package org.apache.accumulo.server.security.delegation;

import com.google.common.base.Preconditions;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.concurrent.atomic.AtomicBoolean;
import org.apache.accumulo.fate.zookeeper.ZooUtil;
import org.apache.accumulo.server.zookeeper.ZooReaderWriter;
import org.apache.zookeeper.KeeperException;
import org.apache.zookeeper.data.ACL;
import org.apache.zookeeper.data.Id;
import org.apache.zookeeper.data.Stat;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/accumulo/server/security/delegation/ZooAuthenticationKeyDistributor.class */
public class ZooAuthenticationKeyDistributor {
    private static final Logger log = LoggerFactory.getLogger(ZooAuthenticationKeyDistributor.class);
    private final ZooReaderWriter zk;
    private final String baseNode;
    private AtomicBoolean initialized = new AtomicBoolean(false);

    public ZooAuthenticationKeyDistributor(ZooReaderWriter zooReaderWriter, String str) {
        Objects.requireNonNull(zooReaderWriter);
        Objects.requireNonNull(str);
        this.zk = zooReaderWriter;
        this.baseNode = str;
    }

    public synchronized void initialize() throws KeeperException, InterruptedException {
        if (this.initialized.get()) {
            return;
        }
        if (!this.zk.exists(this.baseNode)) {
            if (!this.zk.putPrivatePersistentData(this.baseNode, new byte[0], ZooUtil.NodeExistsPolicy.FAIL)) {
                throw new AssertionError("Got false from putPrivatePersistentData method");
            }
            this.initialized.set(true);
            return;
        }
        List acl = this.zk.getACL(this.baseNode, new Stat());
        if (1 == acl.size()) {
            ACL acl2 = (ACL) acl.get(0);
            ACL acl3 = (ACL) ZooUtil.PRIVATE.get(0);
            Id id = acl2.getId();
            if (acl2.getPerms() == acl3.getPerms() && id.getScheme().equals("digest") && id.getId().startsWith("accumulo:")) {
                this.initialized.set(true);
                return;
            }
        } else {
            log.error("Saw more than one ACL on the node");
        }
        log.error("Expected {} to have ACLs {} but was {}", new Object[]{this.baseNode, ZooUtil.PRIVATE, acl});
        throw new IllegalStateException("Delegation token secret key node in ZooKeeper is not protected.");
    }

    public List<AuthenticationKey> getCurrentKeys() throws KeeperException, InterruptedException {
        Preconditions.checkState(this.initialized.get(), "Not initialized");
        List children = this.zk.getChildren(this.baseNode);
        if (children.isEmpty()) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList(children.size());
        Iterator it = children.iterator();
        while (it.hasNext()) {
            byte[] data = this.zk.getData(qualifyPath((String) it.next()), null);
            if (null != data) {
                AuthenticationKey authenticationKey = new AuthenticationKey();
                try {
                    authenticationKey.readFields(new DataInputStream(new ByteArrayInputStream(data)));
                    arrayList.add(authenticationKey);
                } catch (IOException e) {
                    throw new AssertionError("Error reading from in-memory buffer which should not happen", e);
                }
            }
        }
        return arrayList;
    }

    public synchronized void advertise(AuthenticationKey authenticationKey) throws KeeperException, InterruptedException {
        Preconditions.checkState(this.initialized.get(), "Not initialized");
        Objects.requireNonNull(authenticationKey);
        String qualifyPath = qualifyPath(authenticationKey);
        if (this.zk.exists(qualifyPath)) {
            log.warn("AuthenticationKey with ID '{}' already exists in ZooKeeper", Integer.valueOf(authenticationKey.getKeyId()));
            return;
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(4096);
        try {
            authenticationKey.write(new DataOutputStream(byteArrayOutputStream));
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            log.debug("Advertising AuthenticationKey with keyId {} in ZooKeeper at {}", Integer.valueOf(authenticationKey.getKeyId()), qualifyPath);
            this.zk.putPrivatePersistentData(qualifyPath, byteArray, ZooUtil.NodeExistsPolicy.FAIL);
        } catch (IOException e) {
            throw new AssertionError("Should not get exception writing to in-memory buffer", e);
        }
    }

    public synchronized void remove(AuthenticationKey authenticationKey) throws KeeperException, InterruptedException {
        Preconditions.checkState(this.initialized.get(), "Not initialized");
        Objects.requireNonNull(authenticationKey);
        String qualifyPath = qualifyPath(authenticationKey);
        if (!this.zk.exists(qualifyPath)) {
            log.warn("AuthenticationKey with ID '{}' doesn't exist in ZooKeeper", Integer.valueOf(authenticationKey.getKeyId()));
        } else {
            log.debug("Removing AuthenticationKey with keyId {} from ZooKeeper at {}", Integer.valueOf(authenticationKey.getKeyId()), qualifyPath);
            this.zk.delete(qualifyPath, -1);
        }
    }

    String qualifyPath(String str) {
        return this.baseNode + "/" + str;
    }

    String qualifyPath(AuthenticationKey authenticationKey) {
        return qualifyPath(Integer.toString(authenticationKey.getKeyId()));
    }
}
