package org.opendaylight.netconf.topology.spi;

import java.util.List;
import java.util.Objects;
import javax.inject.Inject;
import javax.inject.Singleton;
import org.opendaylight.aaa.encrypt.AAAEncryptionService;
import org.opendaylight.netconf.client.conf.NetconfClientConfiguration;
import org.opendaylight.netconf.client.conf.NetconfClientConfigurationBuilder;
import org.opendaylight.netconf.client.mdsal.DatastoreBackedPublicKeyAuth;
import org.opendaylight.netconf.client.mdsal.api.CredentialProvider;
import org.opendaylight.netconf.client.mdsal.api.SslHandlerFactoryProvider;
import org.opendaylight.netconf.nettyutil.handler.ssh.authentication.AuthenticationHandler;
import org.opendaylight.netconf.nettyutil.handler.ssh.authentication.LoginPasswordHandler;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.device.rev231024.connection.parameters.OdlHelloMessageCapabilities;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.device.rev231024.connection.parameters.Protocol;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.device.rev231024.credentials.Credentials;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.device.rev231024.credentials.credentials.KeyAuth;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.device.rev231024.credentials.credentials.LoginPassword;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.device.rev231024.credentials.credentials.LoginPw;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.device.rev231024.credentials.credentials.LoginPwUnencrypted;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.device.rev231024.credentials.credentials.key.auth.KeyBased;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.device.rev231024.credentials.credentials.login.pw.unencrypted.LoginPasswordUnencrypted;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev221225.NetconfNode;
import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.NodeId;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;

@Singleton
@Component
/* loaded from: input_file:org/opendaylight/netconf/topology/spi/DefaultNetconfClientConfigurationBuilderFactory.class */
public final class DefaultNetconfClientConfigurationBuilderFactory implements NetconfClientConfigurationBuilderFactory {
    private final SslHandlerFactoryProvider sslHandlerFactoryProvider;
    private final AAAEncryptionService encryptionService;
    private final CredentialProvider credentialProvider;

    @Inject
    @Activate
    public DefaultNetconfClientConfigurationBuilderFactory(@Reference AAAEncryptionService aAAEncryptionService, @Reference CredentialProvider credentialProvider, @Reference SslHandlerFactoryProvider sslHandlerFactoryProvider) {
        this.encryptionService = (AAAEncryptionService) Objects.requireNonNull(aAAEncryptionService);
        this.credentialProvider = (CredentialProvider) Objects.requireNonNull(credentialProvider);
        this.sslHandlerFactoryProvider = (SslHandlerFactoryProvider) Objects.requireNonNull(sslHandlerFactoryProvider);
    }

    @Override // org.opendaylight.netconf.topology.spi.NetconfClientConfigurationBuilderFactory
    public NetconfClientConfigurationBuilder createClientConfigurationBuilder(NodeId nodeId, NetconfNode netconfNode) {
        NetconfClientConfigurationBuilder create = NetconfClientConfigurationBuilder.create();
        Protocol protocol = netconfNode.getProtocol();
        if (netconfNode.requireTcpOnly().booleanValue()) {
            create.withProtocol(NetconfClientConfiguration.NetconfClientProtocol.TCP).withAuthHandler(getHandlerFromCredentials(netconfNode.getCredentials()));
        } else if (protocol == null || protocol.getName() == Protocol.Name.SSH) {
            create.withProtocol(NetconfClientConfiguration.NetconfClientProtocol.SSH).withAuthHandler(getHandlerFromCredentials(netconfNode.getCredentials()));
        } else {
            if (protocol.getName() != Protocol.Name.TLS) {
                throw new IllegalArgumentException("Unsupported protocol type: " + protocol.getName());
            }
            create.withProtocol(NetconfClientConfiguration.NetconfClientProtocol.TLS).withSslHandlerFactory(this.sslHandlerFactoryProvider.getSslHandlerFactory(protocol.getSpecification()));
        }
        OdlHelloMessageCapabilities odlHelloMessageCapabilities = netconfNode.getOdlHelloMessageCapabilities();
        if (odlHelloMessageCapabilities != null) {
            create.withOdlHelloCapabilities(List.copyOf(odlHelloMessageCapabilities.requireCapability()));
        }
        return create.withName(nodeId.getValue()).withAddress(NetconfNodeUtils.toInetSocketAddress(netconfNode)).withConnectionTimeoutMillis(netconfNode.requireConnectionTimeoutMillis().toJava());
    }

    private AuthenticationHandler getHandlerFromCredentials(Credentials credentials) {
        if (credentials instanceof LoginPassword) {
            LoginPassword loginPassword = (LoginPassword) credentials;
            return new LoginPasswordHandler(loginPassword.getUsername(), loginPassword.getPassword());
        }
        if (credentials instanceof LoginPwUnencrypted) {
            LoginPasswordUnencrypted loginPasswordUnencrypted = ((LoginPwUnencrypted) credentials).getLoginPasswordUnencrypted();
            return new LoginPasswordHandler(loginPasswordUnencrypted.getUsername(), loginPasswordUnencrypted.getPassword());
        }
        if (credentials instanceof LoginPw) {
            org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.device.rev231024.credentials.credentials.login.pw.LoginPassword loginPassword2 = ((LoginPw) credentials).getLoginPassword();
            return new LoginPasswordHandler(loginPassword2.getUsername(), this.encryptionService.decrypt(loginPassword2.getPassword()));
        }
        if (!(credentials instanceof KeyAuth)) {
            throw new IllegalArgumentException("Unsupported credential type: " + credentials.getClass());
        }
        KeyBased keyBased = ((KeyAuth) credentials).getKeyBased();
        return new DatastoreBackedPublicKeyAuth(keyBased.getUsername(), keyBased.getKeyId(), this.credentialProvider, this.encryptionService);
    }
}
