package org.apache.hadoop.yarn.server.resourcemanager.security;

import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import java.util.Timer;
import java.util.TimerTask;
import javax.crypto.SecretKey;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.token.SecretManager;
import org.apache.hadoop.security.token.Token;
import org.apache.hadoop.yarn.api.records.ApplicationAttemptId;
import org.apache.hadoop.yarn.security.AMRMTokenIdentifier;

/* loaded from: input_file:org/apache/hadoop/yarn/server/resourcemanager/security/AMRMTokenSecretManager.class */
public class AMRMTokenSecretManager extends SecretManager<AMRMTokenIdentifier> {
    private static final Log LOG = LogFactory.getLog(AMRMTokenSecretManager.class);
    private SecretKey masterKey;
    private final Timer timer;
    private final long rollingInterval;
    private final Map<ApplicationAttemptId, byte[]> passwords = new HashMap();

    /* loaded from: input_file:org/apache/hadoop/yarn/server/resourcemanager/security/AMRMTokenSecretManager$MasterKeyRoller.class */
    private class MasterKeyRoller extends TimerTask {
        private MasterKeyRoller() {
        }

        @Override // java.util.TimerTask, java.lang.Runnable
        public void run() {
            AMRMTokenSecretManager.this.rollMasterKey();
        }
    }

    public AMRMTokenSecretManager(Configuration configuration) {
        rollMasterKey();
        this.timer = new Timer();
        this.rollingInterval = configuration.getLong("yarn.resourcemanager.am-rm-tokens.master-key-rolling-interval-secs", 86400L) * 1000;
    }

    public void start() {
        this.timer.scheduleAtFixedRate(new MasterKeyRoller(), 0L, this.rollingInterval);
    }

    public void stop() {
        this.timer.cancel();
    }

    public synchronized void applicationMasterFinished(ApplicationAttemptId applicationAttemptId) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Application finished, removing password for " + applicationAttemptId);
        }
        this.passwords.remove(applicationAttemptId);
    }

    @InterfaceAudience.Private
    public synchronized void setMasterKey(SecretKey secretKey) {
        this.masterKey = secretKey;
    }

    @InterfaceAudience.Private
    public synchronized SecretKey getMasterKey() {
        return this.masterKey;
    }

    @InterfaceAudience.Private
    synchronized void rollMasterKey() {
        LOG.info("Rolling master-key for amrm-tokens");
        this.masterKey = generateSecret();
    }

    public synchronized byte[] createPassword(AMRMTokenIdentifier aMRMTokenIdentifier) {
        ApplicationAttemptId applicationAttemptId = aMRMTokenIdentifier.getApplicationAttemptId();
        if (LOG.isDebugEnabled()) {
            LOG.debug("Creating password for " + applicationAttemptId);
        }
        byte[] createPassword = createPassword(aMRMTokenIdentifier.getBytes(), this.masterKey);
        this.passwords.put(applicationAttemptId, createPassword);
        return createPassword;
    }

    public synchronized void addPersistedPassword(Token<AMRMTokenIdentifier> token) throws IOException {
        AMRMTokenIdentifier decodeIdentifier = token.decodeIdentifier();
        if (LOG.isDebugEnabled()) {
            LOG.debug("Adding password for " + decodeIdentifier.getApplicationAttemptId());
        }
        this.passwords.put(decodeIdentifier.getApplicationAttemptId(), token.getPassword());
    }

    public synchronized byte[] retrievePassword(AMRMTokenIdentifier aMRMTokenIdentifier) throws SecretManager.InvalidToken {
        ApplicationAttemptId applicationAttemptId = aMRMTokenIdentifier.getApplicationAttemptId();
        if (LOG.isDebugEnabled()) {
            LOG.debug("Trying to retrieve password for " + applicationAttemptId);
        }
        byte[] bArr = this.passwords.get(applicationAttemptId);
        if (bArr == null) {
            throw new SecretManager.InvalidToken("Password not found for ApplicationAttempt " + applicationAttemptId);
        }
        return bArr;
    }

    /* renamed from: createIdentifier, reason: merged with bridge method [inline-methods] */
    public AMRMTokenIdentifier m96createIdentifier() {
        return new AMRMTokenIdentifier();
    }
}
