package org.apache.hadoop.hdfs.server.namenode;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.PrivilegedExceptionAction;
import java.util.AbstractMap;
import java.util.ArrayList;
import java.util.EnumSet;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ExecutorService;
import org.apache.hadoop.crypto.CipherSuite;
import org.apache.hadoop.crypto.CryptoProtocolVersion;
import org.apache.hadoop.crypto.key.KeyProvider;
import org.apache.hadoop.crypto.key.KeyProviderCryptoExtension;
import org.apache.hadoop.fs.BatchedRemoteIterator;
import org.apache.hadoop.fs.FileEncryptionInfo;
import org.apache.hadoop.fs.FileStatus;
import org.apache.hadoop.fs.UnresolvedLinkException;
import org.apache.hadoop.fs.XAttr;
import org.apache.hadoop.fs.XAttrSetFlag;
import org.apache.hadoop.fs.permission.FsAction;
import org.apache.hadoop.hdfs.XAttrHelper;
import org.apache.hadoop.hdfs.protocol.EncryptionZone;
import org.apache.hadoop.hdfs.protocol.SnapshotAccessControlException;
import org.apache.hadoop.hdfs.protocol.ZoneReencryptionStatus;
import org.apache.hadoop.hdfs.protocol.proto.HdfsProtos;
import org.apache.hadoop.hdfs.protocolPB.PBHelperClient;
import org.apache.hadoop.hdfs.server.common.HdfsServerConstants;
import org.apache.hadoop.hdfs.server.namenode.FSDirectory;
import org.apache.hadoop.hdfs.server.namenode.ReencryptionUpdater;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.thirdparty.com.google.common.base.Preconditions;
import org.apache.hadoop.thirdparty.com.google.common.collect.Lists;
import org.apache.hadoop.thirdparty.protobuf.InvalidProtocolBufferException;
import org.apache.hadoop.util.Time;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:WEB-INF/lib/hadoop-hdfs-3.3.5.202-eep-921.jar:org/apache/hadoop/hdfs/server/namenode/FSDirEncryptionZoneOp.class */
public final class FSDirEncryptionZoneOp {
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/hadoop-hdfs-3.3.5.202-eep-921.jar:org/apache/hadoop/hdfs/server/namenode/FSDirEncryptionZoneOp$EDEKCacheLoader.class */
    public static class EDEKCacheLoader implements Runnable {
        private final String[] keyNames;
        private final KeyProviderCryptoExtension kp;
        private int initialDelay;
        private int retryInterval;

        EDEKCacheLoader(String[] strArr, KeyProviderCryptoExtension keyProviderCryptoExtension, int i, int i2) {
            this.keyNames = strArr;
            this.kp = keyProviderCryptoExtension;
            this.initialDelay = i;
            this.retryInterval = i2;
        }

        @Override // java.lang.Runnable
        public void run() {
            NameNode.LOG.info("Warming up {} EDEKs... (initialDelay={}, retryInterval={})", Integer.valueOf(this.keyNames.length), Integer.valueOf(this.initialDelay), Integer.valueOf(this.retryInterval));
            try {
                Thread.sleep(this.initialDelay);
                int i = 10000;
                boolean z = false;
                IOException iOException = null;
                long monotonicNow = Time.monotonicNow();
                while (true) {
                    try {
                        this.kp.warmUpEncryptedKeys(this.keyNames);
                        NameNode.LOG.info("Successfully warmed up {} EDEKs.", Integer.valueOf(this.keyNames.length));
                        z = true;
                        break;
                    } catch (IOException e) {
                        iOException = e;
                        if (i >= 10000) {
                            NameNode.LOG.info("Failed to warm up EDEKs.", (Throwable) e);
                            i = 0;
                        } else {
                            NameNode.LOG.debug("Failed to warm up EDEKs.", (Throwable) e);
                        }
