package org.apache.hadoop.ozone.om.request.key;

import com.google.common.base.Optional;
import com.google.common.base.Preconditions;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Collections;
import java.util.EnumSet;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.apache.hadoop.crypto.key.KeyProviderCryptoExtension;
import org.apache.hadoop.fs.FileEncryptionInfo;
import org.apache.hadoop.hdds.client.BlockID;
import org.apache.hadoop.hdds.protocol.proto.HddsProtos;
import org.apache.hadoop.hdds.scm.container.common.helpers.AllocatedBlock;
import org.apache.hadoop.hdds.scm.container.common.helpers.ExcludeList;
import org.apache.hadoop.hdds.scm.exceptions.SCMException;
import org.apache.hadoop.ipc.Server;
import org.apache.hadoop.ozone.audit.OMAction;
import org.apache.hadoop.ozone.om.OMMetadataManager;
import org.apache.hadoop.ozone.om.OMMetrics;
import org.apache.hadoop.ozone.om.OzoneManager;
import org.apache.hadoop.ozone.om.ScmClient;
import org.apache.hadoop.ozone.om.exceptions.OMException;
import org.apache.hadoop.ozone.om.helpers.BucketEncryptionKeyInfo;
import org.apache.hadoop.ozone.om.helpers.OmBucketInfo;
import org.apache.hadoop.ozone.om.helpers.OmKeyInfo;
import org.apache.hadoop.ozone.om.helpers.OmKeyLocationInfo;
import org.apache.hadoop.ozone.om.helpers.OmKeyLocationInfoGroup;
import org.apache.hadoop.ozone.om.helpers.OzoneAclUtil;
import org.apache.hadoop.ozone.om.request.OMClientRequest;
import org.apache.hadoop.ozone.om.response.OMClientResponse;
import org.apache.hadoop.ozone.om.response.file.OMFileCreateResponse;
import org.apache.hadoop.ozone.om.response.key.OMKeyCreateResponse;
import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos;
import org.apache.hadoop.ozone.security.OzoneBlockTokenSecretManager;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.util.Time;
import org.apache.hadoop.utils.db.cache.CacheKey;
import org.apache.hadoop.utils.db.cache.CacheValue;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/ozone/om/request/key/OMKeyRequest.class */
public abstract class OMKeyRequest extends OMClientRequest {
    private static final Logger LOG = LoggerFactory.getLogger(OMKeyRequest.class);

    public OMKeyRequest(OzoneManagerProtocolProtos.OMRequest oMRequest) {
        super(oMRequest);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<OmKeyLocationInfo> allocateBlock(ScmClient scmClient, OzoneBlockTokenSecretManager ozoneBlockTokenSecretManager, HddsProtos.ReplicationType replicationType, HddsProtos.ReplicationFactor replicationFactor, ExcludeList excludeList, long j, long j2, int i, boolean z, String str) throws IOException {
        int min = Math.min((int) (((j - 1) / j2) + 1), i);
        ArrayList arrayList = new ArrayList(min);
        String shortUserName = getRemoteUser().getShortUserName();
        try {
            for (AllocatedBlock allocatedBlock : scmClient.getBlockClient().allocateBlock(j2, min, replicationType, replicationFactor, str, excludeList)) {
                OmKeyLocationInfo.Builder pipeline = new OmKeyLocationInfo.Builder().setBlockID(new BlockID(allocatedBlock.getBlockID())).setLength(j2).setOffset(0L).setPipeline(allocatedBlock.getPipeline());
                if (z) {
                    pipeline.setToken(ozoneBlockTokenSecretManager.generateToken(shortUserName, allocatedBlock.getBlockID().toString(), getAclForUser(shortUserName), j2));
                }
                arrayList.add(pipeline.build());
            }
            return arrayList;
        } catch (SCMException e) {
            if (e.getResult().equals(SCMException.ResultCodes.SAFE_MODE_EXCEPTION)) {
                throw new OMException(e.getMessage(), OMException.ResultCodes.SCM_IN_SAFE_MODE);
            }
            throw e;
        }
    }

