package org.apache.hadoop.crypto.key.kms;

import com.google.common.annotations.VisibleForTesting;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.concurrent.atomic.AtomicInteger;
import org.apache.commons.configuration.tree.DefaultExpressionEngine;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.crypto.key.KeyProvider;
import org.apache.hadoop.crypto.key.KeyProviderCryptoExtension;
import org.apache.hadoop.crypto.key.KeyProviderDelegationTokenExtension;
import org.apache.hadoop.security.Credentials;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.util.Time;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX WARN: Classes with same name are omitted:
  input_file:classes/org/apache/hadoop/crypto/key/kms/LoadBalancingKMSClientProvider.class
  input_file:hadoop-common-2.7.5.1.jar:org/apache/hadoop/crypto/key/kms/LoadBalancingKMSClientProvider.class
 */
/* loaded from: input_file:hadoop-common-2.7.5.1/share/hadoop/common/hadoop-common-2.7.5.1.jar:org/apache/hadoop/crypto/key/kms/LoadBalancingKMSClientProvider.class */
public class LoadBalancingKMSClientProvider extends KeyProvider implements KeyProviderCryptoExtension.CryptoExtension, KeyProviderDelegationTokenExtension.DelegationTokenExtension {
    public static Logger LOG = LoggerFactory.getLogger((Class<?>) LoadBalancingKMSClientProvider.class);
    private final KMSClientProvider[] providers;
    private final AtomicInteger currentIdx;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:classes/org/apache/hadoop/crypto/key/kms/LoadBalancingKMSClientProvider$ProviderCallable.class
      input_file:hadoop-common-2.7.5.1.jar:org/apache/hadoop/crypto/key/kms/LoadBalancingKMSClientProvider$ProviderCallable.class
     */
    /* loaded from: input_file:hadoop-common-2.7.5.1/share/hadoop/common/hadoop-common-2.7.5.1.jar:org/apache/hadoop/crypto/key/kms/LoadBalancingKMSClientProvider$ProviderCallable.class */
    public interface ProviderCallable<T> {
        T call(KMSClientProvider kMSClientProvider) throws IOException, Exception;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Classes with same name are omitted:
      input_file:classes/org/apache/hadoop/crypto/key/kms/LoadBalancingKMSClientProvider$WrapperException.class
      input_file:hadoop-common-2.7.5.1.jar:org/apache/hadoop/crypto/key/kms/LoadBalancingKMSClientProvider$WrapperException.class
     */
    /* loaded from: input_file:hadoop-common-2.7.5.1/share/hadoop/common/hadoop-common-2.7.5.1.jar:org/apache/hadoop/crypto/key/kms/LoadBalancingKMSClientProvider$WrapperException.class */
    public static class WrapperException extends RuntimeException {
        public WrapperException(Throwable th) {
            super(th);
        }
    }

    public LoadBalancingKMSClientProvider(KMSClientProvider[] kMSClientProviderArr, Configuration configuration) {
        this(shuffle(kMSClientProviderArr), Time.monotonicNow(), configuration);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    public LoadBalancingKMSClientProvider(KMSClientProvider[] kMSClientProviderArr, long j, Configuration configuration) {
        super(configuration);
        this.providers = kMSClientProviderArr;
        this.currentIdx = new AtomicInteger((int) (j % kMSClientProviderArr.length));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    public KMSClientProvider[] getProviders() {
        return this.providers;
    }

    private <T> T doOp(ProviderCallable<T> providerCallable, int i) throws IOException {
        IOException iOException = null;
        for (int i2 = 0; i2 < this.providers.length; i2++) {
            KMSClientProvider kMSClientProvider = this.providers[(i + i2) % this.providers.length];
            try {
                return providerCallable.call(kMSClientProvider);
            } catch (IOException e) {
                LOG.warn("KMS provider at [{}] threw an IOException [{}]!!", kMSClientProvider.getKMSUrl(), e.getMessage());
                iOException = e;
            } catch (Exception e2) {
                if (e2 instanceof RuntimeException) {
                    throw ((RuntimeException) e2);
                }
                throw new WrapperException(e2);
            }
        }
        if (iOException == null) {
            throw new IOException("No providers configured !!");
        }
        LOG.warn("Aborting since the Request has failed with all KMS providers in the group. !!");
        throw iOException;
    }

    private int nextIdx() {
        int i;
        do {
            i = this.currentIdx.get();
        } while (!this.currentIdx.compareAndSet(i, (i + 1) % this.providers.length));
        return i;
    }

    @Override // org.apache.hadoop.crypto.key.KeyProviderDelegationTokenExtension.DelegationTokenExtension
    public Token<?>[] addDelegationTokens(final String str, final Credentials credentials) throws IOException {
        return (Token[]) doOp(new ProviderCallable<Token<?>[]>() { // from class: org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.ProviderCallable
            public Token<?>[] call(KMSClientProvider kMSClientProvider) throws IOException {
                return kMSClientProvider.addDelegationTokens(str, credentials);
            }
        }, nextIdx());
    }

