package org.apache.hadoop.hdds.security.x509.certificate.client;

import com.google.common.base.Preconditions;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.ConcurrentHashMap;
import org.apache.commons.io.FilenameUtils;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.commons.lang3.math.NumberUtils;
import org.apache.commons.validator.routines.DomainValidator;
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
import org.apache.hadoop.hdds.freon.FakeScmBlockLocationProtocolClient;
import org.apache.hadoop.hdds.protocol.SCMSecurityProtocol;
import org.apache.hadoop.hdds.protocolPB.SCMSecurityProtocolClientSideTranslatorPB;
import org.apache.hadoop.hdds.protocolPB.SCMSecurityProtocolPB;
import org.apache.hadoop.hdds.scm.protocolPB.ScmBlockLocationProtocolPB;
import org.apache.hadoop.hdds.security.x509.SecurityConfig;
import org.apache.hadoop.hdds.security.x509.certificate.client.CertificateClient;
import org.apache.hadoop.hdds.security.x509.certificate.utils.CertificateCodec;
import org.apache.hadoop.hdds.security.x509.certificates.utils.CertificateSignRequest;
import org.apache.hadoop.hdds.security.x509.exceptions.CertificateException;
import org.apache.hadoop.hdds.security.x509.keys.HDDSKeyGenerator;
import org.apache.hadoop.hdds.security.x509.keys.KeyCodec;
import org.apache.hadoop.hdds.utils.HddsServerUtil;
import org.apache.hadoop.ipc.Client;
import org.apache.hadoop.ipc.ProtobufRpcEngine;
import org.apache.hadoop.ipc.RPC;
import org.apache.hadoop.net.NetUtils;
import org.apache.hadoop.ozone.OzoneSecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.slf4j.Logger;

/* loaded from: input_file:org/apache/hadoop/hdds/security/x509/certificate/client/DefaultCertificateClient.class */
public abstract class DefaultCertificateClient implements CertificateClient {
    private static final String CERT_FILE_NAME_FORMAT = "%s.crt";
    private static final String CA_CERT_PREFIX = "CA-";
    private static final int CA_CERT_PREFIX_LEN = 3;
    private final Logger logger;
    private final SecurityConfig securityConfig;
    private final KeyCodec keyCodec;
    private PrivateKey privateKey;
    private PublicKey publicKey;
    private X509Certificate x509Certificate;
    private Map<String, X509Certificate> certificateMap;
    private String certSerialId;
    private String caCertId;
    private String component;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.apache.hadoop.hdds.security.x509.certificate.client.DefaultCertificateClient$1, reason: invalid class name */
    /* loaded from: input_file:org/apache/hadoop/hdds/security/x509/certificate/client/DefaultCertificateClient$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$hadoop$hdds$security$x509$certificate$client$DefaultCertificateClient$InitCase = new int[InitCase.values().length];

        static {
            try {
                $SwitchMap$org$apache$hadoop$hdds$security$x509$certificate$client$DefaultCertificateClient$InitCase[InitCase.NONE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hdds$security$x509$certificate$client$DefaultCertificateClient$InitCase[InitCase.CERT.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hdds$security$x509$certificate$client$DefaultCertificateClient$InitCase[InitCase.PUBLIC_KEY.ordinal()] = DefaultCertificateClient.CA_CERT_PREFIX_LEN;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hdds$security$x509$certificate$client$DefaultCertificateClient$InitCase[InitCase.PRIVATE_KEY.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hdds$security$x509$certificate$client$DefaultCertificateClient$InitCase[InitCase.PUBLICKEY_CERT.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hdds$security$x509$certificate$client$DefaultCertificateClient$InitCase[InitCase.PRIVATEKEY_CERT.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hdds$security$x509$certificate$client$DefaultCertificateClient$InitCase[InitCase.PUBLICKEY_PRIVATEKEY.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hdds$security$x509$certificate$client$DefaultCertificateClient$InitCase[InitCase.ALL.ordinal()] = 8;
            } catch (NoSuchFieldError e8) {
            }
        }
    }

