package org.thingsboard.server.service.device;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.google.common.util.concurrent.ListenableFuture;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import java.util.concurrent.ExecutionException;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;
import org.thingsboard.common.util.JacksonUtil;
import org.thingsboard.server.actors.calculatedField.CalculatedFieldEntityMessageProcessor;
import org.thingsboard.server.common.data.AttributeScope;
import org.thingsboard.server.common.data.Device;
import org.thingsboard.server.common.data.DeviceProfile;
import org.thingsboard.server.common.data.DeviceProfileProvisionType;
import org.thingsboard.server.common.data.StringUtils;
import org.thingsboard.server.common.data.audit.ActionType;
import org.thingsboard.server.common.data.device.profile.X509CertificateChainProvisionConfiguration;
import org.thingsboard.server.common.data.id.CustomerId;
import org.thingsboard.server.common.data.id.TenantId;
import org.thingsboard.server.common.data.id.UserId;
import org.thingsboard.server.common.data.kv.AttributeKvEntry;
import org.thingsboard.server.common.data.kv.BaseAttributeKvEntry;
import org.thingsboard.server.common.data.kv.StringDataEntry;
import org.thingsboard.server.common.data.msg.TbMsgType;
import org.thingsboard.server.common.data.security.DeviceCredentials;
import org.thingsboard.server.common.data.security.DeviceCredentialsType;
import org.thingsboard.server.common.msg.TbMsg;
import org.thingsboard.server.common.msg.TbMsgMetaData;
import org.thingsboard.server.common.msg.queue.ServiceType;
import org.thingsboard.server.common.transport.util.SslUtil;
import org.thingsboard.server.dao.attributes.AttributesService;
import org.thingsboard.server.dao.audit.AuditLogService;
import org.thingsboard.server.dao.device.DeviceCredentialsService;
import org.thingsboard.server.dao.device.DeviceProfileService;
import org.thingsboard.server.dao.device.DeviceProvisionService;
import org.thingsboard.server.dao.device.DeviceService;
import org.thingsboard.server.dao.device.provision.ProvisionFailedException;
import org.thingsboard.server.dao.device.provision.ProvisionRequest;
import org.thingsboard.server.dao.device.provision.ProvisionResponse;
import org.thingsboard.server.dao.device.provision.ProvisionResponseStatus;
import org.thingsboard.server.gen.transport.TransportProtos;
import org.thingsboard.server.queue.TbQueueCallback;
import org.thingsboard.server.queue.TbQueueProducer;
import org.thingsboard.server.queue.common.TbProtoQueueMsg;
import org.thingsboard.server.queue.discovery.PartitionService;
import org.thingsboard.server.queue.provider.TbQueueProducerProvider;
import org.thingsboard.server.queue.util.TbCoreComponent;
import org.thingsboard.server.service.queue.TbRuleEngineConsumerStats;

@TbCoreComponent
@Service
/* loaded from: input_file:org/thingsboard/server/service/device/DeviceProvisionServiceImpl.class */
public class DeviceProvisionServiceImpl implements DeviceProvisionService {
    private static final Logger log = LoggerFactory.getLogger(DeviceProvisionServiceImpl.class);
    protected TbQueueProducer<TbProtoQueueMsg<TransportProtos.ToRuleEngineMsg>> ruleEngineMsgProducer;
    private static final String DEVICE_PROVISION_STATE = "provisionState";
    private static final String PROVISIONED_STATE = "provisioned";
    private final DeviceProfileService deviceProfileService;
    private final DeviceService deviceService;
    private final DeviceCredentialsService deviceCredentialsService;
    private final AttributesService attributesService;
    private final AuditLogService auditLogService;
    private final PartitionService partitionService;

