package org.opendaylight.aaa.encrypt.impl;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.util.concurrent.FutureCallback;
import com.google.common.util.concurrent.Futures;
import com.google.common.util.concurrent.MoreExecutors;
import java.security.SecureRandom;
import java.util.Base64;
import java.util.Objects;
import java.util.Optional;
import java.util.concurrent.ExecutionException;
import org.apache.commons.lang3.RandomStringUtils;
import org.checkerframework.checker.lock.qual.Holding;
import org.opendaylight.mdsal.binding.api.DataBroker;
import org.opendaylight.mdsal.binding.api.DataListener;
import org.opendaylight.mdsal.binding.api.ReadWriteTransaction;
import org.opendaylight.mdsal.common.api.CommitInfo;
import org.opendaylight.mdsal.common.api.LogicalDatastoreType;
import org.opendaylight.odlparent.logging.markers.Markers;
import org.opendaylight.yang.gen.v1.config.aaa.authn.encrypt.service.config.rev240202.AaaEncryptServiceConfig;
import org.opendaylight.yang.gen.v1.config.aaa.authn.encrypt.service.config.rev240202.AaaEncryptServiceConfigBuilder;
import org.opendaylight.yangtools.binding.DataObjectIdentifier;
import org.opendaylight.yangtools.concepts.Registration;
import org.osgi.framework.FrameworkUtil;
import org.osgi.service.component.ComponentException;
import org.osgi.service.component.ComponentFactory;
import org.osgi.service.component.ComponentInstance;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Reference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component(service = {})
/* loaded from: input_file:org/opendaylight/aaa/encrypt/impl/OSGiEncryptionServiceConfigurator.class */
public final class OSGiEncryptionServiceConfigurator implements DataListener<AaaEncryptServiceConfig> {
    private static final Logger LOG = LoggerFactory.getLogger(OSGiEncryptionServiceConfigurator.class);
    private static final SecureRandom RANDOM = new SecureRandom();
    private static final AaaEncryptServiceConfig DEFAULT_CONFIG = new AaaEncryptServiceConfigBuilder().setEncryptMethod("PBKDF2WithHmacSHA1").setEncryptType("AES").setEncryptIterationCount(32768).setEncryptKeyLength(128).setCipherTransforms("AES/GCM/NoPadding").setPasswordLength(12).setAuthTagLength(128).build();
    private final ComponentFactory<AAAEncryptionServiceImpl> factory;
    private final DataBroker dataBroker;
    private Registration reg;
    private ComponentInstance<AAAEncryptionServiceImpl> instance;
    private AaaEncryptServiceConfig current;

    @Activate
    public OSGiEncryptionServiceConfigurator(@Reference DataBroker dataBroker, @Reference(target = "(component.factory=org.opendaylight.aaa.encrypt.impl.AAAEncryptionServiceImpl)") ComponentFactory<AAAEncryptionServiceImpl> componentFactory) {
        this.dataBroker = (DataBroker) Objects.requireNonNull(dataBroker);
        this.factory = (ComponentFactory) Objects.requireNonNull(componentFactory);
        this.reg = dataBroker.registerDataListener(LogicalDatastoreType.CONFIGURATION, DataObjectIdentifier.builder(AaaEncryptServiceConfig.class).build(), this);
        LOG.debug("AAA Encryption Service configurator started");
    }

    @Deactivate
    public synchronized void deactivate() {
        this.reg.close();
        this.reg = null;
        disableInstance();
        LOG.debug("AAA Encryption Service configurator stopped");
    }

    public void dataChangedTo(AaaEncryptServiceConfig aaaEncryptServiceConfig) {
        if (aaaEncryptServiceConfig == null || needKey(aaaEncryptServiceConfig) || needSalt(aaaEncryptServiceConfig)) {
            updateDatastore(aaaEncryptServiceConfig);
        } else {
            updateInstance(aaaEncryptServiceConfig);
        }
    }

