package org.apache.hadoop.hdds.scm.server;

import java.io.IOException;
import java.net.InetSocketAddress;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.concurrent.ExecutionException;
import org.apache.hadoop.hdds.annotation.InterfaceAudience;
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
import org.apache.hadoop.hdds.protocol.SCMSecurityProtocol;
import org.apache.hadoop.hdds.protocol.proto.HddsProtos;
import org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos;
import org.apache.hadoop.hdds.protocolPB.SCMSecurityProtocolPB;
import org.apache.hadoop.hdds.scm.protocol.SCMSecurityProtocolServerSideTranslatorPB;
import org.apache.hadoop.hdds.security.exception.SCMSecurityException;
import org.apache.hadoop.hdds.security.x509.certificate.authority.CertificateApprover;
import org.apache.hadoop.hdds.security.x509.certificate.authority.CertificateServer;
import org.apache.hadoop.hdds.security.x509.certificate.utils.CertificateCodec;
import org.apache.hadoop.hdds.utils.HddsServerUtil;
import org.apache.hadoop.hdds.utils.ProtocolMessageMetrics;
import org.apache.hadoop.ipc.ProtobufRpcEngine;
import org.apache.hadoop.ipc.RPC;
import org.apache.hadoop.security.KerberosInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@KerberosInfo(serverPrincipal = "hdds.scm.kerberos.principal")
@InterfaceAudience.Private
/* loaded from: input_file:org/apache/hadoop/hdds/scm/server/SCMSecurityProtocolServer.class */
public class SCMSecurityProtocolServer implements SCMSecurityProtocol {
    private static final Logger LOGGER = LoggerFactory.getLogger(SCMSecurityProtocolServer.class);
    private final CertificateServer certificateServer;
    private final RPC.Server rpcServer;
    private final InetSocketAddress rpcAddress;
    private final ProtocolMessageMetrics metrics;

    /* JADX INFO: Access modifiers changed from: package-private */
    public SCMSecurityProtocolServer(OzoneConfiguration ozoneConfiguration, CertificateServer certificateServer) throws IOException {
        this.certificateServer = certificateServer;
        int i = ozoneConfiguration.getInt("ozone.scm.security.handler.count.key", 2);
        this.rpcAddress = HddsServerUtil.getScmSecurityInetAddress(ozoneConfiguration);
        RPC.setProtocolEngine(ozoneConfiguration, SCMSecurityProtocolPB.class, ProtobufRpcEngine.class);
        this.metrics = new ProtocolMessageMetrics("ScmSecurityProtocol", "SCM Security protocol metrics", SCMSecurityProtocolProtos.Type.values());
        this.rpcServer = StorageContainerManager.startRpcServer(ozoneConfiguration, this.rpcAddress, SCMSecurityProtocolPB.class, SCMSecurityProtocolProtos.SCMSecurityProtocolService.newReflectiveBlockingService(new SCMSecurityProtocolServerSideTranslatorPB(this, this.metrics)), i);
        if (ozoneConfiguration.getBoolean("hadoop.security.authorization", false)) {
            this.rpcServer.refreshServiceAcl(ozoneConfiguration, SCMPolicyProvider.getInstance());
        }
    }

    public String getDataNodeCertificate(HddsProtos.DatanodeDetailsProto datanodeDetailsProto, String str) throws IOException {
        LOGGER.info("Processing CSR for dn {}, UUID: {}", datanodeDetailsProto.getHostName(), datanodeDetailsProto.getUuid());
        Objects.requireNonNull(datanodeDetailsProto);
        try {
            return CertificateCodec.getPEMEncodedString((X509CertificateHolder) this.certificateServer.requestCertificate(str, CertificateApprover.ApprovalType.KERBEROS_TRUSTED).get());
        } catch (InterruptedException e) {
            Thread.currentThread().interrupt();
            throw new IOException("getDataNodeCertificate operation failed. ", e);
        } catch (ExecutionException e2) {
            throw new IOException("getDataNodeCertificate operation failed. ", e2);
        }
    }

    public String getOMCertificate(HddsProtos.OzoneManagerDetailsProto ozoneManagerDetailsProto, String str) throws IOException {
        LOGGER.info("Processing CSR for om {}, UUID: {}", ozoneManagerDetailsProto.getHostName(), ozoneManagerDetailsProto.getUuid());
        Objects.requireNonNull(ozoneManagerDetailsProto);
        try {
            return CertificateCodec.getPEMEncodedString((X509CertificateHolder) this.certificateServer.requestCertificate(str, CertificateApprover.ApprovalType.KERBEROS_TRUSTED).get());
        } catch (InterruptedException e) {
            Thread.currentThread().interrupt();
            throw new IOException("getOMCertificate operation failed. ", e);
        } catch (ExecutionException e2) {
            throw new IOException("getOMCertificate operation failed. ", e2);
        }
    }

    public String getCertificate(String str) throws IOException {
        LOGGER.debug("Getting certificate with certificate serial id {}", str);
        try {
            X509Certificate certificate = this.certificateServer.getCertificate(str);
            if (certificate != null) {
                return CertificateCodec.getPEMEncodedString(certificate);
            }
            LOGGER.debug("Certificate with serial id {} not found.", str);
            throw new IOException("Certificate not found");
        } catch (CertificateException e) {
            throw new IOException("getCertificate operation failed. ", e);
        }
    }

    public String getCACertificate() throws IOException {
        LOGGER.debug("Getting CA certificate.");
        try {
            return CertificateCodec.getPEMEncodedString(this.certificateServer.getCACertificate());
        } catch (CertificateException e) {
            throw new IOException("getRootCertificate operation failed. ", e);
        }
    }

    public List<String> listCertificate(HddsProtos.NodeType nodeType, long j, int i, boolean z) throws IOException {
        List listCertificate = this.certificateServer.listCertificate(nodeType, j, i, z);
        ArrayList arrayList = new ArrayList(listCertificate.size());
        Iterator it = listCertificate.iterator();
        while (it.hasNext()) {
            try {
                arrayList.add(CertificateCodec.getPEMEncodedString((X509Certificate) it.next()));
            } catch (SCMSecurityException e) {
                throw new IOException("listCertificate operation failed. ", e);
            }
        }
        return arrayList;
    }

    public RPC.Server getRpcServer() {
        return this.rpcServer;
    }

    public InetSocketAddress getRpcAddress() {
        return this.rpcAddress;
    }

    public void start() {
        LOGGER.info(StorageContainerManager.buildRpcServerStartMessage("Starting RPC server for SCMSecurityProtocolServer.", getRpcAddress()));
        this.metrics.register();
        getRpcServer().start();
    }

    public void stop() {
        try {
            LOGGER.info("Stopping the SCMSecurityProtocolServer.");
            this.metrics.unregister();
            getRpcServer().stop();
        } catch (Exception e) {
            LOGGER.error("SCMSecurityProtocolServer stop failed.", e);
        }
    }

    public void join() throws InterruptedException {
        LOGGER.trace("Join RPC server for SCMSecurityProtocolServer.");
        getRpcServer().join();
    }
}
