package co.cask.cdap.security.auth;

import co.cask.cdap.common.conf.CConfiguration;
import co.cask.cdap.common.io.Codec;
import com.google.common.base.Preconditions;
import com.google.common.io.Files;
import java.io.File;
import java.io.IOException;

/* loaded from: input_file:co/cask/cdap/security/auth/FileBasedKeyManager.class */
public class FileBasedKeyManager extends MapBackedKeyManager {
    private final String keyFilePath;
    private final Codec<KeyIdentifier> keyIdentifierCodec;

    public FileBasedKeyManager(CConfiguration cConfiguration, Codec<KeyIdentifier> codec) {
        super(cConfiguration);
        this.keyFilePath = cConfiguration.get("security.data.keyfile.path");
        this.keyIdentifierCodec = codec;
    }

    @Override // co.cask.cdap.security.auth.AbstractKeyManager
    public void doInit() throws IOException {
        File file = new File(this.keyFilePath);
        String parent = file.getParent();
        File file2 = new File(parent);
        if (!file2.exists() && !file2.mkdir()) {
            throw new IOException("Failed to create directory " + parent + " for keyfile storage.");
        }
        Preconditions.checkState(file2.isDirectory(), "Configured keyFile directory " + parent + " is not a directory!");
        Preconditions.checkState(file2.canRead(), "Configured keyFile directory " + parent + " exists but is not readable!");
        if (file.exists()) {
            KeyIdentifier keyIdentifier = (KeyIdentifier) this.keyIdentifierCodec.decode(Files.toByteArray(file));
            this.currentKey = keyIdentifier;
            this.allKeys.put(Integer.valueOf(keyIdentifier.getKeyId()), keyIdentifier);
        } else {
            Preconditions.checkState(file2.canWrite(), "Configured keyFile directory " + parent + " exists but is not writable!");
            generateKey();
            file.createNewFile();
            Files.write(this.keyIdentifierCodec.encode(this.currentKey), file);
        }
    }

    public void shutDown() {
    }
}
