package net.snowflake.ingest.internal.apache.hadoop.security.token.delegation;

import java.io.ByteArrayInputStream;
import java.io.DataInput;
import java.io.DataInputStream;
import java.io.DataOutput;
import java.io.IOException;
import java.security.MessageDigest;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import javax.crypto.SecretKey;
import net.snowflake.ingest.internal.apache.commons.configuration2.tree.DefaultExpressionEngineSymbols;
import net.snowflake.ingest.internal.apache.hadoop.classification.InterfaceAudience;
import net.snowflake.ingest.internal.apache.hadoop.classification.InterfaceStability;
import net.snowflake.ingest.internal.apache.hadoop.fs.statistics.DurationTracker;
import net.snowflake.ingest.internal.apache.hadoop.fs.statistics.DurationTrackerFactory;
import net.snowflake.ingest.internal.apache.hadoop.fs.statistics.impl.IOStatisticsBinding;
import net.snowflake.ingest.internal.apache.hadoop.fs.statistics.impl.IOStatisticsStore;
import net.snowflake.ingest.internal.apache.hadoop.io.Text;
import net.snowflake.ingest.internal.apache.hadoop.io.Writable;
import net.snowflake.ingest.internal.apache.hadoop.io.WritableUtils;
import net.snowflake.ingest.internal.apache.hadoop.metrics2.MetricsSystem;
import net.snowflake.ingest.internal.apache.hadoop.metrics2.annotation.Metric;
import net.snowflake.ingest.internal.apache.hadoop.metrics2.annotation.Metrics;
import net.snowflake.ingest.internal.apache.hadoop.metrics2.lib.DefaultMetricsSystem;
import net.snowflake.ingest.internal.apache.hadoop.metrics2.lib.MetricsRegistry;
import net.snowflake.ingest.internal.apache.hadoop.metrics2.lib.MutableCounterLong;
import net.snowflake.ingest.internal.apache.hadoop.metrics2.lib.MutableRate;
import net.snowflake.ingest.internal.apache.hadoop.security.AccessControlException;
import net.snowflake.ingest.internal.apache.hadoop.security.HadoopKerberosName;
import net.snowflake.ingest.internal.apache.hadoop.security.token.SecretManager;
import net.snowflake.ingest.internal.apache.hadoop.security.token.Token;
import net.snowflake.ingest.internal.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier;
import net.snowflake.ingest.internal.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator;
import net.snowflake.ingest.internal.apache.hadoop.thirdparty.com.google.common.base.Preconditions;
import net.snowflake.ingest.internal.apache.hadoop.util.Daemon;
import net.snowflake.ingest.internal.apache.hadoop.util.Time;
import net.snowflake.ingest.internal.apache.hadoop.util.functional.InvocationRaisingIOE;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@InterfaceAudience.Public
@InterfaceStability.Evolving
/* loaded from: input_file:net/snowflake/ingest/internal/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager.class */
public abstract class AbstractDelegationTokenSecretManager<TokenIdent extends AbstractDelegationTokenIdentifier> extends SecretManager<TokenIdent> {
    private static final Logger LOG;
    private static final DelegationTokenSecretManagerMetrics METRICS;
    private DelegationKey currentKey;
    private long keyUpdateInterval;
    private long tokenMaxLifetime;
    private long tokenRemoverScanInterval;
    private long tokenRenewInterval;
    private Thread tokenRemoverThread;
    protected volatile boolean running;
    static final /* synthetic */ boolean $assertionsDisabled;
    protected final Map<TokenIdent, DelegationTokenInformation> currentTokens = new ConcurrentHashMap();
    protected int delegationTokenSequenceNumber = 0;
    protected final Map<Integer, DelegationKey> allKeys = new ConcurrentHashMap();
    protected int currentId = 0;
    protected Object noInterruptsLock = new Object();
    protected boolean storeTokenTrackingId = false;

