package com.cloudera.keytrustee;

import com.cloudera.keytrustee.ActivationRequest;
import com.cloudera.keytrustee.Deposit;
import com.cloudera.keytrustee.DepositSearch;
import com.cloudera.keytrustee.FailoverServerInfo;
import com.cloudera.keytrustee.Request;
import com.cloudera.keytrustee.TrusteeKeyProviderConfiguration;
import com.cloudera.keytrustee.impl.ClientFactoryImpl;
import com.cloudera.keytrustee.impl.FileTokenStore;
import com.cloudera.keytrustee.impl.HostnameResolver;
import com.cloudera.keytrustee.util.Environment;
import com.google.common.base.Preconditions;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.lang.reflect.Proxy;
import java.net.URI;
import java.security.NoSuchAlgorithmException;
import java.text.MessageFormat;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.crypto.Cipher;
import javax.xml.ws.http.HTTPException;
import org.apache.commons.io.IOUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.curator.framework.CuratorFramework;
import org.apache.curator.framework.CuratorFrameworkFactory;
import org.apache.curator.framework.api.ACLBackgroundPathAndBytesable;
import org.apache.curator.framework.api.ACLProvider;
import org.apache.curator.framework.imps.DefaultACLProvider;
import org.apache.curator.retry.RetryNTimes;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.crypto.key.KeyProvider;
import org.apache.hadoop.crypto.key.KeyProviderFactory;
import org.apache.hadoop.crypto.key.kms.server.TrusteeACLs;
import org.apache.hadoop.security.Groups;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authorize.AuthorizationException;
import org.apache.hadoop.security.token.delegation.ZKDelegationTokenSecretManager;
import org.apache.zookeeper.CreateMode;
import org.apache.zookeeper.data.ACL;
import org.apache.zookeeper.data.Id;
import org.apache.zookeeper.data.Stat;

/* loaded from: input_file:com/cloudera/keytrustee/TrusteeKeyProvider.class */
public class TrusteeKeyProvider extends KeyProvider {
    public static final String SCHEME_NAME = "keytrustee";
    public static final String DEPOSIT_STATE_ENABLED = "Enabled";
    public static final String BIT_LENGTH_ATTRIBUTE = "_keytrustee_bit_length";
    public static final String CIPHER_ATTRIBUTE = "_keytrusteecipher";
    public static final String DESCRIPTION_ATTRIBUTE = "_keytrusteedescription";
    public static final String VERSIONS_ATTRIBUTE = "_keytrusteeversions";
    public static final String CREATED_ATTRIBUTE = "_keytrusteecreated";
    private static final String FINGERPRINT_VALIDATION_KEY = "FINGERPRINT_VALIDATED";
    private static final String FIRST_STARTUP_KEY = "INITIAL_STARTUP";
    private static final String JAAS_LOGIN_ENTRY_NAME = "ZKSignerSecretProviderClient";
    private static final int ZK_CONN_BLOCK_SECS = 5;
    private static final int ZK_LOOKUP_WAIT_INTERVAL_MILLIS = 500;
    private static final Log LOG = LogFactory.getLog(TrusteeKeyProvider.class);
    private static final DepositSearch QUERY_ALL_ENABLED_DEPOSITS = new DepositSearch.Builder().enabled(true).build();
    private static final String ZOOKEEPER_ERROR = "Make sure Zookeeper service is running and network communication between local host and Zookeeper host is open.";
    private final File keyTrusteeConfDir;
    private final ClientConnection keyTrusteeConnectionProxy;
    private final boolean useKeyTrusteeConnectionPool;
    private final boolean strongLocking;
    private final Lock readLock;
    private final Lock writeLock;
    private FileTokenStore tokenStore;
    Environment env;
    private URI[] uris;
    private Groups groupsMapping;

    /* loaded from: input_file:com/cloudera/keytrustee/TrusteeKeyProvider$DuplicateKeyException.class */
    public class DuplicateKeyException extends IOException {
        public DuplicateKeyException(String str) {
            super(str);
        }

        public DuplicateKeyException(String str, Throwable th) {
            super(str, th);
        }
    }

    /* loaded from: input_file:com/cloudera/keytrustee/TrusteeKeyProvider$Factory.class */
    public static class Factory extends KeyProviderFactory {
        public KeyProvider createProvider(URI uri, Configuration configuration) throws IOException {
            Preconditions.checkNotNull(uri, "Null providerName passed to KeyProvider.Factory.createProvider.");
            if (TrusteeKeyProvider.SCHEME_NAME.equals(uri.getScheme())) {
                return new TrusteeKeyProvider(uri, configuration);
            }
            return null;
        }
    }

    /* loaded from: input_file:com/cloudera/keytrustee/TrusteeKeyProvider$KeyExistsResult.class */
    public class KeyExistsResult {
        private boolean existing;
        private String reason;

        public KeyExistsResult(boolean z, String str) {
            this.existing = z;
            this.reason = str;
        }

        public boolean isExisting() {
            return this.existing;
        }

        public String getReason() {
            return this.reason;
        }
    }

    /* loaded from: input_file:com/cloudera/keytrustee/TrusteeKeyProvider$KeyNotFoundException.class */
    public class KeyNotFoundException extends IOException {
        public KeyNotFoundException(String str) {
            super(str);
        }

        public KeyNotFoundException(String str, Throwable th) {
            super(str, th);
        }
    }

    /* loaded from: input_file:com/cloudera/keytrustee/TrusteeKeyProvider$KeyTrusteeKeyVersion.class */
    public static class KeyTrusteeKeyVersion extends KeyProvider.KeyVersion {
        public KeyTrusteeKeyVersion(String str, String str2, byte[] bArr) {
            super(str, str2, bArr);
        }
    }

