package org.apache.hadoop.crypto.key;

import java.io.IOException;
import java.net.URI;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.crypto.key.KeyProvider;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.UserGroupInformation;

@InterfaceAudience.Private
/* loaded from: input_file:lib/hadoop-common-2.7.0.jar:org/apache/hadoop/crypto/key/UserProvider.class */
public class UserProvider extends KeyProvider {
    public static final String SCHEME_NAME = "user";
    private final UserGroupInformation user;
    private final Credentials credentials;
    private final Map<String, KeyProvider.Metadata> cache;

    /* loaded from: input_file:lib/hadoop-common-2.7.0.jar:org/apache/hadoop/crypto/key/UserProvider$Factory.class */
    public static class Factory extends KeyProviderFactory {
        @Override // org.apache.hadoop.crypto.key.KeyProviderFactory
        public KeyProvider createProvider(URI uri, Configuration configuration) throws IOException {
            if ("user".equals(uri.getScheme())) {
                return new UserProvider(configuration);
            }
            return null;
        }
    }

    private UserProvider(Configuration configuration) throws IOException {
        super(configuration);
        this.cache = new HashMap();
        this.user = UserGroupInformation.getCurrentUser();
        this.credentials = this.user.getCredentials();
    }

    @Override // org.apache.hadoop.crypto.key.KeyProvider
    public boolean isTransient() {
        return true;
    }

    @Override // org.apache.hadoop.crypto.key.KeyProvider
    public synchronized KeyProvider.KeyVersion getKeyVersion(String str) throws IOException {
        byte[] secretKey = this.credentials.getSecretKey(new Text(str));
        if (secretKey == null) {
            return null;
        }
        return new KeyProvider.KeyVersion(getBaseName(str), str, secretKey);
    }

    @Override // org.apache.hadoop.crypto.key.KeyProvider
    public synchronized KeyProvider.Metadata getMetadata(String str) throws IOException {
        if (this.cache.containsKey(str)) {
            return this.cache.get(str);
        }
        byte[] secretKey = this.credentials.getSecretKey(new Text(str));
        if (secretKey == null) {
            return null;
        }
        KeyProvider.Metadata metadata = new KeyProvider.Metadata(secretKey);
        this.cache.put(str, metadata);
        return metadata;
    }

    @Override // org.apache.hadoop.crypto.key.KeyProvider
    public synchronized KeyProvider.KeyVersion createKey(String str, byte[] bArr, KeyProvider.Options options) throws IOException {
        Text text = new Text(str);
        if (this.credentials.getSecretKey(text) != null) {
            throw new IOException("Key " + str + " already exists in " + this);
        }
        if (options.getBitLength() != 8 * bArr.length) {
            throw new IOException("Wrong key length. Required " + options.getBitLength() + ", but got " + (8 * bArr.length));
        }
        KeyProvider.Metadata metadata = new KeyProvider.Metadata(options.getCipher(), options.getBitLength(), options.getDescription(), options.getAttributes(), new Date(), 1);
        this.cache.put(str, metadata);
        String buildVersionName = buildVersionName(str, 0);
        this.credentials.addSecretKey(text, metadata.serialize());
        this.credentials.addSecretKey(new Text(buildVersionName), bArr);
        return new KeyProvider.KeyVersion(str, buildVersionName, bArr);
    }

    @Override // org.apache.hadoop.crypto.key.KeyProvider
    public synchronized void deleteKey(String str) throws IOException {
        KeyProvider.Metadata metadata = getMetadata(str);
        if (metadata == null) {
            throw new IOException("Key " + str + " does not exist in " + this);
        }
        for (int i = 0; i < metadata.getVersions(); i++) {
            this.credentials.removeSecretKey(new Text(buildVersionName(str, i)));
        }
        this.credentials.removeSecretKey(new Text(str));
        this.cache.remove(str);
    }

    @Override // org.apache.hadoop.crypto.key.KeyProvider
    public synchronized KeyProvider.KeyVersion rollNewVersion(String str, byte[] bArr) throws IOException {
        KeyProvider.Metadata metadata = getMetadata(str);
        if (metadata == null) {
            throw new IOException("Key " + str + " not found");
        }
        if (metadata.getBitLength() != 8 * bArr.length) {
            throw new IOException("Wrong key length. Required " + metadata.getBitLength() + ", but got " + (8 * bArr.length));
        }
        int addVersion = metadata.addVersion();
        this.credentials.addSecretKey(new Text(str), metadata.serialize());
        String buildVersionName = buildVersionName(str, addVersion);
        this.credentials.addSecretKey(new Text(buildVersionName), bArr);
        return new KeyProvider.KeyVersion(str, buildVersionName, bArr);
    }

    public String toString() {
        return "user:///";
    }

    @Override // org.apache.hadoop.crypto.key.KeyProvider
    public synchronized void flush() {
        this.user.addCredentials(this.credentials);
    }

    @Override // org.apache.hadoop.crypto.key.KeyProvider
    public synchronized List<String> getKeys() throws IOException {
        ArrayList arrayList = new ArrayList();
        for (Text text : this.credentials.getAllSecretKeys()) {
            if (text.find("@") == -1) {
                arrayList.add(text.toString());
            }
        }
        return arrayList;
    }

    @Override // org.apache.hadoop.crypto.key.KeyProvider
    public synchronized List<KeyProvider.KeyVersion> getKeyVersions(String str) throws IOException {
        ArrayList arrayList = new ArrayList();
        KeyProvider.Metadata metadata = getMetadata(str);
        if (metadata != null) {
            int versions = metadata.getVersions();
            for (int i = 0; i < versions; i++) {
                KeyProvider.KeyVersion keyVersion = getKeyVersion(buildVersionName(str, i));
                if (keyVersion != null) {
                    arrayList.add(keyVersion);
                }
            }
        }
        return arrayList;
    }
}