    @InterfaceStability.Evolving
    /* loaded from: input_file:net/snowflake/ingest/internal/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager$DelegationTokenInformation.class */
    public static class DelegationTokenInformation implements Writable {
        long renewDate;
        byte[] password;
        String trackingId;

        public DelegationTokenInformation() {
            this(0L, null);
        }

        public DelegationTokenInformation(long j, byte[] bArr) {
            this(j, bArr, null);
        }

        public DelegationTokenInformation(long j, byte[] bArr, String str) {
            this.renewDate = j;
            this.password = bArr;
            this.trackingId = str;
        }

        public long getRenewDate() {
            return this.renewDate;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public byte[] getPassword() {
            return this.password;
        }

        public String getTrackingId() {
            return this.trackingId;
        }

        @Override // net.snowflake.ingest.internal.apache.hadoop.io.Writable
        public void write(DataOutput dataOutput) throws IOException {
            WritableUtils.writeVLong(dataOutput, this.renewDate);
            if (this.password == null) {
                WritableUtils.writeVInt(dataOutput, -1);
            } else {
                WritableUtils.writeVInt(dataOutput, this.password.length);
                dataOutput.write(this.password);
            }
            WritableUtils.writeString(dataOutput, this.trackingId);
        }

        @Override // net.snowflake.ingest.internal.apache.hadoop.io.Writable
        public void readFields(DataInput dataInput) throws IOException {
            this.renewDate = WritableUtils.readVLong(dataInput);
            int readVInt = WritableUtils.readVInt(dataInput);
            if (readVInt > -1) {
                this.password = new byte[readVInt];
                dataInput.readFully(this.password);
            }
            this.trackingId = WritableUtils.readString(dataInput);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Metrics(about = "Delegation token secret manager metrics", context = DelegationTokenAuthenticator.TOKEN_PARAM)
    /* loaded from: input_file:net/snowflake/ingest/internal/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager$DelegationTokenSecretManagerMetrics.class */
    public static class DelegationTokenSecretManagerMetrics implements DurationTrackerFactory {
        private static final Logger LOG = LoggerFactory.getLogger(DelegationTokenSecretManagerMetrics.class);
        static final String STORE_TOKEN_STAT = "storeToken";
        static final String UPDATE_TOKEN_STAT = "updateToken";
        static final String REMOVE_TOKEN_STAT = "removeToken";
        static final String TOKEN_FAILURE_STAT = "tokenFailure";

        @Metric({"Rate of storage of delegation tokens and latency (milliseconds)"})
        private MutableRate storeToken;

        @Metric({"Rate of update of delegation tokens and latency (milliseconds)"})
        private MutableRate updateToken;

        @Metric({"Rate of removal of delegation tokens and latency (milliseconds)"})
        private MutableRate removeToken;

        @Metric({"Counter of delegation tokens operation failures"})
        private MutableCounterLong tokenFailure;
        private final IOStatisticsStore ioStatistics = IOStatisticsBinding.iostatisticsStore().withDurationTracking(STORE_TOKEN_STAT, UPDATE_TOKEN_STAT, REMOVE_TOKEN_STAT).withCounters(TOKEN_FAILURE_STAT).build();
        private final MetricsRegistry registry = new MetricsRegistry("DelegationTokenSecretManagerMetrics");

        static DelegationTokenSecretManagerMetrics create() {
            return (DelegationTokenSecretManagerMetrics) DefaultMetricsSystem.instance().register((MetricsSystem) new DelegationTokenSecretManagerMetrics());
        }

