package org.apache.hadoop.fs.s3a.impl;

import java.io.IOException;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.classification.InterfaceStability;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.s3a.Constants;
import org.apache.hadoop.fs.s3a.S3AEncryptionMethods;
import org.apache.hadoop.fs.s3a.S3AStore;
import org.apache.hadoop.fs.s3a.S3AUtils;
import org.apache.hadoop.fs.s3a.impl.CSEMaterials;
import org.apache.hadoop.util.Preconditions;
import software.amazon.awssdk.core.ResponseInputStream;
import software.amazon.awssdk.services.s3.model.GetObjectResponse;
import software.amazon.awssdk.services.s3.model.HeadObjectResponse;

@InterfaceAudience.Private
@InterfaceStability.Evolving
/* loaded from: input_file:org/apache/hadoop/fs/s3a/impl/CSEUtils.class */
public final class CSEUtils {
    private CSEUtils() {
    }

    public static boolean isCSEEnabled(String str) {
        return S3AEncryptionMethods.CSE_KMS.getMethod().equals(str) || S3AEncryptionMethods.CSE_CUSTOM.getMethod().equals(str);
    }

    public static boolean isObjectEncrypted(S3AStore s3AStore, String str) throws IOException {
        HeadObjectResponse headObject = s3AStore.headObject(str, null, null, null, "getObjectMetadata");
        return headObject.hasMetadata() && headObject.metadata().get(AWSHeaders.CRYPTO_CEK_ALGORITHM) != null;
    }

    public static long getUnencryptedObjectLength(S3AStore s3AStore, String str, long j, HeadObjectResponse headObjectResponse) throws IOException {
        if (!isObjectEncrypted(s3AStore, str)) {
            return j;
        }
        if (headObjectResponse != null) {
            String str2 = (String) headObjectResponse.metadata().get(AWSHeaders.UNENCRYPTED_CONTENT_LENGTH);
            if (headObjectResponse.hasMetadata() && str2 != null && !str2.isEmpty()) {
                return Long.parseLong(str2);
            }
        }
        if (j < 16) {
            return j;
        }
        long j2 = j - 16;
        if (j2 < 0) {
            j2 = 0;
        }
        try {
            ResponseInputStream<GetObjectResponse> rangedS3Object = s3AStore.getRangedS3Object(str, j2, j);
            int i = 0;
            while (rangedS3Object.read() != -1) {
                try {
                    i++;
                } finally {
                }
            }
            long j3 = j2 + i;
            if (rangedS3Object != null) {
                rangedS3Object.close();
            }
            return j3;
        } catch (Exception e) {
            throw new IOException("Failed to compute unencrypted length", e);
        }
    }

    public static CSEMaterials getClientSideEncryptionMaterials(Configuration configuration, String str, S3AEncryptionMethods s3AEncryptionMethods) throws IOException {
        switch (s3AEncryptionMethods) {
            case CSE_KMS:
                String s3EncryptionKey = S3AUtils.getS3EncryptionKey(str, configuration, true);
                Preconditions.checkArgument((s3EncryptionKey == null || s3EncryptionKey.isEmpty()) ? false : true, "KMS keyId cannot be null or empty");
                return new CSEMaterials().withCSEKeyType(CSEMaterials.CSEKeyType.KMS).withConf(configuration).withKmsKeyId(s3EncryptionKey);
            case CSE_CUSTOM:
                String trimmed = configuration.getTrimmed(Constants.S3_ENCRYPTION_CSE_CUSTOM_KEYRING_CLASS_NAME);
                Preconditions.checkArgument((trimmed == null || trimmed.isEmpty()) ? false : true, "CSE custom cryptographic class name cannot be null or empty");
                return new CSEMaterials().withCSEKeyType(CSEMaterials.CSEKeyType.CUSTOM).withConf(configuration).withCustomCryptographicClassName(trimmed);
            default:
                throw new IllegalArgumentException("Invalid client side encryption algorithm. Only CSE-KMS and CSE-CUSTOM are supported");
        }
    }
}
