package org.apache.hadoop.hdfs.server.balancer;

import java.io.Closeable;
import java.io.IOException;
import java.util.EnumSet;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hdfs.DFSConfigKeys;
import org.apache.hadoop.hdfs.protocol.ExtendedBlock;
import org.apache.hadoop.hdfs.protocol.datatransfer.sasl.DataEncryptionKeyFactory;
import org.apache.hadoop.hdfs.security.token.block.BlockTokenIdentifier;
import org.apache.hadoop.hdfs.security.token.block.BlockTokenSecretManager;
import org.apache.hadoop.hdfs.security.token.block.DataEncryptionKey;
import org.apache.hadoop.hdfs.security.token.block.ExportedBlockKeys;
import org.apache.hadoop.hdfs.server.protocol.NamenodeProtocol;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.util.Daemon;
import org.apache.hadoop.util.StringUtils;
import org.apache.hadoop.util.Timer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@InterfaceAudience.Private
/* loaded from: input_file:WEB-INF/lib/hadoop-hdfs-2.6.0-cdh5.14.98.jar:org/apache/hadoop/hdfs/server/balancer/KeyManager.class */
public class KeyManager implements Closeable, DataEncryptionKeyFactory {
    private static final Logger LOG = LoggerFactory.getLogger(KeyManager.class);
    private final NamenodeProtocol namenode;
    private final boolean isBlockTokenEnabled;
    private final boolean encryptDataTransfer;
    private boolean shouldRun;
    private final BlockTokenSecretManager blockTokenSecretManager;
    private final BlockKeyUpdater blockKeyUpdater;
    private DataEncryptionKey encryptionKey;
    private Timer timer = new Timer();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/hadoop-hdfs-2.6.0-cdh5.14.98.jar:org/apache/hadoop/hdfs/server/balancer/KeyManager$BlockKeyUpdater.class */
    public class BlockKeyUpdater implements Runnable, Closeable {
        private final Daemon daemon = new Daemon(this);
        private final long sleepInterval;

        BlockKeyUpdater(long j) {
            this.sleepInterval = j;
            KeyManager.LOG.info("Update block keys every " + StringUtils.formatTime(j));
        }

        @Override // java.lang.Runnable
        public void run() {
            while (KeyManager.this.shouldRun) {
                try {
                    try {
                        KeyManager.this.blockTokenSecretManager.addKeys(KeyManager.this.namenode.getBlockKeys());
                    } catch (IOException e) {
                        KeyManager.LOG.error("Failed to set keys", (Throwable) e);
                    }
                    Thread.sleep(this.sleepInterval);
                } catch (InterruptedException e2) {
                    KeyManager.LOG.debug("InterruptedException in block key updater thread", (Throwable) e2);
                    return;
                } catch (Throwable th) {
                    KeyManager.LOG.error("Exception in block key updater thread", th);
                    KeyManager.this.shouldRun = false;
                    return;
                }
            }
        }

        @Override // java.io.Closeable, java.lang.AutoCloseable
        public void close() throws IOException {
            try {
                this.daemon.interrupt();
            } catch (Exception e) {
                KeyManager.LOG.warn("Exception shutting down key updater thread", (Throwable) e);
            }
        }
    }

    public KeyManager(String str, NamenodeProtocol namenodeProtocol, boolean z, Configuration configuration) throws IOException {
        this.namenode = namenodeProtocol;
        this.encryptDataTransfer = z;
        ExportedBlockKeys blockKeys = namenodeProtocol.getBlockKeys();
        this.isBlockTokenEnabled = blockKeys.isBlockTokenEnabled();
        if (!this.isBlockTokenEnabled) {
            this.blockTokenSecretManager = null;
            this.blockKeyUpdater = null;
            return;
        }
        long keyUpdateInterval = blockKeys.getKeyUpdateInterval();
        long tokenLifetime = blockKeys.getTokenLifetime();
        LOG.info("Block token params received from NN: update interval=" + StringUtils.formatTime(keyUpdateInterval) + ", token lifetime=" + StringUtils.formatTime(tokenLifetime));
        this.blockTokenSecretManager = new BlockTokenSecretManager(keyUpdateInterval, tokenLifetime, str, configuration.get(DFSConfigKeys.DFS_DATA_ENCRYPTION_ALGORITHM_KEY));
        this.blockTokenSecretManager.addKeys(blockKeys);
        this.blockKeyUpdater = new BlockKeyUpdater(keyUpdateInterval / 4);
        this.shouldRun = true;
    }

    public void startBlockKeyUpdater() {
        if (this.blockKeyUpdater != null) {
            this.blockKeyUpdater.daemon.start();
        }
    }

    public Token<BlockTokenIdentifier> getAccessToken(ExtendedBlock extendedBlock) throws IOException {
        if (!this.isBlockTokenEnabled) {
            return BlockTokenSecretManager.DUMMY_TOKEN;
        }
        if (this.shouldRun) {
            return this.blockTokenSecretManager.generateToken(null, extendedBlock, EnumSet.of(BlockTokenSecretManager.AccessMode.REPLACE, BlockTokenSecretManager.AccessMode.COPY));
        }
        throw new IOException("Cannot get access token since BlockKeyUpdater is not running");
    }

    @Override // org.apache.hadoop.hdfs.protocol.datatransfer.sasl.DataEncryptionKeyFactory
    public DataEncryptionKey newDataEncryptionKey() {
        DataEncryptionKey dataEncryptionKey;
        if (!this.encryptDataTransfer) {
            return null;
        }
        synchronized (this) {
            if (this.encryptionKey == null || this.encryptionKey.expiryDate < this.timer.now()) {
                LOG.debug("Generating new data encryption key because current key " + (this.encryptionKey == null ? "is null." : "expired on " + this.encryptionKey.expiryDate));
                this.encryptionKey = this.blockTokenSecretManager.generateDataEncryptionKey();
            }
            dataEncryptionKey = this.encryptionKey;
        }
        return dataEncryptionKey;
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() {
        this.shouldRun = false;
        try {
            if (this.blockKeyUpdater != null) {
                this.blockKeyUpdater.daemon.interrupt();
            }
        } catch (Exception e) {
            LOG.warn("Exception shutting down access key updater thread", (Throwable) e);
        }
    }
}
