package org.opendaylight.aaa.cert.impl;

import java.io.File;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.apache.commons.lang3.RandomStringUtils;
import org.opendaylight.aaa.cert.api.IAaaCertProvider;
import org.opendaylight.aaa.cert.api.ICertificateManager;
import org.opendaylight.aaa.encrypt.AAAEncryptionService;
import org.opendaylight.mdsal.binding.api.DataBroker;
import org.opendaylight.mdsal.binding.api.RpcProviderService;
import org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.rev151126.AaaCertServiceConfig;
import org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.rev151126.AaaCertServiceConfigBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.rev151126.aaa.cert.service.config.CtlKeystore;
import org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.rev151126.aaa.cert.service.config.CtlKeystoreBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.rev151126.aaa.cert.service.config.TrustKeystoreBuilder;
import org.opendaylight.yang.gen.v1.urn.opendaylight.yang.aaa.cert.rpc.rev151215.AaaCertRpcService;
import org.opendaylight.yangtools.concepts.Registration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/opendaylight/aaa/cert/impl/CertificateManagerService.class */
public class CertificateManagerService implements ICertificateManager, AutoCloseable {
    private static final Logger LOG = LoggerFactory.getLogger(CertificateManagerService.class);
    private static final String DEFAULT_CONFIG_FILE_PATH = "etc" + File.separator + "opendaylight" + File.separator + "datastore" + File.separator + "initial" + File.separator + "config" + File.separator + "aaa-cert-config.xml";
    private static final int PWD_LENGTH = 12;
    private final IAaaCertProvider aaaCertProvider;
    private final Registration reg;

    public CertificateManagerService(RpcProviderService rpcProviderService, DataBroker dataBroker, AAAEncryptionService aAAEncryptionService, AaaCertServiceConfig aaaCertServiceConfig) {
        if (aaaCertServiceConfig == null) {
            throw new IllegalArgumentException("Certificate Manager service configuration is null");
        }
        if (!aaaCertServiceConfig.getUseConfig().booleanValue()) {
            this.aaaCertProvider = null;
            this.reg = null;
            LOG.info("Certificate Manager service has not been initialized, change the initial aaa-cert-config data and restart Opendaylight");
            return;
        }
        if (aaaCertServiceConfig.getCtlKeystore() != null && aaaCertServiceConfig.getCtlKeystore().getStorePassword() != null && aaaCertServiceConfig.getCtlKeystore().getStorePassword().isEmpty()) {
            LOG.debug("Set keystores password");
            String random = RandomStringUtils.random(PWD_LENGTH, true, true);
            String random2 = RandomStringUtils.random(PWD_LENGTH, true, true);
            updateCertManagerSrvConfig(random, random2);
            CtlKeystore build = new CtlKeystoreBuilder(aaaCertServiceConfig.getCtlKeystore()).setStorePassword(random).build();
            aaaCertServiceConfig = new AaaCertServiceConfigBuilder(aaaCertServiceConfig).setCtlKeystore(build).setTrustKeystore(new TrustKeystoreBuilder(aaaCertServiceConfig.getTrustKeystore()).setStorePassword(random2).build()).build();
        }
        if (aaaCertServiceConfig.getUseMdsal().booleanValue()) {
            this.aaaCertProvider = new DefaultMdsalSslData(new AaaCertMdsalProvider(dataBroker, aAAEncryptionService), aaaCertServiceConfig.getBundleName(), aaaCertServiceConfig.getCtlKeystore(), aaaCertServiceConfig.getTrustKeystore());
            LOG.debug("Using default mdsal SslData as aaaCertProvider");
        } else {
            this.aaaCertProvider = new AaaCertProvider(aaaCertServiceConfig.getCtlKeystore(), aaaCertServiceConfig.getTrustKeystore());
            LOG.debug("Using default keystore files as aaaCertProvider");
        }
        this.aaaCertProvider.createKeyStores();
        LOG.info("Certificate Manager service has been initialized");
        this.reg = rpcProviderService.registerRpcImplementation(AaaCertRpcService.class, new AaaCertRpcServiceImpl(this.aaaCertProvider));
        LOG.info("AaaCert Rpc Service has been initialized");
    }

    @Override // java.lang.AutoCloseable
    public void close() {
        if (this.reg != null) {
            this.reg.close();
        }
    }

