package org.apache.hadoop.hdds.security.x509.certificate.client;

import com.google.common.util.concurrent.ThreadFactoryBuilder;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertPath;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.time.LocalDateTime;
import java.time.ZoneId;
import java.time.temporal.TemporalAmount;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
import java.util.function.Function;
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
import org.apache.hadoop.hdds.security.SecurityConfig;
import org.apache.hadoop.hdds.security.ssl.KeyStoresFactory;
import org.apache.hadoop.hdds.security.x509.certificate.authority.CAType;
import org.apache.hadoop.hdds.security.x509.certificate.authority.DefaultApprover;
import org.apache.hadoop.hdds.security.x509.certificate.authority.profile.DefaultProfile;
import org.apache.hadoop.hdds.security.x509.certificate.utils.CertificateSignRequest;
import org.apache.hadoop.hdds.security.x509.certificate.utils.SelfSignedCertificate;
import org.apache.hadoop.hdds.security.x509.exception.CertificateException;
import org.apache.hadoop.hdds.security.x509.keys.HDDSKeyGenerator;
import org.apache.hadoop.hdds.security.x509.keys.SecurityUtil;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;

/* loaded from: input_file:org/apache/hadoop/hdds/security/x509/certificate/client/CertificateClientTestImpl.class */
public class CertificateClientTestImpl implements CertificateClient {
    private final SecurityConfig securityConfig;
    private KeyPair keyPair;
    private X509Certificate x509Certificate;
    private KeyPair rootKeyPair;
    private X509Certificate rootCert;
    private Set<X509Certificate> rootCerts;
    private HDDSKeyGenerator keyGen;
    private DefaultApprover approver;
    private KeyStoresFactory serverKeyStoresFactory;
    private KeyStoresFactory clientKeyStoresFactory;
    private Map<String, X509Certificate> certificateMap;
    private ScheduledExecutorService executorService;
    private Set<CertificateNotification> notificationReceivers;

    /* loaded from: input_file:org/apache/hadoop/hdds/security/x509/certificate/client/CertificateClientTestImpl$RenewCertTask.class */
    public class RenewCertTask implements Runnable {
        public RenewCertTask() {
        }

        @Override // java.lang.Runnable
        public void run() {
            try {
                CertificateClientTestImpl.this.renewRootCA();
                CertificateClientTestImpl.this.renewKey();
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }
    }

    public CertificateClientTestImpl(OzoneConfiguration ozoneConfiguration) throws Exception {
        this(ozoneConfiguration, false);
    }

    /* JADX WARN: Type inference failed for: r0v62, types: [java.time.LocalDateTime, java.time.temporal.Temporal] */
    /* JADX WARN: Type inference failed for: r4v5, types: [java.time.ZonedDateTime] */
    /* JADX WARN: Type inference failed for: r5v6, types: [java.time.ZonedDateTime] */
    public CertificateClientTestImpl(OzoneConfiguration ozoneConfiguration, boolean z) throws Exception {
        this.certificateMap = new ConcurrentHashMap();
        this.securityConfig = new SecurityConfig(ozoneConfiguration);
        this.rootCerts = new HashSet();
        this.keyGen = new HDDSKeyGenerator(this.securityConfig);
        this.keyPair = this.keyGen.generateKey();
        this.rootKeyPair = this.keyGen.generateKey();
        LocalDateTime now = LocalDateTime.now();
        this.rootCert = new JcaX509CertificateConverter().getCertificate(SelfSignedCertificate.newBuilder().setBeginDate(now).setEndDate(now.plus((TemporalAmount) Duration.parse(ozoneConfiguration.get("hdds.x509.max.duration", "P1865D")))).setClusterID("cluster1").setKey(this.rootKeyPair).setSubject("rootCA@localhost").setConfiguration(this.securityConfig).setScmID("scm1").makeCA().build());
        this.certificateMap.put(this.rootCert.getSerialNumber().toString(), this.rootCert);
        this.rootCerts.add(this.rootCert);
        this.approver = new DefaultApprover(new DefaultProfile(), this.securityConfig);
        CertificateSignRequest.Builder builder = new CertificateSignRequest.Builder();
        builder.setKey(this.keyPair).setConfiguration(this.securityConfig).setScmID("scm1").setClusterID("cluster1").setSubject("localhost").setDigitalSignature(true).setDigitalEncryption(true);
        LocalDateTime now2 = LocalDateTime.now();
        this.x509Certificate = new JcaX509CertificateConverter().getCertificate(this.approver.sign(this.securityConfig, this.rootKeyPair.getPrivate(), new X509CertificateHolder(this.rootCert.getEncoded()), Date.from(now2.atZone(ZoneId.systemDefault()).toInstant()), Date.from(now2.plus((TemporalAmount) Duration.parse(ozoneConfiguration.get("hdds.x509.default.duration", "P365D"))).atZone(ZoneId.systemDefault()).toInstant()), builder.build(), "scm1", "cluster1", String.valueOf(System.nanoTime())));
        this.certificateMap.put(this.x509Certificate.getSerialNumber().toString(), this.x509Certificate);
        this.notificationReceivers = new HashSet();
        this.serverKeyStoresFactory = SecurityUtil.getServerKeyStoresFactory(this.securityConfig, this, true);
        this.clientKeyStoresFactory = SecurityUtil.getClientKeyStoresFactory(this.securityConfig, this, true);
        if (z) {
            ?? localDateTime = this.x509Certificate.getNotAfter().toInstant().minus((TemporalAmount) this.securityConfig.getRenewalGracePeriod()).atZone(ZoneId.systemDefault()).toLocalDateTime();
            LocalDateTime now3 = LocalDateTime.now();
            Duration between = localDateTime.isBefore(now3) ? Duration.ZERO : Duration.between(now3, localDateTime);
            this.executorService = Executors.newScheduledThreadPool(1, new ThreadFactoryBuilder().setNameFormat("CertificateRenewerService").setDaemon(true).build());
            this.executorService.schedule(new RenewCertTask(), between.toMillis(), TimeUnit.MILLISECONDS);
        }
    }

