package org.apache.hadoop.hdfs.security.token.delegation;

import com.google.common.base.Preconditions;
import com.google.common.collect.Lists;
import com.google.protobuf.ByteString;
import java.io.DataInput;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.InterruptedIOException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.hdfs.server.namenode.FSNamesystem;
import org.apache.hadoop.hdfs.server.namenode.FsImageProto;
import org.apache.hadoop.hdfs.server.namenode.NameNode;
import org.apache.hadoop.hdfs.server.namenode.startupprogress.Phase;
import org.apache.hadoop.hdfs.server.namenode.startupprogress.StartupProgress;
import org.apache.hadoop.hdfs.server.namenode.startupprogress.Step;
import org.apache.hadoop.hdfs.server.namenode.startupprogress.StepType;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.ipc.RetriableException;
import org.apache.hadoop.ipc.StandbyException;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.SecretManager;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager;
import org.apache.hadoop.security.token.delegation.DelegationKey;

/* JADX WARN: Classes with same name are omitted:
  input_file:webhdfs.war:WEB-INF/lib/hadoop-hdfs-2.7.0-mapr-1707-beta.jar:org/apache/hadoop/hdfs/security/token/delegation/DelegationTokenSecretManager.class
  input_file:webhdfs/WEB-INF/lib/hadoop-hdfs-2.7.0-mapr-1707-beta.jar:org/apache/hadoop/hdfs/security/token/delegation/DelegationTokenSecretManager.class
 */
@InterfaceAudience.Private
/* loaded from: input_file:hadoop-hdfs-httpfs-2.7.0-mapr-1707-beta/share/hadoop/httpfs/tomcat/webapps/webhdfs/WEB-INF/lib/hadoop-hdfs-2.7.0-mapr-1707-beta.jar:org/apache/hadoop/hdfs/security/token/delegation/DelegationTokenSecretManager.class */
public class DelegationTokenSecretManager extends AbstractDelegationTokenSecretManager<DelegationTokenIdentifier> {
    private static final Log LOG = LogFactory.getLog(DelegationTokenSecretManager.class);
    private final FSNamesystem namesystem;
    private final SerializerCompat serializerCompat;

    /* JADX WARN: Classes with same name are omitted:
      input_file:webhdfs.war:WEB-INF/lib/hadoop-hdfs-2.7.0-mapr-1707-beta.jar:org/apache/hadoop/hdfs/security/token/delegation/DelegationTokenSecretManager$SecretManagerState.class
      input_file:webhdfs/WEB-INF/lib/hadoop-hdfs-2.7.0-mapr-1707-beta.jar:org/apache/hadoop/hdfs/security/token/delegation/DelegationTokenSecretManager$SecretManagerState.class
     */
    /* loaded from: input_file:hadoop-hdfs-httpfs-2.7.0-mapr-1707-beta/share/hadoop/httpfs/tomcat/webapps/webhdfs/WEB-INF/lib/hadoop-hdfs-2.7.0-mapr-1707-beta.jar:org/apache/hadoop/hdfs/security/token/delegation/DelegationTokenSecretManager$SecretManagerState.class */
    public static class SecretManagerState {
        public final FsImageProto.SecretManagerSection section;
        public final List<FsImageProto.SecretManagerSection.DelegationKey> keys;
        public final List<FsImageProto.SecretManagerSection.PersistToken> tokens;