        DelegationTokenSecretManagerMetrics() {
            LOG.debug("Initialized {}", this.registry);
        }

        public void trackStoreToken(InvocationRaisingIOE invocationRaisingIOE) throws IOException {
            trackInvocation(invocationRaisingIOE, STORE_TOKEN_STAT, this.storeToken);
        }

        public void trackUpdateToken(InvocationRaisingIOE invocationRaisingIOE) throws IOException {
            trackInvocation(invocationRaisingIOE, UPDATE_TOKEN_STAT, this.updateToken);
        }

        public void trackRemoveToken(InvocationRaisingIOE invocationRaisingIOE) throws IOException {
            trackInvocation(invocationRaisingIOE, REMOVE_TOKEN_STAT, this.removeToken);
        }

        public void trackInvocation(InvocationRaisingIOE invocationRaisingIOE, String str, MutableRate mutableRate) throws IOException {
            try {
                long monotonicNow = Time.monotonicNow();
                IOStatisticsBinding.trackDurationOfInvocation(this, str, invocationRaisingIOE);
                mutableRate.add(Time.monotonicNow() - monotonicNow);
            } catch (Exception e) {
                this.tokenFailure.incr();
                throw e;
            }
        }

        @Override // net.snowflake.ingest.internal.apache.hadoop.fs.statistics.DurationTrackerFactory
        public DurationTracker trackDuration(String str, long j) {
            return this.ioStatistics.trackDuration(str, j);
        }

        protected MutableRate getStoreToken() {
            return this.storeToken;
        }

        protected MutableRate getUpdateToken() {
            return this.updateToken;
        }

        protected MutableRate getRemoveToken() {
            return this.removeToken;
        }

        protected MutableCounterLong getTokenFailure() {
            return this.tokenFailure;
        }

        protected IOStatisticsStore getIoStatistics() {
            return this.ioStatistics;
        }
    }

    /* loaded from: input_file:net/snowflake/ingest/internal/apache/hadoop/security/token/delegation/AbstractDelegationTokenSecretManager$ExpiredTokenRemover.class */
    private class ExpiredTokenRemover extends Thread {
        private long lastMasterKeyUpdate;
        private long lastTokenCacheCleanup;

        private ExpiredTokenRemover() {
        }

        @Override // java.lang.Thread, java.lang.Runnable
        public void run() {
            AbstractDelegationTokenSecretManager.LOG.info("Starting expired delegation token remover thread, tokenRemoverScanInterval=" + (AbstractDelegationTokenSecretManager.this.tokenRemoverScanInterval / 60000) + " min(s)");
            while (AbstractDelegationTokenSecretManager.this.running) {
                try {
                    long now = Time.now();
                    if (this.lastMasterKeyUpdate + AbstractDelegationTokenSecretManager.this.keyUpdateInterval < now) {
                        try {
                            AbstractDelegationTokenSecretManager.this.rollMasterKey();
                            this.lastMasterKeyUpdate = now;
                        } catch (IOException e) {
                            AbstractDelegationTokenSecretManager.LOG.error("Master key updating failed: ", e);
                        }
                    }
                    if (this.lastTokenCacheCleanup + AbstractDelegationTokenSecretManager.this.tokenRemoverScanInterval < now) {
                        AbstractDelegationTokenSecretManager.this.removeExpiredToken();
                        this.lastTokenCacheCleanup = now;
                    }
                    try {
                        Thread.sleep(Math.min(5000L, AbstractDelegationTokenSecretManager.this.keyUpdateInterval));
                    } catch (InterruptedException e2) {
                        AbstractDelegationTokenSecretManager.LOG.error("ExpiredTokenRemover received " + e2);
                    }
                } catch (Throwable th) {
                    AbstractDelegationTokenSecretManager.LOG.error("ExpiredTokenRemover thread received unexpected exception", th);
                    Runtime.getRuntime().exit(-1);
                    return;
                }
            }
        }
    }

    private String formatTokenId(TokenIdent tokenident) {
        return DefaultExpressionEngineSymbols.DEFAULT_INDEX_START + tokenident + DefaultExpressionEngineSymbols.DEFAULT_INDEX_END;
    }

    public AbstractDelegationTokenSecretManager(long j, long j2, long j3, long j4) {
        this.keyUpdateInterval = j;
        this.tokenMaxLifetime = j2;
        this.tokenRenewInterval = j3;
        this.tokenRemoverScanInterval = j4;
    }

