package org.apache.hadoop.hdfs.server.namenode;

import com.google.common.base.Preconditions;
import com.google.common.collect.Lists;
import com.google.protobuf.InvalidProtocolBufferException;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.util.ArrayList;
import java.util.EnumSet;
import java.util.Iterator;
import java.util.Map;
import java.util.NavigableMap;
import java.util.TreeMap;
import org.apache.commons.lang.builder.EqualsBuilder;
import org.apache.commons.lang.builder.HashCodeBuilder;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.crypto.CipherSuite;
import org.apache.hadoop.crypto.CryptoProtocolVersion;
import org.apache.hadoop.fs.BatchedRemoteIterator;
import org.apache.hadoop.fs.UnresolvedLinkException;
import org.apache.hadoop.fs.XAttr;
import org.apache.hadoop.fs.XAttrSetFlag;
import org.apache.hadoop.hdfs.DFSConfigKeys;
import org.apache.hadoop.hdfs.XAttrHelper;
import org.apache.hadoop.hdfs.protocol.EncryptionZone;
import org.apache.hadoop.hdfs.protocol.SnapshotAccessControlException;
import org.apache.hadoop.hdfs.protocol.proto.HdfsProtos;
import org.apache.hadoop.hdfs.protocolPB.PBHelperClient;
import org.apache.hadoop.hdfs.server.common.HdfsServerConstants;
import org.apache.hadoop.hdfs.server.namenode.FSDirectory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/hadoop-hdfs-2.10.1.jar:org/apache/hadoop/hdfs/server/namenode/EncryptionZoneManager.class */
public class EncryptionZoneManager {
    public static Logger LOG;
    private TreeMap<Long, EncryptionZoneInt> encryptionZones = null;
    private final FSDirectory dir;
    private final int maxListEncryptionZonesResponses;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/hadoop-hdfs-2.10.1.jar:org/apache/hadoop/hdfs/server/namenode/EncryptionZoneManager$EncryptionZoneInt.class */
    public static class EncryptionZoneInt {
        private final long inodeId;
        private final CipherSuite suite;
        private final CryptoProtocolVersion version;
        private final String keyName;

        EncryptionZoneInt(long j, CipherSuite cipherSuite, CryptoProtocolVersion cryptoProtocolVersion, String str) {
            Preconditions.checkArgument(cipherSuite != CipherSuite.UNKNOWN);
            Preconditions.checkArgument(cryptoProtocolVersion != CryptoProtocolVersion.UNKNOWN);
            this.inodeId = j;
            this.suite = cipherSuite;
            this.version = cryptoProtocolVersion;
            this.keyName = str;
        }

        long getINodeId() {
            return this.inodeId;
        }

        CipherSuite getSuite() {
            return this.suite;
        }

        CryptoProtocolVersion getVersion() {
            return this.version;
        }

        String getKeyName() {
            return this.keyName;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (!(obj instanceof EncryptionZoneInt)) {
                return false;
            }
            EncryptionZoneInt encryptionZoneInt = (EncryptionZoneInt) obj;
            return new EqualsBuilder().append(this.inodeId, encryptionZoneInt.getINodeId()).append(this.suite, encryptionZoneInt.getSuite()).append(this.version, encryptionZoneInt.getVersion()).append(this.keyName, encryptionZoneInt.getKeyName()).isEquals();
        }

        public int hashCode() {
            return new HashCodeBuilder().append(this.inodeId).append(this.suite).append(this.version).append(this.keyName).toHashCode();
        }
    }

    public EncryptionZoneManager(FSDirectory fSDirectory, Configuration configuration) {
        this.dir = fSDirectory;
        this.maxListEncryptionZonesResponses = configuration.getInt(DFSConfigKeys.DFS_NAMENODE_LIST_ENCRYPTION_ZONES_NUM_RESPONSES, 100);
        Preconditions.checkArgument(this.maxListEncryptionZonesResponses >= 0, "dfs.namenode.list.encryption.zones.num.responses must be a positive integer.");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void addEncryptionZone(Long l, CipherSuite cipherSuite, CryptoProtocolVersion cryptoProtocolVersion, String str) {
        if (!$assertionsDisabled && !this.dir.hasWriteLock()) {
            throw new AssertionError();
        }
        unprotectedAddEncryptionZone(l, cipherSuite, cryptoProtocolVersion, str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void unprotectedAddEncryptionZone(Long l, CipherSuite cipherSuite, CryptoProtocolVersion cryptoProtocolVersion, String str) {
        EncryptionZoneInt encryptionZoneInt = new EncryptionZoneInt(l.longValue(), cipherSuite, cryptoProtocolVersion, str);
        if (this.encryptionZones == null) {
            this.encryptionZones = new TreeMap<>();
        }
        this.encryptionZones.put(l, encryptionZoneInt);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void removeEncryptionZone(Long l) {
        if (!$assertionsDisabled && !this.dir.hasWriteLock()) {
            throw new AssertionError();
        }
        if (hasCreatedEncryptionZone()) {
            this.encryptionZones.remove(l);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isInAnEZ(INodesInPath iNodesInPath) throws UnresolvedLinkException, SnapshotAccessControlException, IOException {
        if ($assertionsDisabled || this.dir.hasReadLock()) {
            return getEncryptionZoneForPath(iNodesInPath) != null;
        }
        throw new AssertionError();
    }

