package org.thingsboard.server.dao.service.validator;

import com.google.protobuf.Descriptors;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.cert.CertificateEncodingException;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import org.eclipse.leshan.core.util.SecurityUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Lazy;
import org.springframework.stereotype.Component;
import org.springframework.util.Base64Utils;
import org.springframework.util.CollectionUtils;
import org.thingsboard.server.common.data.DashboardInfo;
import org.thingsboard.server.common.data.DeviceProfile;
import org.thingsboard.server.common.data.DeviceProfileProvisionType;
import org.thingsboard.server.common.data.DynamicProtoUtils;
import org.thingsboard.server.common.data.StringUtils;
import org.thingsboard.server.common.data.device.credentials.lwm2m.LwM2MSecurityMode;
import org.thingsboard.server.common.data.device.profile.CoapDeviceProfileTransportConfiguration;
import org.thingsboard.server.common.data.device.profile.DefaultCoapDeviceTypeConfiguration;
import org.thingsboard.server.common.data.device.profile.DeviceProfileAlarm;
import org.thingsboard.server.common.data.device.profile.Lwm2mDeviceProfileTransportConfiguration;
import org.thingsboard.server.common.data.device.profile.MqttDeviceProfileTransportConfiguration;
import org.thingsboard.server.common.data.device.profile.ProtoTransportPayloadConfiguration;
import org.thingsboard.server.common.data.device.profile.TransportPayloadTypeConfiguration;
import org.thingsboard.server.common.data.device.profile.lwm2m.bootstrap.AbstractLwM2MBootstrapServerCredential;
import org.thingsboard.server.common.data.device.profile.lwm2m.bootstrap.LwM2MBootstrapServerCredential;
import org.thingsboard.server.common.data.device.profile.lwm2m.bootstrap.RPKLwM2MBootstrapServerCredential;
import org.thingsboard.server.common.data.device.profile.lwm2m.bootstrap.X509LwM2MBootstrapServerCredential;
import org.thingsboard.server.common.data.id.TenantId;
import org.thingsboard.server.common.data.rule.RuleChain;
import org.thingsboard.server.common.msg.EncryptionUtil;
import org.thingsboard.server.dao.dashboard.DashboardService;
import org.thingsboard.server.dao.device.DeviceDao;
import org.thingsboard.server.dao.device.DeviceProfileDao;
import org.thingsboard.server.dao.device.DeviceProfileService;
import org.thingsboard.server.dao.exception.DataValidationException;
import org.thingsboard.server.dao.exception.DeviceCredentialsValidationException;
import org.thingsboard.server.dao.model.ModelConstants;
import org.thingsboard.server.dao.queue.QueueService;
import org.thingsboard.server.dao.rule.RuleChainService;
import org.thingsboard.server.dao.tenant.TenantService;

@Component
/* loaded from: input_file:org/thingsboard/server/dao/service/validator/DeviceProfileDataValidator.class */
public class DeviceProfileDataValidator extends AbstractHasOtaPackageValidator<DeviceProfile> {
    private static final Logger log = LoggerFactory.getLogger(DeviceProfileDataValidator.class);
    private static final String ATTRIBUTES_PROTO_SCHEMA = "attributes proto schema";
    private static final String TELEMETRY_PROTO_SCHEMA = "telemetry proto schema";
    private static final String RPC_REQUEST_PROTO_SCHEMA = "rpc request proto schema";
    private static final String RPC_RESPONSE_PROTO_SCHEMA = "rpc response proto schema";
    private static final String EXCEPTION_PREFIX = "[Transport Configuration]";

    @Autowired
    private DeviceProfileDao deviceProfileDao;

    @Autowired
    @Lazy
    private DeviceProfileService deviceProfileService;

    @Autowired
    private DeviceDao deviceDao;

    @Autowired
    private TenantService tenantService;

    @Autowired
    @Lazy
    private QueueService queueService;

    @Autowired
    private RuleChainService ruleChainService;

    @Autowired
    private DashboardService dashboardService;

    @Value("${security.java_cacerts.path:}")
    private String javaCacertsPath;

