package org.apache.hadoop.yarn.server.security;

import java.security.SecureRandom;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.hadoop.classification.InterfaceAudience;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.security.token.SecretManager;
import org.apache.hadoop.yarn.security.ContainerTokenIdentifier;
import org.apache.hadoop.yarn.server.api.records.MasterKey;

/* JADX WARN: Classes with same name are omitted:
  input_file:classes/org/apache/hadoop/yarn/server/security/BaseContainerTokenSecretManager.class
 */
/* loaded from: input_file:hadoop-yarn-server-common-2.10.1.jar:org/apache/hadoop/yarn/server/security/BaseContainerTokenSecretManager.class */
public class BaseContainerTokenSecretManager extends SecretManager<ContainerTokenIdentifier> {
    private static Log LOG = LogFactory.getLog(BaseContainerTokenSecretManager.class);
    protected int serialNo = new SecureRandom().nextInt();
    protected final ReadWriteLock readWriteLock = new ReentrantReadWriteLock();
    protected final Lock readLock = this.readWriteLock.readLock();
    protected final Lock writeLock = this.readWriteLock.writeLock();
    protected MasterKeyData currentMasterKey;
    protected final long containerTokenExpiryInterval;

    public BaseContainerTokenSecretManager(Configuration configuration) {
        this.containerTokenExpiryInterval = configuration.getInt("yarn.resourcemanager.rm.container-allocation.expiry-interval-ms", 600000);
    }

    protected MasterKeyData createNewMasterKey() {
        this.writeLock.lock();
        try {
            int i = this.serialNo;
            this.serialNo = i + 1;
            MasterKeyData masterKeyData = new MasterKeyData(i, generateSecret());
            this.writeLock.unlock();
            return masterKeyData;
        } catch (Throwable th) {
            this.writeLock.unlock();
            throw th;
        }
    }

    @InterfaceAudience.Private
    public MasterKey getCurrentKey() {
        this.readLock.lock();
        try {
            MasterKey masterKey = this.currentMasterKey.getMasterKey();
            this.readLock.unlock();
            return masterKey;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // 
    public byte[] createPassword(ContainerTokenIdentifier containerTokenIdentifier) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Creating password for " + containerTokenIdentifier.getContainerID() + " for user " + containerTokenIdentifier.getUser() + " to be run on NM " + containerTokenIdentifier.getNmHostAddress());
        }
        this.readLock.lock();
        try {
            byte[] createPassword = createPassword(containerTokenIdentifier.getBytes(), this.currentMasterKey.getSecretKey());
            this.readLock.unlock();
            return createPassword;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    public byte[] retrievePassword(ContainerTokenIdentifier containerTokenIdentifier) throws SecretManager.InvalidToken {
        this.readLock.lock();
        try {
            byte[] retrievePasswordInternal = retrievePasswordInternal(containerTokenIdentifier, this.currentMasterKey);
            this.readLock.unlock();
            return retrievePasswordInternal;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    protected byte[] retrievePasswordInternal(ContainerTokenIdentifier containerTokenIdentifier, MasterKeyData masterKeyData) throws SecretManager.InvalidToken {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Retrieving password for " + containerTokenIdentifier.getContainerID() + " for user " + containerTokenIdentifier.getUser() + " to be run on NM " + containerTokenIdentifier.getNmHostAddress());
        }
        return createPassword(containerTokenIdentifier.getBytes(), masterKeyData.getSecretKey());
    }

    /* renamed from: createIdentifier, reason: merged with bridge method [inline-methods] */
    public ContainerTokenIdentifier m1898createIdentifier() {
        return new ContainerTokenIdentifier();
    }
}
