package org.apache.hadoop.ozone.om;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.ObjectReader;
import com.fasterxml.jackson.databind.ObjectWriter;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Optional;
import com.google.common.base.Preconditions;
import com.google.protobuf.BlockingService;
import com.google.protobuf.ProtocolMessageEnum;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.nio.charset.StandardCharsets;
import java.nio.file.CopyOption;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.StandardCopyOption;
import java.nio.file.attribute.FileAttribute;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PrivilegedExceptionAction;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.Timer;
import java.util.TimerTask;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.TimeUnit;
import javax.management.ObjectName;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.conf.StorageUnit;
import org.apache.hadoop.crypto.key.KeyProvider;
import org.apache.hadoop.crypto.key.KeyProviderCryptoExtension;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.hdds.HddsUtils;
import org.apache.hadoop.hdds.annotation.InterfaceAudience;
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
import org.apache.hadoop.hdds.protocol.proto.HddsProtos;
import org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos;
import org.apache.hadoop.hdds.scm.ScmInfo;
import org.apache.hadoop.hdds.scm.client.HddsClientUtils;
import org.apache.hadoop.hdds.scm.container.common.helpers.ExcludeList;
import org.apache.hadoop.hdds.scm.protocol.ScmBlockLocationProtocol;
import org.apache.hadoop.hdds.scm.protocol.StorageContainerLocationProtocol;
import org.apache.hadoop.hdds.scm.protocolPB.ScmBlockLocationProtocolClientSideTranslatorPB;
import org.apache.hadoop.hdds.scm.protocolPB.ScmBlockLocationProtocolPB;
import org.apache.hadoop.hdds.scm.protocolPB.StorageContainerLocationProtocolClientSideTranslatorPB;
import org.apache.hadoop.hdds.scm.protocolPB.StorageContainerLocationProtocolPB;
import org.apache.hadoop.hdds.security.x509.SecurityConfig;
import org.apache.hadoop.hdds.security.x509.certificate.client.CertificateClient;
import org.apache.hadoop.hdds.security.x509.certificate.client.OMCertificateClient;
import org.apache.hadoop.hdds.security.x509.certificate.utils.CertificateCodec;
import org.apache.hadoop.hdds.security.x509.certificates.utils.CertificateSignRequest;
import org.apache.hadoop.hdds.server.ServerUtils;
import org.apache.hadoop.hdds.server.ServiceRuntimeInfoImpl;
import org.apache.hadoop.hdds.server.http.RatisDropwizardExports;
import org.apache.hadoop.hdds.tracing.TracingUtil;
import org.apache.hadoop.hdds.utils.HddsServerUtil;
import org.apache.hadoop.hdds.utils.ProtocolMessageMetrics;
import org.apache.hadoop.hdds.utils.RetriableTask;
import org.apache.hadoop.hdds.utils.db.BatchOperation;
import org.apache.hadoop.hdds.utils.db.DBCheckpoint;
import org.apache.hadoop.hdds.utils.db.DBUpdatesWrapper;
import org.apache.hadoop.hdds.utils.db.SequenceNumberNotFoundException;
import org.apache.hadoop.hdds.utils.db.cache.CacheKey;
import org.apache.hadoop.hdds.utils.db.cache.CacheValue;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.io.retry.RetryPolicies;
import org.apache.hadoop.ipc.Client;
import org.apache.hadoop.ipc.ProtobufRpcEngine;
import org.apache.hadoop.ipc.RPC;
import org.apache.hadoop.ipc.Server;
import org.apache.hadoop.metrics2.util.MBeans;
import org.apache.hadoop.net.NetUtils;
import org.apache.hadoop.ozone.OmUtils;
import org.apache.hadoop.ozone.OzoneAcl;
import org.apache.hadoop.ozone.OzoneSecurityUtil;
import org.apache.hadoop.ozone.audit.AuditAction;
import org.apache.hadoop.ozone.audit.AuditEventStatus;
import org.apache.hadoop.ozone.audit.AuditLogger;
import org.apache.hadoop.ozone.audit.AuditLoggerType;
import org.apache.hadoop.ozone.audit.AuditMessage;
import org.apache.hadoop.ozone.audit.Auditor;
import org.apache.hadoop.ozone.audit.OMAction;
import org.apache.hadoop.ozone.common.Storage;
import org.apache.hadoop.ozone.om.exceptions.OMException;
import org.apache.hadoop.ozone.om.ha.OMHANodeDetails;
import org.apache.hadoop.ozone.om.ha.OMNodeDetails;
import org.apache.hadoop.ozone.om.helpers.DBUpdates;
import org.apache.hadoop.ozone.om.helpers.OmBucketArgs;
import org.apache.hadoop.ozone.om.helpers.OmBucketInfo;
import org.apache.hadoop.ozone.om.helpers.OmDeleteKeys;
import org.apache.hadoop.ozone.om.helpers.OmKeyArgs;
import org.apache.hadoop.ozone.om.helpers.OmKeyInfo;
import org.apache.hadoop.ozone.om.helpers.OmKeyLocationInfo;
import org.apache.hadoop.ozone.om.helpers.OmMultipartCommitUploadPartInfo;
import org.apache.hadoop.ozone.om.helpers.OmMultipartInfo;
import org.apache.hadoop.ozone.om.helpers.OmMultipartUploadCompleteInfo;
import org.apache.hadoop.ozone.om.helpers.OmMultipartUploadCompleteList;
import org.apache.hadoop.ozone.om.helpers.OmMultipartUploadList;
import org.apache.hadoop.ozone.om.helpers.OmMultipartUploadListParts;
import org.apache.hadoop.ozone.om.helpers.OmRenameKeys;
import org.apache.hadoop.ozone.om.helpers.OmVolumeArgs;
import org.apache.hadoop.ozone.om.helpers.OpenKeySession;
import org.apache.hadoop.ozone.om.helpers.OzoneFileStatus;
import org.apache.hadoop.ozone.om.helpers.RepeatedOmKeyInfo;
import org.apache.hadoop.ozone.om.helpers.S3SecretValue;
import org.apache.hadoop.ozone.om.helpers.ServiceInfo;
import org.apache.hadoop.ozone.om.helpers.ServiceInfoEx;
import org.apache.hadoop.ozone.om.lock.OzoneManagerLock;
import org.apache.hadoop.ozone.om.protocol.OzoneManagerProtocol;
import org.apache.hadoop.ozone.om.protocolPB.OzoneManagerProtocolPB;
import org.apache.hadoop.ozone.om.ratis.OMRatisSnapshotInfo;
import org.apache.hadoop.ozone.om.ratis.OMTransactionInfo;
import org.apache.hadoop.ozone.om.ratis.OzoneManagerRatisServer;
import org.apache.hadoop.ozone.om.ratis.utils.OzoneManagerRatisUtils;
import org.apache.hadoop.ozone.om.request.OMClientRequest;
import org.apache.hadoop.ozone.om.snapshot.OzoneManagerSnapshotProvider;
import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos;
import org.apache.hadoop.ozone.protocolPB.OzoneManagerProtocolServerSideTranslatorPB;
import org.apache.hadoop.ozone.security.OzoneBlockTokenSecretManager;
import org.apache.hadoop.ozone.security.OzoneDelegationTokenSecretManager;
import org.apache.hadoop.ozone.security.OzoneSecurityException;
import org.apache.hadoop.ozone.security.OzoneTokenIdentifier;
import org.apache.hadoop.ozone.security.acl.IAccessAuthorizer;
import org.apache.hadoop.ozone.security.acl.OzoneAccessAuthorizer;
import org.apache.hadoop.ozone.security.acl.OzoneNativeAuthorizer;
import org.apache.hadoop.ozone.security.acl.OzoneObj;
import org.apache.hadoop.ozone.security.acl.OzoneObjInfo;
import org.apache.hadoop.ozone.security.acl.RequestContext;
import org.apache.hadoop.ozone.storage.proto.OzoneManagerStorageProtos;
import org.apache.hadoop.ozone.util.ExitManager;
import org.apache.hadoop.ozone.util.OzoneVersionInfo;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authentication.client.AuthenticationException;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.util.JvmPauseMonitor;
import org.apache.hadoop.util.KMSUtil;
import org.apache.hadoop.util.ReflectionUtils;
import org.apache.hadoop.util.ShutdownHookManager;
import org.apache.hadoop.util.Time;
import org.apache.ratis.proto.RaftProtos;
import org.apache.ratis.server.protocol.TermIndex;
import org.apache.ratis.util.ExitUtils;
import org.apache.ratis.util.FileUtils;
import org.apache.ratis.util.LifeCycle;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@InterfaceAudience.LimitedPrivate({"HDFS", "CBLOCK", "OZONE", "HBASE"})
/* loaded from: input_file:org/apache/hadoop/ozone/om/OzoneManager.class */
public final class OzoneManager extends ServiceRuntimeInfoImpl implements OzoneManagerProtocol, OMMXBean, Auditor {
    private static final String OM_DAEMON = "om";
    private OzoneDelegationTokenSecretManager delegationTokenMgr;
    private OzoneBlockTokenSecretManager blockTokenMgr;
    private CertificateClient certClient;
    private String caCertPem;
    private final Text omRpcAddressTxt;
    private final OzoneConfiguration configuration;
    private RPC.Server omRpcServer;
    private InetSocketAddress omRpcAddress;
    private String omId;
    private OMMetadataManager metadataManager;
    private VolumeManager volumeManager;
    private BucketManager bucketManager;
    private KeyManager keyManager;
    private PrefixManagerImpl prefixManager;
    private final OMMetrics metrics;
    private final ProtocolMessageMetrics<ProtocolMessageEnum> omClientProtocolMetrics;
    private OzoneManagerHttpServer httpServer;
    private final OMStorage omStorage;
    private final ScmBlockLocationProtocol scmBlockClient;
    private final StorageContainerLocationProtocol scmContainerClient;
    private ObjectName omInfoBeanName;
    private Timer metricsTimer;
    private ScheduleOMMetricsWriteTask scheduleOMMetricsWriteTask;
    private static final int SHUTDOWN_HOOK_PRIORITY = 30;
    private final Runnable shutdownHook;
    private final File omMetaDir;
    private final boolean isAclEnabled;
    private IAccessAuthorizer accessAuthorizer;
    private JvmPauseMonitor jvmPauseMonitor;
    private final SecurityConfig secConfig;
    private S3SecretManager s3SecretManager;
    private volatile boolean isOmRpcServerRunning;
    private String omComponent;
    private OzoneManagerProtocolServerSideTranslatorPB omServerProtocol;
    private boolean isRatisEnabled;
    private OzoneManagerRatisServer omRatisServer;
    private OzoneManagerSnapshotProvider omSnapshotProvider;
    private OMNodeDetails omNodeDetails;
    private List<OMNodeDetails> peerNodes;
    private File omRatisSnapshotDir;
    private final OMRatisSnapshotInfo omRatisSnapshotInfo;
    private final Map<String, RatisDropwizardExports> ratisMetricsMap;
    private KeyProviderCryptoExtension kmsProvider;
    private boolean allowListAllVolumes;
    private long maxUserVolumeCount;
    private int minMultipartUploadPartSize;
    private final ScmClient scmClient;
    private final long scmBlockSize;
    private final int preallocateBlocksMax;
    private final boolean grpcBlockTokenEnabled;
    private final boolean useRatisForReplication;
    private boolean isNativeAuthorizerEnabled;
    private ExitManager exitManager;
    private State omState;
    private Thread emptier;
    public static final Logger LOG = LoggerFactory.getLogger(OzoneManager.class);
    private static final AuditLogger AUDIT = new AuditLogger(AuditLoggerType.OMLOGGER);
    private static boolean securityEnabled = false;
    private static boolean testSecureOmFlag = false;
    private static final ObjectWriter WRITER = new ObjectMapper().writerWithDefaultPrettyPrinter();
    private static final ObjectReader READER = new ObjectMapper().readerFor(OmMetricsInfo.class);
    private static String keyProviderUriKeyName = "hadoop.security.key.provider.path";

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.apache.hadoop.ozone.om.OzoneManager$2, reason: invalid class name */
    /* loaded from: input_file:org/apache/hadoop/ozone/om/OzoneManager$2.class */
    public static /* synthetic */ class AnonymousClass2 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$hadoop$hdds$security$x509$certificate$client$CertificateClient$InitResponse;
        static final /* synthetic */ int[] $SwitchMap$org$apache$hadoop$ozone$security$acl$OzoneObj$ResourceType = new int[OzoneObj.ResourceType.values().length];

        static {
            try {
                $SwitchMap$org$apache$hadoop$ozone$security$acl$OzoneObj$ResourceType[OzoneObj.ResourceType.VOLUME.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$hadoop$ozone$security$acl$OzoneObj$ResourceType[OzoneObj.ResourceType.BUCKET.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$apache$hadoop$ozone$security$acl$OzoneObj$ResourceType[OzoneObj.ResourceType.KEY.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$apache$hadoop$ozone$security$acl$OzoneObj$ResourceType[OzoneObj.ResourceType.PREFIX.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            $SwitchMap$org$apache$hadoop$hdds$security$x509$certificate$client$CertificateClient$InitResponse = new int[CertificateClient.InitResponse.values().length];
            try {
                $SwitchMap$org$apache$hadoop$hdds$security$x509$certificate$client$CertificateClient$InitResponse[CertificateClient.InitResponse.SUCCESS.ordinal()] = 1;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hdds$security$x509$certificate$client$CertificateClient$InitResponse[CertificateClient.InitResponse.GETCERT.ordinal()] = 2;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hdds$security$x509$certificate$client$CertificateClient$InitResponse[CertificateClient.InitResponse.FAILURE.ordinal()] = 3;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hdds$security$x509$certificate$client$CertificateClient$InitResponse[CertificateClient.InitResponse.RECOVER.ordinal()] = 4;
            } catch (NoSuchFieldError e8) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/hadoop/ozone/om/OzoneManager$ScheduleOMMetricsWriteTask.class */
    public class ScheduleOMMetricsWriteTask extends TimerTask {
        private ScheduleOMMetricsWriteTask() {
        }

