package org.apache.hadoop.hdds.scm.security;

import com.google.common.util.concurrent.ThreadFactoryBuilder;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import org.apache.hadoop.hdds.conf.ConfigurationSource;
import org.apache.hadoop.hdds.scm.ha.SCMContext;
import org.apache.hadoop.hdds.scm.ha.SCMRatisServer;
import org.apache.hadoop.hdds.scm.ha.SCMService;
import org.apache.hadoop.hdds.security.SecurityConfig;
import org.apache.hadoop.hdds.security.symmetric.LocalSecretKeyStore;
import org.apache.hadoop.hdds.security.symmetric.SecretKeyConfig;
import org.apache.hadoop.hdds.security.symmetric.SecretKeyManager;
import org.apache.hadoop.hdds.security.symmetric.SecretKeyStore;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/hdds/scm/security/SecretKeyManagerService.class */
public class SecretKeyManagerService implements SCMService, Runnable {
    public static final Logger LOG = LoggerFactory.getLogger(SecretKeyManagerService.class);
    private static final String SERVICE_NAME = SecretKeyManagerService.class.getSimpleName();
    private final SCMContext scmContext;
    private final SecretKeyManager secretKeyManager;
    private final SecretKeyConfig secretKeyConfig;
    private final Lock serviceLock = new ReentrantLock();
    private SCMService.ServiceStatus serviceStatus = SCMService.ServiceStatus.PAUSING;
    private final ScheduledExecutorService scheduler;

    public SecretKeyManagerService(SCMContext sCMContext, ConfigurationSource configurationSource, SCMRatisServer sCMRatisServer) {
        this.scmContext = sCMContext;
        this.secretKeyConfig = new SecretKeyConfig(configurationSource, "scm");
        SecretKeyStore localSecretKeyStore = new LocalSecretKeyStore(this.secretKeyConfig.getLocalSecretKeyFile());
        this.secretKeyManager = new SecretKeyManager(new ScmSecretKeyStateBuilder().setSecretKeyStore(localSecretKeyStore).setRatisServer(sCMRatisServer).build(), localSecretKeyStore, this.secretKeyConfig);
        this.scheduler = Executors.newScheduledThreadPool(1, new ThreadFactoryBuilder().setDaemon(true).setNameFormat(sCMContext.threadNamePrefix() + getServiceName()).build());
        start();
    }

    @Override // org.apache.hadoop.hdds.scm.ha.SCMService
    public void notifyStatusChanged() {
        this.serviceLock.lock();
        try {
            if (this.scmContext.isLeaderReady()) {
                if (!this.secretKeyManager.isInitialized()) {
                    this.scheduler.schedule(() -> {
                        try {
                            this.secretKeyManager.checkAndInitialize();
                        } catch (Exception e) {
                            throw new RuntimeException("Error replicating initialized state.", e);
                        }
                    }, 0L, TimeUnit.SECONDS);
                }
                this.serviceStatus = SCMService.ServiceStatus.RUNNING;
            } else {
                this.serviceStatus = SCMService.ServiceStatus.PAUSING;
            }
        } finally {
            this.serviceLock.unlock();
        }
    }

    @Override // org.apache.hadoop.hdds.scm.ha.SCMService
    public boolean shouldRun() {
        this.serviceLock.lock();
        try {
            return this.serviceStatus == SCMService.ServiceStatus.RUNNING;
        } finally {
            this.serviceLock.unlock();
        }
    }

    @Override // java.lang.Runnable
    public void run() {
        if (shouldRun()) {
            try {
                this.secretKeyManager.checkAndRotate(false);
            } catch (Exception e) {
                LOG.error("Error occurred when updating SecretKeys.", e);
            }
        }
    }

    @Override // org.apache.hadoop.hdds.scm.ha.SCMService
    public String getServiceName() {
        return SERVICE_NAME;
    }

    @Override // org.apache.hadoop.hdds.scm.ha.SCMService
    public void start() {
        LOG.info("Scheduling rotation checker with interval {}", this.secretKeyConfig.getRotationCheckDuration());
        this.scheduler.scheduleAtFixedRate(this, 0L, this.secretKeyConfig.getRotationCheckDuration().toMillis(), TimeUnit.MILLISECONDS);
    }

    public SecretKeyManager getSecretKeyManager() {
        return this.secretKeyManager;
    }

    @Override // org.apache.hadoop.hdds.scm.ha.SCMService
    public void stop() {
        this.scheduler.shutdownNow();
    }

    public static boolean isSecretKeyEnable(SecurityConfig securityConfig) {
        return securityConfig.isSecurityEnabled() && (securityConfig.isBlockTokenEnabled() || securityConfig.isContainerTokenEnabled());
    }
}
