package org.onosproject.openflow.controller.impl;

import com.google.common.base.MoreObjects;
import com.google.common.base.Strings;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Sets;
import io.netty.bootstrap.ServerBootstrap;
import io.netty.channel.Channel;
import io.netty.channel.ChannelOption;
import io.netty.channel.EventLoopGroup;
import io.netty.channel.epoll.EpollEventLoopGroup;
import io.netty.channel.epoll.EpollServerSocketChannel;
import io.netty.channel.group.ChannelGroup;
import io.netty.channel.group.DefaultChannelGroup;
import io.netty.channel.nio.NioEventLoopGroup;
import io.netty.channel.socket.nio.NioServerSocketChannel;
import io.netty.util.concurrent.GlobalEventExecutor;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.lang.management.ManagementFactory;
import java.net.InetSocketAddress;
import java.net.SocketAddress;
import java.security.DigestInputStream;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Dictionary;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import org.onlab.util.ItemNotFoundException;
import org.onlab.util.Tools;
import org.onosproject.net.DeviceId;
import org.onosproject.net.config.NetworkConfigRegistry;
import org.onosproject.net.driver.DefaultDriverData;
import org.onosproject.net.driver.DefaultDriverHandler;
import org.onosproject.net.driver.Driver;
import org.onosproject.net.driver.DriverService;
import org.onosproject.openflow.config.OpenFlowDeviceConfig;
import org.onosproject.openflow.controller.Dpid;
import org.onosproject.openflow.controller.driver.OpenFlowAgent;
import org.onosproject.openflow.controller.driver.OpenFlowSwitchDriver;
import org.projectfloodlight.openflow.protocol.OFDescStatsReply;
import org.projectfloodlight.openflow.protocol.OFVersion;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/onosproject/openflow/controller/impl/Controller.class */
public class Controller {
    private static final short MIN_KS_LENGTH = 6;
    protected HashMap<String, String> controllerNodeIPsCache;
    private ChannelGroup cg;
    protected List<Integer> openFlowPorts = ImmutableList.of(6633, 6653);
    protected int workerThreads = 0;
    protected long systemStartTime;
    private OpenFlowAgent agent;
    private EventLoopGroup bossGroup;
    private EventLoopGroup workerGroup;
    protected TlsParams tlsParams;
    protected SSLContext sslContext;
    protected KeyStore keyStore;
    protected static final int SEND_BUFFER_SIZE = 4194304;
    private DriverService driverService;
    private NetworkConfigRegistry netCfgService;
    private static final Logger log = LoggerFactory.getLogger(Controller.class);
    private static final EnumSet<TlsMode> TLS_ENABLED = EnumSet.of(TlsMode.ENABLED, TlsMode.STRICT);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/onosproject/openflow/controller/impl/Controller$TlsMode.class */
    public enum TlsMode {
        DISABLED,
        ENABLED,
        STRICT
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/onosproject/openflow/controller/impl/Controller$TlsParams.class */
    public static class TlsParams {
        final TlsMode mode;
        final String ksLocation;
        final String tsLocation;
        final String ksPwd;
        final String tsPwd;
        final byte[] ksSignature;
        final byte[] tsSignature;

        TlsParams(TlsMode tlsMode, String str, String str2, String str3, String str4) {
            this.mode = tlsMode;
            this.ksLocation = str;
            this.tsLocation = str2;
            this.ksPwd = str3;
            this.tsPwd = str4;
            this.ksSignature = getSha1Checksum(str);
            this.tsSignature = getSha1Checksum(str2);
        }

        public char[] ksPwd() {
            return this.ksPwd.toCharArray();
        }

        public char[] tsPwd() {
            return this.tsPwd.toCharArray();
        }

        public boolean isTlsEnabled() {
            return Controller.TLS_ENABLED.contains(this.mode);
        }

        public byte[] getSha1Checksum(String str) {
            if (str == null) {
                return new byte[0];
            }
            try {
                DigestInputStream digestInputStream = new DigestInputStream(new FileInputStream(new File(str)), MessageDigest.getInstance("SHA1"));
                do {
                } while (digestInputStream.read(new byte[1024]) > 0);
                digestInputStream.getMessageDigest().digest();
            } catch (IOException e) {
                Controller.log.info("Error reading file file: {}", str);
            } catch (NoSuchAlgorithmException e2) {
            }
            return new byte[0];
        }

