package org.apache.hadoop.yarn.server.nodemanager.security;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.TreeMap;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.token.SecretManager;
import org.apache.hadoop.yarn.api.records.ContainerId;
import org.apache.hadoop.yarn.api.records.NodeId;
import org.apache.hadoop.yarn.security.ContainerTokenIdentifier;
import org.apache.hadoop.yarn.server.api.records.MasterKey;
import org.apache.hadoop.yarn.server.nodemanager.recovery.NMNullStateStoreService;
import org.apache.hadoop.yarn.server.nodemanager.recovery.NMStateStoreService;
import org.apache.hadoop.yarn.server.security.BaseContainerTokenSecretManager;
import org.apache.hadoop.yarn.server.security.MasterKeyData;

/* JADX WARN: Classes with same name are omitted:
  input_file:hadoop-yarn-server-nodemanager-2.7.0-mapr-1506.jar:org/apache/hadoop/yarn/server/nodemanager/security/NMContainerTokenSecretManager.class
 */
/* loaded from: input_file:classes/org/apache/hadoop/yarn/server/nodemanager/security/NMContainerTokenSecretManager.class */
public class NMContainerTokenSecretManager extends BaseContainerTokenSecretManager {
    private static final Log LOG = LogFactory.getLog(NMContainerTokenSecretManager.class);
    private MasterKeyData previousMasterKey;
    private final TreeMap<Long, List<ContainerId>> recentlyStartedContainerTracker;
    private final NMStateStoreService stateStore;
    private String nodeHostAddr;

    public NMContainerTokenSecretManager(Configuration configuration) {
        this(configuration, new NMNullStateStoreService());
    }

    public NMContainerTokenSecretManager(Configuration configuration, NMStateStoreService nMStateStoreService) {
        super(configuration);
        this.recentlyStartedContainerTracker = new TreeMap<>();
        this.stateStore = nMStateStoreService;
    }

    public synchronized void recover() throws IOException {
        NMStateStoreService.RecoveredContainerTokensState loadContainerTokensState = this.stateStore.loadContainerTokensState();
        MasterKey currentMasterKey = loadContainerTokensState.getCurrentMasterKey();
        if (currentMasterKey != null) {
            ((BaseContainerTokenSecretManager) this).currentMasterKey = new MasterKeyData(currentMasterKey, createSecretKey(currentMasterKey.getBytes().array()));
        }
        MasterKey previousMasterKey = loadContainerTokensState.getPreviousMasterKey();
        if (previousMasterKey != null) {
            this.previousMasterKey = new MasterKeyData(previousMasterKey, createSecretKey(previousMasterKey.getBytes().array()));
        }
        if (((BaseContainerTokenSecretManager) this).currentMasterKey != null) {
            ((BaseContainerTokenSecretManager) this).serialNo = ((BaseContainerTokenSecretManager) this).currentMasterKey.getMasterKey().getKeyId() + 1;
        }
        for (Map.Entry<ContainerId, Long> entry : loadContainerTokensState.getActiveTokens().entrySet()) {
            ContainerId key = entry.getKey();
            Long value = entry.getValue();
            List<ContainerId> list = this.recentlyStartedContainerTracker.get(value);
            if (list == null) {
                list = new ArrayList();
                this.recentlyStartedContainerTracker.put(value, list);
            }
            if (!list.contains(key)) {
                list.add(key);
            }
        }
    }

    private void updateCurrentMasterKey(MasterKeyData masterKeyData) {
        ((BaseContainerTokenSecretManager) this).currentMasterKey = masterKeyData;
        try {
            this.stateStore.storeContainerTokenCurrentMasterKey(masterKeyData.getMasterKey());
        } catch (IOException e) {
            LOG.error("Unable to update current master key in state store", e);
        }
    }

    private void updatePreviousMasterKey(MasterKeyData masterKeyData) {
        this.previousMasterKey = masterKeyData;
        try {
            this.stateStore.storeContainerTokenPreviousMasterKey(masterKeyData.getMasterKey());
        } catch (IOException e) {
            LOG.error("Unable to update previous master key in state store", e);
        }
    }