        @Override // java.util.TimerTask, java.lang.Runnable
        public void run() {
            OzoneManager.this.saveOmMetrics();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/hadoop/ozone/om/OzoneManager$State.class */
    public enum State {
        INITIALIZED,
        RUNNING,
        STOPPED
    }

    private OzoneManager(OzoneConfiguration ozoneConfiguration) throws IOException, AuthenticationException {
        super(OzoneVersionInfo.OZONE_VERSION_INFO);
        this.caCertPem = null;
        this.isOmRpcServerRunning = false;
        this.ratisMetricsMap = new ConcurrentHashMap();
        this.kmsProvider = null;
        this.minMultipartUploadPartSize = 5242880;
        Preconditions.checkNotNull(ozoneConfiguration);
        this.configuration = ozoneConfiguration;
        OMHANodeDetails loadOMHAConfig = OMHANodeDetails.loadOMHAConfig(this.configuration);
        this.peerNodes = loadOMHAConfig.getPeerNodeDetails();
        this.omNodeDetails = loadOMHAConfig.getLocalNodeDetails();
        this.omStorage = new OMStorage(ozoneConfiguration);
        this.omId = this.omStorage.getOmId();
        loginOMUserIfSecurityEnabled(ozoneConfiguration);
        this.allowListAllVolumes = ozoneConfiguration.getBoolean("ozone.om.volume.listall.allowed", true);
        this.maxUserVolumeCount = ozoneConfiguration.getInt("ozone.om.user.max.volume", 1024);
        Preconditions.checkArgument(this.maxUserVolumeCount > 0, "ozone.om.user.max.volume value should be greater than zero");
        if (this.omStorage.getState() != Storage.StorageState.INITIALIZED) {
            throw new OMException("OM not initialized, current OM storage state: " + this.omStorage.getState().name() + ". Please ensure 'ozone om --init' command is executed to generate all the required metadata to " + this.omStorage.getStorageDir() + " once before starting the OM service.", OMException.ResultCodes.OM_NOT_INITIALIZED);
        }
        this.omMetaDir = OMStorage.getOmDbDir(this.configuration);
        this.isAclEnabled = ozoneConfiguration.getBoolean("ozone.acl.enabled", false);
        this.scmBlockSize = (long) ozoneConfiguration.getStorageSize("ozone.scm.block.size", "256MB", StorageUnit.BYTES);
        this.preallocateBlocksMax = ozoneConfiguration.getInt("ozone.key.preallocation.max.blocks", 64);
        this.grpcBlockTokenEnabled = ozoneConfiguration.getBoolean("hdds.block.token.enabled", false);
        this.useRatisForReplication = ozoneConfiguration.getBoolean("dfs.container.ratis.enabled", false);
        this.isRatisEnabled = this.configuration.getBoolean("ozone.om.ratis.enable", true);
        InetSocketAddress rpcAddress = this.omNodeDetails.getRpcAddress();
        this.omRpcAddressTxt = new Text(this.omNodeDetails.getRpcAddressString());
        this.scmContainerClient = getScmContainerClient(this.configuration);
        this.scmBlockClient = getScmBlockClient(this.configuration);
        this.scmClient = new ScmClient(this.scmBlockClient, this.scmContainerClient);
        if (!testSecureOmFlag) {
            ScmInfo scmInfo = getScmInfo(this.configuration);
            if (!scmInfo.getClusterId().equals(this.omStorage.getClusterID()) || !scmInfo.getScmId().equals(this.omStorage.getScmId())) {
                logVersionMismatch(ozoneConfiguration, scmInfo);
                throw new OMException("SCM version info mismatch.", OMException.ResultCodes.SCM_VERSION_MISMATCH_ERROR);
            }
        }
        RPC.setProtocolEngine(this.configuration, OzoneManagerProtocolPB.class, ProtobufRpcEngine.class);
        this.secConfig = new SecurityConfig(this.configuration);
        try {
            this.kmsProvider = createKeyProviderExt(this.configuration);
        } catch (IOException e) {
            this.kmsProvider = null;
            LOG.error("Fail to create Key Provider");
        }
        if (this.secConfig.isSecurityEnabled()) {
            this.omComponent = "om-" + this.omId;
            if (this.omStorage.getOmCertSerialId() == null) {
                throw new RuntimeException("OzoneManager started in secure mode but doesn't have SCM signed certificate.");
            }
            this.certClient = new OMCertificateClient(new SecurityConfig(ozoneConfiguration), this.omStorage.getOmCertSerialId());
        }
        if (this.secConfig.isBlockTokenEnabled()) {
            this.blockTokenMgr = createBlockTokenSecretManager(this.configuration);
        }
        instantiateServices();
        addS3GVolumeToDB();
        this.omRatisSnapshotInfo = new OMRatisSnapshotInfo();
        if (this.isRatisEnabled) {
            String oMRatisDirectory = OzoneManagerRatisServer.getOMRatisDirectory(this.configuration);
            if (oMRatisDirectory == null || oMRatisDirectory.isEmpty()) {
                throw new IllegalArgumentException("ozone.metadata.dirs must be defined.");
            }
            OmUtils.createOMDir(oMRatisDirectory);
            this.omRatisSnapshotDir = OmUtils.createOMDir(OzoneManagerRatisServer.getOMRatisSnapshotDirectory(this.configuration));
            File file = new File(oMRatisDirectory, "snapshot");
            if (file.isDirectory()) {
                FileUtils.moveDirectory(file.toPath(), this.omRatisSnapshotDir.toPath());
            }
            if (this.peerNodes != null && !this.peerNodes.isEmpty()) {
                this.omSnapshotProvider = new OzoneManagerSnapshotProvider(this.configuration, this.omRatisSnapshotDir, this.peerNodes);
            }
        }
        initializeRatisServer();
        this.metrics = OMMetrics.create();
        this.omClientProtocolMetrics = ProtocolMessageMetrics.create("OmClientProtocol", "Ozone Manager RPC endpoint", OzoneManagerProtocolProtos.Type.values());
        this.omRpcServer = getRpcServer(this.configuration);
        this.omRpcAddress = ServerUtils.updateRPCListenAddress(this.configuration, "ozone.om.address", rpcAddress, this.omRpcServer);
        this.shutdownHook = () -> {
            saveOmMetrics();
        };
        ShutdownHookManager.get().addShutdownHook(this.shutdownHook, SHUTDOWN_HOOK_PRIORITY);
        this.omState = State.INITIALIZED;
    }

    private void logVersionMismatch(OzoneConfiguration ozoneConfiguration, ScmInfo scmInfo) {
        InetSocketAddress scmAddressForBlockClients = HddsUtils.getScmAddressForBlockClients(ozoneConfiguration);
        if (!scmInfo.getClusterId().equals(this.omStorage.getClusterID())) {
            LOG.error("clusterId from {} is {}, but is {} in {}", new Object[]{scmAddressForBlockClients, scmInfo.getClusterId(), this.omStorage.getClusterID(), this.omStorage.getVersionFile()});
        }
        if (scmInfo.getScmId().equals(this.omStorage.getScmId())) {
            return;
        }
        LOG.error("scmId from {} is {}, but is {} in {}", new Object[]{scmAddressForBlockClients, scmInfo.getScmId(), this.omStorage.getScmId(), this.omStorage.getVersionFile()});
    }

    private void instantiateServices() throws IOException {
        this.metadataManager = new OmMetadataManagerImpl(this.configuration);
        this.volumeManager = new VolumeManagerImpl(this.metadataManager, this.configuration);
        this.bucketManager = new BucketManagerImpl(this.metadataManager, getKmsProvider(), this.isRatisEnabled);
        if (this.secConfig.isSecurityEnabled()) {
            this.s3SecretManager = new S3SecretManagerImpl(this.configuration, this.metadataManager);
            this.delegationTokenMgr = createDelegationTokenSecretManager(this.configuration);
        }
        this.prefixManager = new PrefixManagerImpl(this.metadataManager, this.isRatisEnabled);
        this.keyManager = new KeyManagerImpl(this, this.scmClient, this.configuration, this.omStorage.getOmId());
        if (!this.isAclEnabled) {
            this.accessAuthorizer = null;
            return;
        }
        this.accessAuthorizer = getACLAuthorizerInstance(this.configuration);
        if (this.accessAuthorizer instanceof OzoneNativeAuthorizer) {
            OzoneNativeAuthorizer ozoneNativeAuthorizer = (OzoneNativeAuthorizer) this.accessAuthorizer;
            this.isNativeAuthorizerEnabled = true;
            ozoneNativeAuthorizer.setVolumeManager(this.volumeManager);
            ozoneNativeAuthorizer.setBucketManager(this.bucketManager);
            ozoneNativeAuthorizer.setKeyManager(this.keyManager);
            ozoneNativeAuthorizer.setPrefixManager(this.prefixManager);
            ozoneNativeAuthorizer.setOzoneAdmins(getOzoneAdmins(this.configuration));
            ozoneNativeAuthorizer.setAllowListAllVolumes(this.allowListAllVolumes);
        }
    }

    public boolean shouldUseRatis() {
        return this.useRatisForReplication;
    }

    public ScmClient getScmClient() {
        return this.scmClient;
    }

    public OzoneBlockTokenSecretManager getBlockTokenSecretManager() {
        return this.blockTokenMgr;
    }

    public long getScmBlockSize() {
        return this.scmBlockSize;
    }

    public int getPreallocateBlocksMax() {
        return this.preallocateBlocksMax;
    }

    public boolean isGrpcBlockTokenEnabled() {
        return this.grpcBlockTokenEnabled;
    }

    private KeyProviderCryptoExtension createKeyProviderExt(OzoneConfiguration ozoneConfiguration) throws IOException {
        KeyProvider createKeyProvider = KMSUtil.createKeyProvider(ozoneConfiguration, keyProviderUriKeyName);
        if (createKeyProvider == null) {
            return null;
        }
        return KeyProviderCryptoExtension.createKeyProviderCryptoExtension(createKeyProvider);
    }

    private IAccessAuthorizer getACLAuthorizerInstance(OzoneConfiguration ozoneConfiguration) {
        return (IAccessAuthorizer) ReflectionUtils.newInstance(ozoneConfiguration.getClass("ozone.acl.authorizer.class", OzoneAccessAuthorizer.class, IAccessAuthorizer.class), ozoneConfiguration);
    }

    public void close() throws IOException {
        stop();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void saveOmMetrics() {
        try {
            Files.createDirectories(getTempMetricsStorageFile().getParentFile().toPath(), new FileAttribute[0]);
            BufferedWriter bufferedWriter = new BufferedWriter(new OutputStreamWriter(new FileOutputStream(getTempMetricsStorageFile()), StandardCharsets.UTF_8));
            Throwable th = null;
            try {
                try {
                    OmMetricsInfo omMetricsInfo = new OmMetricsInfo();
                    omMetricsInfo.setNumKeys(this.metrics.getNumKeys());
                    WRITER.writeValue(bufferedWriter, omMetricsInfo);
                    if (bufferedWriter != null) {
                        if (0 != 0) {
                            try {
                                bufferedWriter.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            bufferedWriter.close();
                        }
                    }
                    if (1 != 0) {
                        Files.move(getTempMetricsStorageFile().toPath(), getMetricsStorageFile().toPath(), StandardCopyOption.ATOMIC_MOVE, StandardCopyOption.REPLACE_EXISTING);
                    }
                } finally {
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (IOException e) {
            LOG.error("Unable to write the om Metrics file", e);
        }
    }

    private File getTempMetricsStorageFile() {
        return new File(this.omMetaDir, "omMetrics.tmp");
    }

    private File getMetricsStorageFile() {
        return new File(this.omMetaDir, "omMetrics");
    }

    private OzoneDelegationTokenSecretManager createDelegationTokenSecretManager(OzoneConfiguration ozoneConfiguration) throws IOException {
        long timeDuration = ozoneConfiguration.getTimeDuration("ozone.manager.delegation.remover.scan.interval", 3600000L, TimeUnit.MILLISECONDS);
        long timeDuration2 = ozoneConfiguration.getTimeDuration("ozone.manager.delegation.token.max-lifetime", 604800000L, TimeUnit.MILLISECONDS);
        return new OzoneDelegationTokenSecretManager.Builder().setConf(ozoneConfiguration).setTokenMaxLifetime(timeDuration2).setTokenRenewInterval(ozoneConfiguration.getTimeDuration("ozone.manager.delegation.token.renew-interval", 86400000L, TimeUnit.MILLISECONDS)).setTokenRemoverScanInterval(timeDuration).setService(this.omRpcAddressTxt).setS3SecretManager(this.s3SecretManager).setCertificateClient(this.certClient).setOmServiceId(this.omNodeDetails.getOMServiceId()).build();
    }

    private OzoneBlockTokenSecretManager createBlockTokenSecretManager(OzoneConfiguration ozoneConfiguration) {
        long timeDuration = ozoneConfiguration.getTimeDuration("hdds.block.token.expiry.time", "1d", TimeUnit.MILLISECONDS);
        if (testSecureOmFlag) {
            return new OzoneBlockTokenSecretManager(this.secConfig, timeDuration, "1");
        }
        Objects.requireNonNull(this.certClient);
        return new OzoneBlockTokenSecretManager(this.secConfig, timeDuration, this.certClient.getCertificate().getSerialNumber().toString());
    }

    private void stopSecretManager() {
        if (this.blockTokenMgr != null) {
            LOG.info("Stopping OM block token manager.");
            try {
                this.blockTokenMgr.stop();
            } catch (IOException e) {
                LOG.error("Failed to stop block token manager", e);
            }
        }
        if (this.delegationTokenMgr != null) {
            LOG.info("Stopping OM delegation token secret manager.");
            try {
                this.delegationTokenMgr.stop();
            } catch (IOException e2) {
                LOG.error("Failed to stop delegation token manager", e2);
            }
        }
    }

    @VisibleForTesting
    public void startSecretManager() {
        try {
            readKeyPair();
            if (this.secConfig.isBlockTokenEnabled() && this.blockTokenMgr != null) {
                try {
                    LOG.info("Starting OM block token secret manager");
                    this.blockTokenMgr.start(this.certClient);
                } catch (IOException e) {
                    LOG.error("Error starting block token secret manager.", e);
                    throw new RuntimeException(e);
                }
            }
            if (this.delegationTokenMgr != null) {
                try {
                    LOG.info("Starting OM delegation token secret manager");
                    this.delegationTokenMgr.start(this.certClient);
                } catch (IOException e2) {
                    LOG.error("Error starting delegation token secret manager.", e2);
                    throw new RuntimeException(e2);
                }
            }
        } catch (OzoneSecurityException e3) {
            LOG.error("Unable to read key pair for OM.", e3);
            throw new RuntimeException((Throwable) e3);
        }
    }

    public void setCertClient(CertificateClient certificateClient) {
        this.certClient = certificateClient;
    }

    private void readKeyPair() throws OzoneSecurityException {
        try {
            LOG.info("Reading keypair and certificate from file system.");
            PublicKey publicKey = this.certClient.getPublicKey();
            PrivateKey privateKey = this.certClient.getPrivateKey();
            Objects.requireNonNull(publicKey);
            Objects.requireNonNull(privateKey);
            Objects.requireNonNull(this.certClient.getCertificate());
        } catch (Exception e) {
            throw new OzoneSecurityException("Error reading keypair & certificate OzoneManager.", e, OzoneSecurityException.ResultCodes.OM_PUBLIC_PRIVATE_KEY_FILE_NOT_EXIST);
        }
    }

    private static void loginOMUser(OzoneConfiguration ozoneConfiguration) throws IOException, AuthenticationException {
        if (!SecurityUtil.getAuthenticationMethod(ozoneConfiguration).equals(UserGroupInformation.AuthenticationMethod.KERBEROS)) {
            throw new AuthenticationException(SecurityUtil.getAuthenticationMethod(ozoneConfiguration) + " authentication method not supported. OM user login failed.");
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Ozone security is enabled. Attempting login for OM user. Principal: {}, keytab: {}", ozoneConfiguration.get("ozone.om.kerberos.principal"), ozoneConfiguration.get("ozone.om.kerberos.keytab.file"));
        }
        UserGroupInformation.setConfiguration(ozoneConfiguration);
        SecurityUtil.login(ozoneConfiguration, "ozone.om.kerberos.keytab.file", "ozone.om.kerberos.principal", OmUtils.getOmAddress(ozoneConfiguration).getHostName());
        LOG.info("Ozone Manager login successful.");
    }

    private static ScmBlockLocationProtocol getScmBlockClient(OzoneConfiguration ozoneConfiguration) throws IOException {
        RPC.setProtocolEngine(ozoneConfiguration, ScmBlockLocationProtocolPB.class, ProtobufRpcEngine.class);
        return (ScmBlockLocationProtocol) TracingUtil.createProxy(new ScmBlockLocationProtocolClientSideTranslatorPB((ScmBlockLocationProtocolPB) RPC.getProxy(ScmBlockLocationProtocolPB.class, RPC.getProtocolVersion(ScmBlockLocationProtocolPB.class), HddsUtils.getScmAddressForBlockClients(ozoneConfiguration), UserGroupInformation.getCurrentUser(), ozoneConfiguration, NetUtils.getDefaultSocketFactory(ozoneConfiguration), Client.getRpcTimeout(ozoneConfiguration))), ScmBlockLocationProtocol.class, ozoneConfiguration);
    }

    private static StorageContainerLocationProtocol getScmContainerClient(OzoneConfiguration ozoneConfiguration) throws IOException {
        RPC.setProtocolEngine(ozoneConfiguration, StorageContainerLocationProtocolPB.class, ProtobufRpcEngine.class);
        return (StorageContainerLocationProtocol) TracingUtil.createProxy(new StorageContainerLocationProtocolClientSideTranslatorPB((StorageContainerLocationProtocolPB) RPC.getProxy(StorageContainerLocationProtocolPB.class, RPC.getProtocolVersion(StorageContainerLocationProtocolPB.class), HddsUtils.getScmAddressForClients(ozoneConfiguration), UserGroupInformation.getCurrentUser(), ozoneConfiguration, NetUtils.getDefaultSocketFactory(ozoneConfiguration), Client.getRpcTimeout(ozoneConfiguration))), StorageContainerLocationProtocol.class, ozoneConfiguration);
    }

    private RPC.Server startRpcServer(OzoneConfiguration ozoneConfiguration, InetSocketAddress inetSocketAddress, Class<?> cls, BlockingService blockingService, int i) throws IOException {
        RPC.Server build = new RPC.Builder(ozoneConfiguration).setProtocol(cls).setInstance(blockingService).setBindAddress(inetSocketAddress.getHostString()).setPort(inetSocketAddress.getPort()).setNumHandlers(i).setVerbose(false).setSecretManager(this.delegationTokenMgr).build();
        HddsServerUtil.addPBProtocol(ozoneConfiguration, cls, blockingService, build);
        if (ozoneConfiguration.getBoolean("hadoop.security.authorization", false)) {
            build.refreshServiceAcl(ozoneConfiguration, OMPolicyProvider.getInstance());
        }
        return build;
    }

    private static boolean isOzoneSecurityEnabled() {
        return securityEnabled;
    }

    public static OzoneManager createOm(OzoneConfiguration ozoneConfiguration) throws IOException, AuthenticationException {
        return new OzoneManager(ozoneConfiguration);
    }

    private static void loginOMUserIfSecurityEnabled(OzoneConfiguration ozoneConfiguration) throws IOException, AuthenticationException {
        securityEnabled = OzoneSecurityUtil.isSecurityEnabled(ozoneConfiguration);
        if (securityEnabled) {
            loginOMUser(ozoneConfiguration);
        }
    }

