package org.opendaylight.netconf.client.mdsal.impl;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Base64;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import javax.annotation.PreDestroy;
import javax.inject.Inject;
import javax.inject.Singleton;
import org.opendaylight.mdsal.binding.api.ClusteredDataTreeChangeListener;
import org.opendaylight.mdsal.binding.api.DataBroker;
import org.opendaylight.mdsal.binding.api.DataObjectModification;
import org.opendaylight.mdsal.binding.api.DataTreeIdentifier;
import org.opendaylight.mdsal.binding.api.DataTreeModification;
import org.opendaylight.mdsal.common.api.LogicalDatastoreType;
import org.opendaylight.netconf.client.SslHandlerFactory;
import org.opendaylight.netconf.client.mdsal.api.SslHandlerFactoryProvider;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.device.rev230430.connection.parameters.protocol.Specification;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.device.rev230430.connection.parameters.protocol.specification.TlsCase;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.Keystore;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017.trusted.certificates.TrustedCertificate;
import org.opendaylight.yangtools.concepts.Registration;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Reference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
@Component(service = {SslHandlerFactoryProvider.class})
/* loaded from: input_file:org/opendaylight/netconf/client/mdsal/impl/DefaultSslHandlerFactoryProvider.class */
public final class DefaultSslHandlerFactoryProvider implements SslHandlerFactoryProvider, ClusteredDataTreeChangeListener<Keystore>, AutoCloseable {
    private static final Logger LOG = LoggerFactory.getLogger(DefaultSslHandlerFactoryProvider.class);
    private static final char[] EMPTY_CHARS = new char[0];
    private final Registration reg;
    private final SslHandlerFactory nospecFactory = new SslHandlerFactoryImpl(this, Set.of());
    private volatile State state = new State(Map.of(), Map.of());

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.opendaylight.netconf.client.mdsal.impl.DefaultSslHandlerFactoryProvider$1, reason: invalid class name */
    /* loaded from: input_file:org/opendaylight/netconf/client/mdsal/impl/DefaultSslHandlerFactoryProvider$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$opendaylight$mdsal$binding$api$DataObjectModification$ModificationType = new int[DataObjectModification.ModificationType.values().length];

        static {
            try {
                $SwitchMap$org$opendaylight$mdsal$binding$api$DataObjectModification$ModificationType[DataObjectModification.ModificationType.SUBTREE_MODIFIED.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$opendaylight$mdsal$binding$api$DataObjectModification$ModificationType[DataObjectModification.ModificationType.WRITE.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$opendaylight$mdsal$binding$api$DataObjectModification$ModificationType[DataObjectModification.ModificationType.DELETE.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/opendaylight/netconf/client/mdsal/impl/DefaultSslHandlerFactoryProvider$SecurityHelper.class */
    public static final class SecurityHelper {
        private CertificateFactory certFactory;
        private KeyFactory dsaFactory;
        private KeyFactory rsaFactory;

        private SecurityHelper() {
        }

        PrivateKey getJavaPrivateKey(String str) throws GeneralSecurityException {
            PKCS8EncodedKeySpec pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(DefaultSslHandlerFactoryProvider.base64Decode(str));
            if (this.rsaFactory == null) {
                this.rsaFactory = KeyFactory.getInstance("RSA");
            }
            try {
                return this.rsaFactory.generatePrivate(pKCS8EncodedKeySpec);
            } catch (InvalidKeySpecException e) {
                if (this.dsaFactory == null) {
                    this.dsaFactory = KeyFactory.getInstance("DSA");
                }
                return this.dsaFactory.generatePrivate(pKCS8EncodedKeySpec);
            }
        }

        private X509Certificate getCertificate(String str) throws GeneralSecurityException {
            if (this.certFactory == null) {
                this.certFactory = CertificateFactory.getInstance("X.509");
            }
            return (X509Certificate) this.certFactory.generateCertificate(new ByteArrayInputStream(DefaultSslHandlerFactoryProvider.base64Decode(str)));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/opendaylight/netconf/client/mdsal/impl/DefaultSslHandlerFactoryProvider$State.class */
    public static final class State extends Record {
        private final Map<String, org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017._private.keys.PrivateKey> privateKeys;
        private final Map<String, TrustedCertificate> trustedCertificates;

        State(Map<String, org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017._private.keys.PrivateKey> map, Map<String, TrustedCertificate> map2) {
            Objects.requireNonNull(map);
            Objects.requireNonNull(map2);
            this.privateKeys = map;
            this.trustedCertificates = map2;
        }

