package org.apache.hadoop.hdfs.server.namenode;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import com.google.common.collect.Lists;
import com.google.common.util.concurrent.ThreadFactoryBuilder;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.EnumSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.NavigableMap;
import java.util.TreeMap;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.ThreadFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.crypto.CipherSuite;
import org.apache.hadoop.crypto.CryptoProtocolVersion;
import org.apache.hadoop.crypto.key.KeyProviderCryptoExtension;
import org.apache.hadoop.fs.BatchedRemoteIterator;
import org.apache.hadoop.fs.UnresolvedLinkException;
import org.apache.hadoop.fs.XAttr;
import org.apache.hadoop.fs.XAttrSetFlag;
import org.apache.hadoop.hdfs.DFSConfigKeys;
import org.apache.hadoop.hdfs.XAttrHelper;
import org.apache.hadoop.hdfs.protocol.EncryptionZone;
import org.apache.hadoop.hdfs.protocol.ReencryptionStatus;
import org.apache.hadoop.hdfs.protocol.SnapshotAccessControlException;
import org.apache.hadoop.hdfs.protocol.ZoneReencryptionStatus;
import org.apache.hadoop.hdfs.protocolPB.PBHelper;
import org.apache.hadoop.hdfs.server.common.HdfsServerConstants;
import org.apache.hadoop.security.AccessControlException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/hadoop-hdfs-2.6.0-cdh5.16.3-SNAPSHOT.jar:org/apache/hadoop/hdfs/server/namenode/EncryptionZoneManager.class */
public class EncryptionZoneManager {
    public static final Logger LOG;
    private TreeMap<Long, EncryptionZoneInt> encryptionZones = null;
    private final FSDirectory dir;
    private final int maxListEncryptionZonesResponses;
    private final int maxListRecncryptionStatusResponses;
    private ThreadFactory reencryptionThreadFactory;
    private ExecutorService reencryptHandlerExecutor;
    private ReencryptionHandler reencryptionHandler;
    private final ReencryptionStatus reencryptionStatus;
    public static final BatchedRemoteIterator.BatchedListEntries<ZoneReencryptionStatus> EMPTY_LIST;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/hadoop-hdfs-2.6.0-cdh5.16.3-SNAPSHOT.jar:org/apache/hadoop/hdfs/server/namenode/EncryptionZoneManager$EncryptionZoneInt.class */
    public static class EncryptionZoneInt {
        private final long inodeId;
        private final CipherSuite suite;
        private final CryptoProtocolVersion version;
        private final String keyName;

        EncryptionZoneInt(long j, CipherSuite cipherSuite, CryptoProtocolVersion cryptoProtocolVersion, String str) {
            Preconditions.checkArgument(cipherSuite != CipherSuite.UNKNOWN);
            Preconditions.checkArgument(cryptoProtocolVersion != CryptoProtocolVersion.UNKNOWN);
            this.inodeId = j;
            this.suite = cipherSuite;
            this.version = cryptoProtocolVersion;
            this.keyName = str;
        }

        long getINodeId() {
            return this.inodeId;
        }

        CipherSuite getSuite() {
            return this.suite;
        }

        CryptoProtocolVersion getVersion() {
            return this.version;
        }

        String getKeyName() {
            return this.keyName;
        }
    }

    @VisibleForTesting
    public void pauseReencryptForTesting() {
        this.reencryptionHandler.pauseForTesting();
    }

    @VisibleForTesting
    public void resumeReencryptForTesting() {
        this.reencryptionHandler.resumeForTesting();
    }

    @VisibleForTesting
    public void pauseForTestingAfterNthSubmission(int i) {
        this.reencryptionHandler.pauseForTestingAfterNthSubmission(i);
    }

    @VisibleForTesting
    public void pauseReencryptUpdaterForTesting() {
        this.reencryptionHandler.pauseUpdaterForTesting();
    }

    @VisibleForTesting
    public void resumeReencryptUpdaterForTesting() {
        this.reencryptionHandler.resumeUpdaterForTesting();
    }

    @VisibleForTesting
    public void pauseForTestingAfterNthCheckpoint(String str, int i) throws IOException {
        this.dir.readLock();
        try {
            INodesInPath iNodesInPath = this.dir.getINodesInPath(str, false);
            this.dir.readUnlock();
            this.reencryptionHandler.pauseForTestingAfterNthCheckpoint(iNodesInPath.getLastINode().getId(), i);
        } catch (Throwable th) {
            this.dir.readUnlock();
            throw th;
        }
    }

    @VisibleForTesting
    public void resetMetricsForTesting() {
        this.reencryptionStatus.resetMetrics();
    }