    /* loaded from: input_file:org/apache/hadoop/hdds/security/x509/certificate/client/DefaultCertificateClient$InitCase.class */
    protected enum InitCase {
        NONE,
        CERT,
        PUBLIC_KEY,
        PUBLICKEY_CERT,
        PRIVATE_KEY,
        PRIVATEKEY_CERT,
        PUBLICKEY_PRIVATEKEY,
        ALL
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public DefaultCertificateClient(SecurityConfig securityConfig, Logger logger, String str, String str2) {
        Objects.requireNonNull(securityConfig);
        this.securityConfig = securityConfig;
        this.keyCodec = new KeyCodec(securityConfig, str2);
        this.logger = logger;
        this.certificateMap = new ConcurrentHashMap();
        this.certSerialId = str;
        this.component = str2;
        loadAllCertificates();
    }

    private void loadAllCertificates() {
        Path certificateLocation = this.securityConfig.getCertificateLocation(this.component);
        if (Files.exists(certificateLocation, new LinkOption[0]) && Files.isDirectory(certificateLocation, new LinkOption[0])) {
            getLogger().info("Loading certificate from location:{}.", certificateLocation);
            File[] listFiles = certificateLocation.toFile().listFiles();
            if (listFiles != null) {
                CertificateCodec certificateCodec = new CertificateCodec(this.securityConfig, this.component);
                long j = -1;
                for (File file : listFiles) {
                    if (file.isFile()) {
                        try {
                            X509Certificate x509Certificate = CertificateCodec.getX509Certificate(certificateCodec.readCertificate(certificateLocation, file.getName()));
                            if (x509Certificate == null || x509Certificate.getSerialNumber() == null) {
                                getLogger().error("Error reading certificate from file:{}", file);
                            } else {
                                if (x509Certificate.getSerialNumber().toString().equals(this.certSerialId)) {
                                    this.x509Certificate = x509Certificate;
                                }
                                this.certificateMap.putIfAbsent(x509Certificate.getSerialNumber().toString(), x509Certificate);
                                if (file.getName().startsWith(CA_CERT_PREFIX)) {
                                    long j2 = NumberUtils.toLong(FilenameUtils.getBaseName(file.getName()).substring(CA_CERT_PREFIX_LEN));
                                    if (j2 > j) {
                                        j = j2;
                                    }
                                }
                                getLogger().info("Added certificate from file:{}.", file.getAbsolutePath());
                            }
                        } catch (IOException | CertificateException e) {
                            getLogger().error("Error reading certificate from file:{}.", file.getAbsolutePath(), e);
                        }
                    }
                }
                if (j != -1) {
                    this.caCertId = Long.toString(j);
                }
            }
        }
    }

    @Override // org.apache.hadoop.hdds.security.x509.certificate.client.CertificateClient
    public PrivateKey getPrivateKey() {
        if (this.privateKey != null) {
            return this.privateKey;
        }
        if (OzoneSecurityUtil.checkIfFileExist(this.securityConfig.getKeyLocation(this.component), this.securityConfig.getPrivateKeyFileName())) {
            try {
                this.privateKey = this.keyCodec.readPrivateKey();
            } catch (IOException | NoSuchAlgorithmException | InvalidKeySpecException e) {
                getLogger().error("Error while getting private key.", e);
            }
        }
        return this.privateKey;
    }

    @Override // org.apache.hadoop.hdds.security.x509.certificate.client.CertificateClient
    public PublicKey getPublicKey() {
        if (this.publicKey != null) {
            return this.publicKey;
        }
        if (OzoneSecurityUtil.checkIfFileExist(this.securityConfig.getKeyLocation(this.component), this.securityConfig.getPublicKeyFileName())) {
            try {
                this.publicKey = this.keyCodec.readPublicKey();
            } catch (IOException | NoSuchAlgorithmException | InvalidKeySpecException e) {
                getLogger().error("Error while getting public key.", e);
            }
        }
        return this.publicKey;
    }

