package org.apache.hadoop.hdds.security.x509;

import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.Provider;
import java.security.Security;
import java.time.Duration;
import java.util.concurrent.TimeUnit;
import org.apache.hadoop.hdds.HddsConfigKeys;
import org.apache.hadoop.hdds.conf.ConfigurationSource;
import org.apache.hadoop.hdds.scm.ScmConfigKeys;
import org.apache.hadoop.ozone.OzoneConfigKeys;
import org.apache.hadoop.ozone.shaded.com.google.common.base.Preconditions;
import org.apache.hadoop.ozone.shaded.org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.apache.ratis.thirdparty.io.netty.handler.ssl.SslProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/hdds/security/x509/SecurityConfig.class */
public class SecurityConfig {
    private static final Logger LOG = LoggerFactory.getLogger(SecurityConfig.class);
    private static volatile Provider provider;
    private final ConfigurationSource configuration;
    private final int size;
    private final String keyAlgo;
    private final String providerString;
    private final String metadatDir;
    private final String keyDir;
    private final String privateKeyFileName;
    private final String publicKeyFileName;
    private final Duration maxCertDuration;
    private final String x509SignatureAlgo;
    private final boolean blockTokenEnabled;
    private final boolean containerTokenEnabled;
    private final String certificateDir;
    private final String certificateFileName;
    private final boolean grpcTlsEnabled;
    private final Duration defaultCertDuration;
    private final Duration renewalGracePeriod;
    private final boolean isSecurityEnabled;
    private final String crlName;
    private boolean grpcTlsUseTestCert;

    public SecurityConfig(ConfigurationSource configurationSource) {
        Preconditions.checkNotNull(configurationSource, "Configuration cannot be null");
        this.configuration = configurationSource;
        this.size = this.configuration.getInt(HddsConfigKeys.HDDS_KEY_LEN, 2048);
        this.keyAlgo = this.configuration.get(HddsConfigKeys.HDDS_KEY_ALGORITHM, HddsConfigKeys.HDDS_DEFAULT_KEY_ALGORITHM);
        this.providerString = this.configuration.get(HddsConfigKeys.HDDS_SECURITY_PROVIDER, "BC");
        this.metadatDir = this.configuration.get(HddsConfigKeys.HDDS_METADATA_DIR_NAME, configurationSource.get("ozone.metadata.dirs", configurationSource.get(ScmConfigKeys.HDDS_DATANODE_DIR_KEY)));
        this.keyDir = this.configuration.get(HddsConfigKeys.HDDS_KEY_DIR_NAME, HddsConfigKeys.HDDS_KEY_DIR_NAME_DEFAULT);
        this.privateKeyFileName = this.configuration.get(HddsConfigKeys.HDDS_PRIVATE_KEY_FILE_NAME, "private.pem");
        this.publicKeyFileName = this.configuration.get(HddsConfigKeys.HDDS_PUBLIC_KEY_FILE_NAME, HddsConfigKeys.HDDS_PUBLIC_KEY_FILE_NAME_DEFAULT);
        this.maxCertDuration = Duration.parse(this.configuration.get(HddsConfigKeys.HDDS_X509_MAX_DURATION, HddsConfigKeys.HDDS_X509_MAX_DURATION_DEFAULT));
        this.x509SignatureAlgo = this.configuration.get(HddsConfigKeys.HDDS_X509_SIGNATURE_ALGO, HddsConfigKeys.HDDS_X509_SIGNATURE_ALGO_DEFAULT);
        this.certificateDir = this.configuration.get(HddsConfigKeys.HDDS_X509_DIR_NAME, HddsConfigKeys.HDDS_X509_DIR_NAME_DEFAULT);
        this.certificateFileName = this.configuration.get(HddsConfigKeys.HDDS_X509_FILE_NAME, "certificate.crt");
        this.blockTokenEnabled = this.configuration.getBoolean(HddsConfigKeys.HDDS_BLOCK_TOKEN_ENABLED, false);
        this.containerTokenEnabled = this.configuration.getBoolean(HddsConfigKeys.HDDS_CONTAINER_TOKEN_ENABLED, false);
        this.grpcTlsEnabled = this.configuration.getBoolean(HddsConfigKeys.HDDS_GRPC_TLS_ENABLED, false);
        if (this.grpcTlsEnabled) {
            this.grpcTlsUseTestCert = this.configuration.getBoolean(HddsConfigKeys.HDDS_GRPC_TLS_TEST_CERT, false);
        }
        this.isSecurityEnabled = this.configuration.getBoolean(OzoneConfigKeys.OZONE_SECURITY_ENABLED_KEY, false);
        this.defaultCertDuration = Duration.parse(this.configuration.get(HddsConfigKeys.HDDS_X509_DEFAULT_DURATION, HddsConfigKeys.HDDS_X509_DEFAULT_DURATION_DEFAULT));
        this.renewalGracePeriod = Duration.parse(this.configuration.get(HddsConfigKeys.HDDS_X509_RENEW_GRACE_DURATION, HddsConfigKeys.HDDS_X509_RENEW_GRACE_DURATION_DEFAULT));
        if (this.maxCertDuration.compareTo(this.defaultCertDuration) < 0) {
            LOG.error("Certificate duration {} should not be greater than Maximum Certificate duration {}", this.maxCertDuration, this.defaultCertDuration);
            throw new IllegalArgumentException("Certificate duration should not be greater than maximum Certificate duration");
        }
        this.crlName = this.configuration.get(HddsConfigKeys.HDDS_X509_CRL_NAME, HddsConfigKeys.HDDS_X509_CRL_NAME_DEFAULT);
        if (provider == null) {
            synchronized (SecurityConfig.class) {
                provider = Security.getProvider(this.providerString);
                if (provider == null) {
                    provider = initSecurityProvider(this.providerString);
                }
            }
        }
    }

