package software.amazon.encryption.s3.internal;

import com.sun.xml.messaging.saaj.packaging.mime.internet.MimeUtility;
import java.io.ByteArrayOutputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.CompletionException;
import software.amazon.awssdk.core.ResponseInputStream;
import software.amazon.awssdk.core.async.AsyncResponseTransformer;
import software.amazon.awssdk.protocols.jsoncore.JsonNode;
import software.amazon.awssdk.protocols.jsoncore.JsonNodeParser;
import software.amazon.awssdk.services.s3.S3AsyncClient;
import software.amazon.awssdk.services.s3.model.GetObjectRequest;
import software.amazon.awssdk.services.s3.model.GetObjectResponse;
import software.amazon.encryption.s3.S3EncryptionClientException;
import software.amazon.encryption.s3.S3EncryptionClientUtilities;
import software.amazon.encryption.s3.algorithms.AlgorithmSuite;
import software.amazon.encryption.s3.materials.EncryptedDataKey;
import software.amazon.encryption.s3.materials.S3Keyring;

/* loaded from: input_file:software/amazon/encryption/s3/internal/ContentMetadataDecodingStrategy.class */
public class ContentMetadataDecodingStrategy {
    private static final Base64.Decoder DECODER = Base64.getDecoder();
    private final S3AsyncClient wrappedAsyncClient_;

    public ContentMetadataDecodingStrategy(S3AsyncClient s3AsyncClient) {
        if (s3AsyncClient == null) {
            throw new S3EncryptionClientException("ContentMetadataDecodingStrategy requires a non-null async client.");
        }
        this.wrappedAsyncClient_ = s3AsyncClient;
    }

    private ContentMetadata readFromMap(Map<String, String> map, GetObjectResponse getObjectResponse) {
        AlgorithmSuite algorithmSuite;
        byte[] decode;
        String str;
        String str2 = map.get(MetadataKeyConstants.CONTENT_CIPHER);
        String contentRange = getObjectResponse.contentRange();
        if (str2 == null || str2.equals(AlgorithmSuite.ALG_AES_256_CBC_IV16_NO_KDF.cipherName())) {
            algorithmSuite = AlgorithmSuite.ALG_AES_256_CBC_IV16_NO_KDF;
        } else {
            if (!str2.equals(AlgorithmSuite.ALG_AES_256_GCM_IV12_TAG16_NO_KDF.cipherName())) {
                throw new S3EncryptionClientException("Unknown content encryption algorithm: " + str2);
            }
            algorithmSuite = contentRange == null ? AlgorithmSuite.ALG_AES_256_GCM_IV12_TAG16_NO_KDF : AlgorithmSuite.ALG_AES_256_CTR_IV16_TAG16_NO_KDF;
        }
        switch (algorithmSuite) {
            case ALG_AES_256_CBC_IV16_NO_KDF:
                if (map.containsKey(MetadataKeyConstants.ENCRYPTED_DATA_KEY_V1)) {
                    decode = DECODER.decode(map.get(MetadataKeyConstants.ENCRYPTED_DATA_KEY_V1));
                } else {
                    if (!map.containsKey(MetadataKeyConstants.ENCRYPTED_DATA_KEY_V2)) {
                        throw new S3EncryptionClientException("Malformed object metadata! Could not find the encrypted data key.");
                    }
                    decode = DECODER.decode(map.get(MetadataKeyConstants.ENCRYPTED_DATA_KEY_V2));
                }
                if (map.containsKey(MetadataKeyConstants.ENCRYPTED_DATA_KEY_ALGORITHM)) {
                    str = map.get(MetadataKeyConstants.ENCRYPTED_DATA_KEY_ALGORITHM);
                    break;
                } else if (decode.length > 48) {
                    str = "RSA";
                    break;
                } else {
                    str = "AES";
                    break;
                }
            case ALG_AES_256_GCM_IV12_TAG16_NO_KDF:
            case ALG_AES_256_CTR_IV16_TAG16_NO_KDF:
                int parseInt = Integer.parseInt(map.get(MetadataKeyConstants.CONTENT_CIPHER_TAG_LENGTH));
                if (parseInt != algorithmSuite.cipherTagLengthBits()) {
                    throw new S3EncryptionClientException("Expected tag length (bits) of: " + algorithmSuite.cipherTagLengthBits() + ", got: " + parseInt);
                }
                decode = DECODER.decode(map.get(MetadataKeyConstants.ENCRYPTED_DATA_KEY_V2));
                str = map.get(MetadataKeyConstants.ENCRYPTED_DATA_KEY_ALGORITHM);
                break;
            default:
                throw new S3EncryptionClientException("Unknown content encryption algorithm: " + algorithmSuite.id());
        }
        EncryptedDataKey build = EncryptedDataKey.builder().encryptedDataKey(decode).keyProviderId(S3Keyring.KEY_PROVIDER_ID).keyProviderInfo(str.getBytes(StandardCharsets.UTF_8)).build();
        HashMap hashMap = new HashMap();
        try {
            for (Map.Entry entry : JsonNodeParser.create().parse(decodeS3CustomEncoding(map.get(MetadataKeyConstants.ENCRYPTED_DATA_KEY_CONTEXT))).asObject().entrySet()) {
                hashMap.put((String) entry.getKey(), ((JsonNode) entry.getValue()).asString());
            }
            return ContentMetadata.builder().algorithmSuite(algorithmSuite).encryptedDataKey(build).encryptedDataKeyContext(hashMap).contentIv(DECODER.decode(map.get(MetadataKeyConstants.CONTENT_IV))).contentRange(contentRange).build();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public ContentMetadata decode(GetObjectRequest getObjectRequest, GetObjectResponse getObjectResponse) {
        Map metadata = getObjectResponse.metadata();
        return (metadata != null && metadata.containsKey(MetadataKeyConstants.CONTENT_IV) && (metadata.containsKey(MetadataKeyConstants.ENCRYPTED_DATA_KEY_V1) || metadata.containsKey(MetadataKeyConstants.ENCRYPTED_DATA_KEY_V2))) ? decodeFromObjectMetadata(getObjectRequest, getObjectResponse) : decodeFromInstructionFile(getObjectRequest, getObjectResponse);
    }

