package org.apache.hadoop.security.token.delegation;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.TimeUnit;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import org.apache.commons.configuration.tree.DefaultExpressionEngine;
import org.apache.curator.ensemble.fixed.FixedEnsembleProvider;
import org.apache.curator.framework.CuratorFramework;
import org.apache.curator.framework.CuratorFrameworkFactory;
import org.apache.curator.framework.api.ACLProvider;
import org.apache.curator.framework.imps.DefaultACLProvider;
import org.apache.curator.framework.recipes.cache.ChildData;
import org.apache.curator.framework.recipes.cache.PathChildrenCache;
import org.apache.curator.framework.recipes.cache.PathChildrenCacheEvent;
import org.apache.curator.framework.recipes.cache.PathChildrenCacheListener;
import org.apache.curator.framework.recipes.shared.SharedCount;
import org.apache.curator.framework.recipes.shared.VersionedValue;
import org.apache.curator.retry.RetryNTimes;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.classification.InterfaceStability;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier;
import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager;
import org.apache.hadoop.security.token.delegation.web.DelegationTokenManager;
import org.apache.zookeeper.CreateMode;
import org.apache.zookeeper.KeeperException;
import org.apache.zookeeper.client.ZooKeeperSaslClient;
import org.apache.zookeeper.data.ACL;
import org.apache.zookeeper.data.Id;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@InterfaceAudience.Private
/* loaded from: input_file:lib/hadoop-common-2.7.4.jar:org/apache/hadoop/security/token/delegation/ZKDelegationTokenSecretManager.class */
public abstract class ZKDelegationTokenSecretManager<TokenIdent extends AbstractDelegationTokenIdentifier> extends AbstractDelegationTokenSecretManager<TokenIdent> {
    private static final String ZK_CONF_PREFIX = "zk-dt-secret-manager.";
    public static final String ZK_DTSM_ZK_NUM_RETRIES = "zk-dt-secret-manager.zkNumRetries";
    public static final String ZK_DTSM_ZK_SESSION_TIMEOUT = "zk-dt-secret-manager.zkSessionTimeout";
    public static final String ZK_DTSM_ZK_CONNECTION_TIMEOUT = "zk-dt-secret-manager.zkConnectionTimeout";
    public static final String ZK_DTSM_ZK_SHUTDOWN_TIMEOUT = "zk-dt-secret-manager.zkShutdownTimeout";
    public static final String ZK_DTSM_ZNODE_WORKING_PATH = "zk-dt-secret-manager.znodeWorkingPath";
    public static final String ZK_DTSM_ZK_AUTH_TYPE = "zk-dt-secret-manager.zkAuthType";
    public static final String ZK_DTSM_ZK_CONNECTION_STRING = "zk-dt-secret-manager.zkConnectionString";
    public static final String ZK_DTSM_ZK_KERBEROS_KEYTAB = "zk-dt-secret-manager.kerberos.keytab";
    public static final String ZK_DTSM_ZK_KERBEROS_PRINCIPAL = "zk-dt-secret-manager.kerberos.principal";
    public static final int ZK_DTSM_ZK_NUM_RETRIES_DEFAULT = 3;
    public static final int ZK_DTSM_ZK_SESSION_TIMEOUT_DEFAULT = 10000;
    public static final int ZK_DTSM_ZK_CONNECTION_TIMEOUT_DEFAULT = 10000;
    public static final int ZK_DTSM_ZK_SHUTDOWN_TIMEOUT_DEFAULT = 10000;
    public static final String ZK_DTSM_ZNODE_WORKING_PATH_DEAFULT = "zkdtsm";
    private static final String JAAS_LOGIN_ENTRY_NAME = "ZKDelegationTokenSecretManagerClient";
    private static final String ZK_DTSM_NAMESPACE = "ZKDTSMRoot";
    private static final String ZK_DTSM_SEQNUM_ROOT = "/ZKDTSMSeqNumRoot";
    private static final String ZK_DTSM_KEYID_ROOT = "/ZKDTSMKeyIdRoot";
    private static final String ZK_DTSM_TOKENS_ROOT = "/ZKDTSMTokensRoot";
    private static final String ZK_DTSM_MASTER_KEY_ROOT = "/ZKDTSMMasterKeyRoot";
    private static final String DELEGATION_KEY_PREFIX = "DK_";
    private static final String DELEGATION_TOKEN_PREFIX = "DT_";
    private final boolean isExternalClient;
    private final CuratorFramework zkClient;
    private SharedCount delTokSeqCounter;
    private SharedCount keyIdSeqCounter;
    private PathChildrenCache keyCache;
    private PathChildrenCache tokenCache;
    private ExecutorService listenerThreadPool;
    private final long shutdownTimeout;
    private static Logger LOG = LoggerFactory.getLogger((Class<?>) ZKDelegationTokenSecretManager.class);
    private static final ThreadLocal<CuratorFramework> CURATOR_TL = new ThreadLocal<>();

