package org.apache.hadoop.security.token.delegation;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.UncheckedIOException;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.concurrent.locks.ReentrantLock;
import java.util.stream.Stream;
import org.apache.curator.framework.CuratorFramework;
import org.apache.curator.framework.api.ACLBackgroundPathAndBytesable;
import org.apache.curator.framework.api.ChildrenDeletable;
import org.apache.curator.framework.recipes.cache.ChildData;
import org.apache.curator.framework.recipes.cache.CuratorCache;
import org.apache.curator.framework.recipes.cache.CuratorCacheBridge;
import org.apache.curator.framework.recipes.cache.CuratorCacheListener;
import org.apache.curator.framework.recipes.shared.SharedCount;
import org.apache.curator.framework.recipes.shared.VersionedValue;
import org.apache.curator.retry.RetryNTimes;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.classification.InterfaceStability;
import org.apache.hadoop.classification.VisibleForTesting;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.CommonConfigurationKeys;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.authentication.util.ZookeeperClient;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier;
import org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager;
import org.apache.hadoop.security.token.delegation.web.DelegationTokenAuthenticator;
import org.apache.hadoop.security.token.delegation.web.DelegationTokenManager;
import org.apache.hadoop.util.Time;
import org.apache.hadoop.util.curator.ZKCuratorManager;
import org.apache.zookeeper.CreateMode;
import org.apache.zookeeper.KeeperException;
import org.apache.zookeeper.data.Stat;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@InterfaceAudience.Private
/* loaded from: input_file:org/apache/hadoop/security/token/delegation/ZKDelegationTokenSecretManager.class */
public abstract class ZKDelegationTokenSecretManager<TokenIdent extends AbstractDelegationTokenIdentifier> extends AbstractDelegationTokenSecretManager<TokenIdent> {
    public static final String ZK_CONF_PREFIX = "zk-dt-secret-manager.";
    public static final String ZK_DTSM_ZK_NUM_RETRIES = "zk-dt-secret-manager.zkNumRetries";
    public static final String ZK_DTSM_ZK_SESSION_TIMEOUT = "zk-dt-secret-manager.zkSessionTimeout";
    public static final String ZK_DTSM_ZK_CONNECTION_TIMEOUT = "zk-dt-secret-manager.zkConnectionTimeout";
    public static final String ZK_DTSM_ZK_SHUTDOWN_TIMEOUT = "zk-dt-secret-manager.zkShutdownTimeout";
    public static final String ZK_DTSM_ZNODE_WORKING_PATH = "zk-dt-secret-manager.znodeWorkingPath";
    public static final String ZK_DTSM_ZK_AUTH_TYPE = "zk-dt-secret-manager.zkAuthType";
    public static final String ZK_DTSM_ZK_CONNECTION_STRING = "zk-dt-secret-manager.zkConnectionString";
    public static final String ZK_DTSM_ZK_KERBEROS_KEYTAB = "zk-dt-secret-manager.kerberos.keytab";
    public static final String ZK_DTSM_ZK_KERBEROS_PRINCIPAL = "zk-dt-secret-manager.kerberos.principal";
    public static final String ZK_DTSM_ZK_KERBEROS_SERVER_PRINCIPAL = "zk-dt-secret-manager.kerberos.server.principal";
    public static final String ZK_DTSM_TOKEN_SEQNUM_BATCH_SIZE = "zk-dt-secret-manager.token.seqnum.batch.size";
    public static final String ZK_DTSM_TOKEN_WATCHER_ENABLED = "zk-dt-secret-manager.token.watcher.enabled";
    public static final boolean ZK_DTSM_TOKEN_WATCHER_ENABLED_DEFAULT = true;
    public static final String ZK_DTSM_ZK_SSL_ENABLED = "zk-dt-secret-manager.ssl.enabled";
    public static final String ZK_DTSM_ZK_SSL_KEYSTORE_LOCATION = "zk-dt-secret-manager.ssl.keystore.location";
    public static final String ZK_DTSM_ZK_SSL_KEYSTORE_PASSWORD = "zk-dt-secret-manager.ssl.keystore.password";
    public static final String ZK_DTSM_ZK_SSL_TRUSTSTORE_LOCATION = "zk-dt-secret-manager.ssl.truststore.location";
    public static final String ZK_DTSM_ZK_SSL_TRUSTSTORE_PASSWORD = "zk-dt-secret-manager.ssl.truststore.password";
    public static final int ZK_DTSM_ZK_NUM_RETRIES_DEFAULT = 3;
    public static final int ZK_DTSM_ZK_SESSION_TIMEOUT_DEFAULT = 10000;
    public static final int ZK_DTSM_ZK_CONNECTION_TIMEOUT_DEFAULT = 10000;
    public static final int ZK_DTSM_ZK_SHUTDOWN_TIMEOUT_DEFAULT = 10000;
    public static final String ZK_DTSM_ZNODE_WORKING_PATH_DEAFULT = "zkdtsm";
    public static final int ZK_DTSM_TOKEN_SEQNUM_BATCH_SIZE_DEFAULT = 100;
    private static final String JAAS_LOGIN_ENTRY_NAME = "ZKDelegationTokenSecretManagerClient";
    private static final String ZK_DTSM_NAMESPACE = "ZKDTSMRoot";
    private static final String ZK_DTSM_SEQNUM_ROOT = "/ZKDTSMSeqNumRoot";
    private static final String ZK_DTSM_KEYID_ROOT = "/ZKDTSMKeyIdRoot";
    protected static final String ZK_DTSM_TOKENS_ROOT = "/ZKDTSMTokensRoot";
    private static final String ZK_DTSM_MASTER_KEY_ROOT = "/ZKDTSMMasterKeyRoot";
    private static final String DELEGATION_KEY_PREFIX = "DK_";
    private static final String DELEGATION_TOKEN_PREFIX = "DT_";
    private final boolean isExternalClient;
    protected final CuratorFramework zkClient;
    private SharedCount delTokSeqCounter;
    private SharedCount keyIdSeqCounter;
    private CuratorCacheBridge keyCache;
    private CuratorCacheBridge tokenCache;
    private final int seqNumBatchSize;
    private int currentSeqNum;
    private int currentMaxSeqNum;
    private final ReentrantLock currentSeqNumLock;
    private final boolean isTokenWatcherEnabled;
    private static final Logger LOG = LoggerFactory.getLogger(ZKDelegationTokenSecretManager.class);
    private static final ThreadLocal<CuratorFramework> CURATOR_TL = new ThreadLocal<>();

