package software.amazon.encryption.s3.internal;

import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.security.SecureRandom;
import software.amazon.awssdk.core.async.AsyncRequestBody;
import software.amazon.encryption.s3.S3EncryptionClientException;
import software.amazon.encryption.s3.algorithms.AlgorithmSuite;
import software.amazon.encryption.s3.materials.EncryptionMaterials;

/* loaded from: input_file:software/amazon/encryption/s3/internal/StreamingAesGcmContentStrategy.class */
public class StreamingAesGcmContentStrategy implements AsyncContentEncryptionStrategy, MultipartContentEncryptionStrategy {
    private final SecureRandom _secureRandom;

    /* loaded from: input_file:software/amazon/encryption/s3/internal/StreamingAesGcmContentStrategy$Builder.class */
    public static class Builder {
        private SecureRandom _secureRandom;

        private Builder() {
            this._secureRandom = new SecureRandom();
        }

        @SuppressFBWarnings({"EI_EXPOSE_REP"})
        public Builder secureRandom(SecureRandom secureRandom) {
            if (secureRandom == null) {
                throw new S3EncryptionClientException("SecureRandom provided to StreamingAesGcmContentStrategy cannot be null");
            }
            this._secureRandom = secureRandom;
            return this;
        }

        public StreamingAesGcmContentStrategy build() {
            return new StreamingAesGcmContentStrategy(this);
        }
    }

    private StreamingAesGcmContentStrategy(Builder builder) {
        this._secureRandom = builder._secureRandom;
    }

    public static Builder builder() {
        return new Builder();
    }

    @Override // software.amazon.encryption.s3.internal.MultipartContentEncryptionStrategy
    public MultipartEncryptedContent initMultipartEncryption(EncryptionMaterials encryptionMaterials) {
        if (encryptionMaterials.getPlaintextLength() > AlgorithmSuite.ALG_AES_256_GCM_IV12_TAG16_NO_KDF.cipherMaxContentLengthBytes()) {
            throw new S3EncryptionClientException("The contentLength of the object you are attempting to encrypt exceedsthe maximum length allowed for GCM encryption.");
        }
        byte[] bArr = new byte[encryptionMaterials.algorithmSuite().iVLengthBytes()];
        this._secureRandom.nextBytes(bArr);
        return new MultipartEncryptedContent(bArr, CipherProvider.createAndInitCipher(encryptionMaterials, bArr), encryptionMaterials.getCiphertextLength());
    }

    @Override // software.amazon.encryption.s3.internal.AsyncContentEncryptionStrategy
    public EncryptedContent encryptContent(EncryptionMaterials encryptionMaterials, AsyncRequestBody asyncRequestBody) {
        if (encryptionMaterials.getPlaintextLength() > AlgorithmSuite.ALG_AES_256_GCM_IV12_TAG16_NO_KDF.cipherMaxContentLengthBytes()) {
            throw new S3EncryptionClientException("The contentLength of the object you are attempting to encrypt exceedsthe maximum length allowed for GCM encryption.");
        }
        byte[] bArr = new byte[encryptionMaterials.algorithmSuite().iVLengthBytes()];
        this._secureRandom.nextBytes(bArr);
        return new EncryptedContent(bArr, new CipherAsyncRequestBody(asyncRequestBody, Long.valueOf(encryptionMaterials.getCiphertextLength()), encryptionMaterials, bArr), encryptionMaterials.getCiphertextLength());
    }
}
