package org.apache.hadoop.crypto.key.kms;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import java.io.IOException;
import java.io.InterruptedIOException;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.concurrent.atomic.AtomicInteger;
import org.apache.commons.configuration.tree.DefaultExpressionEngine;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.crypto.key.KeyProvider;
import org.apache.hadoop.crypto.key.KeyProviderCryptoExtension;
import org.apache.hadoop.crypto.key.KeyProviderDelegationTokenExtension;
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
import org.apache.hadoop.io.retry.RetryPolicies;
import org.apache.hadoop.io.retry.RetryPolicy;
import org.apache.hadoop.security.AccessControlException;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.util.Time;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/hadoop-common-2.6.0-cdh5.13.1-SNAPSHOT.jar:org/apache/hadoop/crypto/key/kms/LoadBalancingKMSClientProvider.class */
public class LoadBalancingKMSClientProvider extends KeyProvider implements KeyProviderCryptoExtension.CryptoExtension, KeyProviderDelegationTokenExtension.DelegationTokenExtension {
    public static Logger LOG = LoggerFactory.getLogger(LoadBalancingKMSClientProvider.class);
    private final KMSClientProvider[] providers;
    private final AtomicInteger currentIdx;
    private RetryPolicy retryPolicy;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/hadoop-common-2.6.0-cdh5.13.1-SNAPSHOT.jar:org/apache/hadoop/crypto/key/kms/LoadBalancingKMSClientProvider$ProviderCallable.class */
    public interface ProviderCallable<T> {
        T call(KMSClientProvider kMSClientProvider) throws IOException, Exception;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/hadoop-common-2.6.0-cdh5.13.1-SNAPSHOT.jar:org/apache/hadoop/crypto/key/kms/LoadBalancingKMSClientProvider$WrapperException.class */
    public static class WrapperException extends RuntimeException {
        public WrapperException(Throwable th) {
            super(th);
        }
    }

    public LoadBalancingKMSClientProvider(KMSClientProvider[] kMSClientProviderArr, Configuration configuration) {
        this(shuffle(kMSClientProviderArr), Time.monotonicNow(), configuration);
    }

    @VisibleForTesting
    LoadBalancingKMSClientProvider(KMSClientProvider[] kMSClientProviderArr, long j, Configuration configuration) {
        super(configuration);
        this.retryPolicy = null;
        this.providers = kMSClientProviderArr;
        this.currentIdx = new AtomicInteger((int) (j % kMSClientProviderArr.length));
        int i = configuration.getInt(CommonConfigurationKeysPublic.KMS_CLIENT_FAILOVER_MAX_RETRIES_KEY, 15);
        int i2 = configuration.getInt(CommonConfigurationKeysPublic.KMS_CLIENT_FAILOVER_SLEEP_BASE_MILLIS_KEY, 100);
        int i3 = configuration.getInt(CommonConfigurationKeysPublic.KMS_CLIENT_FAILOVER_SLEEP_MAX_MILLIS_KEY, 2000);
        Preconditions.checkState(i >= 0);
        Preconditions.checkState(i2 >= 0);
        Preconditions.checkState(i3 >= 0);
        this.retryPolicy = RetryPolicies.failoverOnNetworkException(RetryPolicies.TRY_ONCE_THEN_FAIL, i, 0, i2, i3);
    }

    @VisibleForTesting
    public KMSClientProvider[] getProviders() {
        return this.providers;
    }

    private <T> T doOp(ProviderCallable<T> providerCallable, int i) throws IOException {
        if (this.providers.length == 0) {
            throw new IOException("No providers configured !");
        }
        int i2 = 0;
        int i3 = 0;
        while (true) {
            KMSClientProvider kMSClientProvider = this.providers[(i + i3) % this.providers.length];
            try {
                return providerCallable.call(kMSClientProvider);
            } catch (AccessControlException e) {
                throw e;
            } catch (IOException e2) {
                LOG.warn("KMS provider at [{}] threw an IOException: ", kMSClientProvider.getKMSUrl(), e2);
                try {
                    RetryPolicy.RetryAction shouldRetry = this.retryPolicy.shouldRetry(e2, 0, i2, false);
                    if (shouldRetry.action == RetryPolicy.RetryAction.RetryDecision.FAIL) {
                        LOG.warn("Aborting since the Request has failed with all KMS providers(depending on {}={} setting and numProviders={}) in the group OR the exception is not recoverable", CommonConfigurationKeysPublic.KMS_CLIENT_FAILOVER_MAX_RETRIES_KEY, Integer.valueOf(getConf().getInt(CommonConfigurationKeysPublic.KMS_CLIENT_FAILOVER_MAX_RETRIES_KEY, this.providers.length)), Integer.valueOf(this.providers.length));
                        throw e2;
                    }
                    if ((i2 + 1) % this.providers.length == 0) {
                        try {
                            Thread.sleep(shouldRetry.delayMillis);
                        } catch (InterruptedException e3) {
                            throw new InterruptedIOException("Thread Interrupted");
                        }
                    }
                    i3++;
                    i2++;
                } catch (Exception e4) {
                    if (e4 instanceof IOException) {
                        throw ((IOException) e4);
                    }
                    throw new IOException(e4);
                }
            } catch (Exception e5) {
                if (e5 instanceof RuntimeException) {
                    throw ((RuntimeException) e5);
                }
                throw new WrapperException(e5);
            }
        }
    }