    @VisibleForTesting
    public static boolean omInit(OzoneConfiguration ozoneConfiguration) throws IOException, AuthenticationException {
        OMHANodeDetails.loadOMHAConfig(ozoneConfiguration);
        loginOMUserIfSecurityEnabled(ozoneConfiguration);
        OMStorage oMStorage = new OMStorage(ozoneConfiguration);
        if (oMStorage.getState() == Storage.StorageState.INITIALIZED) {
            if (OzoneSecurityUtil.isSecurityEnabled(ozoneConfiguration) && oMStorage.getOmCertSerialId() == null) {
                LOG.info("OM storage is already initialized. Initializing security");
                initializeSecurity(ozoneConfiguration, oMStorage);
                oMStorage.persistCurrentState();
            }
            System.out.println("OM already initialized.Reusing existing cluster id for sd=" + oMStorage.getStorageDir() + ";cid=" + oMStorage.getClusterID() + ";layoutVersion=" + oMStorage.getLayoutVersion());
            return true;
        }
        try {
            ScmInfo scmInfo = getScmInfo(ozoneConfiguration);
            String clusterId = scmInfo.getClusterId();
            String scmId = scmInfo.getScmId();
            if (clusterId == null || clusterId.isEmpty()) {
                throw new IOException("Invalid Cluster ID");
            }
            if (scmId == null || scmId.isEmpty()) {
                throw new IOException("Invalid SCM ID");
            }
            oMStorage.setClusterId(clusterId);
            oMStorage.setScmId(scmId);
            if (OzoneSecurityUtil.isSecurityEnabled(ozoneConfiguration)) {
                initializeSecurity(ozoneConfiguration, oMStorage);
            }
            oMStorage.initialize();
            System.out.println("OM initialization succeeded.Current cluster id for sd=" + oMStorage.getStorageDir() + ";cid=" + oMStorage.getClusterID() + ";layoutVersion=" + oMStorage.getLayoutVersion());
            return true;
        } catch (IOException e) {
            LOG.error("Could not initialize OM version file", e);
            return false;
        }
    }

    @VisibleForTesting
    public static void initializeSecurity(OzoneConfiguration ozoneConfiguration, OMStorage oMStorage) throws IOException {
        LOG.info("Initializing secure OzoneManager.");
        OMCertificateClient oMCertificateClient = new OMCertificateClient(new SecurityConfig(ozoneConfiguration), oMStorage.getOmCertSerialId());
        CertificateClient.InitResponse init = oMCertificateClient.init();
        LOG.info("Init response: {}", init);
        switch (AnonymousClass2.$SwitchMap$org$apache$hadoop$hdds$security$x509$certificate$client$CertificateClient$InitResponse[init.ordinal()]) {
            case 1:
                LOG.info("Initialization successful.");
                return;
            case 2:
                getSCMSignedCert(oMCertificateClient, ozoneConfiguration, oMStorage);
                LOG.info("Successfully stored SCM signed certificate.");
                return;
            case 3:
                LOG.error("OM security initialization failed.");
                throw new RuntimeException("OM security initialization failed.");
            case 4:
                LOG.error("OM security initialization failed. OM certificate is missing.");
                throw new RuntimeException("OM security initialization failed.");
            default:
                LOG.error("OM security initialization failed. Init response: {}", init);
                throw new RuntimeException("OM security initialization failed.");
        }
    }

    private static ScmInfo getScmInfo(OzoneConfiguration ozoneConfiguration) throws IOException {
        try {
            return (ScmInfo) new RetriableTask(RetryPolicies.retryUpToMaximumCountWithFixedSleep(10, 5L, TimeUnit.SECONDS), "OM#getScmInfo", () -> {
                return getScmBlockClient(ozoneConfiguration).getScmInfo();
            }).call();
        } catch (IOException e) {
            throw e;
        } catch (Exception e2) {
            throw new IOException("Failed to get SCM info", e2);
        }
    }

    private static String buildRpcServerStartMessage(String str, InetSocketAddress inetSocketAddress) {
        return inetSocketAddress != null ? String.format("%s is listening at %s", str, inetSocketAddress.toString()) : String.format("%s not started", str);
    }

    @VisibleForTesting
    public KeyManager getKeyManager() {
        return this.keyManager;
    }

    @VisibleForTesting
    public ScmInfo getScmInfo() throws IOException {
        return this.scmBlockClient.getScmInfo();
    }

    @VisibleForTesting
    public OMStorage getOmStorage() {
        return this.omStorage;
    }

    @VisibleForTesting
    public OzoneManagerRatisServer getOmRatisServer() {
        return this.omRatisServer;
    }

    @VisibleForTesting
    public OzoneManagerSnapshotProvider getOmSnapshotProvider() {
        return this.omSnapshotProvider;
    }

    @VisibleForTesting
    public InetSocketAddress getOmRpcServerAddr() {
        return this.omRpcAddress;
    }

    @VisibleForTesting
    public LifeCycle.State getOmRatisServerState() {
        if (this.omRatisServer == null) {
            return null;
        }
        return this.omRatisServer.getServerState();
    }

    @VisibleForTesting
    public KeyProviderCryptoExtension getKmsProvider() {
        return this.kmsProvider;
    }

    public PrefixManager getPrefixManager() {
        return this.prefixManager;
    }

    public OMMetadataManager getMetadataManager() {
        return this.metadataManager;
    }

    public OzoneBlockTokenSecretManager getBlockTokenMgr() {
        return this.blockTokenMgr;
    }

    public OzoneManagerProtocolServerSideTranslatorPB getOmServerProtocol() {
        return this.omServerProtocol;
    }

    public OMMetrics getMetrics() {
        return this.metrics;
    }

    public void start() throws IOException {
        this.omClientProtocolMetrics.register();
        HddsServerUtil.initializeMetrics(this.configuration, "OzoneManager");
        LOG.info(buildRpcServerStartMessage("OzoneManager RPC server", this.omRpcAddress));
        if (this.omRatisServer != null) {
            this.omRatisServer.start();
        }
        this.metadataManager.start(this.configuration);
        startSecretManagerIfNecessary();
        if (this.certClient != null) {
            this.caCertPem = CertificateCodec.getPEMEncodedString(this.certClient.getCACertificate());
        }
        this.metrics.setNumVolumes(this.metadataManager.countRowsInTable(this.metadataManager.getVolumeTable()));
        this.metrics.setNumBuckets(this.metadataManager.countRowsInTable(this.metadataManager.getBucketTable()));
        if (getMetricsStorageFile().exists()) {
            this.metrics.setNumKeys(((OmMetricsInfo) READER.readValue(getMetricsStorageFile())).getNumKeys());
        }
        long timeDuration = this.configuration.getTimeDuration("ozone.om.save.metrics.interval", "5m", TimeUnit.MILLISECONDS);
        this.scheduleOMMetricsWriteTask = new ScheduleOMMetricsWriteTask();
        this.metricsTimer = new Timer();
        this.metricsTimer.schedule(this.scheduleOMMetricsWriteTask, 0L, timeDuration);
        this.keyManager.start(this.configuration);
        try {
            this.httpServer = new OzoneManagerHttpServer(this.configuration, this);
            this.httpServer.start();
        } catch (Exception e) {
            LOG.error("OM HttpServer failed to start.", e);
        }
        this.omRpcServer.start();
        this.isOmRpcServerRunning = true;
        startTrashEmptier(this.configuration);
        registerMXBean();
        startJVMPauseMonitor();
        setStartTime();
        this.omState = State.RUNNING;
    }

    public void restart() throws IOException {
        LOG.info(buildRpcServerStartMessage("OzoneManager RPC server", this.omRpcAddress));
        HddsServerUtil.initializeMetrics(this.configuration, "OzoneManager");
        instantiateServices();
        startSecretManagerIfNecessary();
        this.metrics.setNumVolumes(this.metadataManager.countRowsInTable(this.metadataManager.getVolumeTable()));
        this.metrics.setNumBuckets(this.metadataManager.countRowsInTable(this.metadataManager.getBucketTable()));
        if (getMetricsStorageFile().exists()) {
            this.metrics.setNumKeys(((OmMetricsInfo) READER.readValue(getMetricsStorageFile())).getNumKeys());
        }
        long timeDuration = this.configuration.getTimeDuration("ozone.om.save.metrics.interval", "5m", TimeUnit.MILLISECONDS);
        this.scheduleOMMetricsWriteTask = new ScheduleOMMetricsWriteTask();
        this.metricsTimer = new Timer();
        this.metricsTimer.schedule(this.scheduleOMMetricsWriteTask, 0L, timeDuration);
        initializeRatisServer();
        if (this.omRatisServer != null) {
            this.omRatisServer.start();
        }
        this.omRpcServer = getRpcServer(this.configuration);
        try {
            this.httpServer = new OzoneManagerHttpServer(this.configuration, this);
            this.httpServer.start();
        } catch (Exception e) {
            LOG.error("OM HttpServer failed to start.", e);
        }
        this.omRpcServer.start();
        this.isOmRpcServerRunning = true;
        startTrashEmptier(this.configuration);
        registerMXBean();
        startJVMPauseMonitor();
        setStartTime();
        this.omState = State.RUNNING;
    }

    private void startTrashEmptier(Configuration configuration) throws IOException {
        long j = configuration.getLong("ozone.fs.trash.interval", configuration.getLong("fs.trash.interval", 0L));
        if (j == 0) {
            LOG.info("Trash Interval set to 0. Files deleted will not move to trash");
        } else {
            if (j < 0) {
                throw new IOException("Cannot start trash emptier with negative interval. Set fs.trash.interval to a positive value.");
            }
            this.emptier = new Thread(new OzoneTrash((FileSystem) SecurityUtil.doAsLoginUser(new PrivilegedExceptionAction<FileSystem>() { // from class: org.apache.hadoop.ozone.om.OzoneManager.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public FileSystem run() throws IOException {
                    return new TrashOzoneFileSystem(this);
                }
            }), configuration, this).getEmptier(), "Trash Emptier");
            this.emptier.setDaemon(true);
            this.emptier.start();
        }
    }

    private RPC.Server getRpcServer(OzoneConfiguration ozoneConfiguration) throws IOException {
        if (this.isOmRpcServerRunning) {
            return this.omRpcServer;
        }
        InetSocketAddress omAddress = OmUtils.getOmAddress(ozoneConfiguration);
        int i = ozoneConfiguration.getInt("ozone.om.handler.count.key", 100);
        RPC.setProtocolEngine(this.configuration, OzoneManagerProtocolPB.class, ProtobufRpcEngine.class);
        this.omServerProtocol = new OzoneManagerProtocolServerSideTranslatorPB(this, this.omRatisServer, this.omClientProtocolMetrics, this.isRatisEnabled, getLastTrxnIndexForNonRatis());
        return startRpcServer(this.configuration, omAddress, OzoneManagerProtocolPB.class, OzoneManagerProtocolProtos.OzoneManagerService.newReflectiveBlockingService(this.omServerProtocol), i);
    }

    private void initializeRatisServer() throws IOException {
        if (!this.isRatisEnabled) {
            this.omRatisServer = null;
            return;
        }
        if (this.omRatisServer == null) {
            RatisDropwizardExports.registerRatisMetricReporters(this.ratisMetricsMap);
            this.omRatisServer = OzoneManagerRatisServer.newOMRatisServer(this.configuration, this, this.omNodeDetails, this.peerNodes, this.secConfig, this.certClient);
        }
        LOG.info("OzoneManager Ratis server initialized at port {}", Integer.valueOf(this.omRatisServer.getServerPort()));
    }

    public long getObjectIdFromTxId(long j) {
        return OmUtils.getObjectIdFromTxId(this.metadataManager.getOmEpoch(), j);
    }

    @VisibleForTesting
    long getLastTrxnIndexForNonRatis() throws IOException {
        OMTransactionInfo readTransactionInfo = OMTransactionInfo.readTransactionInfo(this.metadataManager);
        if (readTransactionInfo == null || readTransactionInfo.getTerm() != -1) {
            return 0L;
        }
        return readTransactionInfo.getTransactionIndex();
    }

    public OMRatisSnapshotInfo getSnapshotInfo() {
        return this.omRatisSnapshotInfo;
    }

    @VisibleForTesting
    public long getRatisSnapshotIndex() throws IOException {
        return OMTransactionInfo.readTransactionInfo(this.metadataManager).getTransactionIndex();
    }

    public void stop() {
        try {
            if (this.metricsTimer != null) {
                this.metricsTimer.cancel();
                this.metricsTimer = null;
                this.scheduleOMMetricsWriteTask = null;
            }
            this.omRpcServer.stop();
            if (!this.isRatisEnabled) {
                this.omServerProtocol.stop();
            }
            if (this.omRatisServer != null) {
                this.omRatisServer.stop();
                this.omRatisServer = null;
            }
            this.isOmRpcServerRunning = false;
            this.keyManager.stop();
            stopSecretManager();
            if (this.httpServer != null) {
                this.httpServer.stop();
            }
            stopTrashEmptier();
            this.metadataManager.stop();
            this.metrics.unRegister();
            this.omClientProtocolMetrics.unregister();
            unregisterMXBean();
            if (this.jvmPauseMonitor != null) {
                this.jvmPauseMonitor.stop();
            }
            if (this.omSnapshotProvider != null) {
                this.omSnapshotProvider.stop();
            }
            this.omState = State.STOPPED;
        } catch (Exception e) {
            LOG.error("OzoneManager stop failed.", e);
        }
    }

    public void join() {
        try {
            this.omRpcServer.join();
        } catch (InterruptedException e) {
            Thread.currentThread().interrupt();
            LOG.info("Interrupted during OzoneManager join.", e);
        }
    }

    private void startSecretManagerIfNecessary() {
        if (isOzoneSecurityEnabled()) {
            if (this.delegationTokenMgr.isRunning() && this.blockTokenMgr.isRunning()) {
                return;
            }
            startSecretManager();
        }
    }