    @Value("${security.java_cacerts.password:}")
    private String javaCacertsPassword;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.thingsboard.server.dao.service.validator.DeviceProfileDataValidator$1, reason: invalid class name */
    /* loaded from: input_file:org/thingsboard/server/dao/service/validator/DeviceProfileDataValidator$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$thingsboard$server$common$data$device$credentials$lwm2m$LwM2MSecurityMode = new int[LwM2MSecurityMode.values().length];

        static {
            try {
                $SwitchMap$org$thingsboard$server$common$data$device$credentials$lwm2m$LwM2MSecurityMode[LwM2MSecurityMode.NO_SEC.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$thingsboard$server$common$data$device$credentials$lwm2m$LwM2MSecurityMode[LwM2MSecurityMode.PSK.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$thingsboard$server$common$data$device$credentials$lwm2m$LwM2MSecurityMode[LwM2MSecurityMode.RPK.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$thingsboard$server$common$data$device$credentials$lwm2m$LwM2MSecurityMode[LwM2MSecurityMode.X509.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.thingsboard.server.dao.service.DataValidator
    public void validateDataImpl(TenantId tenantId, DeviceProfile deviceProfile) {
        List<LwM2MBootstrapServerCredential> bootstrap;
        DeviceProfile findDefaultDeviceProfile;
        if (StringUtils.isEmpty(deviceProfile.getName())) {
            throw new DataValidationException("Device profile name should be specified!");
        }
        if (deviceProfile.getType() == null) {
            throw new DataValidationException("Device profile type should be specified!");
        }
        if (deviceProfile.getTransportType() == null) {
            throw new DataValidationException("Device profile transport type should be specified!");
        }
        if (deviceProfile.getTenantId() == null) {
            throw new DataValidationException("Device profile should be assigned to tenant!");
        }
        if (!this.tenantService.tenantExists(deviceProfile.getTenantId())) {
            throw new DataValidationException("Device profile is referencing to non-existent tenant!");
        }
        if (deviceProfile.isDefault() && (findDefaultDeviceProfile = this.deviceProfileService.findDefaultDeviceProfile(tenantId)) != null && !findDefaultDeviceProfile.getId().equals(deviceProfile.getId())) {
            throw new DataValidationException("Another default device profile is present in scope of current tenant!");
        }
        if (StringUtils.isNotEmpty(deviceProfile.getDefaultQueueName()) && this.queueService.findQueueByTenantIdAndName(tenantId, deviceProfile.getDefaultQueueName()) == null) {
            throw new DataValidationException("Device profile is referencing to non-existent queue!");
        }
        if (deviceProfile.getProvisionType() == null) {
            deviceProfile.setProvisionType(DeviceProfileProvisionType.DISABLED);
        }
        if (deviceProfile.getProvisionDeviceKey() != null && DeviceProfileProvisionType.X509_CERTIFICATE_CHAIN.equals(deviceProfile.getProvisionType()) && isDeviceProfileCertificateInJavaCacerts(deviceProfile.getProfileData().getProvisionConfiguration().getProvisionDeviceSecret())) {
            throw new DataValidationException("Device profile certificate cannot be well known root CA!");
        }
        MqttDeviceProfileTransportConfiguration transportConfiguration = deviceProfile.getProfileData().getTransportConfiguration();
        transportConfiguration.validate();
        if (transportConfiguration instanceof MqttDeviceProfileTransportConfiguration) {
            MqttDeviceProfileTransportConfiguration mqttDeviceProfileTransportConfiguration = transportConfiguration;
            if (mqttDeviceProfileTransportConfiguration.getTransportPayloadTypeConfiguration() instanceof ProtoTransportPayloadConfiguration) {
                ProtoTransportPayloadConfiguration protoTransportPayloadConfiguration = (ProtoTransportPayloadConfiguration) mqttDeviceProfileTransportConfiguration.getTransportPayloadTypeConfiguration();
                validateProtoSchemas(protoTransportPayloadConfiguration);
                validateTelemetryDynamicMessageFields(protoTransportPayloadConfiguration);
                validateRpcRequestDynamicMessageFields(protoTransportPayloadConfiguration);
            }
        } else if (transportConfiguration instanceof CoapDeviceProfileTransportConfiguration) {
            DefaultCoapDeviceTypeConfiguration coapDeviceTypeConfiguration = ((CoapDeviceProfileTransportConfiguration) transportConfiguration).getCoapDeviceTypeConfiguration();
            if (coapDeviceTypeConfiguration instanceof DefaultCoapDeviceTypeConfiguration) {