    public void startThreads() throws IOException {
        Preconditions.checkState(!this.running);
        updateCurrentKey();
        synchronized (this) {
            this.running = true;
            this.tokenRemoverThread = new Daemon(new ExpiredTokenRemover());
            this.tokenRemoverThread.start();
        }
    }

    public synchronized void reset() {
        setCurrentKeyId(0);
        this.allKeys.clear();
        setDelegationTokenSeqNum(0);
        this.currentTokens.clear();
    }

    public long getCurrentTokensSize() {
        return this.currentTokens.size();
    }

    public synchronized void addKey(DelegationKey delegationKey) throws IOException {
        if (this.running) {
            throw new IOException("Can't add delegation key to a running SecretManager.");
        }
        if (delegationKey.getKeyId() > getCurrentKeyId()) {
            setCurrentKeyId(delegationKey.getKeyId());
        }
        this.allKeys.put(Integer.valueOf(delegationKey.getKeyId()), delegationKey);
    }

    public synchronized DelegationKey[] getAllKeys() {
        return (DelegationKey[]) this.allKeys.values().toArray(new DelegationKey[0]);
    }

    protected void logUpdateMasterKey(DelegationKey delegationKey) throws IOException {
    }

    protected void logExpireToken(TokenIdent tokenident) throws IOException {
    }

    protected void storeNewMasterKey(DelegationKey delegationKey) throws IOException {
    }

    protected void removeStoredMasterKey(DelegationKey delegationKey) {
    }

    protected void storeNewToken(TokenIdent tokenident, long j) throws IOException {
    }

    protected void removeStoredToken(TokenIdent tokenident) throws IOException {
    }

    protected void updateStoredToken(TokenIdent tokenident, long j) throws IOException {
    }

    protected synchronized int getCurrentKeyId() {
        return this.currentId;
    }

    protected synchronized int incrementCurrentKeyId() {
        int i = this.currentId + 1;
        this.currentId = i;
        return i;
    }

    protected synchronized void setCurrentKeyId(int i) {
        this.currentId = i;
    }

    protected synchronized int getDelegationTokenSeqNum() {
        return this.delegationTokenSequenceNumber;
    }

    protected synchronized int incrementDelegationTokenSeqNum() {
        int i = this.delegationTokenSequenceNumber + 1;
        this.delegationTokenSequenceNumber = i;
        return i;
    }

    protected synchronized void setDelegationTokenSeqNum(int i) {
        this.delegationTokenSequenceNumber = i;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public DelegationKey getDelegationKey(int i) {
        return this.allKeys.get(Integer.valueOf(i));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void storeDelegationKey(DelegationKey delegationKey) throws IOException {
        this.allKeys.put(Integer.valueOf(delegationKey.getKeyId()), delegationKey);
        storeNewMasterKey(delegationKey);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void updateDelegationKey(DelegationKey delegationKey) throws IOException {
        this.allKeys.put(Integer.valueOf(delegationKey.getKeyId()), delegationKey);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public DelegationTokenInformation getTokenInfo(TokenIdent tokenident) {
        return this.currentTokens.get(tokenident);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void storeToken(TokenIdent tokenident, DelegationTokenInformation delegationTokenInformation) throws IOException {
        this.currentTokens.put(tokenident, delegationTokenInformation);
        storeNewToken(tokenident, delegationTokenInformation.getRenewDate());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void updateToken(TokenIdent tokenident, DelegationTokenInformation delegationTokenInformation) throws IOException {
        this.currentTokens.put(tokenident, delegationTokenInformation);
        updateStoredToken(tokenident, delegationTokenInformation.getRenewDate());
    }

