package org.opendaylight.netconf.topology.spi;

import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.util.List;
import java.util.Objects;
import javax.inject.Inject;
import javax.inject.Singleton;
import org.opendaylight.aaa.encrypt.AAAEncryptionService;
import org.opendaylight.netconf.client.conf.NetconfClientConfiguration;
import org.opendaylight.netconf.client.conf.NetconfClientConfigurationBuilder;
import org.opendaylight.netconf.client.mdsal.api.CredentialProvider;
import org.opendaylight.netconf.client.mdsal.api.SslContextFactoryProvider;
import org.opendaylight.netconf.shaded.sshd.client.ClientFactoryManager;
import org.opendaylight.netconf.shaded.sshd.client.auth.pubkey.UserAuthPublicKeyFactory;
import org.opendaylight.netconf.shaded.sshd.common.keyprovider.KeyIdentityProvider;
import org.opendaylight.netconf.transport.api.UnsupportedConfigurationException;
import org.opendaylight.netconf.transport.ssh.ClientFactoryManagerConfigurator;
import org.opendaylight.netconf.transport.tls.FixedSslHandlerFactory;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.crypto.types.rev240208.password.grouping.password.type.CleartextPasswordBuilder;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev240208.netconf.client.initiate.stack.grouping.transport.ssh.ssh.SshClientParametersBuilder;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.netconf.client.rev240208.netconf.client.initiate.stack.grouping.transport.ssh.ssh.TcpClientParametersBuilder;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev240208.ssh.client.grouping.ClientIdentity;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev240208.ssh.client.grouping.ClientIdentityBuilder;
import org.opendaylight.yang.gen.v1.urn.ietf.params.xml.ns.yang.ietf.ssh.client.rev240208.ssh.client.grouping.client.identity.PasswordBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.device.rev240120.connection.parameters.OdlHelloMessageCapabilities;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.device.rev240120.connection.parameters.Protocol;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.device.rev240120.credentials.Credentials;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.device.rev240120.credentials.credentials.KeyAuth;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.device.rev240120.credentials.credentials.LoginPw;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.device.rev240120.credentials.credentials.LoginPwUnencrypted;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.device.rev240120.credentials.credentials.key.auth.KeyBased;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.device.rev240120.credentials.credentials.login.pw.LoginPassword;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.device.rev240120.credentials.credentials.login.pw.unencrypted.LoginPasswordUnencrypted;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev231121.NetconfNode;
import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.NodeId;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;

@Singleton
@Component
/* loaded from: input_file:org/opendaylight/netconf/topology/spi/NetconfClientConfigurationBuilderFactoryImpl.class */
public final class NetconfClientConfigurationBuilderFactoryImpl implements NetconfClientConfigurationBuilderFactory {
    private final SslContextFactoryProvider sslContextFactoryProvider;
    private final AAAEncryptionService encryptionService;
    private final CredentialProvider credentialProvider;

    @Inject
    @Activate
    public NetconfClientConfigurationBuilderFactoryImpl(@Reference AAAEncryptionService aAAEncryptionService, @Reference CredentialProvider credentialProvider, @Reference SslContextFactoryProvider sslContextFactoryProvider) {
        this.encryptionService = (AAAEncryptionService) Objects.requireNonNull(aAAEncryptionService);
        this.credentialProvider = (CredentialProvider) Objects.requireNonNull(credentialProvider);
        this.sslContextFactoryProvider = (SslContextFactoryProvider) Objects.requireNonNull(sslContextFactoryProvider);
    }