    @Override // org.apache.hadoop.hdds.security.x509.certificate.client.CertificateClient
    public X509Certificate getCertificate() {
        if (this.x509Certificate != null) {
            return this.x509Certificate;
        }
        if (this.certSerialId == null) {
            getLogger().error("Default certificate serial id is not set. Can't locate the default certificate for this client.");
            return null;
        }
        loadAllCertificates();
        if (this.certificateMap.containsKey(this.certSerialId)) {
            this.x509Certificate = this.certificateMap.get(this.certSerialId);
        }
        return this.x509Certificate;
    }

    @Override // org.apache.hadoop.hdds.security.x509.certificate.client.CertificateClient
    public X509Certificate getCACertificate() {
        if (this.caCertId != null) {
            return this.certificateMap.get(this.caCertId);
        }
        return null;
    }

    @Override // org.apache.hadoop.hdds.security.x509.certificate.client.CertificateClient
    public X509Certificate getCertificate(String str) throws org.apache.hadoop.hdds.security.x509.exceptions.CertificateException {
        return this.certificateMap.containsKey(str) ? this.certificateMap.get(str) : getCertificateFromScm(str);
    }

    private X509Certificate getCertificateFromScm(String str) throws org.apache.hadoop.hdds.security.x509.exceptions.CertificateException {
        getLogger().info("Getting certificate with certSerialId:{}.", str);
        try {
            String certificate = getScmSecurityClient(this.securityConfig.getConfiguration()).getCertificate(str);
            storeCertificate(certificate, true);
            return CertificateCodec.getX509Certificate(certificate);
        } catch (Exception e) {
            getLogger().error("Error while getting Certificate with certSerialId:{} from scm.", str, e);
            throw new org.apache.hadoop.hdds.security.x509.exceptions.CertificateException("Error while getting certificate for certSerialId:" + str, e, CertificateException.ErrorCode.CERTIFICATE_ERROR);
        }
    }

    @Override // org.apache.hadoop.hdds.security.x509.certificate.client.CertificateClient
    public boolean verifyCertificate(X509Certificate x509Certificate) {
        throw new UnsupportedOperationException("Operation not supported.");
    }

    @Override // org.apache.hadoop.hdds.security.x509.certificate.client.CertificateClient
    public byte[] signDataStream(InputStream inputStream) throws org.apache.hadoop.hdds.security.x509.exceptions.CertificateException {
        try {
            Signature signature = Signature.getInstance(getSignatureAlgorithm(), getSecurityProvider());
            signature.initSign(getPrivateKey());
            byte[] bArr = new byte[4096];
            while (true) {
                int read = inputStream.read(bArr);
                if (-1 == read) {
                    return signature.sign();
                }
                signature.update(bArr, 0, read);
            }
        } catch (IOException | InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException e) {
            getLogger().error("Error while signing the stream", e);
            throw new org.apache.hadoop.hdds.security.x509.exceptions.CertificateException("Error while signing the stream", e, CertificateException.ErrorCode.CRYPTO_SIGN_ERROR);
        }
    }

    @Override // org.apache.hadoop.hdds.security.x509.certificate.client.CertificateClient
    public String getSecurityProvider() {
        return this.securityConfig.getProvider();
    }

    @Override // org.apache.hadoop.hdds.security.x509.certificate.client.CertificateClient
    public byte[] signData(byte[] bArr) throws org.apache.hadoop.hdds.security.x509.exceptions.CertificateException {
        try {
            Signature signature = Signature.getInstance(getSignatureAlgorithm(), getSecurityProvider());
            signature.initSign(getPrivateKey());
            signature.update(bArr);
            return signature.sign();
        } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException e) {
            getLogger().error("Error while signing the stream", e);
            throw new org.apache.hadoop.hdds.security.x509.exceptions.CertificateException("Error while signing the stream", e, CertificateException.ErrorCode.CRYPTO_SIGN_ERROR);
        }
    }

    @Override // org.apache.hadoop.hdds.security.x509.certificate.client.CertificateClient
    public String getSignatureAlgorithm() {
        return this.securityConfig.getSignatureAlgo();
    }