    @Override // org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.CryptoExtension
    public void warmUpEncryptedKeys(String... strArr) throws IOException {
        for (KMSClientProvider kMSClientProvider : this.providers) {
            try {
                kMSClientProvider.warmUpEncryptedKeys(strArr);
            } catch (IOException e) {
                LOG.error("Error warming up keys for provider with url[" + kMSClientProvider.getKMSUrl() + DefaultExpressionEngine.DEFAULT_ATTRIBUTE_END);
            }
        }
    }

    @Override // org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.CryptoExtension
    public void drain(String str) {
        for (KMSClientProvider kMSClientProvider : this.providers) {
            kMSClientProvider.drain(str);
        }
    }

    @Override // org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.CryptoExtension
    public KeyProviderCryptoExtension.EncryptedKeyVersion generateEncryptedKey(final String str) throws IOException, GeneralSecurityException {
        try {
            return (KeyProviderCryptoExtension.EncryptedKeyVersion) doOp(new ProviderCallable<KeyProviderCryptoExtension.EncryptedKeyVersion>() { // from class: org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.2
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.ProviderCallable
                public KeyProviderCryptoExtension.EncryptedKeyVersion call(KMSClientProvider kMSClientProvider) throws IOException, GeneralSecurityException {
                    return kMSClientProvider.generateEncryptedKey(str);
                }
            }, nextIdx());
        } catch (WrapperException e) {
            throw ((GeneralSecurityException) e.getCause());
        }
    }

    @Override // org.apache.hadoop.crypto.key.KeyProviderCryptoExtension.CryptoExtension
    public KeyProvider.KeyVersion decryptEncryptedKey(final KeyProviderCryptoExtension.EncryptedKeyVersion encryptedKeyVersion) throws IOException, GeneralSecurityException {
        try {
            return (KeyProvider.KeyVersion) doOp(new ProviderCallable<KeyProvider.KeyVersion>() { // from class: org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.3
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.ProviderCallable
                public KeyProvider.KeyVersion call(KMSClientProvider kMSClientProvider) throws IOException, GeneralSecurityException {
                    return kMSClientProvider.decryptEncryptedKey(encryptedKeyVersion);
                }
            }, nextIdx());
        } catch (WrapperException e) {
            throw ((GeneralSecurityException) e.getCause());
        }
    }

    @Override // org.apache.hadoop.crypto.key.KeyProvider
    public KeyProvider.KeyVersion getKeyVersion(final String str) throws IOException {
        return (KeyProvider.KeyVersion) doOp(new ProviderCallable<KeyProvider.KeyVersion>() { // from class: org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.4
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.ProviderCallable
            public KeyProvider.KeyVersion call(KMSClientProvider kMSClientProvider) throws IOException {
                return kMSClientProvider.getKeyVersion(str);
            }
        }, nextIdx());
    }

    @Override // org.apache.hadoop.crypto.key.KeyProvider
    public List<String> getKeys() throws IOException {
        return (List) doOp(new ProviderCallable<List<String>>() { // from class: org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.5
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.ProviderCallable
            public List<String> call(KMSClientProvider kMSClientProvider) throws IOException {
                return kMSClientProvider.getKeys();
            }
        }, nextIdx());
    }

    @Override // org.apache.hadoop.crypto.key.KeyProvider
    public KeyProvider.Metadata[] getKeysMetadata(final String... strArr) throws IOException {
        return (KeyProvider.Metadata[]) doOp(new ProviderCallable<KeyProvider.Metadata[]>() { // from class: org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.6
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.ProviderCallable
            public KeyProvider.Metadata[] call(KMSClientProvider kMSClientProvider) throws IOException {
                return kMSClientProvider.getKeysMetadata(strArr);
            }
        }, nextIdx());
    }

    @Override // org.apache.hadoop.crypto.key.KeyProvider
    public List<KeyProvider.KeyVersion> getKeyVersions(final String str) throws IOException {
        return (List) doOp(new ProviderCallable<List<KeyProvider.KeyVersion>>() { // from class: org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.7
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.ProviderCallable
            public List<KeyProvider.KeyVersion> call(KMSClientProvider kMSClientProvider) throws IOException {
                return kMSClientProvider.getKeyVersions(str);
            }
        }, nextIdx());
    }

    @Override // org.apache.hadoop.crypto.key.KeyProvider
    public KeyProvider.KeyVersion getCurrentKey(final String str) throws IOException {
        return (KeyProvider.KeyVersion) doOp(new ProviderCallable<KeyProvider.KeyVersion>() { // from class: org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.8
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.ProviderCallable
            public KeyProvider.KeyVersion call(KMSClientProvider kMSClientProvider) throws IOException {
                return kMSClientProvider.getCurrentKey(str);
            }
        }, nextIdx());
    }