    private static void getSCMSignedCert(CertificateClient certificateClient, OzoneConfiguration ozoneConfiguration, OMStorage oMStorage) throws IOException {
        CertificateSignRequest.Builder cSRBuilder = certificateClient.getCSRBuilder();
        KeyPair keyPair = new KeyPair(certificateClient.getPublicKey(), certificateClient.getPrivateKey());
        InetSocketAddress omAddress = OmUtils.getOmAddress(ozoneConfiguration);
        if (omAddress == null || omAddress.getAddress() == null) {
            LOG.error("Incorrect om rpc address. omRpcAdd:{}", omAddress);
            throw new RuntimeException("Can't get SCM signed certificate. omRpcAdd: " + omAddress);
        }
        String hostName = omAddress.getAddress().getHostName();
        String hostAddress = omAddress.getAddress().getHostAddress();
        String str = cSRBuilder.hasDnsName() ? UserGroupInformation.getCurrentUser().getShortUserName() + "@" + hostName : hostName;
        cSRBuilder.setCA(false).setKey(keyPair).setConfiguration(ozoneConfiguration).setScmID(oMStorage.getScmId()).setClusterID(oMStorage.getClusterID()).setSubject(str);
        String oMServiceId = OMHANodeDetails.loadOMHAConfig(ozoneConfiguration).getLocalNodeDetails().getOMServiceId();
        if (!StringUtils.isEmpty(oMServiceId)) {
            cSRBuilder.addServiceName(oMServiceId);
        }
        LOG.info("Creating csr for OM->dns:{},ip:{},scmId:{},clusterId:{},subject:{}", new Object[]{hostName, hostAddress, oMStorage.getScmId(), oMStorage.getClusterID(), str});
        HddsProtos.OzoneManagerDetailsProto.Builder addPorts = HddsProtos.OzoneManagerDetailsProto.newBuilder().setHostName(omAddress.getHostName()).setIpAddress(hostAddress).setUuid(oMStorage.getOmId()).addPorts(HddsProtos.Port.newBuilder().setName("RPC").setValue(omAddress.getPort()).build());
        PKCS10CertificationRequest build = cSRBuilder.build();
        HddsProtos.OzoneManagerDetailsProto build2 = addPorts.build();
        LOG.info("OzoneManager ports added:{}", build2.getPortsList());
        SCMSecurityProtocolProtos.SCMGetCertResponseProto oMCertChain = HddsServerUtil.getScmSecurityClient(ozoneConfiguration).getOMCertChain(build2, CertificateSignRequest.getEncodedString(build));
        String x509Certificate = oMCertChain.getX509Certificate();
        try {
            if (!oMCertChain.hasX509CACertificate()) {
                throw new RuntimeException("Unable to retrieve OM certificate chain");
            }
            certificateClient.storeCertificate(oMCertChain.getX509CACertificate(), true, true);
            certificateClient.storeCertificate(x509Certificate, true);
            oMStorage.setOmCertSerialId(CertificateCodec.getX509Certificate(x509Certificate).getSerialNumber().toString());
        } catch (IOException | CertificateException e) {
            LOG.error("Error while storing SCM signed certificate.", e);
            throw new RuntimeException(e);
        }
    }

    private boolean isAllowedDelegationTokenOp() throws IOException {
        UserGroupInformation.AuthenticationMethod connectionAuthenticationMethod = getConnectionAuthenticationMethod();
        return !UserGroupInformation.isSecurityEnabled() || connectionAuthenticationMethod == UserGroupInformation.AuthenticationMethod.KERBEROS || connectionAuthenticationMethod == UserGroupInformation.AuthenticationMethod.KERBEROS_SSL || connectionAuthenticationMethod == UserGroupInformation.AuthenticationMethod.CERTIFICATE;
    }

    private UserGroupInformation.AuthenticationMethod getConnectionAuthenticationMethod() throws IOException {
        UserGroupInformation remoteUser = getRemoteUser();
        UserGroupInformation.AuthenticationMethod authenticationMethod = remoteUser.getAuthenticationMethod();
        if (authenticationMethod == UserGroupInformation.AuthenticationMethod.PROXY) {
            authenticationMethod = remoteUser.getRealUser().getAuthenticationMethod();
        }
        return authenticationMethod;
    }

    private static UserGroupInformation getRemoteUser() throws IOException {
        UserGroupInformation remoteUser = Server.getRemoteUser();
        return remoteUser != null ? remoteUser : UserGroupInformation.getCurrentUser();
    }

    public Token<OzoneTokenIdentifier> getDelegationToken(Text text) throws OMException {
        try {
            if (!isAllowedDelegationTokenOp()) {
                throw new OMException("Delegation Token can be issued only with kerberos or web authentication", OMException.ResultCodes.INVALID_AUTH_METHOD);
            }
            if (this.delegationTokenMgr == null || !this.delegationTokenMgr.isRunning()) {
                LOG.warn("trying to get DT with no secret manager running in OM.");
                return null;
            }
            UserGroupInformation remoteUser = getRemoteUser();
            Text text2 = new Text(remoteUser.getUserName());
            Text text3 = null;
            if (remoteUser.getRealUser() != null) {
                text3 = new Text(remoteUser.getRealUser().getUserName());
            }
            return this.delegationTokenMgr.createToken(text2, text, text3);
        } catch (IOException e) {
            LOG.error("Get Delegation token failed, cause: {}", e.getMessage());
            throw new OMException("Get Delegation token failed.", e, OMException.ResultCodes.TOKEN_ERROR_OTHER);
        } catch (OMException e2) {
            throw e2;
        }
    }

    public long renewDelegationToken(Token<OzoneTokenIdentifier> token) throws OMException {
        try {
            if (!isAllowedDelegationTokenOp()) {
                throw new OMException("Delegation Token can be renewed only with kerberos or web authentication", OMException.ResultCodes.INVALID_AUTH_METHOD);
            }
            return this.delegationTokenMgr.renewToken(token, getRemoteUser().getShortUserName());
        } catch (OMException e) {
            throw e;
        } catch (IOException e2) {
            OzoneTokenIdentifier ozoneTokenIdentifier = null;
            try {
                ozoneTokenIdentifier = OzoneTokenIdentifier.readProtoBuf(token.getIdentifier());
            } catch (IOException e3) {
            }
            LOG.error("Delegation token renewal failed for dt id: {}, cause: {}", ozoneTokenIdentifier, e2.getMessage());
            throw new OMException("Delegation token renewal failed for dt: " + token, e2, OMException.ResultCodes.TOKEN_ERROR_OTHER);
        }
    }

    public void cancelDelegationToken(Token<OzoneTokenIdentifier> token) throws OMException {
        OzoneTokenIdentifier ozoneTokenIdentifier = null;
        try {
            ozoneTokenIdentifier = this.delegationTokenMgr.cancelToken(token, getRemoteUser().getUserName());
            LOG.trace("Delegation token cancelled for dt: {}", ozoneTokenIdentifier);
        } catch (IOException e) {
            LOG.error("Delegation token cancellation failed for dt id: {}, cause: {}", ozoneTokenIdentifier, e.getMessage());
            throw new OMException("Delegation token renewal failed for dt: " + token, e, OMException.ResultCodes.TOKEN_ERROR_OTHER);
        } catch (OMException e2) {
            throw e2;
        }
    }

    public void createVolume(OmVolumeArgs omVolumeArgs) throws IOException {
        try {
            this.metrics.incNumVolumeCreates();
            if (this.isAclEnabled) {
                checkAcls(OzoneObj.ResourceType.VOLUME, OzoneObj.StoreType.OZONE, IAccessAuthorizer.ACLType.CREATE, omVolumeArgs.getVolume(), null, null);
            }
            this.volumeManager.createVolume(omVolumeArgs);
            AUDIT.logWriteSuccess(buildAuditMessageForSuccess(OMAction.CREATE_VOLUME, omVolumeArgs == null ? null : omVolumeArgs.toAuditMap()));
            this.metrics.incNumVolumes();
        } catch (Exception e) {
            this.metrics.incNumVolumeCreateFails();
            AUDIT.logWriteFailure(buildAuditMessageForFailure(OMAction.CREATE_VOLUME, omVolumeArgs == null ? null : omVolumeArgs.toAuditMap(), e));
            throw e;
        }
    }

    private void checkAcls(OzoneObj.ResourceType resourceType, OzoneObj.StoreType storeType, IAccessAuthorizer.ACLType aCLType, String str, String str2, String str3) throws IOException {
        UserGroupInformation remoteUser = ProtobufRpcEngine.Server.getRemoteUser();
        InetAddress remoteIp = ProtobufRpcEngine.Server.getRemoteIp();
        checkAcls(resourceType, storeType, aCLType, str, str2, str3, remoteUser != null ? remoteUser : getRemoteUser(), remoteIp != null ? remoteIp : this.omRpcAddress.getAddress(), remoteIp != null ? remoteIp.getHostName() : this.omRpcAddress.getHostName(), true, getVolumeOwner(str, aCLType, resourceType));
    }

    private boolean hasAcls(String str, OzoneObj.ResourceType resourceType, OzoneObj.StoreType storeType, IAccessAuthorizer.ACLType aCLType, String str2, String str3, String str4) {
        try {
            return checkAcls(resourceType, storeType, aCLType, str2, str3, str4, UserGroupInformation.createRemoteUser(str), ProtobufRpcEngine.Server.getRemoteIp(), ProtobufRpcEngine.Server.getRemoteIp().getHostName(), false, getVolumeOwner(str2, aCLType, resourceType));
        } catch (OMException e) {
            return false;
        }
    }

    public String getVolumeOwner(String str, IAccessAuthorizer.ACLType aCLType, OzoneObj.ResourceType resourceType) throws OMException {
        String str2 = null;
        if (!str.equals("/") && (aCLType != IAccessAuthorizer.ACLType.CREATE || resourceType != OzoneObj.ResourceType.VOLUME)) {
            str2 = getVolumeOwner(str);
        }
        return str2;
    }

    private String getVolumeOwner(String str) throws OMException {
        Boolean valueOf = Boolean.valueOf(this.metadataManager.getLock().acquireReadLock(OzoneManagerLock.Resource.VOLUME_LOCK, new String[]{str}));
        try {
            try {
                OmVolumeArgs omVolumeArgs = (OmVolumeArgs) this.metadataManager.getVolumeTable().get(this.metadataManager.getVolumeKey(str));
                if (valueOf.booleanValue()) {
                    this.metadataManager.getLock().releaseReadLock(OzoneManagerLock.Resource.VOLUME_LOCK, new String[]{str});
                }
                if (omVolumeArgs != null) {
                    return omVolumeArgs.getOwnerName();
                }
                throw new OMException("Volume " + str + " is not found", OMException.ResultCodes.VOLUME_NOT_FOUND);
            } catch (IOException e) {
                if (e instanceof OMException) {
                    throw e;
                }
                throw new OMException("getVolumeOwner for Volume " + str + " failed", OMException.ResultCodes.INTERNAL_ERROR);
            }
        } catch (Throwable th) {
            if (valueOf.booleanValue()) {
                this.metadataManager.getLock().releaseReadLock(OzoneManagerLock.Resource.VOLUME_LOCK, new String[]{str});
            }
            throw th;
        }
    }

    public boolean checkAcls(OzoneObj.ResourceType resourceType, OzoneObj.StoreType storeType, IAccessAuthorizer.ACLType aCLType, String str, String str2, String str3, UserGroupInformation userGroupInformation, InetAddress inetAddress, String str4, boolean z, String str5) throws OMException {
        OzoneObjInfo build = OzoneObjInfo.Builder.newBuilder().setResType(resourceType).setStoreType(storeType).setVolumeName(str).setBucketName(str2).setKeyName(str3).build();
        RequestContext build2 = RequestContext.newBuilder().setClientUgi(userGroupInformation).setIp(inetAddress).setHost(str4).setAclType(IAccessAuthorizer.ACLIdentityType.USER).setAclRights(aCLType).setOwnerName(str5).build();
        if (this.accessAuthorizer.checkAccess(build, build2)) {
            return true;
        }
        if (!z) {
            return false;
        }
        LOG.warn("User {} doesn't have {} permission to access {} /{}/{}/{}", new Object[]{build2.getClientUgi().getUserName(), build2.getAclRights(), build.getResourceType(), build.getVolumeName(), build.getBucketName(), build.getKeyName()});
        throw new OMException("User " + build2.getClientUgi().getUserName() + " doesn't have " + build2.getAclRights() + " permission to access " + build.getResourceType() + " " + build.getVolumeName() + " " + build.getBucketName() + " " + build.getKeyName(), OMException.ResultCodes.PERMISSION_DENIED);
    }

    public boolean getAclsEnabled() {
        return this.isAclEnabled;
    }

    public boolean setOwner(String str, String str2) throws IOException {
        if (this.isAclEnabled) {
            checkAcls(OzoneObj.ResourceType.VOLUME, OzoneObj.StoreType.OZONE, IAccessAuthorizer.ACLType.WRITE_ACL, str, null, null);
        }
        Map<String, String> buildAuditMap = buildAuditMap(str);
        buildAuditMap.put("owner", str2);
        try {
            this.metrics.incNumVolumeUpdates();
            this.volumeManager.setOwner(str, str2);
            AUDIT.logWriteSuccess(buildAuditMessageForSuccess(OMAction.SET_OWNER, buildAuditMap));
            return true;
        } catch (Exception e) {
            this.metrics.incNumVolumeUpdateFails();
            AUDIT.logWriteFailure(buildAuditMessageForFailure(OMAction.SET_OWNER, buildAuditMap, e));
            throw e;
        }
    }

    public void setQuota(String str, long j, long j2) throws IOException {
        throw new UnsupportedOperationException("OzoneManager does not require this to be implemented. As this requests use a new approach");
    }

    public boolean checkVolumeAccess(String str, OzoneManagerProtocolProtos.OzoneAclInfo ozoneAclInfo) throws IOException {
        if (this.isAclEnabled) {
            checkAcls(OzoneObj.ResourceType.VOLUME, OzoneObj.StoreType.OZONE, IAccessAuthorizer.ACLType.READ, str, null, null);
        }
        Map<String, String> buildAuditMap = buildAuditMap(str);
        buildAuditMap.put("userAcl", ozoneAclInfo == null ? null : ozoneAclInfo.getName());
        try {
            try {
                this.metrics.incNumVolumeCheckAccesses();
                boolean checkVolumeAccess = this.volumeManager.checkVolumeAccess(str, ozoneAclInfo);
                if (1 != 0) {
                    AUDIT.logReadSuccess(buildAuditMessageForSuccess(OMAction.CHECK_VOLUME_ACCESS, buildAuditMap));
                }
                return checkVolumeAccess;
            } catch (Exception e) {
                this.metrics.incNumVolumeCheckAccessFails();
                AUDIT.logReadFailure(buildAuditMessageForFailure(OMAction.CHECK_VOLUME_ACCESS, buildAuditMap, e));
                throw e;
            }
        } catch (Throwable th) {
            if (1 != 0) {
                AUDIT.logReadSuccess(buildAuditMessageForSuccess(OMAction.CHECK_VOLUME_ACCESS, buildAuditMap));
            }
            throw th;
        }
    }

    public OmVolumeArgs getVolumeInfo(String str) throws IOException {
        if (this.isAclEnabled) {
            checkAcls(OzoneObj.ResourceType.VOLUME, OzoneObj.StoreType.OZONE, IAccessAuthorizer.ACLType.READ, str, null, null);
        }
        Map<String, String> buildAuditMap = buildAuditMap(str);
        try {
            try {
                this.metrics.incNumVolumeInfos();
                OmVolumeArgs volumeInfo = this.volumeManager.getVolumeInfo(str);
                if (1 != 0) {
                    AUDIT.logReadSuccess(buildAuditMessageForSuccess(OMAction.READ_VOLUME, buildAuditMap));
                }
                return volumeInfo;
            } catch (Exception e) {
                this.metrics.incNumVolumeInfoFails();
                AUDIT.logReadFailure(buildAuditMessageForFailure(OMAction.READ_VOLUME, buildAuditMap, e));
                throw e;
            }
        } catch (Throwable th) {
            if (1 != 0) {
                AUDIT.logReadSuccess(buildAuditMessageForSuccess(OMAction.READ_VOLUME, buildAuditMap));
            }
            throw th;
        }
    }

    public void deleteVolume(String str) throws IOException {
        try {
            if (this.isAclEnabled) {
                checkAcls(OzoneObj.ResourceType.VOLUME, OzoneObj.StoreType.OZONE, IAccessAuthorizer.ACLType.DELETE, str, null, null);
            }
            this.metrics.incNumVolumeDeletes();
            this.volumeManager.deleteVolume(str);
            AUDIT.logWriteSuccess(buildAuditMessageForSuccess(OMAction.DELETE_VOLUME, buildAuditMap(str)));
            this.metrics.decNumVolumes();
        } catch (Exception e) {
            this.metrics.incNumVolumeDeleteFails();
            AUDIT.logWriteFailure(buildAuditMessageForFailure(OMAction.DELETE_VOLUME, buildAuditMap(str), e));
            throw e;
        }
    }

