package com.huawei.es.security.auth.signer;

import com.huawei.hadoop.security.crypter.CrypterUtil;
import java.io.UnsupportedEncodingException;
import java.nio.BufferUnderflowException;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.text.SimpleDateFormat;
import java.util.Date;
import org.apache.curator.framework.CuratorFramework;
import org.apache.curator.framework.api.WatchPathable;
import org.apache.logging.log4j.Logger;
import org.apache.zookeeper.KeeperException;
import org.apache.zookeeper.data.Stat;
import org.elasticsearch.common.logging.Loggers;
import org.elasticsearch.common.settings.Settings;

/* loaded from: input_file:com/huawei/es/security/auth/signer/ZKSignerSecretProvider.class */
public class ZKSignerSecretProvider extends RolloverSignerSecretProvider {
    private static final String CONFIG_PREFIX = "signer.secret.provider.zookeeper.";
    private static final String ZOOKEEPER_PATH = "signer.secret.provider.zookeeper.path";
    private static final String DISCONNECT_FROM_ZOOKEEPER_ON_SHUTDOWN = "signer.secret.provider.zookeeper.disconnect.on.shutdown";
    private static final Logger LOG = Loggers.getLogger(ZKSignerSecretProvider.class, new String[]{"ZKSignerSecretProvider"});
    private String path;
    private volatile byte[] nextSecret;
    private final SecureRandom rand = getRandomInstance();
    private long nextRolloverDate;
    private long tokenValidity;
    private CuratorFramework client;
    private boolean shouldDisconnect;
    private static final int INT_BYTES = 4;
    private static final int LONG_BYTES = 8;
    private static final int DATA_VERSION = 0;

    public ZKSignerSecretProvider(Settings settings, long j, CuratorFramework curatorFramework) {
        this.tokenValidity = j;
        this.client = curatorFramework;
        try {
            initParam(j, settings);
        } catch (Exception e) {
            LOG.error("Init ZKSignerSecretProvider failed:", e.getCause());
        }
    }

    private SecureRandom getRandomInstance() {
        try {
            return SecureRandom.getInstance("SHA1PRNG");
        } catch (NoSuchAlgorithmException e) {
            LOG.error("Failed to get SecureRandom instance.", e);
            throw new RuntimeException("Failed to get SecureRandom instance.", e);
        }
    }

    private synchronized void initParam(long j, Settings settings) throws Exception {
        this.tokenValidity = j;
        this.shouldDisconnect = Boolean.parseBoolean(settings.get(DISCONNECT_FROM_ZOOKEEPER_ON_SHUTDOWN, "true"));
        this.path = settings.get(ZOOKEEPER_PATH);
        if (this.path == null) {
            throw new IllegalArgumentException("signer.secret.provider.zookeeper.path must be specified");
        }
        try {
            this.nextRolloverDate = System.currentTimeMillis() + j;
            byte[] generateRandomSecret = generateRandomSecret();
            this.client.create().creatingParentsIfNeeded().forPath(this.path, generateZKData(generateRandomSecret, generateRandomSecret, null));
            LOG.info("Creating secret znode.");
        } catch (UnsupportedEncodingException e) {
            LOG.warn("Creating secret occur error:", e.getCause());
        } catch (KeeperException.NodeExistsException e2) {
            LOG.info("The secret znode already exists, retrieving data:", e2.getCause());
        }
        pullFromZK(true);
        long currentTimeMillis = this.nextRolloverDate - System.currentTimeMillis();
        LOG.info("The nextRolloverDate was :{},the date format was : {}.", Long.valueOf(this.nextRolloverDate), new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(new Date(this.nextRolloverDate)));
        if (currentTimeMillis < 1) {
            int i = 1;
            while (currentTimeMillis < 1) {
                currentTimeMillis = (this.nextRolloverDate + (j * i)) - System.currentTimeMillis();
                i++;
            }
        }
        super.startScheduler(currentTimeMillis, j);
    }