    /* renamed from: org.apache.hadoop.security.token.delegation.ZKDelegationTokenSecretManager$3, reason: invalid class name */
    /* loaded from: input_file:lib/hadoop-common-2.7.4.jar:org/apache/hadoop/security/token/delegation/ZKDelegationTokenSecretManager$3.class */
    static /* synthetic */ class AnonymousClass3 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$curator$framework$recipes$cache$PathChildrenCacheEvent$Type = new int[PathChildrenCacheEvent.Type.values().length];

        static {
            try {
                $SwitchMap$org$apache$curator$framework$recipes$cache$PathChildrenCacheEvent$Type[PathChildrenCacheEvent.Type.CHILD_ADDED.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$curator$framework$recipes$cache$PathChildrenCacheEvent$Type[PathChildrenCacheEvent.Type.CHILD_UPDATED.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$apache$curator$framework$recipes$cache$PathChildrenCacheEvent$Type[PathChildrenCacheEvent.Type.CHILD_REMOVED.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    @InterfaceAudience.Private
    /* loaded from: input_file:lib/hadoop-common-2.7.4.jar:org/apache/hadoop/security/token/delegation/ZKDelegationTokenSecretManager$JaasConfiguration.class */
    public static class JaasConfiguration extends Configuration {
        private static AppConfigurationEntry[] entry;
        private String entryName;

        public JaasConfiguration(String str, String str2, String str3) {
            this.entryName = str;
            HashMap hashMap = new HashMap();
            hashMap.put("keyTab", str3);
            hashMap.put("principal", str2);
            hashMap.put("useKeyTab", "true");
            hashMap.put("storeKey", "true");
            hashMap.put("useTicketCache", "false");
            hashMap.put("refreshKrb5Config", "true");
            String str4 = System.getenv("HADOOP_JAAS_DEBUG");
            if (str4 != null && "true".equalsIgnoreCase(str4)) {
                hashMap.put("debug", "true");
            }
            entry = new AppConfigurationEntry[]{new AppConfigurationEntry(getKrb5LoginModuleName(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, hashMap)};
        }

        public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
            if (this.entryName.equals(str)) {
                return entry;
            }
            return null;
        }

        private String getKrb5LoginModuleName() {
            return System.getProperty("java.vendor").contains("IBM") ? "com.ibm.security.auth.module.Krb5LoginModule" : "com.sun.security.auth.module.Krb5LoginModule";
        }
    }

    /* loaded from: input_file:lib/hadoop-common-2.7.4.jar:org/apache/hadoop/security/token/delegation/ZKDelegationTokenSecretManager$SASLOwnerACLProvider.class */
    private static class SASLOwnerACLProvider implements ACLProvider {
        private final List<ACL> saslACL;

        private SASLOwnerACLProvider(String str) {
            this.saslACL = Collections.singletonList(new ACL(31, new Id("sasl", str)));
        }

        @Override // org.apache.curator.framework.api.ACLProvider, org.apache.curator.utils.InternalACLProvider
        public List<ACL> getDefaultAcl() {
            return this.saslACL;
        }

        @Override // org.apache.curator.framework.api.ACLProvider, org.apache.curator.utils.InternalACLProvider
        public List<ACL> getAclForPath(String str) {
            return this.saslACL;
        }
    }

    public static void setCurator(CuratorFramework curatorFramework) {
        CURATOR_TL.set(curatorFramework);
    }