    @Override // org.apache.hadoop.hdds.security.x509.certificate.client.CertificateClient
    public boolean verifySignature(InputStream inputStream, byte[] bArr, X509Certificate x509Certificate) throws org.apache.hadoop.hdds.security.x509.exceptions.CertificateException {
        try {
            Signature signature = Signature.getInstance(getSignatureAlgorithm(), getSecurityProvider());
            signature.initVerify(x509Certificate);
            byte[] bArr2 = new byte[4096];
            while (true) {
                int read = inputStream.read(bArr2);
                if (-1 == read) {
                    return signature.verify(bArr);
                }
                signature.update(bArr2, 0, read);
            }
        } catch (IOException | InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException e) {
            getLogger().error("Error while signing the stream", e);
            throw new org.apache.hadoop.hdds.security.x509.exceptions.CertificateException("Error while signing the stream", e, CertificateException.ErrorCode.CRYPTO_SIGNATURE_VERIFICATION_ERROR);
        }
    }

    @Override // org.apache.hadoop.hdds.security.x509.certificate.client.CertificateClient
    public boolean verifySignature(byte[] bArr, byte[] bArr2, X509Certificate x509Certificate) throws org.apache.hadoop.hdds.security.x509.exceptions.CertificateException {
        try {
            Signature signature = Signature.getInstance(getSignatureAlgorithm(), getSecurityProvider());
            signature.initVerify(x509Certificate);
            signature.update(bArr);
            return signature.verify(bArr2);
        } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException e) {
            getLogger().error("Error while signing the stream", e);
            throw new org.apache.hadoop.hdds.security.x509.exceptions.CertificateException("Error while signing the stream", e, CertificateException.ErrorCode.CRYPTO_SIGNATURE_VERIFICATION_ERROR);
        }
    }

    private boolean verifySignature(byte[] bArr, byte[] bArr2, PublicKey publicKey) throws org.apache.hadoop.hdds.security.x509.exceptions.CertificateException {
        try {
            Signature signature = Signature.getInstance(getSignatureAlgorithm(), getSecurityProvider());
            signature.initVerify(publicKey);
            signature.update(bArr);
            return signature.verify(bArr2);
        } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException e) {
            getLogger().error("Error while signing the stream", e);
            throw new org.apache.hadoop.hdds.security.x509.exceptions.CertificateException("Error while signing the stream", e, CertificateException.ErrorCode.CRYPTO_SIGNATURE_VERIFICATION_ERROR);
        }
    }

    @Override // org.apache.hadoop.hdds.security.x509.certificate.client.CertificateClient
    public CertificateSignRequest.Builder getCSRBuilder() throws org.apache.hadoop.hdds.security.x509.exceptions.CertificateException {
        CertificateSignRequest.Builder configuration = new CertificateSignRequest.Builder().setConfiguration(this.securityConfig.getConfiguration());
        try {
            DomainValidator domainValidator = DomainValidator.getInstance();
            OzoneSecurityUtil.getValidInetsForCurrentHost().forEach(inetAddress -> {
                configuration.addIpAddress(inetAddress.getHostAddress());
                if (domainValidator.isValid(inetAddress.getCanonicalHostName())) {
                    configuration.addDnsName(inetAddress.getCanonicalHostName());
                }
            });
            return configuration;
        } catch (IOException e) {
            throw new org.apache.hadoop.hdds.security.x509.exceptions.CertificateException("Error while adding ip to CSR builder", e, CertificateException.ErrorCode.CSR_ERROR);
        }
    }

    @Override // org.apache.hadoop.hdds.security.x509.certificate.client.CertificateClient
    public X509Certificate queryCertificate(String str) {
        throw new UnsupportedOperationException("Operation not supported");
    }

    @Override // org.apache.hadoop.hdds.security.x509.certificate.client.CertificateClient
    public void storeCertificate(String str, boolean z) throws org.apache.hadoop.hdds.security.x509.exceptions.CertificateException {
        storeCertificate(str, z, false);
    }