    /* renamed from: org.thingsboard.server.service.device.DeviceProvisionServiceImpl$1, reason: invalid class name */
    /* loaded from: input_file:org/thingsboard/server/service/device/DeviceProvisionServiceImpl$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$thingsboard$server$common$data$DeviceProfileProvisionType = new int[DeviceProfileProvisionType.values().length];

        static {
            try {
                $SwitchMap$org$thingsboard$server$common$data$DeviceProfileProvisionType[DeviceProfileProvisionType.ALLOW_CREATE_NEW_DEVICES.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$thingsboard$server$common$data$DeviceProfileProvisionType[DeviceProfileProvisionType.CHECK_PRE_PROVISIONED_DEVICES.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$thingsboard$server$common$data$DeviceProfileProvisionType[DeviceProfileProvisionType.X509_CERTIFICATE_CHAIN.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    public DeviceProvisionServiceImpl(TbQueueProducerProvider tbQueueProducerProvider, DeviceProfileService deviceProfileService, DeviceService deviceService, DeviceCredentialsService deviceCredentialsService, AttributesService attributesService, AuditLogService auditLogService, PartitionService partitionService) {
        this.ruleEngineMsgProducer = tbQueueProducerProvider.getRuleEngineMsgProducer();
        this.deviceProfileService = deviceProfileService;
        this.deviceService = deviceService;
        this.deviceCredentialsService = deviceCredentialsService;
        this.attributesService = attributesService;
        this.auditLogService = auditLogService;
        this.partitionService = partitionService;
    }

    public ProvisionResponse provisionDeviceViaX509Chain(DeviceProfile deviceProfile, ProvisionRequest provisionRequest) throws ProvisionFailedException {
        if (deviceProfile == null) {
            throw new ProvisionFailedException("Device profile is not specified!");
        }
        if (!DeviceProfileProvisionType.X509_CERTIFICATE_CHAIN.equals(deviceProfile.getProfileData().getProvisionConfiguration().getType())) {
            throw new ProvisionFailedException("Device profile provision strategy is not X509_CERTIFICATE_CHAIN!");
        }
        X509CertificateChainProvisionConfiguration provisionConfiguration = deviceProfile.getProfileData().getProvisionConfiguration();
        provisionRequest.setDeviceName(extractDeviceNameFromCNByRegEx(deviceProfile, getCNFromX509Certificate(deviceProfile, provisionRequest.getCredentialsData().getX509CertHash()), provisionConfiguration.getCertificateRegExPattern()));
        Device findDeviceByTenantIdAndName = this.deviceService.findDeviceByTenantIdAndName(deviceProfile.getTenantId(), provisionRequest.getDeviceName());
        X509CertificateChainProvisionConfiguration provisionConfiguration2 = deviceProfile.getProfileData().getProvisionConfiguration();
        if (findDeviceByTenantIdAndName == null || !findDeviceByTenantIdAndName.getDeviceProfileId().equals(deviceProfile.getId())) {
            if (provisionConfiguration2.isAllowCreateNewDevicesByX509Certificate()) {
                return createDevice(provisionRequest, deviceProfile);
            }
            log.warn("[{}][{}] Device with name {} doesn't exist and cannot be created due incorrect configuration for X509CertificateChainProvisionConfiguration", new Object[]{deviceProfile.getTenantId(), deviceProfile.getId(), provisionRequest.getDeviceName()});
            throw new ProvisionFailedException(ProvisionResponseStatus.FAILURE.name());
        }
        DeviceCredentials findDeviceCredentialsByDeviceId = this.deviceCredentialsService.findDeviceCredentialsByDeviceId(findDeviceByTenantIdAndName.getTenantId(), findDeviceByTenantIdAndName.getId());
        if (DeviceCredentialsType.X509_CERTIFICATE.equals(findDeviceCredentialsByDeviceId.getCredentialsType())) {
            findDeviceCredentialsByDeviceId = updateDeviceCredentials(findDeviceByTenantIdAndName.getTenantId(), findDeviceCredentialsByDeviceId, provisionRequest.getCredentialsData().getX509CertHash(), DeviceCredentialsType.X509_CERTIFICATE);
        }
        return new ProvisionResponse(findDeviceCredentialsByDeviceId, ProvisionResponseStatus.SUCCESS);
    }