    public synchronized void addPersistedDelegationToken(TokenIdent tokenident, long j) throws IOException {
        if (this.running) {
            throw new IOException("Can't add persisted delegation token to a running SecretManager.");
        }
        DelegationKey delegationKey = this.allKeys.get(Integer.valueOf(tokenident.getMasterKeyId()));
        byte[] bArr = null;
        if (delegationKey == null) {
            LOG.warn("No KEY found for persisted identifier, expiring stored token " + formatTokenId(tokenident));
            j = 0;
        } else {
            bArr = createPassword(tokenident.getBytes(), delegationKey.getKey());
        }
        if (tokenident.getSequenceNumber() > getDelegationTokenSeqNum()) {
            setDelegationTokenSeqNum(tokenident.getSequenceNumber());
        }
        if (getTokenInfo(tokenident) != null) {
            throw new IOException("Same delegation token being added twice: " + formatTokenId(tokenident));
        }
        this.currentTokens.put(tokenident, new DelegationTokenInformation(j, bArr, getTrackingIdIfEnabled(tokenident)));
    }

    private void updateCurrentKey() throws IOException {
        int incrementCurrentKeyId;
        LOG.info("Updating the current master key for generating delegation tokens");
        synchronized (this) {
            incrementCurrentKeyId = incrementCurrentKeyId();
        }
        DelegationKey delegationKey = new DelegationKey(incrementCurrentKeyId, System.currentTimeMillis() + this.keyUpdateInterval + this.tokenMaxLifetime, generateSecret());
        logUpdateMasterKey(delegationKey);
        synchronized (this) {
            this.currentKey = delegationKey;
            storeDelegationKey(this.currentKey);
        }
    }

    protected void rollMasterKey() throws IOException {
        synchronized (this) {
            removeExpiredKeys();
            this.currentKey.setExpiryDate(Time.now() + this.tokenMaxLifetime);
            updateDelegationKey(this.currentKey);
        }
        updateCurrentKey();
    }

    private synchronized void removeExpiredKeys() {
        long now = Time.now();
        Iterator<Map.Entry<Integer, DelegationKey>> it = this.allKeys.entrySet().iterator();
        while (it.hasNext()) {
            Map.Entry<Integer, DelegationKey> next = it.next();
            if (next.getValue().getExpiryDate() < now) {
                it.remove();
                if (!next.getValue().equals(this.currentKey)) {
                    removeStoredMasterKey(next.getValue());
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.snowflake.ingest.internal.apache.hadoop.security.token.SecretManager
    public synchronized byte[] createPassword(TokenIdent tokenident) {
        long now = Time.now();
        int incrementDelegationTokenSeqNum = incrementDelegationTokenSeqNum();
        tokenident.setIssueDate(now);
        tokenident.setMaxDate(now + this.tokenMaxLifetime);
        tokenident.setMasterKeyId(this.currentKey.getKeyId());
        tokenident.setSequenceNumber(incrementDelegationTokenSeqNum);
        LOG.info("Creating password for identifier: " + formatTokenId(tokenident) + ", currentKey: " + this.currentKey.getKeyId());
        byte[] createPassword = createPassword(tokenident.getBytes(), this.currentKey.getKey());
        DelegationTokenInformation delegationTokenInformation = new DelegationTokenInformation(now + this.tokenRenewInterval, createPassword, getTrackingIdIfEnabled(tokenident));
        try {
            METRICS.trackStoreToken(() -> {
                storeToken(tokenident, delegationTokenInformation);
            });
        } catch (IOException e) {
            LOG.error("Could not store token " + formatTokenId(tokenident) + "!!", e);
        }
        return createPassword;
    }

    protected DelegationTokenInformation checkToken(TokenIdent tokenident) throws SecretManager.InvalidToken {
        if (!$assertionsDisabled && !Thread.holdsLock(this)) {
            throw new AssertionError();
        }
        DelegationTokenInformation tokenInfo = getTokenInfo(tokenident);
        if (tokenInfo == null) {
            String str = "Token for real user: " + tokenident.getRealUser() + ", can't be found in cache";
            LOG.warn("{}, Token={}", str, formatTokenId(tokenident));
            throw new SecretManager.InvalidToken(str);
        }
        long now = Time.now();
        if (tokenInfo.getRenewDate() >= now) {
            return tokenInfo;
        }
        String str2 = "Token " + tokenident.getRealUser() + " has expired, current time: " + Time.formatTime(now) + " expected renewal time: " + Time.formatTime(tokenInfo.getRenewDate());
        LOG.info("{}, Token={}", str2, formatTokenId(tokenident));
        throw new SecretManager.InvalidToken(str2);
    }