    /* loaded from: input_file:com/cloudera/keytrustee/TrusteeKeyProvider$KeyTrusteeMetadata.class */
    public static class KeyTrusteeMetadata extends KeyProvider.Metadata {
        public KeyTrusteeMetadata(String str, int i, String str2, Map<String, String> map, Date date, int i2) {
            super(str, i, str2, map, date, i2);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/cloudera/keytrustee/TrusteeKeyProvider$SASLOwnerACLProvider.class */
    public static class SASLOwnerACLProvider implements ACLProvider {
        private final List<ACL> saslACL;

        private SASLOwnerACLProvider(String str) {
            this.saslACL = Collections.singletonList(new ACL(31, new Id("sasl", str)));
        }

        public List<ACL> getDefaultAcl() {
            return this.saslACL;
        }

        public List<ACL> getAclForPath(String str) {
            return this.saslACL;
        }
    }

    public TrusteeKeyProvider(URI uri, Configuration configuration) throws IOException {
        this(null, uri, configuration);
    }

    public TrusteeKeyProvider(Environment environment, URI uri, Configuration configuration) throws IOException {
        super(configuration);
        this.tokenStore = null;
        TrusteeKeyProviderConfiguration trusteeKeyProviderConfiguration = new TrusteeKeyProviderConfiguration(environment, uri, configuration);
        this.uris = trusteeKeyProviderConfiguration.getSpecifiedProviderURIs();
        this.keyTrusteeConfDir = trusteeKeyProviderConfiguration.getKeyTrusteeConfDir();
        this.groupsMapping = Groups.getUserToGroupsMappingService(configuration);
        try {
            int maxAllowedKeyLength = Cipher.getMaxAllowedKeyLength("AES");
            if (maxAllowedKeyLength <= 128) {
                throw new Error("Max key length is: " + maxAllowedKeyLength + ". JCE Unlimited Strength Policy files are not detected. JCE Unlimited Strength policy files are required to use Trustee key provider.");
            }
            createInitialClient(trusteeKeyProviderConfiguration, false);
            try {
                updateClientConfiguration(trusteeKeyProviderConfiguration, new ClientFactoryImpl());
            } catch (KeyTrusteeException e) {
                if (LOG.isErrorEnabled()) {
                    LOG.error("Attempt to verify and/or update client security settings failed. Continuing with existing settings.");
                }
            }
            this.useKeyTrusteeConnectionPool = trusteeKeyProviderConfiguration.isUseKeyTrusteeConnectionPool();
            this.strongLocking = trusteeKeyProviderConfiguration.isStrongLocking();
            try {
                if (this.useKeyTrusteeConnectionPool) {
                    this.keyTrusteeConnectionProxy = ClientConnectionInvocationHandler.createClientConnection(initializeConnectionPool(this.keyTrusteeConfDir, trusteeKeyProviderConfiguration));
                } else {
                    this.keyTrusteeConnectionProxy = ClientConnectionInvocationHandler.createClientConnection(getConnection(new ClientFactoryImpl(), trusteeKeyProviderConfiguration));
                }
                ReentrantReadWriteLock reentrantReadWriteLock = new ReentrantReadWriteLock(true);
                this.readLock = reentrantReadWriteLock.readLock();
                this.writeLock = reentrantReadWriteLock.writeLock();
                if (LOG.isDebugEnabled()) {
                    LOG.debug("keytrustee conf dir: " + this.keyTrusteeConfDir);
                }
                InputStream resourceAsStream = getClass().getClassLoader().getResourceAsStream("META-INF/error_codes.properties");
                if (resourceAsStream != null) {
                    Properties properties = new Properties();
                    properties.load(resourceAsStream);
                    ErrorParser.getInstance().initErrorCodes(properties);
                }
                if (isHA(trusteeKeyProviderConfiguration.getKeyProviderHosts())) {
                    validateFingerprintConsistency(trusteeKeyProviderConfiguration, new ClientFactoryImpl());
                }
            } catch (KeyTrusteeException e2) {
                sendDebugInformationToLog("TrusteeKeyProvider(Environment, URI, Configuration)", e2);
                throw new IOException("Could not open KeyTrustee client.", e2);
            }
        } catch (NoSuchAlgorithmException e3) {
            throw new Error("No support for AES algorithm. Unexpected.");
        }
    }

    private boolean isHA(String[] strArr) {
        return strArr != null && strArr.length > 1;
    }

    private void createInitialClient(TrusteeKeyProviderConfiguration trusteeKeyProviderConfiguration, boolean z) throws IOException {
        ClientInfo createNewClient;
        ClientFactoryImpl clientFactoryImpl = new ClientFactoryImpl();
        try {
            if (!clientFactoryImpl.clientExists(this.keyTrusteeConfDir) || !isRegistered(clientFactoryImpl, this.keyTrusteeConfDir)) {
                int keyLength = trusteeKeyProviderConfiguration.getKeyLength();
                System.setProperty("TRUSTEE_API_READ_TIMEOUT", String.valueOf(trusteeKeyProviderConfiguration.getHttpReadConnectionTimeout()));
                if (clientFactoryImpl.clientExists(this.keyTrusteeConfDir)) {
                    createNewClient = clientFactoryImpl.openClient(this.keyTrusteeConfDir);
                } else {
                    createNewClient = clientFactoryImpl.createNewClient(KeyLength.of(keyLength), this.keyTrusteeConfDir);
                    z = true;
                }
                TrusteeKeyProviderConfiguration.Register invoke = trusteeKeyProviderConfiguration.getRegisterCommand().invoke();
                invoke.invariant();
                try {
                    FailoverServerInfo.Builder builder = new FailoverServerInfo.Builder().hostnames(Arrays.asList(invoke.getHostnames())).setRoundRobin(invoke.isRoundRobin()).certificate(invoke.getCertPath()).sslInsecure(invoke.isInsecure()).protocol(invoke.getProtocol()).tokenSync(invoke.isTokenSync());
                    if (null != invoke.getHkpPort()) {
                        builder.hkpPort(invoke.getHkpPort().intValue());
                    }
                    if (null != invoke.getKtsPort()) {
                        builder.ktsPort(invoke.getKtsPort().intValue());
                    }
                    if (null != invoke.getHkpSsl()) {
                        builder.singleServerPort(invoke.getHkpSsl().booleanValue());
                    }
                    FailoverServerInfo build = builder.build();
                    ClientConnection connect = invoke.isTokenSync() ? clientFactoryImpl.connect(createNewClient, build, new FileTokenStore(this.keyTrusteeConfDir, build)) : clientFactoryImpl.connect(createNewClient, build);
                    if (null != invoke.getOrg() && !invoke.getOrg().isEmpty()) {
                        connect.registerAndActivate(new ActivationRequest.Builder().org(invoke.getOrg()).auth(invoke.getAuth()).cert(invoke.getCertPath()).build());
                        createNewClient.saveConfig(this.keyTrusteeConfDir);
                    }
                } catch (Exception e) {
                    if (z) {
                        removeConfDir(this.keyTrusteeConfDir);
                    }
                    throw new IOException(e);
                }
            }
        } catch (KeyTrusteeException e2) {
            sendDebugInformationToLog("createInitialClient", e2);
            throw new IOException("TrusteeKeyProvider initialization failed.", e2);
        }
    }