    @VisibleForTesting
    public ReencryptionStatus getReencryptionStatus() {
        return this.reencryptionStatus;
    }

    @VisibleForTesting
    public ZoneReencryptionStatus getZoneStatus(String str) throws IOException {
        this.dir.getPermissionChecker();
        this.dir.getFSNamesystem().readLock();
        this.dir.readLock();
        try {
            INode lastINode = this.dir.getINodesInPath(str, true).getLastINode();
            if (lastINode == null) {
                return null;
            }
            ZoneReencryptionStatus zoneStatus = getReencryptionStatus().getZoneStatus(Long.valueOf(lastINode.getId()));
            this.dir.readUnlock();
            this.dir.getFSNamesystem().readUnlock();
            return zoneStatus;
        } finally {
            this.dir.readUnlock();
            this.dir.getFSNamesystem().readUnlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public FSDirectory getFSDirectory() {
        return this.dir;
    }

    public EncryptionZoneManager(FSDirectory fSDirectory, Configuration configuration) {
        this.dir = fSDirectory;
        this.maxListEncryptionZonesResponses = configuration.getInt(DFSConfigKeys.DFS_NAMENODE_LIST_ENCRYPTION_ZONES_NUM_RESPONSES, 100);
        Preconditions.checkArgument(this.maxListEncryptionZonesResponses >= 0, "dfs.namenode.list.encryption.zones.num.responses must be a positive integer.");
        if (getProvider() != null) {
            this.reencryptionHandler = new ReencryptionHandler(this, configuration);
            this.reencryptionThreadFactory = new ThreadFactoryBuilder().setDaemon(true).setNameFormat("reencryptionHandlerThread #%d").build();
        }
        this.maxListRecncryptionStatusResponses = configuration.getInt(DFSConfigKeys.DFS_NAMENODE_LIST_REENCRYPTION_STATUS_NUM_RESPONSES_KEY, 100);
        Preconditions.checkArgument(this.maxListRecncryptionStatusResponses >= 0, "dfs.namenode.list.reencryption.status.num.responses must be a positive integer.");
        this.reencryptionStatus = new ReencryptionStatus();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public KeyProviderCryptoExtension getProvider() {
        return this.dir.getProvider();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void startReencryptThreads() {
        if (getProvider() == null) {
            return;
        }
        Preconditions.checkNotNull(this.reencryptionHandler);
        this.reencryptHandlerExecutor = Executors.newSingleThreadExecutor(this.reencryptionThreadFactory);
        this.reencryptHandlerExecutor.execute(this.reencryptionHandler);
        this.reencryptionHandler.startUpdaterThread();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void stopReencryptThread() {
        if (getProvider() == null || this.reencryptionHandler == null) {
            return;
        }
        this.dir.writeLock();
        try {
            this.reencryptionHandler.stopThreads();
            this.dir.writeUnlock();
            if (this.reencryptHandlerExecutor != null) {
                this.reencryptHandlerExecutor.shutdownNow();
                this.reencryptHandlerExecutor = null;
            }
        } catch (Throwable th) {
            this.dir.writeUnlock();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void addEncryptionZone(Long l, CipherSuite cipherSuite, CryptoProtocolVersion cryptoProtocolVersion, String str) {
        if (!$assertionsDisabled && !this.dir.hasWriteLock()) {
            throw new AssertionError();
        }
        unprotectedAddEncryptionZone(l, cipherSuite, cryptoProtocolVersion, str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void unprotectedAddEncryptionZone(Long l, CipherSuite cipherSuite, CryptoProtocolVersion cryptoProtocolVersion, String str) {
        EncryptionZoneInt encryptionZoneInt = new EncryptionZoneInt(l.longValue(), cipherSuite, cryptoProtocolVersion, str);
        if (this.encryptionZones == null) {
            this.encryptionZones = new TreeMap<>();
        }
        this.encryptionZones.put(l, encryptionZoneInt);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void removeEncryptionZone(Long l) {
        if (!$assertionsDisabled && !this.dir.hasWriteLock()) {
            throw new AssertionError();
        }
        if (!hasCreatedEncryptionZone() || this.encryptionZones.remove(l) == null || !getReencryptionStatus().hasRunningZone(l) || this.reencryptionHandler == null) {
            return;
        }
        this.reencryptionHandler.removeZone(l.longValue());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isInAnEZ(INodesInPath iNodesInPath) throws UnresolvedLinkException, SnapshotAccessControlException {
        if ($assertionsDisabled || this.dir.hasReadLock()) {
            return getEncryptionZoneForPath(iNodesInPath) != null;
        }
        throw new AssertionError();
    }