        public SecretManagerState(FsImageProto.SecretManagerSection secretManagerSection, List<FsImageProto.SecretManagerSection.DelegationKey> list, List<FsImageProto.SecretManagerSection.PersistToken> list2) {
            this.section = secretManagerSection;
            this.keys = list;
            this.tokens = list2;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:webhdfs.war:WEB-INF/lib/hadoop-hdfs-2.7.0-mapr-1707-beta.jar:org/apache/hadoop/hdfs/security/token/delegation/DelegationTokenSecretManager$SerializerCompat.class
      input_file:webhdfs/WEB-INF/lib/hadoop-hdfs-2.7.0-mapr-1707-beta.jar:org/apache/hadoop/hdfs/security/token/delegation/DelegationTokenSecretManager$SerializerCompat.class
     */
    /* loaded from: input_file:hadoop-hdfs-httpfs-2.7.0-mapr-1707-beta/share/hadoop/httpfs/tomcat/webapps/webhdfs/WEB-INF/lib/hadoop-hdfs-2.7.0-mapr-1707-beta.jar:org/apache/hadoop/hdfs/security/token/delegation/DelegationTokenSecretManager$SerializerCompat.class */
    public final class SerializerCompat {
        private SerializerCompat() {
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void load(DataInput dataInput) throws IOException {
            DelegationTokenSecretManager.this.currentId = dataInput.readInt();
            loadAllKeys(dataInput);
            DelegationTokenSecretManager.this.delegationTokenSequenceNumber = dataInput.readInt();
            loadCurrentTokens(dataInput);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void save(DataOutputStream dataOutputStream, String str) throws IOException {
            dataOutputStream.writeInt(DelegationTokenSecretManager.this.currentId);
            saveAllKeys(dataOutputStream, str);
            dataOutputStream.writeInt(DelegationTokenSecretManager.this.delegationTokenSequenceNumber);
            saveCurrentTokens(dataOutputStream, str);
        }

        private synchronized void saveCurrentTokens(DataOutputStream dataOutputStream, String str) throws IOException {
            StartupProgress startupProgress = NameNode.getStartupProgress();
            Step step = new Step(StepType.DELEGATION_TOKENS, str);
            startupProgress.beginStep(Phase.SAVING_CHECKPOINT, step);
            startupProgress.setTotal(Phase.SAVING_CHECKPOINT, step, DelegationTokenSecretManager.this.currentTokens.size());
            StartupProgress.Counter counter = startupProgress.getCounter(Phase.SAVING_CHECKPOINT, step);
            dataOutputStream.writeInt(DelegationTokenSecretManager.this.currentTokens.size());
            for (DelegationTokenIdentifier delegationTokenIdentifier : DelegationTokenSecretManager.this.currentTokens.keySet()) {
                delegationTokenIdentifier.write(dataOutputStream);
                dataOutputStream.writeLong(((AbstractDelegationTokenSecretManager.DelegationTokenInformation) DelegationTokenSecretManager.this.currentTokens.get(delegationTokenIdentifier)).getRenewDate());
                counter.increment();
            }
            startupProgress.endStep(Phase.SAVING_CHECKPOINT, step);
        }

        private synchronized void saveAllKeys(DataOutputStream dataOutputStream, String str) throws IOException {
            StartupProgress startupProgress = NameNode.getStartupProgress();
            Step step = new Step(StepType.DELEGATION_KEYS, str);
            startupProgress.beginStep(Phase.SAVING_CHECKPOINT, step);
            startupProgress.setTotal(Phase.SAVING_CHECKPOINT, step, DelegationTokenSecretManager.this.currentTokens.size());
            StartupProgress.Counter counter = startupProgress.getCounter(Phase.SAVING_CHECKPOINT, step);
            dataOutputStream.writeInt(DelegationTokenSecretManager.this.allKeys.size());
            Iterator it = DelegationTokenSecretManager.this.allKeys.keySet().iterator();
            while (it.hasNext()) {
                ((DelegationKey) DelegationTokenSecretManager.this.allKeys.get((Integer) it.next())).write(dataOutputStream);
                counter.increment();
            }
            startupProgress.endStep(Phase.SAVING_CHECKPOINT, step);
        }