                TransportPayloadTypeConfiguration transportPayloadTypeConfiguration = coapDeviceTypeConfiguration.getTransportPayloadTypeConfiguration();
                if (transportPayloadTypeConfiguration instanceof ProtoTransportPayloadConfiguration) {
                    ProtoTransportPayloadConfiguration protoTransportPayloadConfiguration2 = (ProtoTransportPayloadConfiguration) transportPayloadTypeConfiguration;
                    validateProtoSchemas(protoTransportPayloadConfiguration2);
                    validateTelemetryDynamicMessageFields(protoTransportPayloadConfiguration2);
                    validateRpcRequestDynamicMessageFields(protoTransportPayloadConfiguration2);
                }
            }
        } else if ((transportConfiguration instanceof Lwm2mDeviceProfileTransportConfiguration) && (bootstrap = ((Lwm2mDeviceProfileTransportConfiguration) transportConfiguration).getBootstrap()) != null) {
            validateLwm2mServersConfigOfBootstrapForClient(bootstrap, ((Lwm2mDeviceProfileTransportConfiguration) transportConfiguration).isBootstrapServerUpdateEnable());
            Iterator<LwM2MBootstrapServerCredential> it = bootstrap.iterator();
            while (it.hasNext()) {
                validateLwm2mServersCredentialOfBootstrapForClient(it.next());
            }
        }
        List alarms = deviceProfile.getProfileData().getAlarms();
        if (!CollectionUtils.isEmpty(alarms)) {
            HashSet hashSet = new HashSet();
            Iterator it2 = alarms.iterator();
            while (it2.hasNext()) {
                String alarmType = ((DeviceProfileAlarm) it2.next()).getAlarmType();
                if (StringUtils.isEmpty(alarmType)) {
                    throw new DataValidationException("Alarm rule type should be specified!");
                }
                if (!hashSet.add(alarmType)) {
                    throw new DataValidationException(String.format("Can't create device profile with the same alarm rule types: \"%s\"!", alarmType));
                }
            }
        }
        if (deviceProfile.getDefaultRuleChainId() != null) {
            RuleChain findRuleChainById = this.ruleChainService.findRuleChainById(tenantId, deviceProfile.getDefaultRuleChainId());
            if (findRuleChainById == null) {
                throw new DataValidationException("Can't assign non-existent rule chain!");
            }
            if (!findRuleChainById.getTenantId().equals(deviceProfile.getTenantId())) {
                throw new DataValidationException("Can't assign rule chain from different tenant!");
            }
        }
        if (deviceProfile.getDefaultDashboardId() != null) {
            DashboardInfo findDashboardInfoById = this.dashboardService.findDashboardInfoById(tenantId, deviceProfile.getDefaultDashboardId());
            if (findDashboardInfoById == null) {
                throw new DataValidationException("Can't assign non-existent dashboard!");
            }
            if (!findDashboardInfoById.getTenantId().equals(deviceProfile.getTenantId())) {
                throw new DataValidationException("Can't assign dashboard from different tenant!");
            }
        }
        validateOtaPackage(tenantId, deviceProfile, deviceProfile.getId());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.thingsboard.server.dao.service.DataValidator
    public DeviceProfile validateUpdate(TenantId tenantId, DeviceProfile deviceProfile) {
        DeviceProfile deviceProfile2 = (DeviceProfile) this.deviceProfileDao.findById(deviceProfile.getTenantId(), deviceProfile.getId().getId());
        if (deviceProfile2 == null) {
            throw new DataValidationException("Can't update non existing device profile!");
        }
        boolean z = !deviceProfile2.getType().equals(deviceProfile.getType());
        boolean z2 = !deviceProfile2.getTransportType().equals(deviceProfile.getTransportType());
        if ((!z && !z2) || this.deviceDao.countDevicesByDeviceProfileId(deviceProfile.getTenantId(), deviceProfile.getId().getId()).longValue() <= 0) {
            if (deviceProfile.getProvisionDeviceKey() != null && DeviceProfileProvisionType.X509_CERTIFICATE_CHAIN.equals(deviceProfile.getProvisionType()) && isDeviceProfileCertificateInJavaCacerts(deviceProfile.getProvisionDeviceKey())) {
                throw new DataValidationException("Device profile certificate cannot be well known root CA!");
            }
            return deviceProfile2;
        }
        String str = null;
        if (z) {
            str = "Can't change device profile type because devices referenced it!";
        } else if (z2) {
            str = "Can't change device profile transport type because devices referenced it!";
        }
        throw new DataValidationException(str);
    }