    public List<OmVolumeArgs> listVolumeByUser(String str, String str2, String str3, int i) throws IOException {
        UserGroupInformation remoteUser = ProtobufRpcEngine.Server.getRemoteUser();
        if (this.isAclEnabled && remoteUser == null) {
            LOG.error("Rpc user UGI is null. Authorization failed.");
            throw new OMException("Rpc user UGI is null. Authorization failed.", OMException.ResultCodes.PERMISSION_DENIED);
        }
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("prevKey", str3);
        linkedHashMap.put("prefix", str2);
        linkedHashMap.put("maxKeys", String.valueOf(i));
        linkedHashMap.put("username", str);
        try {
            try {
                this.metrics.incNumVolumeLists();
                if (!this.isAclEnabled) {
                    List<OmVolumeArgs> listVolumes = this.volumeManager.listVolumes(str, str2, str3, i);
                    if (1 != 0) {
                        AUDIT.logReadSuccess(buildAuditMessageForSuccess(OMAction.LIST_VOLUMES, linkedHashMap));
                    }
                    return listVolumes;
                }
                List<OmVolumeArgs> listVolumes2 = this.volumeManager.listVolumes(null, str2, str3, i);
                ArrayList arrayList = new ArrayList();
                for (OmVolumeArgs omVolumeArgs : listVolumes2) {
                    if (hasAcls(str, OzoneObj.ResourceType.VOLUME, OzoneObj.StoreType.OZONE, IAccessAuthorizer.ACLType.LIST, omVolumeArgs.getVolume(), null, null)) {
                        arrayList.add(omVolumeArgs);
                    }
                }
                return arrayList;
            } catch (Exception e) {
                this.metrics.incNumVolumeListFails();
                AUDIT.logReadFailure(buildAuditMessageForFailure(OMAction.LIST_VOLUMES, linkedHashMap, e));
                throw e;
            }
        } finally {
            if (1 != 0) {
                AUDIT.logReadSuccess(buildAuditMessageForSuccess(OMAction.LIST_VOLUMES, linkedHashMap));
            }
        }
    }

    public List<OmVolumeArgs> listAllVolumes(String str, String str2, int i) throws IOException {
        boolean z = true;
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("prevKey", str2);
        linkedHashMap.put("prefix", str);
        linkedHashMap.put("maxKeys", String.valueOf(i));
        linkedHashMap.put("username", null);
        try {
            try {
                this.metrics.incNumVolumeLists();
                if (!this.allowListAllVolumes && this.isAclEnabled) {
                    checkAcls(OzoneObj.ResourceType.VOLUME, OzoneObj.StoreType.OZONE, IAccessAuthorizer.ACLType.LIST, "/", null, null);
                }
                List<OmVolumeArgs> listVolumes = this.volumeManager.listVolumes(null, str, str2, i);
                if (1 != 0) {
                    AUDIT.logReadSuccess(buildAuditMessageForSuccess(OMAction.LIST_VOLUMES, linkedHashMap));
                }
                return listVolumes;
            } catch (Exception e) {
                this.metrics.incNumVolumeListFails();
                z = false;
                AUDIT.logReadFailure(buildAuditMessageForFailure(OMAction.LIST_VOLUMES, linkedHashMap, e));
                throw e;
            }
        } catch (Throwable th) {
            if (z) {
                AUDIT.logReadSuccess(buildAuditMessageForSuccess(OMAction.LIST_VOLUMES, linkedHashMap));
            }
            throw th;
        }
    }

    public void createBucket(OmBucketInfo omBucketInfo) throws IOException {
        try {
            if (this.isAclEnabled) {
                checkAcls(OzoneObj.ResourceType.VOLUME, OzoneObj.StoreType.OZONE, IAccessAuthorizer.ACLType.CREATE, omBucketInfo.getVolumeName(), omBucketInfo.getBucketName(), null);
            }
            this.metrics.incNumBucketCreates();
            this.bucketManager.createBucket(omBucketInfo);
            AUDIT.logWriteSuccess(buildAuditMessageForSuccess(OMAction.CREATE_BUCKET, omBucketInfo == null ? null : omBucketInfo.toAuditMap()));
            this.metrics.incNumBuckets();
        } catch (Exception e) {
            this.metrics.incNumBucketCreateFails();
            AUDIT.logWriteFailure(buildAuditMessageForFailure(OMAction.CREATE_BUCKET, omBucketInfo == null ? null : omBucketInfo.toAuditMap(), e));
            throw e;
        }
    }

    public List<OmBucketInfo> listBuckets(String str, String str2, String str3, int i) throws IOException {
        if (this.isAclEnabled) {
            checkAcls(OzoneObj.ResourceType.VOLUME, OzoneObj.StoreType.OZONE, IAccessAuthorizer.ACLType.LIST, str, null, null);
        }
        boolean z = true;
        Map<String, String> buildAuditMap = buildAuditMap(str);
        buildAuditMap.put("startKey", str2);
        buildAuditMap.put("prefix", str3);
        buildAuditMap.put("maxNumOfBuckets", String.valueOf(i));
        try {
            try {
                this.metrics.incNumBucketLists();
                List<OmBucketInfo> listBuckets = this.bucketManager.listBuckets(str, str2, str3, i);
                if (1 != 0) {
                    AUDIT.logReadSuccess(buildAuditMessageForSuccess(OMAction.LIST_BUCKETS, buildAuditMap));
                }
                return listBuckets;
            } catch (IOException e) {
                this.metrics.incNumBucketListFails();
                z = false;
                AUDIT.logReadFailure(buildAuditMessageForFailure(OMAction.LIST_BUCKETS, buildAuditMap, e));
                throw e;
            }
        } catch (Throwable th) {
            if (z) {
                AUDIT.logReadSuccess(buildAuditMessageForSuccess(OMAction.LIST_BUCKETS, buildAuditMap));
            }
            throw th;
        }
    }

    public OmBucketInfo getBucketInfo(String str, String str2) throws IOException {
        if (this.isAclEnabled) {
            checkAcls(OzoneObj.ResourceType.BUCKET, OzoneObj.StoreType.OZONE, IAccessAuthorizer.ACLType.READ, str, str2, null);
        }
        Map<String, String> buildAuditMap = buildAuditMap(str);
        buildAuditMap.put("bucket", str2);
        try {
            try {
                this.metrics.incNumBucketInfos();
                OmBucketInfo bucketInfo = this.bucketManager.getBucketInfo(str, str2);
                if (1 != 0) {
                    AUDIT.logReadSuccess(buildAuditMessageForSuccess(OMAction.READ_BUCKET, buildAuditMap));
                }
                return bucketInfo;
            } catch (Exception e) {
                this.metrics.incNumBucketInfoFails();
                AUDIT.logReadFailure(buildAuditMessageForFailure(OMAction.READ_BUCKET, buildAuditMap, e));
                throw e;
            }
        } catch (Throwable th) {
            if (1 != 0) {
                AUDIT.logReadSuccess(buildAuditMessageForSuccess(OMAction.READ_BUCKET, buildAuditMap));
            }
            throw th;
        }
    }

    public OpenKeySession openKey(OmKeyArgs omKeyArgs) throws IOException {
        ResolvedBucket resolveBucketLink = resolveBucketLink(omKeyArgs);
        if (this.isAclEnabled) {
            try {
                checkAcls(OzoneObj.ResourceType.KEY, OzoneObj.StoreType.OZONE, IAccessAuthorizer.ACLType.WRITE, resolveBucketLink.realVolume(), resolveBucketLink.realBucket(), omKeyArgs.getKeyName());
            } catch (OMException e) {
                if (!e.getResult().equals(OMException.ResultCodes.KEY_NOT_FOUND)) {
                    throw e;
                }
                checkAcls(OzoneObj.ResourceType.BUCKET, OzoneObj.StoreType.OZONE, IAccessAuthorizer.ACLType.WRITE, resolveBucketLink.realVolume(), resolveBucketLink.realBucket(), omKeyArgs.getKeyName());
            }
        }
        boolean z = true;
        Map<String, String> audit = resolveBucketLink.audit(omKeyArgs.toAuditMap());
        OmKeyArgs update = resolveBucketLink.update(omKeyArgs);
        try {
            try {
                this.metrics.incNumKeyAllocates();
                OpenKeySession openKey = this.keyManager.openKey(update);
                if (1 != 0) {
                    AUDIT.logWriteSuccess(buildAuditMessageForSuccess(OMAction.ALLOCATE_KEY, audit));
                }
                return openKey;
            } catch (Exception e2) {
                this.metrics.incNumKeyAllocateFails();
                z = false;
                AUDIT.logWriteFailure(buildAuditMessageForFailure(OMAction.ALLOCATE_KEY, audit, e2));
                throw e2;
            }
        } catch (Throwable th) {
            if (z) {
                AUDIT.logWriteSuccess(buildAuditMessageForSuccess(OMAction.ALLOCATE_KEY, audit));
            }
            throw th;
        }
    }

    public void commitKey(OmKeyArgs omKeyArgs, long j) throws IOException {
        ResolvedBucket resolveBucketLink = resolveBucketLink(omKeyArgs);
        if (this.isAclEnabled) {
            try {
                checkAcls(OzoneObj.ResourceType.KEY, OzoneObj.StoreType.OZONE, IAccessAuthorizer.ACLType.WRITE, resolveBucketLink.realVolume(), resolveBucketLink.realBucket(), omKeyArgs.getKeyName());
            } catch (OMException e) {
                if (!e.getResult().equals(OMException.ResultCodes.KEY_NOT_FOUND)) {
                    throw e;
                }
                checkAcls(OzoneObj.ResourceType.BUCKET, OzoneObj.StoreType.OZONE, IAccessAuthorizer.ACLType.WRITE, resolveBucketLink.realVolume(), resolveBucketLink.realBucket(), omKeyArgs.getKeyName());
            }
        }
        Map<String, String> audit = resolveBucketLink.audit(omKeyArgs.toAuditMap());
        audit.put("clientID", String.valueOf(j));
        OmKeyArgs update = resolveBucketLink.update(omKeyArgs);
        try {
            this.metrics.incNumKeyCommits();
            this.keyManager.commitKey(update, j);
            AUDIT.logWriteSuccess(buildAuditMessageForSuccess(OMAction.COMMIT_KEY, audit));
            if (update.getLocationInfoList() != null && update.getLocationInfoList().size() > 0 && update.getLocationInfoList().get(0) != null && ((OmKeyLocationInfo) update.getLocationInfoList().get(0)).getCreateVersion() == 0) {
                this.metrics.incNumKeys();
            }
        } catch (Exception e2) {
            this.metrics.incNumKeyCommitFails();
            AUDIT.logWriteFailure(buildAuditMessageForFailure(OMAction.COMMIT_KEY, audit, e2));
            throw e2;
        }
    }

    public OmKeyLocationInfo allocateBlock(OmKeyArgs omKeyArgs, long j, ExcludeList excludeList) throws IOException {
        ResolvedBucket resolveBucketLink = resolveBucketLink(omKeyArgs);
        if (this.isAclEnabled) {
            try {
                checkAcls(OzoneObj.ResourceType.KEY, OzoneObj.StoreType.OZONE, IAccessAuthorizer.ACLType.WRITE, resolveBucketLink.realVolume(), resolveBucketLink.realBucket(), omKeyArgs.getKeyName());
            } catch (OMException e) {
                if (!e.getResult().equals(OMException.ResultCodes.KEY_NOT_FOUND)) {
                    throw e;
                }
                checkAcls(OzoneObj.ResourceType.BUCKET, OzoneObj.StoreType.OZONE, IAccessAuthorizer.ACLType.WRITE, resolveBucketLink.realVolume(), resolveBucketLink.realBucket(), omKeyArgs.getKeyName());
            }
        }
        boolean z = true;
        Map<String, String> audit = resolveBucketLink.audit(omKeyArgs.toAuditMap());
        audit.put("clientID", String.valueOf(j));
        OmKeyArgs update = resolveBucketLink.update(omKeyArgs);
        try {
            try {
                this.metrics.incNumBlockAllocateCalls();
                OmKeyLocationInfo allocateBlock = this.keyManager.allocateBlock(update, j, excludeList);
                if (1 != 0) {
                    AUDIT.logWriteSuccess(buildAuditMessageForSuccess(OMAction.ALLOCATE_BLOCK, audit));
                }
                return allocateBlock;
            } catch (Exception e2) {
                this.metrics.incNumBlockAllocateCallFails();
                z = false;
                AUDIT.logWriteFailure(buildAuditMessageForFailure(OMAction.ALLOCATE_BLOCK, audit, e2));
                throw e2;
            }
        } catch (Throwable th) {
            if (z) {
                AUDIT.logWriteSuccess(buildAuditMessageForSuccess(OMAction.ALLOCATE_BLOCK, audit));
            }
            throw th;
        }
    }

    public OmKeyInfo lookupKey(OmKeyArgs omKeyArgs) throws IOException {
        ResolvedBucket resolveBucketLink = resolveBucketLink(omKeyArgs);
        if (this.isAclEnabled) {
            checkAcls(OzoneObj.ResourceType.KEY, OzoneObj.StoreType.OZONE, IAccessAuthorizer.ACLType.READ, resolveBucketLink.realVolume(), resolveBucketLink.realBucket(), omKeyArgs.getKeyName());
        }
        Map<String, String> audit = resolveBucketLink.audit(omKeyArgs.toAuditMap());
        OmKeyArgs update = resolveBucketLink.update(omKeyArgs);
        try {
            try {
                this.metrics.incNumKeyLookups();
                OmKeyInfo lookupKey = this.keyManager.lookupKey(update, getClientAddress());
                if (1 != 0) {
                    AUDIT.logReadSuccess(buildAuditMessageForSuccess(OMAction.READ_KEY, audit));
                }
                return lookupKey;
            } catch (Exception e) {
                this.metrics.incNumKeyLookupFails();
                AUDIT.logReadFailure(buildAuditMessageForFailure(OMAction.READ_KEY, audit, e));
                throw e;
            }
        } catch (Throwable th) {
            if (1 != 0) {
                AUDIT.logReadSuccess(buildAuditMessageForSuccess(OMAction.READ_KEY, audit));
            }
            throw th;
        }
    }

    public void renameKeys(OmRenameKeys omRenameKeys) throws IOException {
        throw new UnsupportedOperationException("OzoneManager does not require this to be implemented. As write requests use a new approach");
    }

    public void renameKey(OmKeyArgs omKeyArgs, String str) throws IOException {
        Preconditions.checkNotNull(omKeyArgs);
        ResolvedBucket resolveBucketLink = resolveBucketLink(omKeyArgs);
        if (this.isAclEnabled) {
            checkAcls(OzoneObj.ResourceType.KEY, OzoneObj.StoreType.OZONE, IAccessAuthorizer.ACLType.WRITE, resolveBucketLink.realVolume(), resolveBucketLink.realBucket(), omKeyArgs.getKeyName());
        }
        Map<String, String> audit = resolveBucketLink.audit(omKeyArgs.toAuditMap());
        audit.put("toKeyName", str);
        OmKeyArgs update = resolveBucketLink.update(omKeyArgs);
        try {
            this.metrics.incNumKeyRenames();
            this.keyManager.renameKey(update, str);
            AUDIT.logWriteSuccess(buildAuditMessageForSuccess(OMAction.RENAME_KEY, audit));
        } catch (IOException e) {
            this.metrics.incNumKeyRenameFails();
            AUDIT.logWriteFailure(buildAuditMessageForFailure(OMAction.RENAME_KEY, audit, e));
            throw e;
        }
    }

    public void deleteKey(OmKeyArgs omKeyArgs) throws IOException {
        Map<String, String> auditMap = omKeyArgs.toAuditMap();
        try {
            ResolvedBucket resolveBucketLink = resolveBucketLink(omKeyArgs);
            OmKeyArgs update = resolveBucketLink.update(omKeyArgs);
            if (this.isAclEnabled) {
                checkAcls(OzoneObj.ResourceType.KEY, OzoneObj.StoreType.OZONE, IAccessAuthorizer.ACLType.DELETE, resolveBucketLink.realVolume(), resolveBucketLink.realBucket(), update.getKeyName());
            }
            this.metrics.incNumKeyDeletes();
            this.keyManager.deleteKey(update);
            AUDIT.logWriteSuccess(buildAuditMessageForSuccess(OMAction.DELETE_KEY, auditMap));
            this.metrics.decNumKeys();
        } catch (Exception e) {
            this.metrics.incNumKeyDeleteFails();
            AUDIT.logWriteFailure(buildAuditMessageForFailure(OMAction.DELETE_KEY, auditMap, e));
            throw e;
        }
    }

