm=%s", this.secretKey.getAlgorithm(), this.secretKey.getFormat()));
            throw mantaClientEncryptionException;
        }
    }

    /* JADX WARN: Type inference failed for: r0v3, types: [java.lang.Throwable, com.joyent.manta.exception.MantaClientEncryptionException] */
    private Cipher buildMetadataDecryptCipher(byte[] bArr) {
        Cipher cipher = this.cipherDetails.getCipher();
        try {
            cipher.init(2, this.secretKey, this.cipherDetails.getEncryptionParameterSpec(bArr));
            return cipher;
        } catch (InvalidAlgorithmParameterException e) {
            throw new MantaClientEncryptionException("There was a problem with the passed algorithm parameters", e);
        } catch (InvalidKeyException e2) {
            ?? mantaClientEncryptionException = new MantaClientEncryptionException("There was a problem loading private key", e2);
            mantaClientEncryptionException.setContextValue("key_details", String.format("key=%s, algorithm=%s", this.secretKey.getAlgorithm(), this.secretKey.getFormat()));
            throw mantaClientEncryptionException;
        }
    }

    private void enforceCipherAndMode(String str, HttpRequest httpRequest, HttpResponse httpResponse) {
        if (str.equals(this.cipherDetails.getCipherId())) {
            return;
        }
        ExceptionContext mantaClientEncryptionException = new MantaClientEncryptionException("Cipher used to encrypt object is not the same as the cipher configured.");
        HttpHelper.annotateContextedException(mantaClientEncryptionException, httpRequest, httpResponse);
        mantaClientEncryptionException.setContextValue("objectCipherId", str);
        mantaClientEncryptionException.setContextValue("configCipherId", this.cipherDetails.getCipherId());
        throw mantaClientEncryptionException;
    }

    static long[] byteRangeAsNullSafe(Long[] lArr, SupportedCipherDetails supportedCipherDetails) {
        return new long[]{lArr[0] == null ? 0L : lArr[0].longValue(), lArr[1] == null ? supportedCipherDetails.getMaximumPlaintextSizeInBytes() : lArr[1].longValue()};
    }

    private static void initHmac(SecretKey secretKey, HMac hMac) {
        hMac.init(new KeyParameter(secretKey.getEncoded()));
    }

    public SecretKey getSecretKey() {
        return this.secretKey;
    }
}
