package org.opendaylight.netconf.transport.tls;

import com.google.common.collect.ImmutableMap;
import com.google.common.collect.UnmodifiableIterator;
import java.io.IOException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.Map;
import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev240208.AsymmetricKeyPairGrouping;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev240208.EcPrivateKeyFormat;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev240208.PrivateKeyFormat;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev240208.PublicKeyFormat;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev240208.RsaPrivateKeyFormat;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev240208.SshPublicKeyFormat;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev240208.SubjectPublicKeyInfoFormat;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev240208._private.key.grouping.PrivateKeyType;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev240208._private.key.grouping._private.key.type.CleartextPrivateKey;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev240208.InlineOrKeystoreAsymmetricKeyGrouping;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev240208.InlineOrKeystoreEndEntityCertWithKeyGrouping;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev240208.InlineOrTruststoreCertsGrouping;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev240208.inline.or.truststore.certs.grouping.inline.or.truststore.Inline;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev240208.inline.or.truststore.certs.grouping.inline.or.truststore.inline.InlineDefinition;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/opendaylight/netconf/transport/tls/ConfigUtils.class */
public final class ConfigUtils {
    static final char[] EMPTY_SECRET = new char[0];
    static final String DEFAULT_PRIVATE_KEY_ALIAS = "private";
    static final String DEFAULT_CERTIFICATE_ALIAS = "certificate";

    private ConfigUtils() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void setX509Certificates(KeyStore keyStore, InlineOrTruststoreCertsGrouping inlineOrTruststoreCertsGrouping, InlineOrTruststoreCertsGrouping inlineOrTruststoreCertsGrouping2) throws UnsupportedConfigurationException {
        UnmodifiableIterator it = ImmutableMap.builder().putAll(extractCertificates(inlineOrTruststoreCertsGrouping, "ca-")).putAll(extractCertificates(inlineOrTruststoreCertsGrouping2, "ee-")).build().entrySet().iterator();
        while (it.hasNext()) {
            Map.Entry entry = (Map.Entry) it.next();
            try {
                keyStore.setCertificateEntry((String) entry.getKey(), (Certificate) entry.getValue());
            } catch (KeyStoreException e) {
                throw new UnsupportedConfigurationException("Failed to load certificate", e);
            }
        }
    }