    private String getFullPathName(EncryptionZoneInt encryptionZoneInt) {
        if ($assertionsDisabled || this.dir.hasReadLock()) {
            return this.dir.getInode(encryptionZoneInt.getINodeId()).getFullPathName();
        }
        throw new AssertionError();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getKeyName(INodesInPath iNodesInPath) throws IOException {
        if (!$assertionsDisabled && !this.dir.hasReadLock()) {
            throw new AssertionError();
        }
        EncryptionZoneInt encryptionZoneForPath = getEncryptionZoneForPath(iNodesInPath);
        if (encryptionZoneForPath == null) {
            return null;
        }
        return encryptionZoneForPath.getKeyName();
    }

    private EncryptionZoneInt getEncryptionZoneForPath(INodesInPath iNodesInPath) throws IOException {
        if (!$assertionsDisabled && !this.dir.hasReadLock()) {
            throw new AssertionError();
        }
        Preconditions.checkNotNull(iNodesInPath);
        if (!hasCreatedEncryptionZone()) {
            return null;
        }
        int pathSnapshotId = iNodesInPath.getPathSnapshotId();
        for (int length = iNodesInPath.length() - 1; length >= 0; length--) {
            INode iNode = iNodesInPath.getINode(length);
            if (iNode != null && iNode.isDirectory()) {
                if (pathSnapshotId == 2147483646) {
                    EncryptionZoneInt encryptionZoneInt = this.encryptionZones.get(Long.valueOf(iNode.getId()));
                    if (encryptionZoneInt != null) {
                        return encryptionZoneInt;
                    }
                } else {
                    XAttr unprotectedGetXAttrByPrefixedName = FSDirXAttrOp.unprotectedGetXAttrByPrefixedName(iNode, pathSnapshotId, HdfsServerConstants.CRYPTO_XATTR_ENCRYPTION_ZONE);
                    if (unprotectedGetXAttrByPrefixedName != null) {
                        try {
                            HdfsProtos.ZoneEncryptionInfoProto parseFrom = HdfsProtos.ZoneEncryptionInfoProto.parseFrom(unprotectedGetXAttrByPrefixedName.getValue());
                            return new EncryptionZoneInt(iNode.getId(), PBHelperClient.convert(parseFrom.getSuite()), PBHelperClient.convert(parseFrom.getCryptoProtocolVersion()), parseFrom.getKeyName());
                        } catch (InvalidProtocolBufferException e) {
                            throw new IOException("Could not parse encryption zone for inode " + iNodesInPath.getPath(), e);
                        }
                    }
                }
            }
        }
        return null;
    }

