package org.apache.hadoop.ozone.om;

import com.google.common.base.Preconditions;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
import org.apache.hadoop.ozone.OmUtils;
import org.apache.hadoop.ozone.om.helpers.S3SecretValue;
import org.apache.hadoop.ozone.protocol.proto.OzoneManagerProtocolProtos;
import org.apache.hadoop.ozone.security.OzoneSecurityException;
import org.apache.logging.log4j.util.Strings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/ozone/om/S3SecretManagerImpl.class */
public class S3SecretManagerImpl implements S3SecretManager {
    private static final Logger LOG = LoggerFactory.getLogger(S3SecretManagerImpl.class);
    private final OMMetadataManager omMetadataManager;
    private final OzoneConfiguration configuration;

    public S3SecretManagerImpl(OzoneConfiguration ozoneConfiguration, OMMetadataManager oMMetadataManager) {
        this.configuration = ozoneConfiguration;
        this.omMetadataManager = oMMetadataManager;
    }

    @Override // org.apache.hadoop.ozone.om.S3SecretManager
    public S3SecretValue getS3Secret(String str) throws IOException {
        S3SecretValue fromProtobuf;
        Preconditions.checkArgument(Strings.isNotBlank(str), "kerberosID cannot be null or empty.");
        byte[] bytes = str.getBytes(StandardCharsets.UTF_8);
        this.omMetadataManager.getLock().acquireS3SecretLock(str);
        try {
            byte[] bArr = (byte[]) this.omMetadataManager.getS3SecretTable().get(bytes);
            if (bArr == null) {
                fromProtobuf = new S3SecretValue(str, DigestUtils.sha256Hex(OmUtils.getSHADigest()));
                this.omMetadataManager.getS3SecretTable().put(bytes, fromProtobuf.getProtobuf().toByteArray());
            } else {
                fromProtobuf = S3SecretValue.fromProtobuf(OzoneManagerProtocolProtos.S3Secret.parseFrom(bArr));
            }
            LOG.trace("Secret for accessKey:{}, proto:{}", str, fromProtobuf);
            return fromProtobuf;
        } finally {
            this.omMetadataManager.getLock().releaseS3SecretLock(str);
        }
    }

    @Override // org.apache.hadoop.ozone.om.S3SecretManager
    public String getS3UserSecretString(String str) throws IOException {
        Preconditions.checkArgument(Strings.isNotBlank(str), "awsAccessKeyId cannot be null or empty.");
        LOG.trace("Get secret for awsAccessKey:{}", str);
        this.omMetadataManager.getLock().acquireS3SecretLock(str);
        try {
            byte[] bArr = (byte[]) this.omMetadataManager.getS3SecretTable().get(str.getBytes(StandardCharsets.UTF_8));
            if (bArr == null) {
                throw new OzoneSecurityException("S3 secret not found for awsAccessKeyId " + str, OzoneSecurityException.ResultCodes.S3_SECRET_NOT_FOUND);
            }
            return OzoneManagerProtocolProtos.S3Secret.parseFrom(bArr).getAwsSecret();
        } finally {
            this.omMetadataManager.getLock().releaseS3SecretLock(str);
        }
    }

    public OMMetadataManager getOmMetadataManager() {
        return this.omMetadataManager;
    }
}