        public int hashCode() {
            return this.mode == TlsMode.DISABLED ? Objects.hash(this.mode) : Objects.hash(this.mode, this.ksLocation, this.tsLocation, this.ksPwd, this.tsPwd, Integer.valueOf(Arrays.hashCode(this.ksSignature)), Integer.valueOf(Arrays.hashCode(this.tsSignature)));
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (!(obj instanceof TlsParams)) {
                return false;
            }
            TlsParams tlsParams = (TlsParams) obj;
            if (getClass() != tlsParams.getClass()) {
                return false;
            }
            if (this.mode == tlsParams.mode && this.mode == TlsMode.DISABLED) {
                return true;
            }
            return this.mode == tlsParams.mode && Objects.equals(this.ksLocation, tlsParams.ksLocation) && Objects.equals(this.tsLocation, tlsParams.tsLocation) && Objects.equals(this.ksPwd, tlsParams.ksPwd) && Objects.equals(this.tsPwd, tlsParams.tsPwd) && Arrays.equals(this.ksSignature, tlsParams.ksSignature) && Arrays.equals(this.tsSignature, tlsParams.tsSignature);
        }

        public String toString() {
            return MoreObjects.toStringHelper(this).add("tlsMode", this.mode.toString().toLowerCase()).add("ksLocation", this.ksLocation).add("tsLocation", this.tsLocation).toString();
        }
    }

    private void addListeningPorts(Collection<Integer> collection) {
        if (this.cg == null) {
            return;
        }
        ServerBootstrap createServerBootStrap = createServerBootStrap();
        createServerBootStrap.option(ChannelOption.SO_REUSEADDR, true);
        createServerBootStrap.childOption(ChannelOption.SO_KEEPALIVE, true);
        createServerBootStrap.childOption(ChannelOption.TCP_NODELAY, true);
        createServerBootStrap.childOption(ChannelOption.SO_SNDBUF, Integer.valueOf(SEND_BUFFER_SIZE));
        createServerBootStrap.childHandler(new OFChannelInitializer(this, null, this.sslContext));
        Stream map = this.cg.stream().map((v0) -> {
            return v0.localAddress();
        });
        Class<InetSocketAddress> cls = InetSocketAddress.class;
        Objects.requireNonNull(InetSocketAddress.class);
        Stream filter = map.filter((v1) -> {
            return r1.isInstance(v1);
        });
        Class<InetSocketAddress> cls2 = InetSocketAddress.class;
        Objects.requireNonNull(InetSocketAddress.class);
        collection.removeAll((Set) filter.map((v1) -> {
            return r1.cast(v1);
        }).map((v0) -> {
            return v0.getPort();
        }).collect(Collectors.toSet()));
        collection.forEach(num -> {
            this.cg.add(createServerBootStrap.bind(num.intValue()).syncUninterruptibly().channel());
            log.info("Listening for OF switch connections on {}", num);
        });
    }

    private void removeListeningPorts(Collection<Integer> collection) {
        if (this.cg == null) {
            return;
        }
        Iterator it = this.cg.iterator();
        while (it.hasNext()) {
            Channel channel = (Channel) it.next();
            SocketAddress localAddress = channel.localAddress();
            if (localAddress instanceof InetSocketAddress) {
                Integer valueOf = Integer.valueOf(((InetSocketAddress) localAddress).getPort());
                if (collection.contains(valueOf)) {
                    log.info("No longer listening for OF switch connections on {}", valueOf);
                    channel.close();
                    it.remove();
                }
            }
        }
    }

    private ServerBootstrap createServerBootStrap() {
        int max = Math.max(1, this.openFlowPorts.size());
        try {
            this.bossGroup = new EpollEventLoopGroup(max, Tools.groupedThreads("onos/of", "boss-%d", log));
            this.workerGroup = new EpollEventLoopGroup(this.workerThreads, Tools.groupedThreads("onos/of", "worker-%d", log));
            ServerBootstrap channel = new ServerBootstrap().group(this.bossGroup, this.workerGroup).channel(EpollServerSocketChannel.class);
            log.info("Using Epoll transport");
            return channel;
        } catch (Throwable th) {
            log.debug("Failed to initialize native (epoll) transport: {}", th.getMessage());
            this.bossGroup = new NioEventLoopGroup(max, Tools.groupedThreads("onos/of", "boss-%d", log));
            this.workerGroup = new NioEventLoopGroup(this.workerThreads, Tools.groupedThreads("onos/of", "worker-%d", log));
            log.info("Using Nio transport");
            return new ServerBootstrap().group(this.bossGroup, this.workerGroup).channel(NioServerSocketChannel.class);
        }
    }

    public void setConfigParams(Dictionary<?, ?> dictionary) {
        if ((setOpenFlowPorts(dictionary) | setWorkerThreads(dictionary)) || setTlsParameters(dictionary)) {
            restart();
        }
    }