    @Override // net.snowflake.ingest.internal.apache.hadoop.security.token.SecretManager
    public synchronized byte[] retrievePassword(TokenIdent tokenident) throws SecretManager.InvalidToken {
        return checkToken(tokenident).getPassword();
    }

    protected String getTrackingIdIfEnabled(TokenIdent tokenident) {
        if (this.storeTokenTrackingId) {
            return tokenident.getTrackingId();
        }
        return null;
    }

    public synchronized String getTokenTrackingId(TokenIdent tokenident) {
        DelegationTokenInformation tokenInfo = getTokenInfo(tokenident);
        if (tokenInfo == null) {
            return null;
        }
        return tokenInfo.getTrackingId();
    }

    public synchronized void verifyToken(TokenIdent tokenident, byte[] bArr) throws SecretManager.InvalidToken {
        if (!MessageDigest.isEqual(bArr, retrievePassword((AbstractDelegationTokenSecretManager<TokenIdent>) tokenident))) {
            throw new SecretManager.InvalidToken("token " + formatTokenId(tokenident) + " is invalid, password doesn't match");
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public synchronized long renewToken(Token<TokenIdent> token, String str) throws SecretManager.InvalidToken, IOException {
        DataInputStream dataInputStream = new DataInputStream(new ByteArrayInputStream(token.getIdentifier()));
        AbstractDelegationTokenIdentifier abstractDelegationTokenIdentifier = (AbstractDelegationTokenIdentifier) createIdentifier();
        abstractDelegationTokenIdentifier.readFields(dataInputStream);
        LOG.info("Token renewal for identifier: " + formatTokenId(abstractDelegationTokenIdentifier) + "; total currentTokens " + this.currentTokens.size());
        long now = Time.now();
        if (abstractDelegationTokenIdentifier.getMaxDate() < now) {
            throw new SecretManager.InvalidToken(str + " tried to renew an expired token " + formatTokenId(abstractDelegationTokenIdentifier) + " max expiration date: " + Time.formatTime(abstractDelegationTokenIdentifier.getMaxDate()) + " currentTime: " + Time.formatTime(now));
        }
        if (abstractDelegationTokenIdentifier.getRenewer() == null || abstractDelegationTokenIdentifier.getRenewer().toString().isEmpty()) {
            throw new AccessControlException(str + " tried to renew a token " + formatTokenId(abstractDelegationTokenIdentifier) + " without a renewer");
        }
        if (!abstractDelegationTokenIdentifier.getRenewer().toString().equals(str)) {
            throw new AccessControlException(str + " tries to renew a token " + formatTokenId(abstractDelegationTokenIdentifier) + " with non-matching renewer " + abstractDelegationTokenIdentifier.getRenewer());
        }
        DelegationKey delegationKey = getDelegationKey(abstractDelegationTokenIdentifier.getMasterKeyId());
        if (delegationKey == null) {
            throw new SecretManager.InvalidToken("Unable to find master key for keyId=" + abstractDelegationTokenIdentifier.getMasterKeyId() + " from cache. Failed to renew an unexpired token " + formatTokenId(abstractDelegationTokenIdentifier) + " with sequenceNumber=" + abstractDelegationTokenIdentifier.getSequenceNumber());
        }
        byte[] createPassword = createPassword(token.getIdentifier(), delegationKey.getKey());
        if (!MessageDigest.isEqual(createPassword, token.getPassword())) {
            throw new AccessControlException(str + " is trying to renew a token " + formatTokenId(abstractDelegationTokenIdentifier) + " with wrong password");
        }
        long min = Math.min(abstractDelegationTokenIdentifier.getMaxDate(), now + this.tokenRenewInterval);
        DelegationTokenInformation delegationTokenInformation = new DelegationTokenInformation(min, createPassword, getTrackingIdIfEnabled(abstractDelegationTokenIdentifier));
        if (getTokenInfo(abstractDelegationTokenIdentifier) == null) {
            throw new SecretManager.InvalidToken("Renewal request for unknown token " + formatTokenId(abstractDelegationTokenIdentifier));
        }
        METRICS.trackUpdateToken(() -> {
            updateToken(abstractDelegationTokenIdentifier, delegationTokenInformation);
        });
        return min;
    }

