package org.apache.hadoop.yarn.server.security;

import java.nio.ByteBuffer;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import javax.crypto.SecretKey;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.token.SecretManager;
import org.apache.hadoop.yarn.api.records.ContainerId;
import org.apache.hadoop.yarn.api.records.ContainerToken;
import org.apache.hadoop.yarn.api.records.NodeId;
import org.apache.hadoop.yarn.api.records.Resource;
import org.apache.hadoop.yarn.security.ContainerTokenIdentifier;
import org.apache.hadoop.yarn.util.BuilderUtils;

/* loaded from: input_file:org/apache/hadoop/yarn/server/security/ContainerTokenSecretManager.class */
public class ContainerTokenSecretManager extends SecretManager<ContainerTokenIdentifier> {
    private static Log LOG = LogFactory.getLog(ContainerTokenSecretManager.class);
    Map<String, SecretKey> secretkeys = new ConcurrentHashMap();
    private final long containerTokenExpiryInterval;

    public ContainerTokenSecretManager(Configuration configuration) {
        this.containerTokenExpiryInterval = configuration.getInt("yarn.resourcemanager.rm.container-allocation.expiry-interval-ms", 600000);
    }

    public ContainerToken createContainerToken(ContainerId containerId, NodeId nodeId, Resource resource) {
        try {
            ContainerTokenIdentifier containerTokenIdentifier = new ContainerTokenIdentifier(containerId, nodeId.toString(), resource, System.currentTimeMillis() + this.containerTokenExpiryInterval);
            return BuilderUtils.newContainerToken(nodeId, ByteBuffer.wrap(createPassword(containerTokenIdentifier)), containerTokenIdentifier);
        } catch (IllegalArgumentException e) {
            LOG.error("Error trying to create new container", e);
            return null;
        }
    }

    public SecretKey createAndGetSecretKey(CharSequence charSequence) {
        String obj = charSequence.toString();
        if (!this.secretkeys.containsKey(obj)) {
            LOG.debug("Creating secretKey for NM " + obj);
            this.secretkeys.put(obj, createSecretKey("mySecretKey".getBytes()));
        }
        return this.secretkeys.get(obj);
    }

    public void setSecretKey(CharSequence charSequence, byte[] bArr) {
        this.secretkeys.put(charSequence.toString(), createSecretKey(bArr));
    }

    public byte[] createPassword(ContainerTokenIdentifier containerTokenIdentifier) {
        LOG.debug("Creating password for " + containerTokenIdentifier.getContainerID() + " to be run on NM " + containerTokenIdentifier.getNmHostAddress() + " " + this.secretkeys.get(containerTokenIdentifier.getNmHostAddress()));
        return createPassword(containerTokenIdentifier.getBytes(), this.secretkeys.get(containerTokenIdentifier.getNmHostAddress()));
    }

    public byte[] retrievePassword(ContainerTokenIdentifier containerTokenIdentifier) throws SecretManager.InvalidToken {
        LOG.debug("Retrieving password for " + containerTokenIdentifier.getContainerID() + " to be run on NM " + containerTokenIdentifier.getNmHostAddress());
        return createPassword(containerTokenIdentifier.getBytes(), this.secretkeys.get(containerTokenIdentifier.getNmHostAddress()));
    }

    /* renamed from: createIdentifier, reason: merged with bridge method [inline-methods] */
    public ContainerTokenIdentifier m225createIdentifier() {
        return new ContainerTokenIdentifier();
    }
}
