package org.thingsboard.server.transport.lwm2m.secure;

import java.beans.ConstructorProperties;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit;
import org.apache.commons.codec.DecoderException;
import org.eclipse.leshan.core.SecurityMode;
import org.eclipse.leshan.core.security.util.SecurityUtil;
import org.eclipse.leshan.server.security.SecurityInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;
import org.thingsboard.common.util.JacksonUtil;
import org.thingsboard.server.common.data.StringUtils;
import org.thingsboard.server.common.data.device.credentials.lwm2m.LwM2MClientCredential;
import org.thingsboard.server.common.data.device.credentials.lwm2m.LwM2MSecurityMode;
import org.thingsboard.server.common.data.device.credentials.lwm2m.PSKClientCredential;
import org.thingsboard.server.common.data.device.credentials.lwm2m.RPKClientCredential;
import org.thingsboard.server.common.transport.TransportServiceCallback;
import org.thingsboard.server.common.transport.auth.ValidateDeviceCredentialsResponse;
import org.thingsboard.server.gen.transport.TransportProtos;
import org.thingsboard.server.queue.util.TbLwM2mTransportComponent;
import org.thingsboard.server.transport.lwm2m.bootstrap.secure.LwM2MBootstrapConfig;
import org.thingsboard.server.transport.lwm2m.config.LwM2MTransportServerConfig;
import org.thingsboard.server.transport.lwm2m.secure.credentials.LwM2MClientCredentials;
import org.thingsboard.server.transport.lwm2m.server.LwM2mTransportContext;
import org.thingsboard.server.transport.lwm2m.server.client.LwM2MAuthException;
import org.thingsboard.server.transport.lwm2m.server.uplink.LwM2mTypeServer;

@TbLwM2mTransportComponent
@Component
/* loaded from: input_file:org/thingsboard/server/transport/lwm2m/secure/LwM2mCredentialsSecurityInfoValidator.class */
public class LwM2mCredentialsSecurityInfoValidator {
    private static final Logger log = LoggerFactory.getLogger(LwM2mCredentialsSecurityInfoValidator.class);
    private final LwM2mTransportContext context;
    private final LwM2MTransportServerConfig config;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.thingsboard.server.transport.lwm2m.secure.LwM2mCredentialsSecurityInfoValidator$2, reason: invalid class name */
    /* loaded from: input_file:org/thingsboard/server/transport/lwm2m/secure/LwM2mCredentialsSecurityInfoValidator$2.class */
    public static /* synthetic */ class AnonymousClass2 {
        static final /* synthetic */ int[] $SwitchMap$org$thingsboard$server$common$data$device$credentials$lwm2m$LwM2MSecurityMode = new int[LwM2MSecurityMode.values().length];

        static {
            try {
                $SwitchMap$org$thingsboard$server$common$data$device$credentials$lwm2m$LwM2MSecurityMode[LwM2MSecurityMode.NO_SEC.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$thingsboard$server$common$data$device$credentials$lwm2m$LwM2MSecurityMode[LwM2MSecurityMode.PSK.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$thingsboard$server$common$data$device$credentials$lwm2m$LwM2MSecurityMode[LwM2MSecurityMode.RPK.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$thingsboard$server$common$data$device$credentials$lwm2m$LwM2MSecurityMode[LwM2MSecurityMode.X509.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
        }
    }

    public TbLwM2MSecurityInfo getEndpointSecurityInfoByCredentialsId(final String str, final LwM2mTypeServer lwM2mTypeServer) {
        final CountDownLatch countDownLatch = new CountDownLatch(1);
        final TbLwM2MSecurityInfo[] tbLwM2MSecurityInfoArr = new TbLwM2MSecurityInfo[1];
        log.trace("Validating credentials [{}]", str);
        this.context.getTransportService().process(TransportProtos.ValidateDeviceLwM2MCredentialsRequestMsg.newBuilder().setCredentialsId(str).build(), new TransportServiceCallback<ValidateDeviceCredentialsResponse>() { // from class: org.thingsboard.server.transport.lwm2m.secure.LwM2mCredentialsSecurityInfoValidator.1
            public void onSuccess(ValidateDeviceCredentialsResponse validateDeviceCredentialsResponse) {
                LwM2mCredentialsSecurityInfoValidator.log.trace("Validated credentials: [{}] [{}]", str, validateDeviceCredentialsResponse);
                tbLwM2MSecurityInfoArr[0] = LwM2mCredentialsSecurityInfoValidator.this.createSecurityInfo(str, validateDeviceCredentialsResponse, lwM2mTypeServer);
                countDownLatch.countDown();
            }

            public void onError(Throwable th) {
                LwM2mCredentialsSecurityInfoValidator.log.info("[{}] [{}] Failed to process credentials ", str, th);
                TbLwM2MSecurityInfo tbLwM2MSecurityInfo = new TbLwM2MSecurityInfo();
                tbLwM2MSecurityInfo.setEndpoint(str);
                tbLwM2MSecurityInfoArr[0] = tbLwM2MSecurityInfo;
                countDownLatch.countDown();
            }
        });
        try {
            countDownLatch.await(this.config.getTimeout().longValue(), TimeUnit.MILLISECONDS);
        } catch (InterruptedException e) {
            log.error("Failed to await credentials!", e);
        }
        TbLwM2MSecurityInfo tbLwM2MSecurityInfo = tbLwM2MSecurityInfoArr[0];
        if (tbLwM2MSecurityInfo.getSecurityMode() == null) {
            throw new LwM2MAuthException();
        }
        return tbLwM2MSecurityInfo;
    }

