package org.thingsboard.server.transport.lwm2m.server.store;

import com.fasterxml.jackson.databind.JsonNode;
import java.util.concurrent.locks.Lock;
import org.eclipse.leshan.core.SecurityMode;
import org.eclipse.leshan.core.peer.OscoreIdentity;
import org.eclipse.leshan.server.security.NonUniqueSecurityInfoException;
import org.eclipse.leshan.server.security.SecurityInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.data.redis.connection.RedisConnection;
import org.springframework.data.redis.connection.RedisConnectionFactory;
import org.springframework.integration.redis.util.RedisLockRegistry;
import org.thingsboard.common.util.JacksonUtil;
import org.thingsboard.server.common.data.JavaSerDesUtil;
import org.thingsboard.server.transport.lwm2m.secure.TbLwM2MSecurityInfo;

/* loaded from: input_file:org/thingsboard/server/transport/lwm2m/server/store/TbLwM2mRedisSecurityStore.class */
public class TbLwM2mRedisSecurityStore implements TbEditableSecurityStore {
    private static final Logger log = LoggerFactory.getLogger(TbLwM2mRedisSecurityStore.class);
    private static final String SEC_EP = "SEC#EP#";
    private static final String LOCK_EP = "LOCK#EP#";
    private static final String PSKID_SEC = "PSKID#SEC";
    private final RedisConnectionFactory connectionFactory;
    private final RedisLockRegistry redisLock;

    public TbLwM2mRedisSecurityStore(RedisConnectionFactory redisConnectionFactory) {
        this.connectionFactory = redisConnectionFactory;
        this.redisLock = new RedisLockRegistry(redisConnectionFactory, "Security");
    }

    public SecurityInfo getByEndpoint(String str) {
        Lock lock = null;
        try {
            RedisConnection connection = this.connectionFactory.getConnection();
            try {
                Lock obtain = this.redisLock.obtain(toLockKey(str));
                obtain.lock();
                byte[] bArr = connection.get(("SEC#EP#" + str).getBytes());
                if (bArr == null || bArr.length == 0) {
                    if (connection != null) {
                        connection.close();
                    }
                    if (obtain != null) {
                        obtain.unlock();
                    }
                    return null;
                }
                TbLwM2MSecurityInfo tbLwM2MSecurityInfo = (TbLwM2MSecurityInfo) JavaSerDesUtil.decode(bArr);
                if (tbLwM2MSecurityInfo != null) {
                    if (!SecurityMode.NO_SEC.equals(tbLwM2MSecurityInfo.getSecurityMode())) {
                        SecurityInfo securityInfo = tbLwM2MSecurityInfo.getSecurityInfo();
                        if (connection != null) {
                            connection.close();
                        }
                        if (obtain != null) {
                            obtain.unlock();
                        }
                        return securityInfo;
                    }
                    log.info("lwm2m redis securityStore (decode -ok). Endpoint: [{}], secMode: [NoSec] key: [{}], data [{}]", new Object[]{str, SEC_EP, bArr});
                    SecurityInfo newPreSharedKeyInfo = SecurityInfo.newPreSharedKeyInfo(SecurityMode.NO_SEC.toString(), SecurityMode.NO_SEC.toString(), SecurityMode.NO_SEC.toString().getBytes());
                    if (connection != null) {
                        connection.close();
                    }
                    if (obtain != null) {
                        obtain.unlock();
                    }
                    return newPreSharedKeyInfo;
                }
                if (!SecurityMode.NO_SEC.equals(getSecurityModeByRegistration(connection, str))) {
                    log.info("lwm2m redis securityStore (decode - bad, registration is not unsecure) - return null. Endpoint: [{}], key: [{}], data [{}]", new Object[]{str, SEC_EP, bArr});
                    if (connection != null) {
                        connection.close();
                    }
                    if (obtain != null) {
                        obtain.unlock();
                    }
                    return null;
                }
                log.info("lwm2m redis securityStore (decode - bad, registration - unsecure). Endpoint: [{}], secMode: [NoSec] key: [{}], data [{}]", new Object[]{str, SEC_EP, bArr});
                SecurityInfo newPreSharedKeyInfo2 = SecurityInfo.newPreSharedKeyInfo(SecurityMode.NO_SEC.toString(), SecurityMode.NO_SEC.toString(), SecurityMode.NO_SEC.toString().getBytes());
                if (connection != null) {
                    connection.close();
                }
                if (obtain != null) {
                    obtain.unlock();
                }
                return newPreSharedKeyInfo2;
            } catch (Throwable th) {
                if (connection != null) {
                    try {
                        connection.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (Throwable th3) {
            if (0 != 0) {
                lock.unlock();
            }
            throw th3;
        }
    }

