package org.opendaylight.netconf.callhome.mount.tls;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.Base64;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.stream.Collectors;
import org.opendaylight.mdsal.binding.api.ClusteredDataTreeChangeListener;
import org.opendaylight.mdsal.binding.api.DataBroker;
import org.opendaylight.mdsal.binding.api.DataObjectModification;
import org.opendaylight.mdsal.binding.api.DataTreeIdentifier;
import org.opendaylight.mdsal.binding.api.DataTreeModification;
import org.opendaylight.mdsal.common.api.LogicalDatastoreType;
import org.opendaylight.netconf.callhome.protocol.tls.TlsAllowedDevicesMonitor;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.Keystore;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.trusted.certificates.TrustedCertificate;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.netconf.callhome.server.rev201015.NetconfCallhomeServer;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.netconf.callhome.server.rev201015.netconf.callhome.server.AllowedDevices;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.netconf.callhome.server.rev201015.netconf.callhome.server.allowed.devices.Device;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.netconf.callhome.server.rev201015.netconf.callhome.server.allowed.devices.device.transport.Tls;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.netconf.callhome.server.rev201015.netconf.callhome.server.allowed.devices.device.transport.tls.TlsClientParams;
import org.opendaylight.yangtools.concepts.ListenerRegistration;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/opendaylight/netconf/callhome/mount/tls/TlsAllowedDevicesMonitorImpl.class */
public class TlsAllowedDevicesMonitorImpl implements TlsAllowedDevicesMonitor, AutoCloseable {
    private static final Logger LOG = LoggerFactory.getLogger(TlsAllowedDevicesMonitorImpl.class);
    private static final InstanceIdentifier<Device> ALLOWED_DEVICES_PATH = InstanceIdentifier.create(NetconfCallhomeServer.class).child(AllowedDevices.class).child(Device.class);
    private static final DataTreeIdentifier<Device> ALLOWED_DEVICES = DataTreeIdentifier.create(LogicalDatastoreType.CONFIGURATION, ALLOWED_DEVICES_PATH);
    private static final InstanceIdentifier<Keystore> KEYSTORE_PATH = InstanceIdentifier.create(Keystore.class);
    private static final DataTreeIdentifier<Keystore> KEYSTORE = DataTreeIdentifier.create(LogicalDatastoreType.CONFIGURATION, KEYSTORE_PATH);
    private static final ConcurrentMap<String, String> DEVICE_TO_PRIVATE_KEY = new ConcurrentHashMap();
    private static final ConcurrentMap<String, String> DEVICE_TO_CERTIFICATE = new ConcurrentHashMap();
    private static final ConcurrentMap<String, PublicKey> CERTIFICATE_TO_PUBLIC_KEY = new ConcurrentHashMap();
    private final ListenerRegistration<AllowedDevicesMonitor> allowedDevicesReg;
    private final ListenerRegistration<CertificatesMonitor> certificatesReg;

    /* renamed from: org.opendaylight.netconf.callhome.mount.tls.TlsAllowedDevicesMonitorImpl$1, reason: invalid class name */
    /* loaded from: input_file:org/opendaylight/netconf/callhome/mount/tls/TlsAllowedDevicesMonitorImpl$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$opendaylight$mdsal$binding$api$DataObjectModification$ModificationType = new int[DataObjectModification.ModificationType.values().length];

        static {
            try {
                $SwitchMap$org$opendaylight$mdsal$binding$api$DataObjectModification$ModificationType[DataObjectModification.ModificationType.DELETE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$opendaylight$mdsal$binding$api$DataObjectModification$ModificationType[DataObjectModification.ModificationType.SUBTREE_MODIFIED.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$opendaylight$mdsal$binding$api$DataObjectModification$ModificationType[DataObjectModification.ModificationType.WRITE.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    /* loaded from: input_file:org/opendaylight/netconf/callhome/mount/tls/TlsAllowedDevicesMonitorImpl$AllowedDevicesMonitor.class */
    private static class AllowedDevicesMonitor implements ClusteredDataTreeChangeListener<Device> {
        private AllowedDevicesMonitor() {
        }

        public final void onDataTreeChanged(Collection<DataTreeModification<Device>> collection) {
            Iterator<DataTreeModification<Device>> it = collection.iterator();
            while (it.hasNext()) {
                DataObjectModification rootNode = it.next().getRootNode();
                switch (AnonymousClass1.$SwitchMap$org$opendaylight$mdsal$binding$api$DataObjectModification$ModificationType[rootNode.getModificationType().ordinal()]) {
                    case 1:
                        deleteDevice((Device) rootNode.getDataBefore());
                        break;
                    case 2:
                    case 3:
                        deleteDevice((Device) rootNode.getDataBefore());
                        writeDevice((Device) rootNode.getDataAfter());
                        break;
                }
            }
        }

        private void deleteDevice(Device device) {
            if (device == null || !(device.getTransport() instanceof Tls)) {
                return;
            }
            TlsAllowedDevicesMonitorImpl.LOG.debug("Removing device {}", device.getUniqueId());
            TlsAllowedDevicesMonitorImpl.DEVICE_TO_PRIVATE_KEY.remove(device.getUniqueId());
            TlsAllowedDevicesMonitorImpl.DEVICE_TO_CERTIFICATE.remove(device.getUniqueId());
        }

        private void writeDevice(Device device) {
            if (device == null || !(device.getTransport() instanceof Tls)) {
                return;
            }
            TlsAllowedDevicesMonitorImpl.LOG.debug("Adding device {}", device.getUniqueId());
            TlsClientParams tlsClientParams = device.getTransport().getTlsClientParams();
            TlsAllowedDevicesMonitorImpl.DEVICE_TO_PRIVATE_KEY.putIfAbsent(device.getUniqueId(), tlsClientParams.getKeyId());
            TlsAllowedDevicesMonitorImpl.DEVICE_TO_CERTIFICATE.putIfAbsent(device.getUniqueId(), tlsClientParams.getCertificateId());
        }
    }

