package org.apache.hadoop.ozone;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import com.sun.jmx.mbeanserver.Introspector;
import java.io.File;
import java.io.IOException;
import java.net.InetAddress;
import java.security.KeyPair;
import java.security.cert.CertificateException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.management.ObjectName;
import org.apache.hadoop.conf.Configurable;
import org.apache.hadoop.hdds.HddsUtils;
import org.apache.hadoop.hdds.StringUtils;
import org.apache.hadoop.hdds.cli.GenericCli;
import org.apache.hadoop.hdds.cli.HddsVersionProvider;
import org.apache.hadoop.hdds.conf.ConfigurationSource;
import org.apache.hadoop.hdds.conf.OzoneConfiguration;
import org.apache.hadoop.hdds.protocol.DatanodeDetails;
import org.apache.hadoop.hdds.protocol.proto.SCMSecurityProtocolProtos;
import org.apache.hadoop.hdds.security.x509.SecurityConfig;
import org.apache.hadoop.hdds.security.x509.certificate.client.CertificateClient;
import org.apache.hadoop.hdds.security.x509.certificate.client.DNCertificateClient;
import org.apache.hadoop.hdds.security.x509.certificate.utils.CertificateCodec;
import org.apache.hadoop.hdds.security.x509.certificates.utils.CertificateSignRequest;
import org.apache.hadoop.hdds.server.http.RatisDropwizardExports;
import org.apache.hadoop.hdds.tracing.TracingUtil;
import org.apache.hadoop.hdds.utils.HddsServerUtil;
import org.apache.hadoop.hdds.utils.HddsVersionInfo;
import org.apache.hadoop.metrics2.util.MBeans;
import org.apache.hadoop.ozone.container.common.helpers.ContainerUtils;
import org.apache.hadoop.ozone.container.common.statemachine.DatanodeStateMachine;
import org.apache.hadoop.ozone.container.common.utils.HddsVolumeUtil;
import org.apache.hadoop.ozone.container.common.volume.HddsVolume;
import org.apache.hadoop.ozone.container.common.volume.MutableVolumeSet;
import org.apache.hadoop.security.SecurityUtil;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.authentication.client.AuthenticationException;
import org.apache.hadoop.util.ExitUtil;
import org.apache.hadoop.util.ServicePlugin;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import picocli.CommandLine;

@CommandLine.Command(name = "ozone datanode", hidden = true, description = {"Start the datanode for ozone"}, versionProvider = HddsVersionProvider.class, mixinStandardHelpOptions = true)
/* loaded from: input_file:org/apache/hadoop/ozone/HddsDatanodeService.class */
public class HddsDatanodeService extends GenericCli implements ServicePlugin {
    private static final Logger LOG = LoggerFactory.getLogger(HddsDatanodeService.class);
    private OzoneConfiguration conf;
    private DatanodeDetails datanodeDetails;
    private DatanodeStateMachine datanodeStateMachine;
    private List<ServicePlugin> plugins;
    private CertificateClient dnCertClient;
    private String component;
    private HddsDatanodeHttpServer httpServer;
    private boolean printBanner;
    private String[] args;
    private volatile AtomicBoolean isStopped = new AtomicBoolean(false);
    private final Map<String, RatisDropwizardExports> ratisMetricsMap = new ConcurrentHashMap();
    private DNMXBeanImpl serviceRuntimeInfo = new DNMXBeanImpl(HddsVersionInfo.HDDS_VERSION_INFO) { // from class: org.apache.hadoop.ozone.HddsDatanodeService.1
    };
    private ObjectName dnInfoBeanName;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.apache.hadoop.ozone.HddsDatanodeService$2, reason: invalid class name */
    /* loaded from: input_file:org/apache/hadoop/ozone/HddsDatanodeService$2.class */
    public static /* synthetic */ class AnonymousClass2 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$hadoop$hdds$security$x509$certificate$client$CertificateClient$InitResponse = new int[CertificateClient.InitResponse.values().length];

        static {
            try {
                $SwitchMap$org$apache$hadoop$hdds$security$x509$certificate$client$CertificateClient$InitResponse[CertificateClient.InitResponse.SUCCESS.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hdds$security$x509$certificate$client$CertificateClient$InitResponse[CertificateClient.InitResponse.GETCERT.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hdds$security$x509$certificate$client$CertificateClient$InitResponse[CertificateClient.InitResponse.FAILURE.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$apache$hadoop$hdds$security$x509$certificate$client$CertificateClient$InitResponse[CertificateClient.InitResponse.RECOVER.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
        }
    }

    public HddsDatanodeService() {
    }

    public HddsDatanodeService(boolean z, String[] strArr) {
        this.printBanner = z;
        this.args = strArr != null ? (String[]) Arrays.copyOf(strArr, strArr.length) : null;
    }

