package org.opendaylight.netconf.callhome.mount;

import com.google.common.collect.Iterables;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.util.Collection;
import java.util.Iterator;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import org.opendaylight.mdsal.binding.api.DataBroker;
import org.opendaylight.mdsal.binding.api.DataObjectModification;
import org.opendaylight.mdsal.binding.api.DataTreeChangeListener;
import org.opendaylight.mdsal.binding.api.DataTreeIdentifier;
import org.opendaylight.mdsal.binding.api.DataTreeModification;
import org.opendaylight.mdsal.common.api.LogicalDatastoreType;
import org.opendaylight.netconf.callhome.protocol.AuthorizedKeysDecoder;
import org.opendaylight.netconf.callhome.protocol.CallHomeAuthorization;
import org.opendaylight.netconf.callhome.protocol.CallHomeAuthorizationProvider;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.netconf.callhome.server.rev201015.NetconfCallhomeServer;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.netconf.callhome.server.rev201015.credentials.Credentials;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.netconf.callhome.server.rev201015.netconf.callhome.server.AllowedDevices;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.netconf.callhome.server.rev201015.netconf.callhome.server.Global;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.netconf.callhome.server.rev201015.netconf.callhome.server.allowed.devices.Device;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.netconf.callhome.server.rev201015.netconf.callhome.server.allowed.devices.device.transport.Ssh;
import org.opendaylight.yangtools.concepts.ListenerRegistration;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/opendaylight/netconf/callhome/mount/CallHomeAuthProviderImpl.class */
public class CallHomeAuthProviderImpl implements CallHomeAuthorizationProvider, AutoCloseable {
    private static final Logger LOG = LoggerFactory.getLogger(CallHomeAuthProviderImpl.class);
    private static final InstanceIdentifier<Global> GLOBAL_PATH = InstanceIdentifier.create(NetconfCallhomeServer.class).child(Global.class);
    private static final DataTreeIdentifier<Global> GLOBAL = DataTreeIdentifier.create(LogicalDatastoreType.CONFIGURATION, GLOBAL_PATH);
    private static final InstanceIdentifier<Device> ALLOWED_DEVICES_PATH = InstanceIdentifier.create(NetconfCallhomeServer.class).child(AllowedDevices.class).child(Device.class);
    private static final DataTreeIdentifier<Device> ALLOWED_DEVICES = DataTreeIdentifier.create(LogicalDatastoreType.CONFIGURATION, ALLOWED_DEVICES_PATH);
    private static final DataTreeIdentifier<Device> ALLOWED_OP_DEVICES = DataTreeIdentifier.create(LogicalDatastoreType.OPERATIONAL, ALLOWED_DEVICES_PATH);
    private final GlobalConfig globalConfig = new GlobalConfig();
    private final DeviceConfig deviceConfig = new DeviceConfig();
    private final DeviceOp deviceOp = new DeviceOp();
    private final ListenerRegistration<GlobalConfig> configReg;
    private final ListenerRegistration<DeviceConfig> deviceReg;
    private final ListenerRegistration<DeviceOp> deviceOpReg;
    private final CallhomeStatusReporter statusReporter;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.opendaylight.netconf.callhome.mount.CallHomeAuthProviderImpl$1, reason: invalid class name */
    /* loaded from: input_file:org/opendaylight/netconf/callhome/mount/CallHomeAuthProviderImpl$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$opendaylight$yang$gen$v1$urn$opendaylight$params$xml$ns$yang$netconf$callhome$server$rev201015$netconf$callhome$server$Global$MountPointNamingStrategy;
        static final /* synthetic */ int[] $SwitchMap$org$opendaylight$mdsal$binding$api$DataObjectModification$ModificationType = new int[DataObjectModification.ModificationType.values().length];

        static {
            try {
                $SwitchMap$org$opendaylight$mdsal$binding$api$DataObjectModification$ModificationType[DataObjectModification.ModificationType.DELETE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$opendaylight$mdsal$binding$api$DataObjectModification$ModificationType[DataObjectModification.ModificationType.SUBTREE_MODIFIED.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$opendaylight$mdsal$binding$api$DataObjectModification$ModificationType[DataObjectModification.ModificationType.WRITE.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            $SwitchMap$org$opendaylight$yang$gen$v1$urn$opendaylight$params$xml$ns$yang$netconf$callhome$server$rev201015$netconf$callhome$server$Global$MountPointNamingStrategy = new int[Global.MountPointNamingStrategy.values().length];
            try {
                $SwitchMap$org$opendaylight$yang$gen$v1$urn$opendaylight$params$xml$ns$yang$netconf$callhome$server$rev201015$netconf$callhome$server$Global$MountPointNamingStrategy[Global.MountPointNamingStrategy.IPONLY.ordinal()] = 1;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$opendaylight$yang$gen$v1$urn$opendaylight$params$xml$ns$yang$netconf$callhome$server$rev201015$netconf$callhome$server$Global$MountPointNamingStrategy[Global.MountPointNamingStrategy.IPPORT.ordinal()] = 2;
            } catch (NoSuchFieldError e5) {
            }
        }
    }