    public static void setCurator(CuratorFramework curatorFramework) {
        CURATOR_TL.set(curatorFramework);
    }

    @VisibleForTesting
    protected static CuratorFramework getCurator() {
        return CURATOR_TL.get();
    }

    public ZKDelegationTokenSecretManager(Configuration configuration) {
        super(configuration.getLong(DelegationTokenManager.UPDATE_INTERVAL, 86400L) * 1000, configuration.getLong(DelegationTokenManager.MAX_LIFETIME, DelegationTokenManager.MAX_LIFETIME_DEFAULT) * 1000, configuration.getLong(DelegationTokenManager.RENEW_INTERVAL, 86400L) * 1000, configuration.getLong(DelegationTokenManager.REMOVAL_SCAN_INTERVAL, DelegationTokenManager.REMOVAL_SCAN_INTERVAL_DEFAULT) * 1000);
        this.seqNumBatchSize = configuration.getInt(ZK_DTSM_TOKEN_SEQNUM_BATCH_SIZE, 100);
        this.isTokenWatcherEnabled = configuration.getBoolean(ZK_DTSM_TOKEN_WATCHER_ENABLED, true);
        this.currentSeqNumLock = new ReentrantLock(true);
        String str = configuration.get(ZK_DTSM_ZNODE_WORKING_PATH, ZK_DTSM_ZNODE_WORKING_PATH_DEAFULT) + "/" + ZK_DTSM_NAMESPACE;
        if (CURATOR_TL.get() != null) {
            this.zkClient = CURATOR_TL.get().usingNamespace(str);
            this.isExternalClient = true;
        } else {
            this.zkClient = createCuratorClient(configuration, str);
            this.isExternalClient = false;
        }
    }