    private static String decodeS3CustomEncoding(String str) {
        try {
            String decodeText = MimeUtility.decodeText(str);
            try {
                StringBuilder sb = new StringBuilder();
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
                byte[] bytes = decodeText.getBytes(StandardCharsets.UTF_8);
                char[] charArray = decodeText.toCharArray();
                int i = 0;
                for (int i2 = 0; i2 < charArray.length; i2++) {
                    if (charArray[i2] > 127) {
                        dataOutputStream.write(new String(new byte[]{bytes[i2 + i], bytes[i2 + i + 1]}, StandardCharsets.UTF_8).charAt(0));
                        i++;
                    } else {
                        if (byteArrayOutputStream.size() > 0) {
                            sb.append(new String(byteArrayOutputStream.toByteArray(), StandardCharsets.UTF_8));
                            byteArrayOutputStream.reset();
                        }
                        sb.append(charArray[i2]);
                    }
                }
                return sb.toString();
            } catch (IOException e) {
                throw new S3EncryptionClientException("Unable to decode S3 object metadata: " + str, e);
            }
        } catch (UnsupportedEncodingException e2) {
            throw new S3EncryptionClientException("Unable to decode S3 object metadata: " + str, e2);
        }
    }

    private ContentMetadata decodeFromObjectMetadata(GetObjectRequest getObjectRequest, GetObjectResponse getObjectResponse) {
        return readFromMap(getObjectResponse.metadata(), getObjectResponse);
    }

    private ContentMetadata decodeFromInstructionFile(GetObjectRequest getObjectRequest, GetObjectResponse getObjectResponse) {
        try {
            ResponseInputStream responseInputStream = (ResponseInputStream) this.wrappedAsyncClient_.getObject((GetObjectRequest) GetObjectRequest.builder().bucket(getObjectRequest.bucket()).key(getObjectRequest.key() + S3EncryptionClientUtilities.INSTRUCTION_FILE_SUFFIX).build(), AsyncResponseTransformer.toBlockingInputStream()).join();
            HashMap hashMap = new HashMap();
            for (Map.Entry entry : JsonNodeParser.create().parse(responseInputStream).asObject().entrySet()) {
                hashMap.put((String) entry.getKey(), ((JsonNode) entry.getValue()).asString());
            }
            return readFromMap(hashMap, getObjectResponse);
        } catch (CompletionException e) {
            throw new S3EncryptionClientException("Instruction file not found! Please ensure the object you are attempting to decrypt has been encrypted using the S3 Encryption Client.", e);
        }
    }
}