    private ClientConnection getConnection(ClientFactory clientFactory, TrusteeKeyProviderConfiguration trusteeKeyProviderConfiguration) throws KeyTrusteeException, IOException {
        ClientConnection connect;
        ClientInfo openClient = clientFactory.openClient(this.keyTrusteeConfDir);
        ServerInfo serverInfo = openClient.getServerInfo();
        serverInfo.setSSLContext(trusteeKeyProviderConfiguration.getSSLContext());
        if (serverInfo.isTokenSync()) {
            this.tokenStore = new FileTokenStore(this.keyTrusteeConfDir, serverInfo);
            connect = clientFactory.connect(openClient, serverInfo, this.tokenStore);
        } else {
            connect = clientFactory.connect(openClient, serverInfo);
        }
        return connect;
    }

    private void updateClientConfiguration(TrusteeKeyProviderConfiguration trusteeKeyProviderConfiguration, ClientFactory clientFactory) throws KeyTrusteeException, IOException {
        ClientInfo openClient = clientFactory.openClient(this.keyTrusteeConfDir);
        if (trusteeKeyProviderConfiguration.updateClientConfiguration(openClient)) {
            openClient.saveConfig(this.keyTrusteeConfDir);
            if (LOG.isWarnEnabled()) {
                LOG.warn("Client configuration has been updated in the keytrustee client configuration at " + this.keyTrusteeConfDir);
            }
        }
    }

    private void validateFingerprintConsistency(TrusteeKeyProviderConfiguration trusteeKeyProviderConfiguration, ClientFactory clientFactory) throws IOException {
        LOG.debug("Establishing connection to zookeeper.");
        boolean isValidationRequired = isValidationRequired();
        boolean isFirstStartup = isFirstStartup();
        if (isValidationRequired) {
            LOG.warn("Attempting validation of private key files across all KMS hosts. If private key fingerprint consistency cannot be validated, startup will abort.");
        }
        try {
            CuratorFramework createCuratorClient = createCuratorClient(trusteeKeyProviderConfiguration);
            createCuratorClient.start();
            if (!createCuratorClient.blockUntilConnected(5, TimeUnit.SECONDS)) {
                throw new Exception("Could not establish connection to ZooKeeper to verify KMS host private key consistency.");
            }
            LOG.debug("zkClient started");
            try {
                String longHostname = new HostnameResolver().getLongHostname();
                String fingerprint = clientFactory.openClient(this.keyTrusteeConfDir).getFingerprint().toString();
                String str = "/keytrustee/fingerprint/" + longHostname;
                if (createCuratorClient.checkExists().forPath(str) != null) {
                    ((Stat) createCuratorClient.setData().forPath(str, fingerprint.getBytes())).setVersion(-1);
                } else {
                    ((ACLBackgroundPathAndBytesable) createCuratorClient.create().creatingParentsIfNeeded().withMode(CreateMode.PERSISTENT)).forPath(str, fingerprint.getBytes());
                }
                LOG.debug("Saved private key fingerprint in zookeeper at zNode " + str);
                long millis = TimeUnit.SECONDS.toMillis(trusteeKeyProviderConfiguration.getZkConnWaitSec());
                int length = trusteeKeyProviderConfiguration.getKeyProviderHosts().length - 1;
                Set<String> hashSet = new HashSet<>();
                Set<String> hashSet2 = new HashSet<>();
                for (long j = 0; j < millis && hashSet.size() < length; j += 500) {
                    for (String str2 : trusteeKeyProviderConfiguration.getKeyProviderHosts()) {
                        if (!str2.equals(longHostname) && !hashSet.contains(str2)) {
                            try {
                                if (!checkForFingerprintMatch("/keytrustee/fingerprint/" + str2, createCuratorClient, fingerprint, str2, hashSet2, hashSet)) {
                                    checkForFingerprintMatch("/keytrustee/fingerprint/" + str2.split("\\.")[0], createCuratorClient, fingerprint, str2, hashSet2, hashSet);
                                }
                            } catch (Exception e) {
                            }
                        }
                    }
                    try {
                        Thread.sleep(500L);
                    } catch (InterruptedException e2) {
                        handleZkValidationError("Wait for ZooKeeper lookup during KMS private key consistency check failed.", isValidationRequired, e2);
                        return;
                    }
                }
                createCuratorClient.close();
                saveFirstStartupSetting();
                if (hashSet.size() == length) {
                    saveFingerprintValidationSetting(true);
                    LOG.info("Successfully validated all KMS host fingerprints.");
                } else if (hashSet2.size() > 0 || (isValidationRequired && !isFirstStartup)) {
                    saveFingerprintValidationSetting(false);
                    handleZkValidationError("Unable to verify private key match between KMS hosts. If the system has been recently upgraded, DO NOT TAKE FURTHER ACTION and contact your support representative as soon as possible. If this is a new installation, verify private key files have been synced between all KMS hosts. Aborting to prevent data inconsistency.", true);
                } else if (isFirstStartup) {
                    handleZkValidationError("Unable to verify private key match between KMS hosts. Will retry on next startup.", false);
                } else {
                    handleZkValidationError("Unable to verify private key match between KMS hosts. Fingerprint match has been verified on previous run, so continuing normally.", false);
                }
            } catch (Exception e3) {
                handleZkValidationError("Could not establish connection to ZooKeeper to verify KMS host private key consistency. Make sure Zookeeper service is running and network communication between local host and Zookeeper host is open.", isValidationRequired, e3);
            }
        } catch (Exception e4) {
            handleZkValidationError("Could not start Curator Framework. Make sure Zookeeper service is running and network communication between local host and Zookeeper host is open.", isValidationRequired, e4);
        }
    }