    @VisibleForTesting
    static CuratorFramework createCuratorClient(Configuration configuration, String str) {
        try {
            String str2 = configuration.get(ZK_DTSM_ZK_CONNECTION_STRING);
            String str3 = configuration.get(ZK_DTSM_ZK_AUTH_TYPE);
            String trim = configuration.get(ZK_DTSM_ZK_KERBEROS_KEYTAB, "").trim();
            String serverPrincipal = SecurityUtil.getServerPrincipal(configuration.get(ZK_DTSM_ZK_KERBEROS_PRINCIPAL, "").trim(), "");
            int i = configuration.getInt(ZK_DTSM_ZK_SESSION_TIMEOUT, 10000);
            int i2 = configuration.getInt(ZK_DTSM_ZK_CONNECTION_TIMEOUT, 10000);
            int i3 = configuration.getInt(ZK_DTSM_ZK_NUM_RETRIES, 3);
            RetryNTimes retryNTimes = new RetryNTimes(i3, i3 == 0 ? 0 : i / i3);
            boolean z = configuration.getBoolean(CommonConfigurationKeys.ZK_CLIENT_SSL_ENABLED, configuration.getBoolean(ZK_DTSM_ZK_SSL_ENABLED, false));
            String str4 = configuration.get(ZK_DTSM_ZK_SSL_KEYSTORE_LOCATION, configuration.get(CommonConfigurationKeys.ZK_SSL_KEYSTORE_LOCATION, ""));
            return ZookeeperClient.configure().withConnectionString(str2).withNamespace(str).withZookeeperFactory(new ZKCuratorManager.HadoopZookeeperFactory(configuration.get(ZK_DTSM_ZK_KERBEROS_SERVER_PRINCIPAL), configuration.get(ZK_DTSM_ZK_KERBEROS_PRINCIPAL), configuration.get(ZK_DTSM_ZK_KERBEROS_KEYTAB), z, new SecurityUtil.TruststoreKeystore(configuration))).withAuthType(str3).withKeytab(trim).withPrincipal(serverPrincipal).withJaasLoginEntryName(JAAS_LOGIN_ENTRY_NAME).withRetryPolicy(retryNTimes).withSessionTimeout(i).withConnectionTimeout(i2).enableSSL(z).withKeystore(str4).withKeystorePassword(configuration.get(ZK_DTSM_ZK_SSL_KEYSTORE_PASSWORD, configuration.get(CommonConfigurationKeys.ZK_SSL_KEYSTORE_PASSWORD, ""))).withTruststore(configuration.get(ZK_DTSM_ZK_SSL_TRUSTSTORE_LOCATION, configuration.get(CommonConfigurationKeys.ZK_SSL_TRUSTSTORE_LOCATION, ""))).withTruststorePassword(configuration.get(ZK_DTSM_ZK_SSL_TRUSTSTORE_PASSWORD, configuration.get(CommonConfigurationKeys.ZK_SSL_TRUSTSTORE_PASSWORD, ""))).create();
        } catch (Exception e) {
            throw new RuntimeException("Could not Load ZK acls or auth: " + e, e);
        }
    }

    @Override // org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager
    public void startThreads() throws IOException {
        if (this.isExternalClient) {
            try {
                this.zkClient.usingNamespace((String) null).create().creatingParentContainersIfNeeded().forPath("/" + this.zkClient.getNamespace());
            } catch (Exception e) {
                throw new IOException("Could not create namespace", e);
            } catch (KeeperException.NodeExistsException e2) {
            }
        } else {
            try {
                this.zkClient.start();
            } catch (Exception e3) {
                throw new IOException("Could not start Curator Framework", e3);
            }
        }
        try {
            this.delTokSeqCounter = new SharedCount(this.zkClient, ZK_DTSM_SEQNUM_ROOT, 0);
            if (this.delTokSeqCounter != null) {
                this.delTokSeqCounter.start();
            }
            this.currentSeqNum = incrSharedCount(this.delTokSeqCounter, this.seqNumBatchSize);
            this.currentMaxSeqNum = this.currentSeqNum + this.seqNumBatchSize;
            LOG.info("Fetched initial range of seq num, from {} to {} ", Integer.valueOf(this.currentSeqNum + 1), Integer.valueOf(this.currentMaxSeqNum));
            try {
                this.keyIdSeqCounter = new SharedCount(this.zkClient, ZK_DTSM_KEYID_ROOT, 0);
                if (this.keyIdSeqCounter != null) {
                    this.keyIdSeqCounter.start();
                }
                try {
                    createPersistentNode(ZK_DTSM_MASTER_KEY_ROOT);
                    createPersistentNode(ZK_DTSM_TOKENS_ROOT);
                    try {
                        this.keyCache = CuratorCache.bridgeBuilder(this.zkClient, ZK_DTSM_MASTER_KEY_ROOT).build();
                        this.keyCache.listenable().addListener(CuratorCacheListener.builder().forCreatesAndChanges((childData, childData2) -> {
                            try {
                                processKeyAddOrUpdate(childData2.getData());
                            } catch (IOException e4) {
                                LOG.error("Error while processing Curator keyCacheListener NODE_CREATED / NODE_CHANGED event");
                                throw new UncheckedIOException(e4);
                            }
                        }).forDeletes(childData3 -> {
                            processKeyRemoved(childData3.getPath());
                        }).build());
                        this.keyCache.start();
                        loadFromZKCache(false);
                        if (this.isTokenWatcherEnabled) {
                            LOG.info("TokenCache is enabled");
                            try {
                                this.tokenCache = CuratorCache.bridgeBuilder(this.zkClient, ZK_DTSM_TOKENS_ROOT).build();
                                this.tokenCache.listenable().addListener(CuratorCacheListener.builder().forCreatesAndChanges((childData4, childData5) -> {
                                    try {
                                        processTokenAddOrUpdate(childData5.getData());
                                    } catch (IOException e4) {
                                        LOG.error("Error while processing Curator tokenCacheListener NODE_CREATED / NODE_CHANGED event");
                                        throw new UncheckedIOException(e4);
                                    }
                                }).forDeletes(childData6 -> {
                                    try {
                                        processTokenRemoved(childData6);
                                    } catch (IOException e4) {
                                        LOG.error("Error while processing Curator tokenCacheListener NODE_DELETED event");
                                        throw new UncheckedIOException(e4);
                                    }
                                }).build());
                                this.tokenCache.start();
                                loadFromZKCache(true);
                            } catch (Exception e4) {
                                throw new IOException("Could not start Curator tokenCacheListener for tokens", e4);
                            }
                        }
                        super.startThreads();
                    } catch (Exception e5) {
                        throw new IOException("Could not start Curator keyCacheListener for keys", e5);
                    }
                } catch (Exception e6) {
                    throw new RuntimeException("Could not create ZK paths");
                }
            } catch (Exception e7) {
                throw new IOException("Could not start KeyId Counter", e7);
            }
        } catch (Exception e8) {
            throw new IOException("Could not start Sequence Counter", e8);
        }
    }