    public ZKDelegationTokenSecretManager(org.apache.hadoop.conf.Configuration configuration) {
        super(configuration.getLong(DelegationTokenManager.UPDATE_INTERVAL, 86400L) * 1000, configuration.getLong(DelegationTokenManager.MAX_LIFETIME, DelegationTokenManager.MAX_LIFETIME_DEFAULT) * 1000, configuration.getLong(DelegationTokenManager.RENEW_INTERVAL, 86400000L), configuration.getLong(DelegationTokenManager.REMOVAL_SCAN_INTERVAL, 3600L) * 1000);
        ACLProvider defaultACLProvider;
        this.shutdownTimeout = configuration.getLong(ZK_DTSM_ZK_SHUTDOWN_TIMEOUT, 10000L);
        if (CURATOR_TL.get() != null) {
            this.zkClient = CURATOR_TL.get().usingNamespace(configuration.get(ZK_DTSM_ZNODE_WORKING_PATH, ZK_DTSM_ZNODE_WORKING_PATH_DEAFULT) + "/" + ZK_DTSM_NAMESPACE);
            this.isExternalClient = true;
            return;
        }
        String str = configuration.get(ZK_DTSM_ZK_CONNECTION_STRING);
        Preconditions.checkNotNull(str, "Zookeeper connection string cannot be null");
        String str2 = configuration.get(ZK_DTSM_ZK_AUTH_TYPE);
        Preconditions.checkNotNull(str2, "Zookeeper authType cannot be null !!");
        Preconditions.checkArgument(str2.equals("sasl") || str2.equals("none"), "Zookeeper authType must be one of [none, sasl]");
        try {
            if (str2.equals("sasl")) {
                LOG.info("Connecting to ZooKeeper with SASL/Kerberosand using 'sasl' ACLs");
                String jaasConfiguration = setJaasConfiguration(configuration);
                System.setProperty(ZooKeeperSaslClient.LOGIN_CONTEXT_NAME_KEY, JAAS_LOGIN_ENTRY_NAME);
                System.setProperty("zookeeper.authProvider.1", "org.apache.zookeeper.server.auth.SASLAuthenticationProvider");
                defaultACLProvider = new SASLOwnerACLProvider(jaasConfiguration);
            } else {
                LOG.info("Connecting to ZooKeeper without authentication");
                defaultACLProvider = new DefaultACLProvider();
            }
            int i = configuration.getInt(ZK_DTSM_ZK_SESSION_TIMEOUT, 10000);
            int i2 = configuration.getInt(ZK_DTSM_ZK_NUM_RETRIES, 3);
            this.zkClient = CuratorFrameworkFactory.builder().aclProvider(defaultACLProvider).namespace(configuration.get(ZK_DTSM_ZNODE_WORKING_PATH, ZK_DTSM_ZNODE_WORKING_PATH_DEAFULT) + "/" + ZK_DTSM_NAMESPACE).sessionTimeoutMs(i).connectionTimeoutMs(configuration.getInt(ZK_DTSM_ZK_CONNECTION_TIMEOUT, 10000)).retryPolicy(new RetryNTimes(i2, i / i2)).ensembleProvider(new FixedEnsembleProvider(str)).build();
            this.isExternalClient = false;
        } catch (Exception e) {
            throw new RuntimeException("Could not Load ZK acls or auth");
        }
    }

    private String setJaasConfiguration(org.apache.hadoop.conf.Configuration configuration) throws Exception {
        String trim = configuration.get(ZK_DTSM_ZK_KERBEROS_KEYTAB, "").trim();
        if (trim == null || trim.length() == 0) {
            throw new IllegalArgumentException("zk-dt-secret-manager.kerberos.keytab must be specified");
        }
        String trim2 = configuration.get(ZK_DTSM_ZK_KERBEROS_PRINCIPAL, "").trim();
        if (trim2 == null || trim2.length() == 0) {
            throw new IllegalArgumentException("zk-dt-secret-manager.kerberos.principal must be specified");
        }
        Configuration.setConfiguration(new JaasConfiguration(JAAS_LOGIN_ENTRY_NAME, trim2, trim));
        return trim2.split("[/@]")[0];
    }

