package org.apache.hadoop.ozone.recon.security;

import java.io.IOException;
import java.net.InetAddress;
import java.security.KeyPair;
import java.util.function.Consumer;
import org.apache.hadoop.hdds.protocol.proto.HddsProtos;
import org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos;
import org.apache.hadoop.hdds.protocolPB.SCMSecurityProtocolClientSideTranslatorPB;
import org.apache.hadoop.hdds.security.SecurityConfig;
import org.apache.hadoop.hdds.security.x509.certificate.client.DefaultCertificateClient;
import org.apache.hadoop.hdds.security.x509.certificate.utils.CertificateSignRequest;
import org.apache.hadoop.hdds.security.x509.exception.CertificateException;
import org.apache.hadoop.ozone.recon.scm.ReconStorageConfig;
import org.apache.hadoop.security.UserGroupInformation;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/ozone/recon/security/ReconCertificateClient.class */
public class ReconCertificateClient extends DefaultCertificateClient {
    private static final Logger LOG = LoggerFactory.getLogger(ReconCertificateClient.class);
    public static final String COMPONENT_NAME = "recon";
    private final String clusterID;
    private final String reconID;

    public ReconCertificateClient(SecurityConfig securityConfig, SCMSecurityProtocolClientSideTranslatorPB sCMSecurityProtocolClientSideTranslatorPB, ReconStorageConfig reconStorageConfig, Consumer<String> consumer, Runnable runnable) {
        super(securityConfig, sCMSecurityProtocolClientSideTranslatorPB, LOG, reconStorageConfig.getReconCertSerialId(), "recon", "", consumer, runnable);
        this.clusterID = reconStorageConfig.getClusterID();
        this.reconID = reconStorageConfig.getReconId();
    }

    public CertificateSignRequest.Builder getCSRBuilder() throws CertificateException {
        LOG.info("Creating CSR for Recon.");
        try {
            CertificateSignRequest.Builder cSRBuilder = super.getCSRBuilder();
            cSRBuilder.setCA(false).setKey(new KeyPair(getPublicKey(), getPrivateKey())).setConfiguration(getSecurityConfig()).setSubject(UserGroupInformation.getCurrentUser().getShortUserName() + "@" + InetAddress.getLocalHost().getCanonicalHostName());
            return cSRBuilder;
        } catch (Exception e) {
            LOG.error("Failed to get hostname or current user", e);
            throw new CertificateException("Failed to get hostname or current user", e, CertificateException.ErrorCode.CSR_ERROR);
        }
    }

    protected SCMSecurityProtocolProtos.SCMGetCertResponseProto getCertificateSignResponse(PKCS10CertificationRequest pKCS10CertificationRequest) throws IOException {
        return getScmSecureClient().getCertificateChain(HddsProtos.NodeDetailsProto.newBuilder().setHostName(InetAddress.getLocalHost().getHostName()).setClusterId(this.clusterID).setUuid(this.reconID).setNodeType(HddsProtos.NodeType.RECON).build(), CertificateSignRequest.getEncodedString(pKCS10CertificationRequest));
    }

    public Logger getLogger() {
        return LOG;
    }
}