                        try {
                            Thread.sleep(this.retryInterval);
                            i += this.retryInterval;
                        } catch (InterruptedException e2) {
                            NameNode.LOG.info("EDEKCacheLoader interrupted during retry.");
                        }
                    } catch (Exception e3) {
                        NameNode.LOG.error("Cannot warm up EDEKs.", (Throwable) e3);
                        throw e3;
                    }
                }
                NameNode.getNameNodeMetrics().addWarmUpEDEKTime(Time.monotonicNow() - monotonicNow);
                if (z) {
                    return;
                }
                NameNode.LOG.warn("Unable to warm up EDEKs.");
                if (iOException != null) {
                    NameNode.LOG.warn("Last seen exception:", (Throwable) iOException);
                }
            } catch (InterruptedException e4) {
                NameNode.LOG.info("EDEKCacheLoader interrupted before warming up.");
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/hadoop-hdfs-3.3.5.202-eep-921.jar:org/apache/hadoop/hdfs/server/namenode/FSDirEncryptionZoneOp$EncryptionKeyInfo.class */
    public static class EncryptionKeyInfo {
        final CryptoProtocolVersion protocolVersion;
        final CipherSuite suite;
        final String ezKeyName;
        final KeyProviderCryptoExtension.EncryptedKeyVersion edek;

        EncryptionKeyInfo(CryptoProtocolVersion cryptoProtocolVersion, CipherSuite cipherSuite, String str, KeyProviderCryptoExtension.EncryptedKeyVersion encryptedKeyVersion) {
            this.protocolVersion = cryptoProtocolVersion;
            this.suite = cipherSuite;
            this.ezKeyName = str;
            this.edek = encryptedKeyVersion;
        }
    }

    private FSDirEncryptionZoneOp() {
    }

    private static KeyProviderCryptoExtension.EncryptedKeyVersion generateEncryptedDataEncryptionKey(final FSDirectory fSDirectory, final String str) throws IOException {
        if (!$assertionsDisabled && fSDirectory.getFSNamesystem().hasReadLock()) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && fSDirectory.getFSNamesystem().hasWriteLock()) {
            throw new AssertionError();
        }
        if (str == null) {
            return null;
        }
        long monotonicNow = Time.monotonicNow();
        KeyProviderCryptoExtension.EncryptedKeyVersion encryptedKeyVersion = (KeyProviderCryptoExtension.EncryptedKeyVersion) SecurityUtil.doAsLoginUser(new PrivilegedExceptionAction<KeyProviderCryptoExtension.EncryptedKeyVersion>() { // from class: org.apache.hadoop.hdfs.server.namenode.FSDirEncryptionZoneOp.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public KeyProviderCryptoExtension.EncryptedKeyVersion run() throws IOException {
                try {
                    return FSDirectory.this.getProvider().generateEncryptedKey(str);
                } catch (GeneralSecurityException e) {
                    throw new IOException(e);
                }
            }
        });
        NameNode.getNameNodeMetrics().addGenerateEDEKTime(Time.monotonicNow() - monotonicNow);
        Preconditions.checkNotNull(encryptedKeyVersion);
        return encryptedKeyVersion;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KeyProvider.Metadata ensureKeyIsInitialized(FSDirectory fSDirectory, String str, String str2) throws IOException {
        KeyProviderCryptoExtension provider = fSDirectory.getProvider();
        if (provider == null) {
            throw new IOException("Can't create an encryption zone for " + str2 + " since no key provider is available.");
        }
        if (str == null || str.isEmpty()) {
