package org.opendaylight.netconf.transport.ssh;

import com.google.common.collect.ImmutableList;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.util.AbstractMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.opendaylight.netconf.shaded.sshd.common.BaseBuilder;
import org.opendaylight.netconf.shaded.sshd.common.FactoryManager;
import org.opendaylight.netconf.shaded.sshd.common.kex.KeyExchangeFactory;
import org.opendaylight.netconf.shaded.sshd.common.session.SessionHeartbeatController;
import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev240208.AsymmetricKeyPairGrouping;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev240208.EcPrivateKeyFormat;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev240208.PrivateKeyFormat;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev240208.PublicKeyFormat;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev240208.RsaPrivateKeyFormat;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev240208.SshPublicKeyFormat;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev240208.SubjectPublicKeyInfoFormat;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev240208._private.key.grouping.PrivateKeyType;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev240208._private.key.grouping._private.key.type.CleartextPrivateKey;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev240208.InlineOrKeystoreEndEntityCertWithKeyGrouping;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev240208.inline.or.keystore.asymmetric.key.grouping.InlineOrKeystore;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev240208.inline.or.keystore.asymmetric.key.grouping.inline.or.keystore.Inline;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev240208.inline.or.keystore.asymmetric.key.grouping.inline.or.keystore.inline.InlineDefinition;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev240208.ssh.client.grouping.server.authentication.SshHostKeys;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev240208.TransportParamsGrouping;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.common.rev240208.transport.params.grouping.KeyExchange;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev240208.ssh.server.grouping.server.identity.HostKey;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev240208.ssh.server.grouping.server.identity.host.key.HostKeyType;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev240208.ssh.server.grouping.server.identity.host.key.host.key.type.Certificate;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.server.rev240208.ssh.server.grouping.server.identity.host.key.host.key.type.PublicKey;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev240208.InlineOrTruststoreCertsGrouping;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev240208.inline.or.truststore._public.keys.grouping.InlineOrTruststore;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev240208.inline.or.truststore._public.keys.grouping.inline.or.truststore.inline.inline.definition.PublicKeyKey;
import org.opendaylight.yangtools.yang.common.Uint16;
import org.opendaylight.yangtools.yang.common.Uint8;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:org/opendaylight/netconf/transport/ssh/ConfigUtils.class */
public final class ConfigUtils {
    private static final int KEEP_ALIVE_DEFAULT_MAX_WAIT = 30;
    private static final int KEEP_ALIVE_DEFAULT_ATTEMPTS = 3;

    /* JADX INFO: Access modifiers changed from: package-private */
    @FunctionalInterface
    /* loaded from: input_file:org/opendaylight/netconf/transport/ssh/ConfigUtils$KexFactoryProvider.class */
    public interface KexFactoryProvider {
        List<KeyExchangeFactory> getKexFactories(KeyExchange keyExchange) throws UnsupportedConfigurationException;
    }

