package org.apache.hadoop.hive.thrift;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import org.apache.commons.codec.binary.Base64;
import org.apache.hadoop.io.Writable;
import org.apache.hadoop.security.token.SecretManager;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier;
import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager;
import org.apache.hadoop.security.token.delegation.DelegationKey;
import org.apache.hadoop.security.token.delegation.HiveDelegationTokenSupport;
import org.apache.hadoop.util.Daemon;
import org.apache.hadoop.util.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/hive/thrift/TokenStoreDelegationTokenSecretManager.class */
public class TokenStoreDelegationTokenSecretManager extends DelegationTokenSecretManager {
    private static final Logger LOGGER = LoggerFactory.getLogger(TokenStoreDelegationTokenSecretManager.class.getName());
    private final long keyUpdateInterval;
    private final long tokenRemoverScanInterval;
    private Thread tokenRemoverThread;
    private final DelegationTokenStore tokenStore;

    /* loaded from: input_file:org/apache/hadoop/hive/thrift/TokenStoreDelegationTokenSecretManager$ExpiredTokenRemover.class */
    protected class ExpiredTokenRemover extends Thread {
        private long lastMasterKeyUpdate;
        private long lastTokenCacheCleanup;

        protected ExpiredTokenRemover() {
        }

        @Override // java.lang.Thread, java.lang.Runnable
        public void run() {
            TokenStoreDelegationTokenSecretManager.LOGGER.info("Starting expired delegation token remover thread, tokenRemoverScanInterval=" + (TokenStoreDelegationTokenSecretManager.this.tokenRemoverScanInterval / 60000) + " min(s)");
            while (TokenStoreDelegationTokenSecretManager.this.running) {
                try {
                    long currentTimeMillis = System.currentTimeMillis();
                    if (this.lastMasterKeyUpdate + TokenStoreDelegationTokenSecretManager.this.keyUpdateInterval < currentTimeMillis) {
                        try {
                            TokenStoreDelegationTokenSecretManager.this.rollMasterKeyExt();
                            this.lastMasterKeyUpdate = currentTimeMillis;
                        } catch (IOException e) {
                            TokenStoreDelegationTokenSecretManager.LOGGER.error("Master key updating failed. " + StringUtils.stringifyException(e));
                        }
                    }
                    if (this.lastTokenCacheCleanup + TokenStoreDelegationTokenSecretManager.this.tokenRemoverScanInterval < currentTimeMillis) {
                        TokenStoreDelegationTokenSecretManager.this.removeExpiredTokens();
                        this.lastTokenCacheCleanup = currentTimeMillis;
                    }
                    try {
                        Thread.sleep(5000L);
                    } catch (InterruptedException e2) {
                        TokenStoreDelegationTokenSecretManager.LOGGER.error("InterruptedException received for ExpiredTokenRemover thread " + e2);
                    }
                } catch (Throwable th) {
                    TokenStoreDelegationTokenSecretManager.LOGGER.error("ExpiredTokenRemover thread received unexpected exception. " + th, th);
                    try {
                        Thread.sleep(5000L);
                    } catch (InterruptedException e3) {
                        TokenStoreDelegationTokenSecretManager.LOGGER.error("InterruptedException received for ExpiredTokenRemover thread during wait in exception sleep " + e3);
                    }
                }
            }
        }
    }

    public TokenStoreDelegationTokenSecretManager(long j, long j2, long j3, long j4, DelegationTokenStore delegationTokenStore) {
        super(j, j2, j3, j4);
        this.keyUpdateInterval = j;
        this.tokenRemoverScanInterval = j4;
        this.tokenStore = delegationTokenStore;
    }