            throw new IOException("Must specify a key name when creating an encryption zone");
        }
        EncryptionFaultInjector.getInstance().ensureKeyIsInitialized();
        KeyProvider.Metadata metadata = provider.getMetadata(str);
        if (metadata == null) {
            throw new IOException("Key " + str + " doesn't exist.");
        }
        provider.warmUpEncryptedKeys(str);
        return metadata;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static FileStatus createEncryptionZone(FSDirectory fSDirectory, String str, FSPermissionChecker fSPermissionChecker, String str2, String str3, boolean z) throws IOException {
        CipherSuite convert = CipherSuite.convert(str2);
        ArrayList newArrayListWithCapacity = Lists.newArrayListWithCapacity(1);
        CryptoProtocolVersion cryptoProtocolVersion = CryptoProtocolVersion.ENCRYPTION_ZONES;
        fSDirectory.writeLock();
        try {
            INodesInPath resolvePath = fSDirectory.resolvePath(fSPermissionChecker, str, FSDirectory.DirOp.WRITE);
            newArrayListWithCapacity.add(fSDirectory.ezManager.createEncryptionZone(resolvePath, convert, cryptoProtocolVersion, str3));
            fSDirectory.writeUnlock();
            fSDirectory.getEditLog().logSetXAttrs(resolvePath.getPath(), newArrayListWithCapacity, z);
            return fSDirectory.getAuditFileInfo(resolvePath);
        } catch (Throwable th) {
            fSDirectory.writeUnlock();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Map.Entry<EncryptionZone, FileStatus> getEZForPath(FSDirectory fSDirectory, String str, FSPermissionChecker fSPermissionChecker) throws IOException {
        fSDirectory.readLock();
        try {
            INodesInPath resolvePath = fSDirectory.resolvePath(fSPermissionChecker, str, FSDirectory.DirOp.READ);
            if (fSDirectory.isPermissionEnabled()) {
                fSDirectory.checkPathAccess(fSPermissionChecker, resolvePath, FsAction.READ);
            }
            EncryptionZone eZINodeForPath = fSDirectory.ezManager.getEZINodeForPath(resolvePath);
            fSDirectory.readUnlock();
            return new AbstractMap.SimpleImmutableEntry(eZINodeForPath, fSDirectory.getAuditFileInfo(resolvePath));
        } catch (Throwable th) {
            fSDirectory.readUnlock();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static EncryptionZone getEZForPath(FSDirectory fSDirectory, INodesInPath iNodesInPath) throws IOException {
        fSDirectory.readLock();
        try {
            return fSDirectory.ezManager.getEZINodeForPath(iNodesInPath);
        } finally {
            fSDirectory.readUnlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static BatchedRemoteIterator.BatchedListEntries<EncryptionZone> listEncryptionZones(FSDirectory fSDirectory, long j) throws IOException {
        fSDirectory.readLock();
        try {
            BatchedRemoteIterator.BatchedListEntries<EncryptionZone> listEncryptionZones = fSDirectory.ezManager.listEncryptionZones(j);
            fSDirectory.readUnlock();
            return listEncryptionZones;
        } catch (Throwable th) {
            fSDirectory.readUnlock();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<XAttr> reencryptEncryptionZone(FSDirectory fSDirectory, INodesInPath iNodesInPath, String str) throws IOException {
        if ($assertionsDisabled || str != null) {
            return fSDirectory.ezManager.reencryptEncryptionZone(iNodesInPath, str);
        }
        throw new AssertionError();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<XAttr> cancelReencryptEncryptionZone(FSDirectory fSDirectory, INodesInPath iNodesInPath) throws IOException {
