package org.apache.hadoop.hdfs.server.namenode;

import com.google.common.base.Preconditions;
import com.google.common.collect.Lists;
import java.io.IOException;
import java.util.ArrayList;
import java.util.EnumSet;
import java.util.NavigableMap;
import java.util.TreeMap;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.crypto.CipherSuite;
import org.apache.hadoop.crypto.CryptoProtocolVersion;
import org.apache.hadoop.fs.BatchedRemoteIterator;
import org.apache.hadoop.fs.UnresolvedLinkException;
import org.apache.hadoop.fs.XAttr;
import org.apache.hadoop.fs.XAttrSetFlag;
import org.apache.hadoop.hdfs.DFSConfigKeys;
import org.apache.hadoop.hdfs.XAttrHelper;
import org.apache.hadoop.hdfs.protocol.EncryptionZone;
import org.apache.hadoop.hdfs.protocol.SnapshotAccessControlException;
import org.apache.hadoop.hdfs.protocolPB.PBHelper;
import org.apache.hadoop.hdfs.server.common.HdfsServerConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes2.dex */
public class EncryptionZoneManager {
    static final /* synthetic */ boolean $assertionsDisabled = false;
    public static Logger LOG = LoggerFactory.getLogger(EncryptionZoneManager.class);
    private final FSDirectory dir;
    private final TreeMap<Long, EncryptionZoneInt> encryptionZones = new TreeMap<>();
    private final int maxListEncryptionZonesResponses;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static class EncryptionZoneInt {
        private final long inodeId;
        private final String keyName;
        private final CipherSuite suite;
        private final CryptoProtocolVersion version;

        EncryptionZoneInt(long j, CipherSuite cipherSuite, CryptoProtocolVersion cryptoProtocolVersion, String str) {
            Preconditions.checkArgument(cipherSuite != CipherSuite.UNKNOWN);
            Preconditions.checkArgument(cryptoProtocolVersion != CryptoProtocolVersion.UNKNOWN);
            this.inodeId = j;
            this.suite = cipherSuite;
            this.version = cryptoProtocolVersion;
            this.keyName = str;
        }

        long getINodeId() {
            return this.inodeId;
        }

        String getKeyName() {
            return this.keyName;
        }

        CipherSuite getSuite() {
            return this.suite;
        }

        CryptoProtocolVersion getVersion() {
            return this.version;
        }
    }

    public EncryptionZoneManager(FSDirectory fSDirectory, Configuration configuration) {
        this.dir = fSDirectory;
        int i = configuration.getInt(DFSConfigKeys.DFS_NAMENODE_LIST_ENCRYPTION_ZONES_NUM_RESPONSES, 100);
        this.maxListEncryptionZonesResponses = i;
        Preconditions.checkArgument(i >= 0, "dfs.namenode.list.encryption.zones.num.responses must be a positive integer.");
    }

    private EncryptionZoneInt getEncryptionZoneForPath(INodesInPath iNodesInPath) {
        EncryptionZoneInt encryptionZoneInt;
        Preconditions.checkNotNull(iNodesInPath);
        INode[] iNodes = iNodesInPath.getINodes();
        for (int length = iNodes.length - 1; length >= 0; length--) {
            INode iNode = iNodes[length];
            if (iNode != null && (encryptionZoneInt = this.encryptionZones.get(Long.valueOf(iNode.getId()))) != null) {
                return encryptionZoneInt;
            }
        }
        return null;
    }

