package org.apache.hadoop.fs.s3a.s3guard;

import com.amazonaws.AmazonClientException;
import com.amazonaws.SdkBaseException;
import com.amazonaws.services.dynamodbv2.AmazonDynamoDB;
import com.amazonaws.services.dynamodbv2.document.DynamoDB;
import com.amazonaws.services.dynamodbv2.document.Item;
import com.amazonaws.services.dynamodbv2.document.PrimaryKey;
import com.amazonaws.services.dynamodbv2.document.PutItemOutcome;
import com.amazonaws.services.dynamodbv2.document.Table;
import com.amazonaws.services.dynamodbv2.model.AmazonDynamoDBException;
import com.amazonaws.services.dynamodbv2.model.BillingMode;
import com.amazonaws.services.dynamodbv2.model.CreateTableRequest;
import com.amazonaws.services.dynamodbv2.model.ListTagsOfResourceRequest;
import com.amazonaws.services.dynamodbv2.model.ProvisionedThroughput;
import com.amazonaws.services.dynamodbv2.model.ProvisionedThroughputDescription;
import com.amazonaws.services.dynamodbv2.model.ResourceInUseException;
import com.amazonaws.services.dynamodbv2.model.ResourceNotFoundException;
import com.amazonaws.services.dynamodbv2.model.SSESpecification;
import com.amazonaws.services.dynamodbv2.model.ScanRequest;
import com.amazonaws.services.dynamodbv2.model.TableDescription;
import com.amazonaws.services.dynamodbv2.model.Tag;
import com.amazonaws.services.dynamodbv2.model.TagResourceRequest;
import com.amazonaws.waiters.WaiterTimedOutException;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InterruptedIOException;
import java.nio.file.AccessDeniedException;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import org.apache.commons.lang3.StringUtils;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.s3a.AWSClientIOException;
import org.apache.hadoop.fs.s3a.Constants;
import org.apache.hadoop.fs.s3a.Invoker;
import org.apache.hadoop.fs.s3a.S3AUtils;
import org.apache.hadoop.io.retry.RetryPolicies;
import org.apache.hadoop.io.retry.RetryPolicy;
import org.apache.hadoop.thirdparty.com.google.common.annotations.VisibleForTesting;
import org.apache.hadoop.thirdparty.com.google.common.base.Preconditions;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/fs/s3a/s3guard/DynamoDBMetadataStoreTableManager.class */
public class DynamoDBMetadataStoreTableManager {
    public static final Logger LOG = LoggerFactory.getLogger(DynamoDBMetadataStoreTableManager.class);
    public static final String E_NO_VERSION_MARKER_AND_NOT_EMPTY = "S3Guard table lacks version marker, and it is not empty.";
    public static final String E_INCOMPATIBLE_TAG_VERSION = "Database table is from an incompatible S3Guard version based on table TAG.";
    public static final String E_INCOMPATIBLE_ITEM_VERSION = "Database table is from an incompatible S3Guard version based on table ITEM.";
    public static final String SSE_DEFAULT_MASTER_KEY = "alias/aws/dynamodb";
    private Invoker invoker = new Invoker(RetryPolicies.TRY_ONCE_THEN_FAIL, Invoker.NO_OP);
    private final AmazonDynamoDB amazonDynamoDB;
    private final DynamoDB dynamoDB;
    private final String tableName;
    private final String region;
    private final Configuration conf;
    private final Invoker readOp;
    private final RetryPolicy batchWriteRetryPolicy;
    private Table table;
    private String tableArn;