    String getFullPathName(Long l) {
        if (!$assertionsDisabled && !this.dir.hasReadLock()) {
            throw new AssertionError();
        }
        INode inode = this.dir.getInode(l.longValue());
        if (inode == null) {
            return null;
        }
        return inode.getFullPathName();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getKeyName(INodesInPath iNodesInPath) {
        if (!$assertionsDisabled && !this.dir.hasReadLock()) {
            throw new AssertionError();
        }
        EncryptionZoneInt encryptionZoneForPath = getEncryptionZoneForPath(iNodesInPath);
        if (encryptionZoneForPath == null) {
            return null;
        }
        return encryptionZoneForPath.getKeyName();
    }

    private EncryptionZoneInt getEncryptionZoneForPath(INodesInPath iNodesInPath) {
        EncryptionZoneInt encryptionZoneInt;
        if (!$assertionsDisabled && !this.dir.hasReadLock()) {
            throw new AssertionError();
        }
        Preconditions.checkNotNull(iNodesInPath);
        iNodesInPath.getINodes();
        if (!hasCreatedEncryptionZone()) {
            return null;
        }
        for (int length = iNodesInPath.length() - 1; length >= 0; length--) {
            INode iNode = iNodesInPath.getINode(length);
            if (iNode != null && (encryptionZoneInt = this.encryptionZones.get(Long.valueOf(iNode.getId()))) != null) {
                return encryptionZoneInt;
            }
        }
        return null;
    }

    private EncryptionZoneInt getParentEncryptionZoneForPath(INodesInPath iNodesInPath) {
        EncryptionZoneInt encryptionZoneInt;
        if (!$assertionsDisabled && !this.dir.hasReadLock()) {
            throw new AssertionError();
        }
        Preconditions.checkNotNull(iNodesInPath);
        List unmodifiableList = Collections.unmodifiableList(Arrays.asList(iNodesInPath.getINodes()));
        if (!hasCreatedEncryptionZone()) {
            return null;
        }
        for (int size = unmodifiableList.size() - 2; size >= 0; size--) {
            INode iNode = (INode) unmodifiableList.get(size);
            if (iNode != null && (encryptionZoneInt = this.encryptionZones.get(Long.valueOf(iNode.getId()))) != null) {
                return encryptionZoneInt;
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public EncryptionZone getEZINodeForPath(INodesInPath iNodesInPath) {
        EncryptionZoneInt encryptionZoneForPath = getEncryptionZoneForPath(iNodesInPath);
        if (encryptionZoneForPath == null) {
            return null;
        }
        return new EncryptionZone(encryptionZoneForPath.getINodeId(), getFullPathName(Long.valueOf(encryptionZoneForPath.getINodeId())), encryptionZoneForPath.getSuite(), encryptionZoneForPath.getVersion(), encryptionZoneForPath.getKeyName());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkMoveValidity(INodesInPath iNodesInPath, INodesInPath iNodesInPath2, String str) throws IOException {
        if (!$assertionsDisabled && !this.dir.hasReadLock()) {
            throw new AssertionError();
        }
        EncryptionZoneInt parentEncryptionZoneForPath = getParentEncryptionZoneForPath(iNodesInPath);
        EncryptionZoneInt parentEncryptionZoneForPath2 = getParentEncryptionZoneForPath(iNodesInPath2);
        boolean z = parentEncryptionZoneForPath != null;
        boolean z2 = parentEncryptionZoneForPath2 != null;
        if (z && !z2) {
            throw new IOException(str + " can't be moved from an encryption zone.");
        }
        if (z2 && !z) {
            throw new IOException(str + " can't be moved into an encryption zone.");
        }
        if (!z) {
            if (z2) {
                checkMoveValidityForReencryption(iNodesInPath2.getPath(), parentEncryptionZoneForPath2.getINodeId());
            }
        } else {
            if (parentEncryptionZoneForPath == parentEncryptionZoneForPath2) {
                checkMoveValidityForReencryption(iNodesInPath.getPath(), parentEncryptionZoneForPath.getINodeId());
                return;
            }
            throw new IOException(str + " can't be moved from encryption zone " + getFullPathName(Long.valueOf(parentEncryptionZoneForPath.getINodeId())) + " to encryption zone " + getFullPathName(Long.valueOf(parentEncryptionZoneForPath2.getINodeId())) + ".");
        }
    }