    @Override // org.opendaylight.aaa.cert.api.ICertificateManager
    public KeyStore getODLKeyStore() {
        return this.aaaCertProvider.getODLKeyStore();
    }

    @Override // org.opendaylight.aaa.cert.api.ICertificateManager
    public KeyStore getTrustKeyStore() {
        return this.aaaCertProvider.getTrustKeyStore();
    }

    @Override // org.opendaylight.aaa.cert.api.ICertificateManager
    public String[] getCipherSuites() {
        return this.aaaCertProvider.getCipherSuites();
    }

    @Override // org.opendaylight.aaa.cert.api.ICertificateManager
    public String getCertificateTrustStore(String str, String str2, boolean z) {
        return this.aaaCertProvider.getCertificateTrustStore(str, str2, z);
    }

    @Override // org.opendaylight.aaa.cert.api.ICertificateManager
    public String getODLKeyStoreCertificate(String str, boolean z) {
        return this.aaaCertProvider.getODLKeyStoreCertificate(str, z);
    }

    @Override // org.opendaylight.aaa.cert.api.ICertificateManager
    public String genODLKeyStoreCertificateReq(String str, boolean z) {
        return this.aaaCertProvider.genODLKeyStoreCertificateReq(str, z);
    }

    @Override // org.opendaylight.aaa.cert.api.ICertificateManager
    public SSLContext getServerContext() {
        SSLContext sSLContext = null;
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(this.aaaCertProvider.getODLKeyStore(), this.aaaCertProvider.getOdlKeyStoreInfo().getStorePassword().toCharArray());
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(this.aaaCertProvider.getTrustKeyStore());
            sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
        } catch (KeyManagementException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
            LOG.error("Error while creating SSLContext ", e);
        }
        return sSLContext;
    }

    @Override // org.opendaylight.aaa.cert.api.ICertificateManager
    public String[] getTlsProtocols() {
        return this.aaaCertProvider.getTlsProtocols();
    }

    @Override // org.opendaylight.aaa.cert.api.ICertificateManager
    public boolean importSslDataKeystores(String str, String str2, String str3, String str4, String str5, String[] strArr, String str6) {
        DefaultMdsalSslData defaultMdsalSslData = (DefaultMdsalSslData) this.aaaCertProvider;
        if (defaultMdsalSslData != null) {
            return defaultMdsalSslData.importSslDataKeystores(str, str2, str3, str4, str5, strArr, str6);
        }
        LOG.debug("aaaCertProvider is not MD-Sal Certificate Provider");
        return false;
    }

    @Override // org.opendaylight.aaa.cert.api.ICertificateManager
    public void exportSslDataKeystores() {
        DefaultMdsalSslData defaultMdsalSslData = (DefaultMdsalSslData) this.aaaCertProvider;
        if (defaultMdsalSslData == null) {
            LOG.debug("aaaCertProvider is not MD-Sal Certificate Provider");
        } else {
            defaultMdsalSslData.exportSslDataKeystores();
        }
    }

    private static void updateCertManagerSrvConfig(String str, String str2) {
        try {
            LOG.debug("Update Certificate manager service config file");
            File file = new File(DEFAULT_CONFIG_FILE_PATH);
            if (file.exists()) {
                Document parse = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(file);
                NodeList elementsByTagName = parse.getElementsByTagName("store-password");
                for (int i = 0; i < elementsByTagName.getLength(); i++) {
                    Node item = elementsByTagName.item(i);
                    if (item.getParentNode() != null && item.getParentNode().getNodeName().equals("ctlKeystore")) {
                        item.setTextContent(str);
                    } else if (item.getParentNode() != null && item.getParentNode().getNodeName().equals("trustKeystore")) {
                        item.setTextContent(str2);
                    }
                }
                TransformerFactory.newInstance().newTransformer().transform(new DOMSource(parse), new StreamResult(new File(DEFAULT_CONFIG_FILE_PATH)));
            } else {
                LOG.warn("The Certificate manager service config file does not exist {}", DEFAULT_CONFIG_FILE_PATH);
            }
        } catch (IOException | ParserConfigurationException | TransformerException | SAXException e) {
            LOG.error("Error while updating Certificate manager service config file", e);
        }
    }
}
