package ch.cyberduck.core.kms;

import ch.cyberduck.core.Host;
import ch.cyberduck.core.KeychainLoginService;
import ch.cyberduck.core.LocaleFactory;
import ch.cyberduck.core.LoginCallback;
import ch.cyberduck.core.LoginOptions;
import ch.cyberduck.core.PasswordStoreFactory;
import ch.cyberduck.core.Path;
import ch.cyberduck.core.PathContainerService;
import ch.cyberduck.core.PreferencesUseragentProvider;
import ch.cyberduck.core.exception.AccessDeniedException;
import ch.cyberduck.core.exception.BackgroundException;
import ch.cyberduck.core.exception.LoginFailureException;
import ch.cyberduck.core.features.Encryption;
import ch.cyberduck.core.features.Location;
import ch.cyberduck.core.iam.AmazonServiceExceptionMappingService;
import ch.cyberduck.core.preferences.Preferences;
import ch.cyberduck.core.preferences.PreferencesFactory;
import ch.cyberduck.core.proxy.Proxy;
import ch.cyberduck.core.proxy.ProxyFactory;
import ch.cyberduck.core.s3.S3EncryptionFeature;
import ch.cyberduck.core.s3.S3PathContainerService;
import ch.cyberduck.core.s3.S3Session;
import com.amazonaws.AmazonClientException;
import com.amazonaws.ClientConfiguration;
import com.amazonaws.auth.AWSCredentials;
import com.amazonaws.auth.AWSStaticCredentialsProvider;
import com.amazonaws.services.kms.AWSKMS;
import com.amazonaws.services.kms.AWSKMSClientBuilder;
import com.amazonaws.services.kms.model.AliasListEntry;
import com.amazonaws.services.kms.model.KeyListEntry;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Set;
import java.util.concurrent.Callable;
import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.Logger;

/* loaded from: input_file:ch/cyberduck/core/kms/KMSEncryptionFeature.class */
public class KMSEncryptionFeature extends S3EncryptionFeature {
    private final Host bookmark;
    private final Preferences preferences;
    private final PathContainerService containerService;
    private final ClientConfiguration configuration;
    private final Location locationFeature;
    private static final Logger log = Logger.getLogger(KMSEncryptionFeature.class);
    public static final Encryption.Algorithm SSE_KMS_DEFAULT = new Encryption.Algorithm("aws:kms", null) { // from class: ch.cyberduck.core.kms.KMSEncryptionFeature.2
        public String getDescription() {
            return "SSE-KMS";
        }
    };

    /* renamed from: ch.cyberduck.core.kms.KMSEncryptionFeature$3, reason: invalid class name */
    /* loaded from: input_file:ch/cyberduck/core/kms/KMSEncryptionFeature$3.class */
    static /* synthetic */ class AnonymousClass3 {
        static final /* synthetic */ int[] $SwitchMap$ch$cyberduck$core$proxy$Proxy$Type = new int[Proxy.Type.values().length];

        static {
            try {
                $SwitchMap$ch$cyberduck$core$proxy$Proxy$Type[Proxy.Type.HTTP.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$ch$cyberduck$core$proxy$Proxy$Type[Proxy.Type.HTTPS.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:ch/cyberduck/core/kms/KMSEncryptionFeature$AliasedAlgorithm.class */
    public static class AliasedAlgorithm extends Encryption.Algorithm {
        private final KeyListEntry entry;
        private final String alias;
        private final Location.Name region;

        public AliasedAlgorithm(KeyListEntry keyListEntry, String str, Location.Name name) {
            super(KMSEncryptionFeature.SSE_KMS_DEFAULT.algorithm, keyListEntry.getKeyArn());
            this.entry = keyListEntry;
            this.alias = str;
            this.region = name;
        }

        public String getDescription() {
            return StringUtils.isBlank(this.alias) ? String.format("SSE-KMS (%s)", this.entry.getKeyArn()) : String.format("SSE-KMS (%s - %s)", this.alias, this.entry.getKeyArn());
        }

        public Location.Name getRegion() {
            return this.region;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:ch/cyberduck/core/kms/KMSEncryptionFeature$Authenticated.class */
    public interface Authenticated<T> extends Callable<T> {
        @Override // java.util.concurrent.Callable
        T call() throws BackgroundException;
    }

    public KMSEncryptionFeature(S3Session s3Session) {
        this(s3Session, PreferencesFactory.get().getInteger("connection.timeout.seconds") * 1000);
    }