    /* loaded from: input_file:org/opendaylight/netconf/callhome/mount/CallHomeAuthProviderImpl$AbstractDeviceListener.class */
    private static abstract class AbstractDeviceListener implements DataTreeChangeListener<Device> {
        private AbstractDeviceListener() {
        }

        public final void onDataTreeChanged(Collection<DataTreeModification<Device>> collection) {
            Iterator<DataTreeModification<Device>> it = collection.iterator();
            while (it.hasNext()) {
                DataObjectModification rootNode = it.next().getRootNode();
                DataObjectModification.ModificationType modificationType = rootNode.getModificationType();
                switch (AnonymousClass1.$SwitchMap$org$opendaylight$mdsal$binding$api$DataObjectModification$ModificationType[modificationType.ordinal()]) {
                    case 1:
                        deleteDevice((Device) rootNode.getDataBefore());
                        break;
                    case 2:
                    case 3:
                        deleteDevice((Device) rootNode.getDataBefore());
                        writeDevice((Device) rootNode.getDataAfter());
                        break;
                    default:
                        throw new IllegalStateException("Unhandled modification type " + modificationType);
                }
            }
        }

        private void deleteDevice(Device device) {
            if (device != null) {
                String hostPublicKey = getHostPublicKey(device);
                if (hostPublicKey == null) {
                    CallHomeAuthProviderImpl.LOG.debug("Ignoring removal of device {}, no host key present", device.getUniqueId());
                } else {
                    CallHomeAuthProviderImpl.LOG.debug("Removing device {}", device.getUniqueId());
                    removeDevice(hostPublicKey, device);
                }
            }
        }

        private void writeDevice(Device device) {
            String hostPublicKey = getHostPublicKey(device);
            if (hostPublicKey == null) {
                CallHomeAuthProviderImpl.LOG.debug("Ignoring addition of device {}, no host key present", device.getUniqueId());
            } else {
                CallHomeAuthProviderImpl.LOG.debug("Adding device {}", device.getUniqueId());
                addDevice(hostPublicKey, device);
            }
        }

        private String getHostPublicKey(Device device) {
            return device.getTransport() instanceof Ssh ? device.getTransport().getSshClientParams().getHostKey() : device.getSshHostKey();
        }

        abstract void addDevice(String str, Device device);

        abstract void removeDevice(String str, Device device);
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/opendaylight/netconf/callhome/mount/CallHomeAuthProviderImpl$DeviceConfig.class */
    public static class DeviceConfig extends AbstractDeviceListener {
        private final ConcurrentMap<PublicKey, Device> byPublicKey = new ConcurrentHashMap();
        private final AuthorizedKeysDecoder keyDecoder = new AuthorizedKeysDecoder();

        private DeviceConfig() {
        }

        Device get(PublicKey publicKey) {
            return this.byPublicKey.get(publicKey);
        }

        @Override // org.opendaylight.netconf.callhome.mount.CallHomeAuthProviderImpl.AbstractDeviceListener
        void addDevice(String str, Device device) {
            PublicKey publicKey = publicKey(str, device);
            if (publicKey != null) {
                this.byPublicKey.put(publicKey, device);
            }
        }

        @Override // org.opendaylight.netconf.callhome.mount.CallHomeAuthProviderImpl.AbstractDeviceListener
        void removeDevice(String str, Device device) {
            PublicKey publicKey = publicKey(str, device);
            if (publicKey != null) {
                this.byPublicKey.remove(publicKey);
            }
        }

        private PublicKey publicKey(String str, Device device) {
            try {
                return this.keyDecoder.decodePublicKey(str);
            } catch (GeneralSecurityException e) {
                CallHomeAuthProviderImpl.LOG.error("Unable to decode SSH key for {}. Ignoring update for this device", device.getUniqueId(), e);
                return null;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/opendaylight/netconf/callhome/mount/CallHomeAuthProviderImpl$DeviceOp.class */
    public static class DeviceOp extends AbstractDeviceListener {
        private final ConcurrentMap<String, Device> byPublicKey = new ConcurrentHashMap();

        private DeviceOp() {
        }

        Device get(PublicKey publicKey) {
            try {
                return this.byPublicKey.get(AuthorizedKeysDecoder.encodePublicKey(publicKey));
            } catch (IOException | IllegalArgumentException e) {
                CallHomeAuthProviderImpl.LOG.error("Unable to encode server key: {}", publicKey, e);
                return null;
            }
        }