        return fSDirectory.ezManager.cancelReencryptEncryptionZone(iNodesInPath);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static BatchedRemoteIterator.BatchedListEntries<ZoneReencryptionStatus> listReencryptionStatus(FSDirectory fSDirectory, long j) throws IOException {
        fSDirectory.readLock();
        try {
            BatchedRemoteIterator.BatchedListEntries<ZoneReencryptionStatus> listReencryptionStatus = fSDirectory.ezManager.listReencryptionStatus(j);
            fSDirectory.readUnlock();
            return listReencryptionStatus;
        } catch (Throwable th) {
            fSDirectory.readUnlock();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static XAttr updateReencryptionSubmitted(FSDirectory fSDirectory, INodesInPath iNodesInPath, String str) throws IOException {
        if (!$assertionsDisabled && !fSDirectory.hasWriteLock()) {
            throw new AssertionError();
        }
        Preconditions.checkNotNull(str, "ezKeyVersionName is null.");
        HdfsProtos.ZoneEncryptionInfoProto zoneEncryptionInfoProto = getZoneEncryptionInfoProto(iNodesInPath);
        Preconditions.checkNotNull(zoneEncryptionInfoProto, "ZoneEncryptionInfoProto is null.");
        XAttr buildXAttr = XAttrHelper.buildXAttr(HdfsServerConstants.CRYPTO_XATTR_ENCRYPTION_ZONE, PBHelperClient.convert(PBHelperClient.convert(zoneEncryptionInfoProto.getSuite()), PBHelperClient.convert(zoneEncryptionInfoProto.getCryptoProtocolVersion()), zoneEncryptionInfoProto.getKeyName(), PBHelperClient.convert(str, Long.valueOf(Time.now()), false, 0L, 0L, null, null)).toByteArray());
        ArrayList newArrayListWithCapacity = Lists.newArrayListWithCapacity(1);
        newArrayListWithCapacity.add(buildXAttr);
        FSDirXAttrOp.unprotectedSetXAttrs(fSDirectory, iNodesInPath, newArrayListWithCapacity, EnumSet.of(XAttrSetFlag.REPLACE));
        return buildXAttr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static XAttr updateReencryptionProgress(FSDirectory fSDirectory, INode iNode, ZoneReencryptionStatus zoneReencryptionStatus, String str, long j, long j2) throws IOException {
        if (!$assertionsDisabled && !fSDirectory.hasWriteLock()) {
            throw new AssertionError();
        }
        Preconditions.checkNotNull(iNode, "Zone node is null");
        INodesInPath fromINode = INodesInPath.fromINode(iNode);
        HdfsProtos.ZoneEncryptionInfoProto zoneEncryptionInfoProto = getZoneEncryptionInfoProto(fromINode);
        Preconditions.checkNotNull(zoneEncryptionInfoProto, "ZoneEncryptionInfoProto is null.");
        Preconditions.checkNotNull(zoneReencryptionStatus, "Null status for " + fromINode.getPath());
        XAttr buildXAttr = XAttrHelper.buildXAttr(HdfsServerConstants.CRYPTO_XATTR_ENCRYPTION_ZONE, PBHelperClient.convert(PBHelperClient.convert(zoneEncryptionInfoProto.getSuite()), PBHelperClient.convert(zoneEncryptionInfoProto.getCryptoProtocolVersion()), zoneEncryptionInfoProto.getKeyName(), PBHelperClient.convert(zoneReencryptionStatus.getEzKeyVersionName(), Long.valueOf(zoneReencryptionStatus.getSubmissionTime()), false, zoneReencryptionStatus.getFilesReencrypted() + j, zoneReencryptionStatus.getNumReencryptionFailures() + j2, null, str)).toByteArray());
        ArrayList newArrayListWithCapacity = Lists.newArrayListWithCapacity(1);
        newArrayListWithCapacity.add(buildXAttr);
        FSDirXAttrOp.unprotectedSetXAttrs(fSDirectory, fromINode, newArrayListWithCapacity, EnumSet.of(XAttrSetFlag.REPLACE));
        return buildXAttr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<XAttr> updateReencryptionFinish(FSDirectory fSDirectory, INodesInPath iNodesInPath, ZoneReencryptionStatus zoneReencryptionStatus) throws IOException {
        if (!$assertionsDisabled && zoneReencryptionStatus == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && !fSDirectory.hasWriteLock()) {