    private CuratorFramework createCuratorClient(TrusteeKeyProviderConfiguration trusteeKeyProviderConfiguration) throws IllegalArgumentException {
        SASLOwnerACLProvider defaultACLProvider;
        String zkConnectionString = trusteeKeyProviderConfiguration.getZkConnectionString();
        if (trusteeKeyProviderConfiguration.getZkAuthType().equals("sasl")) {
            LOG.debug("Connecting to ZooKeeper with SASL/Kerberos and using 'sasl' ACLs");
            String jaasConfiguration = setJaasConfiguration(trusteeKeyProviderConfiguration);
            System.setProperty("zookeeper.sasl.clientconfig", JAAS_LOGIN_ENTRY_NAME);
            System.setProperty("zookeeper.authProvider.1", "org.apache.zookeeper.server.auth.SASLAuthenticationProvider");
            defaultACLProvider = new SASLOwnerACLProvider(jaasConfiguration);
        } else {
            LOG.debug("Connecting to ZooKeeper without authentication");
            defaultACLProvider = new DefaultACLProvider();
        }
        return CuratorFrameworkFactory.builder().connectString(zkConnectionString).retryPolicy(new RetryNTimes(3, TrusteeACLs.RELOADER_SLEEP_MILLIS)).aclProvider(defaultACLProvider).build();
    }

    private String setJaasConfiguration(TrusteeKeyProviderConfiguration trusteeKeyProviderConfiguration) throws IllegalArgumentException {
        String zkKerberosKeytab = trusteeKeyProviderConfiguration.getZkKerberosKeytab();
        if (zkKerberosKeytab == null || zkKerberosKeytab.length() == 0) {
            throw new IllegalArgumentException("hadoop.kms.authentication.signer.secret.provider.zookeeper.kerberos.keytab must be specified");
        }
        String zkKerberosPrincipal = trusteeKeyProviderConfiguration.getZkKerberosPrincipal();
        if (zkKerberosPrincipal == null || zkKerberosPrincipal.length() == 0) {
            throw new IllegalArgumentException("hadoop.kms.authentication.signer.secret.provider.zookeeper.kerberos.principal must be specified");
        }
        javax.security.auth.login.Configuration.setConfiguration(new ZKDelegationTokenSecretManager.JaasConfiguration(JAAS_LOGIN_ENTRY_NAME, zkKerberosPrincipal, zkKerberosKeytab));
        return zkKerberosPrincipal.split("[/@]")[0];
    }

    private boolean isValidationRequired() {
        try {
            ClientInfo openClient = new ClientFactoryImpl().openClient(this.keyTrusteeConfDir);
            if (openClient.hasLocal(FINGERPRINT_VALIDATION_KEY)) {
                if (Boolean.parseBoolean(openClient.getLocal(FINGERPRINT_VALIDATION_KEY).toString())) {
                    return false;
                }
            }
            return true;
        } catch (KeyTrusteeException e) {
            LOG.debug("Unable to look up fingerprint validation setting. Assuming fingerprint must be validated.");
            return true;
        }
    }

    private boolean isFirstStartup() {
        try {
            return !new ClientFactoryImpl().openClient(this.keyTrusteeConfDir).hasLocal(FIRST_STARTUP_KEY);
        } catch (KeyTrusteeException e) {
            return false;
        }
    }

    private void handleZkValidationError(String str, boolean z) throws IOException {
        handleZkValidationError(str, z, null);
    }

    private void handleZkValidationError(String str, boolean z, Exception exc) throws IOException {
        if (z) {
            if (exc == null) {
                throw new IOException(str);
            }
            throw new IOException(str, exc);
        }
        if (exc != null) {
            LOG.warn(str + " : " + exc.getMessage());
        } else {
            LOG.warn(str);
        }
    }

    private void saveFingerprintValidationSetting(boolean z) {
        try {
            ClientInfo openClient = new ClientFactoryImpl().openClient(this.keyTrusteeConfDir);
            if (z) {
                openClient.putLocal(FINGERPRINT_VALIDATION_KEY, "True");
            } else {
                openClient.putLocal(FINGERPRINT_VALIDATION_KEY, "False");
            }
            openClient.saveConfig(this.keyTrusteeConfDir);
        } catch (KeyTrusteeException e) {
            LOG.debug("Unable to save FINGERPRINT_VALIDATED setting.");
        }
    }

    private void saveFirstStartupSetting() {
        try {
            new ClientFactoryImpl().openClient(this.keyTrusteeConfDir).putLocal(FIRST_STARTUP_KEY, "completed");
        } catch (KeyTrusteeException e) {
            LOG.debug("Unable to save INITIAL_STARTUP setting.");
        }
    }

    private boolean checkForFingerprintMatch(String str, CuratorFramework curatorFramework, String str2, String str3, Set<String> set, Set<String> set2) throws Exception {
        LOG.debug("Looking for remote fingerprint at zNode " + str);
        if (curatorFramework.checkExists().forPath(str) == null) {
            LOG.debug("Could not find zNode " + str);
            return false;
        }
        if (!new String((byte[]) curatorFramework.getData().forPath(str)).equals(str2)) {
            LOG.debug("Initial private key comparison with " + str3 + " did not match. Retrying.");
            set.add(str3);
            return false;
        }
        LOG.debug("Verified private key match with host " + str3);
        set2.add(str3);
        set.remove(str3);
        return true;
    }