    @Override // org.apache.hadoop.hdds.security.x509.certificate.client.CertificateClient
    public void storeCertificate(String str, boolean z, boolean z2) throws org.apache.hadoop.hdds.security.x509.exceptions.CertificateException {
        CertificateCodec certificateCodec = new CertificateCodec(this.securityConfig, this.component);
        try {
            Path certificateLocation = this.securityConfig.getCertificateLocation(this.component);
            X509Certificate x509Certificate = CertificateCodec.getX509Certificate(str);
            String format = String.format(CERT_FILE_NAME_FORMAT, x509Certificate.getSerialNumber().toString());
            if (z2) {
                format = CA_CERT_PREFIX + format;
                this.caCertId = x509Certificate.getSerialNumber().toString();
            }
            certificateCodec.writeCertificate(certificateLocation, format, str, z);
            this.certificateMap.putIfAbsent(x509Certificate.getSerialNumber().toString(), x509Certificate);
        } catch (IOException | java.security.cert.CertificateException e) {
            throw new org.apache.hadoop.hdds.security.x509.exceptions.CertificateException("Error while storing certificate.", e, CertificateException.ErrorCode.CERTIFICATE_ERROR);
        }
    }

    @Override // org.apache.hadoop.hdds.security.x509.certificate.client.CertificateClient
    public synchronized void storeTrustChain(CertStore certStore) throws org.apache.hadoop.hdds.security.x509.exceptions.CertificateException {
        throw new UnsupportedOperationException("Operation not supported.");
    }

    @Override // org.apache.hadoop.hdds.security.x509.certificate.client.CertificateClient
    public synchronized void storeTrustChain(List<X509Certificate> list) throws org.apache.hadoop.hdds.security.x509.exceptions.CertificateException {
        throw new UnsupportedOperationException("Operation not supported.");
    }

    @Override // org.apache.hadoop.hdds.security.x509.certificate.client.CertificateClient
    public synchronized CertificateClient.InitResponse init() throws org.apache.hadoop.hdds.security.x509.exceptions.CertificateException {
        int i = 0;
        PrivateKey privateKey = getPrivateKey();
        PublicKey publicKey = getPublicKey();
        X509Certificate certificate = getCertificate();
        if (privateKey != null) {
            i = 0 | 4;
        }
        if (publicKey != null) {
            i |= 2;
        }
        if (certificate != null) {
            i |= 1;
        }
        getLogger().info("Certificate client init case: {}", Integer.valueOf(i));
        Preconditions.checkArgument(i < 8, "Not a valid case.");
        return handleCase(InitCase.values()[i]);
    }