        StateBuilder newBuilder() {
            return new StateBuilder(new HashMap(this.privateKeys), new HashMap(this.trustedCertificates));
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, State.class), State.class, "privateKeys;trustedCertificates", "FIELD:Lorg/opendaylight/netconf/client/mdsal/impl/DefaultSslHandlerFactoryProvider$State;->privateKeys:Ljava/util/Map;", "FIELD:Lorg/opendaylight/netconf/client/mdsal/impl/DefaultSslHandlerFactoryProvider$State;->trustedCertificates:Ljava/util/Map;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, State.class), State.class, "privateKeys;trustedCertificates", "FIELD:Lorg/opendaylight/netconf/client/mdsal/impl/DefaultSslHandlerFactoryProvider$State;->privateKeys:Ljava/util/Map;", "FIELD:Lorg/opendaylight/netconf/client/mdsal/impl/DefaultSslHandlerFactoryProvider$State;->trustedCertificates:Ljava/util/Map;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, State.class, Object.class), State.class, "privateKeys;trustedCertificates", "FIELD:Lorg/opendaylight/netconf/client/mdsal/impl/DefaultSslHandlerFactoryProvider$State;->privateKeys:Ljava/util/Map;", "FIELD:Lorg/opendaylight/netconf/client/mdsal/impl/DefaultSslHandlerFactoryProvider$State;->trustedCertificates:Ljava/util/Map;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public Map<String, org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017._private.keys.PrivateKey> privateKeys() {
            return this.privateKeys;
        }

        public Map<String, TrustedCertificate> trustedCertificates() {
            return this.trustedCertificates;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/opendaylight/netconf/client/mdsal/impl/DefaultSslHandlerFactoryProvider$StateBuilder.class */
    public static final class StateBuilder extends Record {
        private final HashMap<String, org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017._private.keys.PrivateKey> privateKeys;
        private final HashMap<String, TrustedCertificate> trustedCertificates;

        StateBuilder(HashMap<String, org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017._private.keys.PrivateKey> hashMap, HashMap<String, TrustedCertificate> hashMap2) {
            Objects.requireNonNull(hashMap);
            Objects.requireNonNull(hashMap2);
            this.privateKeys = hashMap;
            this.trustedCertificates = hashMap2;
        }

        State build() {
            return new State(Map.copyOf(this.privateKeys), Map.copyOf(this.trustedCertificates));
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, StateBuilder.class), StateBuilder.class, "privateKeys;trustedCertificates", "FIELD:Lorg/opendaylight/netconf/client/mdsal/impl/DefaultSslHandlerFactoryProvider$StateBuilder;->privateKeys:Ljava/util/HashMap;", "FIELD:Lorg/opendaylight/netconf/client/mdsal/impl/DefaultSslHandlerFactoryProvider$StateBuilder;->trustedCertificates:Ljava/util/HashMap;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, StateBuilder.class), StateBuilder.class, "privateKeys;trustedCertificates", "FIELD:Lorg/opendaylight/netconf/client/mdsal/impl/DefaultSslHandlerFactoryProvider$StateBuilder;->privateKeys:Ljava/util/HashMap;", "FIELD:Lorg/opendaylight/netconf/client/mdsal/impl/DefaultSslHandlerFactoryProvider$StateBuilder;->trustedCertificates:Ljava/util/HashMap;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, StateBuilder.class, Object.class), StateBuilder.class, "privateKeys;trustedCertificates", "FIELD:Lorg/opendaylight/netconf/client/mdsal/impl/DefaultSslHandlerFactoryProvider$StateBuilder;->privateKeys:Ljava/util/HashMap;", "FIELD:Lorg/opendaylight/netconf/client/mdsal/impl/DefaultSslHandlerFactoryProvider$StateBuilder;->trustedCertificates:Ljava/util/HashMap;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public HashMap<String, org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017._private.keys.PrivateKey> privateKeys() {
            return this.privateKeys;
        }

        public HashMap<String, TrustedCertificate> trustedCertificates() {
            return this.trustedCertificates;
        }
    }

    @Inject
    @Activate
    public DefaultSslHandlerFactoryProvider(@Reference DataBroker dataBroker) {
        this.reg = dataBroker.registerDataTreeChangeListener(DataTreeIdentifier.create(LogicalDatastoreType.CONFIGURATION, InstanceIdentifier.create(Keystore.class)), this);
    }

    @Override // java.lang.AutoCloseable
    @PreDestroy
    @Deactivate
    public void close() {
        this.reg.close();
    }

    @Override // org.opendaylight.netconf.client.mdsal.api.SslHandlerFactoryProvider
    public SslHandlerFactory getSslHandlerFactory(Specification specification) {
        if (specification == null) {
            return this.nospecFactory;
        }
        if (!(specification instanceof TlsCase)) {
            throw new IllegalArgumentException("Cannot get TLS specification from: " + specification);
        }
        Set<String> excludedVersions = ((TlsCase) specification).nonnullTls().getExcludedVersions();
        return (excludedVersions == null || excludedVersions.isEmpty()) ? this.nospecFactory : new SslHandlerFactoryImpl(this, excludedVersions);
    }