    private int nextIdx() {
        int i;
        do {
            i = this.currentIdx.get();
        } while (!this.currentIdx.compareAndSet(i, (i + 1) % this.providers.length));
        return i;
    }

    @Override // org.apache.hadoop.crypto.key.KeyProviderDelegationTokenExtension.DelegationTokenExtension
    public Token<?>[] addDelegationTokens(final String str, final Credentials credentials) throws IOException {
        return (Token[]) doOp(new ProviderCallable<Token<?>[]>() { // from class: org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.ProviderCallable
            public Token<?>[] call(KMSClientProvider kMSClientProvider) throws IOException {
                return kMSClientProvider.addDelegationTokens(str, credentials);
            }
        }, nextIdx());
    }

    @Override // org.apache.hadoop.crypto.key.KeyProviderDelegationTokenExtension.DelegationTokenExtension
    public long renewDelegationToken(final Token<?> token) throws IOException {
        return ((Long) doOp(new ProviderCallable<Long>() { // from class: org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.ProviderCallable
            public Long call(KMSClientProvider kMSClientProvider) throws IOException {
                return Long.valueOf(kMSClientProvider.renewDelegationToken(token));
            }
        }, nextIdx())).longValue();
    }

    @Override // org.apache.hadoop.crypto.key.KeyProviderDelegationTokenExtension.DelegationTokenExtension
    public Void cancelDelegationToken(final Token<?> token) throws IOException {
        return (Void) doOp(new ProviderCallable<Void>() { // from class: org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.3
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.ProviderCallable
            public Void call(KMSClientProvider kMSClientProvider) throws IOException {
                kMSClientProvider.cancelDelegationToken(token);
                return null;
            }
        }, nextIdx());
    }

    @Override // org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.CryptoExtension
    public void warmUpEncryptedKeys(String... strArr) throws IOException {
        Preconditions.checkArgument(this.providers.length > 0, "No providers are configured");
        boolean z = false;
        IOException iOException = null;
        for (KMSClientProvider kMSClientProvider : this.providers) {
            try {
                kMSClientProvider.warmUpEncryptedKeys(strArr);
                z = true;
            } catch (IOException e) {
                iOException = e;
                LOG.error("Error warming up keys for provider with url[" + kMSClientProvider.getKMSUrl() + DefaultExpressionEngine.DEFAULT_ATTRIBUTE_END, (Throwable) e);
            }
        }
        if (!z && iOException != null) {
            throw iOException;
        }
    }

    @Override // org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.CryptoExtension
    public void drain(String str) {
        for (KMSClientProvider kMSClientProvider : this.providers) {
            kMSClientProvider.drain(str);
        }
    }

    @Override // org.apache.hadoop.crypto.key.KeyProvider
    public void invalidateCache(String str) throws IOException {
        for (KMSClientProvider kMSClientProvider : this.providers) {
            kMSClientProvider.invalidateCache(str);
        }
    }

    @Override // org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.CryptoExtension
    public KeyProviderCryptoExtension.EncryptedKeyVersion generateEncryptedKey(final String str) throws IOException, GeneralSecurityException {
        try {
            return (KeyProviderCryptoExtension.EncryptedKeyVersion) doOp(new ProviderCallable<KeyProviderCryptoExtension.EncryptedKeyVersion>() { // from class: org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.4
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.ProviderCallable
                public KeyProviderCryptoExtension.EncryptedKeyVersion call(KMSClientProvider kMSClientProvider) throws IOException, GeneralSecurityException {
                    return kMSClientProvider.generateEncryptedKey(str);
                }
            }, nextIdx());
        } catch (WrapperException e) {
            if (e.getCause() instanceof GeneralSecurityException) {
                throw ((GeneralSecurityException) e.getCause());
            }
            throw new IOException(e.getCause());
        }
    }

    @Override // org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.CryptoExtension
    public KeyProvider.KeyVersion decryptEncryptedKey(final KeyProviderCryptoExtension.EncryptedKeyVersion encryptedKeyVersion) throws IOException, GeneralSecurityException {
        try {
            return (KeyProvider.KeyVersion) doOp(new ProviderCallable<KeyProvider.KeyVersion>() { // from class: org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.5
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.ProviderCallable
                public KeyProvider.KeyVersion call(KMSClientProvider kMSClientProvider) throws IOException, GeneralSecurityException {
                    return kMSClientProvider.decryptEncryptedKey(encryptedKeyVersion);
                }
            }, nextIdx());
        } catch (WrapperException e) {
            if (e.getCause() instanceof GeneralSecurityException) {
                throw ((GeneralSecurityException) e.getCause());
            }
            throw new IOException(e.getCause());
        }
    }