    @Override // org.opendaylight.netconf.topology.spi.NetconfClientConfigurationBuilderFactory
    public NetconfClientConfigurationBuilder createClientConfigurationBuilder(NodeId nodeId, NetconfNode netconfNode) {
        NetconfClientConfigurationBuilder create = NetconfClientConfigurationBuilder.create();
        Protocol protocol = netconfNode.getProtocol();
        if (netconfNode.requireTcpOnly().booleanValue()) {
            create.withProtocol(NetconfClientConfiguration.NetconfClientProtocol.TCP);
        } else if (protocol == null || protocol.getName() == Protocol.Name.SSH) {
            create.withProtocol(NetconfClientConfiguration.NetconfClientProtocol.SSH);
            setSshParametersFromCredentials(create, netconfNode.getCredentials());
        } else {
            if (protocol.getName() != Protocol.Name.TLS) {
                throw new IllegalArgumentException("Unsupported protocol type: " + protocol.getName());
            }
            create.withProtocol(NetconfClientConfiguration.NetconfClientProtocol.TLS).withSslHandlerFactory(new FixedSslHandlerFactory(this.sslContextFactoryProvider.getSslContextFactory(protocol.getSpecification()).createSslContext()));
        }
        OdlHelloMessageCapabilities odlHelloMessageCapabilities = netconfNode.getOdlHelloMessageCapabilities();
        if (odlHelloMessageCapabilities != null) {
            create.withOdlHelloCapabilities(List.copyOf(odlHelloMessageCapabilities.requireCapability()));
        }
        return create.withName(nodeId.getValue()).withTcpParameters(new TcpClientParametersBuilder().setRemoteAddress(netconfNode.requireHost()).setRemotePort(netconfNode.requirePort()).build()).withConnectionTimeoutMillis(netconfNode.requireConnectionTimeoutMillis().toJava());
    }

    private void setSshParametersFromCredentials(NetconfClientConfigurationBuilder netconfClientConfigurationBuilder, Credentials credentials) {
        SshClientParametersBuilder sshClientParametersBuilder = new SshClientParametersBuilder();
        if (credentials instanceof LoginPwUnencrypted) {
            LoginPasswordUnencrypted loginPasswordUnencrypted = ((LoginPwUnencrypted) credentials).getLoginPasswordUnencrypted();
            sshClientParametersBuilder.setClientIdentity(loginPasswordIdentity(loginPasswordUnencrypted.getUsername(), loginPasswordUnencrypted.getPassword()));
        } else if (credentials instanceof LoginPw) {
            LoginPassword loginPassword = ((LoginPw) credentials).getLoginPassword();
            try {
                sshClientParametersBuilder.setClientIdentity(loginPasswordIdentity(loginPassword.getUsername(), new String(this.encryptionService.decrypt(loginPassword.getPassword()), StandardCharsets.UTF_8)));
            } catch (GeneralSecurityException e) {
                throw new IllegalStateException("Failed to decrypt password", e);
            }
        } else {
            if (!(credentials instanceof KeyAuth)) {
                throw new IllegalArgumentException("Unsupported credential type: " + credentials.getClass());
            }
            final KeyBased keyBased = ((KeyAuth) credentials).getKeyBased();
            sshClientParametersBuilder.setClientIdentity(new ClientIdentityBuilder().setUsername(keyBased.getUsername()).build());
            netconfClientConfigurationBuilder.withSshConfigurator(new ClientFactoryManagerConfigurator() { // from class: org.opendaylight.netconf.topology.spi.NetconfClientConfigurationBuilderFactoryImpl.1
                protected void configureClientFactoryManager(ClientFactoryManager clientFactoryManager) throws UnsupportedConfigurationException {
                    String keyId = keyBased.getKeyId();
                    KeyPair credentialForId = NetconfClientConfigurationBuilderFactoryImpl.this.credentialProvider.credentialForId(keyId);
                    if (credentialForId == null) {
                        throw new UnsupportedConfigurationException("No keypair found with keyId=" + keyId);
                    }
                    clientFactoryManager.setKeyIdentityProvider(KeyIdentityProvider.wrapKeyPairs(new KeyPair[]{credentialForId}));
                    UserAuthPublicKeyFactory userAuthPublicKeyFactory = new UserAuthPublicKeyFactory();
                    userAuthPublicKeyFactory.setSignatureFactories(clientFactoryManager.getSignatureFactories());
                    clientFactoryManager.setUserAuthFactories(List.of(userAuthPublicKeyFactory));
                }
            });
        }
        netconfClientConfigurationBuilder.withSshParameters(sshClientParametersBuilder.build());
    }

    private static ClientIdentity loginPasswordIdentity(String str, String str2) {
        return new ClientIdentityBuilder().setUsername((String) Objects.requireNonNull(str, "username is undefined")).setPassword(new PasswordBuilder().setPasswordType(new CleartextPasswordBuilder().setCleartextPassword((String) Objects.requireNonNull(str2, "password is undefined")).build()).build()).build();
    }
}