    @Override // org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager
    public void startThreads() throws IOException {
        if (this.isExternalClient) {
            CuratorFramework usingNamespace = this.zkClient.usingNamespace(null);
            try {
                usingNamespace.newNamespaceAwareEnsurePath("/" + this.zkClient.getNamespace()).ensure(usingNamespace.getZookeeperClient());
            } catch (Exception e) {
                throw new IOException("Could not create namespace", e);
            }
        } else {
            try {
                this.zkClient.start();
            } catch (Exception e2) {
                throw new IOException("Could not start Curator Framework", e2);
            }
        }
        this.listenerThreadPool = Executors.newSingleThreadExecutor();
        try {
            this.delTokSeqCounter = new SharedCount(this.zkClient, ZK_DTSM_SEQNUM_ROOT, 0);
            if (this.delTokSeqCounter != null) {
                this.delTokSeqCounter.start();
            }
            try {
                this.keyIdSeqCounter = new SharedCount(this.zkClient, ZK_DTSM_KEYID_ROOT, 0);
                if (this.keyIdSeqCounter != null) {
                    this.keyIdSeqCounter.start();
                }
                try {
                    createPersistentNode(ZK_DTSM_MASTER_KEY_ROOT);
                    createPersistentNode(ZK_DTSM_TOKENS_ROOT);
                    try {
                        this.keyCache = new PathChildrenCache(this.zkClient, ZK_DTSM_MASTER_KEY_ROOT, true);
                        if (this.keyCache != null) {
                            this.keyCache.start(PathChildrenCache.StartMode.BUILD_INITIAL_CACHE);
                            this.keyCache.getListenable().addListener(new PathChildrenCacheListener() { // from class: org.apache.hadoop.security.token.delegation.ZKDelegationTokenSecretManager.1
                                @Override // org.apache.curator.framework.recipes.cache.PathChildrenCacheListener
                                public void childEvent(CuratorFramework curatorFramework, PathChildrenCacheEvent pathChildrenCacheEvent) throws Exception {
                                    switch (AnonymousClass3.$SwitchMap$org$apache$curator$framework$recipes$cache$PathChildrenCacheEvent$Type[pathChildrenCacheEvent.getType().ordinal()]) {
                                        case 1:
                                            ZKDelegationTokenSecretManager.this.processKeyAddOrUpdate(pathChildrenCacheEvent.getData().getData());
                                            return;
                                        case 2:
                                            ZKDelegationTokenSecretManager.this.processKeyAddOrUpdate(pathChildrenCacheEvent.getData().getData());
                                            return;
                                        case 3:
                                            ZKDelegationTokenSecretManager.this.processKeyRemoved(pathChildrenCacheEvent.getData().getPath());
                                            return;
                                        default:
                                            return;
                                    }
                                }
                            }, this.listenerThreadPool);
                        }
                        try {
                            this.tokenCache = new PathChildrenCache(this.zkClient, ZK_DTSM_TOKENS_ROOT, true);
                            if (this.tokenCache != null) {
                                this.tokenCache.start(PathChildrenCache.StartMode.BUILD_INITIAL_CACHE);
                                this.tokenCache.getListenable().addListener(new PathChildrenCacheListener() { // from class: org.apache.hadoop.security.token.delegation.ZKDelegationTokenSecretManager.2
                                    @Override // org.apache.curator.framework.recipes.cache.PathChildrenCacheListener
                                    public void childEvent(CuratorFramework curatorFramework, PathChildrenCacheEvent pathChildrenCacheEvent) throws Exception {
                                        switch (AnonymousClass3.$SwitchMap$org$apache$curator$framework$recipes$cache$PathChildrenCacheEvent$Type[pathChildrenCacheEvent.getType().ordinal()]) {
                                            case 1:
                                                ZKDelegationTokenSecretManager.this.processTokenAddOrUpdate(pathChildrenCacheEvent.getData());
                                                return;
                                            case 2:
                                                ZKDelegationTokenSecretManager.this.processTokenAddOrUpdate(pathChildrenCacheEvent.getData());
                                                return;
                                            case 3:
                                                ZKDelegationTokenSecretManager.this.processTokenRemoved(pathChildrenCacheEvent.getData());
                                                return;
                                            default:
                                                return;
                                        }
                                    }
                                }, this.listenerThreadPool);
                            }
                            super.startThreads();
                        } catch (Exception e3) {
                            throw new IOException("Could not start PathChildrenCache for tokens", e3);
                        }
                    } catch (Exception e4) {
                        throw new IOException("Could not start PathChildrenCache for keys", e4);
                    }
                } catch (Exception e5) {
                    throw new RuntimeException("Could not create ZK paths");
                }
            } catch (Exception e6) {
                throw new IOException("Could not start KeyId Counter", e6);
            }
        } catch (Exception e7) {
            throw new IOException("Could not start Sequence Counter", e7);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void processKeyAddOrUpdate(byte[] bArr) throws IOException {
        DataInputStream dataInputStream = new DataInputStream(new ByteArrayInputStream(bArr));
        DelegationKey delegationKey = new DelegationKey();
        delegationKey.readFields(dataInputStream);
        synchronized (this) {
            this.allKeys.put(Integer.valueOf(delegationKey.getKeyId()), delegationKey);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void processKeyRemoved(String str) {
        String substring;
        int indexOf;
        int lastIndexOf = str.lastIndexOf(47);
        if (lastIndexOf <= 0 || (indexOf = (substring = str.substring(lastIndexOf + 1)).indexOf(95)) <= 0) {
            return;
        }
        int parseInt = Integer.parseInt(substring.substring(indexOf + 1));
        synchronized (this) {
            this.allKeys.remove(Integer.valueOf(parseInt));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Multi-variable type inference failed */
    public void processTokenAddOrUpdate(ChildData childData) throws IOException {
        DataInputStream dataInputStream = new DataInputStream(new ByteArrayInputStream(childData.getData()));
        AbstractDelegationTokenIdentifier abstractDelegationTokenIdentifier = (AbstractDelegationTokenIdentifier) createIdentifier();
        abstractDelegationTokenIdentifier.readFields(dataInputStream);
        long readLong = dataInputStream.readLong();
        int readInt = dataInputStream.readInt();
        byte[] bArr = new byte[readInt];
        if (dataInputStream.read(bArr, 0, readInt) > -1) {
            AbstractDelegationTokenSecretManager.DelegationTokenInformation delegationTokenInformation = new AbstractDelegationTokenSecretManager.DelegationTokenInformation(readLong, bArr);
            synchronized (this) {
                this.currentTokens.put(abstractDelegationTokenIdentifier, delegationTokenInformation);
                notifyAll();
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Multi-variable type inference failed */
    public void processTokenRemoved(ChildData childData) throws IOException {
        DataInputStream dataInputStream = new DataInputStream(new ByteArrayInputStream(childData.getData()));
        AbstractDelegationTokenIdentifier abstractDelegationTokenIdentifier = (AbstractDelegationTokenIdentifier) createIdentifier();
        abstractDelegationTokenIdentifier.readFields(dataInputStream);
        synchronized (this) {
            this.currentTokens.remove(abstractDelegationTokenIdentifier);
            notifyAll();
        }
    }