    public PrivateKey getPrivateKey() {
        return this.keyPair.getPrivate();
    }

    public PublicKey getPublicKey() {
        return this.keyPair.getPublic();
    }

    public X509Certificate getCertificate(String str) throws CertificateException {
        return this.certificateMap.get(str);
    }

    public CertPath getCertPath() {
        return null;
    }

    public X509Certificate getCertificate() {
        return this.x509Certificate;
    }

    public List<X509Certificate> getTrustChain() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(this.x509Certificate);
        arrayList.add(this.rootCert);
        return arrayList;
    }

    public X509Certificate getCACertificate() {
        return this.rootCert;
    }

    public byte[] signData(byte[] bArr) throws CertificateException {
        return new byte[0];
    }

    public boolean verifySignature(byte[] bArr, byte[] bArr2, X509Certificate x509Certificate) throws CertificateException {
        try {
            Signature signature = Signature.getInstance(this.securityConfig.getSignatureAlgo(), this.securityConfig.getProvider());
            signature.initVerify(x509Certificate);
            signature.update(bArr);
            return signature.verify(bArr2);
        } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException e) {
            System.out.println("Error while signing the stream " + e.getMessage());
            throw new CertificateException("Error while signing the stream", e, CertificateException.ErrorCode.CRYPTO_SIGNATURE_VERIFICATION_ERROR);
        }
    }

    public CertificateSignRequest.Builder getCSRBuilder() {
        return new CertificateSignRequest.Builder();
    }

    public String signAndStoreCertificate(PKCS10CertificationRequest pKCS10CertificationRequest) throws CertificateException {
        return null;
    }

    public void storeCertificate(String str, CAType cAType) throws CertificateException {
    }

    public void initWithRecovery() throws IOException {
    }

    public String getComponentName() {
        return getClass().getSimpleName();
    }

    public X509Certificate getRootCACertificate() {
        return this.rootCert;
    }

    public Set<X509Certificate> getAllRootCaCerts() {
        return this.rootCerts;
    }

    public Set<X509Certificate> getAllCaCerts() {
        return this.rootCerts;
    }

    public List<String> getCAList() {
        return null;
    }

    public List<String> listCA() throws IOException {
        return null;
    }

    public List<String> updateCAList() throws IOException {
        return null;
    }

    public void renewRootCA() throws Exception {
        LocalDateTime now = LocalDateTime.now();
        LocalDateTime plus = now.plus((TemporalAmount) this.securityConfig.getMaxCertificateDuration());
        this.rootKeyPair = this.keyGen.generateKey();
        this.rootCert = new JcaX509CertificateConverter().getCertificate(SelfSignedCertificate.newBuilder().setBeginDate(now).setEndDate(plus).setClusterID("cluster1").setKey(this.rootKeyPair).setSubject("rootCA-new@localhost").setConfiguration(this.securityConfig).setScmID("scm1").makeCA(BigInteger.ONE.add(BigInteger.ONE)).build());
        this.certificateMap.put(this.rootCert.getSerialNumber().toString(), this.rootCert);
        this.rootCerts.add(this.rootCert);
    }

    public void renewKey() throws Exception {
        KeyPair generateKey = this.keyGen.generateKey();
        CertificateSignRequest.Builder builder = new CertificateSignRequest.Builder();
        builder.setKey(generateKey).setConfiguration(this.securityConfig).setScmID("scm1").setClusterID("cluster1").setSubject("localhost").setDigitalSignature(true);
        Duration defaultCertDuration = this.securityConfig.getDefaultCertDuration();
        Date date = new Date();
        X509Certificate certificate = new JcaX509CertificateConverter().getCertificate(this.approver.sign(this.securityConfig, this.rootKeyPair.getPrivate(), new X509CertificateHolder(this.rootCert.getEncoded()), date, new Date(date.getTime() + defaultCertDuration.toMillis()), builder.build(), "scm1", "cluster1", String.valueOf(System.nanoTime())));
        X509Certificate x509Certificate = this.x509Certificate;
        this.keyPair = generateKey;
        this.x509Certificate = certificate;
        this.certificateMap.put(this.x509Certificate.getSerialNumber().toString(), this.x509Certificate);
        this.notificationReceivers.forEach(certificateNotification -> {
            certificateNotification.notifyCertificateRenewed(this, x509Certificate.getSerialNumber().toString(), this.x509Certificate.getSerialNumber().toString());
        });
    }

    public KeyStoresFactory getServerKeyStoresFactory() {
        return this.serverKeyStoresFactory;
    }

    public KeyStoresFactory getClientKeyStoresFactory() {
        return this.clientKeyStoresFactory;
    }

    public void registerNotificationReceiver(CertificateNotification certificateNotification) {
        synchronized (this.notificationReceivers) {
            this.notificationReceivers.add(certificateNotification);
        }
    }

    public void registerRootCARotationListener(Function<List<X509Certificate>, CompletableFuture<Void>> function) {
    }

    public void close() throws IOException {
        if (this.serverKeyStoresFactory != null) {
            this.serverKeyStoresFactory.destroy();
        }
        if (this.clientKeyStoresFactory != null) {
            this.clientKeyStoresFactory.destroy();
        }
        if (this.executorService != null) {
            this.executorService.shutdown();
        }
    }
}
