package io.hops.metadata.security.token.block;

import io.hops.exception.StorageException;
import io.hops.metadata.HdfsVariables;
import io.hops.metadata.common.entity.Variable;
import io.hops.transaction.handler.HDFSOperationType;
import io.hops.transaction.handler.HopsTransactionalRequestHandler;
import io.hops.transaction.lock.LockFactory;
import io.hops.transaction.lock.TransactionLockTypes;
import io.hops.transaction.lock.TransactionLocks;
import java.io.IOException;
import java.security.SecureRandom;
import java.util.Collection;
import java.util.Map;
import org.apache.hadoop.hdfs.security.token.block.BlockKey;
import org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier;
import org.apache.hadoop.hdfs.security.token.block.BlockTokenSecretManager;
import org.apache.hadoop.hdfs.security.token.block.DataEncryptionKey;
import org.apache.hadoop.hdfs.security.token.block.ExportedBlockKeys;
import org.apache.hadoop.hdfs.server.namenode.Namesystem;
import org.apache.hadoop.security.token.SecretManager;
import org.apache.hadoop.util.Time;

/* loaded from: input_file:io/hops/metadata/security/token/block/NameNodeBlockTokenSecretManager.class */
public class NameNodeBlockTokenSecretManager extends BlockTokenSecretManager {
    private Namesystem namesystem;

    public NameNodeBlockTokenSecretManager(long j, long j2, String str, String str2, Namesystem namesystem) throws IOException {
        super(true, j, j2, str, str2);
        this.namesystem = namesystem;
        setSerialNo(new SecureRandom().nextInt());
        if (isLeader()) {
            generateKeys();
        } else {
            retrieveBlockKeys();
        }
    }

    @Override // org.apache.hadoop.hdfs.security.token.block.BlockTokenSecretManager
    public void setSerialNo(int i) {
        this.serialNo = i;
    }

    private void generateKeys() throws IOException {
        if (this.isMaster) {
            setSerialNo(this.serialNo + 1);
            this.currentKey = new BlockKey(this.serialNo, Time.now() + (2 * this.keyUpdateInterval) + this.tokenLifetime, generateSecret());
            this.currentKey.setKeyType(BlockKey.KeyType.CurrKey);
            setSerialNo(this.serialNo + 1);
            this.nextKey = new BlockKey(this.serialNo, Time.now() + (3 * this.keyUpdateInterval) + this.tokenLifetime, generateSecret());
            this.nextKey.setKeyType(BlockKey.KeyType.NextKey);
            addBlockKeys();
        }
    }

    @Override // org.apache.hadoop.hdfs.security.token.block.BlockTokenSecretManager
    public ExportedBlockKeys exportKeys() throws IOException {
        if (!this.isMaster) {
            return null;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Exporting access keys");
        }
        return new ExportedBlockKeys(true, this.keyUpdateInterval, this.tokenLifetime, this.currentKey, getAllKeysAndSync());
    }

    @Override // org.apache.hadoop.hdfs.security.token.block.BlockTokenSecretManager
    public boolean updateKeys(long j) throws IOException {
        if (j > this.keyUpdateInterval) {
            return updateKeys();
        }
        return false;
    }

    @Override // org.apache.hadoop.hdfs.security.token.block.BlockTokenSecretManager
    public boolean updateKeys() throws IOException {
        if (!this.isMaster) {
            return false;
        }
        if (isLeader()) {
            LOG.info("Updating block keys");
            return updateBlockKeys();
        }
        retrieveBlockKeys();
        return true;
    }