    protected Map<Integer, DelegationKey> reloadKeys() {
        String[] masterKeys = this.tokenStore.getMasterKeys();
        HashMap hashMap = new HashMap(masterKeys.length);
        for (String str : masterKeys) {
            DelegationKey delegationKey = new DelegationKey();
            try {
                decodeWritable(delegationKey, str);
                hashMap.put(Integer.valueOf(delegationKey.getKeyId()), delegationKey);
            } catch (IOException e) {
                LOGGER.error("Failed to load master key.", e);
            }
        }
        synchronized (this) {
            ((DelegationTokenSecretManager) this).allKeys.clear();
            ((DelegationTokenSecretManager) this).allKeys.putAll(hashMap);
        }
        return hashMap;
    }

    public byte[] retrievePassword(DelegationTokenIdentifier delegationTokenIdentifier) throws SecretManager.InvalidToken {
        byte[] retrievePassword;
        AbstractDelegationTokenSecretManager.DelegationTokenInformation token = this.tokenStore.getToken(delegationTokenIdentifier);
        if (token == null) {
            throw new SecretManager.InvalidToken("token expired or does not exist: " + delegationTokenIdentifier);
        }
        synchronized (this) {
            try {
                ((DelegationTokenSecretManager) this).currentTokens.put(delegationTokenIdentifier, token);
                retrievePassword = super.retrievePassword((AbstractDelegationTokenIdentifier) delegationTokenIdentifier);
                ((DelegationTokenSecretManager) this).currentTokens.remove(delegationTokenIdentifier);
            } catch (Throwable th) {
                ((DelegationTokenSecretManager) this).currentTokens.remove(delegationTokenIdentifier);
                throw th;
            }
        }
        return retrievePassword;
    }

    public DelegationTokenIdentifier cancelToken(Token<DelegationTokenIdentifier> token, String str) throws IOException {
        DelegationTokenIdentifier tokenIdentifier = getTokenIdentifier(token);
        LOGGER.info("Token cancelation requested for identifier: " + tokenIdentifier);
        this.tokenStore.removeToken(tokenIdentifier);
        return tokenIdentifier;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] createPassword(DelegationTokenIdentifier delegationTokenIdentifier) {
        byte[] createPassword;
        AbstractDelegationTokenSecretManager.DelegationTokenInformation delegationTokenInformation;
        synchronized (this) {
            createPassword = super.createPassword((AbstractDelegationTokenIdentifier) delegationTokenIdentifier);
            delegationTokenInformation = (AbstractDelegationTokenSecretManager.DelegationTokenInformation) ((DelegationTokenSecretManager) this).currentTokens.remove(delegationTokenIdentifier);
            if (delegationTokenInformation == null) {
                throw new IllegalStateException("Failed to retrieve token after creation");
            }
        }
        this.tokenStore.addToken(delegationTokenIdentifier, delegationTokenInformation);
        return createPassword;
    }

    public long renewToken(Token<DelegationTokenIdentifier> token, String str) throws SecretManager.InvalidToken, IOException {
        long renewToken;
        DelegationTokenIdentifier tokenIdentifier = getTokenIdentifier(token);
        AbstractDelegationTokenSecretManager.DelegationTokenInformation token2 = this.tokenStore.getToken(tokenIdentifier);
        if (token2 == null) {
            throw new SecretManager.InvalidToken("token does not exist: " + tokenIdentifier);
        }
        if (!((DelegationTokenSecretManager) this).allKeys.containsKey(Integer.valueOf(tokenIdentifier.getMasterKeyId()))) {
            LOGGER.info("Unknown master key (id={}), (re)loading keys from token store.", Integer.valueOf(tokenIdentifier.getMasterKeyId()));
            reloadKeys();
        }
        synchronized (this) {
            ((DelegationTokenSecretManager) this).currentTokens.put(tokenIdentifier, token2);
            try {
                renewToken = super.renewToken(token, str);
                ((DelegationTokenSecretManager) this).currentTokens.remove(tokenIdentifier);
            } catch (Throwable th) {
                ((DelegationTokenSecretManager) this).currentTokens.remove(tokenIdentifier);
                throw th;
            }
        }
        return renewToken;
    }