            throw new AssertionError();
        }
        fSDirectory.ezManager.getReencryptionStatus().markZoneCompleted(Long.valueOf(iNodesInPath.getLastINode().getId()));
        XAttr generateNewXAttrForReencryptionFinish = generateNewXAttrForReencryptionFinish(iNodesInPath, zoneReencryptionStatus);
        ArrayList newArrayListWithCapacity = Lists.newArrayListWithCapacity(1);
        newArrayListWithCapacity.add(generateNewXAttrForReencryptionFinish);
        FSDirXAttrOp.unprotectedSetXAttrs(fSDirectory, iNodesInPath, newArrayListWithCapacity, EnumSet.of(XAttrSetFlag.REPLACE));
        return newArrayListWithCapacity;
    }

    static XAttr generateNewXAttrForReencryptionFinish(INodesInPath iNodesInPath, ZoneReencryptionStatus zoneReencryptionStatus) throws IOException {
        HdfsProtos.ZoneEncryptionInfoProto zoneEncryptionInfoProto = getZoneEncryptionInfoProto(iNodesInPath);
        return XAttrHelper.buildXAttr(HdfsServerConstants.CRYPTO_XATTR_ENCRYPTION_ZONE, PBHelperClient.convert(PBHelperClient.convert(zoneEncryptionInfoProto.getSuite()), PBHelperClient.convert(zoneEncryptionInfoProto.getCryptoProtocolVersion()), zoneEncryptionInfoProto.getKeyName(), PBHelperClient.convert(zoneReencryptionStatus.getEzKeyVersionName(), Long.valueOf(zoneReencryptionStatus.getSubmissionTime()), zoneReencryptionStatus.isCanceled(), zoneReencryptionStatus.getFilesReencrypted(), zoneReencryptionStatus.getNumReencryptionFailures(), Long.valueOf(Time.now()), null)).toByteArray());
    }

    private static HdfsProtos.ZoneEncryptionInfoProto getZoneEncryptionInfoProto(INodesInPath iNodesInPath) throws IOException {
        XAttr unprotectedGetXAttrByPrefixedName = FSDirXAttrOp.unprotectedGetXAttrByPrefixedName(iNodesInPath.getLastINode(), iNodesInPath.getPathSnapshotId(), HdfsServerConstants.CRYPTO_XATTR_ENCRYPTION_ZONE);
        if (unprotectedGetXAttrByPrefixedName == null) {
            throw new IOException("Could not find reencryption XAttr for file " + iNodesInPath.getPath());
        }
        try {
            return HdfsProtos.ZoneEncryptionInfoProto.parseFrom(unprotectedGetXAttrByPrefixedName.getValue());
        } catch (InvalidProtocolBufferException e) {
            throw new IOException("Could not parse file encryption info for inode " + iNodesInPath.getPath(), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void saveFileXAttrsForBatch(FSDirectory fSDirectory, List<ReencryptionUpdater.FileEdekInfo> list) {
        if (!$assertionsDisabled && !fSDirectory.getFSNamesystem().hasWriteLock()) {
            throw new AssertionError();
        }
        if (list == null || list.isEmpty()) {
            return;
        }
        for (ReencryptionUpdater.FileEdekInfo fileEdekInfo : list) {
            INode inode = fSDirectory.getInode(fileEdekInfo.getInodeId());
            if (inode == null) {
                NameNode.LOG.info("Cannot find inode {}, skip saving xattr for re-encryption", Long.valueOf(fileEdekInfo.getInodeId()));
            } else {
                fSDirectory.getEditLog().logSetXAttrs(inode.getFullPathName(), inode.getXAttrFeature().getXAttrs(), false);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void setFileEncryptionInfo(FSDirectory fSDirectory, INodesInPath iNodesInPath, FileEncryptionInfo fileEncryptionInfo, XAttrSetFlag xAttrSetFlag) throws IOException {
        XAttr buildXAttr = XAttrHelper.buildXAttr(HdfsServerConstants.CRYPTO_XATTR_FILE_ENCRYPTION_INFO, PBHelperClient.convertPerFileEncInfo(fileEncryptionInfo).toByteArray());
        ArrayList newArrayListWithCapacity = Lists.newArrayListWithCapacity(1);
        newArrayListWithCapacity.add(buildXAttr);
        fSDirectory.writeLock();
        try {
            FSDirXAttrOp.unprotectedSetXAttrs(fSDirectory, iNodesInPath, newArrayListWithCapacity, EnumSet.of(xAttrSetFlag));
