package org.apache.hadoop.ozone.om;

import java.io.IOException;
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
import org.apache.hadoop.ozone.OmUtils;
import org.apache.hadoop.ozone.om.helpers.S3SecretValue;
import org.apache.hadoop.ozone.om.lock.OzoneManagerLock;
import org.apache.hadoop.ozone.security.OzoneSecurityException;
import org.apache.hadoop.ozone.shaded.com.google.common.base.Preconditions;
import org.apache.hadoop.ozone.shaded.org.apache.commons.codec.digest.DigestUtils;
import org.apache.logging.log4j.util.Strings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/ozone/om/S3SecretManagerImpl.class */
public class S3SecretManagerImpl implements S3SecretManager {
    private static final Logger LOG = LoggerFactory.getLogger(S3SecretManagerImpl.class);
    private final OMMetadataManager omMetadataManager;
    private final OzoneConfiguration configuration;

    public S3SecretManagerImpl(OzoneConfiguration ozoneConfiguration, OMMetadataManager oMMetadataManager) {
        this.configuration = ozoneConfiguration;
        this.omMetadataManager = oMMetadataManager;
    }

    @Override // org.apache.hadoop.ozone.om.S3SecretManager
    public S3SecretValue getS3Secret(String str) throws IOException {
        Preconditions.checkArgument(Strings.isNotBlank(str), "kerberosID cannot be null or empty.");
        this.omMetadataManager.getLock().acquireLock(OzoneManagerLock.Resource.S3_SECRET_LOCK, str);
        try {
            S3SecretValue s3SecretValue = this.omMetadataManager.getS3SecretTable().get(str);
            if (s3SecretValue != null) {
                this.omMetadataManager.getLock().releaseLock(OzoneManagerLock.Resource.S3_SECRET_LOCK, str);
                return s3SecretValue;
            }
            S3SecretValue s3SecretValue2 = new S3SecretValue(str, DigestUtils.sha256Hex(OmUtils.getSHADigest()));
            this.omMetadataManager.getS3SecretTable().put(str, s3SecretValue2);
            this.omMetadataManager.getLock().releaseLock(OzoneManagerLock.Resource.S3_SECRET_LOCK, str);
            if (LOG.isTraceEnabled()) {
                LOG.trace("Secret for accessKey:{}, proto:{}", str, s3SecretValue2);
            }
            return s3SecretValue2;
        } catch (Throwable th) {
            this.omMetadataManager.getLock().releaseLock(OzoneManagerLock.Resource.S3_SECRET_LOCK, str);
            throw th;
        }
    }

    @Override // org.apache.hadoop.ozone.om.S3SecretManager
    public String getS3UserSecretString(String str) throws IOException {
        Preconditions.checkArgument(Strings.isNotBlank(str), "awsAccessKeyId cannot be null or empty.");
        LOG.trace("Get secret for awsAccessKey:{}", str);
        this.omMetadataManager.getLock().acquireLock(OzoneManagerLock.Resource.S3_SECRET_LOCK, str);
        try {
            S3SecretValue s3SecretValue = this.omMetadataManager.getS3SecretTable().get(str);
            if (s3SecretValue == null) {
                throw new OzoneSecurityException("S3 secret not found for awsAccessKeyId " + str, OzoneSecurityException.ResultCodes.S3_SECRET_NOT_FOUND);
            }
            this.omMetadataManager.getLock().releaseLock(OzoneManagerLock.Resource.S3_SECRET_LOCK, str);
            return s3SecretValue.getAwsSecret();
        } catch (Throwable th) {
            this.omMetadataManager.getLock().releaseLock(OzoneManagerLock.Resource.S3_SECRET_LOCK, str);
            throw th;
        }
    }

    public OMMetadataManager getOmMetadataManager() {
        return this.omMetadataManager;
    }
}
