package org.apache.hadoop.hdds.security.symmetric;

import com.google.protobuf.ByteString;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.time.Instant;
import java.util.UUID;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.apache.hadoop.hdds.protocol.proto.SCMSecretKeyProtocolProtos;
import org.apache.hadoop.security.token.TokenIdentifier;
import org.apache.hadoop.util.ProtobufUtils;

/* loaded from: input_file:org/apache/hadoop/hdds/security/symmetric/ManagedSecretKey.class */
public final class ManagedSecretKey {
    private final UUID id;
    private final Instant creationTime;
    private final Instant expiryTime;
    private final SecretKey secretKey;
    private final ThreadLocal<Mac> macInstances;

    public ManagedSecretKey(UUID uuid, Instant instant, Instant instant2, SecretKey secretKey) {
        this.id = uuid;
        this.creationTime = instant;
        this.expiryTime = instant2;
        this.secretKey = secretKey;
        this.macInstances = ThreadLocal.withInitial(() -> {
            try {
                return Mac.getInstance(secretKey.getAlgorithm());
            } catch (NoSuchAlgorithmException e) {
                throw new IllegalArgumentException("Invalid algorithm " + secretKey.getAlgorithm(), e);
            }
        });
    }

    public boolean isExpired() {
        return this.expiryTime.isBefore(Instant.now());
    }

    public UUID getId() {
        return this.id;
    }

    public SecretKey getSecretKey() {
        return this.secretKey;
    }

    public Instant getCreationTime() {
        return this.creationTime;
    }

    public Instant getExpiryTime() {
        return this.expiryTime;
    }

    public int hashCode() {
        return this.id.hashCode();
    }

    public boolean equals(Object obj) {
        if (obj instanceof ManagedSecretKey) {
            return this.id.equals(((ManagedSecretKey) obj).id);
        }
        return false;
    }

    public String toString() {
        return "SecretKey(id = " + this.id + ", creation at: " + this.creationTime + ", expire at: " + this.expiryTime + ")";
    }

    public byte[] sign(byte[] bArr) {
        try {
            Mac mac = this.macInstances.get();
            mac.init(this.secretKey);
            return mac.doFinal(bArr);
        } catch (InvalidKeyException e) {
            throw new IllegalArgumentException("Invalid key to HMAC computation", e);
        }
    }

    public byte[] sign(TokenIdentifier tokenIdentifier) {
        return sign(tokenIdentifier.getBytes());
    }

    public boolean isValidSignature(byte[] bArr, byte[] bArr2) {
        return MessageDigest.isEqual(sign(bArr), bArr2);
    }

    public boolean isValidSignature(TokenIdentifier tokenIdentifier, byte[] bArr) {
        return isValidSignature(tokenIdentifier.getBytes(), bArr);
    }

    public SCMSecretKeyProtocolProtos.ManagedSecretKey toProtobuf() {
        return SCMSecretKeyProtocolProtos.ManagedSecretKey.newBuilder().setId(ProtobufUtils.toProtobuf(this.id)).setCreationTime(this.creationTime.toEpochMilli()).setExpiryTime(this.expiryTime.toEpochMilli()).setAlgorithm(this.secretKey.getAlgorithm()).setEncoded(ByteString.copyFrom(this.secretKey.getEncoded())).build();
    }

    public static ManagedSecretKey fromProtobuf(SCMSecretKeyProtocolProtos.ManagedSecretKey managedSecretKey) {
        return new ManagedSecretKey(ProtobufUtils.fromProtobuf(managedSecretKey.getId()), Instant.ofEpochMilli(managedSecretKey.getCreationTime()), Instant.ofEpochMilli(managedSecretKey.getExpiryTime()), new SecretKeySpec(managedSecretKey.getEncoded().toByteArray(), managedSecretKey.getAlgorithm()));
    }
}