        private synchronized void loadCurrentTokens(DataInput dataInput) throws IOException {
            StartupProgress startupProgress = NameNode.getStartupProgress();
            Step step = new Step(StepType.DELEGATION_TOKENS);
            startupProgress.beginStep(Phase.LOADING_FSIMAGE, step);
            int readInt = dataInput.readInt();
            startupProgress.setTotal(Phase.LOADING_FSIMAGE, step, readInt);
            StartupProgress.Counter counter = startupProgress.getCounter(Phase.LOADING_FSIMAGE, step);
            for (int i = 0; i < readInt; i++) {
                DelegationTokenIdentifier delegationTokenIdentifier = new DelegationTokenIdentifier();
                delegationTokenIdentifier.readFields(dataInput);
                DelegationTokenSecretManager.this.addPersistedDelegationToken(delegationTokenIdentifier, dataInput.readLong());
                counter.increment();
            }
            startupProgress.endStep(Phase.LOADING_FSIMAGE, step);
        }

        private synchronized void loadAllKeys(DataInput dataInput) throws IOException {
            StartupProgress startupProgress = NameNode.getStartupProgress();
            Step step = new Step(StepType.DELEGATION_KEYS);
            startupProgress.beginStep(Phase.LOADING_FSIMAGE, step);
            int readInt = dataInput.readInt();
            startupProgress.setTotal(Phase.LOADING_FSIMAGE, step, readInt);
            StartupProgress.Counter counter = startupProgress.getCounter(Phase.LOADING_FSIMAGE, step);
            for (int i = 0; i < readInt; i++) {
                DelegationKey delegationKey = new DelegationKey();
                delegationKey.readFields(dataInput);
                DelegationTokenSecretManager.this.addKey(delegationKey);
                counter.increment();
            }
            startupProgress.endStep(Phase.LOADING_FSIMAGE, step);
        }
    }

    public DelegationTokenSecretManager(long j, long j2, long j3, long j4, FSNamesystem fSNamesystem) {
        this(j, j2, j3, j4, false, fSNamesystem);
    }

    public DelegationTokenSecretManager(long j, long j2, long j3, long j4, boolean z, FSNamesystem fSNamesystem) {
        super(j, j2, j3, j4);
        this.serializerCompat = new SerializerCompat();
        this.namesystem = fSNamesystem;
        this.storeTokenTrackingId = z;
    }

    @Override // org.apache.hadoop.security.token.SecretManager
    public DelegationTokenIdentifier createIdentifier() {
        return new DelegationTokenIdentifier();
    }

    @Override // org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager, org.apache.hadoop.security.token.SecretManager
    public byte[] retrievePassword(DelegationTokenIdentifier delegationTokenIdentifier) throws SecretManager.InvalidToken {
        try {
            this.namesystem.checkOperation(NameNode.OperationCategory.READ);
            return super.retrievePassword((DelegationTokenSecretManager) delegationTokenIdentifier);
        } catch (StandbyException e) {
            SecretManager.InvalidToken invalidToken = new SecretManager.InvalidToken("StandbyException");
            invalidToken.initCause(e);
            throw invalidToken;
        }
    }

    @Override // org.apache.hadoop.security.token.SecretManager
    public byte[] retriableRetrievePassword(DelegationTokenIdentifier delegationTokenIdentifier) throws SecretManager.InvalidToken, StandbyException, RetriableException, IOException {
        this.namesystem.checkOperation(NameNode.OperationCategory.READ);
        try {
            return super.retrievePassword((DelegationTokenSecretManager) delegationTokenIdentifier);
        } catch (SecretManager.InvalidToken e) {
            if (this.namesystem.inTransitionToActive()) {
                throw new RetriableException(e);
            }
            throw e;
        }
    }

    public synchronized long getTokenExpiryTime(DelegationTokenIdentifier delegationTokenIdentifier) throws IOException {
        AbstractDelegationTokenSecretManager.DelegationTokenInformation delegationTokenInformation = this.currentTokens.get(delegationTokenIdentifier);
        if (delegationTokenInformation != null) {
            return delegationTokenInformation.getRenewDate();
        }
        throw new IOException("No delegation token found for this identifier");
    }

