package org.opendaylight.netconf.keystore.legacy.impl;

import com.google.common.util.concurrent.ListenableFuture;
import com.google.common.util.concurrent.MoreExecutors;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import org.opendaylight.aaa.encrypt.AAAEncryptionService;
import org.opendaylight.mdsal.binding.api.DataBroker;
import org.opendaylight.mdsal.binding.api.WriteTransaction;
import org.opendaylight.mdsal.common.api.LogicalDatastoreType;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev240708.AddPrivateKey;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev240708.AddPrivateKeyInput;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev240708.AddPrivateKeyOutput;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev240708.AddPrivateKeyOutputBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev240708.Keystore;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev240708._private.keys.PrivateKeyBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev240708.rpc._private.keys.PrivateKey;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev240708.rpc._private.keys.PrivateKeyKey;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
import org.opendaylight.yangtools.yang.common.RpcResult;
import org.opendaylight.yangtools.yang.common.RpcResultBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/opendaylight/netconf/keystore/legacy/impl/DefaultAddPrivateKey.class */
final class DefaultAddPrivateKey extends AbstractEncryptingRpc implements AddPrivateKey {
    private static final Logger LOG = LoggerFactory.getLogger(DefaultAddPrivateKey.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    public DefaultAddPrivateKey(DataBroker dataBroker, AAAEncryptionService aAAEncryptionService) {
        super(dataBroker, aAAEncryptionService);
    }

    @Override // org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev240708.AddPrivateKey
    public ListenableFuture<RpcResult<AddPrivateKeyOutput>> invoke(AddPrivateKeyInput addPrivateKeyInput) {
        List<byte[]> of;
        Map<PrivateKeyKey, PrivateKey> privateKey = addPrivateKeyInput.getPrivateKey();
        if (privateKey == null || privateKey.isEmpty()) {
            return RpcResultBuilder.success(new AddPrivateKeyOutputBuilder().build()).buildFuture();
        }
        LOG.debug("Adding private keys: {}", privateKey);
        ArrayList arrayList = new ArrayList(privateKey.size());
        for (PrivateKey privateKey2 : privateKey.values()) {
            try {
                java.security.PrivateKey privateKey3 = new SecurityHelper().decodePrivateKey(privateKey2.getData(), null).getPrivate();
                try {
                    byte[] encryptEncoded = encryptEncoded(privateKey3.getEncoded());
                    List<String> certificateChain = privateKey2.getCertificateChain();
                    if (certificateChain != null) {
                        of = new ArrayList(certificateChain.size());
                        for (String str : certificateChain) {
                            try {
                                X509Certificate decodeCertificate = SecurityHelper.decodeCertificate(str);
                                try {
                                    try {
                                        of.add(encryptEncoded(decodeCertificate.getEncoded()));
                                    } catch (GeneralSecurityException e) {
                                        return returnFailed("Cannot encrypt certificate " + String.valueOf(decodeCertificate), e);
                                    }
                                } catch (CertificateEncodingException e2) {
                                    return returnFailed("Cannot re-encode certificate " + String.valueOf(decodeCertificate), e2);
                                }
                            } catch (IOException | GeneralSecurityException e3) {
                                return returnFailed("Cannot decode certificate " + str, e3);
                            }
                        }
                    } else {
                        of = List.of();
                    }
                    arrayList.add(new PrivateKeyBuilder().setName(privateKey2.getName()).setData(encryptEncoded).setAlgorithm(privateKey3.getAlgorithm()).setCertificateChain(of).build());
                } catch (GeneralSecurityException e4) {
                    LOG.debug("Cannot encrypt private key {}", privateKey2, e4);
                    return returnFailed("Failed to encrypt private key " + privateKey2.getName(), e4);
                }
            } catch (IOException e5) {
                LOG.debug("Cannot decode private key {}", privateKey2, e5);
                return returnFailed("Failed to decode private key " + privateKey2.getName(), e5);
            }
        }
        WriteTransaction newTransaction = newTransaction();
        arrayList.forEach(privateKey4 -> {
            newTransaction.put(LogicalDatastoreType.CONFIGURATION, InstanceIdentifier.create(Keystore.class).child(org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev240708._private.keys.PrivateKey.class, privateKey4.m34key()), privateKey4);
        });
        return newTransaction.commit().transform(commitInfo -> {
            LOG.debug("Added private keys: {}", privateKey.keySet());
            return RpcResultBuilder.success(new AddPrivateKeyOutputBuilder().build()).build();
        }, MoreExecutors.directExecutor());
    }
}