        @Override // org.opendaylight.netconf.callhome.mount.CallHomeAuthProviderImpl.AbstractDeviceListener
        void removeDevice(String str, Device device) {
            this.byPublicKey.remove(str);
        }

        @Override // org.opendaylight.netconf.callhome.mount.CallHomeAuthProviderImpl.AbstractDeviceListener
        void addDevice(String str, Device device) {
            this.byPublicKey.put(str, device);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/opendaylight/netconf/callhome/mount/CallHomeAuthProviderImpl$GlobalConfig.class */
    public static class GlobalConfig implements DataTreeChangeListener<Global> {
        private volatile Global current = null;

        private GlobalConfig() {
        }

        public void onDataTreeChanged(Collection<DataTreeModification<Global>> collection) {
            if (collection.isEmpty()) {
                return;
            }
            this.current = ((DataTreeModification) Iterables.getLast(collection)).getRootNode().getDataAfter();
        }

        boolean allowedUnknownKeys() {
            Global global = this.current;
            return global != null && Boolean.TRUE.equals(global.getAcceptAllSshKeys());
        }

        Credentials getCredentials() {
            Global global = this.current;
            if (global != null) {
                return global.getCredentials();
            }
            return null;
        }

        Global.MountPointNamingStrategy getMountPointNamingStrategy() {
            Global global = this.current;
            Global.MountPointNamingStrategy mountPointNamingStrategy = global != null ? global.getMountPointNamingStrategy() : null;
            return mountPointNamingStrategy == null ? Global.MountPointNamingStrategy.IPPORT : mountPointNamingStrategy;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CallHomeAuthProviderImpl(DataBroker dataBroker) {
        this.configReg = dataBroker.registerDataTreeChangeListener(GLOBAL, this.globalConfig);
        this.deviceReg = dataBroker.registerDataTreeChangeListener(ALLOWED_DEVICES, this.deviceConfig);
        this.deviceOpReg = dataBroker.registerDataTreeChangeListener(ALLOWED_OP_DEVICES, this.deviceOp);
        this.statusReporter = new CallhomeStatusReporter(dataBroker);
    }

    public CallHomeAuthorization provideAuth(SocketAddress socketAddress, PublicKey publicKey) {
        String str;
        Credentials credentials;
        Device device = this.deviceConfig.get(publicKey);
        if (device != null) {
            str = device.getUniqueId();
            credentials = device.getTransport() instanceof Ssh ? device.getTransport().getSshClientParams().getCredentials() : device.getCredentials();
        } else {
            String fromRemoteAddress = fromRemoteAddress(socketAddress);
            if (!this.globalConfig.allowedUnknownKeys()) {
                Device device2 = this.deviceOp.get(publicKey);
                if (device2 == null) {
                    this.statusReporter.asUnlistedDevice(fromRemoteAddress, publicKey);
                } else {
                    LOG.info("Repeating rejection of unlisted device with id of {}", device2.getUniqueId());
                }
                return CallHomeAuthorization.rejected();
            }
            str = fromRemoteAddress;
            credentials = null;
            this.statusReporter.asForceListedDevice(fromRemoteAddress, publicKey);
        }
        Credentials credentials2 = credentials != null ? credentials : this.globalConfig.getCredentials();
        if (credentials2 == null) {
            LOG.info("No credentials found for {}, rejecting.", socketAddress);
            return CallHomeAuthorization.rejected();
        }
        CallHomeAuthorization.Builder serverAccepted = CallHomeAuthorization.serverAccepted(str, credentials2.getUsername());
        Iterator it = credentials2.getPasswords().iterator();
        while (it.hasNext()) {
            serverAccepted.addPassword((String) it.next());
        }
        return serverAccepted.build();
    }

    @Override // java.lang.AutoCloseable
    public void close() {
        this.configReg.close();
        this.deviceReg.close();
        this.deviceOpReg.close();
    }

    private String fromRemoteAddress(SocketAddress socketAddress) {
        if (!(socketAddress instanceof InetSocketAddress)) {
            return socketAddress.toString();
        }
        InetSocketAddress inetSocketAddress = (InetSocketAddress) socketAddress;
        String hostAddress = inetSocketAddress.getAddress().getHostAddress();
        Global.MountPointNamingStrategy mountPointNamingStrategy = this.globalConfig.getMountPointNamingStrategy();
        switch (AnonymousClass1.$SwitchMap$org$opendaylight$yang$gen$v1$urn$opendaylight$params$xml$ns$yang$netconf$callhome$server$rev201015$netconf$callhome$server$Global$MountPointNamingStrategy[mountPointNamingStrategy.ordinal()]) {
            case 1:
                return hostAddress;
            case 2:
                return hostAddress + ":" + inetSocketAddress.getPort();
            default:
                throw new IllegalStateException("Unhandled naming strategy " + mountPointNamingStrategy);
        }
    }
}