    public SecurityInfo getByIdentity(String str) {
        Lock lock = null;
        try {
            RedisConnection connection = this.connectionFactory.getConnection();
            try {
                lock = this.redisLock.obtain(toLockKey(str));
                lock.lock();
                byte[] hGet = connection.hGet(PSKID_SEC.getBytes(), str.getBytes());
                if (hGet == null) {
                    if (connection != null) {
                        connection.close();
                    }
                    if (lock != null) {
                        lock.unlock();
                    }
                    return null;
                }
                byte[] bArr = connection.get(("SEC#EP#" + new String(hGet)).getBytes());
                if (bArr == null || bArr.length == 0) {
                    if (connection != null) {
                        connection.close();
                    }
                    if (lock != null) {
                        lock.unlock();
                    }
                    return null;
                }
                SecurityInfo securityInfo = ((TbLwM2MSecurityInfo) JavaSerDesUtil.decode(bArr)).getSecurityInfo();
                if (connection != null) {
                    connection.close();
                }
                if (lock != null) {
                    lock.unlock();
                }
                return securityInfo;
            } catch (Throwable th) {
                if (connection != null) {
                    try {
                        connection.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (Throwable th3) {
            if (lock != null) {
                lock.unlock();
            }
            throw th3;
        }
    }

    public SecurityInfo getByOscoreIdentity(OscoreIdentity oscoreIdentity) {
        return null;
    }

    /* JADX WARN: Type inference failed for: r2v4, types: [byte[], byte[][]] */
    @Override // org.thingsboard.server.transport.lwm2m.server.store.TbEditableSecurityStore
    public void put(TbLwM2MSecurityInfo tbLwM2MSecurityInfo) throws NonUniqueSecurityInfoException {
        String pskIdentity;
        byte[] hGet;
        SecurityInfo securityInfo = tbLwM2MSecurityInfo.getSecurityInfo();
        byte[] encode = JavaSerDesUtil.encode(tbLwM2MSecurityInfo);
        Lock lock = null;
        try {
            RedisConnection connection = this.connectionFactory.getConnection();
            try {
                Lock obtain = this.redisLock.obtain(tbLwM2MSecurityInfo.getEndpoint());
                obtain.lock();
                if (securityInfo != null && securityInfo.getPskIdentity() != null && (hGet = connection.hGet(PSKID_SEC.getBytes(), securityInfo.getPskIdentity().getBytes())) != null) {
                    if (!new String(hGet).equals(securityInfo.getEndpoint())) {
                        throw new NonUniqueSecurityInfoException("PSK Identity " + securityInfo.getPskIdentity() + " is already used");
                    }
                    connection.hSet(PSKID_SEC.getBytes(), securityInfo.getPskIdentity().getBytes(), securityInfo.getEndpoint().getBytes());
                }
                byte[] set = connection.getSet(("SEC#EP#" + tbLwM2MSecurityInfo.getEndpoint()).getBytes(), encode);
                log.info("lwm2m redis connect. Endpoint: [{}], secMode: [{}] key: [{}], tbSecurityInfoSerialized [{}]", new Object[]{tbLwM2MSecurityInfo.getEndpoint(), tbLwM2MSecurityInfo.getSecurityMode().name(), SEC_EP, encode});
                if (set != null && securityInfo != null && (pskIdentity = ((TbLwM2MSecurityInfo) JavaSerDesUtil.decode(set)).getSecurityInfo().getPskIdentity()) != null && !pskIdentity.equals(securityInfo.getPskIdentity())) {
                    connection.hDel(PSKID_SEC.getBytes(), (byte[][]) new byte[]{pskIdentity.getBytes()});
                }
                if (connection != null) {
                    connection.close();
                }
                if (obtain != null) {
                    obtain.unlock();
                }
            } catch (Throwable th) {
                if (connection != null) {
                    try {
                        connection.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (Throwable th3) {
            if (0 != 0) {
                lock.unlock();
            }
            throw th3;
        }
    }

