package org.apache.hadoop.ozone.security;

import java.io.IOException;
import java.security.KeyPair;
import java.util.function.Consumer;
import org.apache.commons.lang3.StringUtils;
import org.apache.hadoop.hdds.HddsUtils;
import org.apache.hadoop.hdds.protocol.proto.HddsProtos;
import org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos;
import org.apache.hadoop.hdds.protocolPB.SCMSecurityProtocolClientSideTranslatorPB;
import org.apache.hadoop.hdds.security.SecurityConfig;
import org.apache.hadoop.hdds.security.x509.certificate.client.DefaultCertificateClient;
import org.apache.hadoop.hdds.security.x509.certificate.utils.CertificateSignRequest;
import org.apache.hadoop.hdds.security.x509.exception.CertificateException;
import org.apache.hadoop.ozone.om.OMStorage;
import org.apache.hadoop.security.UserGroupInformation;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/ozone/security/OMCertificateClient.class */
public class OMCertificateClient extends DefaultCertificateClient {
    public static final Logger LOG = LoggerFactory.getLogger(OMCertificateClient.class);
    public static final String COMPONENT_NAME = "om";
    private String serviceId;
    private String scmID;
    private final String clusterID;
    private final HddsProtos.OzoneManagerDetailsProto omInfo;

    public OMCertificateClient(SecurityConfig securityConfig, SCMSecurityProtocolClientSideTranslatorPB sCMSecurityProtocolClientSideTranslatorPB, OMStorage oMStorage, HddsProtos.OzoneManagerDetailsProto ozoneManagerDetailsProto, String str, String str2, Consumer<String> consumer, Runnable runnable) {
        super(securityConfig, sCMSecurityProtocolClientSideTranslatorPB, LOG, oMStorage.getOmCertSerialId(), COMPONENT_NAME, HddsUtils.threadNamePrefix(oMStorage.getOmNodeId()), consumer, runnable);
        this.serviceId = str;
        this.scmID = str2;
        this.clusterID = oMStorage.getClusterID();
        this.omInfo = ozoneManagerDetailsProto;
    }

    public CertificateSignRequest.Builder getCSRBuilder() throws CertificateException {
        String str;
        CertificateSignRequest.Builder cSRBuilder = super.getCSRBuilder();
        String hostName = this.omInfo.getHostName();
        if (cSRBuilder.hasDnsName()) {
            try {
                str = String.valueOf(UserGroupInformation.getCurrentUser().getShortUserName()) + "@" + hostName;
            } catch (IOException e) {
                throw new CertificateException("Failed to getCurrentUser", e);
            }
        } else {
            str = hostName;
        }
        cSRBuilder.setCA(false).setKey(new KeyPair(getPublicKey(), getPrivateKey())).setConfiguration(getSecurityConfig()).setScmID(this.scmID).setClusterID(this.clusterID).setSubject(str);
        if (!StringUtils.isEmpty(this.serviceId)) {
            cSRBuilder.addServiceName(this.serviceId);
        }
        LOG.info("Creating csr for OM->dns:{},ip:{},scmId:{},clusterId:{},subject:{}", new Object[]{hostName, this.omInfo.getIpAddress(), this.scmID, this.clusterID, str});
        return cSRBuilder;
    }

    protected SCMSecurityProtocolProtos.SCMGetCertResponseProto getCertificateSignResponse(PKCS10CertificationRequest pKCS10CertificationRequest) throws IOException {
        return getScmSecureClient().getOMCertChain(this.omInfo, CertificateSignRequest.getEncodedString(pKCS10CertificationRequest));
    }

    public Logger getLogger() {
        return LOG;
    }
}
