package org.apache.hadoop.yarn.security.client;

import java.util.HashMap;
import java.util.Map;
import javax.crypto.SecretKey;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.security.token.SecretManager;
import org.apache.hadoop.yarn.api.records.ApplicationId;
import org.apache.hadoop.yarn.util.ConverterUtils;

/* JADX WARN: Classes with same name are omitted:
  input_file:classes/org/apache/hadoop/yarn/security/client/ClientToAMSecretManager.class
 */
/* loaded from: input_file:hadoop-yarn-common-0.23.11.jar:org/apache/hadoop/yarn/security/client/ClientToAMSecretManager.class */
public class ClientToAMSecretManager extends SecretManager<ClientTokenIdentifier> {
    private static Log LOG = LogFactory.getLog(ClientToAMSecretManager.class);
    private Map<ApplicationId, SecretKey> masterKeys = new HashMap();

    public void setMasterKey(ApplicationId applicationId, byte[] bArr) {
        this.masterKeys.put(applicationId, SecretManager.createSecretKey(bArr));
        if (LOG.isDebugEnabled()) {
            LOG.debug("Setting master key for " + applicationId + " as " + new String(Base64.encodeBase64(this.masterKeys.get(applicationId).getEncoded())));
        }
    }

    private void addMasterKey(ApplicationId applicationId) {
        this.masterKeys.put(applicationId, generateSecret());
        if (LOG.isDebugEnabled()) {
            LOG.debug("Creating master key for " + applicationId + " as " + new String(Base64.encodeBase64(this.masterKeys.get(applicationId).getEncoded())));
        }
    }

    public synchronized SecretKey getMasterKey(ApplicationId applicationId) {
        if (!this.masterKeys.containsKey(applicationId)) {
            addMasterKey(applicationId);
        }
        return this.masterKeys.get(applicationId);
    }

    public synchronized byte[] createPassword(ClientTokenIdentifier clientTokenIdentifier) {
        byte[] createPassword = createPassword(clientTokenIdentifier.getBytes(), getMasterKey(ConverterUtils.toApplicationId(clientTokenIdentifier.getApplicationID().toString())));
        if (LOG.isDebugEnabled()) {
            LOG.debug("Password created is " + new String(Base64.encodeBase64(createPassword)));
        }
        return createPassword;
    }

    public byte[] retrievePassword(ClientTokenIdentifier clientTokenIdentifier) throws SecretManager.InvalidToken {
        byte[] createPassword = createPassword(clientTokenIdentifier.getBytes(), getMasterKey(clientTokenIdentifier.getApplicationID()));
        if (LOG.isDebugEnabled()) {
            LOG.debug("Password retrieved is " + new String(Base64.encodeBase64(createPassword)));
        }
        return createPassword;
    }

    /* renamed from: createIdentifier, reason: merged with bridge method [inline-methods] */
    public ClientTokenIdentifier m88createIdentifier() {
        return new ClientTokenIdentifier();
    }
}