    private void loadFromZKCache(boolean z) {
        String str = z ? DelegationTokenAuthenticator.TOKEN_PARAM : "key";
        LOG.info("Starting to load {} cache.", str);
        Stream stream = z ? this.tokenCache.stream() : this.keyCache.stream();
        AtomicInteger atomicInteger = new AtomicInteger(0);
        stream.forEach(childData -> {
            try {
                if (z) {
                    processTokenAddOrUpdate(childData.getData());
                } else {
                    processKeyAddOrUpdate(childData.getData());
                }
            } catch (Exception e) {
                LOG.info("Ignoring node {} because it failed to load.", childData.getPath());
                LOG.debug("Failure exception:", e);
                atomicInteger.getAndIncrement();
            }
        });
        if (z) {
            syncTokenOwnerStats();
        }
        if (atomicInteger.get() > 0) {
            LOG.warn("Ignored {} nodes while loading {} cache.", Integer.valueOf(atomicInteger.get()), str);
        }
        LOG.info("Loaded {} cache.", str);
    }

    private void processKeyAddOrUpdate(byte[] bArr) throws IOException {
        DataInputStream dataInputStream = new DataInputStream(new ByteArrayInputStream(bArr));
        DelegationKey delegationKey = new DelegationKey();
        delegationKey.readFields(dataInputStream);
        this.allKeys.put(Integer.valueOf(delegationKey.getKeyId()), delegationKey);
    }

    private void processKeyRemoved(String str) {
        String substring;
        int indexOf;
        int lastIndexOf = str.lastIndexOf(47);
        if (lastIndexOf <= 0 || (indexOf = (substring = str.substring(lastIndexOf + 1)).indexOf(95)) <= 0) {
            return;
        }
        this.allKeys.remove(Integer.valueOf(Integer.parseInt(substring.substring(indexOf + 1))));
    }

    protected TokenIdent processTokenAddOrUpdate(byte[] bArr) throws IOException {
        DataInputStream dataInputStream = new DataInputStream(new ByteArrayInputStream(bArr));
        TokenIdent tokenident = (TokenIdent) createIdentifier();
        tokenident.readFields(dataInputStream);
        long readLong = dataInputStream.readLong();
        int readInt = dataInputStream.readInt();
        byte[] bArr2 = new byte[readInt];
        if (dataInputStream.read(bArr2, 0, readInt) <= -1) {
            return null;
        }
        this.currentTokens.put(tokenident, new AbstractDelegationTokenSecretManager.DelegationTokenInformation(readLong, bArr2));
        return tokenident;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void processTokenRemoved(ChildData childData) throws IOException {
        DataInputStream dataInputStream = new DataInputStream(new ByteArrayInputStream(childData.getData()));
        AbstractDelegationTokenIdentifier abstractDelegationTokenIdentifier = (AbstractDelegationTokenIdentifier) createIdentifier();
        abstractDelegationTokenIdentifier.readFields(dataInputStream);
        this.currentTokens.remove(abstractDelegationTokenIdentifier);
    }