    public KeyProvider.KeyVersion createKey(String str, byte[] bArr, KeyProvider.Options options) throws IOException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Entering createKey method.");
        }
        Preconditions.checkNotNull(str, "Null name passed to createKey.");
        Preconditions.checkNotNull(bArr, "Null material passed to createKey.");
        Preconditions.checkNotNull(options, "Null options passed to createKey.");
        try {
            this.writeLock.lock();
            KeyExistsResult keyExists = keyExists(str);
            if (keyExists.isExisting()) {
                throw new DuplicateKeyException(("Key with name \"" + str + "\" already exists in \"" + this + ". ") + keyExists.getReason());
            }
            try {
                KeyTrusteeKeyVersion keyTrusteeKeyVersion = new KeyTrusteeKeyVersion(str, putDeposit(createHandleDeposit(str, bArr, options)), bArr);
                this.writeLock.unlock();
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Exiting createKey method.");
                }
                return keyTrusteeKeyVersion;
            } catch (KeyTrusteeException e) {
                sendDebugInformationToLog("createKey", e);
                throw new IOException("Creation of key named " + str + " failed.", e);
            }
        } catch (Throwable th) {
            this.writeLock.unlock();
            if (LOG.isDebugEnabled()) {
                LOG.debug("Exiting createKey method.");
            }
            throw th;
        }
    }

    public KeyProvider.KeyVersion getCurrentKey(String str) throws IOException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Entering getCurrentKey method [" + str + "].");
        }
        long currentTimeMillis = System.currentTimeMillis();
        Preconditions.checkNotNull(str, "Null name passed to getCurrentKey.");
        KeyProvider.KeyVersion keyVersion = null;
        try {
            try {
                List<KeyProvider.KeyVersion> keyVersions = getKeyVersions(str);
                if (!keyVersions.isEmpty()) {
                    keyVersion = keyVersions.get(0);
                }
                long currentTimeMillis2 = System.currentTimeMillis();
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Exiting getCurrentKey method [" + str + "], Time: [" + (currentTimeMillis2 - currentTimeMillis) + "] ms.");
                }
            } catch (KeyNotFoundException e) {
                long currentTimeMillis3 = System.currentTimeMillis();
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Exiting getCurrentKey method [" + str + "], Time: [" + (currentTimeMillis3 - currentTimeMillis) + "] ms.");
                }
            }
            return keyVersion;
        } catch (Throwable th) {
            long currentTimeMillis4 = System.currentTimeMillis();
            if (LOG.isDebugEnabled()) {
                LOG.debug("Exiting getCurrentKey method [" + str + "], Time: [" + (currentTimeMillis4 - currentTimeMillis) + "] ms.");
            }
            throw th;
        }
    }

    public KeyProvider.KeyVersion getKeyVersion(String str) throws IOException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Entering getKeyVersion method [" + str + "].");
        }
        long currentTimeMillis = System.currentTimeMillis();
        Preconditions.checkNotNull(str, "Null versionName passed to getKeyVersion.");
        Request createDepositRequest = createDepositRequest(str);
        boolean z = false;
        try {
            try {
                if (this.strongLocking) {
                    this.readLock.lock();
                    z = true;
                }
                DepositRelease depositRelease = this.keyTrusteeConnectionProxy.get(createDepositRequest);
                if (this.strongLocking) {
                    this.readLock.unlock();
                    z = false;
                }
                AnnotatedDepositRelease convert = convert(depositRelease);
                byte[] byteArray = IOUtils.toByteArray(depositRelease.getContents());
                String handle = convert.getHandle();
                if (z) {
                    this.readLock.unlock();
                }
                long currentTimeMillis2 = System.currentTimeMillis();
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Exiting getKeyVersion method [" + str + "], Time: [" + (currentTimeMillis2 - currentTimeMillis) + "] ms.");
                }
                return new KeyTrusteeKeyVersion(handle, str, byteArray);
            } catch (KeyTrusteeException e) {
                sendDebugInformationToLog("getKeyVersion", e);
                checkForKeyNotFound(str, e);
                throw new IOException("Key retrieval failed.", e);
            } catch (TimeoutException e2) {
                throw new IOException("Key retrieval timed out.", e2);
            }
        } catch (Throwable th) {
            if (z) {
                this.readLock.unlock();
            }
            long currentTimeMillis3 = System.currentTimeMillis();
            if (LOG.isDebugEnabled()) {
                LOG.debug("Exiting getKeyVersion method [" + str + "], Time: [" + (currentTimeMillis3 - currentTimeMillis) + "] ms.");
            }
            throw th;
        }
    }

    public List<KeyProvider.KeyVersion> getKeyVersions(String str) throws IOException {
        Preconditions.checkNotNull(str, "Null name passed to getKeyVersions.");
        return getKeyVersions(str, true);
    }

    private List<KeyProvider.KeyVersion> getKeyVersions(String str, boolean z) throws IOException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Entering getKeyVersions method [" + str + "].");
        }
        long currentTimeMillis = System.currentTimeMillis();
        new ArrayList(0);
        boolean z2 = false;
        try {
            try {
                ArrayList arrayList = new ArrayList(getHandleDeposits(str, z));
                LinkedHashSet linkedHashSet = new LinkedHashSet(arrayList.size());
                Iterator it = arrayList.iterator();
                if (z) {
                    while (it.hasNext()) {
                        AnnotatedDepositRelease annotatedDepositRelease = (AnnotatedDepositRelease) it.next();
                        linkedHashSet.add(new KeyTrusteeKeyVersion(str, annotatedDepositRelease.getUuid(), IOUtils.toByteArray(annotatedDepositRelease.getContents())));
                    }
                } else {
                    while (it.hasNext()) {
                        DepositInfo depositInfo = (DepositInfo) it.next();
                        String uuid = depositInfo.getUuid();
                        byte[] bArr = null;
                        if (depositInfo.getState().contains(DEPOSIT_STATE_ENABLED)) {
                            Request createDepositRequest = createDepositRequest(uuid);
                            if (this.strongLocking) {
                                this.readLock.lock();
                                z2 = true;
                            }
                            DepositRelease depositRelease = this.keyTrusteeConnectionProxy.get(createDepositRequest);
                            if (this.strongLocking) {
                                this.readLock.unlock();
                                z2 = false;
                            }
                            bArr = IOUtils.toByteArray(depositRelease.getContents());
                        }
                        linkedHashSet.add(new KeyTrusteeKeyVersion(str, uuid, bArr));
                    }
                }
                ArrayList arrayList2 = new ArrayList(linkedHashSet);
                if (z2) {
                    this.readLock.unlock();
                }
                long currentTimeMillis2 = System.currentTimeMillis();
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Exiting getKeyVersions method [" + str + "], Time: [" + (currentTimeMillis2 - currentTimeMillis) + "] ms.");
                }
                return arrayList2;
            } catch (TimeoutException e) {
                throw new IOException("Retrieval of keys named " + str + " timed out.", e);
            } catch (KeyTrusteeException e2) {
                sendDebugInformationToLog("getKeyVersions", e2);
                checkForKeyNotFound(str, e2);
                throw new IOException("Retrieval of keys named " + str + " failed.", e2);
            }
        } catch (Throwable th) {
            if (z2) {
                this.readLock.unlock();
            }
            long currentTimeMillis3 = System.currentTimeMillis();
            if (LOG.isDebugEnabled()) {
                LOG.debug("Exiting getKeyVersions method [" + str + "], Time: [" + (currentTimeMillis3 - currentTimeMillis) + "] ms.");
            }
            throw th;
        }
    }

