package org.apache.accumulo.server.security;

import com.google.common.base.Charsets;
import java.io.ByteArrayOutputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecurityPermission;
import java.util.Iterator;
import java.util.Map;
import org.apache.accumulo.core.client.Instance;
import org.apache.accumulo.core.client.security.tokens.PasswordToken;
import org.apache.accumulo.core.conf.Property;
import org.apache.accumulo.core.security.Credentials;
import org.apache.accumulo.core.security.thrift.TCredentials;
import org.apache.accumulo.core.util.Base64;
import org.apache.accumulo.server.ServerConstants;
import org.apache.accumulo.server.client.HdfsZooInstance;
import org.apache.accumulo.server.conf.ServerConfiguration;

/* loaded from: input_file:org/apache/accumulo/server/security/SystemCredentials.class */
public final class SystemCredentials extends Credentials {
    private static final SecurityPermission SYSTEM_CREDENTIALS_PERMISSION = new SecurityPermission("systemCredentialsPermission");
    private static SystemCredentials SYSTEM_CREDS = null;
    private static final String SYSTEM_PRINCIPAL = "!SYSTEM";
    private final TCredentials AS_THRIFT;

    /* loaded from: input_file:org/apache/accumulo/server/security/SystemCredentials$SystemToken.class */
    public static final class SystemToken extends PasswordToken {
        public SystemToken() {
        }

        private SystemToken(byte[] bArr) {
            super(bArr);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static SystemToken get(Instance instance) {
            byte[] bytes = instance.getInstanceID().getBytes(Charsets.UTF_8);
            try {
                MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
                messageDigest.update(ServerConstants.WIRE_VERSION.toString().getBytes(Charsets.UTF_8));
                messageDigest.update(bytes);
                Iterator<Map.Entry<String, String>> it = ServerConfiguration.getSiteConfiguration().iterator();
                while (it.hasNext()) {
                    Map.Entry<String, String> next = it.next();
                    if (next.getKey().startsWith(Property.INSTANCE_PREFIX.toString())) {
                        messageDigest.update(next.getKey().getBytes(Charsets.UTF_8));
                        messageDigest.update(next.getValue().getBytes(Charsets.UTF_8));
                    }
                }
                byte[] digest = messageDigest.digest();
                int intValue = ServerConstants.WIRE_VERSION.intValue();
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(12 + bytes.length + digest.length);
                DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
                try {
                    dataOutputStream.write(intValue * (-1));
                    dataOutputStream.write(bytes.length);
                    dataOutputStream.write(bytes);
                    dataOutputStream.write(digest.length);
                    dataOutputStream.write(digest);
                    return new SystemToken(Base64.encodeBase64(byteArrayOutputStream.toByteArray()));
                } catch (IOException e) {
                    throw new RuntimeException(e);
                }
            } catch (NoSuchAlgorithmException e2) {
                throw new RuntimeException("Failed to compute configuration checksum", e2);
            }
        }
    }

    SystemCredentials(Instance instance) {
        super(SYSTEM_PRINCIPAL, SystemToken.get(instance));
        this.AS_THRIFT = super.toThrift(instance);
    }

    public static SystemCredentials get() {
        check_permission();
        if (SYSTEM_CREDS == null) {
            SYSTEM_CREDS = new SystemCredentials(HdfsZooInstance.getInstance());
        }
        return SYSTEM_CREDS;
    }

    private static void check_permission() {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(SYSTEM_CREDENTIALS_PERMISSION);
        }
    }

    public static SystemCredentials get(Instance instance) {
        check_permission();
        return (null == SYSTEM_CREDS || !SYSTEM_CREDS.AS_THRIFT.getInstanceId().equals(instance.getInstanceID())) ? new SystemCredentials(instance) : SYSTEM_CREDS;
    }

    @Override // org.apache.accumulo.core.security.Credentials
    public TCredentials toThrift(Instance instance) {
        if (this.AS_THRIFT.getInstanceId().equals(instance.getInstanceID())) {
            return this.AS_THRIFT;
        }
        throw new IllegalArgumentException("Unexpected instance used for " + SystemCredentials.class.getSimpleName() + ": " + instance.getInstanceID());
    }
}
