package org.opendaylight.netconf.transport.tls;

import com.google.common.util.concurrent.ListenableFuture;
import io.netty.bootstrap.Bootstrap;
import io.netty.bootstrap.ServerBootstrap;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import javax.net.ssl.TrustManagerFactory;
import org.opendaylight.netconf.transport.api.TransportChannelListener;
import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;
import org.opendaylight.netconf.transport.tcp.TCPClient;
import org.opendaylight.netconf.transport.tcp.TCPServer;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.client.rev230417.TcpClientGrouping;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tcp.server.rev230417.TcpServerGrouping;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.TlsClientGrouping;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.tls.client.grouping.ClientIdentity;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.tls.client.grouping.ServerAuthentication;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.tls.client.grouping.client.identity.AuthType;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.tls.client.grouping.client.identity.auth.type.Certificate;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.tls.client.grouping.client.identity.auth.type.RawPublicKey;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.tls.client.grouping.client.identity.auth.type.raw._public.key.RawPrivateKey;

/* loaded from: input_file:org/opendaylight/netconf/transport/tls/TLSClient.class */
public final class TLSClient extends TLSTransportStack {
    private TLSClient(TransportChannelListener transportChannelListener, SslContext sslContext) {
        super(transportChannelListener, sslContext);
    }

    public static ListenableFuture<TLSClient> connect(TransportChannelListener transportChannelListener, Bootstrap bootstrap, TcpClientGrouping tcpClientGrouping, TlsClientGrouping tlsClientGrouping) throws UnsupportedConfigurationException {
        TLSClient newClient = newClient(transportChannelListener, tlsClientGrouping);
        return transformUnderlay(newClient, TCPClient.connect(newClient.asListener(), bootstrap, tcpClientGrouping));
    }

    public static ListenableFuture<TLSClient> listen(TransportChannelListener transportChannelListener, ServerBootstrap serverBootstrap, TcpServerGrouping tcpServerGrouping, TlsClientGrouping tlsClientGrouping) throws UnsupportedConfigurationException {
        TLSClient newClient = newClient(transportChannelListener, tlsClientGrouping);
        return transformUnderlay(newClient, TCPServer.listen(newClient.asListener(), serverBootstrap, tcpServerGrouping));
    }

    private static TLSClient newClient(TransportChannelListener transportChannelListener, TlsClientGrouping tlsClientGrouping) throws UnsupportedConfigurationException {
        SslContextBuilder forClient = SslContextBuilder.forClient();
        ClientIdentity clientIdentity = tlsClientGrouping.getClientIdentity();
        if (clientIdentity != null) {
            AuthType authType = clientIdentity.getAuthType();
            if (authType instanceof Certificate) {
                Certificate certificate = (Certificate) authType;
                org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.tls.client.rev230417.tls.client.grouping.client.identity.auth.type.certificate.Certificate certificate2 = certificate.getCertificate();
                if (certificate2 == null) {
                    throw new UnsupportedConfigurationException("Missing certificate in " + certificate);
                }
                forClient.keyManager(newKeyManager(certificate2));
            } else if (authType instanceof RawPublicKey) {
                RawPublicKey rawPublicKey = (RawPublicKey) authType;
                RawPrivateKey rawPrivateKey = rawPublicKey.getRawPrivateKey();
                if (rawPrivateKey == null) {
                    throw new UnsupportedConfigurationException("Missing key in " + rawPublicKey);
                }
                forClient.keyManager(newKeyManager(rawPrivateKey));
            } else if (authType != null) {
                throw new UnsupportedConfigurationException("Unsupported client authentication type " + authType);
            }
        }
        ServerAuthentication serverAuthentication = tlsClientGrouping.getServerAuthentication();
        if (serverAuthentication != null) {
            TrustManagerFactory newTrustManager = newTrustManager(serverAuthentication.getCaCerts(), serverAuthentication.getEeCerts(), serverAuthentication.getRawPublicKeys());
            if (newTrustManager == null) {
                throw new UnsupportedOperationException("No server authentication methods in " + serverAuthentication);
            }
            forClient.trustManager(newTrustManager);
        }
        return new TLSClient(transportChannelListener, buildSslContext(forClient, tlsClientGrouping.getHelloParams()));
    }
}
