package org.thingsboard.server.transport.lwm2m.server;

import jakarta.annotation.PreDestroy;
import java.beans.ConstructorProperties;
import java.net.InetSocketAddress;
import java.security.cert.X509Certificate;
import java.util.concurrent.TimeUnit;
import org.eclipse.californium.elements.config.Configuration;
import org.eclipse.californium.scandium.config.DtlsConfig;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
import org.eclipse.leshan.core.endpoint.Protocol;
import org.eclipse.leshan.core.node.codec.DefaultLwM2mDecoder;
import org.eclipse.leshan.core.node.codec.DefaultLwM2mEncoder;
import org.eclipse.leshan.server.LeshanServer;
import org.eclipse.leshan.server.LeshanServerBuilder;
import org.eclipse.leshan.server.californium.LwM2mPskStore;
import org.eclipse.leshan.server.californium.endpoint.CaliforniumServerEndpointsProvider;
import org.eclipse.leshan.server.californium.endpoint.ServerProtocolProvider;
import org.eclipse.leshan.server.californium.endpoint.coap.CoapServerProtocolProvider;
import org.eclipse.leshan.server.californium.endpoint.coaps.CoapsServerProtocolProvider;
import org.eclipse.leshan.server.endpoint.LwM2mServerEndpointsProvider;
import org.eclipse.leshan.server.registration.RegistrationStore;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.DependsOn;
import org.springframework.stereotype.Component;
import org.thingsboard.server.cache.ota.OtaPackageDataCache;
import org.thingsboard.server.common.transport.config.ssl.SslCredentials;
import org.thingsboard.server.queue.util.AfterStartUp;
import org.thingsboard.server.queue.util.TbLwM2mTransportComponent;
import org.thingsboard.server.transport.lwm2m.config.LwM2MTransportServerConfig;
import org.thingsboard.server.transport.lwm2m.secure.TbLwM2MAuthorizer;
import org.thingsboard.server.transport.lwm2m.secure.TbLwM2MDtlsCertificateVerifier;
import org.thingsboard.server.transport.lwm2m.server.ota.DefaultLwM2MOtaUpdateService;
import org.thingsboard.server.transport.lwm2m.server.store.TbSecurityStore;
import org.thingsboard.server.transport.lwm2m.server.uplink.LwM2mUplinkMsgHandler;
import org.thingsboard.server.transport.lwm2m.utils.LwM2MTransportUtil;

@DependsOn({"lwM2mDownlinkMsgHandler", "lwM2mUplinkMsgHandler"})
@TbLwM2mTransportComponent
@Component
/* loaded from: input_file:org/thingsboard/server/transport/lwm2m/server/DefaultLwM2mTransportService.class */
public class DefaultLwM2mTransportService implements LwM2MTransportService {
    private static final Logger log = LoggerFactory.getLogger(DefaultLwM2mTransportService.class);
    public static final CipherSuite[] RPK_OR_X509_CIPHER_SUITES = {CipherSuite.TLS_PSK_WITH_AES_128_CCM_8, CipherSuite.TLS_PSK_WITH_AES_128_CBC_SHA256, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256};
    public static final CipherSuite[] PSK_CIPHER_SUITES = {CipherSuite.TLS_PSK_WITH_AES_128_CCM_8, CipherSuite.TLS_PSK_WITH_AES_128_CBC_SHA256};
    private final LwM2mTransportContext context;
    private final LwM2MTransportServerConfig config;
    private final OtaPackageDataCache otaPackageDataCache;
    private final LwM2mUplinkMsgHandler handler;
    private final RegistrationStore registrationStore;
    private final TbSecurityStore securityStore;
    private final TbLwM2MDtlsCertificateVerifier certificateVerifier;
    private final TbLwM2MAuthorizer authorizer;
    private final LwM2mVersionedModelProvider modelProvider;
    private LeshanServer server;

    @AfterStartUp(order = 2147482648)
    public void init() {
        this.server = getLhServer();
        new LwM2mTransportCoapResource(this.otaPackageDataCache, DefaultLwM2MOtaUpdateService.FIRMWARE_UPDATE_COAP_RESOURCE);
        this.context.setServer(this.server);
        startLhServer();
    }

    private void startLhServer() {
        log.info("Starting LwM2M transport server...");
        this.server.start();
        LwM2mServerListener lwM2mServerListener = new LwM2mServerListener(this.handler);
        this.server.getRegistrationService().addListener(lwM2mServerListener.registrationListener);
        this.server.getPresenceService().addListener(lwM2mServerListener.presenceListener);
        this.server.getObservationService().addListener(lwM2mServerListener.observationListener);
        this.server.getSendService().addListener(lwM2mServerListener.sendListener);
        log.info("Started LwM2M transport server.");
    }