    @VisibleForTesting
    public static HddsDatanodeService createHddsDatanodeService(String[] strArr) {
        return createHddsDatanodeService(strArr, false);
    }

    private static HddsDatanodeService createHddsDatanodeService(String[] strArr, boolean z) {
        return new HddsDatanodeService(z, strArr);
    }

    public static void main(String[] strArr) {
        try {
            Introspector.checkCompliance(DNMXBeanImpl.class);
            createHddsDatanodeService(strArr, true).run(strArr);
        } catch (Throwable th) {
            LOG.error("Exception in HddsDatanodeService.", th);
            ExitUtil.terminate(1, th);
        }
    }

    public static Logger getLogger() {
        return LOG;
    }

    /* renamed from: call, reason: merged with bridge method [inline-methods] */
    public Void m3call() throws Exception {
        if (this.printBanner) {
            StringUtils.startupShutdownMessage(HddsVersionInfo.HDDS_VERSION_INFO, HddsDatanodeService.class, this.args, LOG);
        }
        start(createOzoneConfiguration());
        join();
        return null;
    }

    public void setConfiguration(OzoneConfiguration ozoneConfiguration) {
        this.conf = ozoneConfiguration;
    }

    public void start(Object obj) {
        if (obj instanceof Configurable) {
            start(new OzoneConfiguration(((Configurable) obj).getConf()));
        } else {
            start(new OzoneConfiguration());
        }
    }

    public void start(OzoneConfiguration ozoneConfiguration) {
        setConfiguration(ozoneConfiguration);
        start();
    }

    public void start() {
        this.serviceRuntimeInfo.setStartTime();
        RatisDropwizardExports.registerRatisMetricReporters(this.ratisMetricsMap);
        OzoneConfiguration.activate();
        HddsServerUtil.initializeMetrics(this.conf, "HddsDatanode");
        try {
            String hostName = HddsUtils.getHostName(this.conf);
            String hostAddress = InetAddress.getByName(hostName).getHostAddress();
            this.datanodeDetails = initializeDatanodeDetails();
            this.datanodeDetails.setHostName(hostName);
            this.datanodeDetails.setIpAddress(hostAddress);
            TracingUtil.initTracing("HddsDatanodeService." + this.datanodeDetails.getUuidString().substring(0, 8), this.conf);
            LOG.info("HddsDatanodeService host:{} ip:{}", hostName, hostAddress);
            if (OzoneSecurityUtil.isSecurityEnabled(this.conf)) {
                this.component = "dn-" + this.datanodeDetails.getUuidString();
                this.dnCertClient = new DNCertificateClient(new SecurityConfig(this.conf), this.datanodeDetails.getCertSerialId());
                if (!SecurityUtil.getAuthenticationMethod(this.conf).equals(UserGroupInformation.AuthenticationMethod.KERBEROS)) {
                    throw new AuthenticationException(SecurityUtil.getAuthenticationMethod(this.conf) + " authentication method not supported. Datanode user login failed.");
                }
                LOG.info("Ozone security is enabled. Attempting login for Hdds Datanode user. Principal: {},keytab: {}", this.conf.get("dfs.datanode.kerberos.principal"), this.conf.get("dfs.datanode.keytab.file"));
                UserGroupInformation.setConfiguration(this.conf);
                SecurityUtil.login(this.conf, "dfs.datanode.keytab.file", "dfs.datanode.kerberos.principal", hostName);
                LOG.info("Hdds Datanode login successful.");
            }
            if (OzoneSecurityUtil.isSecurityEnabled(this.conf)) {
                initializeCertificateClient(this.conf);
            }
            this.datanodeStateMachine = new DatanodeStateMachine(this.datanodeDetails, this.conf, this.dnCertClient, this::terminateDatanode);
            try {
                this.httpServer = new HddsDatanodeHttpServer(this.conf);
                this.httpServer.start();
            } catch (Exception e) {
                LOG.error("HttpServer failed to start.", e);
            }
            startPlugins();
            this.datanodeStateMachine.startDaemon();
            if ("follower".equalsIgnoreCase(System.getenv("OZONE_DATANODE_STANDALONE_TEST"))) {
                startRatisForTest();
            }
            registerMXBean();
        } catch (AuthenticationException e2) {
            throw new RuntimeException("Fail to authentication when starting HDDS datanode plugin", e2);
        } catch (IOException e3) {
            throw new RuntimeException("Can't start the HDDS datanode plugin", e3);
        }
    }