    private void checkMoveValidityForReencryption(String str, long j) throws IOException {
        if (!$assertionsDisabled && !this.dir.hasReadLock()) {
            throw new AssertionError();
        }
        ZoneReencryptionStatus zoneStatus = this.reencryptionStatus.getZoneStatus(Long.valueOf(j));
        if (zoneStatus == null || zoneStatus.getState() == ZoneReencryptionStatus.State.Completed) {
            return;
        }
        throw new IOException(str + " can't be moved because encryption zone " + getFullPathName(Long.valueOf(j)) + " is currently under re-encryption");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public XAttr createEncryptionZone(String str, CipherSuite cipherSuite, CryptoProtocolVersion cryptoProtocolVersion, String str2) throws IOException {
        if (!$assertionsDisabled && !this.dir.hasWriteLock()) {
            throw new AssertionError();
        }
        INodesInPath iNodesInPath4Write = this.dir.getINodesInPath4Write(str, false);
        if (iNodesInPath4Write == null || iNodesInPath4Write.getLastINode() == null) {
            throw new FileNotFoundException("cannot find " + str);
        }
        if (this.dir.isNonEmptyDirectory(str)) {
            throw new IOException("Attempt to create an encryption zone for a non-empty directory.");
        }
        INode lastINode = iNodesInPath4Write.getLastINode();
        if (!lastINode.isDirectory()) {
            throw new IOException("Attempt to create an encryption zone for a file.");
        }
        if (hasCreatedEncryptionZone() && this.encryptionZones.get(Long.valueOf(lastINode.getId())) != null) {
            throw new IOException("Directory " + str + " is already an encryption zone.");
        }
        XAttr buildXAttr = XAttrHelper.buildXAttr(HdfsServerConstants.CRYPTO_XATTR_ENCRYPTION_ZONE, PBHelper.convert(cipherSuite, cryptoProtocolVersion, str2).toByteArray());
        ArrayList newArrayListWithCapacity = Lists.newArrayListWithCapacity(1);
        newArrayListWithCapacity.add(buildXAttr);
        this.dir.unprotectedSetXAttrs(str, newArrayListWithCapacity, EnumSet.of(XAttrSetFlag.CREATE));
        return buildXAttr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public BatchedRemoteIterator.BatchedListEntries<EncryptionZone> listEncryptionZones(long j) throws IOException {
        if (!$assertionsDisabled && !this.dir.hasReadLock()) {
            throw new AssertionError();
        }
        if (!hasCreatedEncryptionZone()) {
            return new BatchedRemoteIterator.BatchedListEntries<>(Lists.newArrayList(), false);
        }
        NavigableMap<Long, EncryptionZoneInt> tailMap = this.encryptionZones.tailMap(Long.valueOf(j), false);
        int min = Math.min(this.maxListEncryptionZonesResponses, tailMap.size());
        ArrayList newArrayListWithExpectedSize = Lists.newArrayListWithExpectedSize(min);
        int i = 0;
        for (EncryptionZoneInt encryptionZoneInt : tailMap.values()) {
            String fullPathName = getFullPathName(Long.valueOf(encryptionZoneInt.getINodeId()));
            if (pathResolvesToId(encryptionZoneInt.getINodeId(), fullPathName)) {
                newArrayListWithExpectedSize.add(new EncryptionZone(encryptionZoneInt.getINodeId(), fullPathName, encryptionZoneInt.getSuite(), encryptionZoneInt.getVersion(), encryptionZoneInt.getKeyName()));
                i++;
                if (i >= min) {
                    break;
                }
            }
        }
        return new BatchedRemoteIterator.BatchedListEntries<>(newArrayListWithExpectedSize, min < tailMap.size());
    }

