package org.apache.hadoop.ozone.om.request.s3.security;

import java.io.IOException;
import java.nio.file.InvalidPathException;
import java.util.HashMap;
import java.util.concurrent.atomic.AtomicReference;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.hadoop.ozone.OmUtils;
import org.apache.hadoop.ozone.audit.OMAction;
import org.apache.hadoop.ozone.om.OMMultiTenantManager;
import org.apache.hadoop.ozone.om.OzoneManager;
import org.apache.hadoop.ozone.om.exceptions.OMException;
import org.apache.hadoop.ozone.om.helpers.S3SecretValue;
import org.apache.hadoop.ozone.om.request.OMClientRequest;
import org.apache.hadoop.ozone.om.request.util.OmResponseUtil;
import org.apache.hadoop.ozone.om.response.OMClientResponse;
import org.apache.hadoop.ozone.om.response.s3.security.S3GetSecretResponse;
import org.apache.hadoop.ozone.om.upgrade.BelongsToLayoutVersion;
import org.apache.hadoop.ozone.om.upgrade.OMLayoutFeatureAspect;
import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos;
import org.aspectj.lang.JoinPoint;
import org.aspectj.runtime.reflect.Factory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/ozone/om/request/s3/security/S3GetSecretRequest.class */
public class S3GetSecretRequest extends OMClientRequest {
    private static final Logger LOG;
    static final /* synthetic */ boolean $assertionsDisabled;
    private static /* synthetic */ JoinPoint.StaticPart ajc$tjp_0;

    static {
        ajc$preClinit();
        $assertionsDisabled = !S3GetSecretRequest.class.desiredAssertionStatus();
        LOG = LoggerFactory.getLogger(S3GetSecretRequest.class);
    }

    public S3GetSecretRequest(OzoneManagerProtocolProtos.OMRequest oMRequest) {
        super(oMRequest);
    }