    @Override // org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager
    public void stopThreads() {
        super.stopThreads();
        try {
            if (this.tokenCache != null) {
                this.tokenCache.close();
            }
        } catch (Exception e) {
            LOG.error("Could not stop Delegation Token Cache", (Throwable) e);
        }
        try {
            if (this.delTokSeqCounter != null) {
                this.delTokSeqCounter.close();
            }
        } catch (Exception e2) {
            LOG.error("Could not stop Delegation Token Counter", (Throwable) e2);
        }
        try {
            if (this.keyIdSeqCounter != null) {
                this.keyIdSeqCounter.close();
            }
        } catch (Exception e3) {
            LOG.error("Could not stop Key Id Counter", (Throwable) e3);
        }
        try {
            if (this.keyCache != null) {
                this.keyCache.close();
            }
        } catch (Exception e4) {
            LOG.error("Could not stop KeyCache", (Throwable) e4);
        }
        try {
            if (!this.isExternalClient && this.zkClient != null) {
                this.zkClient.close();
            }
        } catch (Exception e5) {
            LOG.error("Could not stop Curator Framework", (Throwable) e5);
        }
        if (this.listenerThreadPool != null) {
            this.listenerThreadPool.shutdown();
            try {
                if (!this.listenerThreadPool.awaitTermination(this.shutdownTimeout, TimeUnit.MILLISECONDS)) {
                    LOG.error("Forcing Listener threadPool to shutdown !!");
                    this.listenerThreadPool.shutdownNow();
                }
            } catch (InterruptedException e6) {
                this.listenerThreadPool.shutdownNow();
                Thread.currentThread().interrupt();
            }
        }
    }

    private void createPersistentNode(String str) throws Exception {
        try {
            this.zkClient.create().withMode(CreateMode.PERSISTENT).forPath(str);
        } catch (KeeperException.NodeExistsException e) {
            LOG.debug(str + " znode already exists !!");
        } catch (Exception e2) {
            throw new IOException(str + " znode could not be created !!", e2);
        }
    }