    private void startRatisForTest() throws IOException {
        this.datanodeStateMachine.getContainer().start("scm-01");
        MutableVolumeSet volumeSet = getDatanodeStateMachine().getContainer().getVolumeSet();
        Iterator<Map.Entry<String, HddsVolume>> it = volumeSet.getVolumeMap().entrySet().iterator();
        while (it.hasNext()) {
            HddsVolume value = it.next().getValue();
            if (!HddsVolumeUtil.checkVolume(value, "scm-01", "clusterId", LOG)) {
                volumeSet.failVolume(value.getHddsRootDir().getPath());
            }
        }
    }

    @VisibleForTesting
    public void initializeCertificateClient(OzoneConfiguration ozoneConfiguration) throws IOException {
        LOG.info("Initializing secure Datanode.");
        CertificateClient.InitResponse init = this.dnCertClient.init();
        LOG.info("Init response: {}", init);
        switch (AnonymousClass2.$SwitchMap$org$apache$hadoop$hdds$security$x509$certificate$client$CertificateClient$InitResponse[init.ordinal()]) {
            case 1:
                LOG.info("Initialization successful, case:{}.", init);
                return;
            case 2:
                getSCMSignedCert(ozoneConfiguration);
                LOG.info("Successfully stored SCM signed certificate, case:{}.", init);
                return;
            case 3:
                LOG.error("DN security initialization failed, case:{}.", init);
                throw new RuntimeException("DN security initialization failed.");
            case 4:
                LOG.error("DN security initialization failed, case:{}. OM certificate is missing.", init);
                throw new RuntimeException("DN security initialization failed.");
            default:
                LOG.error("DN security initialization failed. Init response: {}", init);
                throw new RuntimeException("DN security initialization failed.");
        }
    }

    private void getSCMSignedCert(OzoneConfiguration ozoneConfiguration) {
        try {
            SCMSecurityProtocolProtos.SCMGetCertResponseProto dataNodeCertificateChain = HddsServerUtil.getScmSecurityClient(ozoneConfiguration).getDataNodeCertificateChain(this.datanodeDetails.getProtoBufMessage(), CertificateSignRequest.getEncodedString(getCSR(ozoneConfiguration)));
            if (!dataNodeCertificateChain.hasX509CACertificate()) {
                throw new RuntimeException("Unable to retrieve datanode certificate chain");
            }
            String x509Certificate = dataNodeCertificateChain.getX509Certificate();
            this.dnCertClient.storeCertificate(x509Certificate, true);
            this.dnCertClient.storeCertificate(dataNodeCertificateChain.getX509CACertificate(), true, true);
            String bigInteger = CertificateCodec.getX509Certificate(x509Certificate).getSerialNumber().toString();
            this.datanodeDetails.setCertSerialId(bigInteger);
            persistDatanodeDetails(this.datanodeDetails);
            this.dnCertClient = new DNCertificateClient(new SecurityConfig(ozoneConfiguration), bigInteger);
        } catch (IOException | CertificateException e) {
            LOG.error("Error while storing SCM signed certificate.", e);
            throw new RuntimeException(e);
        }
    }

    private void registerMXBean() {
        HashMap hashMap = new HashMap();
        hashMap.put("component", "ServerRuntime");
        this.dnInfoBeanName = HddsUtils.registerWithJmxProperties("HddsDatanodeService", "HddsDatanodeServiceInfo", hashMap, this.serviceRuntimeInfo);
    }

    private void unregisterMXBean() {
        if (this.dnInfoBeanName != null) {
            MBeans.unregister(this.dnInfoBeanName);
            this.dnInfoBeanName = null;
        }
    }

