package org.apache.hadoop.hdds.security.token;

import java.time.Instant;
import org.apache.hadoop.hdds.annotation.InterfaceAudience;
import org.apache.hadoop.hdds.annotation.InterfaceStability;
import org.apache.hadoop.hdds.security.OzoneSecretManager;
import org.apache.hadoop.hdds.security.token.ShortLivedTokenIdentifier;
import org.apache.hadoop.hdds.security.x509.SecurityConfig;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.token.SecretManager;
import org.apache.hadoop.security.token.Token;
import org.slf4j.Logger;

@InterfaceStability.Unstable
@InterfaceAudience.Private
/* loaded from: input_file:org/apache/hadoop/hdds/security/token/ShortLivedTokenSecretManager.class */
public abstract class ShortLivedTokenSecretManager<T extends ShortLivedTokenIdentifier> extends OzoneSecretManager<T> {
    private static final Text SERVICE = new Text("HDDS_SERVICE");
    private final String certSerialId;

    /* JADX INFO: Access modifiers changed from: protected */
    public ShortLivedTokenSecretManager(SecurityConfig securityConfig, long j, String str, Logger logger) {
        super(securityConfig, j, j, SERVICE, logger);
        this.certSerialId = str;
    }

    /* renamed from: createIdentifier, reason: merged with bridge method [inline-methods] */
    public T m20createIdentifier() {
        throw new SecurityException("Short-lived token requires additional information (owner, etc.).");
    }

    @Override // org.apache.hadoop.hdds.security.OzoneSecretManager
    public long renewToken(Token<T> token, String str) {
        throw new UnsupportedOperationException("Renew token operation is not supported for short-lived tokens.");
    }

    @Override // org.apache.hadoop.hdds.security.OzoneSecretManager
    /* renamed from: cancelToken, reason: merged with bridge method [inline-methods] */
    public T mo19cancelToken(Token<T> token, String str) {
        throw new UnsupportedOperationException("Cancel token operation is not supported for short-lived tokens.");
    }

    public byte[] retrievePassword(T t) throws SecretManager.InvalidToken {
        validateToken(t);
        return createPassword(t);
    }

    protected boolean validateToken(T t) throws SecretManager.InvalidToken {
        Instant now = Instant.now();
        if (t.isExpired(now)) {
            throw new SecretManager.InvalidToken("token " + formatTokenId(t) + " is expired, current time: " + now + " expiry time: " + t.getExpiry());
        }
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Instant getTokenExpiryTime() {
        return Instant.now().plusMillis(getTokenMaxLifetime());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getCertSerialId() {
        return this.certSerialId;
    }

    public Token<T> generateToken(T t) {
        return new Token<>(t.getBytes(), createPassword(t), t.getKind(), new Text(t.getService()));
    }
}