    @Override // org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager
    protected int getDelegationTokenSeqNum() {
        return this.delTokSeqCounter.getCount();
    }

    private void incrSharedCount(SharedCount sharedCount) throws Exception {
        VersionedValue<Integer> versionedValue;
        do {
            versionedValue = sharedCount.getVersionedValue();
        } while (!sharedCount.trySetCount(versionedValue, versionedValue.getValue().intValue() + 1));
    }

    @Override // org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager
    protected int incrementDelegationTokenSeqNum() {
        try {
            incrSharedCount(this.delTokSeqCounter);
        } catch (InterruptedException e) {
            LOG.debug("Thread interrupted while performing token counter increment", (Throwable) e);
            Thread.currentThread().interrupt();
        } catch (Exception e2) {
            throw new RuntimeException("Could not increment shared counter !!", e2);
        }
        return this.delTokSeqCounter.getCount();
    }

    @Override // org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager
    protected void setDelegationTokenSeqNum(int i) {
        try {
            this.delTokSeqCounter.setCount(i);
        } catch (Exception e) {
            throw new RuntimeException("Could not set shared counter !!", e);
        }
    }

    @Override // org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager
    protected int getCurrentKeyId() {
        return this.keyIdSeqCounter.getCount();
    }

    @Override // org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager
    protected int incrementCurrentKeyId() {
        try {
            incrSharedCount(this.keyIdSeqCounter);
        } catch (InterruptedException e) {
            LOG.debug("Thread interrupted while performing keyId increment", (Throwable) e);
            Thread.currentThread().interrupt();
        } catch (Exception e2) {
            throw new RuntimeException("Could not increment shared keyId counter !!", e2);
        }
        return this.keyIdSeqCounter.getCount();
    }

    @Override // org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager
    protected DelegationKey getDelegationKey(int i) {
        DelegationKey delegationKey = this.allKeys.get(Integer.valueOf(i));
        if (delegationKey == null) {
            try {
                delegationKey = getKeyFromZK(i);
                if (delegationKey != null) {
                    this.allKeys.put(Integer.valueOf(i), delegationKey);
                }
            } catch (IOException e) {
                LOG.error("Error retrieving key [" + i + "] from ZK", (Throwable) e);
            }
        }
        return delegationKey;
    }

    private DelegationKey getKeyFromZK(int i) throws IOException {
        String nodePath = getNodePath(ZK_DTSM_MASTER_KEY_ROOT, DELEGATION_KEY_PREFIX + i);
        try {
            byte[] forPath = this.zkClient.getData().forPath(nodePath);
            if (forPath == null || forPath.length == 0) {
                return null;
            }
            DataInputStream dataInputStream = new DataInputStream(new ByteArrayInputStream(forPath));
            DelegationKey delegationKey = new DelegationKey();
            delegationKey.readFields(dataInputStream);
            return delegationKey;
        } catch (KeeperException.NoNodeException e) {
            LOG.error("No node in path [" + nodePath + DefaultExpressionEngine.DEFAULT_ATTRIBUTE_END);
            return null;
        } catch (Exception e2) {
            throw new IOException(e2);
        }
    }

    @Override // org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager
    protected AbstractDelegationTokenSecretManager.DelegationTokenInformation getTokenInfo(TokenIdent tokenident) {
        AbstractDelegationTokenSecretManager.DelegationTokenInformation delegationTokenInformation = this.currentTokens.get(tokenident);
        if (delegationTokenInformation == null) {
            try {
                delegationTokenInformation = getTokenInfoFromZK(tokenident);
                if (delegationTokenInformation != null) {
                    this.currentTokens.put(tokenident, delegationTokenInformation);
                }
            } catch (IOException e) {
                LOG.error("Error retrieving tokenInfo [" + tokenident.getSequenceNumber() + "] from ZK", (Throwable) e);
            }
        }
        return delegationTokenInformation;
    }

    private synchronized void syncLocalCacheWithZk(TokenIdent tokenident) {
        try {
            AbstractDelegationTokenSecretManager.DelegationTokenInformation tokenInfoFromZK = getTokenInfoFromZK(tokenident);
            if (tokenInfoFromZK != null && !this.currentTokens.containsKey(tokenident)) {
                this.currentTokens.put(tokenident, tokenInfoFromZK);
            } else if (tokenInfoFromZK == null && this.currentTokens.containsKey(tokenident)) {
                this.currentTokens.remove(tokenident);
            }
        } catch (IOException e) {
            LOG.error("Error retrieving tokenInfo [" + tokenident.getSequenceNumber() + "] from ZK", (Throwable) e);
        }
    }

    private AbstractDelegationTokenSecretManager.DelegationTokenInformation getTokenInfoFromZK(TokenIdent tokenident) throws IOException {
        return getTokenInfoFromZK(tokenident, false);
    }

