package org.apache.hadoop.hdds.scm.update.server;

import com.google.common.collect.ImmutableList;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;
import java.security.KeyPair;
import java.security.cert.X509Certificate;
import java.time.Instant;
import java.util.Arrays;
import java.util.Date;
import java.util.List;
import java.util.Optional;
import java.util.concurrent.TimeoutException;
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
import org.apache.hadoop.hdds.protocol.proto.HddsProtos;
import org.apache.hadoop.hdds.scm.ha.SCMRatisServer;
import org.apache.hadoop.hdds.scm.metadata.SCMMetadataStore;
import org.apache.hadoop.hdds.scm.metadata.SCMMetadataStoreImpl;
import org.apache.hadoop.hdds.scm.server.SCMCertStore;
import org.apache.hadoop.hdds.scm.update.client.CRLStore;
import org.apache.hadoop.hdds.security.SecurityConfig;
import org.apache.hadoop.hdds.security.x509.certificate.authority.CRLApprover;
import org.apache.hadoop.hdds.security.x509.certificate.authority.CertificateStore;
import org.apache.hadoop.hdds.security.x509.certificate.authority.DefaultCRLApprover;
import org.apache.hadoop.hdds.security.x509.certificate.utils.CertificateCodec;
import org.apache.hadoop.hdds.security.x509.crl.CRLInfo;
import org.apache.hadoop.security.ssl.KeyStoreTestUtil;
import org.bouncycastle.asn1.x509.CRLReason;
import org.bouncycastle.cert.X509CertificateHolder;
import org.slf4j.Logger;

/* loaded from: input_file:org/apache/hadoop/hdds/scm/update/server/MockCRLStore.class */
public class MockCRLStore implements CRLStore {
    private static final String COMPONENT_NAME = "scm";
    private static final Long INITIAL_SEQUENCE_ID = 0L;
    private OzoneConfiguration config = new OzoneConfiguration();
    private SCMMetadataStore scmMetadataStore;
    private CertificateStore scmCertStore;
    private SecurityConfig securityConfig;
    private KeyPair keyPair;
    private CRLApprover crlApprover;
    private final X509CertificateHolder caCertificateHolder;
    private final Logger log;

    public MockCRLStore(Path path, Logger logger) throws Exception {
        this.log = logger;
        this.config.set("ozone.metadata.dirs", path.toAbsolutePath().toString());
        this.securityConfig = new SecurityConfig(this.config);
        this.keyPair = KeyStoreTestUtil.generateKeyPair("RSA");
        this.scmMetadataStore = new SCMMetadataStoreImpl(this.config);
        this.scmCertStore = new SCMCertStore.Builder().setRatisServer((SCMRatisServer) null).setCRLSequenceId(INITIAL_SEQUENCE_ID.longValue()).setMetadaStore(this.scmMetadataStore).build();
        this.crlApprover = new DefaultCRLApprover(this.securityConfig, this.keyPair.getPrivate());
        Files.createDirectories(this.securityConfig.getKeyLocation(COMPONENT_NAME), new FileAttribute[0]);
        this.caCertificateHolder = new X509CertificateHolder(generateX509Cert().getEncoded());
    }

    public BigInteger issueCert() throws Exception {
        X509Certificate generateX509Cert = generateX509Cert();
        this.scmCertStore.storeValidCertificate(generateX509Cert.getSerialNumber(), generateX509Cert, HddsProtos.NodeType.SCM);
        return generateX509Cert.getSerialNumber();
    }

    public Optional<Long> revokeCert(List<BigInteger> list, Instant instant) throws IOException, TimeoutException {
        this.log.debug("Revoke certs: {}", list);
        Optional<Long> revokeCertificates = this.scmCertStore.revokeCertificates(list, this.caCertificateHolder, CRLReason.lookup(1), Date.from(instant), this.crlApprover);
        List crls = this.scmCertStore.getCrls(ImmutableList.of(revokeCertificates.get()));
        if (!crls.isEmpty()) {
            this.log.debug("CRL[0]: {}", crls.get(0));
        }
        return revokeCertificates;
    }

    private X509Certificate generateX509Cert() throws Exception {
        return CertificateCodec.getX509Certificate(CertificateCodec.getPEMEncodedString(KeyStoreTestUtil.generateCertificate("CN=Test", this.keyPair, 30, "SHA256withRSA")));
    }

    public long getLatestCrlId() {
        return this.scmCertStore.getLatestCrlId();
    }

    public CRLInfo getCRL(long j) throws IOException {
        return (CRLInfo) this.scmCertStore.getCrls(Arrays.asList(Long.valueOf(j))).get(0);
    }

    public void close() throws Exception {
        if (this.scmMetadataStore.getStore() != null) {
            this.scmMetadataStore.getStore().close();
        }
    }
}