    public void deleteKeys(OmDeleteKeys omDeleteKeys) throws IOException {
        throw new UnsupportedOperationException("OzoneManager does not require this to be implemented. As write requests use a new approach");
    }

    public List<OmKeyInfo> listKeys(String str, String str2, String str3, String str4, int i) throws IOException {
        ResolvedBucket resolveBucketLink = resolveBucketLink(Pair.of(str, str2));
        if (this.isAclEnabled) {
            checkAcls(OzoneObj.ResourceType.BUCKET, OzoneObj.StoreType.OZONE, IAccessAuthorizer.ACLType.LIST, resolveBucketLink.realVolume(), resolveBucketLink.realBucket(), str4);
        }
        boolean z = true;
        Map<String, String> audit = resolveBucketLink.audit();
        audit.put("startKey", str3);
        audit.put("maxKeys", String.valueOf(i));
        audit.put("keyPrefix", str4);
        try {
            try {
                this.metrics.incNumKeyLists();
                List<OmKeyInfo> listKeys = this.keyManager.listKeys(resolveBucketLink.realVolume(), resolveBucketLink.realBucket(), str3, str4, i);
                if (1 != 0) {
                    AUDIT.logReadSuccess(buildAuditMessageForSuccess(OMAction.LIST_KEYS, audit));
                }
                return listKeys;
            } catch (IOException e) {
                this.metrics.incNumKeyListFails();
                z = false;
                AUDIT.logReadFailure(buildAuditMessageForFailure(OMAction.LIST_KEYS, audit, e));
                throw e;
            }
        } catch (Throwable th) {
            if (z) {
                AUDIT.logReadSuccess(buildAuditMessageForSuccess(OMAction.LIST_KEYS, audit));
            }
            throw th;
        }
    }

    public List<RepeatedOmKeyInfo> listTrash(String str, String str2, String str3, String str4, int i) throws IOException {
        if (this.isAclEnabled) {
            checkAcls(OzoneObj.ResourceType.BUCKET, OzoneObj.StoreType.OZONE, IAccessAuthorizer.ACLType.LIST, str, str2, str4);
        }
        boolean z = true;
        Map<String, String> buildAuditMap = buildAuditMap(str);
        buildAuditMap.put("bucket", str2);
        buildAuditMap.put("startKey", str3);
        buildAuditMap.put("keyPrefix", str4);
        buildAuditMap.put("maxKeys", String.valueOf(i));
        try {
            try {
                this.metrics.incNumTrashKeyLists();
                List<RepeatedOmKeyInfo> listTrash = this.keyManager.listTrash(str, str2, str3, str4, i);
                if (1 != 0) {
                    AUDIT.logReadSuccess(buildAuditMessageForSuccess(OMAction.LIST_TRASH, buildAuditMap));
                }
                return listTrash;
            } catch (IOException e) {
                this.metrics.incNumTrashKeyListFails();
                z = false;
                AUDIT.logReadFailure(buildAuditMessageForFailure(OMAction.LIST_TRASH, buildAuditMap, e));
                throw e;
            }
        } catch (Throwable th) {
            if (z) {
                AUDIT.logReadSuccess(buildAuditMessageForSuccess(OMAction.LIST_TRASH, buildAuditMap));
            }
            throw th;
        }
    }

    public void setBucketProperty(OmBucketArgs omBucketArgs) throws IOException {
        if (this.isAclEnabled) {
            checkAcls(OzoneObj.ResourceType.BUCKET, OzoneObj.StoreType.OZONE, IAccessAuthorizer.ACLType.WRITE, omBucketArgs.getVolumeName(), omBucketArgs.getBucketName(), null);
        }
        try {
            this.metrics.incNumBucketUpdates();
            this.bucketManager.setBucketProperty(omBucketArgs);
            AUDIT.logWriteSuccess(buildAuditMessageForSuccess(OMAction.UPDATE_BUCKET, omBucketArgs == null ? null : omBucketArgs.toAuditMap()));
        } catch (Exception e) {
            this.metrics.incNumBucketUpdateFails();
            AUDIT.logWriteFailure(buildAuditMessageForFailure(OMAction.UPDATE_BUCKET, omBucketArgs == null ? null : omBucketArgs.toAuditMap(), e));
            throw e;
        }
    }

    public void deleteBucket(String str, String str2) throws IOException {
        if (this.isAclEnabled) {
            checkAcls(OzoneObj.ResourceType.BUCKET, OzoneObj.StoreType.OZONE, IAccessAuthorizer.ACLType.WRITE, str, str2, null);
        }
        Map<String, String> buildAuditMap = buildAuditMap(str);
        buildAuditMap.put("bucket", str2);
        try {
            this.metrics.incNumBucketDeletes();
            this.bucketManager.deleteBucket(str, str2);
            AUDIT.logWriteSuccess(buildAuditMessageForSuccess(OMAction.DELETE_BUCKET, buildAuditMap));
            this.metrics.decNumBuckets();
        } catch (Exception e) {
            this.metrics.incNumBucketDeleteFails();
            AUDIT.logWriteFailure(buildAuditMessageForFailure(OMAction.DELETE_BUCKET, buildAuditMap, e));
            throw e;
        }
    }

    private Map<String, String> buildAuditMap(String str) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("volume", str);
        return linkedHashMap;
    }

    public AuditLogger getAuditLogger() {
        return AUDIT;
    }

    public AuditMessage buildAuditMessageForSuccess(AuditAction auditAction, Map<String, String> map) {
        return new AuditMessage.Builder().setUser(ServerUtils.getRemoteUserName()).atIp(Server.getRemoteAddress()).forOperation(auditAction).withParams(map).withResult(AuditEventStatus.SUCCESS).build();
    }

    public AuditMessage buildAuditMessageForFailure(AuditAction auditAction, Map<String, String> map, Throwable th) {
        return new AuditMessage.Builder().setUser(ServerUtils.getRemoteUserName()).atIp(Server.getRemoteAddress()).forOperation(auditAction).withParams(map).withResult(AuditEventStatus.FAILURE).withException(th).build();
    }

    private void registerMXBean() {
        HashMap hashMap = new HashMap();
        hashMap.put("component", "ServerRuntime");
        this.omInfoBeanName = HddsUtils.registerWithJmxProperties("OzoneManager", "OzoneManagerInfo", hashMap, this);
    }

    private void unregisterMXBean() {
        if (this.omInfoBeanName != null) {
            MBeans.unregister(this.omInfoBeanName);
            this.omInfoBeanName = null;
        }
    }

    private static String getClientAddress() {
        String remoteAddress = Server.getRemoteAddress();
        if (remoteAddress == null) {
            remoteAddress = "";
        }
        return remoteAddress;
    }

    @Override // org.apache.hadoop.ozone.om.OMMXBean
    public String getRpcPort() {
        return "" + this.omRpcAddress.getPort();
    }

    @VisibleForTesting
    public OzoneManagerHttpServer getHttpServer() {
        return this.httpServer;
    }

    public List<ServiceInfo> getServiceList() throws IOException {
        ArrayList arrayList = new ArrayList();
        ServiceInfo.Builder addServicePort = ServiceInfo.newBuilder().setNodeType(HddsProtos.NodeType.OM).setHostname(this.omRpcAddress.getHostName()).addServicePort(OzoneManagerProtocolProtos.ServicePort.newBuilder().setType(OzoneManagerProtocolProtos.ServicePort.Type.RPC).setValue(this.omRpcAddress.getPort()).build());
        if (this.httpServer != null && this.httpServer.getHttpAddress() != null) {
            addServicePort.addServicePort(OzoneManagerProtocolProtos.ServicePort.newBuilder().setType(OzoneManagerProtocolProtos.ServicePort.Type.HTTP).setValue(this.httpServer.getHttpAddress().getPort()).build());
        }
        if (this.httpServer != null && this.httpServer.getHttpsAddress() != null) {
            addServicePort.addServicePort(OzoneManagerProtocolProtos.ServicePort.newBuilder().setType(OzoneManagerProtocolProtos.ServicePort.Type.HTTPS).setValue(this.httpServer.getHttpsAddress().getPort()).build());
        }
        addServicePort.setOmRoleInfo(OzoneManagerProtocolProtos.OMRoleInfo.newBuilder().setNodeId(getOMNodeId()).setServerRole(RaftProtos.RaftPeerRole.LEADER.name()).build());
        if (this.isRatisEnabled) {
            if (this.omRatisServer != null) {
                addServicePort.addServicePort(OzoneManagerProtocolProtos.ServicePort.newBuilder().setType(OzoneManagerProtocolProtos.ServicePort.Type.RATIS).setValue(this.omNodeDetails.getRatisPort()).build());
            }
            for (OMNodeDetails oMNodeDetails : this.peerNodes) {
                ServiceInfo.Builder addServicePort2 = ServiceInfo.newBuilder().setNodeType(HddsProtos.NodeType.OM).setHostname(oMNodeDetails.getHostName()).addServicePort(OzoneManagerProtocolProtos.ServicePort.newBuilder().setType(OzoneManagerProtocolProtos.ServicePort.Type.RPC).setValue(oMNodeDetails.getRpcPort()).build());
                addServicePort2.setOmRoleInfo(OzoneManagerProtocolProtos.OMRoleInfo.newBuilder().setNodeId(oMNodeDetails.getOMNodeId()).setServerRole(RaftProtos.RaftPeerRole.FOLLOWER.name()).build());
                arrayList.add(addServicePort2.build());
            }
        }
        arrayList.add(addServicePort.build());
        InetSocketAddress scmAddressForClients = HddsUtils.getScmAddressForClients(this.configuration);
        arrayList.add(ServiceInfo.newBuilder().setNodeType(HddsProtos.NodeType.SCM).setHostname(scmAddressForClients.getHostName()).addServicePort(OzoneManagerProtocolProtos.ServicePort.newBuilder().setType(OzoneManagerProtocolProtos.ServicePort.Type.RPC).setValue(scmAddressForClients.getPort()).build()).build());
        this.metrics.incNumGetServiceLists();
        return arrayList;
    }

    public ServiceInfoEx getServiceInfo() throws IOException {
        return new ServiceInfoEx(getServiceList(), this.caCertPem);
    }

    public S3SecretValue getS3Secret(String str) throws IOException {
        UserGroupInformation remoteUser = ProtobufRpcEngine.Server.getRemoteUser();
        if (remoteUser.getUserName().equals(str)) {
            return this.s3SecretManager.getS3Secret(str);
        }
        throw new OMException("User mismatch. Requested user name is mismatched " + str + ", with current user " + remoteUser.getUserName(), OMException.ResultCodes.USER_MISMATCH);
    }

    public OmMultipartInfo initiateMultipartUpload(OmKeyArgs omKeyArgs) throws IOException {
        Preconditions.checkNotNull(omKeyArgs);
        ResolvedBucket resolveBucketLink = resolveBucketLink(omKeyArgs);
        Map<String, String> audit = resolveBucketLink.audit(omKeyArgs.toAuditMap());
        OmKeyArgs update = resolveBucketLink.update(omKeyArgs);
        this.metrics.incNumInitiateMultipartUploads();
        try {
            OmMultipartInfo initiateMultipartUpload = this.keyManager.initiateMultipartUpload(update);
            AUDIT.logWriteSuccess(buildAuditMessageForSuccess(OMAction.INITIATE_MULTIPART_UPLOAD, audit));
            return initiateMultipartUpload;
        } catch (IOException e) {
            AUDIT.logWriteFailure(buildAuditMessageForFailure(OMAction.INITIATE_MULTIPART_UPLOAD, audit, e));
            this.metrics.incNumInitiateMultipartUploadFails();
            throw e;
        }
    }

    public OmMultipartCommitUploadPartInfo commitMultipartUploadPart(OmKeyArgs omKeyArgs, long j) throws IOException {
        Preconditions.checkNotNull(omKeyArgs);
        ResolvedBucket resolveBucketLink = resolveBucketLink(omKeyArgs);
        Map<String, String> audit = resolveBucketLink.audit(omKeyArgs.toAuditMap());
        OmKeyArgs update = resolveBucketLink.update(omKeyArgs);
        this.metrics.incNumCommitMultipartUploadParts();
        try {
            OmMultipartCommitUploadPartInfo commitMultipartUploadPart = this.keyManager.commitMultipartUploadPart(update, j);
            AUDIT.logWriteSuccess(buildAuditMessageForSuccess(OMAction.COMMIT_MULTIPART_UPLOAD_PARTKEY, audit));
            return commitMultipartUploadPart;
        } catch (IOException e) {
            AUDIT.logWriteFailure(buildAuditMessageForFailure(OMAction.INITIATE_MULTIPART_UPLOAD, audit, e));
            this.metrics.incNumCommitMultipartUploadPartFails();
            throw e;
        }
    }

    public OmMultipartUploadCompleteInfo completeMultipartUpload(OmKeyArgs omKeyArgs, OmMultipartUploadCompleteList omMultipartUploadCompleteList) throws IOException {
        Preconditions.checkNotNull(omKeyArgs);
        ResolvedBucket resolveBucketLink = resolveBucketLink(omKeyArgs);
        Map<String, String> audit = resolveBucketLink.audit(omKeyArgs.toAuditMap());
        audit.put("multipartList", omMultipartUploadCompleteList.getMultipartMap().toString());
        OmKeyArgs update = resolveBucketLink.update(omKeyArgs);
        this.metrics.incNumCompleteMultipartUploads();
        try {
            OmMultipartUploadCompleteInfo completeMultipartUpload = this.keyManager.completeMultipartUpload(update, omMultipartUploadCompleteList);
            AUDIT.logWriteSuccess(buildAuditMessageForSuccess(OMAction.COMPLETE_MULTIPART_UPLOAD, audit));
            return completeMultipartUpload;
        } catch (IOException e) {
            this.metrics.incNumCompleteMultipartUploadFails();
            AUDIT.logWriteFailure(buildAuditMessageForFailure(OMAction.COMPLETE_MULTIPART_UPLOAD, audit, e));
            throw e;
        }
    }

    public void abortMultipartUpload(OmKeyArgs omKeyArgs) throws IOException {
        Preconditions.checkNotNull(omKeyArgs);
        ResolvedBucket resolveBucketLink = resolveBucketLink(omKeyArgs);
        Map<String, String> audit = resolveBucketLink.audit(omKeyArgs.toAuditMap());
        OmKeyArgs update = resolveBucketLink.update(omKeyArgs);
        this.metrics.incNumAbortMultipartUploads();
        try {
            this.keyManager.abortMultipartUpload(update);
            AUDIT.logWriteSuccess(buildAuditMessageForSuccess(OMAction.COMPLETE_MULTIPART_UPLOAD, audit));
        } catch (IOException e) {
            this.metrics.incNumAbortMultipartUploadFails();
            AUDIT.logWriteFailure(buildAuditMessageForFailure(OMAction.COMPLETE_MULTIPART_UPLOAD, audit, e));
            throw e;
        }
    }

    public OmMultipartUploadListParts listParts(String str, String str2, String str3, String str4, int i, int i2) throws IOException {
        ResolvedBucket resolveBucketLink = resolveBucketLink(Pair.of(str, str2));
        Map<String, String> audit = resolveBucketLink.audit();
        audit.put("key", str3);
        audit.put("uploadID", str4);
        audit.put("partNumberMarker", Integer.toString(i));
        audit.put("maxParts", Integer.toString(i2));
        this.metrics.incNumListMultipartUploadParts();
        try {
            OmMultipartUploadListParts listParts = this.keyManager.listParts(resolveBucketLink.realVolume(), resolveBucketLink.realBucket(), str3, str4, i, i2);
            AUDIT.logWriteSuccess(buildAuditMessageForSuccess(OMAction.LIST_MULTIPART_UPLOAD_PARTS, audit));
            return listParts;
        } catch (IOException e) {
            this.metrics.incNumListMultipartUploadPartFails();
            AUDIT.logWriteFailure(buildAuditMessageForFailure(OMAction.LIST_MULTIPART_UPLOAD_PARTS, audit, e));
            throw e;
        }
    }