    private UserGroupInformation getRemoteUser() throws IOException {
        UserGroupInformation remoteUser = Server.getRemoteUser();
        return remoteUser != null ? remoteUser : UserGroupInformation.getCurrentUser();
    }

    private EnumSet<HddsProtos.BlockTokenSecretProto.AccessModeProto> getAclForUser(String str) {
        return EnumSet.allOf(HddsProtos.BlockTokenSecretProto.AccessModeProto.class);
    }

    public void validateBucketAndVolume(OMMetadataManager oMMetadataManager, String str, String str2) throws IOException {
        if (oMMetadataManager.getBucketTable().isExist(oMMetadataManager.getBucketKey(str, str2))) {
            return;
        }
        if (!oMMetadataManager.getVolumeTable().isExist(oMMetadataManager.getVolumeKey(str))) {
            throw new OMException("Volume not found " + str, OMException.ResultCodes.VOLUME_NOT_FOUND);
        }
        throw new OMException("Bucket not found " + str2, OMException.ResultCodes.BUCKET_NOT_FOUND);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Optional<FileEncryptionInfo> getFileEncryptionInfo(OzoneManager ozoneManager, OmBucketInfo omBucketInfo) throws IOException {
        Optional<FileEncryptionInfo> absent = Optional.absent();
        BucketEncryptionKeyInfo encryptionKeyInfo = omBucketInfo.getEncryptionKeyInfo();
        if (encryptionKeyInfo != null) {
            if (ozoneManager.getKmsProvider() == null) {
                throw new OMException("Invalid KMS provider, check configuration hadoop.security.key.provider.path", OMException.ResultCodes.INVALID_KMS_PROVIDER);
            }
            String keyName = encryptionKeyInfo.getKeyName();
            KeyProviderCryptoExtension.EncryptedKeyVersion generateEDEK = generateEDEK(ozoneManager, keyName);
            absent = Optional.of(new FileEncryptionInfo(encryptionKeyInfo.getSuite(), encryptionKeyInfo.getVersion(), generateEDEK.getEncryptedKeyVersion().getMaterial(), generateEDEK.getEncryptedKeyIv(), keyName, generateEDEK.getEncryptionKeyVersionName()));
        }
        return absent;
    }