    public DynamoDBMetadataStoreTableManager(DynamoDB dynamoDB, String str, String str2, AmazonDynamoDB amazonDynamoDB, Configuration configuration, Invoker invoker, RetryPolicy retryPolicy) {
        this.dynamoDB = dynamoDB;
        this.amazonDynamoDB = amazonDynamoDB;
        this.tableName = str;
        this.region = str2;
        this.conf = configuration;
        this.readOp = invoker;
        this.batchWriteRetryPolicy = retryPolicy;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    public Table initTable() throws IOException {
        ProvisionedThroughput provisionedThroughput;
        this.table = this.dynamoDB.getTable(this.tableName);
        try {
            try {
                LOG.debug("Binding to table {}", this.tableName);
                TableDescription describe = this.table.describe();
                LOG.debug("Table state: {}", describe);
                this.tableArn = describe.getTableArn();
                String tableStatus = describe.getTableStatus();
                boolean z = -1;
                switch (tableStatus.hashCode()) {
                    case -1691918663:
                        if (tableStatus.equals("CREATING")) {
                            z = false;
                            break;
                        }
                        break;
                    case 1602343848:
                        if (tableStatus.equals("DELETING")) {
                            z = true;
                            break;
                        }
                        break;
                    case 1925346054:
                        if (tableStatus.equals("ACTIVE")) {
                            z = 3;
                            break;
                        }
                        break;
                    case 2105227078:
                        if (tableStatus.equals("UPDATING")) {
                            z = 2;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                        LOG.debug("Table {} in region {} is being created/updated. This may indicate that the table is being operated by another concurrent thread or process. Waiting for active...", this.tableName, this.region);
                        waitForTableActive(this.table);
                        break;
                    case true:
                        throw new FileNotFoundException("DynamoDB table '" + this.tableName + "' is being deleted in region " + this.region);
                    case true:
                        LOG.debug("Table is being updated.");
                        break;
                    case true:
                        break;
                    default:
                        throw new IOException("Unknown DynamoDB table status " + tableStatus + ": tableName='" + this.tableName + "', region=" + this.region);
                }
                verifyVersionCompatibility();
                Long extractCreationTimeFromMarker = PathMetadataDynamoDBTranslation.extractCreationTimeFromMarker(getVersionMarkerItem());
                Logger logger = LOG;
                Object[] objArr = new Object[3];
                objArr[0] = this.tableName;
                objArr[1] = this.region;
                objArr[2] = extractCreationTimeFromMarker != null ? new Date(extractCreationTimeFromMarker.longValue()) : null;
                logger.debug("Using existing DynamoDB table {} in region {} created {}", objArr);
            } catch (ResourceNotFoundException e) {
                if (!this.conf.getBoolean(Constants.S3GUARD_DDB_TABLE_CREATE_KEY, false)) {
                    throw ((FileNotFoundException) new FileNotFoundException("DynamoDB table '" + this.tableName + "' does not exist in region " + this.region + "; auto-creation is turned off").initCause(e));
                }
                long j = this.conf.getLong(Constants.S3GUARD_DDB_TABLE_CAPACITY_READ_KEY, 0L);
                long j2 = this.conf.getLong(Constants.S3GUARD_DDB_TABLE_CAPACITY_WRITE_KEY, 0L);
                if (j <= 0 || j2 <= 0) {
                    Preconditions.checkArgument(j == 0 && j2 == 0, "S3Guard table read capacity %d and and write capacity %d are inconsistent", j, j2);
                    provisionedThroughput = null;
                } else {
                    provisionedThroughput = new ProvisionedThroughput(Long.valueOf(j), Long.valueOf(j2));
                }
                createTable(provisionedThroughput);
            }
            return this.table;
        } catch (AmazonClientException e2) {
            throw S3AUtils.translateException("initTable", this.tableName, e2);
        }
    }

    protected void tagTableWithVersionMarker() throws AmazonDynamoDBException {
        try {
            this.amazonDynamoDB.tagResource(new TagResourceRequest().withResourceArn(this.table.getDescription().getTableArn()).withTags(newVersionMarkerTag()));
        } catch (AmazonDynamoDBException e) {
            LOG.debug("Exception during tagging table: {}", e.getMessage(), e);
        }
    }

    protected static Item getVersionMarkerFromTags(Table table, AmazonDynamoDB amazonDynamoDB) throws IOException {
        try {
            List<Tag> tags = amazonDynamoDB.listTagsOfResource(new ListTagsOfResourceRequest().withResourceArn(table.describe().getTableArn())).getTags();
            if (tags == null) {
                return null;
            }
            Optional<Tag> findFirst = tags.stream().filter(tag -> {
                return tag.getKey().equals(DynamoDBMetadataStore.VERSION_MARKER_TAG_NAME);
            }).findFirst();
            if (!findFirst.isPresent()) {
                return null;
            }
            Tag tag2 = findFirst.get();
            return PathMetadataDynamoDBTranslation.createVersionMarker(tag2.getKey(), Integer.parseInt(tag2.getValue()), 0L);
        } catch (ResourceNotFoundException e) {
            LOG.error("Table: {} not found.", table.getTableName());
            throw e;
        } catch (AmazonDynamoDBException e2) {
            LOG.debug("Exception while getting tags from the dynamo table: {}", e2.getMessage(), e2);
            throw S3AUtils.translateDynamoDBException(table.getTableName(), "Retrieving tags.", e2);
        }
    }