    public OmMultipartUploadList listMultipartUploads(String str, String str2, String str3) throws IOException {
        ResolvedBucket resolveBucketLink = resolveBucketLink(Pair.of(str, str2));
        Map<String, String> audit = resolveBucketLink.audit();
        audit.put("prefix", str3);
        this.metrics.incNumListMultipartUploads();
        try {
            OmMultipartUploadList listMultipartUploads = this.keyManager.listMultipartUploads(resolveBucketLink.realVolume(), resolveBucketLink.realBucket(), str3);
            AUDIT.logWriteSuccess(buildAuditMessageForSuccess(OMAction.LIST_MULTIPART_UPLOADS, audit));
            return listMultipartUploads;
        } catch (IOException e) {
            this.metrics.incNumListMultipartUploadFails();
            AUDIT.logWriteFailure(buildAuditMessageForFailure(OMAction.LIST_MULTIPART_UPLOADS, audit, e));
            throw e;
        }
    }

    public OzoneFileStatus getFileStatus(OmKeyArgs omKeyArgs) throws IOException {
        ResolvedBucket resolveBucketLink = resolveBucketLink(omKeyArgs);
        Map<String, String> audit = resolveBucketLink.audit(omKeyArgs.toAuditMap());
        OmKeyArgs update = resolveBucketLink.update(omKeyArgs);
        try {
            try {
                this.metrics.incNumGetFileStatus();
                OzoneFileStatus fileStatus = this.keyManager.getFileStatus(update, getClientAddress());
                if (1 != 0) {
                    AUDIT.logReadSuccess(buildAuditMessageForSuccess(OMAction.GET_FILE_STATUS, audit));
                }
                return fileStatus;
            } catch (IOException e) {
                this.metrics.incNumGetFileStatusFails();
                AUDIT.logReadFailure(buildAuditMessageForFailure(OMAction.GET_FILE_STATUS, audit, e));
                throw e;
            }
        } catch (Throwable th) {
            if (1 != 0) {
                AUDIT.logReadSuccess(buildAuditMessageForSuccess(OMAction.GET_FILE_STATUS, audit));
            }
            throw th;
        }
    }

    private OzoneObj.ResourceType getResourceType(OmKeyArgs omKeyArgs) {
        return (omKeyArgs.getKeyName() == null || omKeyArgs.getKeyName().length() == 0) ? OzoneObj.ResourceType.BUCKET : OzoneObj.ResourceType.KEY;
    }

    public void createDirectory(OmKeyArgs omKeyArgs) throws IOException {
        ResolvedBucket resolveBucketLink = resolveBucketLink(omKeyArgs);
        boolean z = true;
        Map<String, String> audit = resolveBucketLink.audit(omKeyArgs.toAuditMap());
        OmKeyArgs update = resolveBucketLink.update(omKeyArgs);
        try {
            try {
                this.metrics.incNumCreateDirectory();
                this.keyManager.createDirectory(update);
                if (1 != 0) {
                    AUDIT.logWriteSuccess(buildAuditMessageForSuccess(OMAction.CREATE_DIRECTORY, audit));
                }
            } catch (IOException e) {
                this.metrics.incNumCreateDirectoryFails();
                z = false;
                AUDIT.logWriteFailure(buildAuditMessageForFailure(OMAction.CREATE_DIRECTORY, audit, e));
                throw e;
            }
        } catch (Throwable th) {
            if (z) {
                AUDIT.logWriteSuccess(buildAuditMessageForSuccess(OMAction.CREATE_DIRECTORY, audit));
            }
            throw th;
        }
    }

    public OpenKeySession createFile(OmKeyArgs omKeyArgs, boolean z, boolean z2) throws IOException {
        ResolvedBucket resolveBucketLink = resolveBucketLink(omKeyArgs);
        Map<String, String> audit = resolveBucketLink.audit(omKeyArgs.toAuditMap());
        OmKeyArgs update = resolveBucketLink.update(omKeyArgs);
        try {
            try {
                this.metrics.incNumCreateFile();
                OpenKeySession createFile = this.keyManager.createFile(update, z, z2);
                if (1 != 0) {
                    AUDIT.logWriteSuccess(buildAuditMessageForSuccess(OMAction.CREATE_FILE, audit));
                }
                return createFile;
            } catch (Exception e) {
                this.metrics.incNumCreateFileFails();
                AUDIT.logWriteFailure(buildAuditMessageForFailure(OMAction.CREATE_FILE, audit, e));
                throw e;
            }
        } catch (Throwable th) {
            if (1 != 0) {
                AUDIT.logWriteSuccess(buildAuditMessageForSuccess(OMAction.CREATE_FILE, audit));
            }
            throw th;
        }
    }

    public OmKeyInfo lookupFile(OmKeyArgs omKeyArgs) throws IOException {
        ResolvedBucket resolveBucketLink = resolveBucketLink(omKeyArgs);
        if (this.isAclEnabled) {
            checkAcls(OzoneObj.ResourceType.KEY, OzoneObj.StoreType.OZONE, IAccessAuthorizer.ACLType.READ, resolveBucketLink.realVolume(), resolveBucketLink.realBucket(), omKeyArgs.getKeyName());
        }
        Map<String, String> audit = resolveBucketLink.audit(omKeyArgs.toAuditMap());
        OmKeyArgs update = resolveBucketLink.update(omKeyArgs);
        try {
            try {
                this.metrics.incNumLookupFile();
                OmKeyInfo lookupFile = this.keyManager.lookupFile(update, getClientAddress());
                if (1 != 0) {
                    AUDIT.logWriteSuccess(buildAuditMessageForSuccess(OMAction.LOOKUP_FILE, audit));
                }
                return lookupFile;
            } catch (Exception e) {
                this.metrics.incNumLookupFileFails();
                AUDIT.logWriteFailure(buildAuditMessageForFailure(OMAction.LOOKUP_FILE, audit, e));
                throw e;
            }
        } catch (Throwable th) {
            if (1 != 0) {
                AUDIT.logWriteSuccess(buildAuditMessageForSuccess(OMAction.LOOKUP_FILE, audit));
            }
            throw th;
        }
    }

    public List<OzoneFileStatus> listStatus(OmKeyArgs omKeyArgs, boolean z, String str, long j) throws IOException {
        ResolvedBucket resolveBucketLink = resolveBucketLink(omKeyArgs);
        if (this.isAclEnabled) {
            checkAcls(getResourceType(omKeyArgs), OzoneObj.StoreType.OZONE, IAccessAuthorizer.ACLType.READ, resolveBucketLink.realVolume(), resolveBucketLink.realBucket(), omKeyArgs.getKeyName());
        }
        Map<String, String> audit = resolveBucketLink.audit(omKeyArgs.toAuditMap());
        OmKeyArgs update = resolveBucketLink.update(omKeyArgs);
        try {
            try {
                this.metrics.incNumListStatus();
                List<OzoneFileStatus> listStatus = this.keyManager.listStatus(update, z, str, j, getClientAddress());
                if (1 != 0) {
                    AUDIT.logReadSuccess(buildAuditMessageForSuccess(OMAction.LIST_STATUS, audit));
                }
                return listStatus;
            } catch (Exception e) {
                this.metrics.incNumListStatusFails();
                AUDIT.logReadFailure(buildAuditMessageForFailure(OMAction.LIST_STATUS, audit, e));
                throw e;
            }
        } catch (Throwable th) {
            if (1 != 0) {
                AUDIT.logReadSuccess(buildAuditMessageForSuccess(OMAction.LIST_STATUS, audit));
            }
            throw th;
        }
    }

    private void auditAcl(OzoneObj ozoneObj, List<OzoneAcl> list, OMAction oMAction, Exception exc) {
        Map<String, String> auditMap = ozoneObj.toAuditMap();
        if (list != null) {
            auditMap.put("acl", list.toString());
        }
        if (exc == null) {
            AUDIT.logWriteSuccess(buildAuditMessageForSuccess(oMAction, auditMap));
        } else {
            AUDIT.logWriteFailure(buildAuditMessageForFailure(oMAction, auditMap, exc));
        }
    }

    public boolean addAcl(OzoneObj ozoneObj, OzoneAcl ozoneAcl) throws IOException {
        try {
            try {
                if (this.isAclEnabled) {
                    checkAcls(ozoneObj.getResourceType(), ozoneObj.getStoreType(), IAccessAuthorizer.ACLType.WRITE_ACL, ozoneObj.getVolumeName(), ozoneObj.getBucketName(), ozoneObj.getKeyName());
                }
                this.metrics.incNumAddAcl();
                switch (AnonymousClass2.$SwitchMap$org$apache$hadoop$ozone$security$acl$OzoneObj$ResourceType[ozoneObj.getResourceType().ordinal()]) {
                    case 1:
                        boolean addAcl = this.volumeManager.addAcl(ozoneObj, ozoneAcl);
                        if (1 != 0) {
                            auditAcl(ozoneObj, Arrays.asList(ozoneAcl), OMAction.ADD_ACL, null);
                        }
                        return addAcl;
                    case 2:
                        boolean addAcl2 = this.bucketManager.addAcl(ozoneObj, ozoneAcl);
                        if (1 != 0) {
                            auditAcl(ozoneObj, Arrays.asList(ozoneAcl), OMAction.ADD_ACL, null);
                        }
                        return addAcl2;
                    case 3:
                        boolean addAcl3 = this.keyManager.addAcl(ozoneObj, ozoneAcl);
                        if (1 != 0) {
                            auditAcl(ozoneObj, Arrays.asList(ozoneAcl), OMAction.ADD_ACL, null);
                        }
                        return addAcl3;
                    case 4:
                        boolean addAcl4 = this.prefixManager.addAcl(ozoneObj, ozoneAcl);
                        if (1 != 0) {
                            auditAcl(ozoneObj, Arrays.asList(ozoneAcl), OMAction.ADD_ACL, null);
                        }
                        return addAcl4;
                    default:
                        throw new OMException("Unexpected resource type: " + ozoneObj.getResourceType(), OMException.ResultCodes.INVALID_REQUEST);
                }
            } catch (Exception e) {
                auditAcl(ozoneObj, Arrays.asList(ozoneAcl), OMAction.ADD_ACL, e);
                throw e;
            }
        } catch (Throwable th) {
            if (1 != 0) {
                auditAcl(ozoneObj, Arrays.asList(ozoneAcl), OMAction.ADD_ACL, null);
            }
            throw th;
        }
    }

    public boolean removeAcl(OzoneObj ozoneObj, OzoneAcl ozoneAcl) throws IOException {
        try {
            try {
                if (this.isAclEnabled) {
                    checkAcls(ozoneObj.getResourceType(), ozoneObj.getStoreType(), IAccessAuthorizer.ACLType.WRITE_ACL, ozoneObj.getVolumeName(), ozoneObj.getBucketName(), ozoneObj.getKeyName());
                }
                this.metrics.incNumRemoveAcl();
                switch (AnonymousClass2.$SwitchMap$org$apache$hadoop$ozone$security$acl$OzoneObj$ResourceType[ozoneObj.getResourceType().ordinal()]) {
                    case 1:
                        boolean removeAcl = this.volumeManager.removeAcl(ozoneObj, ozoneAcl);
                        if (1 != 0) {
                            auditAcl(ozoneObj, Arrays.asList(ozoneAcl), OMAction.REMOVE_ACL, null);
                        }
                        return removeAcl;
                    case 2:
                        boolean removeAcl2 = this.bucketManager.removeAcl(ozoneObj, ozoneAcl);
                        if (1 != 0) {
                            auditAcl(ozoneObj, Arrays.asList(ozoneAcl), OMAction.REMOVE_ACL, null);
                        }
                        return removeAcl2;
                    case 3:
                        boolean removeAcl3 = this.keyManager.removeAcl(ozoneObj, ozoneAcl);
                        if (1 != 0) {
                            auditAcl(ozoneObj, Arrays.asList(ozoneAcl), OMAction.REMOVE_ACL, null);
                        }
                        return removeAcl3;
                    case 4:
                        boolean removeAcl4 = this.prefixManager.removeAcl(ozoneObj, ozoneAcl);
                        if (1 != 0) {
                            auditAcl(ozoneObj, Arrays.asList(ozoneAcl), OMAction.REMOVE_ACL, null);
                        }
                        return removeAcl4;
                    default:
                        throw new OMException("Unexpected resource type: " + ozoneObj.getResourceType(), OMException.ResultCodes.INVALID_REQUEST);
                }
            } catch (Exception e) {
                auditAcl(ozoneObj, Arrays.asList(ozoneAcl), OMAction.REMOVE_ACL, e);
                throw e;
            }
        } catch (Throwable th) {
            if (1 != 0) {
                auditAcl(ozoneObj, Arrays.asList(ozoneAcl), OMAction.REMOVE_ACL, null);
            }
            throw th;
        }
    }

    public boolean setAcl(OzoneObj ozoneObj, List<OzoneAcl> list) throws IOException {
        try {
            try {
                if (this.isAclEnabled) {
                    checkAcls(ozoneObj.getResourceType(), ozoneObj.getStoreType(), IAccessAuthorizer.ACLType.WRITE_ACL, ozoneObj.getVolumeName(), ozoneObj.getBucketName(), ozoneObj.getKeyName());
                }
                this.metrics.incNumSetAcl();
                switch (AnonymousClass2.$SwitchMap$org$apache$hadoop$ozone$security$acl$OzoneObj$ResourceType[ozoneObj.getResourceType().ordinal()]) {
                    case 1:
                        boolean acl = this.volumeManager.setAcl(ozoneObj, list);
                        if (1 != 0) {
                            auditAcl(ozoneObj, list, OMAction.SET_ACL, null);
                        }
                        return acl;
                    case 2:
                        boolean acl2 = this.bucketManager.setAcl(ozoneObj, list);
                        if (1 != 0) {
                            auditAcl(ozoneObj, list, OMAction.SET_ACL, null);
                        }
                        return acl2;
                    case 3:
                        boolean acl3 = this.keyManager.setAcl(ozoneObj, list);
                        if (1 != 0) {
                            auditAcl(ozoneObj, list, OMAction.SET_ACL, null);
                        }
                        return acl3;
                    case 4:
                        boolean acl4 = this.prefixManager.setAcl(ozoneObj, list);
                        if (1 != 0) {
                            auditAcl(ozoneObj, list, OMAction.SET_ACL, null);
                        }
                        return acl4;
                    default:
                        throw new OMException("Unexpected resource type: " + ozoneObj.getResourceType(), OMException.ResultCodes.INVALID_REQUEST);
                }
            } catch (Exception e) {
                auditAcl(ozoneObj, list, OMAction.SET_ACL, e);
                throw e;
            }
        } catch (Throwable th) {
            if (1 != 0) {
                auditAcl(ozoneObj, list, OMAction.SET_ACL, null);
            }
            throw th;
        }
    }

    public List<OzoneAcl> getAcl(OzoneObj ozoneObj) throws IOException {
        try {
            try {
                if (this.isAclEnabled) {
                    checkAcls(ozoneObj.getResourceType(), ozoneObj.getStoreType(), IAccessAuthorizer.ACLType.READ_ACL, ozoneObj.getVolumeName(), ozoneObj.getBucketName(), ozoneObj.getKeyName());
                }
                this.metrics.incNumGetAcl();
                switch (AnonymousClass2.$SwitchMap$org$apache$hadoop$ozone$security$acl$OzoneObj$ResourceType[ozoneObj.getResourceType().ordinal()]) {
                    case 1:
                        List<OzoneAcl> acl = this.volumeManager.getAcl(ozoneObj);
                        if (1 != 0) {
                            auditAcl(ozoneObj, null, OMAction.GET_ACL, null);
                        }
                        return acl;
                    case 2:
                        List<OzoneAcl> acl2 = this.bucketManager.getAcl(ozoneObj);
                        if (1 != 0) {
                            auditAcl(ozoneObj, null, OMAction.GET_ACL, null);
                        }
                        return acl2;
                    case 3:
                        List<OzoneAcl> acl3 = this.keyManager.getAcl(ozoneObj);
                        if (1 != 0) {
                            auditAcl(ozoneObj, null, OMAction.GET_ACL, null);
                        }
                        return acl3;
                    case 4:
                        List<OzoneAcl> acl4 = this.prefixManager.getAcl(ozoneObj);
                        if (1 != 0) {
                            auditAcl(ozoneObj, null, OMAction.GET_ACL, null);
                        }
                        return acl4;
                    default:
                        throw new OMException("Unexpected resource type: " + ozoneObj.getResourceType(), OMException.ResultCodes.INVALID_REQUEST);
                }
            } catch (Exception e) {
                auditAcl(ozoneObj, null, OMAction.GET_ACL, e);
                throw e;
            }
        } catch (Throwable th) {
            if (1 != 0) {
                auditAcl(ozoneObj, null, OMAction.GET_ACL, null);
            }
            throw th;
        }
    }

    public TermIndex installSnapshotFromLeader(String str) {
        if (this.omSnapshotProvider == null) {
            LOG.error("OM Snapshot Provider is not configured as there are no peer nodes.");
            return null;
        }
        DBCheckpoint dBCheckpointFromLeader = getDBCheckpointFromLeader(str);
        LOG.info("Downloaded checkpoint from Leader {} to the location {}", str, dBCheckpointFromLeader.getCheckpointLocation());
        TermIndex termIndex = null;
        try {
            termIndex = installCheckpoint(str, dBCheckpointFromLeader);
        } catch (Exception e) {
            LOG.error("Failed to install snapshot from Leader OM.", e);
        }
        return termIndex;
    }

