package org.apache.hadoop.yarn.server.router.security;

import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.curator.framework.CuratorFramework;
import org.apache.curator.framework.recipes.cache.ChildData;
import org.apache.curator.framework.recipes.cache.PathChildrenCache;
import org.apache.curator.framework.recipes.cache.PathChildrenCacheEvent;
import org.apache.curator.framework.recipes.cache.PathChildrenCacheListener;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.io.Text;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.security.token.delegation.DelegationKey;
import org.apache.hadoop.util.curator.ZKCuratorManager;
import org.apache.hadoop.yarn.security.client.RMDelegationTokenIdentifier;
import org.apache.hadoop.yarn.server.resourcemanager.recovery.RMStateStoreUtils;
import org.apache.hadoop.yarn.server.resourcemanager.recovery.records.RMDelegationTokenIdentifierData;

/* loaded from: input_file:org/apache/hadoop/yarn/server/router/security/ZKDelegationTokenFetcher.class */
public class ZKDelegationTokenFetcher extends DelegationTokenFetcher {
    private static final Log LOG = LogFactory.getLog(ZKDelegationTokenFetcher.class);
    protected static final String RM_DT_SECRET_MANAGER_ROOT = "RMDTSecretManagerRoot";
    protected static final String DELEGATION_KEY_PREFIX = "DelegationKey_";
    protected static final String DELEGATION_TOKEN_PREFIX = "RMDelegationToken_";
    private static final String RM_DELEGATION_TOKENS_ROOT_ZNODE_NAME = "RMDelegationTokensRoot";
    private static final String RM_DT_SEQUENTIAL_NUMBER_ZNODE_NAME = "RMDTSequentialNumber";
    private static final String RM_DT_MASTER_KEYS_ROOT_ZNODE_NAME = "RMDTMasterKeysRoot";
    public static final String ROOT_ZNODE_NAME = "ZKRMStateRoot";
    private ZKCuratorManager zkManager;
    private String rootPath;

    /* renamed from: org.apache.hadoop.yarn.server.router.security.ZKDelegationTokenFetcher$3, reason: invalid class name */
    /* loaded from: input_file:org/apache/hadoop/yarn/server/router/security/ZKDelegationTokenFetcher$3.class */
    static /* synthetic */ class AnonymousClass3 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$curator$framework$recipes$cache$PathChildrenCacheEvent$Type = new int[PathChildrenCacheEvent.Type.values().length];

        static {
            try {
                $SwitchMap$org$apache$curator$framework$recipes$cache$PathChildrenCacheEvent$Type[PathChildrenCacheEvent.Type.CHILD_ADDED.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$curator$framework$recipes$cache$PathChildrenCacheEvent$Type[PathChildrenCacheEvent.Type.CHILD_UPDATED.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$apache$curator$framework$recipes$cache$PathChildrenCacheEvent$Type[PathChildrenCacheEvent.Type.CHILD_REMOVED.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    /* loaded from: input_file:org/apache/hadoop/yarn/server/router/security/ZKDelegationTokenFetcher$PathChildrenCacheListenerImpl.class */
    private static class PathChildrenCacheListenerImpl implements PathChildrenCacheListener {
        private PathChildrenCacheListenerImpl() {
        }

        public void childEvent(CuratorFramework curatorFramework, PathChildrenCacheEvent pathChildrenCacheEvent) throws Exception {
            switch (AnonymousClass3.$SwitchMap$org$apache$curator$framework$recipes$cache$PathChildrenCacheEvent$Type[pathChildrenCacheEvent.getType().ordinal()]) {
                case 1:
                case 2:
                case 3:
                default:
                    return;
            }
        }
    }

    public ZKDelegationTokenFetcher(Configuration configuration, ZKCuratorManager zKCuratorManager, RouterDelegationTokenSecretManager routerDelegationTokenSecretManager) throws Exception {
        super(routerDelegationTokenSecretManager);
        this.zkManager = zKCuratorManager;
        this.rootPath = configuration.get("yarn.resourcemanager.zk-state-store.rootpath", "/federation");
    }

