package org.thingsboard.server.transport.lwm2m.bootstrap.store;

import java.util.Collections;
import java.util.Iterator;
import java.util.Map;
import java.util.Optional;
import java.util.UUID;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.atomic.AtomicBoolean;
import org.eclipse.leshan.core.peer.OscoreIdentity;
import org.eclipse.leshan.server.bootstrap.BootstrapConfig;
import org.eclipse.leshan.server.bootstrap.EditableBootstrapConfigStore;
import org.eclipse.leshan.server.bootstrap.InvalidConfigurationException;
import org.eclipse.leshan.server.security.BootstrapSecurityStore;
import org.eclipse.leshan.server.security.SecurityInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;
import org.thingsboard.server.common.data.device.credentials.lwm2m.LwM2MSecurityMode;
import org.thingsboard.server.common.data.device.profile.lwm2m.bootstrap.AbstractLwM2MBootstrapServerCredential;
import org.thingsboard.server.gen.transport.TransportProtos;
import org.thingsboard.server.queue.util.TbLwM2mBootstrapTransportComponent;
import org.thingsboard.server.transport.lwm2m.bootstrap.secure.LwM2MBootstrapConfig;
import org.thingsboard.server.transport.lwm2m.secure.LwM2mCredentialsSecurityInfoValidator;
import org.thingsboard.server.transport.lwm2m.secure.TbLwM2MSecurityInfo;
import org.thingsboard.server.transport.lwm2m.server.LwM2mSessionMsgListener;
import org.thingsboard.server.transport.lwm2m.server.LwM2mTransportContext;
import org.thingsboard.server.transport.lwm2m.server.LwM2mTransportServerHelper;
import org.thingsboard.server.transport.lwm2m.server.client.LwM2MAuthException;
import org.thingsboard.server.transport.lwm2m.server.uplink.LwM2mTypeServer;
import org.thingsboard.server.transport.lwm2m.utils.LwM2MTransportUtil;

@Service("LwM2MBootstrapSecurityStore")
@TbLwM2mBootstrapTransportComponent
/* loaded from: input_file:org/thingsboard/server/transport/lwm2m/bootstrap/store/LwM2MBootstrapSecurityStore.class */
public class LwM2MBootstrapSecurityStore implements BootstrapSecurityStore {
    private static final Logger log = LoggerFactory.getLogger(LwM2MBootstrapSecurityStore.class);
    private final EditableBootstrapConfigStore bootstrapConfigStore;
    private final LwM2mCredentialsSecurityInfoValidator lwM2MCredentialsSecurityInfoValidator;
    private final LwM2mTransportContext context;
    private final LwM2mTransportServerHelper helper;
    private final Map<String, TransportProtos.SessionInfoProto> bsSessions = new ConcurrentHashMap();

    public LwM2MBootstrapSecurityStore(EditableBootstrapConfigStore editableBootstrapConfigStore, LwM2mCredentialsSecurityInfoValidator lwM2mCredentialsSecurityInfoValidator, LwM2mTransportContext lwM2mTransportContext, LwM2mTransportServerHelper lwM2mTransportServerHelper) {
        this.bootstrapConfigStore = editableBootstrapConfigStore;
        this.lwM2MCredentialsSecurityInfoValidator = lwM2mCredentialsSecurityInfoValidator;
        this.context = lwM2mTransportContext;
        this.helper = lwM2mTransportServerHelper;
    }

    public Iterator<SecurityInfo> getAllByEndpoint(String str) {
        TbLwM2MSecurityInfo endpointSecurityInfoByCredentialsId = this.lwM2MCredentialsSecurityInfoValidator.getEndpointSecurityInfoByCredentialsId(str, LwM2mTypeServer.BOOTSTRAP);
        if (addValueToStore(endpointSecurityInfoByCredentialsId, str) == null) {
            return null;
        }
        return Collections.singletonList(endpointSecurityInfoByCredentialsId.getSecurityInfo()).iterator();
    }