    @PreDestroy
    public void shutdown() {
        try {
            log.info("Stopping LwM2M transport server!");
            this.server.destroy();
            log.info("LwM2M transport server stopped!");
        } catch (Exception e) {
            log.error("Failed to gracefully stop the LwM2M transport server!", e);
        }
    }

    private LeshanServer getLhServer() {
        LeshanServerBuilder leshanServerBuilder = new LeshanServerBuilder();
        leshanServerBuilder.setObjectModelProvider(this.modelProvider);
        leshanServerBuilder.setSecurityStore(this.securityStore);
        leshanServerBuilder.setRegistrationStore(this.registrationStore);
        CaliforniumServerEndpointsProvider.Builder builder = new CaliforniumServerEndpointsProvider.Builder(new ServerProtocolProvider[]{new CoapServerProtocolProvider(), new CoapsServerProtocolProvider(builder2 -> {
            if (this.config.getSslCredentials() != null) {
                builder2.setAdvancedCertificateVerifier(this.certificateVerifier);
                builder2.setAsList(DtlsConfig.DTLS_CIPHER_SUITES, RPK_OR_X509_CIPHER_SUITES);
            } else {
                log.info("Unable to load X509 files for LWM2MServer");
                builder2.setAdvancedPskStore(new LwM2mPskStore(this.securityStore, this.registrationStore));
                builder2.setAsList(DtlsConfig.DTLS_CIPHER_SUITES, PSK_CIPHER_SUITES);
            }
        })});
        Configuration createDefaultConfiguration = builder.createDefaultConfiguration();
        LwM2MNetworkConfig.getCoapConfig(createDefaultConfiguration, this.config.getPort(), this.config.getSecurePort(), this.config);
        createDefaultConfiguration.setTransient(DtlsConfig.DTLS_RECOMMENDED_CURVES_ONLY);
        createDefaultConfiguration.set(DtlsConfig.DTLS_RECOMMENDED_CURVES_ONLY, Boolean.valueOf(this.config.isRecommendedSupportedGroups()));
        createDefaultConfiguration.setTransient(DtlsConfig.DTLS_RECOMMENDED_CIPHER_SUITES_ONLY);
        createDefaultConfiguration.set(DtlsConfig.DTLS_RECOMMENDED_CIPHER_SUITES_ONLY, Boolean.valueOf(this.config.isRecommendedCiphers()));
        createDefaultConfiguration.set(DtlsConfig.DTLS_RETRANSMISSION_TIMEOUT, this.config.getDtlsRetransmissionTimeout(), TimeUnit.MILLISECONDS);
        createDefaultConfiguration.set(DtlsConfig.DTLS_ROLE, DtlsConfig.DtlsRole.SERVER_ONLY);
        createDefaultConfiguration.setTransient(DtlsConfig.DTLS_CONNECTION_ID_LENGTH);
        if (this.config.getDtlsCidLength() != null) {
            LwM2MTransportUtil.setDtlsConnectorConfigCidLength(createDefaultConfiguration, this.config.getDtlsCidLength());
        }
        setServerWithCredentials(leshanServerBuilder);
        builder.setConfiguration(createDefaultConfiguration);
        builder.addEndpoint(new InetSocketAddress(this.config.getHost(), this.config.getPort().intValue()), Protocol.COAP);
        builder.addEndpoint(new InetSocketAddress(this.config.getSecureHost(), this.config.getSecurePort().intValue()), Protocol.COAPS);
        leshanServerBuilder.setDecoder(new DefaultLwM2mDecoder(true));
        leshanServerBuilder.setEncoder(new DefaultLwM2mEncoder(true));
        leshanServerBuilder.setEndpointsProviders(new LwM2mServerEndpointsProvider[]{builder.build()});
        return leshanServerBuilder.build();
    }

    private void setServerWithCredentials(LeshanServerBuilder leshanServerBuilder) {
        if (this.config.getSslCredentials() == null) {
            leshanServerBuilder.setTrustedCertificates(new X509Certificate[0]);
            return;
        }
        SslCredentials sslCredentials = this.config.getSslCredentials();
        leshanServerBuilder.setPublicKey(sslCredentials.getPublicKey());
        leshanServerBuilder.setPrivateKey(sslCredentials.getPrivateKey());
        leshanServerBuilder.setCertificateChain(sslCredentials.getCertificateChain());
        leshanServerBuilder.setAuthorizer(this.authorizer);
    }

    public String getName() {
        return "LWM2M";
    }

    @ConstructorProperties({"context", "config", "otaPackageDataCache", "handler", "registrationStore", "securityStore", "certificateVerifier", "authorizer", "modelProvider"})
    public DefaultLwM2mTransportService(LwM2mTransportContext lwM2mTransportContext, LwM2MTransportServerConfig lwM2MTransportServerConfig, OtaPackageDataCache otaPackageDataCache, LwM2mUplinkMsgHandler lwM2mUplinkMsgHandler, RegistrationStore registrationStore, TbSecurityStore tbSecurityStore, TbLwM2MDtlsCertificateVerifier tbLwM2MDtlsCertificateVerifier, TbLwM2MAuthorizer tbLwM2MAuthorizer, LwM2mVersionedModelProvider lwM2mVersionedModelProvider) {
        this.context = lwM2mTransportContext;
        this.config = lwM2MTransportServerConfig;
        this.otaPackageDataCache = otaPackageDataCache;
        this.handler = lwM2mUplinkMsgHandler;
        this.registrationStore = registrationStore;
        this.securityStore = tbSecurityStore;
        this.certificateVerifier = tbLwM2MDtlsCertificateVerifier;
        this.authorizer = tbLwM2MAuthorizer;
        this.modelProvider = lwM2mVersionedModelProvider;
    }
}
