package org.apache.hadoop.ozone.om.request.s3.security;

import com.google.common.base.Optional;
import java.io.IOException;
import java.util.HashMap;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.hadoop.hdds.utils.db.cache.CacheKey;
import org.apache.hadoop.hdds.utils.db.cache.CacheValue;
import org.apache.hadoop.ipc.ProtobufRpcEngine;
import org.apache.hadoop.ozone.OmUtils;
import org.apache.hadoop.ozone.audit.OMAction;
import org.apache.hadoop.ozone.om.OMMetadataManager;
import org.apache.hadoop.ozone.om.OzoneManager;
import org.apache.hadoop.ozone.om.exceptions.OMException;
import org.apache.hadoop.ozone.om.helpers.S3SecretValue;
import org.apache.hadoop.ozone.om.lock.OzoneManagerLock;
import org.apache.hadoop.ozone.om.ratis.utils.OzoneManagerDoubleBufferHelper;
import org.apache.hadoop.ozone.om.request.OMClientRequest;
import org.apache.hadoop.ozone.om.request.util.OmResponseUtil;
import org.apache.hadoop.ozone.om.response.OMClientResponse;
import org.apache.hadoop.ozone.om.response.s3.security.S3GetSecretResponse;
import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos;
import org.apache.hadoop.security.UserGroupInformation;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/ozone/om/request/s3/security/S3GetSecretRequest.class */
public class S3GetSecretRequest extends OMClientRequest {
    private static final Logger LOG = LoggerFactory.getLogger(S3GetSecretRequest.class);

    public S3GetSecretRequest(OzoneManagerProtocolProtos.OMRequest oMRequest) {
        super(oMRequest);
    }

    @Override // org.apache.hadoop.ozone.om.request.OMClientRequest
    public OzoneManagerProtocolProtos.OMRequest preExecute(OzoneManager ozoneManager) throws IOException {
        String kerberosID = getOmRequest().getGetS3SecretRequest().getKerberosID();
        UserGroupInformation remoteUser = ProtobufRpcEngine.Server.getRemoteUser();
        if (!remoteUser.getUserName().equals(kerberosID)) {
            throw new OMException("User mismatch. Requested user name is mismatched " + kerberosID + ", with current user " + remoteUser.getUserName(), OMException.ResultCodes.USER_MISMATCH);
        }
        OzoneManagerProtocolProtos.OMRequest.Builder clientId = OzoneManagerProtocolProtos.OMRequest.newBuilder().setUserInfo(getUserInfo()).setUpdateGetS3SecretRequest(OzoneManagerProtocolProtos.UpdateGetS3SecretRequest.newBuilder().setAwsSecret(DigestUtils.sha256Hex(OmUtils.getSHADigest())).setKerberosID(kerberosID).build()).setCmdType(getOmRequest().getCmdType()).setClientId(getOmRequest().getClientId());
        if (getOmRequest().hasTraceID()) {
            clientId.setTraceID(getOmRequest().getTraceID());
        }
        return clientId.build();
    }

    @Override // org.apache.hadoop.ozone.om.request.OMClientRequest
    public OMClientResponse validateAndUpdateCache(OzoneManager ozoneManager, long j, OzoneManagerDoubleBufferHelper ozoneManagerDoubleBufferHelper) {
        S3GetSecretResponse s3GetSecretResponse;
        OzoneManagerProtocolProtos.OMResponse.Builder oMResponseBuilder = OmResponseUtil.getOMResponseBuilder(getOmRequest());
        Throwable th = null;
        OMMetadataManager metadataManager = ozoneManager.getMetadataManager();
        OzoneManagerProtocolProtos.UpdateGetS3SecretRequest updateGetS3SecretRequest = getOmRequest().getUpdateGetS3SecretRequest();
        String kerberosID = updateGetS3SecretRequest.getKerberosID();
        try {
            try {
                String awsSecret = updateGetS3SecretRequest.getAwsSecret();
                boolean acquireWriteLock = metadataManager.getLock().acquireWriteLock(OzoneManagerLock.Resource.S3_SECRET_LOCK, new String[]{kerberosID});
                S3SecretValue s3SecretValue = (S3SecretValue) metadataManager.getS3SecretTable().get(kerberosID);
                if (s3SecretValue == null) {
                    metadataManager.getS3SecretTable().addCacheEntry(new CacheKey(kerberosID), new CacheValue(Optional.of(new S3SecretValue(kerberosID, awsSecret)), j));
                } else {
                    awsSecret = s3SecretValue.getAwsSecret();
                }
                OzoneManagerProtocolProtos.GetS3SecretResponse.Builder s3Secret = OzoneManagerProtocolProtos.GetS3SecretResponse.newBuilder().setS3Secret(OzoneManagerProtocolProtos.S3Secret.newBuilder().setAwsSecret(awsSecret).setKerberosID(kerberosID));
                s3GetSecretResponse = s3SecretValue == null ? new S3GetSecretResponse(new S3SecretValue(kerberosID, awsSecret), oMResponseBuilder.setGetS3SecretResponse(s3Secret).build()) : new S3GetSecretResponse(null, oMResponseBuilder.setGetS3SecretResponse(s3Secret).build());
                addResponseToDoubleBuffer(j, s3GetSecretResponse, ozoneManagerDoubleBufferHelper);
                if (acquireWriteLock) {
                    metadataManager.getLock().releaseWriteLock(OzoneManagerLock.Resource.S3_SECRET_LOCK, new String[]{kerberosID});
                }
            } catch (IOException e) {
                th = e;
                s3GetSecretResponse = new S3GetSecretResponse(null, createErrorOMResponse(oMResponseBuilder, e));
                addResponseToDoubleBuffer(j, s3GetSecretResponse, ozoneManagerDoubleBufferHelper);
                if (0 != 0) {
                    metadataManager.getLock().releaseWriteLock(OzoneManagerLock.Resource.S3_SECRET_LOCK, new String[]{kerberosID});
                }
            }
            HashMap hashMap = new HashMap();
            hashMap.put("S3GetSecretUser", kerberosID);
            auditLog(ozoneManager.getAuditLogger(), buildAuditMessage(OMAction.GET_S3_SECRET, hashMap, th, getOmRequest().getUserInfo()));
            if (th == null) {
                LOG.debug("Secret for accessKey:{} is generated Successfully", kerberosID);
            } else {
                LOG.error("Secret for accessKey:{} is generation failed", kerberosID, th);
            }
            return s3GetSecretResponse;
        } catch (Throwable th2) {
            addResponseToDoubleBuffer(j, null, ozoneManagerDoubleBufferHelper);
            if (0 != 0) {
                metadataManager.getLock().releaseWriteLock(OzoneManagerLock.Resource.S3_SECRET_LOCK, new String[]{kerberosID});
            }
            throw th2;
        }
    }
}
