package org.opendaylight.netconf.transport.ssh;

import com.google.common.collect.ImmutableList;
import com.google.common.util.concurrent.ListenableFuture;
import io.netty.bootstrap.Bootstrap;
import io.netty.bootstrap.ServerBootstrap;
import io.netty.channel.group.DefaultChannelGroup;
import io.netty.util.concurrent.GlobalEventExecutor;
import java.security.KeyPair;
import java.util.List;
import org.opendaylight.netconf.shaded.sshd.client.ClientFactoryManager;
import org.opendaylight.netconf.shaded.sshd.client.SshClient;
import org.opendaylight.netconf.shaded.sshd.client.auth.hostbased.HostKeyIdentityProvider;
import org.opendaylight.netconf.shaded.sshd.client.auth.hostbased.UserAuthHostBasedFactory;
import org.opendaylight.netconf.shaded.sshd.client.auth.password.PasswordIdentityProvider;
import org.opendaylight.netconf.shaded.sshd.client.auth.password.UserAuthPasswordFactory;
import org.opendaylight.netconf.shaded.sshd.client.auth.pubkey.UserAuthPublicKeyFactory;
import org.opendaylight.netconf.shaded.sshd.client.keyverifier.AcceptAllServerKeyVerifier;
import org.opendaylight.netconf.shaded.sshd.client.session.ClientSessionImpl;
import org.opendaylight.netconf.shaded.sshd.client.session.SessionFactory;
import org.opendaylight.netconf.shaded.sshd.common.io.IoHandler;
import org.opendaylight.netconf.shaded.sshd.common.keyprovider.KeyIdentityProvider;
import org.opendaylight.netconf.shaded.sshd.common.util.threads.ThreadUtils;
import org.opendaylight.netconf.transport.api.TransportChannelListener;
import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;
import org.opendaylight.netconf.transport.tcp.TCPClient;
import org.opendaylight.netconf.transport.tcp.TCPServer;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.password.grouping.PasswordType;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev230417.password.grouping.password.type.CleartextPassword;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.SshClientGrouping;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.ClientIdentity;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.ServerAuthentication;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.client.identity.Hostbased;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.client.identity.Password;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev230417.ssh.client.grouping.client.identity.PublicKey;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.TcpClientGrouping;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerGrouping;

/* loaded from: input_file:org/opendaylight/netconf/transport/ssh/SSHClient.class */
public final class SSHClient extends SSHTransportStack {
    private final ClientFactoryManager clientFactoryManager;
    private final SessionFactory sessionFactory;

    private SSHClient(TransportChannelListener transportChannelListener, ClientFactoryManager clientFactoryManager, final String str) {
        super(transportChannelListener);
        this.clientFactoryManager = clientFactoryManager;
        this.clientFactoryManager.addSessionListener(new UserAuthSessionListener(this.sessionAuthHandlers, this.sessions));
        this.sessionFactory = new SessionFactory(clientFactoryManager) { // from class: org.opendaylight.netconf.transport.ssh.SSHClient.1
            /* JADX INFO: Access modifiers changed from: protected */
            @Override // org.opendaylight.netconf.shaded.sshd.common.session.helpers.AbstractSessionFactory
            public ClientSessionImpl setupSession(ClientSessionImpl clientSessionImpl) {
                clientSessionImpl.setUsername(str);
                return clientSessionImpl;
            }
        };
        this.ioService = new SshIoService(this.clientFactoryManager, new DefaultChannelGroup("sshd-client-channels", GlobalEventExecutor.INSTANCE), this.sessionFactory);
    }

    @Override // org.opendaylight.netconf.transport.ssh.SSHTransportStack
    protected IoHandler getSessionFactory() {
        return this.sessionFactory;
    }

    public static ListenableFuture<SSHClient> connect(TransportChannelListener transportChannelListener, Bootstrap bootstrap, TcpClientGrouping tcpClientGrouping, SshClientGrouping sshClientGrouping) throws UnsupportedConfigurationException {
        SSHClient sSHClient = new SSHClient(transportChannelListener, newFactoryManager(sshClientGrouping), getUsername(sshClientGrouping));
        return transformUnderlay(sSHClient, TCPClient.connect(sSHClient.asListener(), bootstrap, tcpClientGrouping));
    }

    public static ListenableFuture<SSHClient> listen(TransportChannelListener transportChannelListener, ServerBootstrap serverBootstrap, TcpServerGrouping tcpServerGrouping, SshClientGrouping sshClientGrouping) throws UnsupportedConfigurationException {
        SSHClient sSHClient = new SSHClient(transportChannelListener, newFactoryManager(sshClientGrouping), getUsername(sshClientGrouping));
        return transformUnderlay(sSHClient, TCPServer.listen(sSHClient.asListener(), serverBootstrap, tcpServerGrouping));
    }