    public KMSEncryptionFeature(S3Session s3Session, int i) {
        super(s3Session);
        this.preferences = PreferencesFactory.get();
        this.containerService = new S3PathContainerService();
        this.bookmark = s3Session.getHost();
        this.configuration = new ClientConfiguration();
        this.configuration.setConnectionTimeout(i);
        this.configuration.setSocketTimeout(i);
        this.configuration.setUserAgentPrefix(new PreferencesUseragentProvider().get());
        this.configuration.setMaxErrorRetry(0);
        this.configuration.setMaxConnections(1);
        this.configuration.setUseGzip(PreferencesFactory.get().getBoolean("http.compression.enable"));
        Proxy find = ProxyFactory.get().find(this.bookmark);
        switch (AnonymousClass3.$SwitchMap$ch$cyberduck$core$proxy$Proxy$Type[find.getType().ordinal()]) {
            case 1:
            case 2:
                this.configuration.setProxyHost(find.getHostname());
                this.configuration.setProxyPort(find.getPort());
                break;
        }
        this.locationFeature = (Location) s3Session.getFeature(Location.class);
    }

    private <T> T authenticated(Authenticated<T> authenticated, LoginCallback loginCallback) throws BackgroundException {
        LoginOptions publickey = new LoginOptions(this.bookmark.getProtocol()).anonymous(false).publickey(false);
        try {
            new KeychainLoginService(loginCallback, PasswordStoreFactory.get()).validate(this.bookmark, LocaleFactory.localizedString("AWS Key Management Service", "S3"), publickey);
            return authenticated.call();
        } catch (LoginFailureException e) {
            this.bookmark.setCredentials(loginCallback.prompt(this.bookmark, this.bookmark.getCredentials().getUsername(), LocaleFactory.localizedString("Login failed", "Credentials"), e.getMessage(), publickey));
            return (T) authenticated(authenticated, loginCallback);
        }
    }

    @Override // ch.cyberduck.core.s3.S3EncryptionFeature
    public Encryption.Algorithm getDefault(Path path) {
        if (!StringUtils.equals(SSE_KMS_DEFAULT.algorithm, this.preferences.getProperty("s3.encryption.algorithm"))) {
            return super.getDefault(path);
        }
        String format = String.format("s3.encryption.key.%s", this.containerService.getContainer(path).getName());
        return StringUtils.isNotBlank(this.preferences.getProperty(format)) ? Encryption.Algorithm.fromString(this.preferences.getProperty(format)) : SSE_KMS_DEFAULT;
    }

    @Override // ch.cyberduck.core.s3.S3EncryptionFeature
    public Encryption.Algorithm getEncryption(Path path) throws BackgroundException {
        if (this.containerService.isContainer(path)) {
            String format = String.format("s3.encryption.key.%s", this.containerService.getContainer(path).getName());
            if (StringUtils.isNotBlank(this.preferences.getProperty(format))) {
                return Encryption.Algorithm.fromString(this.preferences.getProperty(format));
            }
        }
        return super.getEncryption(path);
    }

    @Override // ch.cyberduck.core.s3.S3EncryptionFeature
    public Set<Encryption.Algorithm> getKeys(Path path, LoginCallback loginCallback) throws BackgroundException {
        final Path container = this.containerService.getContainer(path);
        Set<Encryption.Algorithm> keys = super.getKeys(container, loginCallback);
        if (container.isRoot()) {
            return keys;
        }
        try {
            keys.addAll((Collection) authenticated(new Authenticated<Set<Encryption.Algorithm>>() { // from class: ch.cyberduck.core.kms.KMSEncryptionFeature.1
                @Override // ch.cyberduck.core.kms.KMSEncryptionFeature.Authenticated, java.util.concurrent.Callable
                public Set<Encryption.Algorithm> call() throws BackgroundException {
                    Location.Name location = KMSEncryptionFeature.this.locationFeature.getLocation(container);
                    AWSKMS awskms = (AWSKMS) AWSKMSClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider(new AWSCredentials() { // from class: ch.cyberduck.core.kms.KMSEncryptionFeature.1.1
                        public String getAWSAccessKeyId() {
                            return KMSEncryptionFeature.this.bookmark.getCredentials().getUsername();
                        }

                        public String getAWSSecretKey() {
                            return KMSEncryptionFeature.this.bookmark.getCredentials().getPassword();
                        }
                    })).withClientConfiguration(KMSEncryptionFeature.this.configuration).withRegion(location.getIdentifier()).build();
                    try {
                        try {
                            HashMap hashMap = new HashMap();
                            for (AliasListEntry aliasListEntry : awskms.listAliases().getAliases()) {
                                hashMap.put(aliasListEntry.getTargetKeyId(), aliasListEntry.getAliasName());
                            }
                            HashSet hashSet = new HashSet();
                            for (KeyListEntry keyListEntry : awskms.listKeys().getKeys()) {
                                hashSet.add(new AliasedAlgorithm(keyListEntry, (String) hashMap.get(keyListEntry.getKeyId()), location));
                            }
                            return hashSet;
                        } catch (AmazonClientException e) {
                            throw new AmazonServiceExceptionMappingService().map("Cannot read AWS KMS configuration", e);
                        }
                    } finally {
                        awskms.shutdown();
                    }
                }
            }, loginCallback));
        } catch (AccessDeniedException e) {
            log.warn(String.format("Ignore failure reading keys from KMS. %s", e.getMessage()));
            keys.add(SSE_KMS_DEFAULT);
        }
        return keys;
    }
}