    private boolean setWorkerThreads(Dictionary<?, ?> dictionary) {
        List<Integer> list = this.openFlowPorts;
        String str = Tools.get(dictionary, "openflowPorts");
        List<Integer> emptyList = Collections.emptyList();
        if (!Strings.isNullOrEmpty(str)) {
            emptyList = (List) Stream.of((Object[]) str.split(",")).map(str2 -> {
                return Integer.valueOf(Integer.parseInt(str2));
            }).collect(Collectors.toList());
        }
        HashSet newHashSet = Sets.newHashSet(emptyList);
        newHashSet.removeAll(list);
        addListeningPorts(newHashSet);
        HashSet newHashSet2 = Sets.newHashSet(list);
        newHashSet2.removeAll(emptyList);
        removeListeningPorts(newHashSet2);
        this.openFlowPorts = emptyList;
        log.debug("OpenFlow ports set to {}", this.openFlowPorts);
        return false;
    }

    private boolean setOpenFlowPorts(Dictionary<?, ?> dictionary) {
        Integer valueOf = Integer.valueOf(this.workerThreads);
        String str = Tools.get(dictionary, "workerThreads");
        if (!Strings.isNullOrEmpty(str)) {
            this.workerThreads = Integer.parseInt(str);
        }
        log.debug("Number of worker threads set to {}", Integer.valueOf(this.workerThreads));
        return valueOf.intValue() != this.workerThreads;
    }

    private boolean setTlsParameters(Dictionary<?, ?> dictionary) {
        TlsMode tlsMode;
        TlsParams tlsParams = this.tlsParams;
        String str = Tools.get(dictionary, "tlsMode");
        if (Strings.isNullOrEmpty(str)) {
            String property = System.getProperty("enableOFTLS");
            tlsMode = (Strings.isNullOrEmpty(property) || !Boolean.parseBoolean(property)) ? TlsMode.DISABLED : TlsMode.ENABLED;
        } else {
            try {
                tlsMode = TlsMode.valueOf(str.toUpperCase());
            } catch (IllegalArgumentException e) {
                log.info("Invalid TLS mode {}. TLS is disabled.", str);
                tlsMode = TlsMode.DISABLED;
            }
        }
        String str2 = null;
        String str3 = null;
        String str4 = null;
        String str5 = null;
        if (TLS_ENABLED.contains(tlsMode)) {
            str2 = Tools.get(dictionary, "keyStore");
            if (Strings.isNullOrEmpty(str2)) {
                str2 = System.getProperty("javax.net.ssl.keyStore");
            }
            if (Strings.isNullOrEmpty(str2)) {
                tlsMode = TlsMode.DISABLED;
            }
            str3 = Tools.get(dictionary, "trustStore");
            if (Strings.isNullOrEmpty(str3)) {
                str3 = System.getProperty("javax.net.ssl.trustStore");
            }
            if (Strings.isNullOrEmpty(str3)) {
                tlsMode = TlsMode.DISABLED;
            }
            str4 = Tools.get(dictionary, "keyStorePassword");
            if (Strings.isNullOrEmpty(str4)) {
                str4 = System.getProperty("javax.net.ssl.keyStorePassword");
            }
            if (Strings.isNullOrEmpty(str4) || MIN_KS_LENGTH > str4.length()) {
                tlsMode = TlsMode.DISABLED;
            }
            str5 = Tools.get(dictionary, "trustStorePassword");
            if (Strings.isNullOrEmpty(str5)) {
                str5 = System.getProperty("javax.net.ssl.trustStorePassword");
            }
            if (Strings.isNullOrEmpty(str5) || MIN_KS_LENGTH > str5.length()) {
                tlsMode = TlsMode.DISABLED;
            }
        }
        this.tlsParams = new TlsParams(tlsMode, str2, str3, str4, str5);
        log.info("OpenFlow TLS Params: {}", this.tlsParams);
        return !Objects.equals(this.tlsParams, tlsParams);
    }

    public void init() {
        this.controllerNodeIPsCache = new HashMap<>();
        this.systemStartTime = System.currentTimeMillis();
        this.cg = new DefaultChannelGroup(GlobalEventExecutor.INSTANCE);
        if (this.tlsParams.isTlsEnabled()) {
            initSsl();
        }
    }

