package net.snowflake.spark.snowflake;

import com.amazonaws.ClientConfiguration;
import com.amazonaws.auth.BasicAWSCredentials;
import com.amazonaws.auth.BasicSessionCredentials;
import com.amazonaws.services.s3.AmazonS3Client;
import com.amazonaws.services.s3.AmazonS3EncryptionClient;
import com.amazonaws.services.s3.model.CryptoConfiguration;
import com.amazonaws.services.s3.model.CryptoMode;
import com.amazonaws.services.s3.model.EncryptionMaterials;
import com.amazonaws.services.s3.model.ObjectMetadata;
import com.amazonaws.services.s3.model.StaticEncryptionMaterialsProvider;
import com.amazonaws.util.Base64;
import java.io.InputStream;
import java.security.SecureRandom;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import net.snowflake.client.jdbc.ErrorCode;
import net.snowflake.client.jdbc.MatDesc;
import net.snowflake.client.jdbc.SnowflakeSQLException;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Predef$;
import scala.StringContext;
import scala.Tuple2;
import scala.collection.immutable.Nil$;
import scala.collection.immutable.StringOps;
import scala.collection.mutable.StringBuilder;
import scala.runtime.BoxesRunTime;
import scala.util.Random$;

/* compiled from: ConnectorSFStageManager.scala */
/* loaded from: input_file:net/snowflake/spark/snowflake/ConnectorSFStageManager$.class */
public final class ConnectorSFStageManager$ {
    public static final ConnectorSFStageManager$ MODULE$ = null;
    private final String DUMMY_LOCATION;
    private final String AES;
    private final int DEFAULT_PARALLELISM;
    private final int S3_MAX_RETRIES;
    private final String CREATE_TEMP_STAGE_STMT;
    private final String AMZ_KEY;
    private final String AMZ_IV;
    private final String DATA_CIPHER;
    private final String KEY_CIPHER;
    private final String AMZ_MATDESC;

    static {
        new ConnectorSFStageManager$();
    }

    public final String DUMMY_LOCATION() {
        return "file:///tmp/dummy_location_spark_connector_tmp/";
    }

    public final String AES() {
        return "AES";
    }

    public final int DEFAULT_PARALLELISM() {
        return 10;
    }

    public final int S3_MAX_RETRIES() {
        return 3;
    }

    public final String CREATE_TEMP_STAGE_STMT() {
        return this.CREATE_TEMP_STAGE_STMT;
    }

    public final String AMZ_KEY() {
        return this.AMZ_KEY;
    }

    public final String AMZ_IV() {
        return this.AMZ_IV;
    }

    public final String DATA_CIPHER() {
        return this.DATA_CIPHER;
    }

    public final String KEY_CIPHER() {
        return this.KEY_CIPHER;
    }

    public final String AMZ_MATDESC() {
        return "x-amz-matdesc";
    }

    public final Tuple2<String, String> extractBucketNameAndPath(String str) {
        String str2 = str;
        String str3 = "";
        if (str.contains("/")) {
            str2 = str.substring(0, str.indexOf("/"));
            str3 = str.substring(str.indexOf("/") + 1);
        }
        return new Tuple2<>(str2, str3);
    }

    public final String TEMP_STAGE_LOCATION() {
        return new StringBuilder().append("spark_connector_unload_stage_").append(Random$.MODULE$.alphanumeric().take(10).mkString("")).toString();
    }

    public final AmazonS3Client createS3Client(boolean z, String str, String str2, String str3, String str4, String str5, String str6, Option<Object> option) {
        int unboxToInt = BoxesRunTime.unboxToInt(option.getOrElse(new ConnectorSFStageManager$$anonfun$1()));
        byte[] decode = Base64.decode(str);
        SecretKeySpec secretKeySpec = new SecretKeySpec(decode, 0, decode.length, "AES");
        BasicAWSCredentials basicAWSCredentials = str6 == null ? new BasicAWSCredentials(str4, str5) : new BasicSessionCredentials(str4, str5, str6);
        ClientConfiguration clientConfiguration = new ClientConfiguration();
        clientConfiguration.setMaxConnections(unboxToInt);
        clientConfiguration.setMaxErrorRetry(3);
        if (!z) {
            return new AmazonS3Client(basicAWSCredentials, clientConfiguration);
        }
        CryptoConfiguration cryptoConfiguration = new CryptoConfiguration(CryptoMode.EncryptionOnly);
        EncryptionMaterials encryptionMaterials = new EncryptionMaterials(secretKeySpec);
        encryptionMaterials.addDescription("queryId", str2);
        encryptionMaterials.addDescription("smkId", str3);
        return new AmazonS3EncryptionClient(basicAWSCredentials, new StaticEncryptionMaterialsProvider(encryptionMaterials), clientConfiguration, cryptoConfiguration);
    }

