/*
 * Copyright (c) 2016 Brocade Communication Systems and others.  All rights reserved.
 *
 * This program and the accompanying materials are made available under the
 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
 * and is available at http://www.eclipse.org/legal/epl-v10.html
 */
package org.opendaylight.netconf.sal.connect.util;

import com.google.common.util.concurrent.CheckedFuture;
import com.google.common.util.concurrent.FutureCallback;
import com.google.common.util.concurrent.Futures;
import org.opendaylight.aaa.encrypt.AAAEncryptionService;
import org.opendaylight.controller.md.sal.binding.api.DataBroker;
import org.opendaylight.controller.md.sal.binding.api.WriteTransaction;
import org.opendaylight.controller.md.sal.common.api.data.LogicalDatastoreType;
import org.opendaylight.controller.md.sal.common.api.data.TransactionCommitFailedException;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.NetconfNode;
import org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.NetconfNodeBuilder;
import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.NetworkTopology;
import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.NodeId;
import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.TopologyId;
import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.network.topology.Topology;
import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.network.topology.TopologyKey;
import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.network.topology.topology.Node;
import org.opendaylight.yang.gen.v1.urn.tbd.params.xml.ns.yang.network.topology.rev131021.network.topology.topology.NodeKey;
import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/**
 *  Utility to encrypt netconf username and password.
 */
public class AuthEncryptor {
    private static final Logger LOG = LoggerFactory.getLogger(AuthEncryptor.class);

    public static void encryptIfNeeded(final NodeId nodeId, final NetconfNode netconfNode,
                                 AAAEncryptionService encryptionService,
                                 final String topologyId, final DataBroker dataBroker) {
        final org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node
                .credentials.credentials.LoginPassword creds =
                (org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node
                        .credentials.credentials.LoginPassword) netconfNode.getCredentials();
        final String decryptedPassword = encryptionService.decrypt(creds.getPassword());
        if (decryptedPassword != null && decryptedPassword.equals(creds.getPassword())) {
            LOG.info("Encrypting the provided credentials");
            final String username = encryptionService.encrypt(creds.getUsername());
            final String password = encryptionService.encrypt(creds.getPassword());
            final org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114.netconf.node
                    .credentials.credentials.LoginPasswordBuilder passwordBuilder =
                    new org.opendaylight.yang.gen.v1.urn.opendaylight.netconf.node.topology.rev150114
                            .netconf.node.credentials.credentials.LoginPasswordBuilder();
            passwordBuilder.setUsername(username);
            passwordBuilder.setPassword(password);
            final NetconfNodeBuilder nnb = new NetconfNodeBuilder();
            nnb.setCredentials(passwordBuilder.build());

            final WriteTransaction writeTransaction = dataBroker.newWriteOnlyTransaction();
            final InstanceIdentifier<NetworkTopology> networkTopologyId =
                    InstanceIdentifier.builder(NetworkTopology.class).build();
            final InstanceIdentifier<NetconfNode> niid = networkTopologyId.child(Topology.class,
                    new TopologyKey(new TopologyId(topologyId))).child(Node.class,
                    new NodeKey(nodeId)).augmentation(NetconfNode.class);
            writeTransaction.merge(LogicalDatastoreType.CONFIGURATION, niid, nnb.build());
            final CheckedFuture<Void, TransactionCommitFailedException> future = writeTransaction.submit();
            Futures.addCallback(future, new FutureCallback<Void>() {

                @Override
                public void onSuccess(Void result) {
                    LOG.info("Encrypted netconf username/password successfully");
                }

                @Override
                public void onFailure(Throwable exception) {
                    LOG.error("Unable to encrypt netconf username/password." + exception.getMessage());
                }
            });
        }
    }
}