package org.apache.hadoop.yarn.server.resourcemanager.security;

import com.google.common.annotations.VisibleForTesting;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Timer;
import java.util.TimerTask;
import java.util.concurrent.ConcurrentHashMap;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.yarn.api.records.ApplicationAttemptId;
import org.apache.hadoop.yarn.api.records.Container;
import org.apache.hadoop.yarn.api.records.NMToken;
import org.apache.hadoop.yarn.api.records.NodeId;
import org.apache.hadoop.yarn.server.api.records.MasterKey;
import org.apache.hadoop.yarn.server.security.BaseNMTokenSecretManager;
import org.apache.hadoop.yarn.server.security.MasterKeyData;

/* JADX WARN: Classes with same name are omitted:
  input_file:hadoop-yarn-server-resourcemanager-2.3.0-mapr-4.0.0-beta.jar:org/apache/hadoop/yarn/server/resourcemanager/security/NMTokenSecretManagerInRM.class
 */
/* loaded from: input_file:classes/org/apache/hadoop/yarn/server/resourcemanager/security/NMTokenSecretManagerInRM.class */
public class NMTokenSecretManagerInRM extends BaseNMTokenSecretManager {
    private static Log LOG = LogFactory.getLog(NMTokenSecretManagerInRM.class);
    private MasterKeyData nextMasterKey;
    private Configuration conf;
    private final Timer timer = new Timer();
    private final long rollingInterval;
    private final long activationDelay;
    private final ConcurrentHashMap<ApplicationAttemptId, HashSet<NodeId>> appAttemptToNodeKeyMap;

    /* JADX WARN: Classes with same name are omitted:
      input_file:hadoop-yarn-server-resourcemanager-2.3.0-mapr-4.0.0-beta.jar:org/apache/hadoop/yarn/server/resourcemanager/security/NMTokenSecretManagerInRM$MasterKeyRoller.class
     */
    /* loaded from: input_file:classes/org/apache/hadoop/yarn/server/resourcemanager/security/NMTokenSecretManagerInRM$MasterKeyRoller.class */
    private class MasterKeyRoller extends TimerTask {
        private MasterKeyRoller() {
        }

        @Override // java.util.TimerTask, java.lang.Runnable
        public void run() {
            NMTokenSecretManagerInRM.this.rollMasterKey();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:hadoop-yarn-server-resourcemanager-2.3.0-mapr-4.0.0-beta.jar:org/apache/hadoop/yarn/server/resourcemanager/security/NMTokenSecretManagerInRM$NextKeyActivator.class
     */
    /* loaded from: input_file:classes/org/apache/hadoop/yarn/server/resourcemanager/security/NMTokenSecretManagerInRM$NextKeyActivator.class */
    public class NextKeyActivator extends TimerTask {
        private NextKeyActivator() {
        }

        @Override // java.util.TimerTask, java.lang.Runnable
        public void run() {
            NMTokenSecretManagerInRM.this.activateNextMasterKey();
        }
    }

    public NMTokenSecretManagerInRM(Configuration configuration) {
        this.conf = configuration;
        this.rollingInterval = this.conf.getLong("yarn.resourcemanager.nm-tokens.master-key-rolling-interval-secs", 86400L) * 1000;
        this.activationDelay = (long) (configuration.getLong("yarn.nm.liveness-monitor.expiry-interval-ms", 600000L) * 1.5d);
        LOG.info("NMTokenKeyRollingInterval: " + this.rollingInterval + "ms and NMTokenKeyActivationDelay: " + this.activationDelay + "ms");
        if (this.rollingInterval <= this.activationDelay * 2) {
            throw new IllegalArgumentException("yarn.resourcemanager.nm-tokens.master-key-rolling-interval-secs should be more than 2 X yarn.nm.liveness-monitor.expiry-interval-ms");
        }
        this.appAttemptToNodeKeyMap = new ConcurrentHashMap<>();
    }

    @InterfaceAudience.Private
    public void rollMasterKey() {
        ((BaseNMTokenSecretManager) this).writeLock.lock();
        try {
            LOG.info("Rolling master-key for nm-tokens");
            if (this.currentMasterKey == null) {
                this.currentMasterKey = createNewMasterKey();
            } else {
                this.nextMasterKey = createNewMasterKey();
                LOG.info("Going to activate master-key with key-id " + this.nextMasterKey.getMasterKey().getKeyId() + " in " + this.activationDelay + "ms");
                this.timer.schedule(new NextKeyActivator(), this.activationDelay);
            }
        } finally {
            ((BaseNMTokenSecretManager) this).writeLock.unlock();
        }
    }