    private KeyProviderCryptoExtension.EncryptedKeyVersion generateEDEK(final OzoneManager ozoneManager, final String str) throws IOException {
        if (str == null) {
            return null;
        }
        long monotonicNow = Time.monotonicNow();
        KeyProviderCryptoExtension.EncryptedKeyVersion encryptedKeyVersion = (KeyProviderCryptoExtension.EncryptedKeyVersion) SecurityUtil.doAsLoginUser(new PrivilegedExceptionAction<KeyProviderCryptoExtension.EncryptedKeyVersion>() { // from class: org.apache.hadoop.ozone.om.request.key.OMKeyRequest.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public KeyProviderCryptoExtension.EncryptedKeyVersion run() throws IOException {
                try {
                    return ozoneManager.getKmsProvider().generateEncryptedKey(str);
                } catch (GeneralSecurityException e) {
                    throw new IOException(e);
                }
            }
        });
        LOG.debug("generateEDEK takes {} ms", Long.valueOf(Time.monotonicNow() - monotonicNow));
        Preconditions.checkNotNull(encryptedKeyVersion);
        return encryptedKeyVersion;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public OMClientResponse prepareCreateKeyResponse(@Nonnull OzoneManagerProtocolProtos.KeyArgs keyArgs, OmKeyInfo omKeyInfo, @Nonnull List<OmKeyLocationInfo> list, FileEncryptionInfo fileEncryptionInfo, @Nullable IOException iOException, long j, long j2, @Nonnull String str, @Nonnull String str2, @Nonnull String str3, @Nonnull OzoneManager ozoneManager, @Nonnull OMAction oMAction) {
        OMClientResponse createKeyErrorResponse;
        OzoneManagerProtocolProtos.OMResponse.Builder status = OzoneManagerProtocolProtos.OMResponse.newBuilder().setStatus(OzoneManagerProtocolProtos.Status.OK);
        OMMetadataManager metadataManager = ozoneManager.getMetadataManager();
        Map<String, String> buildKeyArgsAuditMap = buildKeyArgsAuditMap(keyArgs);
        if (iOException == null) {
            if (omKeyInfo == null) {
                omKeyInfo = createKeyInfo(keyArgs, list, keyArgs.getFactor(), keyArgs.getType(), keyArgs.getDataSize(), fileEncryptionInfo);
            }
            long version = omKeyInfo.getLatestVersionLocations().getVersion();
            try {
                omKeyInfo.appendNewBlocks((List) keyArgs.getKeyLocationsList().stream().map(OmKeyLocationInfo::getFromProtobuf).collect(Collectors.toList()), false);
            } catch (IOException e) {
                iOException = e;
            }
            if (iOException != null) {
                LOG.error("{} failed for Key: {} in volume/bucket:{}/{}", new Object[]{oMAction.getAction(), str3, str2, str, iOException});
                createKeyErrorResponse = createKeyErrorResponse(ozoneManager.getMetrics(), oMAction, iOException, status);
            } else {
                metadataManager.getOpenKeyTable().addCacheEntry(new CacheKey(metadataManager.getOpenKey(str, str2, str3, j)), new CacheValue(Optional.of(omKeyInfo), j2));
                LOG.debug("{} for Key: {} in volume/bucket: {}/{}", new Object[]{oMAction.getAction(), str3, str, str2});
                if (oMAction == OMAction.CREATE_FILE) {
                    ozoneManager.getMetrics().incNumCreateFile();
                    status.setCreateFileResponse(OzoneManagerProtocolProtos.CreateFileResponse.newBuilder().setKeyInfo(omKeyInfo.getProtobuf()).setID(j).setOpenVersion(version).build());
                    status.setCmdType(OzoneManagerProtocolProtos.Type.CreateFile);
                    createKeyErrorResponse = new OMFileCreateResponse(omKeyInfo, j, status.build());
                } else {
                    ozoneManager.getMetrics().incNumKeyAllocates();
                    status.setCreateKeyResponse(OzoneManagerProtocolProtos.CreateKeyResponse.newBuilder().setKeyInfo(omKeyInfo.getProtobuf()).setID(j).setOpenVersion(version).build());
                    status.setCmdType(OzoneManagerProtocolProtos.Type.CreateKey);
                    createKeyErrorResponse = new OMKeyCreateResponse(omKeyInfo, j, status.build());
                }
            }
        } else {
            LOG.error("{} failed for Key: {} in volume/bucket:{}/{}", new Object[]{oMAction.getAction(), str3, str, str2, iOException});
            createKeyErrorResponse = createKeyErrorResponse(ozoneManager.getMetrics(), oMAction, iOException, status);
        }
        auditLog(ozoneManager.getAuditLogger(), buildAuditMessage(oMAction, buildKeyArgsAuditMap, iOException, getOmRequest().getUserInfo()));
        return createKeyErrorResponse;
    }