    @Override // org.apache.hadoop.ozone.om.request.OMClientRequest
    public OzoneManagerProtocolProtos.OMRequest preExecute(OzoneManager ozoneManager) throws IOException {
        if (this != null && getClass().isAnnotationPresent(BelongsToLayoutVersion.class)) {
            OMLayoutFeatureAspect.aspectOf().beforeRequestApplyTxn(Factory.makeJP(ajc$tjp_0, this, this, ozoneManager));
        }
        OzoneManagerProtocolProtos.GetS3SecretRequest getS3SecretRequest = getOmRequest().getGetS3SecretRequest();
        String kerberosID = getS3SecretRequest.getKerberosID();
        S3SecretRequestHelper.checkAccessIdSecretOpPermission(ozoneManager, S3SecretRequestHelper.getOrCreateUgi(kerberosID), kerberosID);
        OzoneManagerProtocolProtos.OMRequest.Builder clientId = OzoneManagerProtocolProtos.OMRequest.newBuilder().setUserInfo(getUserInfo()).setCmdType(getOmRequest().getCmdType()).setClientId(getOmRequest().getClientId());
        boolean z = !getS3SecretRequest.hasCreateIfNotExist() || getS3SecretRequest.getCreateIfNotExist();
        clientId.setGetS3SecretRequest(OzoneManagerProtocolProtos.GetS3SecretRequest.newBuilder().setKerberosID(kerberosID).setCreateIfNotExist(z).build());
        if (z) {
            clientId.setUpdateGetS3SecretRequest(OzoneManagerProtocolProtos.UpdateGetS3SecretRequest.newBuilder().setKerberosID(kerberosID).setAwsSecret(DigestUtils.sha256Hex(OmUtils.getSHADigest())).build());
        }
        if (getOmRequest().hasTraceID()) {
            clientId.setTraceID(getOmRequest().getTraceID());
        }
        return clientId.build();
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v28, types: [org.apache.hadoop.ozone.om.response.OMClientResponse] */
    @Override // org.apache.hadoop.ozone.om.request.OMClientRequest
    public OMClientResponse validateAndUpdateCache(OzoneManager ozoneManager, long j) {
        S3GetSecretResponse s3GetSecretResponse;
        OzoneManagerProtocolProtos.OMResponse.Builder oMResponseBuilder = OmResponseUtil.getOMResponseBuilder(getOmRequest());
        Exception exc = null;
        OzoneManagerProtocolProtos.GetS3SecretRequest getS3SecretRequest = getOmRequest().getGetS3SecretRequest();
        if (!$assertionsDisabled && !getS3SecretRequest.hasCreateIfNotExist()) {
            throw new AssertionError();
        }
        boolean createIfNotExist = getS3SecretRequest.getCreateIfNotExist();
        String kerberosID = getS3SecretRequest.getKerberosID();
        AtomicReference atomicReference = new AtomicReference();
        if (createIfNotExist) {
            OzoneManagerProtocolProtos.UpdateGetS3SecretRequest updateGetS3SecretRequest = getOmRequest().getUpdateGetS3SecretRequest();
            atomicReference.set(updateGetS3SecretRequest.getAwsSecret());
            if (!$assertionsDisabled && !kerberosID.equals(updateGetS3SecretRequest.getKerberosID())) {
                throw new AssertionError();
            }
        }
        try {
            s3GetSecretResponse = (OMClientResponse) ozoneManager.getS3SecretManager().doUnderLock(kerberosID, s3SecretManager -> {
                S3SecretValue s3SecretValue;
                S3SecretValue secret = s3SecretManager.getSecret(kerberosID);
                if (secret != null) {
                    OMMultiTenantManager multiTenantManager = ozoneManager.getMultiTenantManager();
                    if (multiTenantManager == null || !multiTenantManager.getTenantForAccessID(kerberosID).isPresent()) {
                        throw new OMException("Secret for '" + kerberosID + "' already exists", OMException.ResultCodes.S3_SECRET_ALREADY_EXISTS);
                    }
                    atomicReference.set(secret.getAwsSecret());
                    s3SecretValue = null;
                } else if (createIfNotExist) {
                    s3SecretValue = new S3SecretValue(kerberosID, (String) atomicReference.get());
                    s3SecretValue.setTransactionLogIndex(j);
                    s3SecretManager.updateCache(kerberosID, s3SecretValue);
                } else {
                    s3SecretValue = null;
                }
                if (atomicReference.get() != null) {
                    return new S3GetSecretResponse(s3SecretValue, s3SecretManager, oMResponseBuilder.setGetS3SecretResponse(OzoneManagerProtocolProtos.GetS3SecretResponse.newBuilder().setS3Secret(OzoneManagerProtocolProtos.S3Secret.newBuilder().setAwsSecret((String) atomicReference.get()).setKerberosID(kerberosID))).build());
                }
                if ($assertionsDisabled || !createIfNotExist) {
                    throw new OMException("accessId '" + kerberosID + "' doesn't exist", OMException.ResultCodes.ACCESS_ID_NOT_FOUND);
                }
                throw new AssertionError();
            });
        } catch (IOException | InvalidPathException e) {
            exc = e;
            s3GetSecretResponse = new S3GetSecretResponse(null, ozoneManager.getS3SecretManager(), createErrorOMResponse(oMResponseBuilder, exc));
        }
        HashMap hashMap = new HashMap();
        hashMap.put("S3GetSecretUser", kerberosID);
        auditLog(ozoneManager.getAuditLogger(), buildAuditMessage(OMAction.GET_S3_SECRET, hashMap, exc, getOmRequest().getUserInfo()));
        if (exc == null) {
            LOG.debug("Success: GetSecret for accessKey '{}', createIfNotExist '{}'", kerberosID, Boolean.valueOf(createIfNotExist));
        } else {
            LOG.error("Failed to GetSecret for accessKey '{}', createIfNotExist '{}': {}", new Object[]{kerberosID, Boolean.valueOf(createIfNotExist), exc});
        }
        return s3GetSecretResponse;
    }

    private static /* synthetic */ void ajc$preClinit() {
        Factory factory = new Factory("S3GetSecretRequest.java", S3GetSecretRequest.class);
        ajc$tjp_0 = factory.makeSJP("method-execution", factory.makeMethodSig("1", "preExecute", "org.apache.hadoop.ozone.om.request.s3.security.S3GetSecretRequest", "org.apache.hadoop.ozone.om.OzoneManager", "ozoneManager", "java.io.IOException", "org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos$OMRequest"), 63);
    }
}