    /* JADX WARN: Multi-variable type inference failed */
    private AbstractDelegationTokenSecretManager.DelegationTokenInformation getTokenInfoFromZK(TokenIdent tokenident, boolean z) throws IOException {
        String nodePath = getNodePath(ZK_DTSM_TOKENS_ROOT, DELEGATION_TOKEN_PREFIX + tokenident.getSequenceNumber());
        try {
            byte[] forPath = this.zkClient.getData().forPath(nodePath);
            if (forPath == null || forPath.length == 0) {
                return null;
            }
            DataInputStream dataInputStream = new DataInputStream(new ByteArrayInputStream(forPath));
            ((AbstractDelegationTokenIdentifier) createIdentifier()).readFields(dataInputStream);
            long readLong = dataInputStream.readLong();
            int readInt = dataInputStream.readInt();
            byte[] bArr = new byte[readInt];
            if (dataInputStream.read(bArr, 0, readInt) > -1) {
                return new AbstractDelegationTokenSecretManager.DelegationTokenInformation(readLong, bArr);
            }
            return null;
        } catch (KeeperException.NoNodeException e) {
            if (z) {
                return null;
            }
            LOG.error("No node in path [" + nodePath + DefaultExpressionEngine.DEFAULT_ATTRIBUTE_END);
            return null;
        } catch (Exception e2) {
            throw new IOException(e2);
        }
    }

    @Override // org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager
    protected void storeDelegationKey(DelegationKey delegationKey) throws IOException {
        addOrUpdateDelegationKey(delegationKey, false);
    }

    @Override // org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager
    protected void updateDelegationKey(DelegationKey delegationKey) throws IOException {
        addOrUpdateDelegationKey(delegationKey, true);
    }

    private void addOrUpdateDelegationKey(DelegationKey delegationKey, boolean z) throws IOException {
        String nodePath = getNodePath(ZK_DTSM_MASTER_KEY_ROOT, DELEGATION_KEY_PREFIX + delegationKey.getKeyId());
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Storing ZKDTSMDelegationKey_" + delegationKey.getKeyId());
        }
        delegationKey.write(dataOutputStream);
        try {
            try {
                try {
                    if (this.zkClient.checkExists().forPath(nodePath) != null) {
                        this.zkClient.setData().forPath(nodePath, byteArrayOutputStream.toByteArray()).setVersion(-1);
                        if (!z) {
                            LOG.debug("Key with path [" + nodePath + "] already exists.. Updating !!");
                        }
                    } else {
                        this.zkClient.create().withMode(CreateMode.PERSISTENT).forPath(nodePath, byteArrayOutputStream.toByteArray());
                        if (z) {
                            LOG.debug("Updating non existent Key path [" + nodePath + "].. Adding new !!");
                        }
                    }
                    byteArrayOutputStream.close();
                } catch (Exception e) {
                    throw new IOException(e);
                }
            } catch (KeeperException.NodeExistsException e2) {
                LOG.debug(nodePath + " znode already exists !!");
                byteArrayOutputStream.close();
            }
        } catch (Throwable th) {
            byteArrayOutputStream.close();
            throw th;
        }
    }

    @Override // org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager
    protected void removeStoredMasterKey(DelegationKey delegationKey) {
        String nodePath = getNodePath(ZK_DTSM_MASTER_KEY_ROOT, DELEGATION_KEY_PREFIX + delegationKey.getKeyId());
        if (LOG.isDebugEnabled()) {
            LOG.debug("Removing ZKDTSMDelegationKey_" + delegationKey.getKeyId());
        }
        try {
            if (this.zkClient.checkExists().forPath(nodePath) != null) {
                while (this.zkClient.checkExists().forPath(nodePath) != null) {
                    this.zkClient.delete().guaranteed().forPath(nodePath);
                }
            } else {
                LOG.debug("Attempted to delete a non-existing znode " + nodePath);
            }
        } catch (Exception e) {
            LOG.debug(nodePath + " znode could not be removed!!");
        }
    }