    @Override // org.apache.hadoop.hdfs.security.token.block.BlockTokenSecretManager
    public DataEncryptionKey generateDataEncryptionKey() throws IOException {
        byte[] bArr = new byte[8];
        this.nonceGenerator.nextBytes(bArr);
        BlockKey blockKeyByType = getBlockKeyByType(BlockKey.KeyType.CurrKey);
        return new DataEncryptionKey(blockKeyByType.getKeyId(), this.blockPoolId, bArr, createPassword(bArr, blockKeyByType.getKey()), Time.now() + this.tokenLifetime, this.encryptionAlgorithm);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.apache.hadoop.hdfs.security.token.block.BlockTokenSecretManager, org.apache.hadoop.security.token.SecretManager
    public byte[] createPassword(BlockTokenIdentifier blockTokenIdentifier) {
        try {
            BlockKey blockKeyByType = getBlockKeyByType(BlockKey.KeyType.CurrKey);
            if (blockKeyByType == null) {
                throw new IllegalStateException("currentKey hasn't been initialized.");
            }
            blockTokenIdentifier.setExpiryDate(Time.now() + this.tokenLifetime);
            blockTokenIdentifier.setKeyId(blockKeyByType.getKeyId());
            if (LOG.isDebugEnabled()) {
                LOG.debug("Generating block token for " + blockTokenIdentifier.toString());
            }
            return createPassword(blockTokenIdentifier.getBytes(), blockKeyByType.getKey());
        } catch (IOException e) {
            throw new IllegalStateException("currentKey hasn't been initialized. [" + e.getMessage() + "]");
        }
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.apache.hadoop.hdfs.security.token.block.BlockTokenSecretManager, org.apache.hadoop.security.token.SecretManager
    public byte[] retrievePassword(BlockTokenIdentifier blockTokenIdentifier) throws SecretManager.InvalidToken {
        if (isExpired(blockTokenIdentifier.getExpiryDate())) {
            throw new SecretManager.InvalidToken("Block token with " + blockTokenIdentifier.toString() + " is expired.");
        }
        BlockKey blockKey = null;
        try {
            blockKey = getBlockKeyById(blockTokenIdentifier.getKeyId());
        } catch (IOException e) {
        }
        if (blockKey == null) {
            throw new SecretManager.InvalidToken("Can't re-compute password for " + blockTokenIdentifier.toString() + ", since the required block key (keyID=" + blockTokenIdentifier.getKeyId() + ") doesn't exist.");
        }
        return createPassword(blockTokenIdentifier.getBytes(), blockKey.getKey());
    }

    public void generateKeysIfNeeded() throws IOException {
        if (isLeader()) {
            retrieveBlockKeys();
            if (this.currentKey == null && this.nextKey == null) {
                generateKeys();
            }
        }
    }

    private void retrieveBlockKeys() throws IOException {
        this.currentKey = getBlockKeyByType(BlockKey.KeyType.CurrKey);
        this.nextKey = getBlockKeyByType(BlockKey.KeyType.NextKey);
    }

    private void addBlockKeys() throws IOException {
        new HopsTransactionalRequestHandler(HDFSOperationType.ADD_BLOCK_TOKENS) { // from class: io.hops.metadata.security.token.block.NameNodeBlockTokenSecretManager.1
            @Override // io.hops.transaction.handler.TransactionalRequestHandler
            public void acquireLock(TransactionLocks transactionLocks) throws IOException {
                transactionLocks.add(LockFactory.getInstance().getVariableLock(Variable.Finder.BlockTokenKeys, TransactionLockTypes.LockType.WRITE));
            }

            @Override // io.hops.transaction.handler.RequestHandler
            public Object performTask() throws StorageException, IOException {
                HdfsVariables.updateBlockTokenKeys(NameNodeBlockTokenSecretManager.this.currentKey, NameNodeBlockTokenSecretManager.this.nextKey);
                return null;
            }
        }.handle();
    }

    private BlockKey getBlockKeyById(int i) throws IOException {
        return HdfsVariables.getAllBlockTokenKeysByIDLW().get(Integer.valueOf(i));
    }