    private EncryptionZoneInt getParentEncryptionZoneForPath(INodesInPath iNodesInPath) throws IOException {
        if (!$assertionsDisabled && !this.dir.hasReadLock()) {
            throw new AssertionError();
        }
        Preconditions.checkNotNull(iNodesInPath);
        INodesInPath parentINodesInPath = iNodesInPath.getParentINodesInPath();
        if (parentINodesInPath == null) {
            return null;
        }
        return getEncryptionZoneForPath(parentINodesInPath);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public EncryptionZone getEZINodeForPath(INodesInPath iNodesInPath) throws IOException {
        EncryptionZoneInt encryptionZoneForPath = getEncryptionZoneForPath(iNodesInPath);
        if (encryptionZoneForPath == null) {
            return null;
        }
        return new EncryptionZone(encryptionZoneForPath.getINodeId(), getFullPathName(encryptionZoneForPath), encryptionZoneForPath.getSuite(), encryptionZoneForPath.getVersion(), encryptionZoneForPath.getKeyName());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkMoveValidity(INodesInPath iNodesInPath, INodesInPath iNodesInPath2) throws IOException {
        if (!$assertionsDisabled && !this.dir.hasReadLock()) {
            throw new AssertionError();
        }
        if (hasCreatedEncryptionZone()) {
            EncryptionZoneInt parentEncryptionZoneForPath = getParentEncryptionZoneForPath(iNodesInPath);
            EncryptionZoneInt parentEncryptionZoneForPath2 = getParentEncryptionZoneForPath(iNodesInPath2);
            boolean z = parentEncryptionZoneForPath != null;
            boolean z2 = parentEncryptionZoneForPath2 != null;
            if (z && !z2) {
                throw new IOException(iNodesInPath.getPath() + " can't be moved from an encryption zone.");
            }
            if (z2 && !z) {
                throw new IOException(iNodesInPath.getPath() + " can't be moved into an encryption zone.");
            }
            if (!z || parentEncryptionZoneForPath.equals(parentEncryptionZoneForPath2)) {
                return;
            }
            throw new IOException(iNodesInPath.getPath() + " can't be moved from encryption zone " + getFullPathName(parentEncryptionZoneForPath) + " to encryption zone " + getFullPathName(parentEncryptionZoneForPath2) + ".");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public XAttr createEncryptionZone(INodesInPath iNodesInPath, CipherSuite cipherSuite, CryptoProtocolVersion cryptoProtocolVersion, String str) throws IOException {
        if (!$assertionsDisabled && !this.dir.hasWriteLock()) {
            throw new AssertionError();
        }
        if (iNodesInPath.getLastINode() == null) {
            throw new FileNotFoundException("cannot find " + iNodesInPath.getPath());
        }
        if (this.dir.isNonEmptyDirectory(iNodesInPath)) {
            throw new IOException("Attempt to create an encryption zone for a non-empty directory.");
        }
        INode lastINode = iNodesInPath.getLastINode();
        if (!lastINode.isDirectory()) {
            throw new IOException("Attempt to create an encryption zone for a file.");
        }
        if (hasCreatedEncryptionZone() && this.encryptionZones.get(Long.valueOf(lastINode.getId())) != null) {
            throw new IOException("Directory " + iNodesInPath.getPath() + " is already an encryption zone.");
        }
        XAttr buildXAttr = XAttrHelper.buildXAttr(HdfsServerConstants.CRYPTO_XATTR_ENCRYPTION_ZONE, PBHelperClient.convert(cipherSuite, cryptoProtocolVersion, str).toByteArray());
        ArrayList newArrayListWithCapacity = Lists.newArrayListWithCapacity(1);
        newArrayListWithCapacity.add(buildXAttr);
        FSDirXAttrOp.unprotectedSetXAttrs(this.dir, iNodesInPath, newArrayListWithCapacity, EnumSet.of(XAttrSetFlag.CREATE));
        return buildXAttr;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public BatchedRemoteIterator.BatchedListEntries<EncryptionZone> listEncryptionZones(long j) throws IOException {
        if (!$assertionsDisabled && !this.dir.hasReadLock()) {
            throw new AssertionError();
        }
        if (!hasCreatedEncryptionZone()) {
            return new BatchedRemoteIterator.BatchedListEntries<>(Lists.newArrayList(), false);
        }
        NavigableMap<Long, EncryptionZoneInt> tailMap = this.encryptionZones.tailMap(Long.valueOf(j), false);
        int min = Math.min(this.maxListEncryptionZonesResponses, tailMap.size());
        ArrayList newArrayListWithExpectedSize = Lists.newArrayListWithExpectedSize(min);
        int i = 0;
        for (EncryptionZoneInt encryptionZoneInt : tailMap.values()) {
            String fullPathName = getFullPathName(encryptionZoneInt);
            this.dir.getInode(encryptionZoneInt.getINodeId());
            INode lastINode = INode.isValidAbsolutePath(fullPathName) ? this.dir.getINodesInPath(fullPathName, FSDirectory.DirOp.READ_LINK).getLastINode() : null;
            if (lastINode != null && lastINode.getId() == encryptionZoneInt.getINodeId()) {
                newArrayListWithExpectedSize.add(new EncryptionZone(encryptionZoneInt.getINodeId(), fullPathName, encryptionZoneInt.getSuite(), encryptionZoneInt.getVersion(), encryptionZoneInt.getKeyName()));
                i++;
                if (i >= min) {
                    break;
                }
            }
        }
        return new BatchedRemoteIterator.BatchedListEntries<>(newArrayListWithExpectedSize, min < tailMap.size());
    }

    public int getNumEncryptionZones() {
        if (hasCreatedEncryptionZone()) {
            return this.encryptionZones.size();
        }
        return 0;
    }

    public boolean hasCreatedEncryptionZone() {
        return this.encryptionZones != null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String[] getKeyNames() {
        if (!$assertionsDisabled && !this.dir.hasReadLock()) {
            throw new AssertionError();
        }
        if (!hasCreatedEncryptionZone()) {
            return new String[0];
        }
        String[] strArr = new String[this.encryptionZones.size()];
        int i = 0;
        Iterator<Map.Entry<Long, EncryptionZoneInt>> it = this.encryptionZones.entrySet().iterator();
        while (it.hasNext()) {
            int i2 = i;
            i++;
            strArr[i2] = it.next().getValue().getKeyName();
        }
        return strArr;
    }

    static {
        $assertionsDisabled = !EncryptionZoneManager.class.desiredAssertionStatus();
        LOG = LoggerFactory.getLogger((Class<?>) EncryptionZoneManager.class);
    }
}