    @Override // org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager
    protected void storeToken(TokenIdent tokenident, AbstractDelegationTokenSecretManager.DelegationTokenInformation delegationTokenInformation) throws IOException {
        try {
            addOrUpdateToken(tokenident, delegationTokenInformation, false);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    @Override // org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager
    protected void updateToken(TokenIdent tokenident, AbstractDelegationTokenSecretManager.DelegationTokenInformation delegationTokenInformation) throws IOException {
        String nodePath = getNodePath(ZK_DTSM_TOKENS_ROOT, DELEGATION_TOKEN_PREFIX + tokenident.getSequenceNumber());
        try {
            if (this.zkClient.checkExists().forPath(nodePath) != null) {
                addOrUpdateToken(tokenident, delegationTokenInformation, true);
            } else {
                addOrUpdateToken(tokenident, delegationTokenInformation, false);
                LOG.debug("Attempted to update a non-existing znode " + nodePath);
            }
        } catch (Exception e) {
            throw new RuntimeException("Could not update Stored Token ZKDTSMDelegationToken_" + tokenident.getSequenceNumber(), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager
    public void removeStoredToken(TokenIdent tokenident) throws IOException {
        String nodePath = getNodePath(ZK_DTSM_TOKENS_ROOT, DELEGATION_TOKEN_PREFIX + tokenident.getSequenceNumber());
        if (LOG.isDebugEnabled()) {
            LOG.debug("Removing ZKDTSMDelegationToken_" + tokenident.getSequenceNumber());
        }
        try {
            if (this.zkClient.checkExists().forPath(nodePath) != null) {
                while (this.zkClient.checkExists().forPath(nodePath) != null) {
                    this.zkClient.delete().guaranteed().forPath(nodePath);
                }
            } else {
                LOG.debug("Attempted to remove a non-existing znode " + nodePath);
            }
        } catch (Exception e) {
            throw new RuntimeException("Could not remove Stored Token ZKDTSMDelegationToken_" + tokenident.getSequenceNumber(), e);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager
    public synchronized TokenIdent cancelToken(Token<TokenIdent> token, String str) throws IOException {
        DataInputStream dataInputStream = new DataInputStream(new ByteArrayInputStream(token.getIdentifier()));
        AbstractDelegationTokenIdentifier abstractDelegationTokenIdentifier = (AbstractDelegationTokenIdentifier) createIdentifier();
        abstractDelegationTokenIdentifier.readFields(dataInputStream);
        syncLocalCacheWithZk(abstractDelegationTokenIdentifier);
        return (TokenIdent) super.cancelToken(token, str);
    }

    private void addOrUpdateToken(TokenIdent tokenident, AbstractDelegationTokenSecretManager.DelegationTokenInformation delegationTokenInformation, boolean z) throws Exception {
        String nodePath = getNodePath(ZK_DTSM_TOKENS_ROOT, DELEGATION_TOKEN_PREFIX + tokenident.getSequenceNumber());
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
        ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
        try {
            tokenident.write(dataOutputStream);
            dataOutputStream.writeLong(delegationTokenInformation.getRenewDate());
            dataOutputStream.writeInt(delegationTokenInformation.getPassword().length);
            dataOutputStream.write(delegationTokenInformation.getPassword());
            if (LOG.isDebugEnabled()) {
                LOG.debug((z ? "Updating " : "Storing ") + "ZKDTSMDelegationToken_" + tokenident.getSequenceNumber());
            }
            if (z) {
                this.zkClient.setData().forPath(nodePath, byteArrayOutputStream.toByteArray()).setVersion(-1);
            } else {
                this.zkClient.create().withMode(CreateMode.PERSISTENT).forPath(nodePath, byteArrayOutputStream.toByteArray());
            }
        } finally {
            byteArrayOutputStream2.close();
        }
    }

    @InterfaceAudience.Private
    @VisibleForTesting
    @InterfaceStability.Unstable
    static String getNodePath(String str, String str2) {
        return str + "/" + str2;
    }

    @VisibleForTesting
    public ExecutorService getListenerThreadPool() {
        return this.listenerThreadPool;
    }
}