    @Override // org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager
    public void stopThreads() {
        super.stopThreads();
        try {
            if (this.tokenCache != null) {
                this.tokenCache.close();
            }
        } catch (Exception e) {
            LOG.error("Could not stop Delegation Token Cache", e);
        }
        try {
            if (this.delTokSeqCounter != null) {
                this.delTokSeqCounter.close();
            }
        } catch (Exception e2) {
            LOG.error("Could not stop Delegation Token Counter", e2);
        }
        try {
            if (this.keyIdSeqCounter != null) {
                this.keyIdSeqCounter.close();
            }
        } catch (Exception e3) {
            LOG.error("Could not stop Key Id Counter", e3);
        }
        try {
            if (this.keyCache != null) {
                this.keyCache.close();
            }
        } catch (Exception e4) {
            LOG.error("Could not stop KeyCache", e4);
        }
        try {
            if (!this.isExternalClient && this.zkClient != null) {
                this.zkClient.close();
            }
        } catch (Exception e5) {
            LOG.error("Could not stop Curator Framework", e5);
        }
    }

    private void createPersistentNode(String str) throws Exception {
        try {
            ((ACLBackgroundPathAndBytesable) this.zkClient.create().withMode(CreateMode.PERSISTENT)).forPath(str);
        } catch (Exception e) {
            throw new IOException(str + " znode could not be created !!", e);
        } catch (KeeperException.NodeExistsException e2) {
            LOG.debug(str + " znode already exists !!");
        }
    }

    @Override // org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager
    protected int getDelegationTokenSeqNum() {
        return this.delTokSeqCounter.getCount();
    }

    private int incrSharedCount(SharedCount sharedCount, int i) throws Exception {
        VersionedValue versionedValue;
        do {
            versionedValue = sharedCount.getVersionedValue();
        } while (!sharedCount.trySetCount(versionedValue, ((Integer) versionedValue.getValue()).intValue() + i));
        return ((Integer) versionedValue.getValue()).intValue();
    }

    @Override // org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager
    protected int incrementDelegationTokenSeqNum() {
        try {
            this.currentSeqNumLock.lock();
            if (this.currentSeqNum >= this.currentMaxSeqNum) {
                try {
                    try {
                        this.currentSeqNum = incrSharedCount(this.delTokSeqCounter, this.seqNumBatchSize);
                        this.currentMaxSeqNum = this.currentSeqNum + this.seqNumBatchSize;
                        LOG.info("Fetched new range of seq num, from {} to {} ", Integer.valueOf(this.currentSeqNum + 1), Integer.valueOf(this.currentMaxSeqNum));
                    } catch (InterruptedException e) {
                        LOG.debug("Thread interrupted while performing token counter increment", e);
                        Thread.currentThread().interrupt();
                    }
                } catch (Exception e2) {
                    throw new RuntimeException("Could not increment shared counter !!", e2);
                }
            }
            int i = this.currentSeqNum + 1;
            this.currentSeqNum = i;
            return i;
        } finally {
            this.currentSeqNumLock.unlock();
        }
    }

    @Override // org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager
    protected void setDelegationTokenSeqNum(int i) {
        try {
            this.delTokSeqCounter.setCount(i);
        } catch (Exception e) {
            throw new RuntimeException("Could not set shared counter !!", e);
        }
    }

    @Override // org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager
    protected int getCurrentKeyId() {
        return this.keyIdSeqCounter.getCount();
    }

    @Override // org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager
    protected int incrementCurrentKeyId() {
        try {
            incrSharedCount(this.keyIdSeqCounter, 1);
        } catch (InterruptedException e) {
            LOG.debug("Thread interrupted while performing keyId increment", e);
            Thread.currentThread().interrupt();
        } catch (Exception e2) {
            throw new RuntimeException("Could not increment shared keyId counter !!", e2);
        }
        return this.keyIdSeqCounter.getCount();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager
    public DelegationKey getDelegationKey(int i) {
        DelegationKey delegationKey = this.allKeys.get(Integer.valueOf(i));
        if (delegationKey == null) {
            try {
                delegationKey = getKeyFromZK(i);
                if (delegationKey != null) {
                    this.allKeys.put(Integer.valueOf(i), delegationKey);
                }
            } catch (IOException e) {
                LOG.error("Error retrieving key [" + i + "] from ZK", e);
            }
        }
        return delegationKey;
    }