    private void initSsl() {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(new FileInputStream(this.tlsParams.tsLocation), this.tlsParams.tsPwd());
            trustManagerFactory.init(keyStore);
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            this.keyStore = KeyStore.getInstance("JKS");
            this.keyStore.load(new FileInputStream(this.tlsParams.ksLocation), this.tlsParams.ksPwd());
            keyManagerFactory.init(this.keyStore, this.tlsParams.ksPwd());
            this.sslContext = SSLContext.getInstance("TLS");
            this.sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
        } catch (IOException | KeyManagementException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
            log.error("SSL init failed: {}", e.getMessage());
        }
    }

    public Map<String, Long> getMemory() {
        HashMap hashMap = new HashMap();
        Runtime runtime = Runtime.getRuntime();
        hashMap.put("total", Long.valueOf(runtime.totalMemory()));
        hashMap.put("free", Long.valueOf(runtime.freeMemory()));
        return hashMap;
    }

    public Long getSystemUptime() {
        return Long.valueOf(ManagementFactory.getRuntimeMXBean().getUptime());
    }

    public long getSystemStartTime() {
        return this.systemStartTime;
    }

    public boolean isValidCertificate(Long l, Certificate certificate) {
        if (!this.tlsParams.isTlsEnabled()) {
            return true;
        }
        if (this.netCfgService == null) {
            return this.tlsParams.mode == TlsMode.ENABLED;
        }
        OpenFlowDeviceConfig openFlowDeviceConfig = (OpenFlowDeviceConfig) this.netCfgService.getConfig(DeviceId.deviceId(Dpid.uri(new Dpid(l.longValue()))), OpenFlowDeviceConfig.class);
        if (openFlowDeviceConfig == null) {
            return this.tlsParams.mode == TlsMode.ENABLED;
        }
        Optional<String> keyAlias = openFlowDeviceConfig.keyAlias();
        if (!keyAlias.isPresent()) {
            return this.tlsParams.mode == TlsMode.ENABLED;
        }
        try {
            return Objects.deepEquals(certificate, this.keyStore.getCertificate(keyAlias.get()));
        } catch (KeyStoreException e) {
            log.info("failed to load key", e);
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public OpenFlowSwitchDriver getOFSwitchInstance(long j, OFDescStatsReply oFDescStatsReply, OFVersion oFVersion) {
        Driver driver;
        Dpid dpid = new Dpid(j);
        try {
            driver = this.driverService.getDriver(DeviceId.deviceId(Dpid.uri(dpid)));
        } catch (ItemNotFoundException e) {
            driver = this.driverService.getDriver(oFDescStatsReply.getMfrDesc(), oFDescStatsReply.getHwDesc(), oFDescStatsReply.getSwDesc());
        }
        if (driver == null) {
            log.error("No OpenFlow driver for {} : {}", dpid, oFDescStatsReply);
            return null;
        }
        log.info("Driver '{}' assigned to device {}", driver.name(), dpid);
        if (!driver.hasBehaviour(OpenFlowSwitchDriver.class)) {
            log.error("Driver {} does not support OpenFlowSwitchDriver behaviour", driver.name());
            return null;
        }
        OpenFlowSwitchDriver createBehaviour = driver.createBehaviour(new DefaultDriverHandler(new DefaultDriverData(driver, DeviceId.deviceId(Dpid.uri(dpid)))), OpenFlowSwitchDriver.class);
        createBehaviour.init(dpid, oFDescStatsReply, oFVersion);
        createBehaviour.setAgent(this.agent);
        createBehaviour.setRoleHandler(new RoleManager(createBehaviour));
        return createBehaviour;
    }

    @Deprecated
    public void start(OpenFlowAgent openFlowAgent, DriverService driverService) {
        start(openFlowAgent, driverService, null);
    }

    public void start(OpenFlowAgent openFlowAgent, DriverService driverService, NetworkConfigRegistry networkConfigRegistry) {
        log.info("Starting OpenFlow IO");
        this.agent = openFlowAgent;
        this.driverService = driverService;
        this.netCfgService = networkConfigRegistry;
        init();
        addListeningPorts(this.openFlowPorts);
    }

    public void stop() {
        log.info("Stopping OpenFlow IO");
        if (this.cg != null) {
            this.cg.close();
            this.cg = null;
        }
        this.bossGroup.shutdownGracefully();
        this.workerGroup.shutdownGracefully();
        try {
            this.bossGroup.terminationFuture().sync();
            this.workerGroup.terminationFuture().sync();
        } catch (InterruptedException e) {
            log.warn("Interrupted while stopping", e);
            Thread.currentThread().interrupt();
        }
    }

    private void restart() {
        if (this.cg != null) {
            stop();
            start(this.agent, this.driverService, this.netCfgService);
        }
    }
}