    @VisibleForTesting
    public PKCS10CertificationRequest getCSR(ConfigurationSource configurationSource) throws IOException {
        CertificateSignRequest.Builder cSRBuilder = this.dnCertClient.getCSRBuilder();
        KeyPair keyPair = new KeyPair(this.dnCertClient.getPublicKey(), this.dnCertClient.getPrivateKey());
        String str = UserGroupInformation.getCurrentUser().getShortUserName() + "@" + InetAddress.getLocalHost().getCanonicalHostName();
        cSRBuilder.setCA(false).setKey(keyPair).setConfiguration(configurationSource).setSubject(str);
        LOG.info("Creating csr for DN-> subject:{}", str);
        return cSRBuilder.build();
    }

    private DatanodeDetails initializeDatanodeDetails() throws IOException {
        String datanodeIdFilePath = HddsServerUtil.getDatanodeIdFilePath(this.conf);
        if (datanodeIdFilePath == null || datanodeIdFilePath.isEmpty()) {
            LOG.error("A valid path is needed for config setting {}", "ozone.scm.datanode.id.dir");
            throw new IllegalArgumentException("ozone.scm.datanode.id.dir must be defined. See https://wiki.apache.org/hadoop/Ozone#Configuration for details on configuring Ozone.");
        }
        Preconditions.checkNotNull(datanodeIdFilePath);
        File file = new File(datanodeIdFilePath);
        return file.exists() ? ContainerUtils.readDatanodeDetailsFrom(file) : DatanodeDetails.newBuilder().setUuid(UUID.randomUUID()).build();
    }

    private void persistDatanodeDetails(DatanodeDetails datanodeDetails) throws IOException {
        String datanodeIdFilePath = HddsServerUtil.getDatanodeIdFilePath(this.conf);
        if (datanodeIdFilePath == null || datanodeIdFilePath.isEmpty()) {
            LOG.error("A valid path is needed for config setting {}", "ozone.scm.datanode.id.dir");
            throw new IllegalArgumentException("ozone.scm.datanode.id.dir must be defined. See https://wiki.apache.org/hadoop/Ozone#Configuration for details on configuring Ozone.");
        }
        Preconditions.checkNotNull(datanodeIdFilePath);
        ContainerUtils.writeDatanodeDetailsTo(datanodeDetails, new File(datanodeIdFilePath));
    }

    private void startPlugins() {
        try {
            this.plugins = this.conf.getInstances("hdds.datanode.plugins", ServicePlugin.class);
            for (ServicePlugin servicePlugin : this.plugins) {
                try {
                    servicePlugin.start(this);
                    LOG.info("Started plug-in {}", servicePlugin);
                } catch (Throwable th) {
                    LOG.warn("ServicePlugin {} could not be started", servicePlugin, th);
                }
            }
        } catch (RuntimeException e) {
            LOG.error("Unable to load HDDS DataNode plugins. Specified list of plugins: {}", this.conf.get("hdds.datanode.plugins"), e);
            throw e;
        }
    }

    public OzoneConfiguration getConf() {
        return this.conf;
    }

    @VisibleForTesting
    public DatanodeDetails getDatanodeDetails() {
        return this.datanodeDetails;
    }

    @VisibleForTesting
    public DatanodeStateMachine getDatanodeStateMachine() {
        return this.datanodeStateMachine;
    }

    public void join() {
        if (this.datanodeStateMachine != null) {
            try {
                this.datanodeStateMachine.join();
            } catch (InterruptedException e) {
                Thread.currentThread().interrupt();
                LOG.info("Interrupted during StorageContainerManager join.");
            }
        }
    }

    public void terminateDatanode() {
        stop();
        ExitUtil.terminate(1);
    }

    public void stop() {
        if (this.isStopped.get()) {
            return;
        }
        this.isStopped.set(true);
        if (this.plugins != null) {
            for (ServicePlugin servicePlugin : this.plugins) {
                try {
                    servicePlugin.stop();
                    LOG.info("Stopped plug-in {}", servicePlugin);
                } catch (Throwable th) {
                    LOG.warn("ServicePlugin {} could not be stopped", servicePlugin, th);
                }
            }
        }
        if (this.datanodeStateMachine != null) {
            this.datanodeStateMachine.stopDaemon();
        }
        if (this.httpServer != null) {
            try {
                this.httpServer.stop();
            } catch (Exception e) {
                LOG.error("Stopping HttpServer is failed.", e);
            }
        }
        unregisterMXBean();
    }

    public void close() {
        if (this.plugins != null) {
            for (ServicePlugin servicePlugin : this.plugins) {
                try {
                    servicePlugin.close();
                } catch (Throwable th) {
                    LOG.warn("ServicePlugin {} could not be closed", servicePlugin, th);
                }
            }
        }
    }

    @VisibleForTesting
    public String getComponent() {
        return this.component;
    }

    public CertificateClient getCertificateClient() {
        return this.dnCertClient;
    }

    @VisibleForTesting
    public void setCertificateClient(CertificateClient certificateClient) {
        this.dnCertClient = certificateClient;
    }
}