    @InterfaceAudience.Private
    public MasterKey getNextKey() {
        ((BaseNMTokenSecretManager) this).readLock.lock();
        try {
            if (this.nextMasterKey == null) {
                return null;
            }
            MasterKey masterKey = this.nextMasterKey.getMasterKey();
            ((BaseNMTokenSecretManager) this).readLock.unlock();
            return masterKey;
        } finally {
            ((BaseNMTokenSecretManager) this).readLock.unlock();
        }
    }

    @InterfaceAudience.Private
    public void activateNextMasterKey() {
        ((BaseNMTokenSecretManager) this).writeLock.lock();
        try {
            LOG.info("Activating next master key with id: " + this.nextMasterKey.getMasterKey().getKeyId());
            this.currentMasterKey = this.nextMasterKey;
            this.nextMasterKey = null;
            clearApplicationNMTokenKeys();
            ((BaseNMTokenSecretManager) this).writeLock.unlock();
        } catch (Throwable th) {
            ((BaseNMTokenSecretManager) this).writeLock.unlock();
            throw th;
        }
    }

    private void clearApplicationNMTokenKeys() {
        Iterator<HashSet<NodeId>> it = this.appAttemptToNodeKeyMap.values().iterator();
        while (it.hasNext()) {
            it.next().clear();
        }
    }

    public void start() {
        rollMasterKey();
        this.timer.scheduleAtFixedRate(new MasterKeyRoller(), this.rollingInterval, this.rollingInterval);
    }

    public void stop() {
        this.timer.cancel();
    }

    public List<NMToken> createAndGetNMTokens(String str, ApplicationAttemptId applicationAttemptId, List<Container> list) {
        try {
            this.readLock.lock();
            ArrayList arrayList = new ArrayList();
            HashSet<NodeId> hashSet = this.appAttemptToNodeKeyMap.get(applicationAttemptId);
            if (hashSet != null) {
                for (Container container : list) {
                    if (!hashSet.contains(container.getNodeId())) {
                        LOG.debug("Sending NMToken for nodeId : " + container.getNodeId().toString() + " for application attempt : " + applicationAttemptId.toString());
                        arrayList.add(NMToken.newInstance(container.getNodeId(), createNMToken(applicationAttemptId, container.getNodeId(), str)));
                        hashSet.add(container.getNodeId());
                    }
                }
            }
            return arrayList;
        } finally {
            this.readLock.unlock();
        }
    }

    public void registerApplicationAttempt(ApplicationAttemptId applicationAttemptId) {
        try {
            this.writeLock.lock();
            this.appAttemptToNodeKeyMap.put(applicationAttemptId, new HashSet<>());
            this.writeLock.unlock();
        } catch (Throwable th) {
            this.writeLock.unlock();
            throw th;
        }
    }

    @InterfaceAudience.Private
    @VisibleForTesting
    public boolean isApplicationAttemptRegistered(ApplicationAttemptId applicationAttemptId) {
        try {
            this.readLock.lock();
            boolean containsKey = this.appAttemptToNodeKeyMap.containsKey(applicationAttemptId);
            this.readLock.unlock();
            return containsKey;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @InterfaceAudience.Private
    @VisibleForTesting
    public boolean isApplicationAttemptNMTokenPresent(ApplicationAttemptId applicationAttemptId, NodeId nodeId) {
        try {
            this.readLock.lock();
            HashSet<NodeId> hashSet = this.appAttemptToNodeKeyMap.get(applicationAttemptId);
            if (hashSet != null) {
                if (hashSet.contains(nodeId)) {
                    return true;
                }
            }
            this.readLock.unlock();
            return false;
        } finally {
            this.readLock.unlock();
        }
    }

    public void unregisterApplicationAttempt(ApplicationAttemptId applicationAttemptId) {
        try {
            this.writeLock.lock();
            this.appAttemptToNodeKeyMap.remove(applicationAttemptId);
            this.writeLock.unlock();
        } catch (Throwable th) {
            this.writeLock.unlock();
            throw th;
        }
    }

    public void removeNodeKey(NodeId nodeId) {
        try {
            this.writeLock.lock();
            Iterator<HashSet<NodeId>> it = this.appAttemptToNodeKeyMap.values().iterator();
            while (it.hasNext()) {
                it.next().remove(nodeId);
            }
        } finally {
            this.writeLock.unlock();
        }
    }
}
