package org.apache.hadoop.hdds.scm.security;

import java.io.File;
import java.io.IOException;
import java.lang.reflect.Proxy;
import java.nio.file.Files;
import java.nio.file.StandardCopyOption;
import java.util.HashSet;
import java.util.Set;
import java.util.concurrent.atomic.AtomicReference;
import org.apache.commons.io.FileUtils;
import org.apache.hadoop.hdds.protocol.proto.SCMRatisProtocol;
import org.apache.hadoop.hdds.scm.ha.SCMHAInvocationHandler;
import org.apache.hadoop.hdds.scm.ha.SCMRatisServer;
import org.apache.hadoop.hdds.scm.server.StorageContainerManager;
import org.apache.hadoop.hdds.security.SecurityConfig;
import org.apache.hadoop.hdds.security.x509.certificate.client.SCMCertificateClient;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/hdds/scm/security/RootCARotationHandlerImpl.class */
public class RootCARotationHandlerImpl implements RootCARotationHandler {
    public static final Logger LOG = LoggerFactory.getLogger(RootCARotationHandlerImpl.class);
    private final StorageContainerManager scm;
    private final SCMCertificateClient scmCertClient;
    private final SecurityConfig secConfig;
    private final String newSubCAPath;
    private final RootCARotationManager rotationManager;
    private Set<String> newScmCertIdSet = new HashSet();
    private AtomicReference<String> newSubCACertId = new AtomicReference<>();
    private AtomicReference<String> newRootCACertId = new AtomicReference<>();

    /* loaded from: input_file:org/apache/hadoop/hdds/scm/security/RootCARotationHandlerImpl$Builder.class */
    public static class Builder {
        private StorageContainerManager scm;
        private SCMRatisServer ratisServer;
        private RootCARotationManager rootCARotationManager;

        public Builder setRatisServer(SCMRatisServer sCMRatisServer) {
            this.ratisServer = sCMRatisServer;
            return this;
        }

        public Builder setStorageContainerManager(StorageContainerManager storageContainerManager) {
            this.scm = storageContainerManager;
            return this;
        }

        public Builder setRootCARotationManager(RootCARotationManager rootCARotationManager) {
            this.rootCARotationManager = rootCARotationManager;
            return this;
        }

        public RootCARotationHandler build() {
            return (RootCARotationHandler) Proxy.newProxyInstance(SCMHAInvocationHandler.class.getClassLoader(), new Class[]{RootCARotationHandler.class}, new SCMHAInvocationHandler(SCMRatisProtocol.RequestType.CERT_ROTATE, new RootCARotationHandlerImpl(this.scm, this.rootCARotationManager), this.ratisServer));
        }
    }

    public RootCARotationHandlerImpl(StorageContainerManager storageContainerManager, RootCARotationManager rootCARotationManager) {
        this.scm = storageContainerManager;
        this.rotationManager = rootCARotationManager;
        this.scmCertClient = storageContainerManager.getScmCertificateClient();
        this.secConfig = this.scmCertClient.getSecurityConfig();
        this.newSubCAPath = this.secConfig.getLocation(this.scmCertClient.getComponentName()).toString() + "-next";
    }

    @Override // org.apache.hadoop.hdds.scm.security.RootCARotationHandler
    public void rotationPrepare(String str) throws IOException {
        LOG.info("Received rotation prepare command of root certificate {}", str);
        if (this.rotationManager.shouldSkipRootCert(str)) {
            return;
        }
        this.newRootCACertId.set(str);
        this.newScmCertIdSet.clear();
        this.newSubCACertId.set(null);
        this.rotationManager.scheduleSubCaRotationPrepareTask(str);
    }

    @Override // org.apache.hadoop.hdds.scm.security.RootCARotationHandler
    public void rotationPrepareAck(String str, String str2, String str3) throws IOException {
        LOG.info("Received rotation prepare ack of root certificate {} from scm {}", str, str3);
        if (this.rotationManager.isRunning() && !this.rotationManager.shouldSkipRootCert(str) && str.equals(this.newRootCACertId.get())) {
            this.newScmCertIdSet.add(str2);
        }
    }

    @Override // org.apache.hadoop.hdds.scm.security.RootCARotationHandler
    public void rotationCommit(String str) throws IOException {
        LOG.info("Received rotation commit command of root certificate {}", str);
        if (this.rotationManager.shouldSkipRootCert(str)) {
            return;
        }
        File file = new File(this.secConfig.getLocation(this.scmCertClient.getComponentName()).toString());
        File file2 = new File(this.secConfig.getLocation(this.scmCertClient.getComponentName() + "-previous").toString());
        File file3 = new File(this.newSubCAPath);
        try {
            Files.move(file.toPath(), file2.toPath(), StandardCopyOption.ATOMIC_MOVE, StandardCopyOption.REPLACE_EXISTING);
        } catch (IOException e) {
            LOG.error("Failed to move {} to {}", new Object[]{file, file2, e});
            this.scm.shutDown("Terminate SCM, encounter IO exception(" + e.getMessage() + ") when move " + file + " to " + file2);
        }
        try {
            Files.move(file3.toPath(), file.toPath(), StandardCopyOption.ATOMIC_MOVE, StandardCopyOption.REPLACE_EXISTING);
        } catch (IOException e2) {
            LOG.error("Failed to move {} to {}", new Object[]{file3, file, e2});
            this.scm.shutDown("Terminate SCM, encounter IO exception(" + e2.getMessage() + ") when move " + file3 + " to " + file);
        }
        try {
            String str2 = this.newSubCACertId.get();
            LOG.info("Persistent new scm certificate {}", str2);
            this.scm.getScmStorageConfig().setScmCertSerialId(str2);
            this.scm.getScmStorageConfig().persistCurrentState();
        } catch (IOException e3) {
            LOG.error("Failed to persist new SCM certificate ID", e3);
            this.scm.shutDown("Terminate SCM, encounter IO exception(" + e3.getMessage() + ") when persist new SCM certificate ID");
        }
    }

    @Override // org.apache.hadoop.hdds.scm.security.RootCARotationHandler
    public void rotationCommitted(String str) throws IOException {
        LOG.info("Received rotation committed command of root certificate {}", str);
        if (this.rotationManager.shouldSkipRootCert(str)) {
            return;
        }
        this.scmCertClient.reloadKeyAndCertificate(this.newSubCACertId.get());
        File file = new File(this.secConfig.getLocation(this.scmCertClient.getComponentName() + "-previous").toString());
        try {
            FileUtils.deleteDirectory(file);
        } catch (IOException e) {
            LOG.error("Failed to delete backup dir {}", file, e);
        }
        this.newSubCACertId.set(null);
    }

    @Override // org.apache.hadoop.hdds.scm.security.RootCARotationHandler
    public int rotationPrepareAcks() {
        return this.newScmCertIdSet.size();
    }

    @Override // org.apache.hadoop.hdds.scm.security.RootCARotationHandler
    public void resetRotationPrepareAcks() {
        this.newScmCertIdSet.clear();
    }

    @Override // org.apache.hadoop.hdds.scm.security.RootCARotationHandler
    public void setSubCACertId(String str) {
        this.newSubCACertId.set(str);
        LOG.info("Scm sub CA new certificate is {}", str);
    }
}