    @Override // org.thingsboard.server.transport.lwm2m.server.store.TbSecurityStore
    public TbLwM2MSecurityInfo getTbLwM2MSecurityInfoByEndpoint(String str) {
        Lock lock = null;
        try {
            RedisConnection connection = this.connectionFactory.getConnection();
            try {
                lock = this.redisLock.obtain(str);
                lock.lock();
                byte[] bArr = connection.get(("SEC#EP#" + str).getBytes());
                if (bArr == null || bArr.length <= 0) {
                    if (connection != null) {
                        connection.close();
                    }
                    if (lock != null) {
                        lock.unlock();
                    }
                    return null;
                }
                TbLwM2MSecurityInfo tbLwM2MSecurityInfo = (TbLwM2MSecurityInfo) JavaSerDesUtil.decode(bArr);
                if (connection != null) {
                    connection.close();
                }
                if (lock != null) {
                    lock.unlock();
                }
                return tbLwM2MSecurityInfo;
            } catch (Throwable th) {
                if (connection != null) {
                    try {
                        connection.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (Throwable th3) {
            if (lock != null) {
                lock.unlock();
            }
            throw th3;
        }
    }

    /* JADX WARN: Type inference failed for: r1v6, types: [byte[], byte[][]] */
    /* JADX WARN: Type inference failed for: r2v2, types: [byte[], byte[][]] */
    @Override // org.thingsboard.server.transport.lwm2m.server.store.TbEditableSecurityStore
    public void remove(String str) {
        Lock lock = null;
        try {
            RedisConnection connection = this.connectionFactory.getConnection();
            try {
                lock = this.redisLock.obtain(str);
                lock.lock();
                byte[] bArr = connection.get(("SEC#EP#" + str).getBytes());
                if (bArr != null && bArr.length > 0) {
                    SecurityInfo securityInfo = ((TbLwM2MSecurityInfo) JavaSerDesUtil.decode(bArr)).getSecurityInfo();
                    if (securityInfo != null && securityInfo.getPskIdentity() != null) {
                        connection.hDel(PSKID_SEC.getBytes(), (byte[][]) new byte[]{securityInfo.getPskIdentity().getBytes()});
                    }
                    connection.del((byte[][]) new byte[]{("SEC#EP#" + str).getBytes()});
                }
                if (connection != null) {
                    connection.close();
                }
                if (lock != null) {
                    lock.unlock();
                }
            } catch (Throwable th) {
                if (connection != null) {
                    try {
                        connection.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (Throwable th3) {
            if (lock != null) {
                lock.unlock();
            }
            throw th3;
        }
    }

    private String toLockKey(String str) {
        return "LOCK#EP#" + str;
    }

    private SecurityMode getSecurityModeByRegistration(RedisConnection redisConnection, String str) {
        try {
            byte[] bArr = redisConnection.get(("REG:EP:" + str).getBytes());
            if ("unsecure".equals(((JsonNode) JacksonUtil.fromString(new String(bArr != null ? bArr : new byte[0]), JsonNode.class)).get("transportdata").get("identity").get("type").asText())) {
                return SecurityMode.NO_SEC;
            }
            return null;
        } catch (Exception e) {
            log.error("Redis: Failed get SecurityMode by Registration, endpoint: [{}]", str, e);
            return null;
        }
    }
}