    KeyStore getJavaKeyStore() throws GeneralSecurityException, IOException {
        return getJavaKeyStore(Set.of());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public KeyStore getJavaKeyStore(Set<String> set) throws GeneralSecurityException, IOException {
        Objects.requireNonNull(set);
        State state = this.state;
        if (state.privateKeys.isEmpty()) {
            throw new KeyStoreException("No keystore private key found");
        }
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, null);
        SecurityHelper securityHelper = new SecurityHelper();
        for (Map.Entry<String, org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017._private.keys.PrivateKey> entry : state.privateKeys.entrySet()) {
            String key = entry.getKey();
            if (set.isEmpty() || set.contains(key)) {
                org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017._private.keys.PrivateKey value = entry.getValue();
                PrivateKey javaPrivateKey = securityHelper.getJavaPrivateKey(value.getData());
                List<String> certificateChain = value.getCertificateChain();
                if (certificateChain == null || certificateChain.isEmpty()) {
                    throw new CertificateException("No certificate chain associated with private key " + key + " found");
                }
                Certificate[] certificateArr = new Certificate[certificateChain.size()];
                int i = 0;
                Iterator<String> it = certificateChain.iterator();
                while (it.hasNext()) {
                    int i2 = i;
                    i++;
                    certificateArr[i2] = securityHelper.getCertificate(it.next());
                }
                keyStore.setKeyEntry(key, javaPrivateKey, EMPTY_CHARS, certificateArr);
            }
        }
        for (Map.Entry<String, TrustedCertificate> entry2 : state.trustedCertificates.entrySet()) {
            keyStore.setCertificateEntry(entry2.getKey(), securityHelper.getCertificate(entry2.getValue().getCertificate()));
        }
        return keyStore;
    }

    private static byte[] base64Decode(String str) {
        return Base64.getMimeDecoder().decode(str.getBytes(StandardCharsets.US_ASCII));
    }

    public void onDataTreeChanged(Collection<DataTreeModification<Keystore>> collection) {
        LOG.debug("Starting update with {} changes", Integer.valueOf(collection.size()));
        StateBuilder newBuilder = this.state.newBuilder();
        onDataTreeChanged(newBuilder, collection);
        this.state = newBuilder.build();
        LOG.debug("Update finished");
    }

    private static void onDataTreeChanged(StateBuilder stateBuilder, Collection<DataTreeModification<Keystore>> collection) {
        for (DataTreeModification<Keystore> dataTreeModification : collection) {
            LOG.debug("Processing change {}", dataTreeModification);
            for (DataObjectModification dataObjectModification : dataTreeModification.getRootNode().getModifiedChildren()) {
                if (dataObjectModification.getDataType().equals(org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017._private.keys.PrivateKey.class)) {
                    onPrivateKeyChanged(stateBuilder.privateKeys, dataObjectModification);
                } else if (dataObjectModification.getDataType().equals(TrustedCertificate.class)) {
                    onTrustedCertificateChanged(stateBuilder.trustedCertificates, dataObjectModification);
                }
            }
        }
    }

    private static void onPrivateKeyChanged(HashMap<String, org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017._private.keys.PrivateKey> hashMap, DataObjectModification<org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017._private.keys.PrivateKey> dataObjectModification) {
        switch (AnonymousClass1.$SwitchMap$org$opendaylight$mdsal$binding$api$DataObjectModification$ModificationType[dataObjectModification.getModificationType().ordinal()]) {
            case 1:
            case 2:
                org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017._private.keys.PrivateKey privateKey = (org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.keystore.rev171017._private.keys.PrivateKey) dataObjectModification.getDataAfter();
                hashMap.put(privateKey.getName(), privateKey);
                return;
            case 3:
                hashMap.remove(dataObjectModification.getDataBefore().getName());
                return;
            default:
                return;
        }
    }

    private static void onTrustedCertificateChanged(HashMap<String, TrustedCertificate> hashMap, DataObjectModification<TrustedCertificate> dataObjectModification) {
        switch (AnonymousClass1.$SwitchMap$org$opendaylight$mdsal$binding$api$DataObjectModification$ModificationType[dataObjectModification.getModificationType().ordinal()]) {
            case 1:
            case 2:
                TrustedCertificate trustedCertificate = (TrustedCertificate) dataObjectModification.getDataAfter();
                hashMap.put(trustedCertificate.getName(), trustedCertificate);
                return;
            case 3:
                hashMap.remove(dataObjectModification.getDataBefore().getName());
                return;
            default:
                return;
        }
    }
}