    public KeyProvider.KeyVersion rollNewVersion(String str, byte[] bArr) throws IOException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Entering rollNewVersion(String,byte[]) method.");
        }
        Preconditions.checkNotNull(str, "Null name passed to rollNewVersion.");
        Preconditions.checkNotNull(bArr, "Null material passed to rollNewVersion.");
        try {
            this.writeLock.lock();
            if (getKeyVersions(str).size() < 1) {
                throw new KeyNotFoundException("Key with name " + str + " not found in " + this);
            }
            try {
                KeyTrusteeKeyVersion keyTrusteeKeyVersion = new KeyTrusteeKeyVersion(str, putDeposit(createHandleDeposit(str, bArr, getMetadata(str))), bArr);
                this.writeLock.unlock();
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Exiting rollNewVersion(String,byte[]) method.");
                }
                return keyTrusteeKeyVersion;
            } catch (KeyTrusteeException e) {
                sendDebugInformationToLog("rollNewVersion(String,byte[])", e);
                throw new IOException("New version of key named " + str + " could not be rolled.", e);
            }
        } catch (Throwable th) {
            this.writeLock.unlock();
            if (LOG.isDebugEnabled()) {
                LOG.debug("Exiting rollNewVersion(String,byte[]) method.");
            }
            throw th;
        }
    }

    public KeyProvider.KeyVersion rollNewVersion(String str) throws NoSuchAlgorithmException, IOException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Entering rollNewVersion(String) method.");
        }
        Preconditions.checkNotNull(str, "Null name passed to rollNewVersion.");
        try {
            this.readLock.lock();
            if (getKeyVersions(str).size() < 1) {
                throw new KeyNotFoundException("Key with name " + str + " not found in " + this);
            }
            this.readLock.unlock();
            KeyProvider.KeyVersion rollNewVersion = super.rollNewVersion(str);
            if (0 != 0) {
                this.readLock.unlock();
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("Exiting rollNewVersion(String) method.");
            }
            return rollNewVersion;
        } catch (Throwable th) {
            if (0 != 0) {
                this.readLock.unlock();
            }
            if (LOG.isDebugEnabled()) {
                LOG.debug("Exiting rollNewVersion(String) method.");
            }
            throw th;
        }
    }

    public List<String> getKeys() throws IOException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Entering getKeys method.");
        }
        new ArrayList();
        try {
            HashSet hashSet = new HashSet();
            Iterator<DepositInfo> it = getAllDeposits().iterator();
            while (it.hasNext()) {
                String handle = it.next().getHandle();
                if (null != handle || !handle.equals(TrusteeACLs.ACL_DEFAULT)) {
                    hashSet.add(handle);
                }
            }
            ArrayList arrayList = new ArrayList(hashSet);
            if (LOG.isDebugEnabled()) {
                LOG.debug("Exiting getKeys method.");
            }
            return arrayList;
        } catch (KeyTrusteeException e) {
            sendDebugInformationToLog("getKeys", e);
            throw new IOException("Retrieval of all keys failed.", e);
        }
    }

    public KeyProvider.Metadata getMetadata(String str) throws IOException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Entering getMetadata method [" + str + "].");
        }
        long currentTimeMillis = System.currentTimeMillis();
        Preconditions.checkNotNull(str, "Null name passed to getMetadata.");
        KeyTrusteeMetadata keyTrusteeMetadata = null;
        try {
            Collection<DepositInfo> handleMetadata = getHandleMetadata(str, true);
            LOG.debug("getMetadata method [" + str + "] found [" + handleMetadata.size() + "] deposits.");
            if (handleMetadata.size() > 0) {
                Map meta = handleMetadata.iterator().next().getMeta();
                String str2 = (String) meta.remove(CIPHER_ATTRIBUTE);
                int parseInt = Integer.parseInt((String) meta.remove(BIT_LENGTH_ATTRIBUTE));
                String str3 = (String) meta.remove(DESCRIPTION_ATTRIBUTE);
                new Date();
                try {
                    keyTrusteeMetadata = new KeyTrusteeMetadata(str2, parseInt, str3, meta, new SimpleDateFormat("EEE MMM d HH:mm:ss z yyyy", Locale.ENGLISH).parse((String) meta.remove(CREATED_ATTRIBUTE)), Integer.parseInt((String) meta.remove(VERSIONS_ATTRIBUTE)));
                } catch (ParseException e) {
                    throw new IOException("Could not parse stored date for " + str, e);
                }
            }
            long currentTimeMillis2 = System.currentTimeMillis();
            if (LOG.isDebugEnabled()) {
                LOG.debug("Exiting getMetadata method [" + str + "], Time: [" + (currentTimeMillis2 - currentTimeMillis) + "] ms.");
            }
            return keyTrusteeMetadata;
        } catch (KeyTrusteeException e2) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("getMetadata threw KeyTrusteeException. Possibly expected. If unexpected an IOException will be thrown.");
            }
            try {
                checkForKeyNotFound(str, e2);
                throw new IOException("Could not retrieve metadata for " + str, e2);
            } catch (KeyNotFoundException e3) {
                return null;
            }
        }
    }