    public String getCrlName() {
        return this.crlName;
    }

    public boolean isSecurityEnabled() {
        return this.isSecurityEnabled;
    }

    public Duration getDefaultCertDuration() {
        return this.defaultCertDuration;
    }

    public Duration getRenewalGracePeriod() {
        return this.renewalGracePeriod;
    }

    public String getCertificateFileName() {
        return this.certificateFileName;
    }

    public String getPublicKeyFileName() {
        return this.publicKeyFileName;
    }

    public String getPrivateKeyFileName() {
        return this.privateKeyFileName;
    }

    public Path getKeyLocation(String str) {
        Preconditions.checkNotNull(this.metadatDir, "Metadata directory can't be null. Please check configs.");
        return Paths.get(this.metadatDir, str, this.keyDir);
    }

    public Path getCertificateLocation(String str) {
        Preconditions.checkNotNull(this.metadatDir, "Metadata directory can't be null. Please check configs.");
        return Paths.get(this.metadatDir, str, this.certificateDir);
    }

    public int getSize() {
        return this.size;
    }

    public String getProvider() {
        return this.providerString;
    }

    public String getKeyAlgo() {
        return this.keyAlgo;
    }

    public String getSignatureAlgo() {
        return this.x509SignatureAlgo;
    }

    public ConfigurationSource getConfiguration() {
        return this.configuration;
    }

    public Duration getMaxCertificateDuration() {
        return this.maxCertDuration;
    }

    public boolean isBlockTokenEnabled() {
        return this.blockTokenEnabled;
    }

    public boolean isContainerTokenEnabled() {
        return this.containerTokenEnabled;
    }

    public boolean isGrpcTlsEnabled() {
        return this.grpcTlsEnabled;
    }

    public SslProvider getGrpcSslProvider() {
        return SslProvider.valueOf(this.configuration.get(HddsConfigKeys.HDDS_GRPC_TLS_PROVIDER, HddsConfigKeys.HDDS_GRPC_TLS_PROVIDER_DEFAULT));
    }

    public boolean useTestCert() {
        return this.grpcTlsUseTestCert;
    }

    private Provider initSecurityProvider(String str) {
        boolean z = -1;
        switch (str.hashCode()) {
            case 2113:
                if (str.equals("BC")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                Security.addProvider(new BouncyCastleProvider());
                return Security.getProvider(str);
            default:
                LOG.error("Security Provider:{} is unknown", provider);
                throw new SecurityException("Unknown security provider:" + provider);
        }
    }

    public long getS3AuthInfoMaxDate() {
        return getConfiguration().getTimeDuration(OzoneConfigKeys.OZONE_S3_AUTHINFO_MAX_LIFETIME_KEY, OzoneConfigKeys.OZONE_S3_AUTHINFO_MAX_LIFETIME_KEY_DEFAULT, TimeUnit.MICROSECONDS);
    }
}