    public synchronized TokenIdent cancelToken(Token<TokenIdent> token, String str) throws IOException {
        DataInputStream dataInputStream = new DataInputStream(new ByteArrayInputStream(token.getIdentifier()));
        TokenIdent tokenident = (TokenIdent) createIdentifier();
        tokenident.readFields(dataInputStream);
        LOG.info("Token cancellation requested for identifier: " + formatTokenId(tokenident));
        if (tokenident.getUser() == null) {
            throw new SecretManager.InvalidToken("Token with no owner " + formatTokenId(tokenident));
        }
        String userName = tokenident.getUser().getUserName();
        Text renewer = tokenident.getRenewer();
        String shortName = new HadoopKerberosName(str).getShortName();
        if (!str.equals(userName) && (renewer == null || renewer.toString().isEmpty() || !shortName.equals(renewer.toString()))) {
            throw new AccessControlException(str + " is not authorized to cancel the token " + formatTokenId(tokenident));
        }
        if (this.currentTokens.remove(tokenident) == null) {
            throw new SecretManager.InvalidToken("Token not found " + formatTokenId(tokenident));
        }
        METRICS.trackRemoveToken(() -> {
            removeStoredToken(tokenident);
        });
        return tokenident;
    }

    public static SecretKey createSecretKey(byte[] bArr) {
        return SecretManager.createSecretKey(bArr);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void removeExpiredToken() throws IOException {
        long now = Time.now();
        HashSet hashSet = new HashSet();
        synchronized (this) {
            Iterator<Map.Entry<TokenIdent, DelegationTokenInformation>> it = this.currentTokens.entrySet().iterator();
            while (it.hasNext()) {
                Map.Entry<TokenIdent, DelegationTokenInformation> next = it.next();
                if (next.getValue().getRenewDate() < now) {
                    hashSet.add(next.getKey());
                    it.remove();
                }
            }
        }
        logExpireTokens(hashSet);
    }

    protected void logExpireTokens(Collection<TokenIdent> collection) throws IOException {
        for (TokenIdent tokenident : collection) {
            logExpireToken(tokenident);
            LOG.info("Removing expired token " + formatTokenId(tokenident));
            removeStoredToken(tokenident);
        }
    }

    public void stopThreads() {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Stopping expired delegation token remover thread");
        }
        this.running = false;
        if (this.tokenRemoverThread != null) {
            synchronized (this.noInterruptsLock) {
                this.tokenRemoverThread.interrupt();
            }
            try {
                this.tokenRemoverThread.join();
            } catch (InterruptedException e) {
                throw new RuntimeException("Unable to join on token removal thread", e);
            }
        }
    }

    public synchronized boolean isRunning() {
        return this.running;
    }

    public TokenIdent decodeTokenIdentifier(Token<TokenIdent> token) throws IOException {
        return token.decodeIdentifier();
    }

    protected DelegationTokenSecretManagerMetrics getMetrics() {
        return METRICS;
    }

    static {
        $assertionsDisabled = !AbstractDelegationTokenSecretManager.class.desiredAssertionStatus();
        LOG = LoggerFactory.getLogger(AbstractDelegationTokenSecretManager.class);
        METRICS = DelegationTokenSecretManagerMetrics.create();
    }
}