    @Override // org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.CryptoExtension
    public KeyProviderCryptoExtension.EncryptedKeyVersion reencryptEncryptedKey(final KeyProviderCryptoExtension.EncryptedKeyVersion encryptedKeyVersion) throws IOException, GeneralSecurityException {
        try {
            return (KeyProviderCryptoExtension.EncryptedKeyVersion) doOp(new ProviderCallable<KeyProviderCryptoExtension.EncryptedKeyVersion>() { // from class: org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.6
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.ProviderCallable
                public KeyProviderCryptoExtension.EncryptedKeyVersion call(KMSClientProvider kMSClientProvider) throws IOException, GeneralSecurityException {
                    return kMSClientProvider.reencryptEncryptedKey(encryptedKeyVersion);
                }
            }, nextIdx());
        } catch (WrapperException e) {
            if (e.getCause() instanceof GeneralSecurityException) {
                throw ((GeneralSecurityException) e.getCause());
            }
            throw new IOException(e.getCause());
        }
    }

    @Override // org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.CryptoExtension
    public void reencryptEncryptedKeys(final List<KeyProviderCryptoExtension.EncryptedKeyVersion> list) throws IOException, GeneralSecurityException {
        try {
            doOp(new ProviderCallable<Void>() { // from class: org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.7
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.ProviderCallable
                public Void call(KMSClientProvider kMSClientProvider) throws IOException, GeneralSecurityException {
                    kMSClientProvider.reencryptEncryptedKeys(list);
                    return null;
                }
            }, nextIdx());
        } catch (WrapperException e) {
            if (!(e.getCause() instanceof GeneralSecurityException)) {
                throw new IOException(e.getCause());
            }
            throw ((GeneralSecurityException) e.getCause());
        }
    }

    @Override // org.apache.hadoop.crypto.key.KeyProvider
    public KeyProvider.KeyVersion getKeyVersion(final String str) throws IOException {
        return (KeyProvider.KeyVersion) doOp(new ProviderCallable<KeyProvider.KeyVersion>() { // from class: org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.8
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.ProviderCallable
            public KeyProvider.KeyVersion call(KMSClientProvider kMSClientProvider) throws IOException {
                return kMSClientProvider.getKeyVersion(str);
            }
        }, nextIdx());
    }

    @Override // org.apache.hadoop.crypto.key.KeyProvider
    public List<String> getKeys() throws IOException {
        return (List) doOp(new ProviderCallable<List<String>>() { // from class: org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.9
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.ProviderCallable
            public List<String> call(KMSClientProvider kMSClientProvider) throws IOException {
                return kMSClientProvider.getKeys();
            }
        }, nextIdx());
    }

    @Override // org.apache.hadoop.crypto.key.KeyProvider
    public KeyProvider.Metadata[] getKeysMetadata(final String... strArr) throws IOException {
        return (KeyProvider.Metadata[]) doOp(new ProviderCallable<KeyProvider.Metadata[]>() { // from class: org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.10
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.ProviderCallable
            public KeyProvider.Metadata[] call(KMSClientProvider kMSClientProvider) throws IOException {
                return kMSClientProvider.getKeysMetadata(strArr);
            }
        }, nextIdx());
    }

    @Override // org.apache.hadoop.crypto.key.KeyProvider
    public List<KeyProvider.KeyVersion> getKeyVersions(final String str) throws IOException {
        return (List) doOp(new ProviderCallable<List<KeyProvider.KeyVersion>>() { // from class: org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.11
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.ProviderCallable
            public List<KeyProvider.KeyVersion> call(KMSClientProvider kMSClientProvider) throws IOException {
                return kMSClientProvider.getKeyVersions(str);
            }
        }, nextIdx());
    }

    @Override // org.apache.hadoop.crypto.key.KeyProvider
    public KeyProvider.KeyVersion getCurrentKey(final String str) throws IOException {
        return (KeyProvider.KeyVersion) doOp(new ProviderCallable<KeyProvider.KeyVersion>() { // from class: org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.12
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.ProviderCallable
            public KeyProvider.KeyVersion call(KMSClientProvider kMSClientProvider) throws IOException {
                return kMSClientProvider.getCurrentKey(str);
            }
        }, nextIdx());
    }