    TermIndex installCheckpoint(String str, DBCheckpoint dBCheckpoint) throws Exception {
        Path checkpointLocation = dBCheckpoint.getCheckpointLocation();
        OMTransactionInfo trxnInfoFromCheckpoint = OzoneManagerRatisUtils.getTrxnInfoFromCheckpoint(this.configuration, checkpointLocation);
        LOG.info("Installing checkpoint with OMTransactionInfo {}", trxnInfoFromCheckpoint);
        return installCheckpoint(str, checkpointLocation, trxnInfoFromCheckpoint);
    }

    TermIndex installCheckpoint(String str, Path path, OMTransactionInfo oMTransactionInfo) throws Exception {
        File dbLocation = this.metadataManager.getStore().getDbLocation();
        try {
            stopServices();
            this.omRatisServer.getOmStateMachine().pause();
            File file = null;
            TermIndex lastAppliedTermIndex = this.omRatisServer.getLastAppliedTermIndex();
            long term = lastAppliedTermIndex.getTerm();
            long index = lastAppliedTermIndex.getIndex();
            if (OzoneManagerRatisUtils.verifyTransactionInfo(oMTransactionInfo, index, str, path)) {
                try {
                    file = replaceOMDBWithCheckpoint(index, dbLocation, path);
                    term = oMTransactionInfo.getTerm();
                    index = oMTransactionInfo.getTransactionIndex();
                    LOG.info("Replaced DB with checkpoint from OM: {}, term: {}, index: {}", new Object[]{str, Long.valueOf(term), Long.valueOf(index)});
                } catch (Exception e) {
                    LOG.error("Failed to install Snapshot from {} as OM failed to replace DB with downloaded checkpoint. Reloading old OM state.", e);
                }
            } else {
                LOG.warn("Cannot proceed with InstallSnapshot as OM is at TermIndex {} and checkpoint has lower TermIndex {}. Reloading old state of OM.", lastAppliedTermIndex, oMTransactionInfo.getTermIndex());
            }
            try {
                reloadOMState(index, term);
                this.omRatisServer.getOmStateMachine().unpause(index, term);
                LOG.info("Reloaded OM state with Term: {} and Index: {}", Long.valueOf(term), Long.valueOf(index));
            } catch (Exception e2) {
                this.exitManager.exitSystem(1, "Failed to reload OM state and instantiate services.", e2, LOG);
            }
            if (file != null) {
                try {
                    FileUtils.deleteFully(file);
                } catch (Exception e3) {
                    LOG.error("Failed to delete the backup of the original DB {}", file);
                }
            }
            if (index != oMTransactionInfo.getTransactionIndex()) {
                return null;
            }
            return TermIndex.valueOf(term, index);
        } catch (Exception e4) {
            LOG.error("Failed to stop/ pause the services. Cannot proceed with installing the new checkpoint.");
            this.keyManager.start(this.configuration);
            startTrashEmptier(this.configuration);
            throw e4;
        }
    }

    private DBCheckpoint getDBCheckpointFromLeader(String str) {
        LOG.info("Downloading checkpoint from leader OM {} and reloading state from the checkpoint.", str);
        try {
            return this.omSnapshotProvider.getOzoneManagerDBSnapshot(str);
        } catch (IOException e) {
            LOG.error("Failed to download checkpoint from OM leader {}", str, e);
            return null;
        }
    }

    void stopServices() throws Exception {
        this.keyManager.stop();
        stopSecretManager();
        this.metadataManager.stop();
        stopTrashEmptier();
    }

    private void stopTrashEmptier() {
        if (this.emptier != null) {
            this.emptier.interrupt();
            this.emptier = null;
        }
    }

    File replaceOMDBWithCheckpoint(long j, File file, Path path) throws IOException {
        String str = "om.db.backup." + j + "_" + System.currentTimeMillis();
        File parentFile = file.getParentFile();
        File file2 = new File(parentFile, str);
        try {
            Files.move(file.toPath(), file2.toPath(), new CopyOption[0]);
            Path path2 = new File(parentFile, "dbInconsistentMarker").toPath();
            try {
                Files.createFile(path2, new FileAttribute[0]);
                Files.move(path, file.toPath(), new CopyOption[0]);
                Files.deleteIfExists(path2);
                return file2;
            } catch (IOException e) {
                LOG.error("Failed to move downloaded DB checkpoint {} to metadata directory {}. Resetting to original DB.", path, file.toPath());
                try {
                    Files.move(file2.toPath(), file.toPath(), new CopyOption[0]);
                    Files.deleteIfExists(path2);
                } catch (IOException e2) {
                    ExitUtils.terminate(1, "Failed to reset to original DB. OM is in an inconsistent state.", e2, LOG);
                }
                throw e;
            }
        } catch (IOException e3) {
            LOG.error("Failed to create a backup of the current DB. Aborting snapshot installation.");
            throw e3;
        }
    }

    void reloadOMState(long j, long j2) throws IOException {
        instantiateServices();
        this.metadataManager.start(this.configuration);
        this.keyManager.start(this.configuration);
        startTrashEmptier(this.configuration);
        this.metrics.setNumVolumes(this.metadataManager.countRowsInTable(this.metadataManager.getVolumeTable()));
        this.metrics.setNumBuckets(this.metadataManager.countRowsInTable(this.metadataManager.getBucketTable()));
        this.metrics.setNumKeys(this.metadataManager.countEstimatedRowsInTable(this.metadataManager.getKeyTable()));
        Files.deleteIfExists(getMetricsStorageFile().toPath());
        saveOmMetrics();
        this.omRatisSnapshotInfo.updateTermIndex(j2, j);
    }

    public static Logger getLogger() {
        return LOG;
    }

    public OzoneConfiguration getConfiguration() {
        return this.configuration;
    }

    public static void setTestSecureOmFlag(boolean z) {
        testSecureOmFlag = z;
    }

    public String getOMNodeId() {
        return this.omNodeDetails.getOMNodeId();
    }

    public String getOMServiceId() {
        return this.omNodeDetails.getOMServiceId();
    }

    @VisibleForTesting
    public List<OMNodeDetails> getPeerNodes() {
        return this.peerNodes;
    }

    @VisibleForTesting
    public CertificateClient getCertificateClient() {
        return this.certClient;
    }

    public String getComponent() {
        return this.omComponent;
    }

    public long getMaxUserVolumeCount() {
        return this.maxUserVolumeCount;
    }

    public boolean isLeaderReady() {
        return !this.isRatisEnabled || this.omRatisServer.checkLeaderStatus() == OzoneManagerRatisServer.RaftServerStatus.LEADER_AND_READY;
    }

    public boolean isRatisEnabled() {
        return this.isRatisEnabled;
    }

    public DBUpdates getDBUpdates(OzoneManagerProtocolProtos.DBUpdatesRequest dBUpdatesRequest) throws SequenceNumberNotFoundException {
        DBUpdatesWrapper updatesSince = this.metadataManager.getStore().getUpdatesSince(dBUpdatesRequest.getSequenceNumber());
        DBUpdates dBUpdates = new DBUpdates(updatesSince.getData());
        dBUpdates.setCurrentSequenceNumber(updatesSince.getCurrentSequenceNumber());
        return dBUpdates;
    }

    public OzoneDelegationTokenSecretManager getDelegationTokenMgr() {
        return this.delegationTokenMgr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Collection<String> getOzoneAdmins(OzoneConfiguration ozoneConfiguration) throws IOException {
        Collection<String> trimmedStringCollection = ozoneConfiguration.getTrimmedStringCollection("ozone.administrators");
        String shortUserName = UserGroupInformation.getCurrentUser().getShortUserName();
        if (!trimmedStringCollection.contains(shortUserName)) {
            trimmedStringCollection.add(shortUserName);
        }
        return trimmedStringCollection;
    }

    public boolean isNativeAuthorizerEnabled() {
        return this.isNativeAuthorizerEnabled;
    }

    @VisibleForTesting
    public boolean isRunning() {
        return this.omState == State.RUNNING;
    }

    private void startJVMPauseMonitor() {
        this.jvmPauseMonitor = new JvmPauseMonitor();
        this.jvmPauseMonitor.init(this.configuration);
        this.jvmPauseMonitor.start();
    }

    public ResolvedBucket resolveBucketLink(OzoneManagerProtocolProtos.KeyArgs keyArgs, OMClientRequest oMClientRequest) throws IOException {
        return resolveBucketLink(Pair.of(keyArgs.getVolumeName(), keyArgs.getBucketName()), oMClientRequest);
    }

    public ResolvedBucket resolveBucketLink(OmKeyArgs omKeyArgs) throws IOException {
        return resolveBucketLink(Pair.of(omKeyArgs.getVolumeName(), omKeyArgs.getBucketName()));
    }

    public ResolvedBucket resolveBucketLink(Pair<String, String> pair, OMClientRequest oMClientRequest) throws IOException {
        return new ResolvedBucket(pair, this.isAclEnabled ? resolveBucketLink(pair, new HashSet(), oMClientRequest.createUGI(), oMClientRequest.getRemoteAddress(), oMClientRequest.getHostName()) : resolveBucketLink(pair, new HashSet(), null, null, null));
    }

    public ResolvedBucket resolveBucketLink(Pair<String, String> pair) throws IOException {
        Pair<String, String> resolveBucketLink;
        if (this.isAclEnabled) {
            InetAddress remoteIp = Server.getRemoteIp();
            resolveBucketLink = resolveBucketLink(pair, new HashSet(), Server.getRemoteUser(), remoteIp, remoteIp != null ? remoteIp.getHostName() : this.omRpcAddress.getHostName());
        } else {
            resolveBucketLink = resolveBucketLink(pair, new HashSet(), null, null, null);
        }
        return new ResolvedBucket(pair, resolveBucketLink);
    }

    private Pair<String, String> resolveBucketLink(Pair<String, String> pair, Set<Pair<String, String>> set, UserGroupInformation userGroupInformation, InetAddress inetAddress, String str) throws IOException {
        String str2 = (String) pair.getLeft();
        String str3 = (String) pair.getRight();
        OmBucketInfo bucketInfo = this.bucketManager.getBucketInfo(str2, str3);
        if (!bucketInfo.isLink()) {
            return pair;
        }
        if (!set.add(pair)) {
            throw new OMException("Detected loop in bucket links", OMException.ResultCodes.DETECTED_LOOP_IN_BUCKET_LINKS);
        }
        if (this.isAclEnabled) {
            IAccessAuthorizer.ACLType aCLType = IAccessAuthorizer.ACLType.READ;
            checkAcls(OzoneObj.ResourceType.BUCKET, OzoneObj.StoreType.OZONE, aCLType, str2, str3, null, userGroupInformation, inetAddress, str, true, getVolumeOwner(str2, aCLType, OzoneObj.ResourceType.BUCKET));
        }
        return resolveBucketLink(Pair.of(bucketInfo.getSourceVolume(), bucketInfo.getSourceBucket()), set, userGroupInformation, inetAddress, str);
    }

    @VisibleForTesting
    void setExitManagerForTesting(ExitManager exitManager) {
        this.exitManager = exitManager;
    }

    public boolean getEnableFileSystemPaths() {
        return this.configuration.getBoolean("ozone.om.enable.filesystem.paths", false);
    }

    private void addS3GVolumeToDB() throws IOException {
        String s3VolumeName = HddsClientUtils.getS3VolumeName(this.configuration);
        String volumeKey = this.metadataManager.getVolumeKey(s3VolumeName);
        if (!s3VolumeName.equals("s3v")) {
            LOG.warn("Make sure that all S3Gateway use same volume name. Otherwise user need to manually create/configure Volume configured by S3Gateway");
        }
        if (this.metadataManager.getVolumeTable().isExist(volumeKey)) {
            return;
        }
        long addEpochToTxId = OmUtils.addEpochToTxId(this.metadataManager.getOmEpoch(), 18014398509481983L);
        String shortUserName = UserGroupInformation.getCurrentUser().getShortUserName();
        OmVolumeArgs createS3VolumeInfo = createS3VolumeInfo(s3VolumeName, addEpochToTxId);
        String userKey = this.metadataManager.getUserKey(shortUserName);
        OzoneManagerStorageProtos.PersistedUserVolumeInfo build = OzoneManagerStorageProtos.PersistedUserVolumeInfo.newBuilder().setObjectID(addEpochToTxId).setUpdateID(18014398509481983L).addVolumeNames(s3VolumeName).build();
        BatchOperation initBatchOperation = this.metadataManager.getStore().initBatchOperation();
        Throwable th = null;
        try {
            try {
                this.metadataManager.getVolumeTable().putWithBatch(initBatchOperation, volumeKey, createS3VolumeInfo);
                this.metadataManager.getUserTable().putWithBatch(initBatchOperation, userKey, build);
                this.metadataManager.getStore().commitBatchOperation(initBatchOperation);
                if (initBatchOperation != null) {
                    if (0 != 0) {
                        try {
                            initBatchOperation.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        initBatchOperation.close();
                    }
                }
                this.metadataManager.getVolumeTable().addCacheEntry(new CacheKey(volumeKey), new CacheValue(Optional.of(createS3VolumeInfo), 18014398509481983L));
                this.metadataManager.getUserTable().addCacheEntry(new CacheKey(userKey), new CacheValue(Optional.of(build), 18014398509481983L));
                LOG.info("Created Volume {} With Owner {} required for S3Gateway operations.", s3VolumeName, shortUserName);
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (initBatchOperation != null) {
                if (th != null) {
                    try {
                        initBatchOperation.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    initBatchOperation.close();
                }
            }
            throw th4;
        }
    }

    private OmVolumeArgs createS3VolumeInfo(String str, long j) throws IOException {
        String shortUserName = UserGroupInformation.getCurrentUser().getShortUserName();
        long now = Time.now();
        OmVolumeArgs.Builder quotaInBytes = new OmVolumeArgs.Builder().setVolume(str).setUpdateID(-1L).setObjectID(j).setCreationTime(now).setModificationTime(now).setOwnerName(shortUserName).setAdminName(shortUserName).setQuotaInBytes(-1L);
        ArrayList arrayList = new ArrayList();
        arrayList.add(new OzoneAcl(IAccessAuthorizer.ACLIdentityType.USER, shortUserName, IAccessAuthorizer.ACLType.ALL, OzoneAcl.AclScope.ACCESS));
        Arrays.asList(UserGroupInformation.createRemoteUser(shortUserName).getGroupNames()).stream().forEach(str2 -> {
            arrayList.add(new OzoneAcl(IAccessAuthorizer.ACLIdentityType.GROUP, str2, IAccessAuthorizer.ACLType.ALL, OzoneAcl.AclScope.ACCESS));
        });
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            quotaInBytes.addOzoneAcls(OzoneAcl.toProtobuf((OzoneAcl) it.next()));
        }
        return quotaInBytes.build();
    }

    public int getMinMultipartUploadPartSize() {
        return this.minMultipartUploadPartSize;
    }

    @VisibleForTesting
    public void setMinMultipartUploadPartSize(int i) {
        this.minMultipartUploadPartSize = i;
    }
}
