package org.apache.hadoop.ozone.container.ec.reconstruction;

import java.io.IOException;
import java.util.EnumSet;
import java.util.Set;
import org.apache.hadoop.hdds.client.BlockID;
import org.apache.hadoop.hdds.protocol.proto.HddsProtos;
import org.apache.hadoop.hdds.scm.container.ContainerID;
import org.apache.hadoop.hdds.security.SecurityConfig;
import org.apache.hadoop.hdds.security.symmetric.SecretKeySignerClient;
import org.apache.hadoop.hdds.security.token.ContainerTokenIdentifier;
import org.apache.hadoop.hdds.security.token.ContainerTokenSecretManager;
import org.apache.hadoop.hdds.security.token.OzoneBlockTokenIdentifier;
import org.apache.hadoop.hdds.security.token.OzoneBlockTokenSecretManager;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.Token;

/* loaded from: input_file:org/apache/hadoop/ozone/container/ec/reconstruction/TokenHelper.class */
class TokenHelper {
    private final OzoneBlockTokenSecretManager blockTokenMgr;
    private final ContainerTokenSecretManager containerTokenMgr;
    private final String user;
    private static final Set<HddsProtos.BlockTokenSecretProto.AccessModeProto> MODES = EnumSet.of(HddsProtos.BlockTokenSecretProto.AccessModeProto.READ, HddsProtos.BlockTokenSecretProto.AccessModeProto.WRITE, HddsProtos.BlockTokenSecretProto.AccessModeProto.DELETE);

    /* JADX INFO: Access modifiers changed from: package-private */
    public TokenHelper(SecurityConfig securityConfig, SecretKeySignerClient secretKeySignerClient) throws IOException {
        boolean isBlockTokenEnabled = securityConfig.isBlockTokenEnabled();
        boolean isContainerTokenEnabled = securityConfig.isContainerTokenEnabled();
        if (!(secretKeySignerClient != null) || (!isBlockTokenEnabled && !isContainerTokenEnabled)) {
            this.user = null;
            this.blockTokenMgr = null;
            this.containerTokenMgr = null;
            return;
        }
        this.user = UserGroupInformation.getCurrentUser().getShortUserName();
        long blockTokenExpiryDurationMs = securityConfig.getBlockTokenExpiryDurationMs();
        if (isBlockTokenEnabled) {
            this.blockTokenMgr = new OzoneBlockTokenSecretManager(blockTokenExpiryDurationMs, secretKeySignerClient);
        } else {
            this.blockTokenMgr = null;
        }
        if (isContainerTokenEnabled) {
            this.containerTokenMgr = new ContainerTokenSecretManager(blockTokenExpiryDurationMs, secretKeySignerClient);
        } else {
            this.containerTokenMgr = null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Token<OzoneBlockTokenIdentifier> getBlockToken(BlockID blockID, long j) {
        if (this.blockTokenMgr != null) {
            return this.blockTokenMgr.generateToken(this.user, blockID, MODES, j);
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Token<ContainerTokenIdentifier> getContainerToken(ContainerID containerID) {
        if (this.containerTokenMgr != null) {
            return this.containerTokenMgr.generateToken(this.user, containerID);
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String encode(Token<?> token) throws IOException {
        if (token != null) {
            return token.encodeToUrlString();
        }
        return null;
    }
}