    @Override // org.apache.hadoop.crypto.key.KeyProvider
    public KeyProvider.Metadata getMetadata(final String str) throws IOException {
        return (KeyProvider.Metadata) doOp(new ProviderCallable<KeyProvider.Metadata>() { // from class: org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.13
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.ProviderCallable
            public KeyProvider.Metadata call(KMSClientProvider kMSClientProvider) throws IOException {
                return kMSClientProvider.getMetadata(str);
            }
        }, nextIdx());
    }

    @Override // org.apache.hadoop.crypto.key.KeyProvider
    public KeyProvider.KeyVersion createKey(final String str, final byte[] bArr, final KeyProvider.Options options) throws IOException {
        return (KeyProvider.KeyVersion) doOp(new ProviderCallable<KeyProvider.KeyVersion>() { // from class: org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.14
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.ProviderCallable
            public KeyProvider.KeyVersion call(KMSClientProvider kMSClientProvider) throws IOException {
                return kMSClientProvider.createKey(str, bArr, options);
            }
        }, nextIdx());
    }

    @Override // org.apache.hadoop.crypto.key.KeyProvider
    public KeyProvider.KeyVersion createKey(final String str, final KeyProvider.Options options) throws NoSuchAlgorithmException, IOException {
        try {
            return (KeyProvider.KeyVersion) doOp(new ProviderCallable<KeyProvider.KeyVersion>() { // from class: org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.15
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.ProviderCallable
                public KeyProvider.KeyVersion call(KMSClientProvider kMSClientProvider) throws IOException, NoSuchAlgorithmException {
                    return kMSClientProvider.createKey(str, options);
                }
            }, nextIdx());
        } catch (WrapperException e) {
            if (e.getCause() instanceof GeneralSecurityException) {
                throw ((NoSuchAlgorithmException) e.getCause());
            }
            throw new IOException(e.getCause());
        }
    }

    @Override // org.apache.hadoop.crypto.key.KeyProvider
    public void deleteKey(final String str) throws IOException {
        doOp(new ProviderCallable<Void>() { // from class: org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.16
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.ProviderCallable
            public Void call(KMSClientProvider kMSClientProvider) throws IOException {
                kMSClientProvider.deleteKey(str);
                return null;
            }
        }, nextIdx());
    }

    @Override // org.apache.hadoop.crypto.key.KeyProvider
    public KeyProvider.KeyVersion rollNewVersion(final String str, final byte[] bArr) throws IOException {
        KeyProvider.KeyVersion keyVersion = (KeyProvider.KeyVersion) doOp(new ProviderCallable<KeyProvider.KeyVersion>() { // from class: org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.17
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.ProviderCallable
            public KeyProvider.KeyVersion call(KMSClientProvider kMSClientProvider) throws IOException {
                return kMSClientProvider.rollNewVersion(str, bArr);
            }
        }, nextIdx());
        invalidateCache(str);
        return keyVersion;
    }

    @Override // org.apache.hadoop.crypto.key.KeyProvider
    public KeyProvider.KeyVersion rollNewVersion(final String str) throws NoSuchAlgorithmException, IOException {
        try {
            KeyProvider.KeyVersion keyVersion = (KeyProvider.KeyVersion) doOp(new ProviderCallable<KeyProvider.KeyVersion>() { // from class: org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.18
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.ProviderCallable
                public KeyProvider.KeyVersion call(KMSClientProvider kMSClientProvider) throws IOException, NoSuchAlgorithmException {
                    return kMSClientProvider.rollNewVersion(str);
                }
            }, nextIdx());
            invalidateCache(str);
            return keyVersion;
        } catch (WrapperException e) {
            if (e.getCause() instanceof GeneralSecurityException) {
                throw ((NoSuchAlgorithmException) e.getCause());
            }
            throw new IOException(e.getCause());
        }
    }

    @Override // org.apache.hadoop.crypto.key.KeyProvider
    public void close() throws IOException {
        for (KMSClientProvider kMSClientProvider : this.providers) {
            try {
                kMSClientProvider.close();
            } catch (IOException e) {
                LOG.error("Error closing provider with url[" + kMSClientProvider.getKMSUrl() + DefaultExpressionEngine.DEFAULT_ATTRIBUTE_END);
            }
        }
    }

    @Override // org.apache.hadoop.crypto.key.KeyProvider
    public void flush() throws IOException {
        for (KMSClientProvider kMSClientProvider : this.providers) {
            try {
                kMSClientProvider.flush();
            } catch (IOException e) {
                LOG.error("Error flushing provider with url[" + kMSClientProvider.getKMSUrl() + DefaultExpressionEngine.DEFAULT_ATTRIBUTE_END);
            }
        }
    }

    private static KMSClientProvider[] shuffle(KMSClientProvider[] kMSClientProviderArr) {
        List asList = Arrays.asList(kMSClientProviderArr);
        Collections.shuffle(asList);
        return (KMSClientProvider[]) asList.toArray(kMSClientProviderArr);
    }
}
