package org.apache.storm.security.auth.workertoken;

import java.nio.ByteBuffer;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import org.apache.storm.DaemonConfig;
import org.apache.storm.cluster.IStormClusterState;
import org.apache.storm.generated.PrivateWorkerKey;
import org.apache.storm.generated.WorkerToken;
import org.apache.storm.generated.WorkerTokenInfo;
import org.apache.storm.generated.WorkerTokenServiceType;
import org.apache.storm.security.auth.ClientAuthUtils;
import org.apache.storm.utils.ObjectReader;
import org.apache.storm.utils.Time;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/storm/security/auth/workertoken/WorkerTokenManager.class */
public class WorkerTokenManager {
    private static final Logger LOG = LoggerFactory.getLogger(WorkerTokenManager.class);
    private static final int KEY_LENGTH = 256;
    private final KeyGenerator keyGen;
    private final IStormClusterState state;
    private final long tokenLifetimeMillis;

    public WorkerTokenManager(Map<String, Object> map, IStormClusterState iStormClusterState) {
        this.state = iStormClusterState;
        try {
            this.keyGen = KeyGenerator.getInstance("HmacSHA256");
            this.keyGen.init(KEY_LENGTH);
            this.tokenLifetimeMillis = TimeUnit.MILLISECONDS.convert(ObjectReader.getLong(map.get(DaemonConfig.STORM_WORKER_TOKEN_LIFE_TIME_HOURS), 24L).longValue(), TimeUnit.HOURS);
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalArgumentException("Can't find HmacSHA256 algorithm.");
        }
    }

    protected SecretKey generateSecret() {
        SecretKey generateKey;
        synchronized (this.keyGen) {
            generateKey = this.keyGen.generateKey();
        }
        return generateKey;
    }

    protected SecretKey getCurrentSecret() {
        return generateSecret();
    }

    public WorkerToken createOrUpdateTokenFor(WorkerTokenServiceType workerTokenServiceType, String str, String str2) {
        long nextPrivateWorkerKeyVersion = this.state.getNextPrivateWorkerKeyVersion(workerTokenServiceType, str2);
        SecretKey currentSecret = getCurrentSecret();
        long currentTimeMillis = Time.currentTimeMillis() + this.tokenLifetimeMillis;
        byte[] serializeWorkerTokenInfo = ClientAuthUtils.serializeWorkerTokenInfo(new WorkerTokenInfo(str, str2, nextPrivateWorkerKeyVersion, currentTimeMillis));
        WorkerToken workerToken = new WorkerToken(workerTokenServiceType, ByteBuffer.wrap(serializeWorkerTokenInfo), ByteBuffer.wrap(WorkerTokenSigner.createPassword(serializeWorkerTokenInfo, currentSecret)));
        this.state.addPrivateWorkerKey(workerTokenServiceType, str2, nextPrivateWorkerKeyVersion, new PrivateWorkerKey(ByteBuffer.wrap(currentSecret.getEncoded()), str, currentTimeMillis));
        LOG.info("Created new WorkerToken for user {} topology {} on service {}", new Object[]{str, str2, workerTokenServiceType});
        return workerToken;
    }

    public void upsertWorkerTokensInCredsForTopo(Map<String, String> map, String str, String str2) {
        Arrays.stream(WorkerTokenServiceType.values()).filter(workerTokenServiceType -> {
            return shouldRenewWorkerToken(map, workerTokenServiceType);
        }).forEach(workerTokenServiceType2 -> {
            ClientAuthUtils.setWorkerToken(map, createOrUpdateTokenFor(workerTokenServiceType2, str, str2));
        });
    }

    /* JADX WARN: Code restructure failed: missing block: B:10:0x002f, code lost:
    
        if ((r0.get_expirationTimeMillis() - org.apache.storm.utils.Time.currentTimeMillis()) > (r7.tokenLifetimeMillis / 2)) goto L8;
     */
    @com.google.common.annotations.VisibleForTesting
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public boolean shouldRenewWorkerToken(java.util.Map<java.lang.String, java.lang.String> r8, org.apache.storm.generated.WorkerTokenServiceType r9) {
        /*
            r7 = this;
            r0 = 1
            r10 = r0
            r0 = r8
            r1 = r9
            org.apache.storm.generated.WorkerToken r0 = org.apache.storm.security.auth.ClientAuthUtils.readWorkerToken(r0, r1)
            r11 = r0
            r0 = r11
            if (r0 == 0) goto L45
            r0 = r11
            org.apache.storm.generated.WorkerTokenInfo r0 = org.apache.storm.security.auth.ClientAuthUtils.getWorkerTokenInfo(r0)     // Catch: java.lang.Exception -> L37
            r12 = r0
            r0 = r12
            boolean r0 = r0.is_set_expirationTimeMillis()     // Catch: java.lang.Exception -> L37
            if (r0 == 0) goto L32
            r0 = r12
            long r0 = r0.get_expirationTimeMillis()     // Catch: java.lang.Exception -> L37
            long r1 = org.apache.storm.utils.Time.currentTimeMillis()     // Catch: java.lang.Exception -> L37
            long r0 = r0 - r1
            r1 = r7
            long r1 = r1.tokenLifetimeMillis     // Catch: java.lang.Exception -> L37
            r2 = 2
            long r1 = r1 / r2
            int r0 = (r0 > r1 ? 1 : (r0 == r1 ? 0 : -1))
            if (r0 <= 0) goto L34
        L32:
            r0 = 0
            r10 = r0
        L34:
            goto L45
        L37:
            r12 = move-exception
            org.slf4j.Logger r0 = org.apache.storm.security.auth.workertoken.WorkerTokenManager.LOG
            java.lang.String r1 = "Could not deserialize token info"
            r2 = r12
            r0.error(r1, r2)
        L45:
            r0 = r10
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.storm.security.auth.workertoken.WorkerTokenManager.shouldRenewWorkerToken(java.util.Map, org.apache.storm.generated.WorkerTokenServiceType):boolean");
    }
}