    public SecurityInfo getByIdentity(String str) {
        try {
            TbLwM2MSecurityInfo endpointSecurityInfoByCredentialsId = this.lwM2MCredentialsSecurityInfoValidator.getEndpointSecurityInfoByCredentialsId(str, LwM2mTypeServer.BOOTSTRAP);
            if (endpointSecurityInfoByCredentialsId.getBootstrapCredentialConfig() != null && endpointSecurityInfoByCredentialsId.getSecurityMode() != null) {
                setBootstrapConfigSecurityInfo(endpointSecurityInfoByCredentialsId);
                BootstrapConfig bootstrapConfig = endpointSecurityInfoByCredentialsId.getBootstrapConfig();
                if (bootstrapConfig.security != null) {
                    try {
                        this.bootstrapConfigStore.add(endpointSecurityInfoByCredentialsId.getEndpoint(), bootstrapConfig);
                    } catch (InvalidConfigurationException e) {
                        log.trace("Invalid Bootstrap Configuration", e);
                        return null;
                    }
                }
            }
            return endpointSecurityInfoByCredentialsId.getSecurityInfo();
        } catch (LwM2MAuthException e2) {
            log.trace("Bootstrap Registration failed: No pre-shared key found for [identity: {}]", str);
            return null;
        }
    }

    public SecurityInfo getByOscoreIdentity(OscoreIdentity oscoreIdentity) {
        return null;
    }

    public TbLwM2MSecurityInfo getX509ByEndpoint(String str) {
        TbLwM2MSecurityInfo endpointSecurityInfoByCredentialsId = this.lwM2MCredentialsSecurityInfoValidator.getEndpointSecurityInfoByCredentialsId(str, LwM2mTypeServer.BOOTSTRAP);
        addValueToStore(endpointSecurityInfoByCredentialsId, endpointSecurityInfoByCredentialsId.getEndpoint());
        return endpointSecurityInfoByCredentialsId;
    }

    private void setBootstrapConfigSecurityInfo(TbLwM2MSecurityInfo tbLwM2MSecurityInfo) {
        LwM2MBootstrapConfig parametersBootstrap = getParametersBootstrap(tbLwM2MSecurityInfo);
        if (parametersBootstrap != null) {
            tbLwM2MSecurityInfo.setBootstrapConfig(parametersBootstrap.getLwM2MBootstrapConfig());
        }
    }

    private LwM2MBootstrapConfig getParametersBootstrap(TbLwM2MSecurityInfo tbLwM2MSecurityInfo) {
        LwM2MBootstrapConfig bootstrapCredentialConfig = tbLwM2MSecurityInfo.getBootstrapCredentialConfig();
        if (bootstrapCredentialConfig == null) {
            log.error("Unable to decode Json or Certificate for [{}]", tbLwM2MSecurityInfo.getEndpoint());
            return null;
        }
        UUID randomUUID = UUID.randomUUID();
        TransportProtos.SessionInfoProto validateSessionInfo = this.helper.getValidateSessionInfo(tbLwM2MSecurityInfo.getMsg(), randomUUID.getMostSignificantBits(), randomUUID.getLeastSignificantBits());
        this.bsSessions.put(tbLwM2MSecurityInfo.getEndpoint(), validateSessionInfo);
        this.context.getTransportService().registerAsyncSession(validateSessionInfo, new LwM2mSessionMsgListener(null, null, null, validateSessionInfo, this.context.getTransportService()));
        if (getValidatedSecurityMode(bootstrapCredentialConfig)) {
            return bootstrapCredentialConfig;
        }
        log.error(" [{}] Different values SecurityMode between of client and profile.", tbLwM2MSecurityInfo.getEndpoint());
        log.error("{} getParametersBootstrap: [{}] Different values SecurityMode between of client and profile.", LwM2MTransportUtil.LOG_LWM2M_ERROR, tbLwM2MSecurityInfo.getEndpoint());
        this.helper.sendParametersOnThingsboardTelemetry(this.helper.getKvStringtoThingsboard(LwM2MTransportUtil.LOG_LWM2M_TELEMETRY, String.format("%s: Different values SecurityMode between of client and profile.", LwM2MTransportUtil.LOG_LWM2M_ERROR)), validateSessionInfo, null);
        return null;
    }

