package org.apache.hadoop.ozone.container.common.transport.server;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import java.io.IOException;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.hdds.protocol.datanode.proto.ContainerProtos;
import org.apache.hadoop.hdds.protocol.proto.HddsProtos;
import org.apache.hadoop.hdds.security.exception.SCMSecurityException;
import org.apache.hadoop.hdds.security.token.BlockTokenVerifier;
import org.apache.hadoop.hdds.security.token.TokenVerifier;
import org.apache.hadoop.hdds.security.x509.SecurityConfig;
import org.apache.hadoop.hdds.security.x509.certificate.client.CertificateClient;

/* loaded from: input_file:org/apache/hadoop/ozone/container/common/transport/server/XceiverServer.class */
public abstract class XceiverServer implements XceiverServerSpi {
    private final SecurityConfig secConfig;
    private final TokenVerifier tokenVerifier;
    private final CertificateClient caClient;

    public XceiverServer(Configuration configuration, CertificateClient certificateClient) {
        Preconditions.checkNotNull(configuration);
        this.secConfig = new SecurityConfig(configuration);
        this.caClient = certificateClient;
        this.tokenVerifier = new BlockTokenVerifier(this.secConfig, getCaClient());
    }

    @Override // org.apache.hadoop.ozone.container.common.transport.server.XceiverServerSpi
    public void submitRequest(ContainerProtos.ContainerCommandRequestProto containerCommandRequestProto, HddsProtos.PipelineID pipelineID) throws IOException {
        if (this.secConfig.isSecurityEnabled()) {
            String encodedToken = containerCommandRequestProto.getEncodedToken();
            if (encodedToken == null) {
                throw new SCMSecurityException("Security is enabled but client request is missing block token.", SCMSecurityException.ErrorCode.MISSING_BLOCK_TOKEN);
            }
            this.tokenVerifier.verify(encodedToken, encodedToken);
        }
    }

    @VisibleForTesting
    protected CertificateClient getCaClient() {
        return this.caClient;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SecurityConfig getSecurityConfig() {
        return this.secConfig;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public TokenVerifier getBlockTokenVerifier() {
        return this.tokenVerifier;
    }

    public SecurityConfig getSecConfig() {
        return this.secConfig;
    }
}