    public ProvisionResponse provisionDevice(ProvisionRequest provisionRequest) {
        String provisionDeviceKey = provisionRequest.getCredentials().getProvisionDeviceKey();
        String provisionDeviceSecret = provisionRequest.getCredentials().getProvisionDeviceSecret();
        if (!StringUtils.isEmpty(provisionRequest.getDeviceName())) {
            provisionRequest.setDeviceName(provisionRequest.getDeviceName().trim());
            if (StringUtils.isEmpty(provisionRequest.getDeviceName())) {
                log.warn("Provision request contains empty device name!");
                throw new ProvisionFailedException(ProvisionResponseStatus.FAILURE.name());
            }
        }
        if (StringUtils.isEmpty(provisionDeviceKey) || StringUtils.isEmpty(provisionDeviceSecret)) {
            throw new ProvisionFailedException(ProvisionResponseStatus.NOT_FOUND.name());
        }
        DeviceProfile findDeviceProfileByProvisionDeviceKey = this.deviceProfileService.findDeviceProfileByProvisionDeviceKey(provisionDeviceKey);
        if (findDeviceProfileByProvisionDeviceKey == null || findDeviceProfileByProvisionDeviceKey.getProfileData().getProvisionConfiguration() == null || findDeviceProfileByProvisionDeviceKey.getProfileData().getProvisionConfiguration().getProvisionDeviceSecret() == null) {
            throw new ProvisionFailedException(ProvisionResponseStatus.NOT_FOUND.name());
        }
        Device findDeviceByTenantIdAndName = this.deviceService.findDeviceByTenantIdAndName(findDeviceProfileByProvisionDeviceKey.getTenantId(), provisionRequest.getDeviceName());
        switch (AnonymousClass1.$SwitchMap$org$thingsboard$server$common$data$DeviceProfileProvisionType[findDeviceProfileByProvisionDeviceKey.getProvisionType().ordinal()]) {
            case 1:
                if (findDeviceProfileByProvisionDeviceKey.getProfileData().getProvisionConfiguration().getProvisionDeviceSecret().equals(provisionDeviceSecret)) {
                    if (findDeviceByTenantIdAndName == null) {
                        return createDevice(provisionRequest, findDeviceProfileByProvisionDeviceKey);
                    }
                    log.warn("[{}] The device is present and could not be provisioned once more!", findDeviceByTenantIdAndName.getName());
                    notify(findDeviceByTenantIdAndName, provisionRequest, TbMsgType.PROVISION_FAILURE, false);
                    throw new ProvisionFailedException(ProvisionResponseStatus.FAILURE.name());
                }
                break;
            case CalculatedFieldEntityMessageProcessor.CALLBACKS_PER_CF /* 2 */:
                if (findDeviceProfileByProvisionDeviceKey.getProfileData().getProvisionConfiguration().getProvisionDeviceSecret().equals(provisionDeviceSecret)) {
                    if (findDeviceByTenantIdAndName != null && findDeviceByTenantIdAndName.getDeviceProfileId().equals(findDeviceProfileByProvisionDeviceKey.getId())) {
                        return processProvision(findDeviceByTenantIdAndName, provisionRequest);
                    }
                    log.warn("[{}] Failed to find pre provisioned device!", provisionRequest.getDeviceName());
                    throw new ProvisionFailedException(ProvisionResponseStatus.FAILURE.name());
                }
                break;
            case 3:
                throw new ProvisionFailedException("Invalid provision strategy type!");
        }
        throw new ProvisionFailedException(ProvisionResponseStatus.NOT_FOUND.name());
    }