    private void createTable(ProvisionedThroughput provisionedThroughput) throws IOException {
        String str;
        try {
            CreateTableRequest withTags = new CreateTableRequest().withTableName(this.tableName).withKeySchema(PathMetadataDynamoDBTranslation.keySchema()).withAttributeDefinitions(PathMetadataDynamoDBTranslation.attributeDefinitions()).withSSESpecification(getSseSpecFromConfig()).withTags(getTableTagsFromConfig());
            if (provisionedThroughput != null) {
                str = String.format("with provisioned read capacity %d and write capacity %s", provisionedThroughput.getReadCapacityUnits(), provisionedThroughput.getWriteCapacityUnits());
                withTags.withProvisionedThroughput(provisionedThroughput);
            } else {
                str = "with pay-per-request billing";
                withTags.withBillingMode(BillingMode.PAY_PER_REQUEST);
            }
            LOG.info("Creating non-existent DynamoDB table {} in region {} {}", new Object[]{this.tableName, this.region, str});
            this.table = this.dynamoDB.createTable(withTags);
            LOG.debug("Awaiting table becoming active");
        } catch (ResourceInUseException e) {
            LOG.warn("ResourceInUseException while creating DynamoDB table {} in region {}.  This may indicate that the table was created by another concurrent thread or process.", this.tableName, this.region);
        }
        waitForTableActive(this.table);
        putVersionMarkerItemToTable();
    }

    private SSESpecification getSseSpecFromConfig() {
        SSESpecification sSESpecification = new SSESpecification();
        if (!this.conf.getBoolean(Constants.S3GUARD_DDB_TABLE_SSE_ENABLED, false)) {
            return sSESpecification;
        }
        sSESpecification.setEnabled(Boolean.TRUE);
        String str = null;
        try {
            str = S3AUtils.lookupPassword("", this.conf, Constants.S3GUARD_DDB_TABLE_SSE_CMK);
        } catch (IOException e) {
            LOG.error("Cannot retrieve fs.s3a.s3guard.ddb.table.sse.cmk", e);
        }
        if (StringUtils.isEmpty(str)) {
            return sSESpecification;
        }
        if (SSE_DEFAULT_MASTER_KEY.equals(str)) {
            LOG.warn("Ignoring default DynamoDB table KMS Master Key {}", SSE_DEFAULT_MASTER_KEY);
        } else {
            sSESpecification.setSSEType("KMS");
            sSESpecification.setKMSMasterKeyId(str);
        }
        return sSESpecification;
    }

    public List<Tag> getTableTagsFromConfig() {
        ArrayList arrayList = new ArrayList();
        for (Map.Entry<String, String> entry : this.conf.getPropsWithPrefix(Constants.S3GUARD_DDB_TABLE_TAG).entrySet()) {
            arrayList.add(new Tag().withKey(entry.getKey()).withValue(entry.getValue()));
        }
        arrayList.add(newVersionMarkerTag());
        return arrayList;
    }

    private static Tag newVersionMarkerTag() {
        return new Tag().withKey(DynamoDBMetadataStore.VERSION_MARKER_TAG_NAME).withValue(String.valueOf(100));
    }

