package org.apache.accumulo.server.security.delegation;

import com.google.common.annotations.VisibleForTesting;
import java.util.List;
import org.apache.accumulo.core.util.Daemon;
import org.apache.zookeeper.KeeperException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/accumulo/server/security/delegation/AuthenticationTokenKeyManager.class */
public class AuthenticationTokenKeyManager extends Daemon {
    private static final Logger log = LoggerFactory.getLogger(AuthenticationTokenKeyManager.class);
    private final AuthenticationTokenSecretManager secretManager;
    private final ZooAuthenticationKeyDistributor keyDistributor;
    private long lastKeyUpdate;
    private long keyUpdateInterval;
    private long tokenMaxLifetime;
    private int idSeq;
    private volatile boolean keepRunning;
    private volatile boolean initialized;

    public AuthenticationTokenKeyManager(AuthenticationTokenSecretManager authenticationTokenSecretManager, ZooAuthenticationKeyDistributor zooAuthenticationKeyDistributor, long j, long j2) {
        super("Delegation Token Key Manager");
        this.lastKeyUpdate = 0L;
        this.idSeq = 0;
        this.keepRunning = true;
        this.initialized = false;
        this.secretManager = authenticationTokenSecretManager;
        this.keyDistributor = zooAuthenticationKeyDistributor;
        this.keyUpdateInterval = j;
        this.tokenMaxLifetime = j2;
    }

    @VisibleForTesting
    void setKeepRunning(boolean z) {
        this.keepRunning = z;
    }

    public boolean isInitialized() {
        return this.initialized;
    }

    public void gracefulStop() {
        this.keepRunning = false;
    }

    public void run() {
        updateStateFromCurrentKeys();
        this.initialized = true;
        while (this.keepRunning) {
            _run(System.currentTimeMillis());
            try {
                Thread.sleep(5000L);
            } catch (InterruptedException e) {
                log.debug("Interrupted waiting for next update", e);
            }
        }
    }

    @VisibleForTesting
    void updateStateFromCurrentKeys() {
        try {
            List<AuthenticationKey> currentKeys = this.keyDistributor.getCurrentKeys();
            if (!currentKeys.isEmpty()) {
                for (AuthenticationKey authenticationKey : currentKeys) {
                    if (authenticationKey.getKeyId() > this.idSeq) {
                        this.idSeq = authenticationKey.getKeyId();
                    }
                    this.secretManager.addKey(authenticationKey);
                }
                log.info("Added {} existing AuthenticationKeys into the local cache from ZooKeeper", Integer.valueOf(currentKeys.size()));
                AuthenticationKey currentKey = this.secretManager.getCurrentKey();
                if (null != currentKey) {
                    log.info("Updating last key update to {} from current secret manager key", Long.valueOf(currentKey.getCreationDate()));
                    this.lastKeyUpdate = currentKey.getCreationDate();
                }
            }
        } catch (KeeperException | InterruptedException e) {
            log.warn("Failed to fetch existing AuthenticationKeys from ZooKeeper");
        }
    }

    @VisibleForTesting
    long getLastKeyUpdate() {
        return this.lastKeyUpdate;
    }

    @VisibleForTesting
    int getIdSeq() {
        return this.idSeq;
    }

    void _run(long j) {
        int removeExpiredKeys = this.secretManager.removeExpiredKeys(this.keyDistributor);
        if (removeExpiredKeys > 0) {
            log.debug("Removed {} expired keys from the local cache", Integer.valueOf(removeExpiredKeys));
        }
        if (this.lastKeyUpdate + this.keyUpdateInterval < j) {
            log.debug("Key update interval passed, creating new authentication key");
            int i = this.idSeq + 1;
            this.idSeq = i;
            AuthenticationKey authenticationKey = new AuthenticationKey(i, j, j + this.tokenMaxLifetime, this.secretManager.generateSecret());
            log.debug("Created new {}", authenticationKey);
            this.secretManager.addKey(authenticationKey);
            try {
                this.keyDistributor.advertise(authenticationKey);
                this.lastKeyUpdate = j;
            } catch (KeeperException | InterruptedException e) {
                log.error("Failed to advertise AuthenticationKey in ZooKeeper. Exiting.", e);
                throw new RuntimeException((Throwable) e);
            }
        }
    }
}