    private static Map<String, Certificate> extractCertificates(InlineOrTruststoreCertsGrouping inlineOrTruststoreCertsGrouping, String str) throws UnsupportedConfigurationException {
        if (inlineOrTruststoreCertsGrouping == null) {
            return Map.of();
        }
        Inline inline = (Inline) ofType(Inline.class, inlineOrTruststoreCertsGrouping.getInlineOrTruststore());
        InlineDefinition inlineDefinition = inline.getInlineDefinition();
        if (inlineDefinition == null) {
            throw new UnsupportedConfigurationException("Missing inline definition in " + inline);
        }
        ImmutableMap.Builder builder = ImmutableMap.builder();
        for (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev240208.inline.or.truststore.certs.grouping.inline.or.truststore.inline.inline.definition.Certificate certificate : inlineDefinition.nonnullCertificate().values()) {
            try {
                builder.put(str + certificate.requireName(), KeyStoreUtils.buildX509Certificate(certificate.requireCertData().getValue()));
            } catch (IOException | CertificateException e) {
                throw new UnsupportedConfigurationException("Failed to parse certificate " + certificate, e);
            }
        }
        return builder.build();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void setAsymmetricKey(KeyStore keyStore, InlineOrKeystoreAsymmetricKeyGrouping inlineOrKeystoreAsymmetricKeyGrouping) throws UnsupportedConfigurationException {
        org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev240208.inline.or.keystore.asymmetric.key.grouping.inline.or.keystore.Inline inline = (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev240208.inline.or.keystore.asymmetric.key.grouping.inline.or.keystore.Inline) ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev240208.inline.or.keystore.asymmetric.key.grouping.inline.or.keystore.Inline.class, inlineOrKeystoreAsymmetricKeyGrouping.getInlineOrKeystore());
        org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev240208.inline.or.keystore.asymmetric.key.grouping.inline.or.keystore.inline.InlineDefinition inlineDefinition = inline.getInlineDefinition();
        if (inlineDefinition == null) {
            throw new UnsupportedConfigurationException("Missing inline definition in " + inline);
        }
        KeyPair extractKeyPair = extractKeyPair(inlineDefinition);
        KeyUtils.validateKeyPair(extractKeyPair.getPublic(), extractKeyPair.getPrivate());
        try {
            keyStore.setKeyEntry(DEFAULT_PRIVATE_KEY_ALIAS, extractKeyPair.getPrivate(), EMPTY_SECRET, null);
        } catch (KeyStoreException e) {
            throw new UnsupportedConfigurationException("Failed to load private key", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void setEndEntityCertificateWithKey(KeyStore keyStore, InlineOrKeystoreEndEntityCertWithKeyGrouping inlineOrKeystoreEndEntityCertWithKeyGrouping) throws UnsupportedConfigurationException {
        org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev240208.inline.or.keystore.end.entity.cert.with.key.grouping.inline.or.keystore.Inline inline = (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev240208.inline.or.keystore.end.entity.cert.with.key.grouping.inline.or.keystore.Inline) ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev240208.inline.or.keystore.end.entity.cert.with.key.grouping.inline.or.keystore.Inline.class, inlineOrKeystoreEndEntityCertWithKeyGrouping.getInlineOrKeystore());
        org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev240208.inline.or.keystore.end.entity.cert.with.key.grouping.inline.or.keystore.inline.InlineDefinition inlineDefinition = inline.getInlineDefinition();
        if (inlineDefinition == null) {
            throw new UnsupportedConfigurationException("Missing inline definition in " + inline);
        }
        KeyPair extractKeyPair = extractKeyPair(inlineDefinition);
        try {
            Certificate buildX509Certificate = KeyStoreUtils.buildX509Certificate(inlineDefinition.requireCertData().getValue());
            KeyUtils.validateKeyPair(extractKeyPair.getPublic(), extractKeyPair.getPrivate());
            KeyUtils.validatePublicKey(extractKeyPair.getPublic(), buildX509Certificate);
            try {
                keyStore.setCertificateEntry(DEFAULT_CERTIFICATE_ALIAS, buildX509Certificate);
                keyStore.setKeyEntry(DEFAULT_PRIVATE_KEY_ALIAS, extractKeyPair.getPrivate(), EMPTY_SECRET, new Certificate[]{buildX509Certificate});
            } catch (KeyStoreException e) {
                throw new UnsupportedConfigurationException("Failed to load certificate and/or private key", e);
            }
        } catch (IOException | CertificateException e2) {
            throw new UnsupportedConfigurationException("Failed to load certificate" + inlineDefinition, e2);
        }
    }

    private static KeyPair extractKeyPair(AsymmetricKeyPairGrouping asymmetricKeyPairGrouping) throws UnsupportedConfigurationException {
        String str;
        boolean z;
        PrivateKeyFormat privateKeyFormat = asymmetricKeyPairGrouping.getPrivateKeyFormat();
        if (EcPrivateKeyFormat.VALUE.equals(privateKeyFormat)) {
            str = "EC";
        } else {
            if (!RsaPrivateKeyFormat.VALUE.equals(privateKeyFormat)) {
                throw new UnsupportedConfigurationException("Unsupported private key format " + privateKeyFormat);
            }
            str = "RSA";
        }
        PrivateKeyType privateKeyType = asymmetricKeyPairGrouping.getPrivateKeyType();
        if (!(privateKeyType instanceof CleartextPrivateKey)) {
            throw new UnsupportedConfigurationException("Unsupported private key type " + asymmetricKeyPairGrouping.getPrivateKeyType());
        }
        PrivateKey buildPrivateKey = KeyUtils.buildPrivateKey(str, ((CleartextPrivateKey) privateKeyType).requireCleartextPrivateKey());
        PublicKeyFormat publicKeyFormat = asymmetricKeyPairGrouping.getPublicKeyFormat();
        if (SubjectPublicKeyInfoFormat.VALUE.equals(publicKeyFormat)) {
            z = false;
        } else {
            if (!SshPublicKeyFormat.VALUE.equals(publicKeyFormat)) {
                throw new UnsupportedConfigurationException("Unsupported public key format " + publicKeyFormat);
            }
            z = true;
        }
        return new KeyPair(z ? KeyUtils.buildPublicKeyFromSshEncoding(asymmetricKeyPairGrouping.getPublicKey()) : KeyUtils.buildX509PublicKey(str, asymmetricKeyPairGrouping.getPublicKey()), buildPrivateKey);
    }

    private static <T> T ofType(Class<T> cls, Object obj) throws UnsupportedConfigurationException {
        if (cls.isInstance(obj)) {
            return cls.cast(obj);
        }
        throw new UnsupportedConfigurationException("Expected type: " + cls + " actual: " + obj.getClass());
    }
}
