package io.minio;

import com.google.common.io.BaseEncoding;
import io.minio.errors.InvalidArgumentException;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Map;
import java.util.Optional;
import javax.crypto.SecretKey;
import javax.security.auth.DestroyFailedException;
import javax.security.auth.Destroyable;
import kotlin.text.Typography;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;

/* loaded from: classes.dex */
public abstract class ServerSideEncryption implements Destroyable {
    protected boolean destroyed = false;

    /* loaded from: classes.dex */
    static final class ServerSideEncryptionCopyWithCustomerKey extends ServerSideEncryptionWithCustomerKey {
        public ServerSideEncryptionCopyWithCustomerKey(SecretKey secretKey, MessageDigest messageDigest) {
            super(secretKey, messageDigest);
        }

        @Override // io.minio.ServerSideEncryption.ServerSideEncryptionWithCustomerKey, io.minio.ServerSideEncryption
        public final void marshal(Map<String, String> map) {
            if (isDestroyed()) {
                throw new IllegalStateException("object is already destroyed");
            }
            try {
                byte[] encoded = this.secretKey.getEncoded();
                this.md5.update(encoded);
                String encode = BaseEncoding.base64().encode(this.md5.digest());
                map.put("X-Amz-Copy-Source-Server-Side-Encryption-Customer-Algorithm", "AES256");
                map.put("X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key", BaseEncoding.base64().encode(encoded));
                map.put("X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key-Md5", encode);
            } finally {
                this.md5.reset();
            }
        }
    }

    /* loaded from: classes.dex */
    static final class ServerSideEncryptionKms extends ServerSideEncryption {
        final Optional<String> context;
        final String keyId;

        public ServerSideEncryptionKms(String str, Optional<String> optional) {
            this.keyId = str;
            this.context = optional;
        }

        @Override // javax.security.auth.Destroyable
        public final void destroy() throws DestroyFailedException {
            this.destroyed = true;
        }

        @Override // io.minio.ServerSideEncryption
        public final Type getType() {
            return Type.SSE_KMS;
        }

        @Override // io.minio.ServerSideEncryption
        public final void marshal(Map<String, String> map) {
            if (isDestroyed()) {
                throw new IllegalStateException("object is already destroyed");
            }
            map.put("X-Amz-Server-Side-Encryption-Aws-Kms-Key-Id", this.keyId);
            map.put("X-Amz-Server-Side-Encryption", "aws:kms");
            if (this.context.isPresent()) {
                map.put("X-Amz-Server-Side-Encryption-Context", this.context.get());
            }
        }
    }

    /* loaded from: classes.dex */
    static final class ServerSideEncryptionS3 extends ServerSideEncryption {
        ServerSideEncryptionS3() {
        }

        @Override // javax.security.auth.Destroyable
        public final void destroy() throws DestroyFailedException {
            this.destroyed = true;
        }

        @Override // io.minio.ServerSideEncryption
        public final Type getType() {
            return Type.SSE_S3;
        }

        @Override // io.minio.ServerSideEncryption
        public final void marshal(Map<String, String> map) {
            map.put("X-Amz-Server-Side-Encryption", "AES256");
        }
    }

    /* loaded from: classes.dex */
    static class ServerSideEncryptionWithCustomerKey extends ServerSideEncryption {
        protected final MessageDigest md5;
        protected final SecretKey secretKey;

        public ServerSideEncryptionWithCustomerKey(SecretKey secretKey, MessageDigest messageDigest) {
            this.secretKey = secretKey;
            this.md5 = messageDigest;
        }

        @Override // javax.security.auth.Destroyable
        public final void destroy() throws DestroyFailedException {
            this.secretKey.destroy();
            this.destroyed = true;
        }

        @Override // io.minio.ServerSideEncryption
        public final Type getType() {
            return Type.SSE_C;
        }

        @Override // io.minio.ServerSideEncryption
        public void marshal(Map<String, String> map) {
            if (isDestroyed()) {
                throw new IllegalStateException("object is already destroyed");
            }
            try {
                byte[] encoded = this.secretKey.getEncoded();
                this.md5.update(encoded);
                map.put("X-Amz-Server-Side-Encryption-Customer-Algorithm", "AES256");
                map.put("X-Amz-Server-Side-Encryption-Customer-Key", BaseEncoding.base64().encode(encoded));
                map.put("X-Amz-Server-Side-Encryption-Customer-Key-Md5", BaseEncoding.base64().encode(this.md5.digest()));
            } finally {
                this.md5.reset();
            }
        }
    }

    /* loaded from: classes.dex */
    public enum Type {
        SSE_C,
        SSE_S3,
        SSE_KMS;

        public boolean requiresTls() {
            return equals(SSE_C);
        }

        public boolean requiresV4() {
            return equals(SSE_KMS);
        }
    }

    public static ServerSideEncryption atRest() {
        return new ServerSideEncryptionS3();
    }

    public static ServerSideEncryption copyWithCustomerKey(SecretKey secretKey) throws InvalidKeyException, NoSuchAlgorithmException {
        if (isCustomerKeyValid(secretKey)) {
            return new ServerSideEncryptionCopyWithCustomerKey(secretKey, MessageDigest.getInstance(MessageDigestAlgorithms.MD5));
        }
        throw new InvalidKeyException("The secret key is not a 256 bit AES key");
    }

    private static boolean isCustomerKeyValid(SecretKey secretKey) {
        return secretKey != null && !secretKey.isDestroyed() && secretKey.getAlgorithm().equals("AES") && secretKey.getEncoded().length == 32;
    }

    public static ServerSideEncryption withCustomerKey(SecretKey secretKey) throws InvalidKeyException, NoSuchAlgorithmException {
        if (isCustomerKeyValid(secretKey)) {
            return new ServerSideEncryptionWithCustomerKey(secretKey, MessageDigest.getInstance(MessageDigestAlgorithms.MD5));
        }
        throw new InvalidKeyException("The secret key is not a 256 bit AES key");
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public static ServerSideEncryption withManagedKeys(String str, Map<String, String> map) throws InvalidArgumentException, UnsupportedEncodingException {
        if (str == null) {
            throw new InvalidArgumentException("The key-ID cannot be null");
        }
        if (map == null) {
            return new ServerSideEncryptionKms(str, Optional.empty());
        }
        StringBuilder sb = new StringBuilder();
        sb.append('{');
        for (Map.Entry<String, String> entry : map.entrySet()) {
            sb.append(Typography.quote);
            sb.append(entry.getKey());
            sb.append(Typography.quote);
            sb.append(':');
            sb.append(Typography.quote);
            sb.append(entry.getValue());
            sb.append(Typography.quote);
            if (map.entrySet().size() - 1 > 0) {
                sb.append(',');
            }
        }
        sb.append('}');
        return new ServerSideEncryptionKms(str, Optional.of(BaseEncoding.base64().encode(sb.toString().getBytes("UTF-8"))));
    }

    public abstract Type getType();

    @Override // javax.security.auth.Destroyable
    public boolean isDestroyed() {
        return this.destroyed;
    }

    public abstract void marshal(Map<String, String> map);
}