    public final Option<Object> createS3Client$default$8() {
        return None$.MODULE$;
    }

    public final InputStream getDecryptedStream(InputStream inputStream, String str, ObjectMetadata objectMetadata) {
        Map userMetadata = objectMetadata.getUserMetadata();
        byte[] decode = Base64.decode(str);
        Tuple2 tuple2 = new Tuple2(userMetadata.get(AMZ_KEY()), userMetadata.get(AMZ_IV()));
        if (tuple2 == null) {
            throw new MatchError(tuple2);
        }
        Tuple2 tuple22 = new Tuple2((String) tuple2._1(), (String) tuple2._2());
        String str2 = (String) tuple22._1();
        String str3 = (String) tuple22._2();
        if (str2 == null || str3 == null) {
            throw new SnowflakeSQLException("XX000", Predef$.MODULE$.Integer2int(ErrorCode.INTERNAL_ERROR.getMessageCode()), new Object[]{"File metadata incomplete"});
        }
        byte[] decode2 = Base64.decode(str2);
        byte[] decode3 = Base64.decode(str3);
        SecretKeySpec secretKeySpec = new SecretKeySpec(decode, 0, decode.length, "AES");
        Cipher cipher = Cipher.getInstance(KEY_CIPHER());
        cipher.init(2, secretKeySpec);
        SecretKeySpec secretKeySpec2 = new SecretKeySpec(cipher.doFinal(decode2), 0, decode.length, "AES");
        Cipher cipher2 = Cipher.getInstance(DATA_CIPHER());
        cipher2.init(2, secretKeySpec2, new IvParameterSpec(decode3));
        return new CipherInputStream(inputStream, cipher2);
    }

    public final Tuple2<Cipher, ObjectMetadata> getCipherAndMetadata(String str, String str2, String str3) {
        byte[] decode = Base64.decode(str);
        int length = decode.length;
        byte[] bArr = new byte[length];
        Cipher cipher = Cipher.getInstance(DATA_CIPHER());
        byte[] bArr2 = new byte[cipher.getBlockSize()];
        SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG", "SUN");
        secureRandom.nextBytes(new byte[10]);
        secureRandom.nextBytes(bArr2);
        IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr2);
        secureRandom.nextBytes(bArr);
        cipher.init(1, new SecretKeySpec(bArr, 0, length, "AES"), ivParameterSpec);
        Cipher cipher2 = Cipher.getInstance(KEY_CIPHER());
        cipher2.init(1, new SecretKeySpec(decode, 0, length, "AES"));
        byte[] doFinal = cipher2.doFinal(bArr);
        MatDesc matDesc = new MatDesc(new StringOps(Predef$.MODULE$.augmentString(str3)).toLong(), str2, length * 8);
        ObjectMetadata objectMetadata = new ObjectMetadata();
        objectMetadata.addUserMetadata("x-amz-matdesc", matDesc.toString());
        objectMetadata.addUserMetadata(AMZ_KEY(), Base64.encodeAsString(doFinal));
        objectMetadata.addUserMetadata(AMZ_IV(), Base64.encodeAsString(bArr2));
        return new Tuple2<>(cipher, objectMetadata);
    }

    private ConnectorSFStageManager$() {
        MODULE$ = this;
        this.CREATE_TEMP_STAGE_STMT = new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"CREATE OR REPLACE TEMP STAGE "})).s(Nil$.MODULE$);
        this.AMZ_KEY = "x-amz-key";
        this.AMZ_IV = "x-amz-iv";
        this.DATA_CIPHER = "AES/CBC/PKCS5Padding";
        this.KEY_CIPHER = "AES/ECB/PKCS5Padding";
    }
}
