package org.thingsboard.server.transport.lwm2m.bootstrap;

import jakarta.annotation.PostConstruct;
import jakarta.annotation.PreDestroy;
import java.beans.ConstructorProperties;
import java.net.InetSocketAddress;
import java.security.cert.X509Certificate;
import java.util.concurrent.TimeUnit;
import org.eclipse.californium.elements.config.Configuration;
import org.eclipse.californium.scandium.config.DtlsConfig;
import org.eclipse.leshan.core.endpoint.Protocol;
import org.eclipse.leshan.server.bootstrap.LeshanBootstrapServer;
import org.eclipse.leshan.server.bootstrap.LeshanBootstrapServerBuilder;
import org.eclipse.leshan.server.bootstrap.endpoint.LwM2mBootstrapServerEndpointsProvider;
import org.eclipse.leshan.server.californium.bootstrap.LwM2mBootstrapPskStore;
import org.eclipse.leshan.server.californium.bootstrap.endpoint.BootstrapServerProtocolProvider;
import org.eclipse.leshan.server.californium.bootstrap.endpoint.CaliforniumBootstrapServerEndpointsProvider;
import org.eclipse.leshan.server.californium.bootstrap.endpoint.coap.CoapBootstrapServerProtocolProvider;
import org.eclipse.leshan.server.californium.bootstrap.endpoint.coaps.CoapsBootstrapServerProtocolProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;
import org.thingsboard.server.common.transport.TransportService;
import org.thingsboard.server.common.transport.config.ssl.SslCredentials;
import org.thingsboard.server.queue.util.TbLwM2mBootstrapTransportComponent;
import org.thingsboard.server.transport.lwm2m.bootstrap.secure.LwM2mDefaultBootstrapSessionManager;
import org.thingsboard.server.transport.lwm2m.bootstrap.secure.TbLwM2MDtlsBootstrapCertificateVerifier;
import org.thingsboard.server.transport.lwm2m.bootstrap.store.LwM2MBootstrapSecurityStore;
import org.thingsboard.server.transport.lwm2m.bootstrap.store.LwM2MInMemoryBootstrapConfigStore;
import org.thingsboard.server.transport.lwm2m.config.LwM2MTransportBootstrapConfig;
import org.thingsboard.server.transport.lwm2m.config.LwM2MTransportServerConfig;
import org.thingsboard.server.transport.lwm2m.server.DefaultLwM2mTransportService;
import org.thingsboard.server.transport.lwm2m.server.LwM2MNetworkConfig;
import org.thingsboard.server.transport.lwm2m.utils.LwM2MTransportUtil;

@Component
@TbLwM2mBootstrapTransportComponent
/* loaded from: input_file:org/thingsboard/server/transport/lwm2m/bootstrap/LwM2MTransportBootstrapService.class */
public class LwM2MTransportBootstrapService {
    private static final Logger log = LoggerFactory.getLogger(LwM2MTransportBootstrapService.class);
    private final LwM2MTransportServerConfig serverConfig;
    private final LwM2MTransportBootstrapConfig bootstrapConfig;
    private final LwM2MBootstrapSecurityStore lwM2MBootstrapSecurityStore;
    private final LwM2MInMemoryBootstrapConfigStore lwM2MInMemoryBootstrapConfigStore;
    private final TransportService transportService;
    private final TbLwM2MDtlsBootstrapCertificateVerifier certificateVerifier;
    private LeshanBootstrapServer server;

    @PostConstruct
    public void init() {
        log.info("Starting LwM2M transport bootstrap server...");
        this.server = getLhBootstrapServer();
        this.server.start();
        log.info("Started LwM2M transport bootstrap server.");
    }

    @PreDestroy
    public void shutdown() {
        try {
            log.info("Stopping LwM2M transport bootstrap server!");
            this.server.destroy();
            log.info("LwM2M transport bootstrap server stopped!");
        } catch (Exception e) {
            log.error("Failed to gracefully stop the LwM2M transport bootstrap server!", e);
        }
    }