    private ProvisionResponse processProvision(Device device, ProvisionRequest provisionRequest) {
        try {
            Optional optional = (Optional) this.attributesService.find(device.getTenantId(), device.getId(), AttributeScope.SERVER_SCOPE, DEVICE_PROVISION_STATE).get();
            if (optional != null && optional.isPresent() && !((AttributeKvEntry) optional.get()).getValueAsString().equals(PROVISIONED_STATE)) {
                notify(device, provisionRequest, TbMsgType.PROVISION_FAILURE, false);
                throw new ProvisionFailedException(ProvisionResponseStatus.FAILURE.name());
            }
            saveProvisionStateAttribute(device).get();
            notify(device, provisionRequest, TbMsgType.PROVISION_SUCCESS, true);
            return new ProvisionResponse(this.deviceCredentialsService.findDeviceCredentialsByDeviceId(device.getTenantId(), device.getId()), ProvisionResponseStatus.SUCCESS);
        } catch (InterruptedException | ExecutionException e) {
            throw new ProvisionFailedException(ProvisionResponseStatus.FAILURE.name());
        }
    }

    private ProvisionResponse createDevice(ProvisionRequest provisionRequest, DeviceProfile deviceProfile) {
        return processCreateDevice(provisionRequest, deviceProfile);
    }

    private void notify(Device device, ProvisionRequest provisionRequest, TbMsgType tbMsgType, boolean z) {
        pushProvisionEventToRuleEngine(provisionRequest, device, tbMsgType);
        logAction(device.getTenantId(), device.getCustomerId(), device, z, provisionRequest);
    }

    private ProvisionResponse processCreateDevice(ProvisionRequest provisionRequest, DeviceProfile deviceProfile) {
        try {
            if (StringUtils.isEmpty(provisionRequest.getDeviceName())) {
                String randomAlphanumeric = StringUtils.randomAlphanumeric(20);
                log.info("Device name not found in provision request. Generated name is: {}", randomAlphanumeric);
                provisionRequest.setDeviceName(randomAlphanumeric);
            }
            Device saveDevice = this.deviceService.saveDevice(provisionRequest, deviceProfile);
            saveProvisionStateAttribute(saveDevice).get();
            pushDeviceCreatedEventToRuleEngine(saveDevice);
            notify(saveDevice, provisionRequest, TbMsgType.PROVISION_SUCCESS, true);
            return new ProvisionResponse(getDeviceCredentials(saveDevice), ProvisionResponseStatus.SUCCESS);
        } catch (Exception e) {
            log.warn("[{}] Error during device creation from provision request: [{}]", new Object[]{provisionRequest.getDeviceName(), provisionRequest, e});
            Device findDeviceByTenantIdAndName = this.deviceService.findDeviceByTenantIdAndName(deviceProfile.getTenantId(), provisionRequest.getDeviceName());
            if (findDeviceByTenantIdAndName != null) {
                notify(findDeviceByTenantIdAndName, provisionRequest, TbMsgType.PROVISION_FAILURE, false);
            }
            throw new ProvisionFailedException(ProvisionResponseStatus.FAILURE.name());
        }
    }

    private DeviceCredentials updateDeviceCredentials(TenantId tenantId, DeviceCredentials deviceCredentials, String str, DeviceCredentialsType deviceCredentialsType) {
        log.trace("Updating device credentials [{}] with certificate value [{}]", deviceCredentials, str);
        deviceCredentials.setCredentialsValue(str);
        deviceCredentials.setCredentialsType(deviceCredentialsType);
        return this.deviceCredentialsService.updateDeviceCredentials(tenantId, deviceCredentials);
    }

    private ListenableFuture<List<Long>> saveProvisionStateAttribute(Device device) {
        return this.attributesService.save(device.getTenantId(), device.getId(), AttributeScope.SERVER_SCOPE, Collections.singletonList(new BaseAttributeKvEntry(new StringDataEntry(DEVICE_PROVISION_STATE, PROVISIONED_STATE), System.currentTimeMillis())));
    }

    private DeviceCredentials getDeviceCredentials(Device device) {
        return this.deviceCredentialsService.findDeviceCredentialsByDeviceId(device.getTenantId(), device.getId());
    }