    public synchronized void loadSecretManagerStateCompat(DataInput dataInput) throws IOException {
        if (this.running) {
            throw new IOException("Can't load state from image in a running SecretManager.");
        }
        this.serializerCompat.load(dataInput);
    }

    public synchronized void loadSecretManagerState(SecretManagerState secretManagerState) throws IOException {
        Preconditions.checkState(!this.running, "Can't load state from image in a running SecretManager.");
        this.currentId = secretManagerState.section.getCurrentId();
        this.delegationTokenSequenceNumber = secretManagerState.section.getTokenSequenceNumber();
        for (FsImageProto.SecretManagerSection.DelegationKey delegationKey : secretManagerState.keys) {
            addKey(new DelegationKey(delegationKey.getId(), delegationKey.getExpiryDate(), delegationKey.hasKey() ? delegationKey.getKey().toByteArray() : null));
        }
        for (FsImageProto.SecretManagerSection.PersistToken persistToken : secretManagerState.tokens) {
            DelegationTokenIdentifier delegationTokenIdentifier = new DelegationTokenIdentifier(new Text(persistToken.getOwner()), new Text(persistToken.getRenewer()), new Text(persistToken.getRealUser()));
            delegationTokenIdentifier.setIssueDate(persistToken.getIssueDate());
            delegationTokenIdentifier.setMaxDate(persistToken.getMaxDate());
            delegationTokenIdentifier.setSequenceNumber(persistToken.getSequenceNumber());
            delegationTokenIdentifier.setMasterKeyId(persistToken.getMasterKeyId());
            addPersistedDelegationToken(delegationTokenIdentifier, persistToken.getExpiryDate());
        }
    }

    public synchronized void saveSecretManagerStateCompat(DataOutputStream dataOutputStream, String str) throws IOException {
        this.serializerCompat.save(dataOutputStream, str);
    }

    public synchronized SecretManagerState saveSecretManagerState() {
        FsImageProto.SecretManagerSection build = FsImageProto.SecretManagerSection.newBuilder().setCurrentId(this.currentId).setTokenSequenceNumber(this.delegationTokenSequenceNumber).setNumKeys(this.allKeys.size()).setNumTokens(this.currentTokens.size()).build();
        ArrayList newArrayListWithCapacity = Lists.newArrayListWithCapacity(this.allKeys.size());
        ArrayList newArrayListWithCapacity2 = Lists.newArrayListWithCapacity(this.currentTokens.size());
        for (DelegationKey delegationKey : this.allKeys.values()) {
            FsImageProto.SecretManagerSection.DelegationKey.Builder expiryDate = FsImageProto.SecretManagerSection.DelegationKey.newBuilder().setId(delegationKey.getKeyId()).setExpiryDate(delegationKey.getExpiryDate());
            if (delegationKey.getEncodedKey() != null) {
                expiryDate.setKey(ByteString.copyFrom(delegationKey.getEncodedKey()));
            }
            newArrayListWithCapacity.add(expiryDate.build());
        }
        for (Map.Entry entry : this.currentTokens.entrySet()) {
            DelegationTokenIdentifier delegationTokenIdentifier = (DelegationTokenIdentifier) entry.getKey();
            newArrayListWithCapacity2.add(FsImageProto.SecretManagerSection.PersistToken.newBuilder().setOwner(delegationTokenIdentifier.getOwner().toString()).setRenewer(delegationTokenIdentifier.getRenewer().toString()).setRealUser(delegationTokenIdentifier.getRealUser().toString()).setIssueDate(delegationTokenIdentifier.getIssueDate()).setMaxDate(delegationTokenIdentifier.getMaxDate()).setSequenceNumber(delegationTokenIdentifier.getSequenceNumber()).setMasterKeyId(delegationTokenIdentifier.getMasterKeyId()).setExpiryDate(((AbstractDelegationTokenSecretManager.DelegationTokenInformation) entry.getValue()).getRenewDate()).build());
        }
        return new SecretManagerState(build, newArrayListWithCapacity, newArrayListWithCapacity2);
    }

