package org.apache.hadoop.hdfs.security.token.delegation;

import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.InterruptedIOException;
import java.util.Iterator;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.hdfs.server.namenode.FSNamesystem;
import org.apache.hadoop.hdfs.server.namenode.NameNode;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager;
import org.apache.hadoop.security.token.delegation.DelegationKey;

@InterfaceAudience.Private
/* loaded from: input_file:lib/hadoop-hdfs-0.23.10.jar:org/apache/hadoop/hdfs/security/token/delegation/DelegationTokenSecretManager.class */
public class DelegationTokenSecretManager extends AbstractDelegationTokenSecretManager<DelegationTokenIdentifier> {
    private static final Log LOG = LogFactory.getLog(DelegationTokenSecretManager.class);
    private final FSNamesystem namesystem;

    public DelegationTokenSecretManager(long j, long j2, long j3, long j4, FSNamesystem fSNamesystem) {
        super(j, j2, j3, j4);
        this.namesystem = fSNamesystem;
    }

    @Override // org.apache.hadoop.security.token.SecretManager
    public DelegationTokenIdentifier createIdentifier() {
        return new DelegationTokenIdentifier();
    }

    public synchronized long getTokenExpiryTime(DelegationTokenIdentifier delegationTokenIdentifier) throws IOException {
        AbstractDelegationTokenSecretManager.DelegationTokenInformation delegationTokenInformation = this.currentTokens.get(delegationTokenIdentifier);
        if (delegationTokenInformation != null) {
            return delegationTokenInformation.getRenewDate();
        }
        throw new IOException("No delegation token found for this identifier");
    }

    public synchronized void loadSecretManagerState(DataInputStream dataInputStream) throws IOException {
        if (this.running) {
            throw new IOException("Can't load state from image in a running SecretManager.");
        }
        this.currentId = dataInputStream.readInt();
        loadAllKeys(dataInputStream);
        this.delegationTokenSequenceNumber = dataInputStream.readInt();
        loadCurrentTokens(dataInputStream);
    }

    public synchronized void saveSecretManagerState(DataOutputStream dataOutputStream) throws IOException {
        dataOutputStream.writeInt(this.currentId);
        saveAllKeys(dataOutputStream);
        dataOutputStream.writeInt(this.delegationTokenSequenceNumber);
        saveCurrentTokens(dataOutputStream);
    }

    public synchronized void addPersistedDelegationToken(DelegationTokenIdentifier delegationTokenIdentifier, long j) throws IOException {
        if (this.running) {
            throw new IOException("Can't add persisted delegation token to a running SecretManager.");
        }
        DelegationKey delegationKey = this.allKeys.get(Integer.valueOf(delegationTokenIdentifier.getMasterKeyId()));
        if (delegationKey == null) {
            LOG.warn("No KEY found for persisted identifier " + delegationTokenIdentifier.toString());
            return;
        }
        byte[] createPassword = createPassword(delegationTokenIdentifier.getBytes(), delegationKey.getKey());
        if (delegationTokenIdentifier.getSequenceNumber() > this.delegationTokenSequenceNumber) {
            this.delegationTokenSequenceNumber = delegationTokenIdentifier.getSequenceNumber();
        }
        if (this.currentTokens.get(delegationTokenIdentifier) != null) {
            throw new IOException("Same delegation token being added twice; invalid entry in fsimage or editlogs");
        }
        this.currentTokens.put(delegationTokenIdentifier, new AbstractDelegationTokenSecretManager.DelegationTokenInformation(j, createPassword));
    }

    public synchronized void updatePersistedMasterKey(DelegationKey delegationKey) throws IOException {
        addKey(delegationKey);
    }

    public synchronized void updatePersistedTokenRenewal(DelegationTokenIdentifier delegationTokenIdentifier, long j) throws IOException {
        if (this.running) {
            throw new IOException("Can't update persisted delegation token renewal to a running SecretManager.");
        }
        if (this.currentTokens.get(delegationTokenIdentifier) != null) {
            this.currentTokens.put(delegationTokenIdentifier, new AbstractDelegationTokenSecretManager.DelegationTokenInformation(j, createPassword(delegationTokenIdentifier.getBytes(), this.allKeys.get(Integer.valueOf(delegationTokenIdentifier.getMasterKeyId())).getKey())));
        }
    }

    public synchronized void updatePersistedTokenCancellation(DelegationTokenIdentifier delegationTokenIdentifier) throws IOException {
        if (this.running) {
            throw new IOException("Can't update persisted delegation token renewal to a running SecretManager.");
        }
        this.currentTokens.remove(delegationTokenIdentifier);
    }

    public synchronized int getNumberOfKeys() {
        return this.allKeys.size();
    }

    private synchronized void saveCurrentTokens(DataOutputStream dataOutputStream) throws IOException {
        dataOutputStream.writeInt(this.currentTokens.size());
        for (DelegationTokenIdentifier delegationTokenIdentifier : this.currentTokens.keySet()) {
            delegationTokenIdentifier.write(dataOutputStream);
            dataOutputStream.writeLong(this.currentTokens.get(delegationTokenIdentifier).getRenewDate());
        }
    }

    private synchronized void saveAllKeys(DataOutputStream dataOutputStream) throws IOException {
        dataOutputStream.writeInt(this.allKeys.size());
        Iterator<Integer> it = this.allKeys.keySet().iterator();
        while (it.hasNext()) {
            this.allKeys.get(it.next()).write(dataOutputStream);
        }
    }

    private synchronized void loadCurrentTokens(DataInputStream dataInputStream) throws IOException {
        int readInt = dataInputStream.readInt();
        for (int i = 0; i < readInt; i++) {
            DelegationTokenIdentifier delegationTokenIdentifier = new DelegationTokenIdentifier();
            delegationTokenIdentifier.readFields(dataInputStream);
            addPersistedDelegationToken(delegationTokenIdentifier, dataInputStream.readLong());
        }
    }

    private synchronized void loadAllKeys(DataInputStream dataInputStream) throws IOException {
        int readInt = dataInputStream.readInt();
        for (int i = 0; i < readInt; i++) {
            DelegationKey delegationKey = new DelegationKey();
            delegationKey.readFields(dataInputStream);
            addKey(delegationKey);
        }
    }

    @Override // org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager
    protected void logUpdateMasterKey(DelegationKey delegationKey) throws IOException {
        synchronized (this.noInterruptsLock) {
            if (Thread.interrupted()) {
                throw new InterruptedIOException("Interrupted before updating master key");
            }
            this.namesystem.logUpdateMasterKey(delegationKey);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager
    public void logExpireToken(DelegationTokenIdentifier delegationTokenIdentifier) throws IOException {
        synchronized (this.noInterruptsLock) {
            if (Thread.interrupted()) {
                throw new InterruptedIOException("Interrupted before expiring delegation token");
            }
            this.namesystem.logExpireDelegationToken(delegationTokenIdentifier);
        }
    }

    public static Credentials createCredentials(NameNode nameNode, UserGroupInformation userGroupInformation, String str) throws IOException {
        Token<DelegationTokenIdentifier> delegationToken = nameNode.getRpcServer().getDelegationToken(new Text(str));
        if (delegationToken == null) {
            throw new IOException("Failed to get the token for " + str + ", user=" + userGroupInformation.getShortUserName());
        }
        SecurityUtil.setTokenService(delegationToken, nameNode.getNameNodeAddress());
        Credentials credentials = new Credentials();
        credentials.addToken(new Text(userGroupInformation.getShortUserName()), delegationToken);
        return credentials;
    }
}
