package org.opendaylight.netconf.client.mdsal.impl;

import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import javax.annotation.PreDestroy;
import javax.inject.Inject;
import javax.inject.Singleton;
import org.opendaylight.netconf.client.SslContextFactory;
import org.opendaylight.netconf.client.mdsal.api.SslContextFactoryProvider;
import org.opendaylight.netconf.keystore.legacy.CertifiedPrivateKey;
import org.opendaylight.netconf.keystore.legacy.NetconfKeystore;
import org.opendaylight.netconf.keystore.legacy.NetconfKeystoreService;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.device.rev240120.connection.parameters.protocol.Specification;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.device.rev240120.connection.parameters.protocol.specification.TlsCase;
import org.opendaylight.yangtools.concepts.Registration;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Reference;

@Singleton
@Component(service = {SslContextFactoryProvider.class})
/* loaded from: input_file:org/opendaylight/netconf/client/mdsal/impl/DefaultSslContextFactoryProvider.class */
public final class DefaultSslContextFactoryProvider implements SslContextFactoryProvider, AutoCloseable {
    private static final X509Certificate[] EMPTY_CERTS = new X509Certificate[0];
    private static final char[] EMPTY_CHARS = new char[0];
    private final Registration reg;
    private final DefaultSslContextFactory nospecFactory = new DefaultSslContextFactory(this);
    private volatile NetconfKeystore keystore = NetconfKeystore.EMPTY;

    @Inject
    @Activate
    public DefaultSslContextFactoryProvider(@Reference NetconfKeystoreService netconfKeystoreService) {
        this.reg = netconfKeystoreService.registerKeystoreConsumer(this::onKeystoreUpdated);
    }

    @Override // java.lang.AutoCloseable
    @PreDestroy
    @Deactivate
    public void close() {
        this.reg.close();
    }

    private void onKeystoreUpdated(NetconfKeystore netconfKeystore) {
        this.keystore = netconfKeystore;
    }

    @Override // org.opendaylight.netconf.client.mdsal.api.SslContextFactoryProvider
    public SslContextFactory getSslContextFactory(Specification specification) {
        if (specification == null) {
            return this.nospecFactory;
        }
        if (!(specification instanceof TlsCase)) {
            throw new IllegalArgumentException("Cannot get TLS specification from: " + specification);
        }
        Set<String> excludedVersions = ((TlsCase) specification).nonnullTls().getExcludedVersions();
        return (excludedVersions == null || excludedVersions.isEmpty()) ? this.nospecFactory : new FilteredSslContextFactory(this, excludedVersions);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public KeyStore getJavaKeyStore(Set<String> set) throws GeneralSecurityException, IOException {
        Objects.requireNonNull(set);
        NetconfKeystore netconfKeystore = this.keystore;
        if (netconfKeystore.privateKeys().isEmpty()) {
            throw new KeyStoreException("No keystore private key found");
        }
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, null);
        for (Map.Entry entry : netconfKeystore.privateKeys().entrySet()) {
            String str = (String) entry.getKey();
            if (set.isEmpty() || set.contains(str)) {
                CertifiedPrivateKey certifiedPrivateKey = (CertifiedPrivateKey) entry.getValue();
                keyStore.setKeyEntry(str, certifiedPrivateKey.key(), EMPTY_CHARS, (Certificate[]) certifiedPrivateKey.certificateChain().toArray(EMPTY_CERTS));
            }
        }
        for (Map.Entry entry2 : netconfKeystore.trustedCertificates().entrySet()) {
            keyStore.setCertificateEntry((String) entry2.getKey(), (Certificate) entry2.getValue());
        }
        return keyStore;
    }
}
