package org.apache.hadoop.hdds.security.token;

import java.time.Instant;
import org.apache.hadoop.hdds.annotation.InterfaceAudience;
import org.apache.hadoop.hdds.annotation.InterfaceStability;
import org.apache.hadoop.hdds.security.symmetric.ManagedSecretKey;
import org.apache.hadoop.hdds.security.symmetric.SecretKeySignerClient;
import org.apache.hadoop.hdds.security.token.ShortLivedTokenIdentifier;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.TokenIdentifier;

@InterfaceStability.Unstable
@InterfaceAudience.Private
/* loaded from: input_file:org/apache/hadoop/hdds/security/token/ShortLivedTokenSecretManager.class */
public abstract class ShortLivedTokenSecretManager<T extends ShortLivedTokenIdentifier> {
    private final long tokenMaxLifetime;
    private SecretKeySignerClient secretKeyClient;

    /* JADX INFO: Access modifiers changed from: protected */
    public ShortLivedTokenSecretManager(long j, SecretKeySignerClient secretKeySignerClient) {
        this.tokenMaxLifetime = j;
        this.secretKeyClient = secretKeySignerClient;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] createPassword(T t) {
        ManagedSecretKey currentSecretKey = this.secretKeyClient.getCurrentSecretKey();
        t.setSecretKeyId(currentSecretKey.getId());
        return currentSecretKey.sign((TokenIdentifier) t);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Instant getTokenExpiryTime() {
        return Instant.now().plusMillis(this.tokenMaxLifetime);
    }

    public Token<T> generateToken(T t) {
        return new Token<>(t.getBytes(), createPassword(t), t.getKind(), new Text(t.getService()));
    }

    public void setSecretKeyClient(SecretKeySignerClient secretKeySignerClient) {
        this.secretKeyClient = secretKeySignerClient;
    }
}