            fSDirectory.writeUnlock();
        } catch (Throwable th) {
            fSDirectory.writeUnlock();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static FileEncryptionInfo getFileEncryptionInfo(FSDirectory fSDirectory, INodesInPath iNodesInPath) throws IOException {
        if (iNodesInPath.isRaw() || !fSDirectory.ezManager.hasCreatedEncryptionZone() || !iNodesInPath.getLastINode().isFile()) {
            return null;
        }
        fSDirectory.readLock();
        try {
            EncryptionZone eZForPath = getEZForPath(fSDirectory, iNodesInPath);
            if (eZForPath == null) {
                return null;
            }
            if ((eZForPath.getPath() == null || eZForPath.getPath().isEmpty()) && NameNode.LOG.isDebugEnabled()) {
                NameNode.LOG.debug("Encryption zone " + eZForPath.getPath() + " does not have a valid path.");
            }
            XAttr unprotectedGetXAttrByPrefixedName = FSDirXAttrOp.unprotectedGetXAttrByPrefixedName(iNodesInPath.getLastINode(), iNodesInPath.getPathSnapshotId(), HdfsServerConstants.CRYPTO_XATTR_FILE_ENCRYPTION_INFO);
            if (unprotectedGetXAttrByPrefixedName == null) {
                NameNode.LOG.warn("Could not find encryption XAttr for file " + iNodesInPath.getPath() + " in encryption zone " + eZForPath.getPath());
                fSDirectory.readUnlock();
                return null;
            }
            try {
                FileEncryptionInfo convert = PBHelperClient.convert(HdfsProtos.PerFileEncryptionInfoProto.parseFrom(unprotectedGetXAttrByPrefixedName.getValue()), eZForPath.getSuite(), eZForPath.getVersion(), eZForPath.getKeyName());
                fSDirectory.readUnlock();
                return convert;
            } catch (InvalidProtocolBufferException e) {
                throw new IOException("Could not parse file encryption info for inode " + iNodesInPath.getPath(), e);
            }
        } finally {
            fSDirectory.readUnlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static FileEncryptionInfo getFileEncryptionInfo(FSDirectory fSDirectory, INodesInPath iNodesInPath, EncryptionKeyInfo encryptionKeyInfo) throws RetryStartFileException, IOException {
        FileEncryptionInfo fileEncryptionInfo = null;
        EncryptionZone eZForPath = getEZForPath(fSDirectory, iNodesInPath);
        if (eZForPath != null) {
            if (encryptionKeyInfo == null) {
                throw new RetryStartFileException();
            }
            String keyName = eZForPath.getKeyName();
            if (!keyName.equals(encryptionKeyInfo.edek.getEncryptionKeyName())) {
                throw new RetryStartFileException();
            }
            fileEncryptionInfo = new FileEncryptionInfo(encryptionKeyInfo.suite, encryptionKeyInfo.protocolVersion, encryptionKeyInfo.edek.getEncryptedKeyVersion().getMaterial(), encryptionKeyInfo.edek.getEncryptedKeyIv(), keyName, encryptionKeyInfo.edek.getEncryptionKeyVersionName());
        }
        return fileEncryptionInfo;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isInAnEZ(FSDirectory fSDirectory, INodesInPath iNodesInPath) throws UnresolvedLinkException, SnapshotAccessControlException, IOException {
        if (!fSDirectory.ezManager.hasCreatedEncryptionZone()) {
            return false;
        }
        fSDirectory.readLock();
        try {
            return fSDirectory.ezManager.isInAnEZ(iNodesInPath);
        } finally {
            fSDirectory.readUnlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void warmUpEdekCache(ExecutorService executorService, FSDirectory fSDirectory, int i, int i2) {
        fSDirectory.readLock();
        try {