    @VisibleForTesting
    protected void verifyVersionCompatibility() throws IOException {
        Item versionMarkerItem = getVersionMarkerItem();
        Item item = null;
        boolean z = true;
        try {
            item = getVersionMarkerFromTags(this.table, this.amazonDynamoDB);
        } catch (AccessDeniedException e) {
            LOG.debug("Can not read tags of table.");
            z = false;
        }
        LOG.debug("versionMarkerItem: {};  versionMarkerFromTag: {}", versionMarkerItem, item);
        if (versionMarkerItem == null && item == null) {
            if (!isEmptyTable(this.tableName, this.amazonDynamoDB)) {
                LOG.error("Table is not empty but missing the version maker. Failing.");
                throw new IOException("S3Guard table lacks version marker, and it is not empty. Table: " + this.tableName);
            }
            if (z) {
                LOG.info("Table {} contains no version marker item and tag. The table is empty, so the version marker will be added as TAG and ITEM.", this.tableName);
                putVersionMarkerItemToTable();
                tagTableWithVersionMarker();
            }
            if (!z) {
                LOG.info("Table {} contains no version marker item and the tags are not readable. The table is empty, so the ITEM version marker will be added .", this.tableName);
                putVersionMarkerItemToTable();
            }
        }
        if (versionMarkerItem == null && item != null) {
            throwExceptionOnVersionMismatch(PathMetadataDynamoDBTranslation.extractVersionFromMarker(item), this.tableName, E_INCOMPATIBLE_TAG_VERSION);
            LOG.info("Table {} contains no version marker ITEM but contains compatible version marker TAG. Restoring the version marker item from tag.", this.tableName);
            putVersionMarkerItemToTable();
        }
        if (versionMarkerItem != null && item == null && z) {
            throwExceptionOnVersionMismatch(PathMetadataDynamoDBTranslation.extractVersionFromMarker(versionMarkerItem), this.tableName, E_INCOMPATIBLE_ITEM_VERSION);
            LOG.info("Table {} contains no version marker TAG but contains compatible version marker ITEM. Restoring the version marker item from item.", this.tableName);
            tagTableWithVersionMarker();
        }
        if (versionMarkerItem == null || item == null) {
            return;
        }
        int extractVersionFromMarker = PathMetadataDynamoDBTranslation.extractVersionFromMarker(item);
        int extractVersionFromMarker2 = PathMetadataDynamoDBTranslation.extractVersionFromMarker(versionMarkerItem);
        throwExceptionOnVersionMismatch(extractVersionFromMarker, this.tableName, E_INCOMPATIBLE_TAG_VERSION);
        throwExceptionOnVersionMismatch(extractVersionFromMarker2, this.tableName, E_INCOMPATIBLE_ITEM_VERSION);
        LOG.debug("Table {} contains correct version marker TAG and ITEM.", this.tableName);
    }

    private static boolean isEmptyTable(String str, AmazonDynamoDB amazonDynamoDB) {
        return amazonDynamoDB.scan(new ScanRequest().withTableName(str).withLimit(1)).getCount().intValue() == 0;
    }

    private static void throwExceptionOnVersionMismatch(int i, String str, String str2) throws IOException {
        if (100 != i) {
            throw new IOException(str2 + " Table " + str + " Expected version: 100 actual tag version: " + i);
        }
    }

    private void putVersionMarkerItemToTable() {
        putItem(PathMetadataDynamoDBTranslation.createVersionMarker(DynamoDBMetadataStore.VERSION_MARKER_ITEM_NAME, 100, System.currentTimeMillis()));
    }

    private void waitForTableActive(Table table) throws IOException {
        this.invoker.retry("Waiting for active state of table " + this.tableName, (String) null, true, () -> {
            try {
                table.waitForActive();
            } catch (IllegalArgumentException e) {
                throw translateTableWaitFailure(this.tableName, e);
            } catch (InterruptedException e2) {
                LOG.warn("Interrupted while waiting for table {} in region {} active", new Object[]{this.tableName, this.region, e2});
                Thread.currentThread().interrupt();
                throw ((InterruptedIOException) new InterruptedIOException("DynamoDB table '" + this.tableName + "' is not active yet in region " + this.region).initCause(e2));
            }
        });
    }

    @VisibleForTesting
    static IOException translateTableWaitFailure(String str, IllegalArgumentException illegalArgumentException) {
        SdkBaseException extractInnerException = extractInnerException(illegalArgumentException);
        return extractInnerException != null ? extractInnerException instanceof WaiterTimedOutException ? new AWSClientIOException(illegalArgumentException.getMessage(), extractInnerException) : S3AUtils.translateException(illegalArgumentException.getMessage(), str, extractInnerException) : new IOException(illegalArgumentException);
    }

    public static SdkBaseException extractInnerException(IllegalArgumentException illegalArgumentException) {
        if (illegalArgumentException.getCause() instanceof SdkBaseException) {
            return (SdkBaseException) illegalArgumentException.getCause();
        }
        return null;
    }