    private DelegationKey getKeyFromZK(int i) throws IOException {
        String nodePath = getNodePath(ZK_DTSM_MASTER_KEY_ROOT, DELEGATION_KEY_PREFIX + i);
        try {
            byte[] bArr = (byte[]) this.zkClient.getData().forPath(nodePath);
            if (bArr == null || bArr.length == 0) {
                return null;
            }
            DataInputStream dataInputStream = new DataInputStream(new ByteArrayInputStream(bArr));
            DelegationKey delegationKey = new DelegationKey();
            delegationKey.readFields(dataInputStream);
            return delegationKey;
        } catch (KeeperException.NoNodeException e) {
            LOG.error("No node in path [" + nodePath + "]");
            return null;
        } catch (Exception e2) {
            throw new IOException(e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager
    public AbstractDelegationTokenSecretManager.DelegationTokenInformation getTokenInfo(TokenIdent tokenident) {
        AbstractDelegationTokenSecretManager.DelegationTokenInformation delegationTokenInformation = this.currentTokens.get(tokenident);
        if (delegationTokenInformation == null) {
            try {
                delegationTokenInformation = getTokenInfoFromZK(tokenident);
                if (delegationTokenInformation != null) {
                    this.currentTokens.put(tokenident, delegationTokenInformation);
                }
            } catch (IOException e) {
                LOG.error("Error retrieving tokenInfo [" + tokenident.getSequenceNumber() + "] from ZK", e);
            }
        }
        return delegationTokenInformation;
    }

    protected void syncLocalCacheWithZk(TokenIdent tokenident) {
        try {
            AbstractDelegationTokenSecretManager.DelegationTokenInformation tokenInfoFromZK = getTokenInfoFromZK(tokenident);
            if (tokenInfoFromZK != null && !this.currentTokens.containsKey(tokenident)) {
                this.currentTokens.put(tokenident, tokenInfoFromZK);
            } else if (tokenInfoFromZK == null && this.currentTokens.containsKey(tokenident)) {
                this.currentTokens.remove(tokenident);
            }
        } catch (IOException e) {
            LOG.error("Error retrieving tokenInfo [" + tokenident.getSequenceNumber() + "] from ZK", e);
        }
    }

    protected AbstractDelegationTokenSecretManager.DelegationTokenInformation getTokenInfoFromZK(TokenIdent tokenident) throws IOException {
        return getTokenInfoFromZK((ZKDelegationTokenSecretManager<TokenIdent>) tokenident, false);
    }

    protected AbstractDelegationTokenSecretManager.DelegationTokenInformation getTokenInfoFromZK(TokenIdent tokenident, boolean z) throws IOException {
        return getTokenInfoFromZK(getNodePath(ZK_DTSM_TOKENS_ROOT, DELEGATION_TOKEN_PREFIX + tokenident.getSequenceNumber()), z);
    }

    /* JADX WARN: Multi-variable type inference failed */
    protected AbstractDelegationTokenSecretManager.DelegationTokenInformation getTokenInfoFromZK(String str, boolean z) throws IOException {
        try {
            byte[] bArr = (byte[]) this.zkClient.getData().forPath(str);
            if (bArr == null || bArr.length == 0) {
                return null;
            }
            DataInputStream dataInputStream = new DataInputStream(new ByteArrayInputStream(bArr));
            ((AbstractDelegationTokenIdentifier) createIdentifier()).readFields(dataInputStream);
            long readLong = dataInputStream.readLong();
            int readInt = dataInputStream.readInt();
            byte[] bArr2 = new byte[readInt];
            if (dataInputStream.read(bArr2, 0, readInt) > -1) {
                return new AbstractDelegationTokenSecretManager.DelegationTokenInformation(readLong, bArr2);
            }
            return null;
        } catch (Exception e) {
            throw new IOException(e);
        } catch (KeeperException.NoNodeException e2) {
            if (z) {
                return null;
            }
            LOG.error("No node in path [" + str + "]");
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager
    public void storeDelegationKey(DelegationKey delegationKey) throws IOException {
        addOrUpdateDelegationKey(delegationKey, false);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager
    public void updateDelegationKey(DelegationKey delegationKey) throws IOException {
        addOrUpdateDelegationKey(delegationKey, true);
    }

