package org.apache.hadoop.hdds.security.symmetric;

import com.fasterxml.jackson.databind.MappingIterator;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.SequenceWriter;
import com.fasterxml.jackson.databind.SerializationFeature;
import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
import com.google.common.collect.Sets;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;
import java.nio.file.attribute.PosixFilePermission;
import java.time.Instant;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.UUID;
import java.util.stream.Collectors;
import javax.crypto.spec.SecretKeySpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/hdds/security/symmetric/LocalSecretKeyStore.class */
public class LocalSecretKeyStore implements SecretKeyStore {
    private static final Set<PosixFilePermission> SECRET_KEYS_PERMISSIONS = Sets.newHashSet(new PosixFilePermission[]{PosixFilePermission.OWNER_READ, PosixFilePermission.OWNER_WRITE});
    private static final Logger LOG = LoggerFactory.getLogger(LocalSecretKeyStore.class);
    private final Path secretKeysFile;
    private final ObjectMapper mapper = new ObjectMapper().registerModule(new JavaTimeModule()).configure(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS, false);

    /* loaded from: input_file:org/apache/hadoop/hdds/security/symmetric/LocalSecretKeyStore$ManagedSecretKeyDto.class */
    private static class ManagedSecretKeyDto {
        private UUID id;
        private Instant creationTime;
        private Instant expiryTime;
        private String algorithm;
        private byte[] encoded;

        ManagedSecretKeyDto() {
        }

        ManagedSecretKeyDto(ManagedSecretKey managedSecretKey) {
            this.id = managedSecretKey.getId();
            this.creationTime = managedSecretKey.getCreationTime();
            this.expiryTime = managedSecretKey.getExpiryTime();
            this.algorithm = managedSecretKey.getSecretKey().getAlgorithm();
            this.encoded = managedSecretKey.getSecretKey().getEncoded();
        }

        public ManagedSecretKey toObject() {
            return new ManagedSecretKey(this.id, this.creationTime, this.expiryTime, new SecretKeySpec(this.encoded, this.algorithm));
        }

        public UUID getId() {
            return this.id;
        }

        public void setId(UUID uuid) {
            this.id = uuid;
        }

        public Instant getCreationTime() {
            return this.creationTime;
        }

        public void setCreationTime(Instant instant) {
            this.creationTime = instant;
        }

        public Instant getExpiryTime() {
            return this.expiryTime;
        }

        public void setExpiryTime(Instant instant) {
            this.expiryTime = instant;
        }

        public String getAlgorithm() {
            return this.algorithm;
        }

        public void setAlgorithm(String str) {
            this.algorithm = str;
        }

        public byte[] getEncoded() {
            return this.encoded;
        }

        public void setEncoded(byte[] bArr) {
            this.encoded = bArr;
        }
    }

    public LocalSecretKeyStore(Path path) {
        this.secretKeysFile = (Path) Objects.requireNonNull(path);
    }

    @Override // org.apache.hadoop.hdds.security.symmetric.SecretKeyStore
    public synchronized List<ManagedSecretKey> load() {
        if (!this.secretKeysFile.toFile().exists()) {
            return Collections.emptyList();
        }
        try {
            MappingIterator readValues = this.mapper.readerFor(ManagedSecretKeyDto.class).readValues(this.secretKeysFile.toFile());
            Throwable th = null;
            try {
                try {
                    List<ManagedSecretKey> list = (List) readValues.readAll().stream().map((v0) -> {
                        return v0.toObject();
                    }).collect(Collectors.toList());
                    LOG.info("Loaded {} from {}", list, this.secretKeysFile);
                    if (readValues != null) {
                        if (0 != 0) {
                            try {
                                readValues.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            readValues.close();
                        }
                    }
                    return list;
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            throw new IllegalStateException("Error reading SecretKeys from " + this.secretKeysFile, e);
        }
    }

    @Override // org.apache.hadoop.hdds.security.symmetric.SecretKeyStore
    public synchronized void save(Collection<ManagedSecretKey> collection) {
        createSecretKeyFiles();
        List list = (List) collection.stream().map(ManagedSecretKeyDto::new).collect(Collectors.toList());
        try {
            SequenceWriter writeValues = this.mapper.writer().writeValues(this.secretKeysFile.toFile());
            Throwable th = null;
            try {
                try {
                    writeValues.init(true);
                    writeValues.writeAll(list);
                    if (writeValues != null) {
                        if (0 != 0) {
                            try {
                                writeValues.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            writeValues.close();
                        }
                    }
                    LOG.info("Saved {} to file {}", collection, this.secretKeysFile);
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            throw new IllegalStateException("Error saving SecretKeys to file " + this.secretKeysFile, e);
        }
    }

    private void createSecretKeyFiles() {
        try {
            if (!Files.exists(this.secretKeysFile, new LinkOption[0])) {
                Path parent = this.secretKeysFile.getParent();
                if (parent != null && !Files.exists(parent, new LinkOption[0])) {
                    Files.createDirectories(parent, new FileAttribute[0]);
                }
                Files.createFile(this.secretKeysFile, new FileAttribute[0]);
            }
            Files.setPosixFilePermissions(this.secretKeysFile, SECRET_KEYS_PERMISSIONS);
        } catch (IOException e) {
            throw new IllegalStateException("Error setting secret keys file permission: " + this.secretKeysFile, e);
        }
    }
}
