package org.apache.hadoop.hdds.security.symmetric;

import java.security.NoSuchAlgorithmException;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.List;
import java.util.Objects;
import java.util.UUID;
import java.util.stream.Collectors;
import javax.crypto.KeyGenerator;
import org.apache.hadoop.hdds.scm.exceptions.SCMException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/hdds/security/symmetric/SecretKeyManager.class */
public class SecretKeyManager implements SecretKeyClient {
    private static final Logger LOG = LoggerFactory.getLogger(SecretKeyManager.class);
    private final SecretKeyState state;
    private final Duration rotationDuration;
    private final Duration validityDuration;
    private final SecretKeyStore keyStore;
    private final KeyGenerator keyGenerator;

    public SecretKeyManager(SecretKeyState secretKeyState, SecretKeyStore secretKeyStore, Duration duration, Duration duration2, String str) {
        this.state = (SecretKeyState) Objects.requireNonNull(secretKeyState);
        this.rotationDuration = (Duration) Objects.requireNonNull(duration);
        this.validityDuration = (Duration) Objects.requireNonNull(duration2);
        this.keyStore = (SecretKeyStore) Objects.requireNonNull(secretKeyStore);
        this.keyGenerator = createKeyGenerator(str);
    }

    public SecretKeyManager(SecretKeyState secretKeyState, SecretKeyStore secretKeyStore, SecretKeyConfig secretKeyConfig) {
        this(secretKeyState, secretKeyStore, secretKeyConfig.getRotateDuration(), secretKeyConfig.getExpiryDuration(), secretKeyConfig.getAlgorithm());
    }

    public synchronized void checkAndInitialize() throws SCMException {
        if (isInitialized()) {
            return;
        }
        LOG.info("Initializing SecretKeys.");
        List<ManagedSecretKey> list = (List) this.keyStore.load().stream().filter(managedSecretKey -> {
            return !managedSecretKey.isExpired();
        }).collect(Collectors.toList());
        if (list.isEmpty()) {
            ManagedSecretKey generateSecretKey = generateSecretKey();
            list.add(generateSecretKey);
            LOG.info("No valid key has been loaded. A new key is generated: {}", generateSecretKey);
        } else {
            LOG.info("Keys reloaded: {}", list);
        }
        this.state.updateKeys(list);
    }

    public boolean isInitialized() {
        return this.state.getCurrentKey() != null;
    }

    public synchronized boolean checkAndRotate(boolean z) throws SCMException {
        checkAndInitialize();
        ManagedSecretKey currentKey = this.state.getCurrentKey();
        if (!z && !shouldRotate(currentKey)) {
            if (!LOG.isDebugEnabled()) {
                return false;
            }
            LOG.debug("The latest key was created at: " + currentKey.getCreationTime() + " which does not pass the rotation duration");
            return false;
        }
        ManagedSecretKey generateSecretKey = generateSecretKey();
        List<ManagedSecretKey> list = (List) this.state.getSortedKeys().stream().filter(managedSecretKey -> {
            return !managedSecretKey.isExpired();
        }).collect(Collectors.toList());
        list.add(generateSecretKey);
        LOG.info((z ? "Forced " : "") + "SecretKey rotation is happening, new key generated {}", generateSecretKey);
        this.state.updateKeys(list);
        return true;
    }

    @Override // org.apache.hadoop.hdds.security.symmetric.SecretKeySignerClient
    public ManagedSecretKey getCurrentSecretKey() {
        return this.state.getCurrentKey();
    }

    @Override // org.apache.hadoop.hdds.security.symmetric.SecretKeyVerifierClient
    public ManagedSecretKey getSecretKey(UUID uuid) {
        return this.state.getKey(uuid);
    }

    public List<ManagedSecretKey> getSortedKeys() {
        return this.state.getSortedKeys();
    }

    public void reinitialize(List<ManagedSecretKey> list) {
        this.state.reinitialize(list);
    }

    private boolean shouldRotate(ManagedSecretKey managedSecretKey) {
        return Duration.between(managedSecretKey.getCreationTime(), Instant.now()).compareTo(this.rotationDuration) >= 0;
    }

    private ManagedSecretKey generateSecretKey() {
        Instant now = Instant.now();
        return new ManagedSecretKey(UUID.randomUUID(), now, now.plus((TemporalAmount) this.validityDuration), this.keyGenerator.generateKey());
    }

    private KeyGenerator createKeyGenerator(String str) {
        try {
            return KeyGenerator.getInstance(str);
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalArgumentException("Error creating KeyGenerator for algorithm " + str, e);
        }
    }
}