    public void deleteKey(String str) throws IOException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Entering deleteKey method.");
        }
        Preconditions.checkNotNull(str, "Null name passed to delete key.");
        Iterator<KeyProvider.KeyVersion> it = getKeyVersions(str, false).iterator();
        while (it.hasNext()) {
            String versionName = it.next().getVersionName();
            boolean z = false;
            try {
                try {
                    if (this.strongLocking) {
                        this.writeLock.lock();
                        z = true;
                    }
                    this.keyTrusteeConnectionProxy.purge(new String[]{versionName});
                    if (this.strongLocking) {
                        this.writeLock.unlock();
                        z = false;
                    }
                    if (z) {
                        this.writeLock.unlock();
                    }
                    if (LOG.isDebugEnabled()) {
                        LOG.debug("Exiting deleteKey method.");
                    }
                } catch (KeyTrusteeException e) {
                    sendDebugInformationToLog("deleteKey", e);
                    throw new IOException("Purge of key(s) named " + str + " failed.", e);
                }
            } catch (Throwable th) {
                if (0 != 0) {
                    this.writeLock.unlock();
                }
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Exiting deleteKey method.");
                }
                throw th;
            }
        }
    }

    public KeyExistsResult keyExists(String str) throws IOException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Entering keyExists method.");
        }
        Preconditions.checkNotNull(str, "Null name passed to keyExists.");
        List<KeyProvider.KeyVersion> keyVersions = getKeyVersions(str, false);
        if (keyVersions.size() <= 0) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Exiting keyExists method.");
            }
            return new KeyExistsResult(false, "Key does not exist.");
        }
        String str2 = null == keyVersions.get(0).getMaterial() ? "Key exists but has been disabled. Use undelete to enable." : "Key exists and is active.";
        if (LOG.isDebugEnabled()) {
            LOG.debug("Exiting keyExists method.");
        }
        return new KeyExistsResult(true, str2);
    }

    public void flush() throws IOException {
    }

    private TrusteeClientConnectionPool initializeConnectionPool(File file, TrusteeKeyProviderConfiguration trusteeKeyProviderConfiguration) throws KeyTrusteeException, IOException {
        return new PooledClientConnectionFactory(file, trusteeKeyProviderConfiguration).getKeyTrusteeConnectionPool();
    }

    private boolean isRegistered(ClientFactory clientFactory, File file) throws IOException {
        try {
            ClientInfo openClient = clientFactory.openClient(file);
            ServerInfo serverInfo = openClient.getServerInfo();
            if (null == serverInfo) {
                return false;
            }
            return clientFactory.connect(openClient, serverInfo).isRegistered();
        } catch (KeyTrusteeException e) {
            sendDebugInformationToLog("isRegistered", e);
            throw new IOException("KeyProvider failed during registration check.", e);
        }
    }

    private void checkForKeyNotFound(String str, KeyTrusteeException keyTrusteeException) throws KeyNotFoundException {
        if (null != keyTrusteeException.getCause() && (keyTrusteeException.getCause() instanceof HTTPException)) {
            if (keyTrusteeException.getCause().getStatusCode() == 404) {
                throw new KeyNotFoundException("Key " + str + " not found.", keyTrusteeException);
            }
        } else {
            if (null == keyTrusteeException.getCause() || !(keyTrusteeException.getCause() instanceof KeyTrusteeException)) {
                return;
            }
            checkForKeyNotFound(str, (KeyTrusteeException) keyTrusteeException.getCause());
        }
    }

    private static void removeConfDir(File file) {
        file.delete();
    }

    private void assertKeyAccess(String str, String str2) throws IOException {
        String shortUserName = UserGroupInformation.getCurrentUser().getShortUserName();
        if (!this.groupsMapping.getGroups(shortUserName).contains(str2)) {
            throw new AuthorizationException(MessageFormat.format("User:{0} not allowed to access key ''{1}'', not in ''{2}'' group", shortUserName, str, str2));
        }
    }

    private static void assertKeyTrusteeUUID(String str) throws IOException {
        if (!verifyKeyTrusteeUUID(str) && !verifyJKSUUID(str)) {
            throw new IOException("Invalid uuid: " + str);
        }
    }

    private static boolean verifyKeyTrusteeUUID(String str) {
        return str.length() == 43;
    }

    private static boolean verifyJKSUUID(String str) {
        return str.matches("^.+?@\\d$");
    }

    private Collection<DepositInfo> getAllDeposits() throws KeyTrusteeException {
        return getAllDeposits(true);
    }

    private Collection<DepositInfo> getAllDeposits(boolean z) throws KeyTrusteeException {
        return getAllDeposits(QUERY_ALL_ENABLED_DEPOSITS);
    }

    private Collection<DepositInfo> getHandleDeposits(String str, boolean z) throws IOException, KeyTrusteeException {
        if (!z) {
            return getAllDeposits(new DepositSearch.Builder().handle(true).keyword(str).enabled(Boolean.valueOf(z)).build());
        }
        Request createHandleDepositRequest = createHandleDepositRequest(str);
        boolean z2 = false;
        try {
            try {
                if (this.strongLocking) {
                    this.readLock.lock();
                    z2 = true;
                }
                DepositRelease[] handleDeposits = this.keyTrusteeConnectionProxy.getHandleDeposits(createHandleDepositRequest);
                if (this.strongLocking) {
                    this.readLock.unlock();
                    z2 = false;
                }
                ArrayList arrayList = new ArrayList(Arrays.asList(convert(handleDeposits)));
                if (z2) {
                    this.readLock.unlock();
                }
                return arrayList;
            } catch (TimeoutException e) {
                throw new IOException("Key retrieval timed out.", e);
            }
        } catch (Throwable th) {
            if (z2) {
                this.readLock.unlock();
            }
            throw th;
        }
    }

    private AnnotatedDepositRelease[] convert(DepositRelease[] depositReleaseArr) throws IOException {
        AnnotatedDepositRelease[] annotatedDepositReleaseArr = new AnnotatedDepositRelease[depositReleaseArr.length];
        for (int i = 0; i < depositReleaseArr.length; i++) {
            annotatedDepositReleaseArr[i] = convert(depositReleaseArr[i]);
        }
        return annotatedDepositReleaseArr;
    }