    public LeshanBootstrapServer getLhBootstrapServer() {
        LeshanBootstrapServerBuilder leshanBootstrapServerBuilder = new LeshanBootstrapServerBuilder();
        CaliforniumBootstrapServerEndpointsProvider.Builder builder = new CaliforniumBootstrapServerEndpointsProvider.Builder(new BootstrapServerProtocolProvider[]{new CoapBootstrapServerProtocolProvider(), new CoapsBootstrapServerProtocolProvider(builder2 -> {
            if (this.bootstrapConfig.getSslCredentials() != null) {
                builder2.setAdvancedCertificateVerifier(this.certificateVerifier);
                builder2.setAsList(DtlsConfig.DTLS_CIPHER_SUITES, DefaultLwM2mTransportService.RPK_OR_X509_CIPHER_SUITES);
            } else {
                log.info("Unable to load X509 files for LWM2MServer");
                builder2.setAdvancedPskStore(new LwM2mBootstrapPskStore(this.lwM2MBootstrapSecurityStore));
                builder2.setAsList(DtlsConfig.DTLS_CIPHER_SUITES, DefaultLwM2mTransportService.PSK_CIPHER_SUITES);
            }
        })});
        Configuration createDefaultConfiguration = builder.createDefaultConfiguration();
        LwM2MNetworkConfig.getCoapConfig(createDefaultConfiguration, this.bootstrapConfig.getPort(), this.bootstrapConfig.getSecurePort(), this.serverConfig);
        createDefaultConfiguration.setTransient(DtlsConfig.DTLS_RECOMMENDED_CIPHER_SUITES_ONLY);
        createDefaultConfiguration.set(DtlsConfig.DTLS_RECOMMENDED_CIPHER_SUITES_ONLY, Boolean.valueOf(this.serverConfig.isRecommendedCiphers()));
        createDefaultConfiguration.setTransient(DtlsConfig.DTLS_CONNECTION_ID_LENGTH);
        createDefaultConfiguration.set(DtlsConfig.DTLS_RECOMMENDED_CURVES_ONLY, Boolean.valueOf(this.serverConfig.isRecommendedSupportedGroups()));
        createDefaultConfiguration.setTransient(DtlsConfig.DTLS_RETRANSMISSION_TIMEOUT);
        createDefaultConfiguration.set(DtlsConfig.DTLS_RETRANSMISSION_TIMEOUT, this.serverConfig.getDtlsRetransmissionTimeout(), TimeUnit.MILLISECONDS);
        if (this.serverConfig.getDtlsCidLength() != null) {
            LwM2MTransportUtil.setDtlsConnectorConfigCidLength(createDefaultConfiguration, this.serverConfig.getDtlsCidLength());
        }
        setServerWithCredentials(leshanBootstrapServerBuilder);
        builder.setConfiguration(createDefaultConfiguration);
        this.serverConfig.setCoapConfig(createDefaultConfiguration);
        builder.addEndpoint(new InetSocketAddress(this.bootstrapConfig.getHost(), this.bootstrapConfig.getPort().intValue()), Protocol.COAP);
        builder.addEndpoint(new InetSocketAddress(this.bootstrapConfig.getSecureHost(), this.bootstrapConfig.getSecurePort().intValue()), Protocol.COAPS);
        leshanBootstrapServerBuilder.setConfigStore(this.lwM2MInMemoryBootstrapConfigStore);
        leshanBootstrapServerBuilder.setSecurityStore(this.lwM2MBootstrapSecurityStore);
        leshanBootstrapServerBuilder.setSessionManager(new LwM2mDefaultBootstrapSessionManager(this.lwM2MBootstrapSecurityStore, this.lwM2MInMemoryBootstrapConfigStore, this.transportService));
        leshanBootstrapServerBuilder.setEndpointsProviders(new LwM2mBootstrapServerEndpointsProvider[]{builder.build()});
        return leshanBootstrapServerBuilder.build();
    }

    private void setServerWithCredentials(LeshanBootstrapServerBuilder leshanBootstrapServerBuilder) {
        if (this.bootstrapConfig.getSslCredentials() == null) {
            leshanBootstrapServerBuilder.setTrustedCertificates(new X509Certificate[0]);
            return;
        }
        SslCredentials sslCredentials = this.bootstrapConfig.getSslCredentials();
        leshanBootstrapServerBuilder.setPublicKey(sslCredentials.getPublicKey());
        leshanBootstrapServerBuilder.setPrivateKey(sslCredentials.getPrivateKey());
        leshanBootstrapServerBuilder.setCertificateChain(sslCredentials.getCertificateChain());
    }

    @ConstructorProperties({"serverConfig", "bootstrapConfig", "lwM2MBootstrapSecurityStore", "lwM2MInMemoryBootstrapConfigStore", "transportService", "certificateVerifier"})
    public LwM2MTransportBootstrapService(LwM2MTransportServerConfig lwM2MTransportServerConfig, LwM2MTransportBootstrapConfig lwM2MTransportBootstrapConfig, LwM2MBootstrapSecurityStore lwM2MBootstrapSecurityStore, LwM2MInMemoryBootstrapConfigStore lwM2MInMemoryBootstrapConfigStore, TransportService transportService, TbLwM2MDtlsBootstrapCertificateVerifier tbLwM2MDtlsBootstrapCertificateVerifier) {
        this.serverConfig = lwM2MTransportServerConfig;
        this.bootstrapConfig = lwM2MTransportBootstrapConfig;
        this.lwM2MBootstrapSecurityStore = lwM2MBootstrapSecurityStore;
        this.lwM2MInMemoryBootstrapConfigStore = lwM2MInMemoryBootstrapConfigStore;
        this.transportService = transportService;
        this.certificateVerifier = tbLwM2MDtlsBootstrapCertificateVerifier;
    }
}
