package org.opendaylight.netconf.callhome.mount;

import com.google.common.base.Objects;
import com.google.common.net.InetAddresses;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.spec.InvalidKeySpecException;
import java.util.Collection;
import java.util.Iterator;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import javax.annotation.Nonnull;
import org.opendaylight.controller.md.sal.binding.api.DataBroker;
import org.opendaylight.controller.md.sal.binding.api.DataObjectModification;
import org.opendaylight.controller.md.sal.binding.api.DataTreeChangeListener;
import org.opendaylight.controller.md.sal.binding.api.DataTreeIdentifier;
import org.opendaylight.controller.md.sal.binding.api.DataTreeModification;
import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
import org.opendaylight.netconf.callhome.protocol.AuthorizedKeysDecoder;
import org.opendaylight.netconf.callhome.protocol.CallHomeAuthorization;
import org.opendaylight.netconf.callhome.protocol.CallHomeAuthorizationProvider;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.netconf.callhome.server.rev161109.NetconfCallhomeServer;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.netconf.callhome.server.rev161109.credentials.Credentials;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.netconf.callhome.server.rev161109.netconf.callhome.server.AllowedDevices;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.netconf.callhome.server.rev161109.netconf.callhome.server.Global;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.netconf.callhome.server.rev161109.netconf.callhome.server.allowed.devices.Device;
import org.opendaylight.yangtools.concepts.ListenerRegistration;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/opendaylight/netconf/callhome/mount/CallHomeAuthProviderImpl.class */
public class CallHomeAuthProviderImpl implements CallHomeAuthorizationProvider, AutoCloseable {
    private static final Logger LOG = LoggerFactory.getLogger(CallHomeAuthProviderImpl.class);
    private static final InstanceIdentifier<Global> GLOBAL_PATH = InstanceIdentifier.create(NetconfCallhomeServer.class).child(Global.class);
    private static final DataTreeIdentifier<Global> GLOBAL = new DataTreeIdentifier<>(LogicalDatastoreType.CONFIGURATION, GLOBAL_PATH);
    private static final InstanceIdentifier<Device> ALLOWED_DEVICES_PATH = InstanceIdentifier.create(NetconfCallhomeServer.class).child(AllowedDevices.class).child(Device.class);
    private static final DataTreeIdentifier<Device> ALLOWED_DEVICES = new DataTreeIdentifier<>(LogicalDatastoreType.CONFIGURATION, ALLOWED_DEVICES_PATH);
    private static final DataTreeIdentifier<Device> ALLOWED_OP_DEVICES = new DataTreeIdentifier<>(LogicalDatastoreType.OPERATIONAL, ALLOWED_DEVICES_PATH);
    private final GlobalConfig globalConfig = new GlobalConfig();
    private final DeviceConfig deviceConfig = new DeviceConfig();
    private final DeviceOp deviceOp = new DeviceOp();
    private final ListenerRegistration<GlobalConfig> configReg;
    private final ListenerRegistration<DeviceConfig> deviceReg;
    private final ListenerRegistration<DeviceOp> deviceOpReg;
    private final CallhomeStatusReporter statusReporter;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/opendaylight/netconf/callhome/mount/CallHomeAuthProviderImpl$DeviceConfig.class */
    public class DeviceConfig implements DataTreeChangeListener<Device> {
        private final AuthorizedKeysDecoder keyDecoder;
        private ConcurrentMap<PublicKey, Device> byPublicKey;

        private DeviceConfig() {
            this.keyDecoder = new AuthorizedKeysDecoder();
            this.byPublicKey = new ConcurrentHashMap();
        }

        public void onDataTreeChanged(Collection<DataTreeModification<Device>> collection) {
            Iterator<DataTreeModification<Device>> it = collection.iterator();
            while (it.hasNext()) {
                process(it.next().getRootNode());
            }
        }

        private void process(DataObjectModification<Device> dataObjectModification) {
            Device device = (Device) dataObjectModification.getDataBefore();
            Device device2 = (Device) dataObjectModification.getDataAfter();
            if (device == null) {
                putDevice(device2);
            } else {
                if (device2 == null) {
                    removeDevice(device);
                    return;
                }
                if (!Objects.equal(device.getSshHostKey(), device2.getSshHostKey())) {
                    removeDevice(device);
                }
                putDevice(device2);
            }
        }

        private void putDevice(Device device) {
            PublicKey publicKey = publicKey(device);
            if (publicKey == null) {
                return;
            }
            this.byPublicKey.put(publicKey, device);
        }

        private void removeDevice(Device device) {
            PublicKey publicKey = publicKey(device);
            if (publicKey == null) {
                return;
            }
            this.byPublicKey.remove(publicKey);
        }

        private PublicKey publicKey(Device device) {
            try {
                return this.keyDecoder.decodePublicKey(device.getSshHostKey());
            } catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException e) {
                CallHomeAuthProviderImpl.LOG.error("Unable to decode SSH key for {}. Ignoring update for this device", device.getUniqueId(), e);
                return null;
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public Device get(PublicKey publicKey) {
            return this.byPublicKey.get(publicKey);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/opendaylight/netconf/callhome/mount/CallHomeAuthProviderImpl$DeviceOp.class */
    public class DeviceOp implements DataTreeChangeListener<Device> {
        private ConcurrentMap<String, Device> byPublicKey;