    protected CertificateClient.InitResponse handleCase(InitCase initCase) throws org.apache.hadoop.hdds.security.x509.exceptions.CertificateException {
        switch (AnonymousClass1.$SwitchMap$org$apache$hadoop$hdds$security$x509$certificate$client$DefaultCertificateClient$InitCase[initCase.ordinal()]) {
            case 1:
                getLogger().info("Creating keypair for client as keypair and certificate not found.");
                bootstrapClientKeys();
                return CertificateClient.InitResponse.GETCERT;
            case 2:
                getLogger().error("Private key not found, while certificate is still present. Delete keypair and try again.");
                return CertificateClient.InitResponse.FAILURE;
            case CA_CERT_PREFIX_LEN /* 3 */:
                getLogger().error("Found public key but private key and certificate missing.");
                return CertificateClient.InitResponse.FAILURE;
            case 4:
                getLogger().info("Found private key but public key and certificate is missing.");
                return CertificateClient.InitResponse.FAILURE;
            case 5:
                getLogger().error("Found public key and certificate but private key is missing.");
                return CertificateClient.InitResponse.FAILURE;
            case 6:
                getLogger().info("Found private key and certificate but public key missing.");
                if (recoverPublicKey()) {
                    return CertificateClient.InitResponse.SUCCESS;
                }
                getLogger().error("Public key recovery failed.");
                return CertificateClient.InitResponse.FAILURE;
            case 7:
                getLogger().info("Found private and public key but certificate is missing.");
                if (validateKeyPair(getPublicKey())) {
                    return CertificateClient.InitResponse.GETCERT;
                }
                getLogger().info("Keypair validation failed.");
                return CertificateClient.InitResponse.FAILURE;
            case 8:
                getLogger().info("Found certificate file along with KeyPair.");
                return validateKeyPairAndCertificate() ? CertificateClient.InitResponse.SUCCESS : CertificateClient.InitResponse.FAILURE;
            default:
                getLogger().error("Unexpected case: {} (private/public/cert)", Integer.toBinaryString(initCase.ordinal()));
                return CertificateClient.InitResponse.FAILURE;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean validateKeyPairAndCertificate() throws org.apache.hadoop.hdds.security.x509.exceptions.CertificateException {
        if (!validateKeyPair(getPublicKey())) {
            getLogger().error("Keypair validation failed.");
            return false;
        }
        getLogger().info("Keypair validated.");
        if (validateKeyPair(getCertificate().getPublicKey())) {
            getLogger().info("Keypair validated with certificate.");
            return true;
        }
        getLogger().error("Stored certificate is generated with different private key.");
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean recoverPublicKey() throws org.apache.hadoop.hdds.security.x509.exceptions.CertificateException {
        PublicKey publicKey = getCertificate().getPublicKey();
        try {
            if (!validateKeyPair(publicKey)) {
                getLogger().error("Can't recover public key corresponding to private key.");
                return false;
            }
            this.keyCodec.writePublicKey(publicKey);
            this.publicKey = publicKey;
            return true;
        } catch (IOException e) {
            throw new org.apache.hadoop.hdds.security.x509.exceptions.CertificateException("Error while trying to recover public key.", e, CertificateException.ErrorCode.BOOTSTRAP_ERROR);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean validateKeyPair(PublicKey publicKey) throws org.apache.hadoop.hdds.security.x509.exceptions.CertificateException {
        byte[] bytes = RandomStringUtils.random(FakeScmBlockLocationProtocolClient.BLOCK_PER_CONTAINER).getBytes(StandardCharsets.UTF_8);
        return verifySignature(bytes, signDataStream(new ByteArrayInputStream(bytes)), publicKey);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void bootstrapClientKeys() throws org.apache.hadoop.hdds.security.x509.exceptions.CertificateException {
        Path keyLocation = this.securityConfig.getKeyLocation(this.component);
        if (Files.notExists(keyLocation, new LinkOption[0])) {
            try {
                Files.createDirectories(keyLocation, new FileAttribute[0]);
            } catch (IOException e) {
                throw new org.apache.hadoop.hdds.security.x509.exceptions.CertificateException("Error while creating directories for certificate storage.", CertificateException.ErrorCode.BOOTSTRAP_ERROR);
            }
        }
        KeyPair createKeyPair = createKeyPair();
        this.privateKey = createKeyPair.getPrivate();
        this.publicKey = createKeyPair.getPublic();
    }

    protected KeyPair createKeyPair() throws org.apache.hadoop.hdds.security.x509.exceptions.CertificateException {
        try {
            KeyPair generateKey = new HDDSKeyGenerator(this.securityConfig).generateKey();
            this.keyCodec.writePublicKey(generateKey.getPublic());
            this.keyCodec.writePrivateKey(generateKey.getPrivate());
            return generateKey;
        } catch (IOException | NoSuchAlgorithmException | NoSuchProviderException e) {
            getLogger().error("Error while bootstrapping certificate client.", e);
            throw new org.apache.hadoop.hdds.security.x509.exceptions.CertificateException("Error while bootstrapping certificate.", CertificateException.ErrorCode.BOOTSTRAP_ERROR);
        }
    }

    public Logger getLogger() {
        return this.logger;
    }

    private static SCMSecurityProtocol getScmSecurityClient(OzoneConfiguration ozoneConfiguration) throws IOException {
        RPC.setProtocolEngine(ozoneConfiguration, SCMSecurityProtocolPB.class, ProtobufRpcEngine.class);
        return new SCMSecurityProtocolClientSideTranslatorPB((SCMSecurityProtocolPB) RPC.getProxy(SCMSecurityProtocolPB.class, RPC.getProtocolVersion(ScmBlockLocationProtocolPB.class), HddsServerUtil.getScmAddressForSecurityProtocol(ozoneConfiguration), UserGroupInformation.getCurrentUser(), ozoneConfiguration, NetUtils.getDefaultSocketFactory(ozoneConfiguration), Client.getRpcTimeout(ozoneConfiguration)));
    }
}