    private static String getUsername(SshClientGrouping sshClientGrouping) {
        ClientIdentity clientIdentity = sshClientGrouping.getClientIdentity();
        return clientIdentity == null ? "" : clientIdentity.getUsername();
    }

    private static ClientFactoryManager newFactoryManager(SshClientGrouping sshClientGrouping) throws UnsupportedConfigurationException {
        SshClient upDefaultClient = SshClient.setUpDefaultClient();
        ConfigUtils.setTransportParams(upDefaultClient, sshClientGrouping.getTransportParams());
        ConfigUtils.setKeepAlives(upDefaultClient, sshClientGrouping.getKeepalives());
        setClientIdentity(upDefaultClient, sshClientGrouping.getClientIdentity());
        setServerAuthentication(upDefaultClient, sshClientGrouping.getServerAuthentication());
        upDefaultClient.setServiceFactories(SshClient.DEFAULT_SERVICE_FACTORIES);
        upDefaultClient.setScheduledExecutorService(ThreadUtils.newSingleThreadScheduledExecutor("sshd-client-pool"));
        return upDefaultClient;
    }

    private static void setClientIdentity(ClientFactoryManager clientFactoryManager, ClientIdentity clientIdentity) throws UnsupportedConfigurationException {
        if (clientIdentity == null || clientIdentity.getNone() != null) {
            return;
        }
        ImmutableList.Builder builder = ImmutableList.builder();
        Password password = clientIdentity.getPassword();
        if (password != null) {
            PasswordType passwordType = password.getPasswordType();
            if (passwordType instanceof CleartextPassword) {
                clientFactoryManager.setPasswordIdentityProvider(PasswordIdentityProvider.wrapPasswords(((CleartextPassword) passwordType).requireCleartextPassword()));
                builder.add((ImmutableList.Builder) new UserAuthPasswordFactory());
            }
        }
        Hostbased hostbased = clientIdentity.getHostbased();
        if (hostbased != null) {
            KeyPair extractKeyPair = ConfigUtils.extractKeyPair(hostbased.getInlineOrKeystore());
            UserAuthHostBasedFactory userAuthHostBasedFactory = new UserAuthHostBasedFactory();
            userAuthHostBasedFactory.setClientHostKeys(HostKeyIdentityProvider.wrap(extractKeyPair));
            userAuthHostBasedFactory.setClientUsername(clientIdentity.getUsername());
            userAuthHostBasedFactory.setClientHostname(null);
            userAuthHostBasedFactory.setSignatureFactories(clientFactoryManager.getSignatureFactories());
            builder.add((ImmutableList.Builder) userAuthHostBasedFactory);
        }
        PublicKey publicKey = clientIdentity.getPublicKey();
        if (publicKey != null) {
            clientFactoryManager.setKeyIdentityProvider(KeyIdentityProvider.wrapKeyPairs(ConfigUtils.extractKeyPair(publicKey.getInlineOrKeystore())));
            UserAuthPublicKeyFactory userAuthPublicKeyFactory = new UserAuthPublicKeyFactory();
            userAuthPublicKeyFactory.setSignatureFactories(clientFactoryManager.getSignatureFactories());
            builder.add((ImmutableList.Builder) userAuthPublicKeyFactory);
        }
        ImmutableList build = builder.build();
        if (build.isEmpty()) {
            throw new UnsupportedConfigurationException("Client Identity has no authentication mechanism defined");
        }
        clientFactoryManager.setUserAuthFactories(build);
    }

    private static void setServerAuthentication(ClientFactoryManager clientFactoryManager, ServerAuthentication serverAuthentication) throws UnsupportedConfigurationException {
        if (serverAuthentication == null) {
            clientFactoryManager.setServerKeyVerifier(AcceptAllServerKeyVerifier.INSTANCE);
            return;
        }
        ImmutableList build = ImmutableList.builder().addAll((Iterable) ConfigUtils.extractCertificates(serverAuthentication.getCaCerts())).addAll((Iterable) ConfigUtils.extractCertificates(serverAuthentication.getEeCerts())).build();
        List<java.security.PublicKey> extractPublicKeys = ConfigUtils.extractPublicKeys(serverAuthentication.getSshHostKeys());
        if (build.isEmpty() && extractPublicKeys.isEmpty()) {
            throw new UnsupportedConfigurationException("Server authentication should contain either ssh-host-keys or ca-certs or ee-certs");
        }
        clientFactoryManager.setServerKeyVerifier(new ServerPublicKeyVerifier(build, extractPublicKeys));
    }
}