    private String getFullPathName(EncryptionZoneInt encryptionZoneInt) {
        return this.dir.getInode(encryptionZoneInt.getINodeId()).getFullPathName();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void addEncryptionZone(Long l, CipherSuite cipherSuite, CryptoProtocolVersion cryptoProtocolVersion, String str) {
        unprotectedAddEncryptionZone(l, cipherSuite, cryptoProtocolVersion, str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkMoveValidity(INodesInPath iNodesInPath, INodesInPath iNodesInPath2, String str) throws IOException {
        EncryptionZoneInt encryptionZoneForPath = getEncryptionZoneForPath(iNodesInPath);
        EncryptionZoneInt encryptionZoneForPath2 = getEncryptionZoneForPath(iNodesInPath2);
        boolean z = encryptionZoneForPath != null;
        boolean z2 = encryptionZoneForPath2 != null;
        if (z) {
            if (!z2) {
                throw new IOException(str + " can't be moved from an encryption zone.");
            }
        } else if (z2) {
            throw new IOException(str + " can't be moved into an encryption zone.");
        }
        if (z || z2) {
            Preconditions.checkState(encryptionZoneForPath != null, "couldn't find src EZ?");
            Preconditions.checkState(encryptionZoneForPath2 != null, "couldn't find dst EZ?");
            if (encryptionZoneForPath == encryptionZoneForPath2) {
                return;
            }
            throw new IOException(str + " can't be moved from encryption zone " + getFullPathName(encryptionZoneForPath) + " to encryption zone " + getFullPathName(encryptionZoneForPath2) + ".");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public XAttr createEncryptionZone(String str, CipherSuite cipherSuite, CryptoProtocolVersion cryptoProtocolVersion, String str2) throws IOException {
        if (this.dir.isNonEmptyDirectory(str)) {
            throw new IOException("Attempt to create an encryption zone for a non-empty directory.");
        }
        INodesInPath iNodesInPath4Write = this.dir.getINodesInPath4Write(str, false);
        if (iNodesInPath4Write != null && iNodesInPath4Write.getLastINode() != null && !iNodesInPath4Write.getLastINode().isDirectory()) {
            throw new IOException("Attempt to create an encryption zone for a file.");
        }
        EncryptionZoneInt encryptionZoneForPath = getEncryptionZoneForPath(iNodesInPath4Write);
        if (encryptionZoneForPath == null) {
            XAttr buildXAttr = XAttrHelper.buildXAttr(HdfsServerConstants.CRYPTO_XATTR_ENCRYPTION_ZONE, PBHelper.convert(cipherSuite, cryptoProtocolVersion, str2).toByteArray());
            ArrayList newArrayListWithCapacity = Lists.newArrayListWithCapacity(1);
            newArrayListWithCapacity.add(buildXAttr);
            this.dir.unprotectedSetXAttrs(str, newArrayListWithCapacity, EnumSet.of(XAttrSetFlag.CREATE));
            return buildXAttr;
        }
        throw new IOException("Directory " + str + " is already in an encryption zone. (" + getFullPathName(encryptionZoneForPath) + ")");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public EncryptionZone getEZINodeForPath(INodesInPath iNodesInPath) {
        EncryptionZoneInt encryptionZoneForPath = getEncryptionZoneForPath(iNodesInPath);
        if (encryptionZoneForPath == null) {
            return null;
        }
        return new EncryptionZone(encryptionZoneForPath.getINodeId(), getFullPathName(encryptionZoneForPath), encryptionZoneForPath.getSuite(), encryptionZoneForPath.getVersion(), encryptionZoneForPath.getKeyName());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getKeyName(INodesInPath iNodesInPath) {
        EncryptionZoneInt encryptionZoneForPath = getEncryptionZoneForPath(iNodesInPath);
        if (encryptionZoneForPath == null) {
            return null;
        }
        return encryptionZoneForPath.getKeyName();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isInAnEZ(INodesInPath iNodesInPath) throws UnresolvedLinkException, SnapshotAccessControlException {
        return getEncryptionZoneForPath(iNodesInPath) != null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public BatchedRemoteIterator.BatchedListEntries<EncryptionZone> listEncryptionZones(long j) throws IOException {
        NavigableMap<Long, EncryptionZoneInt> tailMap = this.encryptionZones.tailMap(Long.valueOf(j), false);
        int min = Math.min(this.maxListEncryptionZonesResponses, tailMap.size());
        ArrayList newArrayListWithExpectedSize = Lists.newArrayListWithExpectedSize(min);
        int i = 0;
        for (EncryptionZoneInt encryptionZoneInt : tailMap.values()) {
            String fullPathName = getFullPathName(encryptionZoneInt);
            INode lastINode = this.dir.getINodesInPath(fullPathName, false).getLastINode();
            if (lastINode != null && lastINode.getId() == encryptionZoneInt.getINodeId()) {
                newArrayListWithExpectedSize.add(new EncryptionZone(encryptionZoneInt.getINodeId(), fullPathName, encryptionZoneInt.getSuite(), encryptionZoneInt.getVersion(), encryptionZoneInt.getKeyName()));
                i++;
                if (i >= min) {
                    break;
                }
            }
        }
        return new BatchedRemoteIterator.BatchedListEntries<>(newArrayListWithExpectedSize, min < tailMap.size());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void removeEncryptionZone(Long l) {
        this.encryptionZones.remove(l);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void unprotectedAddEncryptionZone(Long l, CipherSuite cipherSuite, CryptoProtocolVersion cryptoProtocolVersion, String str) {
        this.encryptionZones.put(l, new EncryptionZoneInt(l.longValue(), cipherSuite, cryptoProtocolVersion, str));
    }
}