    @Override // org.apache.hadoop.crypto.key.KeyProvider
    public KeyProvider.Metadata getMetadata(final String str) throws IOException {
        return (KeyProvider.Metadata) doOp(new ProviderCallable<KeyProvider.Metadata>() { // from class: org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.9
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.ProviderCallable
            public KeyProvider.Metadata call(KMSClientProvider kMSClientProvider) throws IOException {
                return kMSClientProvider.getMetadata(str);
            }
        }, nextIdx());
    }

    @Override // org.apache.hadoop.crypto.key.KeyProvider
    public KeyProvider.KeyVersion createKey(final String str, final byte[] bArr, final KeyProvider.Options options) throws IOException {
        return (KeyProvider.KeyVersion) doOp(new ProviderCallable<KeyProvider.KeyVersion>() { // from class: org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.10
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.ProviderCallable
            public KeyProvider.KeyVersion call(KMSClientProvider kMSClientProvider) throws IOException {
                return kMSClientProvider.createKey(str, bArr, options);
            }
        }, nextIdx());
    }

    @Override // org.apache.hadoop.crypto.key.KeyProvider
    public KeyProvider.KeyVersion createKey(final String str, final KeyProvider.Options options) throws NoSuchAlgorithmException, IOException {
        try {
            return (KeyProvider.KeyVersion) doOp(new ProviderCallable<KeyProvider.KeyVersion>() { // from class: org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.11
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.ProviderCallable
                public KeyProvider.KeyVersion call(KMSClientProvider kMSClientProvider) throws IOException, NoSuchAlgorithmException {
                    return kMSClientProvider.createKey(str, options);
                }
            }, nextIdx());
        } catch (WrapperException e) {
            throw ((NoSuchAlgorithmException) e.getCause());
        }
    }

    @Override // org.apache.hadoop.crypto.key.KeyProvider
    public void deleteKey(final String str) throws IOException {
        doOp(new ProviderCallable<Void>() { // from class: org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.12
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.ProviderCallable
            public Void call(KMSClientProvider kMSClientProvider) throws IOException {
                kMSClientProvider.deleteKey(str);
                return null;
            }
        }, nextIdx());
    }

    @Override // org.apache.hadoop.crypto.key.KeyProvider
    public KeyProvider.KeyVersion rollNewVersion(final String str, final byte[] bArr) throws IOException {
        return (KeyProvider.KeyVersion) doOp(new ProviderCallable<KeyProvider.KeyVersion>() { // from class: org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.13
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.ProviderCallable
            public KeyProvider.KeyVersion call(KMSClientProvider kMSClientProvider) throws IOException {
                return kMSClientProvider.rollNewVersion(str, bArr);
            }
        }, nextIdx());
    }

    @Override // org.apache.hadoop.crypto.key.KeyProvider
    public KeyProvider.KeyVersion rollNewVersion(final String str) throws NoSuchAlgorithmException, IOException {
        try {
            return (KeyProvider.KeyVersion) doOp(new ProviderCallable<KeyProvider.KeyVersion>() { // from class: org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.14
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // org.apache.hadoop.crypto.key.kms.LoadBalancingKMSClientProvider.ProviderCallable
                public KeyProvider.KeyVersion call(KMSClientProvider kMSClientProvider) throws IOException, NoSuchAlgorithmException {
                    return kMSClientProvider.rollNewVersion(str);
                }
            }, nextIdx());
        } catch (WrapperException e) {
            throw ((NoSuchAlgorithmException) e.getCause());
        }
    }

    @Override // org.apache.hadoop.crypto.key.KeyProvider
    public void close() throws IOException {
        for (KMSClientProvider kMSClientProvider : this.providers) {
            try {
                kMSClientProvider.close();
            } catch (IOException e) {
                LOG.error("Error closing provider with url[" + kMSClientProvider.getKMSUrl() + DefaultExpressionEngine.DEFAULT_ATTRIBUTE_END);
            }
        }
    }

    @Override // org.apache.hadoop.crypto.key.KeyProvider
    public void flush() throws IOException {
        for (KMSClientProvider kMSClientProvider : this.providers) {
            try {
                kMSClientProvider.flush();
            } catch (IOException e) {
                LOG.error("Error flushing provider with url[" + kMSClientProvider.getKMSUrl() + DefaultExpressionEngine.DEFAULT_ATTRIBUTE_END);
            }
        }
    }

    private static KMSClientProvider[] shuffle(KMSClientProvider[] kMSClientProviderArr) {
        List asList = Arrays.asList(kMSClientProviderArr);
        Collections.shuffle(asList);
        return (KMSClientProvider[]) asList.toArray(kMSClientProviderArr);
    }
}
