package org.apache.hadoop.hdds.security.x509.certificate.client;

import com.google.common.util.concurrent.ThreadFactoryBuilder;
import java.io.Closeable;
import java.io.IOException;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.function.Function;
import java.util.stream.Collectors;
import org.apache.hadoop.hdds.protocolPB.SCMSecurityProtocolClientSideTranslatorPB;
import org.apache.hadoop.hdds.security.SecurityConfig;
import org.apache.hadoop.ozone.OzoneSecurityUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/hdds/security/x509/certificate/client/RootCaRotationPoller.class */
public class RootCaRotationPoller implements Runnable, Closeable {
    private static final Logger LOG = LoggerFactory.getLogger(RootCaRotationPoller.class);
    private final ScheduledExecutorService poller;
    private final Duration pollingInterval;
    private Set<X509Certificate> knownRootCerts;
    private final SCMSecurityProtocolClientSideTranslatorPB scmSecureClient;
    private final List<Function<List<X509Certificate>, CompletableFuture<Void>>> rootCARotationProcessors = new ArrayList();
    private final AtomicBoolean certificateRenewalError = new AtomicBoolean(false);

    public RootCaRotationPoller(SecurityConfig securityConfig, Set<X509Certificate> set, SCMSecurityProtocolClientSideTranslatorPB sCMSecurityProtocolClientSideTranslatorPB, String str) {
        this.scmSecureClient = sCMSecurityProtocolClientSideTranslatorPB;
        this.knownRootCerts = set;
        this.poller = Executors.newScheduledThreadPool(1, new ThreadFactoryBuilder().setNameFormat(str + getClass().getSimpleName()).setDaemon(true).build());
        this.pollingInterval = securityConfig.getRootCaCertificatePollingInterval();
    }

    void pollRootCas() {
        try {
            List convertToX509 = OzoneSecurityUtil.convertToX509(this.scmSecureClient.getAllRootCaCertificates());
            ArrayList arrayList = new ArrayList(convertToX509);
            arrayList.removeAll(this.knownRootCerts);
            if (arrayList.isEmpty()) {
                return;
            }
            LOG.info("Some root CAs are not known to the client out of the root CAs known to the SCMs. Root CA Cert ids known to the client: " + getPrintableCertIds(this.knownRootCerts) + ". Root CA Cert ids from SCM not known by the client: " + getPrintableCertIds(arrayList));
            this.certificateRenewalError.set(false);
            CompletableFuture.allOf((CompletableFuture[]) this.rootCARotationProcessors.stream().map(function -> {
                return (CompletableFuture) function.apply(convertToX509);
            }).toArray(i -> {
                return new CompletableFuture[i];
            })).whenComplete((r7, th) -> {
                if (th != null || this.certificateRenewalError.get()) {
                    LOG.info("Certificate consumption was unsuccessful. " + (this.certificateRenewalError.get() ? "There was a caught exception when trying to sign the certificate" : "There was an unexpected error during cert rotation" + th));
                } else {
                    this.knownRootCerts = new HashSet(convertToX509);
                    LOG.info("Certificate processing was successful.");
                }
            });
        } catch (IOException e) {
            LOG.error("Error while trying to poll root ca certificate", e);
        }
    }

    public void addRootCARotationProcessor(Function<List<X509Certificate>, CompletableFuture<Void>> function) {
        this.rootCARotationProcessors.add(function);
    }

    @Override // java.lang.Runnable
    public void run() {
        this.poller.scheduleAtFixedRate(this::pollRootCas, 0L, this.pollingInterval.getSeconds(), TimeUnit.SECONDS);
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() {
        executorServiceShutdownGraceful(this.poller);
    }

    private void executorServiceShutdownGraceful(ExecutorService executorService) {
        executorService.shutdown();
        try {
            if (!executorService.awaitTermination(5L, TimeUnit.SECONDS)) {
                executorService.shutdownNow();
            }
            if (!executorService.awaitTermination(5L, TimeUnit.SECONDS)) {
                LOG.warn("{} couldn't be shut down gracefully", getClass().getSimpleName());
            }
        } catch (InterruptedException e) {
            LOG.warn("{} couldn't be stopped gracefully", getClass().getSimpleName());
            Thread.currentThread().interrupt();
        }
    }

    public void setCertificateRenewalError() {
        this.certificateRenewalError.set(true);
    }

    private String getPrintableCertIds(Collection<X509Certificate> collection) {
        return (String) collection.stream().map((v0) -> {
            return v0.getSerialNumber();
        }).map((v0) -> {
            return v0.toString();
        }).collect(Collectors.joining(", "));
    }
}