            executorService.execute(new EDEKCacheLoader(fSDirectory.ezManager.getKeyNames(), fSDirectory.getProvider(), i, i2));
            fSDirectory.readUnlock();
        } catch (Throwable th) {
            fSDirectory.readUnlock();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static EncryptionKeyInfo getEncryptionKeyInfo(FSNamesystem fSNamesystem, INodesInPath iNodesInPath, CryptoProtocolVersion[] cryptoProtocolVersionArr) throws IOException {
        FSDirectory fSDirectory = fSNamesystem.getFSDirectory();
        EncryptionZone eZForPath = getEZForPath(fSDirectory, iNodesInPath);
        if (eZForPath == null) {
            EncryptionFaultInjector.getInstance().startFileNoKey();
            return null;
        }
        CryptoProtocolVersion chooseProtocolVersion = fSNamesystem.chooseProtocolVersion(eZForPath, cryptoProtocolVersionArr);
        CipherSuite suite = eZForPath.getSuite();
        String keyName = eZForPath.getKeyName();
        Preconditions.checkNotNull(chooseProtocolVersion);
        Preconditions.checkNotNull(suite);
        Preconditions.checkArgument(!suite.equals(CipherSuite.UNKNOWN), "Chose an UNKNOWN CipherSuite!");
        Preconditions.checkNotNull(keyName);
        fSNamesystem.writeUnlock();
        try {
            EncryptionFaultInjector.getInstance().startFileBeforeGenerateKey();
            EncryptionKeyInfo encryptionKeyInfo = new EncryptionKeyInfo(chooseProtocolVersion, suite, keyName, generateEncryptedDataEncryptionKey(fSDirectory, keyName));
            fSNamesystem.writeLock();
            EncryptionFaultInjector.getInstance().startFileAfterGenerateKey();
            return encryptionKeyInfo;
        } catch (Throwable th) {
            fSNamesystem.writeLock();
            EncryptionFaultInjector.getInstance().startFileAfterGenerateKey();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getCurrentKeyVersion(FSDirectory fSDirectory, FSPermissionChecker fSPermissionChecker, String str) throws IOException {
        if (!$assertionsDisabled && fSDirectory.getProvider() == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && fSDirectory.hasReadLock()) {
            throw new AssertionError();
        }
        String keyNameForZone = getKeyNameForZone(fSDirectory, fSPermissionChecker, str);
        if (keyNameForZone == null) {
            throw new IOException(str + " is not an encryption zone.");
        }
        fSDirectory.getProvider().drain(keyNameForZone);
        try {
            KeyProviderCryptoExtension.EncryptedKeyVersion generateEncryptedKey = fSDirectory.getProvider().generateEncryptedKey(keyNameForZone);
            Preconditions.checkNotNull(generateEncryptedKey);
            return generateEncryptedKey.getEncryptionKeyVersionName();
        } catch (GeneralSecurityException e) {
            throw new IOException(e);
        }
    }

    static String getKeyNameForZone(FSDirectory fSDirectory, FSPermissionChecker fSPermissionChecker, String str) throws IOException {
        if (!$assertionsDisabled && fSDirectory.getProvider() == null) {
            throw new AssertionError();
        }
        fSDirectory.getFSNamesystem().readLock();
        try {
            INodesInPath resolvePath = fSDirectory.resolvePath(fSPermissionChecker, str, FSDirectory.DirOp.READ);
            fSDirectory.ezManager.checkEncryptionZoneRoot(resolvePath.getLastINode(), str);
            String keyName = fSDirectory.ezManager.getKeyName(resolvePath);
            fSDirectory.getFSNamesystem().readUnlock();
            return keyName;
        } catch (Throwable th) {
            fSDirectory.getFSNamesystem().readUnlock();
            throw th;
        }
    }

    static {
        $assertionsDisabled = !FSDirEncryptionZoneOp.class.desiredAssertionStatus();
    }
}