    public static String encodeWritable(Writable writable) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
        writable.write(dataOutputStream);
        dataOutputStream.flush();
        return Base64.encodeBase64URLSafeString(byteArrayOutputStream.toByteArray());
    }

    public static void decodeWritable(Writable writable, String str) throws IOException {
        writable.readFields(new DataInputStream(new ByteArrayInputStream(Base64.decodeBase64(str))));
    }

    protected void logUpdateMasterKey(DelegationKey delegationKey) throws IOException {
        int addMasterKey = this.tokenStore.addMasterKey(encodeWritable(delegationKey));
        String encodeWritable = encodeWritable(new DelegationKey(addMasterKey, delegationKey.getExpiryDate(), delegationKey.getKey()));
        this.tokenStore.updateMasterKey(addMasterKey, encodeWritable);
        decodeWritable(delegationKey, encodeWritable);
        LOGGER.info("New master key with key id={}", Integer.valueOf(delegationKey.getKeyId()));
        super.logUpdateMasterKey(delegationKey);
    }

    public synchronized void startThreads() throws IOException {
        try {
            Method declaredMethod = AbstractDelegationTokenSecretManager.class.getDeclaredMethod("updateCurrentKey", new Class[0]);
            declaredMethod.setAccessible(true);
            declaredMethod.invoke(this, new Object[0]);
            this.running = true;
            this.tokenRemoverThread = new Daemon(new ExpiredTokenRemover());
            this.tokenRemoverThread.start();
        } catch (Exception e) {
            throw new IOException("Failed to initialize master key", e);
        }
    }

    public synchronized void stopThreads() {
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Stopping expired delegation token remover thread");
        }
        this.running = false;
        if (this.tokenRemoverThread != null) {
            this.tokenRemoverThread.interrupt();
        }
    }

    protected void removeExpiredTokens() {
        long currentTimeMillis = System.currentTimeMillis();
        for (DelegationTokenIdentifier delegationTokenIdentifier : this.tokenStore.getAllDelegationTokenIdentifiers()) {
            if (currentTimeMillis > delegationTokenIdentifier.getMaxDate()) {
                this.tokenStore.removeToken(delegationTokenIdentifier);
            } else {
                AbstractDelegationTokenSecretManager.DelegationTokenInformation token = this.tokenStore.getToken(delegationTokenIdentifier);
                if (token != null && currentTimeMillis > token.getRenewDate()) {
                    this.tokenStore.removeToken(delegationTokenIdentifier);
                }
            }
        }
    }

    protected void rollMasterKeyExt() throws IOException {
        Map<Integer, DelegationKey> reloadKeys = reloadKeys();
        int i = ((DelegationTokenSecretManager) this).currentId;
        HiveDelegationTokenSupport.rollMasterKey(this);
        for (DelegationKey delegationKey : Arrays.asList(getAllKeys())) {
            reloadKeys.remove(Integer.valueOf(delegationKey.getKeyId()));
            if (delegationKey.getKeyId() == i) {
                this.tokenStore.updateMasterKey(i, encodeWritable(delegationKey));
            }
        }
        for (DelegationKey delegationKey2 : reloadKeys.values()) {
            LOGGER.info("Removing expired key id={}", Integer.valueOf(delegationKey2.getKeyId()));
            try {
                this.tokenStore.removeMasterKey(delegationKey2.getKeyId());
            } catch (Exception e) {
                LOGGER.error("Error removing expired key id={}", Integer.valueOf(delegationKey2.getKeyId()), e);
            }
        }
    }

    /* renamed from: cancelToken, reason: collision with other method in class */
    public /* bridge */ /* synthetic */ AbstractDelegationTokenIdentifier m3892cancelToken(Token token, String str) throws IOException {
        return cancelToken((Token<DelegationTokenIdentifier>) token, str);
    }
}