        private DeviceOp() {
            this.byPublicKey = new ConcurrentHashMap();
        }

        public void onDataTreeChanged(Collection<DataTreeModification<Device>> collection) {
            Iterator<DataTreeModification<Device>> it = collection.iterator();
            while (it.hasNext()) {
                process(it.next().getRootNode());
            }
        }

        private void process(DataObjectModification<Device> dataObjectModification) {
            Device device = (Device) dataObjectModification.getDataBefore();
            Device device2 = (Device) dataObjectModification.getDataAfter();
            if (device == null) {
                putDevice(device2);
            } else {
                if (device2 == null) {
                    removeDevice(device);
                    return;
                }
                if (!Objects.equal(device.getSshHostKey(), device2.getSshHostKey())) {
                    removeDevice(device);
                }
                putDevice(device2);
            }
        }

        private void putDevice(Device device) {
            this.byPublicKey.put(device.getSshHostKey(), device);
        }

        private void removeDevice(Device device) {
            this.byPublicKey.remove(device.getSshHostKey());
        }

        Device get(PublicKey publicKey) {
            String str = "";
            try {
                str = AuthorizedKeysDecoder.encodePublicKey(publicKey);
                return this.byPublicKey.get(str);
            } catch (IOException | IllegalArgumentException e) {
                CallHomeAuthProviderImpl.LOG.error("Unable to encode server key: {}", str, e);
                return null;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/opendaylight/netconf/callhome/mount/CallHomeAuthProviderImpl$GlobalConfig.class */
    public class GlobalConfig implements DataTreeChangeListener<Global> {
        private volatile Global current;

        private GlobalConfig() {
            this.current = null;
        }

        public void onDataTreeChanged(Collection<DataTreeModification<Global>> collection) {
            Iterator<DataTreeModification<Global>> it = collection.iterator();
            while (it.hasNext()) {
                this.current = it.next().getRootNode().getDataAfter();
            }
        }

        boolean allowedUnknownKeys() {
            if (this.current == null) {
                return false;
            }
            return Boolean.TRUE.equals(this.current.isAcceptAllSshKeys());
        }

        Credentials getCredentials() {
            if (this.current != null) {
                return this.current.getCredentials();
            }
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CallHomeAuthProviderImpl(DataBroker dataBroker) {
        this.configReg = dataBroker.registerDataTreeChangeListener(GLOBAL, this.globalConfig);
        this.deviceReg = dataBroker.registerDataTreeChangeListener(ALLOWED_DEVICES, this.deviceConfig);
        this.deviceOpReg = dataBroker.registerDataTreeChangeListener(ALLOWED_OP_DEVICES, this.deviceOp);
        this.statusReporter = new CallhomeStatusReporter(dataBroker);
    }

    @Nonnull
    public CallHomeAuthorization provideAuth(SocketAddress socketAddress, PublicKey publicKey) {
        String str;
        Credentials credentials;
        Device device = this.deviceConfig.get(publicKey);
        if (device != null) {
            str = device.getUniqueId();
            credentials = device.getCredentials();
        } else {
            String fromRemoteAddress = fromRemoteAddress(socketAddress);
            if (!this.globalConfig.allowedUnknownKeys()) {
                Device device2 = this.deviceOp.get(publicKey);
                if (device2 == null) {
                    this.statusReporter.asUnlistedDevice(fromRemoteAddress, publicKey);
                } else {
                    LOG.info("Repeating rejection of unlisted device with id of {}", device2.getUniqueId());
                }
                return CallHomeAuthorization.rejected();
            }
            str = fromRemoteAddress;
            credentials = null;
            this.statusReporter.asForceListedDevice(fromRemoteAddress, publicKey);
        }
        Credentials credentials2 = credentials != null ? credentials : this.globalConfig.getCredentials();
        if (credentials2 == null) {
            LOG.info("No credentials found for {}, rejecting.", socketAddress);
            return CallHomeAuthorization.rejected();
        }
        CallHomeAuthorization.Builder serverAccepted = CallHomeAuthorization.serverAccepted(str, credentials2.getUsername());
        Iterator it = credentials2.getPasswords().iterator();
        while (it.hasNext()) {
            serverAccepted.addPassword((String) it.next());
        }
        return serverAccepted.build();
    }

    @Override // java.lang.AutoCloseable
    public void close() throws Exception {
        this.configReg.close();
        this.deviceReg.close();
        this.deviceOpReg.close();
    }

    private String fromRemoteAddress(SocketAddress socketAddress) {
        if (!(socketAddress instanceof InetSocketAddress)) {
            return socketAddress.toString();
        }
        InetSocketAddress inetSocketAddress = (InetSocketAddress) socketAddress;
        return InetAddresses.toAddrString(inetSocketAddress.getAddress()) + ":" + inetSocketAddress.getPort();
    }
}
