package org.apache.hadoop.ozone.om;

import com.google.common.base.Preconditions;
import java.io.IOException;
import java.util.List;
import org.apache.commons.lang3.StringUtils;
import org.apache.hadoop.hdds.security.exception.OzoneSecurityException;
import org.apache.hadoop.ozone.om.helpers.S3SecretValue;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/ozone/om/S3SecretManagerImpl.class */
public class S3SecretManagerImpl implements S3SecretManager {
    private static final Logger LOG = LoggerFactory.getLogger(S3SecretManagerImpl.class);
    private final S3SecretStore s3SecretStore;
    private final S3SecretCache s3SecretCache;

    public S3SecretManagerImpl(S3SecretStore s3SecretStore, S3SecretCache s3SecretCache) {
        this.s3SecretStore = s3SecretStore;
        this.s3SecretCache = s3SecretCache;
    }

    public S3SecretValue getSecret(String str) throws IOException {
        Preconditions.checkArgument(StringUtils.isNotBlank(str), "kerberosID cannot be null or empty.");
        S3SecretValue s3SecretValue = this.s3SecretCache.get(str);
        if (s3SecretValue != null) {
            if (s3SecretValue.isDeleted()) {
                return null;
            }
            return new S3SecretValue(s3SecretValue.getKerberosID(), s3SecretValue.getAwsSecret());
        }
        S3SecretValue secret = this.s3SecretStore.getSecret(str);
        if (secret != null) {
            updateCache(str, secret);
        }
        return secret;
    }

    public String getSecretString(String str) throws IOException {
        Preconditions.checkArgument(StringUtils.isNotBlank(str), "awsAccessKeyId cannot be null or empty.");
        LOG.trace("Get secret for awsAccessKey:{}", str);
        S3SecretValue s3SecretValue = this.s3SecretCache.get(str);
        if (s3SecretValue != null) {
            return s3SecretValue.getAwsSecret();
        }
        S3SecretValue secret = this.s3SecretStore.getSecret(str);
        if (secret == null) {
            throw new OzoneSecurityException("S3 secret not found for awsAccessKeyId " + str, OzoneSecurityException.ResultCodes.S3_SECRET_NOT_FOUND);
        }
        updateCache(str, secret);
        return secret.getAwsSecret();
    }

    public void storeSecret(String str, S3SecretValue s3SecretValue) throws IOException {
        this.s3SecretStore.storeSecret(str, s3SecretValue);
        updateCache(str, s3SecretValue);
        if (LOG.isTraceEnabled()) {
            LOG.trace("Secret for accessKey:{} stored", str);
        }
    }

    public void revokeSecret(String str) throws IOException {
        this.s3SecretStore.revokeSecret(str);
        invalidateCacheEntry(str);
    }

    public void clearS3Cache(List<Long> list) {
        clearCache(list);
    }

    public <T> T doUnderLock(String str, S3SecretFunction<T> s3SecretFunction) throws IOException {
        throw new UnsupportedOperationException("Lock on locked secret manager is not supported.");
    }

    public S3SecretCache cache() {
        return this.s3SecretCache;
    }

    public S3Batcher batcher() {
        return this.s3SecretStore.batcher();
    }

    public void updateCache(String str, S3SecretValue s3SecretValue) {
        super.updateCache(str, s3SecretValue);
    }
}