    @VisibleForTesting
    static AaaEncryptServiceConfig generateConfig(AaaEncryptServiceConfig aaaEncryptServiceConfig) {
        AaaEncryptServiceConfig aaaEncryptServiceConfig2 = aaaEncryptServiceConfig != null ? aaaEncryptServiceConfig : DEFAULT_CONFIG;
        AaaEncryptServiceConfigBuilder aaaEncryptServiceConfigBuilder = new AaaEncryptServiceConfigBuilder(aaaEncryptServiceConfig2);
        if (needKey(aaaEncryptServiceConfig2)) {
            LOG.debug("Set the Encryption Service salt");
            aaaEncryptServiceConfigBuilder.setEncryptKey(RandomStringUtils.random(aaaEncryptServiceConfig2.requirePasswordLength().intValue(), true, true));
        }
        if (needSalt(aaaEncryptServiceConfig2)) {
            LOG.debug("Set the Encryption Service salt");
            byte[] bArr = new byte[16];
            RANDOM.nextBytes(bArr);
            aaaEncryptServiceConfigBuilder.setEncryptSalt(Base64.getEncoder().encodeToString(bArr));
        }
        return aaaEncryptServiceConfigBuilder.build();
    }

    private void updateDatastore(AaaEncryptServiceConfig aaaEncryptServiceConfig) {
        AaaEncryptServiceConfig generateConfig = generateConfig(aaaEncryptServiceConfig);
        DataObjectIdentifier build = DataObjectIdentifier.builder(AaaEncryptServiceConfig.class).build();
        ReadWriteTransaction newReadWriteTransaction = this.dataBroker.newReadWriteTransaction();
        try {
            AaaEncryptServiceConfig aaaEncryptServiceConfig2 = (AaaEncryptServiceConfig) ((Optional) newReadWriteTransaction.read(LogicalDatastoreType.CONFIGURATION, build).get()).orElse(null);
            if (!Objects.equals(aaaEncryptServiceConfig2, aaaEncryptServiceConfig)) {
                newReadWriteTransaction.cancel();
                LOG.debug(Markers.confidential(), "Skipping update on datastore mismatch: expected {} actual {}", aaaEncryptServiceConfig, aaaEncryptServiceConfig2);
            } else {
                LOG.debug(Markers.confidential(), "Updating configuration to {}", generateConfig);
                newReadWriteTransaction.put(LogicalDatastoreType.CONFIGURATION, build, generateConfig);
                Futures.addCallback(newReadWriteTransaction.commit(), new FutureCallback<CommitInfo>(this) { // from class: org.opendaylight.aaa.encrypt.impl.OSGiEncryptionServiceConfigurator.1
                    public void onFailure(Throwable th) {
                        OSGiEncryptionServiceConfigurator.LOG.warn("Configuration update failed, attempting to continue", th);
                    }

                    public void onSuccess(CommitInfo commitInfo) {
                        OSGiEncryptionServiceConfigurator.LOG.info("Configuration update succeeded");
                    }
                }, MoreExecutors.directExecutor());
            }
        } catch (InterruptedException | ExecutionException e) {
            newReadWriteTransaction.cancel();
            LOG.error("Failed to read configuration, disabling service", e);
            synchronized (this) {
                disableInstance();
            }
        }
    }

    @Holding({"this"})
    private void disableInstance() {
        if (this.instance != null) {
            this.instance.dispose();
            this.instance = null;
            this.current = null;
            LOG.info("Encryption Service disabled");
        }
    }

    private synchronized void updateInstance(AaaEncryptServiceConfig aaaEncryptServiceConfig) {
        if (this.reg == null) {
            LOG.debug("Skipping instance update due to shutdown");
            return;
        }
        if (aaaEncryptServiceConfig.equals(this.current)) {
            LOG.debug("Skipping instance update due to equal configuration");
            return;
        }
        disableInstance();
        try {
            this.instance = this.factory.newInstance(FrameworkUtil.asDictionary(AAAEncryptionServiceImpl.props(new EncryptServiceConfigImpl(aaaEncryptServiceConfig))));
            this.current = aaaEncryptServiceConfig;
            LOG.info("Encryption Service enabled");
        } catch (ComponentException e) {
            LOG.error("Failed to start Encryption Service", e);
        }
    }

    private static boolean needKey(AaaEncryptServiceConfig aaaEncryptServiceConfig) {
        String encryptKey = aaaEncryptServiceConfig.getEncryptKey();
        return encryptKey == null || encryptKey.length() != aaaEncryptServiceConfig.requirePasswordLength().intValue();
    }

    private static boolean needSalt(AaaEncryptServiceConfig aaaEncryptServiceConfig) {
        String encryptSalt = aaaEncryptServiceConfig.getEncryptSalt();
        return encryptSalt == null || encryptSalt.isEmpty();
    }
}
