package org.apache.hadoop.hdds.scm.server;

import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.X509Certificate;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
import org.apache.hadoop.hdds.scm.metadata.SCMMetadataStore;
import org.apache.hadoop.hdds.security.exception.SCMSecurityException;
import org.apache.hadoop.hdds.security.x509.certificate.authority.CertificateStore;
import org.apache.hadoop.hdds.utils.db.BatchOperation;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/hadoop/hdds/scm/server/SCMCertStore.class */
public class SCMCertStore implements CertificateStore {
    private static final Logger LOG = LoggerFactory.getLogger(SCMCertStore.class);
    private final SCMMetadataStore scmMetadataStore;
    private final Lock lock = new ReentrantLock();

    public SCMCertStore(SCMMetadataStore sCMMetadataStore) {
        this.scmMetadataStore = sCMMetadataStore;
    }

    public void storeValidCertificate(BigInteger bigInteger, X509Certificate x509Certificate) throws IOException {
        this.lock.lock();
        try {
            if (getCertificateByID(bigInteger, CertificateStore.CertType.VALID_CERTS) != null || getCertificateByID(bigInteger, CertificateStore.CertType.REVOKED_CERTS) != null) {
                throw new SCMSecurityException("Conflicting certificate ID");
            }
            this.scmMetadataStore.getValidCertsTable().put(bigInteger, x509Certificate);
        } finally {
            this.lock.unlock();
        }
    }

    public void revokeCertificate(BigInteger bigInteger) throws IOException {
        this.lock.lock();
        try {
            X509Certificate certificateByID = getCertificateByID(bigInteger, CertificateStore.CertType.VALID_CERTS);
            if (certificateByID == null) {
                LOG.error("trying to revoke a certificate that is not valid. Serial: {}", bigInteger.toString());
                throw new SCMSecurityException("Trying to revoke an invalid certificate.");
            }
            if (getCertificateByID(bigInteger, CertificateStore.CertType.REVOKED_CERTS) != null) {
                LOG.error("Trying to revoke a certificate that is already revoked.");
                throw new SCMSecurityException("Trying to revoke an already revoked certificate.");
            }
            BatchOperation initBatchOperation = this.scmMetadataStore.getStore().initBatchOperation();
            Throwable th = null;
            try {
                try {
                    this.scmMetadataStore.getRevokedCertsTable().putWithBatch(initBatchOperation, bigInteger, certificateByID);
                    this.scmMetadataStore.getValidCertsTable().deleteWithBatch(initBatchOperation, bigInteger);
                    this.scmMetadataStore.getStore().commitBatchOperation(initBatchOperation);
                    if (initBatchOperation != null) {
                        if (0 != 0) {
                            try {
                                initBatchOperation.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            initBatchOperation.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        } finally {
            this.lock.unlock();
        }
    }

    public void removeExpiredCertificate(BigInteger bigInteger) throws IOException {
    }

    public X509Certificate getCertificateByID(BigInteger bigInteger, CertificateStore.CertType certType) throws IOException {
        return certType == CertificateStore.CertType.VALID_CERTS ? (X509Certificate) this.scmMetadataStore.getValidCertsTable().get(bigInteger) : (X509Certificate) this.scmMetadataStore.getRevokedCertsTable().get(bigInteger);
    }
}
