package org.apache.hadoop.ozone.om;

import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.List;
import java.util.Set;
import java.util.concurrent.CompletableFuture;
import java.util.function.Function;
import java.util.stream.Collectors;
import org.apache.hadoop.hdds.security.SecurityConfig;
import org.apache.hadoop.hdds.security.exception.SCMSecurityException;
import org.apache.hadoop.hdds.security.x509.certificate.client.CertificateClient;
import org.apache.hadoop.hdds.security.x509.certificate.utils.CertificateCodec;
import org.apache.hadoop.ozone.om.helpers.ServiceInfoEx;
import org.apache.hadoop.ozone.om.protocol.OzoneManagerProtocol;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/ozone/om/ServiceInfoProvider.class */
final class ServiceInfoProvider {
    private static final Logger LOG = LoggerFactory.getLogger(ServiceInfoProvider.class);
    private final OzoneManagerProtocol om;
    private final CertificateClient certClient;
    private String caCertPEM;
    private List<String> caCertPEMList;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ServiceInfoProvider(SecurityConfig securityConfig, OzoneManagerProtocol ozoneManagerProtocol, CertificateClient certificateClient) {
        this(securityConfig, ozoneManagerProtocol, certificateClient, false);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ServiceInfoProvider(SecurityConfig securityConfig, OzoneManagerProtocol ozoneManagerProtocol, CertificateClient certificateClient, boolean z) {
        this.om = ozoneManagerProtocol;
        if (!securityConfig.isSecurityEnabled() || z) {
            this.certClient = null;
            this.caCertPEM = null;
            this.caCertPEMList = Collections.emptyList();
        } else {
            this.certClient = certificateClient;
            Set<X509Certificate> cACertificates = getCACertificates();
            this.caCertPEM = toPEMEncodedString(newestOf(cACertificates));
            this.caCertPEMList = toPEMEncodedStrings(cACertificates);
            this.certClient.registerRootCARotationListener(onRootCAChange());
        }
    }

    private Function<List<X509Certificate>, CompletableFuture<Void>> onRootCAChange() {
        return list -> {
            CompletableFuture completableFuture = new CompletableFuture();
            ?? r0 = this;
            try {
            } catch (Exception e) {
                LOG.error("Unable to refresh cached PEM formatted CA certificates.", e);
                completableFuture.completeExceptionally(e);
            }
            synchronized (r0) {
                this.caCertPEM = toPEMEncodedString(newestOf(list));
                this.caCertPEMList = toPEMEncodedStrings(list);
                r0 = r0;
                completableFuture.complete(null);
                return completableFuture;
            }
        };
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0 */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v5 */
    public ServiceInfoEx provide() throws IOException {
        ?? r0 = this;
        synchronized (r0) {
            String str = this.caCertPEM;
            ArrayList arrayList = new ArrayList(this.caCertPEMList);
            r0 = r0;
            return new ServiceInfoEx(this.om.getServiceList(), str, arrayList);
        }
    }

    private Set<X509Certificate> getCACertificates() {
        Set<X509Certificate> allRootCaCerts = this.certClient.getAllRootCaCerts();
        return !allRootCaCerts.isEmpty() ? allRootCaCerts : this.certClient.getAllCaCerts();
    }

    private X509Certificate newestOf(Collection<X509Certificate> collection) {
        return collection.stream().max(Comparator.comparing((v0) -> {
            return v0.getNotAfter();
        })).orElse(null);
    }

    private String toPEMEncodedString(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            return null;
        }
        try {
            return CertificateCodec.getPEMEncodedString(x509Certificate);
        } catch (SCMSecurityException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    private List<String> toPEMEncodedStrings(Collection<X509Certificate> collection) {
        return (List) collection.stream().map(this::toPEMEncodedString).collect(Collectors.toList());
    }
}