    @Override // org.apache.hadoop.yarn.server.router.security.DelegationTokenFetcher
    public void start() throws Exception {
        PathChildrenCache pathChildrenCache = new PathChildrenCache(this.zkManager.getCurator(), this.rootPath, true);
        pathChildrenCache.start(PathChildrenCache.StartMode.BUILD_INITIAL_CACHE);
        pathChildrenCache.getListenable().addListener(new PathChildrenCacheListenerImpl());
        for (ChildData childData : pathChildrenCache.getCurrentData()) {
            processSubcluster(childData.getPath(), childData.getData());
        }
    }

    private void processSubcluster(String str, byte[] bArr) throws Exception {
        LOG.info("Monitor Subcluster path: " + str);
        String str2 = str + "/" + ROOT_ZNODE_NAME + "/" + RM_DT_SECRET_MANAGER_ROOT;
        this.zkManager.createRootDirRecursively(str2);
        monitorMasterKey(str2 + "/" + RM_DT_MASTER_KEYS_ROOT_ZNODE_NAME);
        monitorDelegationToken(str2 + "/" + RM_DELEGATION_TOKENS_ROOT_ZNODE_NAME);
    }

    private void monitorDelegationToken(String str) throws Exception {
        if (!this.zkManager.exists(str)) {
            this.zkManager.create(str);
        }
        LOG.info("Monitor DelegationToken path: " + str);
        PathChildrenCache pathChildrenCache = new PathChildrenCache(this.zkManager.getCurator(), str, true);
        pathChildrenCache.start(PathChildrenCache.StartMode.BUILD_INITIAL_CACHE);
        pathChildrenCache.getListenable().addListener(new PathChildrenCacheListener() { // from class: org.apache.hadoop.yarn.server.router.security.ZKDelegationTokenFetcher.1
            public void childEvent(CuratorFramework curatorFramework, PathChildrenCacheEvent pathChildrenCacheEvent) throws Exception {
                ZKDelegationTokenFetcher.LOG.info("Path: " + pathChildrenCacheEvent.getData().getPath() + " Type: " + pathChildrenCacheEvent.getType());
                switch (AnonymousClass3.$SwitchMap$org$apache$curator$framework$recipes$cache$PathChildrenCacheEvent$Type[pathChildrenCacheEvent.getType().ordinal()]) {
                    case 1:
                    case 2:
                        ZKDelegationTokenFetcher.this.processDTNode(pathChildrenCacheEvent.getData().getPath(), pathChildrenCacheEvent.getData().getData(), true);
                        return;
                    case 3:
                        ZKDelegationTokenFetcher.this.processDTNode(pathChildrenCacheEvent.getData().getPath(), pathChildrenCacheEvent.getData().getData(), false);
                        return;
                    default:
                        return;
                }
            }
        });
        for (ChildData childData : pathChildrenCache.getCurrentData()) {
            processDTNode(childData.getPath(), childData.getData(), true);
        }
    }