    @Override // com.huawei.es.security.auth.signer.RolloverSignerSecretProvider, com.huawei.es.security.auth.signer.SignerSecretProvider
    public synchronized void destroy() {
        if (this.shouldDisconnect && this.client != null) {
            this.client.close();
        }
        super.destroy();
    }

    @Override // com.huawei.es.security.auth.signer.RolloverSignerSecretProvider
    protected synchronized void rollSecret() {
        try {
            this.nextRolloverDate += this.tokenValidity;
            pullFromZK(false);
        } catch (Exception e) {
            LOG.error("rolling secret occur an exception:", e.getCause());
        }
    }

    @Override // com.huawei.es.security.auth.signer.RolloverSignerSecretProvider
    protected byte[] generateNewSecret() {
        return this.nextSecret;
    }

    private synchronized byte[] generateZKData(byte[] bArr, byte[] bArr2, byte[] bArr3) {
        LOG.debug("Start generating secret.");
        int length = bArr.length;
        int length2 = bArr2.length;
        int i = 0;
        if (bArr3 != null) {
            i = bArr3.length;
        }
        ByteBuffer allocate = ByteBuffer.allocate(LONG_BYTES + length + 4 + length2 + 4 + i + LONG_BYTES);
        allocate.putInt(0);
        allocate.putInt(length);
        allocate.put(bArr);
        allocate.putInt(length2);
        allocate.put(bArr2);
        allocate.putInt(i);
        if (i > 0) {
            allocate.put(bArr3);
        }
        allocate.putLong(this.nextRolloverDate);
        byte[] bArr4 = null;
        try {
            String str = new String(allocate.array(), StandardCharsets.ISO_8859_1);
            if (null != CrypterUtil.encrypt(str)) {
                bArr4 = CrypterUtil.encrypt(str).getBytes(StandardCharsets.ISO_8859_1);
            }
        } catch (Exception e) {
            LOG.error("An unexpected exception occurred while generate secret", e.getCause());
        }
        LOG.debug("Successfully generate secret.");
        return bArr4;
    }

    private synchronized void pullFromZK(boolean z) {
        try {
            ByteBuffer byteSecret = getByteSecret((byte[]) ((WatchPathable) this.client.getData().storingStatIn(new Stat())).forPath(this.path));
            getNextSecret(byteSecret);
            byte[] bArr = new byte[byteSecret.getInt()];
            byteSecret.get(bArr);
            int i = byteSecret.getInt();
            byte[] bArr2 = null;
            if (i > 0) {
                bArr2 = new byte[i];
                byteSecret.get(bArr2);
            }
            super.initSecrets(this.nextSecret, bArr, bArr2);
            if (z) {
                LOG.info("Initializing secrets from zk.");
                this.nextRolloverDate = byteSecret.getLong();
                LOG.info("Successfully initialize secrets from zk.");
            }
        } catch (BufferUnderflowException e) {
            LOG.error("ByteBuffer.getInt exception occurred while pulling data from ZooKeeper", e);
        } catch (Exception e2) {
            LOG.error("An unexpected exception occurred while pulling data from ZooKeeper", e2);
        }
    }

    private ByteBuffer getByteSecret(byte[] bArr) {
        return ByteBuffer.wrap(CrypterUtil.decrypt(new String(bArr, StandardCharsets.ISO_8859_1)).getBytes(StandardCharsets.ISO_8859_1));
    }

    private void getNextSecret(ByteBuffer byteBuffer) {
        if (byteBuffer.getInt() > 0) {
            throw new IllegalStateException("Cannot load data from ZooKeeper it was written with a newer version");
        }
        byte[] bArr = new byte[byteBuffer.getInt()];
        byteBuffer.get(bArr);
        this.nextSecret = bArr;
    }

    private byte[] generateRandomSecret() throws UnsupportedEncodingException {
        return Long.toString(this.rand.nextLong()).getBytes("UTF-8");
    }
}