    private BlockKey getBlockKeyByType(BlockKey.KeyType keyType) throws IOException {
        return HdfsVariables.getAllBlockTokenKeysByTypeLW().get(Integer.valueOf(keyType.ordinal()));
    }

    private BlockKey[] getAllKeysAndSync() throws IOException {
        BlockKey[] blockKeyArr = null;
        Collection<BlockKey> allKeys = getAllKeys();
        if (allKeys != null) {
            for (BlockKey blockKey : allKeys) {
                if (blockKey.isCurrKey()) {
                    this.currentKey = blockKey;
                } else if (blockKey.isNextKey()) {
                    this.nextKey = blockKey;
                }
            }
            blockKeyArr = (BlockKey[]) allKeys.toArray(new BlockKey[allKeys.size()]);
        }
        return blockKeyArr;
    }

    private Collection<BlockKey> getAllKeys() throws IOException {
        return HdfsVariables.getAllBlockTokenKeysByIDLW().values();
    }

    private boolean updateBlockKeys() throws IOException {
        return ((Boolean) new HopsTransactionalRequestHandler(HDFSOperationType.UPDATE_BLOCK_KEYS) { // from class: io.hops.metadata.security.token.block.NameNodeBlockTokenSecretManager.2
            @Override // io.hops.transaction.handler.TransactionalRequestHandler
            public void acquireLock(TransactionLocks transactionLocks) throws IOException {
                transactionLocks.add(LockFactory.getInstance().getVariableLock(Variable.Finder.BlockTokenKeys, TransactionLockTypes.LockType.WRITE));
            }

            @Override // io.hops.transaction.handler.RequestHandler
            public Object performTask() throws StorageException, IOException {
                Map<Integer, BlockKey> allBlockTokenKeysByType = HdfsVariables.getAllBlockTokenKeysByType();
                if (allBlockTokenKeysByType.isEmpty()) {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("keys is not generated yet to be updated");
                    }
                    return false;
                }
                BlockKey blockKey = allBlockTokenKeysByType.get(Integer.valueOf(BlockKey.KeyType.CurrKey.ordinal()));
                blockKey.setExpiryDate(Time.now() + NameNodeBlockTokenSecretManager.this.keyUpdateInterval + NameNodeBlockTokenSecretManager.this.tokenLifetime);
                blockKey.setKeyType(BlockKey.KeyType.SimpleKey);
                BlockKey blockKey2 = allBlockTokenKeysByType.get(Integer.valueOf(BlockKey.KeyType.NextKey.ordinal()));
                NameNodeBlockTokenSecretManager.this.currentKey = new BlockKey(blockKey2.getKeyId(), Time.now() + (2 * NameNodeBlockTokenSecretManager.this.keyUpdateInterval) + NameNodeBlockTokenSecretManager.this.tokenLifetime, blockKey2.getKey());
                NameNodeBlockTokenSecretManager.this.currentKey.setKeyType(BlockKey.KeyType.CurrKey);
                NameNodeBlockTokenSecretManager.this.setSerialNo(NameNodeBlockTokenSecretManager.this.serialNo + 1);
                NameNodeBlockTokenSecretManager.this.nextKey = new BlockKey(NameNodeBlockTokenSecretManager.this.serialNo, Time.now() + (3 * NameNodeBlockTokenSecretManager.this.keyUpdateInterval) + NameNodeBlockTokenSecretManager.this.tokenLifetime, NameNodeBlockTokenSecretManager.this.generateSecret());
                NameNodeBlockTokenSecretManager.this.nextKey.setKeyType(BlockKey.KeyType.NextKey);
                HdfsVariables.updateBlockTokenKeys(NameNodeBlockTokenSecretManager.this.currentKey, NameNodeBlockTokenSecretManager.this.nextKey, blockKey);
                return true;
            }
        }.handle()).booleanValue();
    }

    private boolean isLeader() {
        if (this.namesystem != null) {
            return this.namesystem.isLeader();
        }
        return false;
    }
}
