/* (non-Javadoc)
   * @see com.amazonaws.services.s3.AmazonS3Client#completeMultipartUpload(com.amazonaws.services.s3.model.CompleteMultipartUploadRequest)
   */
  @Override
  public CompleteMultipartUploadResult completeMultipartUpload(
      CompleteMultipartUploadRequest completeMultipartUploadRequest)
      throws AmazonClientException, AmazonServiceException {

    appendUserAgent(completeMultipartUploadRequest, USER_AGENT);

    String uploadId = completeMultipartUploadRequest.getUploadId();
    EncryptedUploadContext encryptedUploadContext = currentMultipartUploadSecretKeys.get(uploadId);

    if (encryptedUploadContext.hasFinalPartBeenSeen() == false) {
      throw new AmazonClientException(
          "Unable to complete an encrypted multipart upload without being told which part was the last.  "
              + "Without knowing which part was the last, the encrypted data in Amazon S3 is incomplete and corrupt.");
    }

    CompleteMultipartUploadResult result =
        super.completeMultipartUpload(completeMultipartUploadRequest);

    // In InstructionFile mode, we want to write the instruction file only after the whole upload
    // has completed correctly.
    if (cryptoConfig.getStorageMode() == CryptoStorageMode.InstructionFile) {
      Cipher symmetricCipher =
          EncryptionUtils.createSymmetricCipher(
              encryptedUploadContext.getEnvelopeEncryptionKey(),
              Cipher.ENCRYPT_MODE,
              cryptoConfig.getCryptoProvider(),
              encryptedUploadContext.getFirstInitializationVector());

      EncryptionMaterials encryptionMaterials =
          encryptionMaterialsProvider.getEncryptionMaterials();

      // Encrypt the envelope symmetric key
      byte[] encryptedEnvelopeSymmetricKey =
          EncryptionUtils.getEncryptedSymmetricKey(
              encryptedUploadContext.getEnvelopeEncryptionKey(),
              encryptionMaterials,
              cryptoConfig.getCryptoProvider());
      EncryptionInstruction instruction =
          new EncryptionInstruction(
              encryptionMaterials.getMaterialsDescription(),
              encryptedEnvelopeSymmetricKey,
              encryptedUploadContext.getEnvelopeEncryptionKey(),
              symmetricCipher);

      // Put the instruction file into S3
      super.putObject(
          EncryptionUtils.createInstructionPutRequest(
              encryptedUploadContext.getBucketName(),
              encryptedUploadContext.getKey(),
              instruction));
    }

    currentMultipartUploadSecretKeys.remove(uploadId);
    return result;
  }
  @Override
  public CopyPartResult copyPart(CopyPartRequest copyPartRequest) {
    String uploadId = copyPartRequest.getUploadId();
    EncryptedUploadContext encryptedUploadContext = currentMultipartUploadSecretKeys.get(uploadId);

    if (!encryptedUploadContext.hasFinalPartBeenSeen()) {
      encryptedUploadContext.setHasFinalPartBeenSeen(true);
    }

    return super.copyPart(copyPartRequest);
  }
  /**
   * {@inheritDoc}
   *
   * <p><b>NOTE:</b> Because the encryption process requires context from block N-1 in order to
   * encrypt block N, parts uploaded with the AmazonS3EncryptionClient (as opposed to the normal
   * AmazonS3Client) must be uploaded serially, and in order. Otherwise, the previous encryption
   * context isn't available to use when encrypting the current part.
   */
  @Override
  public UploadPartResult uploadPart(UploadPartRequest uploadPartRequest)
      throws AmazonClientException, AmazonServiceException {

    appendUserAgent(uploadPartRequest, USER_AGENT);

    boolean isLastPart = uploadPartRequest.isLastPart();
    String uploadId = uploadPartRequest.getUploadId();

    boolean partSizeMultipleOfCipherBlockSize =
        uploadPartRequest.getPartSize() % JceEncryptionConstants.SYMMETRIC_CIPHER_BLOCK_SIZE == 0;
    if (!isLastPart && !partSizeMultipleOfCipherBlockSize) {
      throw new AmazonClientException(
          "Invalid part size: part sizes for encrypted multipart uploads must be multiples "
              + "of the cipher block size ("
              + JceEncryptionConstants.SYMMETRIC_CIPHER_BLOCK_SIZE
              + ") with the exception of the last part.  "
              + "Otherwise encryption adds extra padding that will corrupt the final object.");
    }

    // Generate the envelope symmetric key and initialize a cipher to encrypt the object's data
    EncryptedUploadContext encryptedUploadContext = currentMultipartUploadSecretKeys.get(uploadId);
    if (encryptedUploadContext == null)
      throw new AmazonClientException(
          "No client-side information available on upload ID " + uploadId);

    SecretKey envelopeSymmetricKey = encryptedUploadContext.getEnvelopeEncryptionKey();
    byte[] iv = encryptedUploadContext.getNextInitializationVector();
    CipherFactory cipherFactory =
        new CipherFactory(
            envelopeSymmetricKey, Cipher.ENCRYPT_MODE, iv, this.cryptoConfig.getCryptoProvider());

    // Create encrypted input stream
    InputStream encryptedInputStream =
        EncryptionUtils.getEncryptedInputStream(uploadPartRequest, cipherFactory);
    uploadPartRequest.setInputStream(encryptedInputStream);

    // The last part of the multipart upload will contain extra padding from the encryption process,
    // which
    // changes the
    if (uploadPartRequest.isLastPart()) {
      // We only change the size of the last part
      long cryptoContentLength =
          EncryptionUtils.calculateCryptoContentLength(
              cipherFactory.createCipher(), uploadPartRequest);
      if (cryptoContentLength > 0) uploadPartRequest.setPartSize(cryptoContentLength);

      if (encryptedUploadContext.hasFinalPartBeenSeen()) {
        throw new AmazonClientException(
            "This part was specified as the last part in a multipart upload, but a previous part was already marked as the last part.  "
                + "Only the last part of the upload should be marked as the last part, otherwise it will cause the encrypted data to be corrupted.");
      }

      encryptedUploadContext.setHasFinalPartBeenSeen(true);
    }

    // Treat all encryption requests as input stream upload requests, not as file upload requests.
    uploadPartRequest.setFile(null);
    uploadPartRequest.setFileOffset(0);

    UploadPartResult result = super.uploadPart(uploadPartRequest);

    if (encryptedInputStream instanceof ByteRangeCapturingInputStream) {
      ByteRangeCapturingInputStream bris = (ByteRangeCapturingInputStream) encryptedInputStream;
      encryptedUploadContext.setNextInitializationVector(bris.getBlock());
    } else {
      throw new AmazonClientException("Unable to access last block of encrypted data");
    }

    return result;
  }