    private ConfigUtils() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Type inference failed for: r0v1, types: [org.opendaylight.netconf.shaded.sshd.common.BaseBuilder] */
    public static void setTransportParams(BaseBuilder<?, ?> baseBuilder, TransportParamsGrouping transportParamsGrouping, KexFactoryProvider kexFactoryProvider) throws UnsupportedConfigurationException {
        baseBuilder.cipherFactories(TransportUtils.getCipherFactories(transportParamsGrouping == null ? null : transportParamsGrouping.getEncryption())).signatureFactories(TransportUtils.getSignatureFactories(transportParamsGrouping == null ? null : transportParamsGrouping.getHostKey())).keyExchangeFactories(kexFactoryProvider.getKexFactories(transportParamsGrouping == null ? null : transportParamsGrouping.getKeyExchange())).macFactories(TransportUtils.getMacFactories(transportParamsGrouping == null ? null : transportParamsGrouping.getMac()));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @SuppressFBWarnings(value = {"DLS_DEAD_LOCAL_STORE"}, justification = "maxAttempts usage need clarification")
    public static void setKeepAlives(FactoryManager factoryManager, Uint16 uint16, Uint8 uint8) {
        int intValue = uint8 == null ? 3 : uint8.intValue();
        factoryManager.setSessionHeartbeat(SessionHeartbeatController.HeartbeatType.IGNORE, Duration.ofSeconds(uint16 == null ? 30 : uint16.intValue()));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<KeyPair> extractServerHostKeys(List<HostKey> list) throws UnsupportedConfigurationException {
        ImmutableList.Builder builder = ImmutableList.builder();
        for (HostKey hostKey : list) {
            HostKeyType hostKeyType = hostKey.getHostKeyType();
            if (hostKeyType instanceof PublicKey) {
                PublicKey publicKey = (PublicKey) hostKeyType;
                if (publicKey.getPublicKey() != null) {
                    builder.add((ImmutableList.Builder) extractKeyPair(publicKey.getPublicKey().getInlineOrKeystore()));
                }
            }
            HostKeyType hostKeyType2 = hostKey.getHostKeyType();
            if (hostKeyType2 instanceof Certificate) {
                Certificate certificate = (Certificate) hostKeyType2;
                if (certificate.getCertificate() != null) {
                    builder.add((ImmutableList.Builder) extractCertificateEntry(certificate.getCertificate()).getKey());
                }
            }
        }
        return builder.build();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KeyPair extractKeyPair(InlineOrKeystore inlineOrKeystore) throws UnsupportedConfigurationException {
        Inline inline = (Inline) ofType(Inline.class, inlineOrKeystore);
        InlineDefinition inlineDefinition = inline.getInlineDefinition();
        if (inlineDefinition == null) {
            throw new UnsupportedConfigurationException("Missing inline definition in " + inline);
        }
        return extractKeyPair(inlineDefinition);
    }

    private static KeyPair extractKeyPair(AsymmetricKeyPairGrouping asymmetricKeyPairGrouping) throws UnsupportedConfigurationException {
        String str;
        boolean z;
        PrivateKeyFormat privateKeyFormat = asymmetricKeyPairGrouping.getPrivateKeyFormat();
        if (EcPrivateKeyFormat.VALUE.equals(privateKeyFormat)) {
            str = "EC";
        } else {
            if (!RsaPrivateKeyFormat.VALUE.equals(asymmetricKeyPairGrouping.getPrivateKeyFormat())) {
                throw new UnsupportedConfigurationException("Unsupported private key format " + privateKeyFormat);
            }
            str = "RSA";
        }
        PrivateKeyType privateKeyType = asymmetricKeyPairGrouping.getPrivateKeyType();
        if (!(privateKeyType instanceof CleartextPrivateKey)) {
            throw new UnsupportedConfigurationException("Unsupported private key type " + asymmetricKeyPairGrouping.getPrivateKeyType());
        }
        byte[] requireCleartextPrivateKey = ((CleartextPrivateKey) privateKeyType).requireCleartextPrivateKey();
        PublicKeyFormat publicKeyFormat = asymmetricKeyPairGrouping.getPublicKeyFormat();
        byte[] publicKey = asymmetricKeyPairGrouping.getPublicKey();
        if (SubjectPublicKeyInfoFormat.VALUE.equals(publicKeyFormat)) {
            z = false;
        } else {
            if (!SshPublicKeyFormat.VALUE.equals(publicKeyFormat)) {
                throw new UnsupportedConfigurationException("Unsupported public key format " + publicKeyFormat);
            }
            z = true;
        }
        PrivateKey buildPrivateKey = KeyUtils.buildPrivateKey(str, requireCleartextPrivateKey);
        java.security.PublicKey buildPublicKeyFromSshEncoding = z ? KeyUtils.buildPublicKeyFromSshEncoding(publicKey) : KeyUtils.buildX509PublicKey(str, publicKey);
        KeyUtils.validateKeyPair(buildPublicKeyFromSshEncoding, buildPrivateKey);
        return new KeyPair(buildPublicKeyFromSshEncoding, buildPrivateKey);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<java.security.cert.Certificate> extractCertificates(InlineOrTruststoreCertsGrouping inlineOrTruststoreCertsGrouping) throws UnsupportedConfigurationException {
        if (inlineOrTruststoreCertsGrouping == null) {
            return List.of();
        }
        org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev240208.inline.or.truststore.certs.grouping.inline.or.truststore.Inline inline = (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev240208.inline.or.truststore.certs.grouping.inline.or.truststore.Inline) ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev240208.inline.or.truststore.certs.grouping.inline.or.truststore.Inline.class, inlineOrTruststoreCertsGrouping.getInlineOrTruststore());
        org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev240208.inline.or.truststore.certs.grouping.inline.or.truststore.inline.InlineDefinition inlineDefinition = inline.getInlineDefinition();
        if (inlineDefinition == null) {
            throw new UnsupportedConfigurationException("Missing inline definition in " + inline);
        }
        ImmutableList.Builder builder = ImmutableList.builder();
        Iterator<org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev240208.inline.or.truststore.certs.grouping.inline.or.truststore.inline.inline.definition.Certificate> it = inlineDefinition.nonnullCertificate().values().iterator();
        while (it.hasNext()) {
            builder.add((ImmutableList.Builder) KeyUtils.buildX509Certificate(it.next().requireCertData().getValue()));
        }
        return builder.build();
    }

