package org.apache.hadoop.hive.llap.security;

import com.google.common.annotations.VisibleForTesting;
import java.io.IOException;
import java.util.Arrays;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hive.llap.security.LlapSigner;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.delegation.DelegationKey;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/hive-exec-2.3.6-mapr-2101-r14.jar:org/apache/hadoop/hive/llap/security/LlapSignerImpl.class */
public class LlapSignerImpl implements LlapSigner {
    private static final Logger LOG;
    private final SigningSecretManager secretManager;
    static final /* synthetic */ boolean $assertionsDisabled;

    public LlapSignerImpl(Configuration configuration, String str) {
        if (!$assertionsDisabled && !UserGroupInformation.isSecurityEnabled()) {
            throw new AssertionError();
        }
        this.secretManager = SecretManager.createSecretManager(configuration, str);
    }

    @VisibleForTesting
    public LlapSignerImpl(SigningSecretManager signingSecretManager) {
        this.secretManager = signingSecretManager;
    }

    @Override // org.apache.hadoop.hive.llap.security.LlapSigner
    public LlapSigner.SignedMessage serializeAndSign(LlapSigner.Signable signable) throws IOException {
        LlapSigner.SignedMessage signedMessage = new LlapSigner.SignedMessage();
        DelegationKey currentKey = this.secretManager.getCurrentKey();
        signable.setSignInfo(currentKey.getKeyId());
        signedMessage.message = signable.serialize();
        signedMessage.signature = this.secretManager.signWithKey(signedMessage.message, currentKey);
        return signedMessage;
    }

    @Override // org.apache.hadoop.hive.llap.security.LlapSigner
    public void checkSignature(byte[] bArr, byte[] bArr2, int i) throws SecurityException {
        if (!Arrays.equals(bArr2, this.secretManager.signWithKey(bArr, i))) {
            throw new SecurityException("Message signature does not match");
        }
    }

    @Override // org.apache.hadoop.hive.llap.security.LlapSigner
    public void close() {
        try {
            this.secretManager.close();
        } catch (Exception e) {
            LOG.error("Error closing the signer", (Throwable) e);
        }
    }

    static {
        $assertionsDisabled = !LlapSignerImpl.class.desiredAssertionStatus();
        LOG = LoggerFactory.getLogger(LlapSignerImpl.class);
    }
}