    @VisibleForTesting
    protected Item getVersionMarkerItem() throws IOException {
        Item item;
        PrimaryKey createVersionMarkerPrimaryKey = PathMetadataDynamoDBTranslation.createVersionMarkerPrimaryKey(DynamoDBMetadataStore.VERSION_MARKER_ITEM_NAME);
        int i = 0;
        Item queryVersionMarker = queryVersionMarker(createVersionMarkerPrimaryKey);
        while (true) {
            item = queryVersionMarker;
            if (item != null) {
                break;
            }
            try {
                RetryPolicy.RetryAction shouldRetry = this.batchWriteRetryPolicy.shouldRetry(null, i, 0, true);
                if (shouldRetry.action == RetryPolicy.RetryAction.RetryDecision.FAIL) {
                    break;
                }
                LOG.warn("No version marker found in the DynamoDB table: {}. Sleeping {} ms before next retry", this.tableName, Long.valueOf(shouldRetry.delayMillis));
                Thread.sleep(shouldRetry.delayMillis);
                i++;
                queryVersionMarker = queryVersionMarker(createVersionMarkerPrimaryKey);
            } catch (Exception e) {
                throw new IOException("initTable: Unexpected exception " + e, e);
            }
        }
        return item;
    }

    private Item queryVersionMarker(PrimaryKey primaryKey) throws IOException {
        return (Item) this.readOp.retry("getVersionMarkerItem", DynamoDBMetadataStore.VERSION_MARKER_ITEM_NAME, true, () -> {
            return this.table.getItem(primaryKey);
        });
    }

    private PutItemOutcome putItem(Item item) {
        LOG.debug("Putting item {}", item);
        return this.table.putItem(item);
    }

    void provisionTable(Long l, Long l2) throws IOException {
        if (l.longValue() == 0 || l2.longValue() == 0) {
            throw new IOException(DynamoDBMetadataStore.E_ON_DEMAND_NO_SET_CAPACITY);
        }
        ProvisionedThroughput withWriteCapacityUnits = new ProvisionedThroughput().withReadCapacityUnits(l).withWriteCapacityUnits(l2);
        this.invoker.retry("ProvisionTable", this.tableName, true, () -> {
            ProvisionedThroughputDescription provisionedThroughput = this.table.updateTable(withWriteCapacityUnits).getProvisionedThroughput();
            LOG.info("Provision table {} in region {}: readCapacityUnits={}, writeCapacityUnits={}", new Object[]{this.tableName, this.region, provisionedThroughput.getReadCapacityUnits(), provisionedThroughput.getWriteCapacityUnits()});
        });
    }

    public void destroy() throws IOException {
        if (this.table == null) {
            LOG.info("In destroy(): no table to delete");
            return;
        }
        LOG.info("Deleting DynamoDB table {} in region {}", this.tableName, this.region);
        Preconditions.checkNotNull(this.dynamoDB, "Not connected to DynamoDB");
        try {
            this.invoker.retry("delete", (String) null, true, () -> {
                return this.table.delete();
            });
            this.table.waitForDelete();
        } catch (FileNotFoundException e) {
            LOG.info("FileNotFoundException while deleting DynamoDB table {} in region {}.  This may indicate that the table does not exist, or has been deleted by another concurrent thread or process.", this.tableName, this.region);
        } catch (IllegalArgumentException e2) {
            throw new TableDeleteTimeoutException(this.tableName, "Timeout waiting for the table " + getTableArn() + " to be deleted", e2);
        } catch (InterruptedException e3) {
            Thread.currentThread().interrupt();
            LOG.warn("Interrupted while waiting for DynamoDB table {} being deleted", this.tableName, e3);
            throw new InterruptedIOException("Table " + this.tableName + " in region " + this.region + " has not been deleted");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    public void provisionTableBlocking(Long l, Long l2) throws IOException {
        provisionTable(l, l2);
        waitForTableActive(this.table);
    }

    public Table getTable() {
        return this.table;
    }

    public String getTableArn() {
        return this.tableArn;
    }
}