    private void addOrUpdateDelegationKey(DelegationKey delegationKey, boolean z) throws IOException {
        String nodePath = getNodePath(ZK_DTSM_MASTER_KEY_ROOT, DELEGATION_KEY_PREFIX + delegationKey.getKeyId());
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Storing ZKDTSMDelegationKey_" + delegationKey.getKeyId());
        }
        delegationKey.write(dataOutputStream);
        try {
            try {
                if (this.zkClient.checkExists().forPath(nodePath) != null) {
                    ((Stat) this.zkClient.setData().forPath(nodePath, byteArrayOutputStream.toByteArray())).setVersion(-1);
                    if (!z) {
                        LOG.debug("Key with path [" + nodePath + "] already exists.. Updating !!");
                    }
                } else {
                    ((ACLBackgroundPathAndBytesable) this.zkClient.create().withMode(CreateMode.PERSISTENT)).forPath(nodePath, byteArrayOutputStream.toByteArray());
                    if (z) {
                        LOG.debug("Updating non existent Key path [" + nodePath + "].. Adding new !!");
                    }
                }
                byteArrayOutputStream.close();
            } catch (KeeperException.NodeExistsException e) {
                LOG.debug(nodePath + " znode already exists !!");
                byteArrayOutputStream.close();
            } catch (Exception e2) {
                throw new IOException(e2);
            }
        } catch (Throwable th) {
            byteArrayOutputStream.close();
            throw th;
        }
    }

    @Override // org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager
    protected void removeStoredMasterKey(DelegationKey delegationKey) {
        String nodePath = getNodePath(ZK_DTSM_MASTER_KEY_ROOT, DELEGATION_KEY_PREFIX + delegationKey.getKeyId());
        if (LOG.isDebugEnabled()) {
            LOG.debug("Removing ZKDTSMDelegationKey_" + delegationKey.getKeyId());
        }
        try {
            if (this.zkClient.checkExists().forPath(nodePath) != null) {
                while (this.zkClient.checkExists().forPath(nodePath) != null) {
                    try {
                        ((ChildrenDeletable) this.zkClient.delete().guaranteed()).forPath(nodePath);
                    } catch (KeeperException.NoNodeException e) {
                        LOG.debug("Node already deleted by peer " + nodePath);
                    }
                }
            } else {
                LOG.debug("Attempted to delete a non-existing znode " + nodePath);
            }
        } catch (Exception e2) {
            LOG.debug(nodePath + " znode could not be removed!!");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager
    public void storeToken(TokenIdent tokenident, AbstractDelegationTokenSecretManager.DelegationTokenInformation delegationTokenInformation) throws IOException {
        try {
            addOrUpdateToken(tokenident, delegationTokenInformation, false);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager
    public void updateToken(TokenIdent tokenident, AbstractDelegationTokenSecretManager.DelegationTokenInformation delegationTokenInformation) throws IOException {
        String nodePath = getNodePath(ZK_DTSM_TOKENS_ROOT, DELEGATION_TOKEN_PREFIX + tokenident.getSequenceNumber());
        try {
            if (this.zkClient.checkExists().forPath(nodePath) != null) {
                addOrUpdateToken(tokenident, delegationTokenInformation, true);
            } else {
                addOrUpdateToken(tokenident, delegationTokenInformation, false);
                LOG.debug("Attempted to update a non-existing znode " + nodePath);
            }
        } catch (Exception e) {
            throw new RuntimeException("Could not update Stored Token ZKDTSMDelegationToken_" + tokenident.getSequenceNumber(), e);
        }
    }

    @Override // org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager
    protected void removeStoredToken(TokenIdent tokenident) throws IOException {
        removeStoredToken(tokenident, false);
    }

    protected void removeStoredToken(TokenIdent tokenident, boolean z) throws IOException {
        String nodePath = getNodePath(ZK_DTSM_TOKENS_ROOT, DELEGATION_TOKEN_PREFIX + tokenident.getSequenceNumber());
        try {
            AbstractDelegationTokenSecretManager.DelegationTokenInformation tokenInfoFromZK = getTokenInfoFromZK((ZKDelegationTokenSecretManager<TokenIdent>) tokenident, true);
            if (tokenInfoFromZK == null) {
                LOG.debug("Attempted to remove a non-existing znode " + nodePath);
            } else {
                if (z && tokenInfoFromZK.getRenewDate() > Time.now()) {
                    LOG.info("Node already renewed by peer " + nodePath + " so this token should not be deleted");
                    return;
                }
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Removing ZKDTSMDelegationToken_" + tokenident.getSequenceNumber());
                }
                while (this.zkClient.checkExists().forPath(nodePath) != null) {
                    try {
                        ((ChildrenDeletable) this.zkClient.delete().guaranteed()).forPath(nodePath);
                    } catch (KeeperException.NoNodeException e) {
                        LOG.debug("Node already deleted by peer " + nodePath);
                    }
                }
            }
        } catch (Exception e2) {
            throw new RuntimeException("Could not remove Stored Token ZKDTSMDelegationToken_" + tokenident.getSequenceNumber(), e2);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.apache.hadoop.security.token.delegation.AbstractDelegationTokenSecretManager
    public TokenIdent cancelToken(Token<TokenIdent> token, String str) throws IOException {
        DataInputStream dataInputStream = new DataInputStream(new ByteArrayInputStream(token.getIdentifier()));
        AbstractDelegationTokenIdentifier abstractDelegationTokenIdentifier = (AbstractDelegationTokenIdentifier) createIdentifier();
        abstractDelegationTokenIdentifier.readFields(dataInputStream);
        syncLocalCacheWithZk(abstractDelegationTokenIdentifier);
        return (TokenIdent) super.cancelToken(token, str);
    }