    private static Map.Entry<KeyPair, List<X509Certificate>> extractCertificateEntry(InlineOrKeystoreEndEntityCertWithKeyGrouping inlineOrKeystoreEndEntityCertWithKeyGrouping) throws UnsupportedConfigurationException {
        org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev240208.inline.or.keystore.end.entity.cert.with.key.grouping.inline.or.keystore.Inline inline = (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev240208.inline.or.keystore.end.entity.cert.with.key.grouping.inline.or.keystore.Inline) ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev240208.inline.or.keystore.end.entity.cert.with.key.grouping.inline.or.keystore.Inline.class, inlineOrKeystoreEndEntityCertWithKeyGrouping.getInlineOrKeystore());
        org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.keystore.rev240208.inline.or.keystore.end.entity.cert.with.key.grouping.inline.or.keystore.inline.InlineDefinition inlineDefinition = inline.getInlineDefinition();
        if (inlineDefinition == null) {
            throw new UnsupportedConfigurationException("Missing inline definition in " + inline);
        }
        KeyPair extractKeyPair = extractKeyPair(inlineDefinition);
        X509Certificate buildX509Certificate = KeyUtils.buildX509Certificate(inlineDefinition.requireCertData().getValue());
        KeyUtils.validatePublicKey(extractKeyPair.getPublic(), buildX509Certificate);
        return new AbstractMap.SimpleImmutableEntry(extractKeyPair, List.of(buildX509Certificate));
    }

    private static <T> T ofType(Class<T> cls, Object obj) throws UnsupportedConfigurationException {
        if (cls.isInstance(obj)) {
            return cls.cast(obj);
        }
        throw new UnsupportedConfigurationException("Expected type: " + cls + " actual: " + obj.getClass());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<java.security.PublicKey> extractPublicKeys(InlineOrTruststore inlineOrTruststore) throws UnsupportedConfigurationException {
        org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev240208.inline.or.truststore._public.keys.grouping.inline.or.truststore.Inline inline = (org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev240208.inline.or.truststore._public.keys.grouping.inline.or.truststore.Inline) ofType(org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev240208.inline.or.truststore._public.keys.grouping.inline.or.truststore.Inline.class, inlineOrTruststore);
        org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev240208.inline.or.truststore._public.keys.grouping.inline.or.truststore.inline.InlineDefinition inlineDefinition = inline.getInlineDefinition();
        if (inlineDefinition == null) {
            throw new UnsupportedConfigurationException("Missing inline definition in " + inline);
        }
        Map<PublicKeyKey, org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev240208.inline.or.truststore._public.keys.grouping.inline.or.truststore.inline.inline.definition.PublicKey> publicKey = inlineDefinition.getPublicKey();
        if (publicKey == null) {
            return List.of();
        }
        ImmutableList.Builder builder = ImmutableList.builder();
        for (Map.Entry<PublicKeyKey, org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.truststore.rev240208.inline.or.truststore._public.keys.grouping.inline.or.truststore.inline.inline.definition.PublicKey> entry : publicKey.entrySet()) {
            if (!SshPublicKeyFormat.VALUE.equals(entry.getValue().getPublicKeyFormat())) {
                throw new UnsupportedConfigurationException("ssh public key format is expected");
            }
            builder.add((ImmutableList.Builder) KeyUtils.buildPublicKeyFromSshEncoding(entry.getValue().getPublicKey()));
        }
        return builder.build();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List<java.security.PublicKey> extractPublicKeys(SshHostKeys sshHostKeys) throws UnsupportedConfigurationException {
        return sshHostKeys == null ? List.of() : extractPublicKeys(sshHostKeys.getInlineOrTruststore());
    }
}