    @Override // org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager
    public synchronized void addPersistedDelegationToken(DelegationTokenIdentifier delegationTokenIdentifier, long j) throws IOException {
        if (this.running) {
            throw new IOException("Can't add persisted delegation token to a running SecretManager.");
        }
        DelegationKey delegationKey = this.allKeys.get(Integer.valueOf(delegationTokenIdentifier.getMasterKeyId()));
        if (delegationKey == null) {
            LOG.warn("No KEY found for persisted identifier " + delegationTokenIdentifier.toString());
            return;
        }
        byte[] createPassword = createPassword(delegationTokenIdentifier.getBytes(), delegationKey.getKey());
        if (delegationTokenIdentifier.getSequenceNumber() > this.delegationTokenSequenceNumber) {
            this.delegationTokenSequenceNumber = delegationTokenIdentifier.getSequenceNumber();
        }
        if (this.currentTokens.get(delegationTokenIdentifier) != null) {
            throw new IOException("Same delegation token being added twice; invalid entry in fsimage or editlogs");
        }
        this.currentTokens.put(delegationTokenIdentifier, new AbstractDelegationTokenSecretManager.DelegationTokenInformation(j, createPassword, getTrackingIdIfEnabled(delegationTokenIdentifier)));
    }

    public synchronized void updatePersistedMasterKey(DelegationKey delegationKey) throws IOException {
        addKey(delegationKey);
    }

    public synchronized void updatePersistedTokenRenewal(DelegationTokenIdentifier delegationTokenIdentifier, long j) throws IOException {
        if (this.running) {
            throw new IOException("Can't update persisted delegation token renewal to a running SecretManager.");
        }
        if (this.currentTokens.get(delegationTokenIdentifier) != null) {
            this.currentTokens.put(delegationTokenIdentifier, new AbstractDelegationTokenSecretManager.DelegationTokenInformation(j, createPassword(delegationTokenIdentifier.getBytes(), this.allKeys.get(Integer.valueOf(delegationTokenIdentifier.getMasterKeyId())).getKey()), getTrackingIdIfEnabled(delegationTokenIdentifier)));
        }
    }

    public synchronized void updatePersistedTokenCancellation(DelegationTokenIdentifier delegationTokenIdentifier) throws IOException {
        if (this.running) {
            throw new IOException("Can't update persisted delegation token renewal to a running SecretManager.");
        }
        this.currentTokens.remove(delegationTokenIdentifier);
    }

    public synchronized int getNumberOfKeys() {
        return this.allKeys.size();
    }

    @Override // org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager
    protected void logUpdateMasterKey(DelegationKey delegationKey) throws IOException {
        synchronized (this.noInterruptsLock) {
            if (Thread.interrupted()) {
                throw new InterruptedIOException("Interrupted before updating master key");
            }
            this.namesystem.logUpdateMasterKey(delegationKey);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager
    public void logExpireToken(DelegationTokenIdentifier delegationTokenIdentifier) throws IOException {
        synchronized (this.noInterruptsLock) {
            if (Thread.interrupted()) {
                throw new InterruptedIOException("Interrupted before expiring delegation token");
            }
            this.namesystem.logExpireDelegationToken(delegationTokenIdentifier);
        }
    }

    public static Credentials createCredentials(NameNode nameNode, UserGroupInformation userGroupInformation, String str) throws IOException {
        Token<DelegationTokenIdentifier> delegationToken = nameNode.getRpcServer().getDelegationToken(new Text(str));
        if (delegationToken == null) {
            return null;
        }
        SecurityUtil.setTokenService(delegationToken, nameNode.getNameNodeAddress());
        Credentials credentials = new Credentials();
        credentials.addToken(new Text(userGroupInformation.getShortUserName()), delegationToken);
        return credentials;
    }
}