    private boolean pathResolvesToId(long j, String str) throws UnresolvedLinkException, AccessControlException {
        if (!$assertionsDisabled && !this.dir.hasReadLock()) {
            throw new AssertionError();
        }
        if (this.dir.getInode(j) == null) {
            return false;
        }
        INode iNode = null;
        if (INode.isValidAbsolutePath(str)) {
            iNode = this.dir.getINodesInPath(str, false).getLastINode();
        }
        return iNode != null && iNode.getId() == j;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<XAttr> reencryptEncryptionZone(INodesInPath iNodesInPath, String str) throws IOException {
        if (!$assertionsDisabled && !this.dir.hasWriteLock()) {
            throw new AssertionError();
        }
        if (this.reencryptionHandler == null) {
            throw new IOException("No key provider configured, re-encryption operation is rejected");
        }
        ArrayList newArrayListWithCapacity = Lists.newArrayListWithCapacity(1);
        INode lastINode = iNodesInPath.getLastINode();
        String path = iNodesInPath.getPath();
        checkEncryptionZoneRoot(lastINode, path);
        if (getReencryptionStatus().hasRunningZone(Long.valueOf(lastINode.getId()))) {
            throw new IOException("Zone " + path + " is already submitted for re-encryption.");
        }
        LOG.info("Zone {}({}) is submitted for re-encryption.", path, Long.valueOf(lastINode.getId()));
        newArrayListWithCapacity.add(this.dir.updateReencryptionSubmitted(iNodesInPath, str));
        this.reencryptionHandler.notifyNewSubmission();
        return newArrayListWithCapacity;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<XAttr> cancelReencryptEncryptionZone(INodesInPath iNodesInPath) throws IOException {
        if (!$assertionsDisabled && !this.dir.hasWriteLock()) {
            throw new AssertionError();
        }
        if (this.reencryptionHandler == null) {
            throw new IOException("No key provider configured, re-encryption operation is rejected");
        }
        long id = iNodesInPath.getLastINode().getId();
        String path = iNodesInPath.getPath();
        checkEncryptionZoneRoot(iNodesInPath.getLastINode(), path);
        this.reencryptionHandler.cancelZone(id, path);
        LOG.info("Cancelled zone {}({}) for re-encryption.", path, Long.valueOf(id));
        return this.dir.updateReencryptionFinish(iNodesInPath, this.reencryptionStatus.getZoneStatus(Long.valueOf(id)));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public BatchedRemoteIterator.BatchedListEntries<ZoneReencryptionStatus> listReencryptionStatus(long j) throws IOException {
        if (!$assertionsDisabled && !this.dir.hasReadLock()) {
            throw new AssertionError();
        }
        if (!hasCreatedEncryptionZone()) {
            return ReencryptionStatus.EMPTY_LIST;
        }
        NavigableMap<Long, ZoneReencryptionStatus> zoneStatuses = this.reencryptionStatus.getZoneStatuses();
        if (zoneStatuses.isEmpty()) {
            return EMPTY_LIST;
        }
        NavigableMap<Long, ZoneReencryptionStatus> tailMap = zoneStatuses.tailMap(Long.valueOf(j), false);
        int min = Math.min(this.maxListRecncryptionStatusResponses, tailMap.size());
        ArrayList newArrayListWithExpectedSize = Lists.newArrayListWithExpectedSize(min);
        int i = 0;
        for (ZoneReencryptionStatus zoneReencryptionStatus : tailMap.values()) {
            String fullPathName = getFullPathName(Long.valueOf(zoneReencryptionStatus.getId()));
            if (fullPathName != null && pathResolvesToId(zoneReencryptionStatus.getId(), fullPathName)) {
                zoneReencryptionStatus.setZoneName(fullPathName);
                newArrayListWithExpectedSize.add(zoneReencryptionStatus);
                i++;
                if (i >= min) {
                    break;
                }
            }
        }
        return new BatchedRemoteIterator.BatchedListEntries<>(newArrayListWithExpectedSize, min < tailMap.size());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isEncryptionZoneRoot(INode iNode, String str) throws FileNotFoundException {
        if (!$assertionsDisabled && !this.dir.hasReadLock()) {
            throw new AssertionError();
        }
        if (iNode == null) {
            throw new FileNotFoundException("INode does not exist for " + str);
        }
        return iNode.isDirectory() && hasCreatedEncryptionZone() && this.encryptionZones.containsKey(Long.valueOf(iNode.getId()));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkEncryptionZoneRoot(INode iNode, String str) throws IOException {
        if (!isEncryptionZoneRoot(iNode, str)) {
            throw new IOException("Path " + str + " is not the root of an encryption zone.");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String[] getKeyNames() {
        if (!$assertionsDisabled && !this.dir.hasReadLock()) {
            throw new AssertionError();
        }
        if (!hasCreatedEncryptionZone()) {
            return new String[0];
        }
        String[] strArr = new String[this.encryptionZones.size()];
        int i = 0;
        Iterator<Map.Entry<Long, EncryptionZoneInt>> it = this.encryptionZones.entrySet().iterator();
        while (it.hasNext()) {
            int i2 = i;
            i++;
            strArr[i2] = it.next().getValue().getKeyName();
        }
        return strArr;
    }

    public int getNumEncryptionZones() {
        if (hasCreatedEncryptionZone()) {
            return this.encryptionZones.size();
        }
        return 0;
    }

    public boolean hasCreatedEncryptionZone() {
        return this.encryptionZones != null;
    }

    static {
        $assertionsDisabled = !EncryptionZoneManager.class.desiredAssertionStatus();
        LOG = LoggerFactory.getLogger(EncryptionZoneManager.class);
        EMPTY_LIST = new BatchedRemoteIterator.BatchedListEntries<>(new ArrayList(), false);
    }
}