    private void monitorMasterKey(String str) throws Exception {
        if (!this.zkManager.exists(str)) {
            this.zkManager.create(str);
        }
        LOG.info("Monitor MasterKey path: " + str);
        PathChildrenCache pathChildrenCache = new PathChildrenCache(this.zkManager.getCurator(), str, true);
        pathChildrenCache.start(PathChildrenCache.StartMode.BUILD_INITIAL_CACHE);
        pathChildrenCache.getListenable().addListener(new PathChildrenCacheListener() { // from class: org.apache.hadoop.yarn.server.router.security.ZKDelegationTokenFetcher.2
            public void childEvent(CuratorFramework curatorFramework, PathChildrenCacheEvent pathChildrenCacheEvent) throws Exception {
                ZKDelegationTokenFetcher.LOG.info("Path: " + pathChildrenCacheEvent.getData().getPath() + " Type: " + pathChildrenCacheEvent.getType());
                switch (AnonymousClass3.$SwitchMap$org$apache$curator$framework$recipes$cache$PathChildrenCacheEvent$Type[pathChildrenCacheEvent.getType().ordinal()]) {
                    case 1:
                    case 2:
                        ZKDelegationTokenFetcher.this.processKeyNode(pathChildrenCacheEvent.getData().getPath(), pathChildrenCacheEvent.getData().getData(), true);
                        return;
                    case 3:
                    default:
                        return;
                }
            }
        });
        for (ChildData childData : pathChildrenCache.getCurrentData()) {
            processKeyNode(childData.getPath(), childData.getData(), true);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void processKeyNode(String str, byte[] bArr, boolean z) throws Exception {
        if (!getChildName(str).startsWith(DELEGATION_KEY_PREFIX)) {
            LOG.info("path: " + str + " is not start with " + DELEGATION_KEY_PREFIX);
            return;
        }
        if (bArr == null) {
            LOG.warn("Content of " + str + " is broken.");
            return;
        }
        String clusterName = getClusterName(str);
        DataInputStream dataInputStream = new DataInputStream(new ByteArrayInputStream(bArr));
        Throwable th = null;
        try {
            try {
                DelegationKey delegationKey = new DelegationKey();
                delegationKey.readFields(dataInputStream);
                if (z) {
                    updateMasterKey(new ExtendDelegationKey(clusterName, delegationKey));
                    if (LOG.isInfoEnabled()) {
                        LOG.info("Loaded delegation key: keyId=" + delegationKey.getKeyId() + ", expirationDate=" + delegationKey.getExpiryDate());
                    }
                }
                if (dataInputStream != null) {
                    if (0 == 0) {
                        dataInputStream.close();
                        return;
                    }
                    try {
                        dataInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (dataInputStream != null) {
                if (th != null) {
                    try {
                        dataInputStream.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    dataInputStream.close();
                }
            }
            throw th4;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void processDTNode(String str, byte[] bArr, boolean z) throws Exception {
        if (!getChildName(str).startsWith(DELEGATION_TOKEN_PREFIX)) {
            LOG.info("path: " + str + " is not start with " + DELEGATION_TOKEN_PREFIX);
            return;
        }
        if (bArr == null) {
            LOG.warn("Content of " + str + " is broken.");
            return;
        }
        String clusterName = getClusterName(str);
        DataInputStream dataInputStream = new DataInputStream(new ByteArrayInputStream(bArr));
        Throwable th = null;
        try {
            RMDelegationTokenIdentifierData readRMDelegationTokenIdentifierData = RMStateStoreUtils.readRMDelegationTokenIdentifierData(dataInputStream);
            RMDelegationTokenIdentifier tokenIdentifier = readRMDelegationTokenIdentifierData.getTokenIdentifier();
            long renewDate = readRMDelegationTokenIdentifierData.getRenewDate();
            if (z) {
                updateToken(new ExtendRMDelegationTokenIdentifier(clusterName, tokenIdentifier), renewDate);
                if (LOG.isInfoEnabled()) {
                    LOG.info("Loaded RMDelegationTokenIdentifier: " + tokenIdentifier + " renewDate=" + renewDate);
                }
            } else {
                Token<RMDelegationTokenIdentifier> token = new Token<>(tokenIdentifier.getBytes(), (byte[]) null, (Text) null, (Text) null);
                if (tokenIdentifier.getUser() != null) {
                    removeToken(token, tokenIdentifier.getUser().getUserName());
                }
                if (LOG.isInfoEnabled()) {
                    LOG.info("Removed RMDelegationTokenIdentifier: " + tokenIdentifier + " renewDate=" + renewDate);
                }
            }
            if (dataInputStream != null) {
                if (0 == 0) {
                    dataInputStream.close();
                    return;
                }
                try {
                    dataInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (dataInputStream != null) {
                if (0 != 0) {
                    try {
                        dataInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    dataInputStream.close();
                }
            }
            throw th3;
        }
    }

    private String getChildName(String str) {
        int lastIndexOf = str.lastIndexOf("/");
        return lastIndexOf == -1 ? str : str.substring(lastIndexOf + 1);
    }

    private String getClusterName(String str) {
        if (!str.startsWith(this.rootPath)) {
            return null;
        }
        String substring = str.substring(this.rootPath.length() + 1);
        return substring.substring(0, substring.indexOf("/"));
    }
}