    @InterfaceAudience.Private
    public synchronized void setMasterKey(MasterKey masterKey) {
        if (((BaseContainerTokenSecretManager) this).currentMasterKey == null || ((BaseContainerTokenSecretManager) this).currentMasterKey.getMasterKey().getKeyId() != masterKey.getKeyId()) {
            LOG.info("Rolling master-key for container-tokens, got key with id " + masterKey.getKeyId());
            if (((BaseContainerTokenSecretManager) this).currentMasterKey != null) {
                updatePreviousMasterKey(((BaseContainerTokenSecretManager) this).currentMasterKey);
            }
            updateCurrentMasterKey(new MasterKeyData(masterKey, createSecretKey(masterKey.getBytes().array())));
        }
    }

    public synchronized byte[] retrievePassword(ContainerTokenIdentifier containerTokenIdentifier) throws SecretManager.InvalidToken {
        int masterKeyId = containerTokenIdentifier.getMasterKeyId();
        MasterKeyData masterKeyData = null;
        if (this.previousMasterKey != null && masterKeyId == this.previousMasterKey.getMasterKey().getKeyId()) {
            masterKeyData = this.previousMasterKey;
        } else if (masterKeyId == ((BaseContainerTokenSecretManager) this).currentMasterKey.getMasterKey().getKeyId()) {
            masterKeyData = ((BaseContainerTokenSecretManager) this).currentMasterKey;
        }
        if (this.nodeHostAddr != null && !containerTokenIdentifier.getNmHostAddress().equals(this.nodeHostAddr)) {
            throw new SecretManager.InvalidToken("Given Container " + containerTokenIdentifier.getContainerID().toString() + " identifier is not valid for current Node manager. Expected : " + this.nodeHostAddr + " Found : " + containerTokenIdentifier.getNmHostAddress());
        }
        if (masterKeyData != null) {
            return retrievePasswordInternal(containerTokenIdentifier, masterKeyData);
        }
        throw new SecretManager.InvalidToken("Given Container " + containerTokenIdentifier.getContainerID().toString() + " seems to have an illegally generated token.");
    }

    public synchronized void startContainerSuccessful(ContainerTokenIdentifier containerTokenIdentifier) {
        removeAnyContainerTokenIfExpired();
        ContainerId containerID = containerTokenIdentifier.getContainerID();
        Long valueOf = Long.valueOf(containerTokenIdentifier.getExpiryTimeStamp());
        if (!this.recentlyStartedContainerTracker.containsKey(valueOf)) {
            this.recentlyStartedContainerTracker.put(valueOf, new ArrayList());
        }
        this.recentlyStartedContainerTracker.get(valueOf).add(containerID);
        try {
            this.stateStore.storeContainerToken(containerID, valueOf);
        } catch (IOException e) {
            LOG.error("Unable to store token for container " + containerID, e);
        }
    }

    protected synchronized void removeAnyContainerTokenIfExpired() {
        Iterator<Map.Entry<Long, List<ContainerId>>> it = this.recentlyStartedContainerTracker.entrySet().iterator();
        Long valueOf = Long.valueOf(System.currentTimeMillis());
        while (it.hasNext()) {
            Map.Entry<Long, List<ContainerId>> next = it.next();
            if (next.getKey().longValue() >= valueOf.longValue()) {
                return;
            }
            for (ContainerId containerId : next.getValue()) {
                try {
                    this.stateStore.removeContainerToken(containerId);
                } catch (IOException e) {
                    LOG.error("Unable to remove token for container " + containerId, e);
                }
            }
            it.remove();
        }
    }

    public synchronized boolean isValidStartContainerRequest(ContainerTokenIdentifier containerTokenIdentifier) {
        removeAnyContainerTokenIfExpired();
        List<ContainerId> list = this.recentlyStartedContainerTracker.get(Long.valueOf(containerTokenIdentifier.getExpiryTimeStamp()));
        return list == null || !list.contains(containerTokenIdentifier.getContainerID());
    }

    public synchronized void setNodeId(NodeId nodeId) {
        this.nodeHostAddr = nodeId.toString();
        LOG.info("Updating node address : " + this.nodeHostAddr);
    }
}