    private TbLwM2MSecurityInfo createSecurityInfo(String str, ValidateDeviceCredentialsResponse validateDeviceCredentialsResponse, LwM2mTypeServer lwM2mTypeServer) {
        TbLwM2MSecurityInfo tbLwM2MSecurityInfo = new TbLwM2MSecurityInfo();
        LwM2MClientCredentials lwM2MClientCredentials = (LwM2MClientCredentials) JacksonUtil.fromString(validateDeviceCredentialsResponse.getCredentials(), LwM2MClientCredentials.class);
        if (lwM2MClientCredentials != null) {
            tbLwM2MSecurityInfo.setMsg(validateDeviceCredentialsResponse);
            tbLwM2MSecurityInfo.setDeviceProfile(validateDeviceCredentialsResponse.getDeviceProfile());
            tbLwM2MSecurityInfo.setEndpoint(lwM2MClientCredentials.getClient().getEndpoint());
            switch (AnonymousClass2.$SwitchMap$org$thingsboard$server$common$data$device$credentials$lwm2m$LwM2MSecurityMode[lwM2MClientCredentials.getClient().getSecurityConfigClientMode().ordinal()]) {
                case 1:
                    createClientSecurityInfoNoSec(tbLwM2MSecurityInfo);
                    break;
                case 2:
                    createClientSecurityInfoPSK(tbLwM2MSecurityInfo, str, lwM2MClientCredentials.getClient());
                    break;
                case 3:
                    createClientSecurityInfoRPK(tbLwM2MSecurityInfo, str, lwM2MClientCredentials.getClient());
                    break;
                case 4:
                    createClientSecurityInfoX509(tbLwM2MSecurityInfo, str);
                    break;
            }
            if (lwM2mTypeServer.equals(LwM2mTypeServer.BOOTSTRAP)) {
                tbLwM2MSecurityInfo.setBootstrapCredentialConfig(new LwM2MBootstrapConfig(validateDeviceCredentialsResponse.getDeviceProfile().getProfileData().getTransportConfiguration().getBootstrap(), lwM2MClientCredentials.getBootstrap().getBootstrapServer(), lwM2MClientCredentials.getBootstrap().getLwm2mServer()));
            }
        }
        return tbLwM2MSecurityInfo;
    }

    private void createClientSecurityInfoNoSec(TbLwM2MSecurityInfo tbLwM2MSecurityInfo) {
        tbLwM2MSecurityInfo.setSecurityInfo(null);
        tbLwM2MSecurityInfo.setSecurityMode(SecurityMode.NO_SEC);
    }

    private void createClientSecurityInfoPSK(TbLwM2MSecurityInfo tbLwM2MSecurityInfo, String str, LwM2MClientCredential lwM2MClientCredential) {
        PSKClientCredential pSKClientCredential = (PSKClientCredential) lwM2MClientCredential;
        if (!StringUtils.isNotEmpty(pSKClientCredential.getIdentity())) {
            log.error("Missing PSK identity");
            return;
        }
        try {
            if (pSKClientCredential.getDecoded() != null && pSKClientCredential.getDecoded().length > 0) {
                String endpoint = StringUtils.isNotEmpty(pSKClientCredential.getEndpoint()) ? pSKClientCredential.getEndpoint() : str;
                if (endpoint != null && !endpoint.isEmpty()) {
                    tbLwM2MSecurityInfo.setSecurityInfo(SecurityInfo.newPreSharedKeyInfo(endpoint, pSKClientCredential.getIdentity(), pSKClientCredential.getDecoded()));
                    tbLwM2MSecurityInfo.setSecurityMode(SecurityMode.PSK);
                }
            }
        } catch (IllegalArgumentException | DecoderException e) {
            log.error("Missing PSK key: " + e.getMessage());
        }
    }

    private void createClientSecurityInfoRPK(TbLwM2MSecurityInfo tbLwM2MSecurityInfo, String str, LwM2MClientCredential lwM2MClientCredential) {
        RPKClientCredential rPKClientCredential = (RPKClientCredential) lwM2MClientCredential;
        try {
            if (rPKClientCredential.getDecoded() != null) {
                tbLwM2MSecurityInfo.setSecurityInfo(SecurityInfo.newRawPublicKeyInfo(str, (PublicKey) SecurityUtil.publicKey.decode(rPKClientCredential.getDecoded())));
                tbLwM2MSecurityInfo.setSecurityMode(SecurityMode.RPK);
            } else {
                log.error("Missing RPK key");
            }
        } catch (IOException | IllegalArgumentException | GeneralSecurityException | DecoderException e) {
            log.error("RPK: Invalid security info content: " + e.getMessage());
        }
    }

    private void createClientSecurityInfoX509(TbLwM2MSecurityInfo tbLwM2MSecurityInfo, String str) {
        tbLwM2MSecurityInfo.setSecurityInfo(SecurityInfo.newX509CertInfo(str));
        tbLwM2MSecurityInfo.setSecurityMode(SecurityMode.X509);
    }

    @ConstructorProperties({"context", "config"})
    public LwM2mCredentialsSecurityInfoValidator(LwM2mTransportContext lwM2mTransportContext, LwM2MTransportServerConfig lwM2MTransportServerConfig) {
        this.context = lwM2mTransportContext;
        this.config = lwM2MTransportServerConfig;
    }
}
