package org.apache.hadoop.yarn.server.security;

import java.security.SecureRandom;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.net.NetUtils;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.token.SecretManager;
import org.apache.hadoop.yarn.api.records.ApplicationAttemptId;
import org.apache.hadoop.yarn.api.records.NodeId;
import org.apache.hadoop.yarn.api.records.Token;
import org.apache.hadoop.yarn.security.NMTokenIdentifier;
import org.apache.hadoop.yarn.server.api.records.MasterKey;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/hadoop-yarn-server-common-3.3.5.101-eep-920.jar:org/apache/hadoop/yarn/server/security/BaseNMTokenSecretManager.class */
public class BaseNMTokenSecretManager extends SecretManager<NMTokenIdentifier> {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) BaseNMTokenSecretManager.class);
    protected int serialNo = new SecureRandom().nextInt();
    protected final ReadWriteLock readWriteLock = new ReentrantReadWriteLock();
    protected final Lock readLock = this.readWriteLock.readLock();
    protected final Lock writeLock = this.readWriteLock.writeLock();
    protected MasterKeyData currentMasterKey;

    protected MasterKeyData createNewMasterKey() {
        this.writeLock.lock();
        try {
            int i = this.serialNo;
            this.serialNo = i + 1;
            return new MasterKeyData(i, generateSecret());
        } finally {
            this.writeLock.unlock();
        }
    }

    @InterfaceAudience.Private
    public MasterKey getCurrentKey() {
        this.readLock.lock();
        try {
            return this.currentMasterKey.getMasterKey();
        } finally {
            this.readLock.unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.hadoop.security.token.SecretManager
    public byte[] createPassword(NMTokenIdentifier nMTokenIdentifier) {
        LOG.debug("creating password for {} for user {} to run on NM {}", nMTokenIdentifier.getApplicationAttemptId(), nMTokenIdentifier.getApplicationSubmitter(), nMTokenIdentifier.getNodeId());
        this.readLock.lock();
        try {
            return createPassword(nMTokenIdentifier.getBytes(), this.currentMasterKey.getSecretKey());
        } finally {
            this.readLock.unlock();
        }
    }

    @Override // org.apache.hadoop.security.token.SecretManager
    public byte[] retrievePassword(NMTokenIdentifier nMTokenIdentifier) throws SecretManager.InvalidToken {
        this.readLock.lock();
        try {
            return retrivePasswordInternal(nMTokenIdentifier, this.currentMasterKey);
        } finally {
            this.readLock.unlock();
        }
    }

    protected byte[] retrivePasswordInternal(NMTokenIdentifier nMTokenIdentifier, MasterKeyData masterKeyData) {
        LOG.debug("retriving password for {} for user {} to run on NM {}", nMTokenIdentifier.getApplicationAttemptId(), nMTokenIdentifier.getApplicationSubmitter(), nMTokenIdentifier.getNodeId());
        return createPassword(nMTokenIdentifier.getBytes(), masterKeyData.getSecretKey());
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.apache.hadoop.security.token.SecretManager
    public NMTokenIdentifier createIdentifier() {
        return new NMTokenIdentifier();
    }

    public Token createNMToken(ApplicationAttemptId applicationAttemptId, NodeId nodeId, String str) {
        this.readLock.lock();
        try {
            NMTokenIdentifier nMTokenIdentifier = new NMTokenIdentifier(applicationAttemptId, nodeId, str, this.currentMasterKey.getMasterKey().getKeyId());
            byte[] createPassword = createPassword(nMTokenIdentifier);
            this.readLock.unlock();
            return newInstance(createPassword, nMTokenIdentifier);
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    public static Token newInstance(byte[] bArr, NMTokenIdentifier nMTokenIdentifier) {
        NodeId nodeId = nMTokenIdentifier.getNodeId();
        return Token.newInstance(nMTokenIdentifier.getBytes(), NMTokenIdentifier.KIND.toString(), bArr, SecurityUtil.buildTokenService(NetUtils.createSocketAddrForHost(nodeId.getHost(), nodeId.getPort())).toString());
    }
}
