package org.apache.hadoop.ozone.s3;

import java.io.IOException;
import java.security.cert.CertificateException;
import java.util.Collections;
import java.util.List;
import javax.annotation.PreDestroy;
import javax.enterprise.context.ApplicationScoped;
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
import org.apache.hadoop.hdds.security.SecurityConfig;
import org.apache.hadoop.ozone.OmUtils;
import org.apache.hadoop.ozone.OzoneConfigKeys;
import org.apache.hadoop.ozone.OzoneSecurityUtil;
import org.apache.hadoop.ozone.client.OzoneClient;
import org.apache.hadoop.ozone.client.OzoneClientFactory;
import org.apache.hadoop.ozone.om.helpers.ServiceInfoEx;
import org.apache.hadoop.ozone.om.protocolPB.GrpcOmTransport;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ApplicationScoped
/* loaded from: input_file:org/apache/hadoop/ozone/s3/OzoneClientCache.class */
public final class OzoneClientCache {
    private static final Logger LOG = LoggerFactory.getLogger(OzoneClientCache.class);
    private static OzoneClientCache instance;
    private OzoneClient client;
    private SecurityConfig secConfig;

    private OzoneClientCache(OzoneConfiguration ozoneConfiguration) throws IOException {
        ozoneConfiguration.setIfUnset("ozone.client.required.om.version.min", OzoneConfigKeys.OZONE_CLIENT_REQUIRED_OM_VERSION_MIN_DEFAULT);
        String ozoneManagerServiceId = OmUtils.getOzoneManagerServiceId(ozoneConfiguration);
        this.secConfig = new SecurityConfig(ozoneConfiguration);
        this.client = null;
        try {
            if (this.secConfig.isGrpcTlsEnabled() && ozoneConfiguration.get("ozone.om.transport.class", "org.apache.hadoop.ozone.om.protocolPB.Hadoop3OmTransportFactory") != "org.apache.hadoop.ozone.om.protocolPB.Hadoop3OmTransportFactory") {
                setCertificate(ozoneManagerServiceId, ozoneConfiguration);
            }
            if (ozoneManagerServiceId == null) {
                this.client = OzoneClientFactory.getRpcClient(ozoneConfiguration);
            } else {
                this.client = OzoneClientFactory.getRpcClient(ozoneManagerServiceId, ozoneConfiguration);
            }
            ozoneConfiguration.setBoolean("ozone.s3.auth.check", true);
        } catch (IOException e) {
            LOG.warn("cannot create OzoneClient", e);
            throw e;
        }
    }

    public static OzoneClient getOzoneClientInstance(OzoneConfiguration ozoneConfiguration) throws IOException {
        if (instance == null) {
            instance = new OzoneClientCache(ozoneConfiguration);
        }
        return instance.client;
    }

    public static void closeClient() throws IOException {
        if (instance != null) {
            instance.client.close();
            instance = null;
        }
    }

    private void setCertificate(String str, OzoneConfiguration ozoneConfiguration) throws IOException {
        OzoneConfiguration ozoneConfiguration2 = new OzoneConfiguration(ozoneConfiguration);
        if (this.secConfig.isGrpcTlsEnabled()) {
            ozoneConfiguration2.set("ozone.om.transport.class", "org.apache.hadoop.ozone.om.protocolPB.Hadoop3OmTransportFactory");
            OzoneClient rpcClient = str == null ? OzoneClientFactory.getRpcClient(ozoneConfiguration2) : OzoneClientFactory.getRpcClient(str, ozoneConfiguration2);
            try {
                try {
                    try {
                        ServiceInfoEx serviceInfo = rpcClient.getObjectStore().getClientProxy().getOzoneManagerClient().getServiceInfo();
                        if (OzoneSecurityUtil.isSecurityEnabled(ozoneConfiguration)) {
                            String caCertificate = serviceInfo.getCaCertificate();
                            List caCertPemList = serviceInfo.getCaCertPemList();
                            if (caCertPemList == null || caCertPemList.isEmpty()) {
                                if (caCertificate == null) {
                                    LOG.error("S3g received empty caCertPems from serviceInfo");
                                    throw new CertificateException("No caCerts found; caCertPem can not be null when caCertPems is empty or null");
                                }
                                caCertPemList = Collections.singletonList(caCertificate);
                            }
                            GrpcOmTransport.setCaCerts(OzoneSecurityUtil.convertToX509(caCertPemList));
                        }
                    } catch (IOException e) {
                        throw e;
                    }
                } catch (CertificateException e2) {
                    throw new IOException(e2);
                }
            } finally {
                if (rpcClient != null) {
                    rpcClient.close();
                }
            }
        }
    }

    @PreDestroy
    public void destroy() throws IOException {
        closeClient();
    }
}