    protected OmKeyInfo createKeyInfo(@Nonnull OzoneManagerProtocolProtos.KeyArgs keyArgs, @Nonnull List<OmKeyLocationInfo> list, @Nonnull HddsProtos.ReplicationFactor replicationFactor, @Nonnull HddsProtos.ReplicationType replicationType, long j, @Nullable FileEncryptionInfo fileEncryptionInfo) {
        OmKeyInfo.Builder fileEncryptionInfo2 = new OmKeyInfo.Builder().setVolumeName(keyArgs.getVolumeName()).setBucketName(keyArgs.getBucketName()).setKeyName(keyArgs.getKeyName()).setOmKeyLocationInfos(Collections.singletonList(new OmKeyLocationInfoGroup(0L, list))).setCreationTime(keyArgs.getModificationTime()).setModificationTime(keyArgs.getModificationTime()).setDataSize(j).setReplicationType(replicationType).setReplicationFactor(replicationFactor).setFileEncryptionInfo(fileEncryptionInfo);
        if (keyArgs.getAclsList() != null) {
            fileEncryptionInfo2.setAcls(OzoneAclUtil.fromProtobuf(keyArgs.getAclsList()));
        }
        return fileEncryptionInfo2.build();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public OmKeyInfo prepareKeyInfo(@Nonnull OMMetadataManager oMMetadataManager, @Nonnull OzoneManagerProtocolProtos.KeyArgs keyArgs, @Nonnull String str, long j, @Nonnull List<OmKeyLocationInfo> list, @Nullable FileEncryptionInfo fileEncryptionInfo) throws IOException {
        OmKeyInfo omKeyInfo = null;
        if (keyArgs.getIsMultipartKey()) {
            omKeyInfo = prepareMultipartKeyInfo(oMMetadataManager, keyArgs, j, list, fileEncryptionInfo);
        } else if (oMMetadataManager.getKeyTable().isExist(str)) {
            omKeyInfo = (OmKeyInfo) oMMetadataManager.getKeyTable().get(str);
            omKeyInfo.addNewVersion(list, false);
            omKeyInfo.setDataSize(j + omKeyInfo.getDataSize());
            omKeyInfo.setModificationTime(keyArgs.getModificationTime());
        }
        return omKeyInfo;
    }

    private OmKeyInfo prepareMultipartKeyInfo(@Nonnull OMMetadataManager oMMetadataManager, @Nonnull OzoneManagerProtocolProtos.KeyArgs keyArgs, long j, @Nonnull List<OmKeyLocationInfo> list, FileEncryptionInfo fileEncryptionInfo) throws IOException {
        Preconditions.checkArgument(keyArgs.getMultipartNumber() > 0, "PartNumber Should be greater than zero");
        String multipartUploadID = keyArgs.getMultipartUploadID();
        Preconditions.checkNotNull(multipartUploadID);
        OmKeyInfo omKeyInfo = (OmKeyInfo) oMMetadataManager.getOpenKeyTable().get(oMMetadataManager.getMultipartKey(keyArgs.getVolumeName(), keyArgs.getBucketName(), keyArgs.getKeyName(), multipartUploadID));
        if (omKeyInfo == null) {
            throw new OMException("No such Multipart upload is with specified uploadId " + multipartUploadID, OMException.ResultCodes.NO_SUCH_MULTIPART_UPLOAD_ERROR);
        }
        return createKeyInfo(keyArgs, list, omKeyInfo.getFactor(), omKeyInfo.getType(), j, fileEncryptionInfo);
    }

    private OMClientResponse createKeyErrorResponse(@Nonnull OMMetrics oMMetrics, @Nonnull OMAction oMAction, @Nonnull IOException iOException, @Nonnull OzoneManagerProtocolProtos.OMResponse.Builder builder) {
        if (oMAction == OMAction.CREATE_FILE) {
            oMMetrics.incNumCreateFileFails();
            builder.setCmdType(OzoneManagerProtocolProtos.Type.CreateFile);
            return new OMFileCreateResponse(null, -1L, createErrorOMResponse(builder, iOException));
        }
        oMMetrics.incNumKeyAllocateFails();
        builder.setCmdType(OzoneManagerProtocolProtos.Type.CreateKey);
        return new OMKeyCreateResponse(null, -1L, createErrorOMResponse(builder, iOException));
    }
}
