package org.apache.hadoop.yarn.server.resourcemanager.security;

import java.util.Timer;
import java.util.TimerTask;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.yarn.api.records.ContainerId;
import org.apache.hadoop.yarn.api.records.LogAggregationContext;
import org.apache.hadoop.yarn.api.records.NodeId;
import org.apache.hadoop.yarn.api.records.Priority;
import org.apache.hadoop.yarn.api.records.Resource;
import org.apache.hadoop.yarn.api.records.Token;
import org.apache.hadoop.yarn.security.ContainerTokenIdentifier;
import org.apache.hadoop.yarn.server.api.records.MasterKey;
import org.apache.hadoop.yarn.server.resourcemanager.ResourceManager;
import org.apache.hadoop.yarn.server.security.BaseContainerTokenSecretManager;
import org.apache.hadoop.yarn.server.security.MasterKeyData;
import org.apache.hadoop.yarn.server.utils.BuilderUtils;

/* JADX WARN: Classes with same name are omitted:
  input_file:classes/org/apache/hadoop/yarn/server/resourcemanager/security/RMContainerTokenSecretManager.class
 */
/* loaded from: input_file:hadoop-yarn-server-resourcemanager-2.7.0-mapr-1803.jar:org/apache/hadoop/yarn/server/resourcemanager/security/RMContainerTokenSecretManager.class */
public class RMContainerTokenSecretManager extends BaseContainerTokenSecretManager {
    private static Log LOG = LogFactory.getLog(RMContainerTokenSecretManager.class);
    private MasterKeyData nextMasterKey;
    private final Timer timer;
    private final long rollingInterval;
    private final long activationDelay;

    /* JADX WARN: Classes with same name are omitted:
      input_file:classes/org/apache/hadoop/yarn/server/resourcemanager/security/RMContainerTokenSecretManager$MasterKeyRoller.class
     */
    /* loaded from: input_file:hadoop-yarn-server-resourcemanager-2.7.0-mapr-1803.jar:org/apache/hadoop/yarn/server/resourcemanager/security/RMContainerTokenSecretManager$MasterKeyRoller.class */
    private class MasterKeyRoller extends TimerTask {
        private MasterKeyRoller() {
        }

        @Override // java.util.TimerTask, java.lang.Runnable
        public void run() {
            RMContainerTokenSecretManager.this.rollMasterKey();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:classes/org/apache/hadoop/yarn/server/resourcemanager/security/RMContainerTokenSecretManager$NextKeyActivator.class
     */
    /* loaded from: input_file:hadoop-yarn-server-resourcemanager-2.7.0-mapr-1803.jar:org/apache/hadoop/yarn/server/resourcemanager/security/RMContainerTokenSecretManager$NextKeyActivator.class */
    public class NextKeyActivator extends TimerTask {
        private NextKeyActivator() {
        }

        @Override // java.util.TimerTask, java.lang.Runnable
        public void run() {
            RMContainerTokenSecretManager.this.activateNextMasterKey();
        }
    }

    public RMContainerTokenSecretManager(Configuration configuration) {
        super(configuration);
        this.timer = new Timer();
        this.rollingInterval = configuration.getLong("yarn.resourcemanager.container-tokens.master-key-rolling-interval-secs", 86400L) * 1000;
        this.activationDelay = (long) (configuration.getLong("yarn.nm.liveness-monitor.expiry-interval-ms", 600000L) * 1.5d);
        LOG.info("ContainerTokenKeyRollingInterval: " + this.rollingInterval + "ms and ContainerTokenKeyActivationDelay: " + this.activationDelay + "ms");
        if (this.rollingInterval <= this.activationDelay * 2) {
            throw new IllegalArgumentException("yarn.resourcemanager.container-tokens.master-key-rolling-interval-secs should be more than 3 X yarn.nm.liveness-monitor.expiry-interval-ms");
        }
    }

    public void start() {
        rollMasterKey();
        this.timer.scheduleAtFixedRate(new MasterKeyRoller(), this.rollingInterval, this.rollingInterval);
    }

    public void stop() {
        this.timer.cancel();
    }

    @InterfaceAudience.Private
    public void rollMasterKey() {
        ((BaseContainerTokenSecretManager) this).writeLock.lock();
        try {
            LOG.info("Rolling master-key for container-tokens");
            if (this.currentMasterKey == null) {
                this.currentMasterKey = createNewMasterKey();
            } else {
                this.nextMasterKey = createNewMasterKey();
                LOG.info("Going to activate master-key with key-id " + this.nextMasterKey.getMasterKey().getKeyId() + " in " + this.activationDelay + "ms");
                this.timer.schedule(new NextKeyActivator(), this.activationDelay);
            }
        } finally {
            ((BaseContainerTokenSecretManager) this).writeLock.unlock();
        }
    }

    @InterfaceAudience.Private
    public MasterKey getNextKey() {
        ((BaseContainerTokenSecretManager) this).readLock.lock();
        try {
            if (this.nextMasterKey == null) {
                return null;
            }
            MasterKey masterKey = this.nextMasterKey.getMasterKey();
            ((BaseContainerTokenSecretManager) this).readLock.unlock();
            return masterKey;
        } finally {
            ((BaseContainerTokenSecretManager) this).readLock.unlock();
        }
    }

    @InterfaceAudience.Private
    public void activateNextMasterKey() {
        ((BaseContainerTokenSecretManager) this).writeLock.lock();
        try {
            LOG.info("Activating next master key with id: " + this.nextMasterKey.getMasterKey().getKeyId());
            this.currentMasterKey = this.nextMasterKey;
            this.nextMasterKey = null;
            ((BaseContainerTokenSecretManager) this).writeLock.unlock();
        } catch (Throwable th) {
            ((BaseContainerTokenSecretManager) this).writeLock.unlock();
            throw th;
        }
    }

    public Token createContainerToken(ContainerId containerId, NodeId nodeId, String str, Resource resource, Priority priority, long j) {
        return createContainerToken(containerId, nodeId, str, resource, priority, j, null);
    }

    public Token createContainerToken(ContainerId containerId, NodeId nodeId, String str, Resource resource, Priority priority, long j, LogAggregationContext logAggregationContext) {
        long currentTimeMillis = System.currentTimeMillis() + this.containerTokenExpiryInterval;
        this.readLock.lock();
        try {
            ContainerTokenIdentifier containerTokenIdentifier = new ContainerTokenIdentifier(containerId, nodeId.toString(), str, resource, currentTimeMillis, this.currentMasterKey.getMasterKey().getKeyId(), ResourceManager.getClusterTimeStamp(), priority, j, logAggregationContext);
            byte[] createPassword = createPassword(containerTokenIdentifier);
            this.readLock.unlock();
            return BuilderUtils.newContainerToken(nodeId, createPassword, containerTokenIdentifier);
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }
}
