package org.opendaylight.usc.manager;

import io.netty.channel.Channel;
import io.netty.channel.ChannelOutboundHandler;
import io.netty.handler.ssl.ApplicationProtocolConfig;
import io.netty.handler.ssl.IdentityCipherSuiteFilter;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslHandler;
import io.netty.handler.ssl.SslProvider;
import java.io.File;
import java.security.SecureRandom;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManagerFactory;
import org.opendaylight.usc.crypto.dtls.DtlsClient;
import org.opendaylight.usc.crypto.dtls.DtlsClientHandler;
import org.opendaylight.usc.crypto.dtls.DtlsServer;
import org.opendaylight.usc.crypto.dtls.DtlsServerHandler;
import org.opendaylight.usc.manager.api.UscConfigurationService;
import org.opendaylight.usc.manager.api.UscSecureService;
import org.opendaylight.usc.util.UscServiceUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/opendaylight/usc/manager/UscSecureServiceImpl.class */
public class UscSecureServiceImpl implements UscSecureService {
    private static final Logger LOG = LoggerFactory.getLogger(UscSecureServiceImpl.class);
    private static UscSecureServiceImpl serviceImpl = new UscSecureServiceImpl();
    private final SecureRandom secureRandom = new SecureRandom();
    private final File privateKeyFile;
    private final File publicCertChainFile;
    private final File trustCertChainFile;

    private UscSecureServiceImpl() {
        UscConfigurationService uscConfigurationService = (UscConfigurationService) UscServiceUtils.getService(UscConfigurationService.class);
        if (uscConfigurationService == null) {
            LOG.error("The configuration service is not initialized!Using the default data to initialize");
            File file = new File("etc/usc/certificates");
            this.privateKeyFile = new File(file, "client.key.pem");
            this.publicCertChainFile = new File(file, "client.pem");
            this.trustCertChainFile = new File(file, "rootCA.pem");
            return;
        }
        File file2 = new File(uscConfigurationService.getConfigStringValue(UscConfigurationService.SECURITY_FILES_ROOT));
        this.privateKeyFile = new File(file2, uscConfigurationService.getConfigStringValue(UscConfigurationService.PRIVATE_KEY_FILE));
        if (!this.privateKeyFile.canRead()) {
            LOG.error("Unable to read private key " + this.privateKeyFile.getAbsolutePath());
        }
        this.publicCertChainFile = new File(file2, uscConfigurationService.getConfigStringValue(UscConfigurationService.PUBLIC_CERTIFICATE_CHAIN_FILE));
        if (!this.publicCertChainFile.canRead()) {
            LOG.error("Unable to read public cert " + this.publicCertChainFile.getAbsolutePath());
        }
        this.trustCertChainFile = new File(file2, uscConfigurationService.getConfigStringValue(UscConfigurationService.TRUST_CERTIFICATE_CHAIN_FILE));
        if (this.trustCertChainFile.canRead()) {
            return;
        }
        LOG.error("Unable to read trust cert " + this.trustCertChainFile.getAbsolutePath());
    }

    public static UscSecureService getInstance() {
        return serviceImpl;
    }

    @Override // org.opendaylight.usc.manager.api.UscSecureService
    /* renamed from: getTcpServerHandler, reason: merged with bridge method [inline-methods] */
    public ChannelOutboundHandler mo18getTcpServerHandler(Channel channel) throws SSLException {
        SSLEngine newEngine = SslContext.newServerContext((SslProvider) null, this.trustCertChainFile, (TrustManagerFactory) null, this.publicCertChainFile, this.privateKeyFile, (String) null, (KeyManagerFactory) null, (Iterable) null, IdentityCipherSuiteFilter.INSTANCE, (ApplicationProtocolConfig) null, 0L, 0L).newEngine(channel.alloc());
        newEngine.setNeedClientAuth(true);
        return new SslHandler(newEngine);
    }

    @Override // org.opendaylight.usc.manager.api.UscSecureService
    /* renamed from: getTcpClientHandler, reason: merged with bridge method [inline-methods] */
    public ChannelOutboundHandler mo19getTcpClientHandler(Channel channel) throws SSLException {
        return SslContext.newClientContext((SslProvider) null, this.trustCertChainFile, (TrustManagerFactory) null, this.publicCertChainFile, this.privateKeyFile, (String) null, (KeyManagerFactory) null, (Iterable) null, IdentityCipherSuiteFilter.INSTANCE, (ApplicationProtocolConfig) null, 0L, 0L).newHandler(channel.alloc());
    }

    @Override // org.opendaylight.usc.manager.api.UscSecureService
    /* renamed from: getUdpServerHandler, reason: merged with bridge method [inline-methods] */
    public ChannelOutboundHandler mo16getUdpServerHandler(Channel channel) {
        return new DtlsServerHandler(new DtlsServer(this.trustCertChainFile, this.publicCertChainFile, this.privateKeyFile), this.secureRandom);
    }

    @Override // org.opendaylight.usc.manager.api.UscSecureService
    /* renamed from: getUdpClientHandler, reason: merged with bridge method [inline-methods] */
    public ChannelOutboundHandler mo17getUdpClientHandler(Channel channel) {
        return new DtlsClientHandler(new DtlsClient(null, this.trustCertChainFile, this.publicCertChainFile, this.privateKeyFile), this.secureRandom);
    }
}