    private void pushProvisionEventToRuleEngine(ProvisionRequest provisionRequest, Device device, TbMsgType tbMsgType) {
        try {
            sendToRuleEngine(device.getTenantId(), TbMsg.newMsg().type(tbMsgType).originator(device.getId()).customerId(device.getCustomerId()).copyMetaData(createTbMsgMetaData(device)).data(JacksonUtil.toString(JacksonUtil.valueToTree(provisionRequest))).build(), null);
        } catch (IllegalArgumentException e) {
            log.warn("[{}] Failed to push device action to rule engine: {}", new Object[]{device.getId(), tbMsgType, e});
        }
    }

    private void pushDeviceCreatedEventToRuleEngine(Device device) {
        try {
            sendToRuleEngine(device.getTenantId(), TbMsg.newMsg().type(TbMsgType.ENTITY_CREATED).originator(device.getId()).customerId(device.getCustomerId()).copyMetaData(createTbMsgMetaData(device)).data(JacksonUtil.OBJECT_MAPPER.writeValueAsString(JacksonUtil.OBJECT_MAPPER.valueToTree(device))).build(), null);
        } catch (JsonProcessingException | IllegalArgumentException e) {
            log.warn("[{}] Failed to push device action to rule engine: {}", new Object[]{device.getId(), TbMsgType.ENTITY_CREATED.name(), e});
        }
    }

    protected void sendToRuleEngine(TenantId tenantId, TbMsg tbMsg, TbQueueCallback tbQueueCallback) {
        this.ruleEngineMsgProducer.send(this.partitionService.resolve(ServiceType.TB_RULE_ENGINE, tenantId, tbMsg.getOriginator()), new TbProtoQueueMsg(tbMsg.getId(), TransportProtos.ToRuleEngineMsg.newBuilder().setTbMsg(TbMsg.toByteString(tbMsg)).setTenantIdMSB(tenantId.getId().getMostSignificantBits()).setTenantIdLSB(tenantId.getId().getLeastSignificantBits()).build()), tbQueueCallback);
    }

    private TbMsgMetaData createTbMsgMetaData(Device device) {
        TbMsgMetaData tbMsgMetaData = new TbMsgMetaData();
        tbMsgMetaData.putValue(TbRuleEngineConsumerStats.TENANT_ID_TAG, device.getTenantId().toString());
        return tbMsgMetaData;
    }

    private void logAction(TenantId tenantId, CustomerId customerId, Device device, boolean z, ProvisionRequest provisionRequest) {
        this.auditLogService.logEntityAction(tenantId, customerId, new UserId(UserId.NULL_UUID), device.getName(), device.getId(), device, z ? ActionType.PROVISION_SUCCESS : ActionType.PROVISION_FAILURE, (Exception) null, new Object[]{provisionRequest});
    }

    private String getCNFromX509Certificate(DeviceProfile deviceProfile, String str) {
        try {
            return SslUtil.parseCommonName(SslUtil.readCertFile(str));
        } catch (Exception e) {
            log.trace("[{}][{}] Failed to parse CN from X509 certificate {}", new Object[]{deviceProfile.getTenantId(), deviceProfile.getId(), str});
            return null;
        }
    }

    public String extractDeviceNameFromCNByRegEx(DeviceProfile deviceProfile, String str, String str2) throws ProvisionFailedException {
        try {
            log.trace("Extract device name from CN [{}] by regex pattern [{}]", str, str2);
            Matcher matcher = Pattern.compile(str2).matcher(str);
            if (matcher.find()) {
                return matcher.group(1);
            }
        } catch (Exception e) {
        }
        log.trace("[{}][{}] Failed to match device name using [{}] from CN: [{}]", new Object[]{deviceProfile.getTenantId(), deviceProfile.getId(), str2, str});
        throw new ProvisionFailedException(ProvisionResponseStatus.FAILURE.name());
    }
}
