package org.apache.nifi.processors.aws.s3.encryption;

import com.amazonaws.regions.Region;
import com.amazonaws.regions.Regions;
import com.amazonaws.services.s3.AmazonS3;
import com.amazonaws.services.s3.AmazonS3Builder;
import com.amazonaws.services.s3.AmazonS3EncryptionClientV2;
import com.amazonaws.services.s3.AmazonS3EncryptionClientV2Builder;
import com.amazonaws.services.s3.model.CryptoConfigurationV2;
import com.amazonaws.services.s3.model.EncryptionMaterials;
import com.amazonaws.services.s3.model.StaticEncryptionMaterialsProvider;
import java.util.function.Consumer;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.components.ValidationResult;

/* loaded from: input_file:org/apache/nifi/processors/aws/s3/encryption/ClientSideCEncryptionStrategy.class */
public class ClientSideCEncryptionStrategy implements S3EncryptionStrategy {
    @Override // org.apache.nifi.processors.aws.s3.encryption.S3EncryptionStrategy
    public AmazonS3 createEncryptionClient(Consumer<AmazonS3Builder<?, ?>> consumer, String str, String str2) {
        ValidationResult validateKey = validateKey(str2);
        if (!validateKey.isValid()) {
            throw new IllegalArgumentException("Invalid client key; " + validateKey.getExplanation());
        }
        StaticEncryptionMaterialsProvider staticEncryptionMaterialsProvider = new StaticEncryptionMaterialsProvider(new EncryptionMaterials(new SecretKeySpec(Base64.decodeBase64(str2), "AES")));
        CryptoConfigurationV2 cryptoConfigurationV2 = new CryptoConfigurationV2();
        cryptoConfigurationV2.setAwsKmsRegion(Region.getRegion(Regions.DEFAULT_REGION));
        AmazonS3EncryptionClientV2Builder withEncryptionMaterialsProvider = AmazonS3EncryptionClientV2.encryptionBuilder().withCryptoConfiguration(cryptoConfigurationV2).withEncryptionMaterialsProvider(staticEncryptionMaterialsProvider);
        consumer.accept(withEncryptionMaterialsProvider);
        return (AmazonS3) withEncryptionMaterialsProvider.build();
    }

    @Override // org.apache.nifi.processors.aws.s3.encryption.S3EncryptionStrategy
    public ValidationResult validateKey(String str) {
        if (StringUtils.isBlank(str)) {
            return new ValidationResult.Builder().subject("Key Material").valid(false).explanation("it is empty").build();
        }
        try {
            if (!Base64.isBase64(str)) {
                throw new Exception();
            }
            byte[] decodeBase64 = Base64.decodeBase64(str);
            return (decodeBase64.length == 32 || decodeBase64.length == 24 || decodeBase64.length == 16) ? new ValidationResult.Builder().valid(true).build() : new ValidationResult.Builder().subject("Key Material").valid(false).explanation("it is not a Base64 encoded AES-256, AES-192 or AES-128 key").build();
        } catch (Exception e) {
            return new ValidationResult.Builder().subject("Key Material").valid(false).explanation("it is not in Base64 encoded form").build();
        }
    }
}