    private boolean getValidatedSecurityMode(LwM2MBootstrapConfig lwM2MBootstrapConfig) {
        LwM2MSecurityMode securityMode = lwM2MBootstrapConfig.getBootstrapServer().getSecurityMode();
        LwM2MSecurityMode securityMode2 = lwM2MBootstrapConfig.getLwm2mServer().getSecurityMode();
        AtomicBoolean atomicBoolean = new AtomicBoolean(true);
        AtomicBoolean atomicBoolean2 = new AtomicBoolean(true);
        lwM2MBootstrapConfig.getServerConfiguration().forEach(lwM2MBootstrapServerCredential -> {
            if (((AbstractLwM2MBootstrapServerCredential) lwM2MBootstrapServerCredential).isBootstrapServerIs()) {
                if (securityMode.equals(lwM2MBootstrapServerCredential.getSecurityMode())) {
                    return;
                }
                atomicBoolean.set(false);
            } else {
                if (securityMode2.equals(lwM2MBootstrapServerCredential.getSecurityMode())) {
                    return;
                }
                atomicBoolean2.set(false);
            }
        });
        return atomicBoolean.get() && atomicBoolean2.get();
    }

    public TransportProtos.SessionInfoProto getSessionByEndpoint(String str) {
        return this.bsSessions.get(str);
    }

    public TransportProtos.SessionInfoProto removeSessionByEndpoint(String str) {
        return this.bsSessions.remove(str);
    }

    public BootstrapConfig getBootstrapConfigByEndpoint(String str) {
        return (BootstrapConfig) this.bootstrapConfigStore.getAll().get(str);
    }

    public SecurityInfo addValueToStore(TbLwM2MSecurityInfo tbLwM2MSecurityInfo, String str) {
        SecurityInfo securityInfo = null;
        if (tbLwM2MSecurityInfo != null && tbLwM2MSecurityInfo.getBootstrapCredentialConfig() != null && tbLwM2MSecurityInfo.getSecurityMode() != null) {
            securityInfo = tbLwM2MSecurityInfo.getSecurityInfo();
            setBootstrapConfigSecurityInfo(tbLwM2MSecurityInfo);
            BootstrapConfig bootstrapConfig = tbLwM2MSecurityInfo.getBootstrapConfig();
            if (bootstrapConfig != null) {
                try {
                    if (!tbLwM2MSecurityInfo.getDeviceProfile().getProfileData().getTransportConfiguration().isBootstrapServerUpdateEnable()) {
                        Optional findAny = bootstrapConfig.security.entrySet().stream().filter(entry -> {
                            return ((BootstrapConfig.ServerSecurity) entry.getValue()).bootstrapServer;
                        }).findAny();
                        if (findAny.isPresent()) {
                            bootstrapConfig.security.entrySet().remove(findAny.get());
                            int intValue = ((BootstrapConfig.ServerSecurity) ((Map.Entry) findAny.get()).getValue()).serverId.intValue();
                            Optional findAny2 = bootstrapConfig.servers.entrySet().stream().filter(entry2 -> {
                                return ((BootstrapConfig.ServerConfig) entry2.getValue()).shortId == intValue;
                            }).findAny();
                            if (findAny2.isPresent()) {
                                bootstrapConfig.servers.entrySet().remove(findAny2.get());
                            }
                        }
                    }
                    for (String str2 : this.bootstrapConfigStore.getAll().keySet()) {
                        if (str2.equals(str)) {
                            this.bootstrapConfigStore.remove(str2);
                        }
                    }
                    this.bootstrapConfigStore.add(str, bootstrapConfig);
                } catch (InvalidConfigurationException e) {
                    if (e.getMessage().contains("Psk identity") && e.getMessage().contains("already used for this bootstrap server")) {
                        log.trace("Invalid Bootstrap Configuration", e);
                    } else {
                        log.error("Invalid Bootstrap Configuration", e);
                    }
                }
            }
        }
        return securityInfo;
    }
}