    /* loaded from: input_file:org/opendaylight/netconf/callhome/mount/tls/TlsAllowedDevicesMonitorImpl$CertificatesMonitor.class */
    private static class CertificatesMonitor implements ClusteredDataTreeChangeListener<Keystore> {
        private CertificatesMonitor() {
        }

        public void onDataTreeChanged(Collection<DataTreeModification<Keystore>> collection) {
            collection.stream().map((v0) -> {
                return v0.getRootNode();
            }).flatMap(dataObjectModification -> {
                return dataObjectModification.getModifiedChildren().stream();
            }).filter(dataObjectModification2 -> {
                return dataObjectModification2.getDataType().equals(TrustedCertificate.class);
            }).map(dataObjectModification3 -> {
                return dataObjectModification3;
            }).forEach(this::updateCertificate);
        }

        private void updateCertificate(DataObjectModification<TrustedCertificate> dataObjectModification) {
            switch (AnonymousClass1.$SwitchMap$org$opendaylight$mdsal$binding$api$DataObjectModification$ModificationType[dataObjectModification.getModificationType().ordinal()]) {
                case 1:
                    deleteCertificate((TrustedCertificate) dataObjectModification.getDataBefore());
                    return;
                case 2:
                case 3:
                    deleteCertificate((TrustedCertificate) dataObjectModification.getDataBefore());
                    writeCertificate((TrustedCertificate) dataObjectModification.getDataAfter());
                    return;
                default:
                    return;
            }
        }

        private void deleteCertificate(TrustedCertificate trustedCertificate) {
            if (trustedCertificate != null) {
                TlsAllowedDevicesMonitorImpl.LOG.debug("Removing public key mapping for certificate {}", trustedCertificate.getName());
                TlsAllowedDevicesMonitorImpl.CERTIFICATE_TO_PUBLIC_KEY.remove(trustedCertificate.getName());
            }
        }

        private void writeCertificate(TrustedCertificate trustedCertificate) {
            if (trustedCertificate != null) {
                TlsAllowedDevicesMonitorImpl.LOG.debug("Adding public key mapping for certificate {}", trustedCertificate.getName());
                TlsAllowedDevicesMonitorImpl.CERTIFICATE_TO_PUBLIC_KEY.putIfAbsent(trustedCertificate.getName(), buildPublicKey(trustedCertificate.getCertificate()));
            }
        }

        private PublicKey buildPublicKey(String str) {
            byte[] decode = Base64.getMimeDecoder().decode(str.getBytes(StandardCharsets.US_ASCII));
            try {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(decode);
                try {
                    PublicKey publicKey = certificateFactory.generateCertificate(byteArrayInputStream).getPublicKey();
                    byteArrayInputStream.close();
                    return publicKey;
                } catch (Throwable th) {
                    try {
                        byteArrayInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } catch (IOException | CertificateException e) {
                TlsAllowedDevicesMonitorImpl.LOG.error("Unable to build X.509 certificate from encoded value: {}", e.getLocalizedMessage());
                return null;
            }
        }
    }

    public TlsAllowedDevicesMonitorImpl(DataBroker dataBroker) {
        this.allowedDevicesReg = dataBroker.registerDataTreeChangeListener(ALLOWED_DEVICES, new AllowedDevicesMonitor());
        this.certificatesReg = dataBroker.registerDataTreeChangeListener(KEYSTORE, new CertificatesMonitor());
    }

    public Optional<String> findDeviceIdByPublicKey(PublicKey publicKey) {
        Set set = (Set) CERTIFICATE_TO_PUBLIC_KEY.entrySet().stream().filter(entry -> {
            return publicKey.equals(entry.getValue());
        }).map((v0) -> {
            return v0.getKey();
        }).collect(Collectors.toSet());
        Set set2 = (Set) DEVICE_TO_CERTIFICATE.entrySet().stream().filter(entry2 -> {
            return set.contains(entry2.getValue());
        }).map((v0) -> {
            return v0.getKey();
        }).collect(Collectors.toSet());
        if (set2.size() <= 1) {
            return set2.stream().findFirst();
        }
        LOG.error("Unable to find device by provided certificate. Possible reason: one certificate configured with multiple devices/names or multiple certificates contain same public key");
        return Optional.empty();
    }

    public Set<String> findAllowedKeys() {
        return new HashSet(DEVICE_TO_PRIVATE_KEY.values());
    }

    @Override // java.lang.AutoCloseable
    public void close() {
        this.allowedDevicesReg.close();
        this.certificatesReg.close();
    }
}
