package org.apache.hadoop.hdds.security.token;

import com.google.common.base.Preconditions;
import org.apache.hadoop.hdds.HddsUtils;
import org.apache.hadoop.hdds.client.BlockID;
import org.apache.hadoop.hdds.client.ContainerBlockID;
import org.apache.hadoop.hdds.protocol.datanode.proto.ContainerProtos;
import org.apache.hadoop.hdds.protocol.proto.HddsProtos;
import org.apache.hadoop.hdds.security.SecurityConfig;
import org.apache.hadoop.hdds.security.exception.SCMSecurityException;
import org.apache.hadoop.hdds.security.symmetric.SecretKeyVerifierClient;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/hdds/security/token/BlockTokenVerifier.class */
public class BlockTokenVerifier extends ShortLivedTokenVerifier<OzoneBlockTokenIdentifier> {
    private static final Logger LOGGER = LoggerFactory.getLogger(BlockTokenVerifier.class);

    public static String getTokenService(BlockID blockID) {
        return getTokenService(blockID.getContainerBlockID());
    }

    public static String getTokenService(ContainerBlockID containerBlockID) {
        return String.valueOf(containerBlockID);
    }

    public BlockTokenVerifier(SecurityConfig securityConfig, SecretKeyVerifierClient secretKeyVerifierClient) {
        super(securityConfig, secretKeyVerifierClient);
    }

    @Override // org.apache.hadoop.hdds.security.token.ShortLivedTokenVerifier
    protected boolean isTokenRequired(ContainerProtos.Type type) {
        return getConf().isBlockTokenEnabled() && HddsUtils.requireBlockToken(type);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.hadoop.hdds.security.token.ShortLivedTokenVerifier
    public OzoneBlockTokenIdentifier createTokenIdentifier() {
        return new OzoneBlockTokenIdentifier();
    }

    @Override // org.apache.hadoop.hdds.security.token.ShortLivedTokenVerifier
    protected Object getService(ContainerProtos.ContainerCommandRequestProtoOrBuilder containerCommandRequestProtoOrBuilder) {
        BlockID blockID = HddsUtils.getBlockID(containerCommandRequestProtoOrBuilder);
        Preconditions.checkNotNull(blockID, "no blockID in %s command", containerCommandRequestProtoOrBuilder.getCmdType());
        return getTokenService(blockID);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.hadoop.hdds.security.token.ShortLivedTokenVerifier
    public void verify(OzoneBlockTokenIdentifier ozoneBlockTokenIdentifier, ContainerProtos.ContainerCommandRequestProtoOrBuilder containerCommandRequestProtoOrBuilder) throws SCMSecurityException {
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Verifying token:{} for user:{} ", ozoneBlockTokenIdentifier, ozoneBlockTokenIdentifier.getUser());
        }
        HddsProtos.BlockTokenSecretProto.AccessModeProto accessModeProto = HddsUtils.isReadOnly(containerCommandRequestProtoOrBuilder) ? HddsProtos.BlockTokenSecretProto.AccessModeProto.READ : (containerCommandRequestProtoOrBuilder.getCmdType() == ContainerProtos.Type.DeleteBlock || containerCommandRequestProtoOrBuilder.getCmdType() == ContainerProtos.Type.DeleteChunk) ? HddsProtos.BlockTokenSecretProto.AccessModeProto.DELETE : HddsProtos.BlockTokenSecretProto.AccessModeProto.WRITE;
        if (!ozoneBlockTokenIdentifier.getAccessModes().contains(accessModeProto)) {
            throw new BlockTokenException("Block token with " + ozoneBlockTokenIdentifier.getService() + " doesn't have " + accessModeProto + " permission");
        }
    }
}