    /* JADX WARN: Failed to calculate best type for var: r11v1 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r11v1 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Failed to calculate best type for var: r12v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r12v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.RegisterArg.getSVar()" because the return value of "jadx.core.dex.nodes.InsnNode.getResult()" is null
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.collectRelatedVars(AbstractTypeConstraint.java:31)
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.<init>(AbstractTypeConstraint.java:19)
    	at jadx.core.dex.visitors.typeinference.TypeSearch$1.<init>(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeMoveConstraint(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeConstraint(TypeSearch.java:361)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.collectConstraints(TypeSearch.java:341)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:60)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Not initialized variable reg: 11, insn: 0x0108: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r11 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:46:0x0108 */
    /* JADX WARN: Not initialized variable reg: 12, insn: 0x010d: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r12 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:48:0x010d */
    /* JADX WARN: Type inference failed for: r11v1, types: [java.io.DataOutputStream] */
    /* JADX WARN: Type inference failed for: r12v0, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r5v0, types: [TokenIdent extends org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier, org.apache.hadoop.security.token.delegation.AbstractDelegationTokenIdentifier] */
    protected void addOrUpdateToken(TokenIdent tokenident, AbstractDelegationTokenSecretManager.DelegationTokenInformation delegationTokenInformation, boolean z) throws Exception {
        ?? r11;
        ?? r12;
        String nodePath = getNodePath(ZK_DTSM_TOKENS_ROOT, DELEGATION_TOKEN_PREFIX + tokenident.getSequenceNumber());
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        Throwable th = null;
        try {
            try {
                DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
                Throwable th2 = null;
                tokenident.write(dataOutputStream);
                dataOutputStream.writeLong(delegationTokenInformation.getRenewDate());
                dataOutputStream.writeInt(delegationTokenInformation.getPassword().length);
                dataOutputStream.write(delegationTokenInformation.getPassword());
                if (LOG.isDebugEnabled()) {
                    LOG.debug((z ? "Updating " : "Storing ") + "ZKDTSMDelegationToken_" + tokenident.getSequenceNumber());
                }
                if (z) {
                    ((Stat) this.zkClient.setData().forPath(nodePath, byteArrayOutputStream.toByteArray())).setVersion(-1);
                } else {
                    ((ACLBackgroundPathAndBytesable) this.zkClient.create().withMode(CreateMode.PERSISTENT)).forPath(nodePath, byteArrayOutputStream.toByteArray());
                }
                if (dataOutputStream != null) {
                    if (0 != 0) {
                        try {
                            dataOutputStream.close();
                        } catch (Throwable th3) {
                            th2.addSuppressed(th3);
                        }
                    } else {
                        dataOutputStream.close();
                    }
                }
                if (byteArrayOutputStream != null) {
                    if (0 == 0) {
                        byteArrayOutputStream.close();
                        return;
                    }
                    try {
                        byteArrayOutputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                }
            } catch (Throwable th5) {
                if (r11 != 0) {
                    if (r12 != 0) {
                        try {
                            r11.close();
                        } catch (Throwable th6) {
                            r12.addSuppressed(th6);
                        }
                    } else {
                        r11.close();
                    }
                }
                throw th5;
            }
        } catch (Throwable th7) {
            if (byteArrayOutputStream != null) {
                if (0 != 0) {
                    try {
                        byteArrayOutputStream.close();
                    } catch (Throwable th8) {
                        th.addSuppressed(th8);
                    }
                } else {
                    byteArrayOutputStream.close();
                }
            }
            throw th7;
        }
    }

    public boolean isTokenWatcherEnabled() {
        return this.isTokenWatcherEnabled;
    }

    @InterfaceAudience.Private
    @InterfaceStability.Unstable
    @VisibleForTesting
    static String getNodePath(String str, String str2) {
        return str + "/" + str2;
    }

    @VisibleForTesting
    AbstractDelegationTokenSecretManager.DelegationTokenInformation getTokenInfoFromMemory(TokenIdent tokenident) {
        return this.currentTokens.get(tokenident);
    }
}