    private AnnotatedDepositRelease convert(DepositRelease depositRelease) throws IOException {
        if (depositRelease instanceof AnnotatedDepositRelease) {
            return (AnnotatedDepositRelease) depositRelease;
        }
        throw new IOException("Expected AnnotatedDepositRelease but found DepositRelease.");
    }

    private Collection<DepositInfo> getHandleMetadata(String str, boolean z) throws IOException, KeyTrusteeException {
        if (!z) {
            return getAllDeposits(new DepositSearch.Builder().handle(true).keyword(str).enabled(Boolean.valueOf(z)).meta(true).build());
        }
        Request createHandleDepositRequest = createHandleDepositRequest(str);
        boolean z2 = false;
        try {
            try {
                if (this.strongLocking) {
                    this.readLock.lock();
                    z2 = true;
                }
                DepositRelease[] handleDeposits = this.keyTrusteeConnectionProxy.getHandleDeposits(createHandleDepositRequest);
                if (this.strongLocking) {
                    this.readLock.unlock();
                    z2 = false;
                }
                ArrayList arrayList = new ArrayList(Arrays.asList(convert(handleDeposits)));
                if (z2) {
                    this.readLock.unlock();
                }
                return arrayList;
            } catch (TimeoutException e) {
                throw new IOException("Key retrieval timed out.", e);
            }
        } catch (Throwable th) {
            if (z2) {
                this.readLock.unlock();
            }
            throw th;
        }
    }

    private Collection<DepositInfo> getAllDeposits(DepositSearch depositSearch) throws KeyTrusteeException {
        boolean z = false;
        try {
            if (this.strongLocking) {
                this.readLock.lock();
                z = true;
            }
            Collection<DepositInfo> deposits = this.keyTrusteeConnectionProxy.getDeposits(depositSearch);
            if (this.strongLocking) {
                this.readLock.unlock();
                z = false;
            }
            return deposits;
        } finally {
            if (z) {
                this.readLock.unlock();
            }
        }
    }

    private Request createDepositRequest(String str) throws IOException {
        Request.Builder builder = new Request.Builder();
        assertKeyTrusteeUUID(str);
        builder.uuid(str);
        builder.include_meta(true);
        return builder.build();
    }

    private Request createHandleDepositRequest(String str) throws IOException {
        Request.Builder builder = new Request.Builder();
        builder.handle(str);
        builder.include_meta(true);
        return builder.build();
    }

    private Deposit createHandleDeposit(String str, byte[] bArr, KeyProvider.Options options) {
        HashMap hashMap = new HashMap();
        if (null != options) {
            int i = 5;
            int bitLength = options.getBitLength();
            String cipher = options.getCipher();
            String description = options.getDescription();
            Map<? extends String, ? extends String> attributes = options.getAttributes();
            if (null != attributes) {
                i = 5 + attributes.size();
            }
            hashMap = new HashMap(i);
            hashMap.put(VERSIONS_ATTRIBUTE, "1");
            hashMap.put(CREATED_ATTRIBUTE, new SimpleDateFormat("EEE MMM d HH:mm:ss z yyyy", Locale.ENGLISH).format(new Date()));
            hashMap.put(BIT_LENGTH_ATTRIBUTE, String.valueOf(bitLength));
            hashMap.put(CIPHER_ATTRIBUTE, cipher);
            if (null != description) {
                hashMap.put(DESCRIPTION_ATTRIBUTE, description);
            }
            if (null != attributes) {
                hashMap.putAll(attributes);
            }
        } else if (LOG.isWarnEnabled()) {
            LOG.warn("Null options passed to createHandleDeposit. This should throw an exception before release.");
        }
        return createHandleDeposit(str, bArr, hashMap);
    }

    private Deposit createHandleDeposit(String str, byte[] bArr, KeyProvider.Metadata metadata) {
        int i = 5;
        Map<? extends String, ? extends String> attributes = metadata.getAttributes();
        if (null != attributes) {
            i = 5 + attributes.size();
        }
        HashMap hashMap = new HashMap(i);
        hashMap.put(VERSIONS_ATTRIBUTE, String.valueOf(metadata.getVersions() + 1));
        hashMap.put(CREATED_ATTRIBUTE, String.valueOf(metadata.getCreated()));
        hashMap.put(BIT_LENGTH_ATTRIBUTE, String.valueOf(metadata.getBitLength()));
        hashMap.put(CIPHER_ATTRIBUTE, metadata.getCipher());
        if (null != metadata.getDescription()) {
            hashMap.put(DESCRIPTION_ATTRIBUTE, metadata.getDescription());
        }
        if (null != attributes) {
            hashMap.putAll(attributes);
        }
        return createHandleDeposit(str, bArr, hashMap);
    }

    private Deposit createHandleDeposit(String str, byte[] bArr, Map<String, String> map) {
        Deposit.Builder builder = new Deposit.Builder();
        builder.handle(str);
        builder.content(new ByteArrayInputStream(bArr));
        builder.metadata(map);
        return builder.build();
    }

    private String putDeposit(Deposit deposit) throws KeyTrusteeException {
        boolean z = false;
        try {
            if (this.strongLocking) {
                this.writeLock.lock();
                z = true;
            }
            DepositInfo put = this.keyTrusteeConnectionProxy.put(deposit);
            if (this.strongLocking) {
                this.writeLock.unlock();
                z = false;
            }
            String uuid = put.getUuid();
            if (z) {
                this.writeLock.unlock();
            }
            return uuid;
        } catch (Throwable th) {
            if (z) {
                this.writeLock.unlock();
            }
            throw th;
        }
    }

    private void sendDebugInformationToLog(String str, KeyTrusteeException keyTrusteeException) {
        if (LOG.isDebugEnabled()) {
            LOG.debug(str + " threw KeyTrusteeException: " + keyTrusteeException.getMessage());
        }
    }

    public int getActiveConnectionCount() {
        return ((ClientConnectionInvocationHandler) Proxy.getInvocationHandler(this.keyTrusteeConnectionProxy)).getActiveConnectionCount();
    }
}