    private void validateProtoSchemas(ProtoTransportPayloadConfiguration protoTransportPayloadConfiguration) {
        try {
            DynamicProtoUtils.validateProtoSchema(protoTransportPayloadConfiguration.getDeviceAttributesProtoSchema(), ATTRIBUTES_PROTO_SCHEMA, EXCEPTION_PREFIX);
            DynamicProtoUtils.validateProtoSchema(protoTransportPayloadConfiguration.getDeviceTelemetryProtoSchema(), TELEMETRY_PROTO_SCHEMA, EXCEPTION_PREFIX);
            DynamicProtoUtils.validateProtoSchema(protoTransportPayloadConfiguration.getDeviceRpcRequestProtoSchema(), RPC_REQUEST_PROTO_SCHEMA, EXCEPTION_PREFIX);
            DynamicProtoUtils.validateProtoSchema(protoTransportPayloadConfiguration.getDeviceRpcResponseProtoSchema(), RPC_RESPONSE_PROTO_SCHEMA, EXCEPTION_PREFIX);
        } catch (Exception e) {
            throw new DataValidationException(e.getMessage());
        }
    }

    private void validateTelemetryDynamicMessageFields(ProtoTransportPayloadConfiguration protoTransportPayloadConfiguration) {
        Descriptors.Descriptor telemetryDynamicMessageDescriptor = protoTransportPayloadConfiguration.getTelemetryDynamicMessageDescriptor(protoTransportPayloadConfiguration.getDeviceTelemetryProtoSchema());
        if (telemetryDynamicMessageDescriptor == null) {
            throw new DataValidationException(DynamicProtoUtils.invalidSchemaProvidedMessage(TELEMETRY_PROTO_SCHEMA, EXCEPTION_PREFIX) + " Failed to get telemetryDynamicMessageDescriptor!");
        }
        List fields = telemetryDynamicMessageDescriptor.getFields();
        if (CollectionUtils.isEmpty(fields)) {
            throw new DataValidationException(DynamicProtoUtils.invalidSchemaProvidedMessage(TELEMETRY_PROTO_SCHEMA, EXCEPTION_PREFIX) + " " + telemetryDynamicMessageDescriptor.getName() + " fields is empty!");
        }
        if (fields.size() == 2) {
            Descriptors.FieldDescriptor findFieldByName = telemetryDynamicMessageDescriptor.findFieldByName(ModelConstants.TS_COLUMN);
            Descriptors.FieldDescriptor findFieldByName2 = telemetryDynamicMessageDescriptor.findFieldByName("values");
            if (findFieldByName == null || findFieldByName2 == null) {
                return;
            }
            if (!Descriptors.FieldDescriptor.Type.MESSAGE.equals(findFieldByName2.getType())) {
                throw new DataValidationException(DynamicProtoUtils.invalidSchemaProvidedMessage(TELEMETRY_PROTO_SCHEMA, EXCEPTION_PREFIX) + " Field 'values' has invalid data type. Only message type is supported!");
            }
            if (!Descriptors.FieldDescriptor.Type.INT64.equals(findFieldByName.getType())) {
                throw new DataValidationException(DynamicProtoUtils.invalidSchemaProvidedMessage(TELEMETRY_PROTO_SCHEMA, EXCEPTION_PREFIX) + " Field 'ts' has invalid data type. Only int64 type is supported!");
            }
            if (!findFieldByName.hasOptionalKeyword()) {
                throw new DataValidationException(DynamicProtoUtils.invalidSchemaProvidedMessage(TELEMETRY_PROTO_SCHEMA, EXCEPTION_PREFIX) + " Field 'ts' has invalid label. Field 'ts' should have optional keyword!");
            }
        }
    }

    private void validateRpcRequestDynamicMessageFields(ProtoTransportPayloadConfiguration protoTransportPayloadConfiguration) {
        Descriptors.Descriptor descriptorForType = protoTransportPayloadConfiguration.getRpcRequestDynamicMessageBuilder(protoTransportPayloadConfiguration.getDeviceRpcRequestProtoSchema()).getDescriptorForType();
        if (descriptorForType == null) {
            throw new DataValidationException(DynamicProtoUtils.invalidSchemaProvidedMessage(RPC_REQUEST_PROTO_SCHEMA, EXCEPTION_PREFIX) + " Failed to get rpcRequestDynamicMessageDescriptor!");
        }
        if (CollectionUtils.isEmpty(descriptorForType.getFields()) || descriptorForType.getFields().size() != 3) {
            throw new DataValidationException(DynamicProtoUtils.invalidSchemaProvidedMessage(RPC_REQUEST_PROTO_SCHEMA, EXCEPTION_PREFIX) + " " + descriptorForType.getName() + " message should always contains 3 fields: method, requestId and params!");
        }
        Descriptors.FieldDescriptor findFieldByName = descriptorForType.findFieldByName("method");
        if (findFieldByName == null) {
            throw new DataValidationException(DynamicProtoUtils.invalidSchemaProvidedMessage(RPC_REQUEST_PROTO_SCHEMA, EXCEPTION_PREFIX) + " Failed to get field descriptor for field: method!");
        }
        if (!Descriptors.FieldDescriptor.Type.STRING.equals(findFieldByName.getType())) {
            throw new DataValidationException(DynamicProtoUtils.invalidSchemaProvidedMessage(RPC_REQUEST_PROTO_SCHEMA, EXCEPTION_PREFIX) + " Field 'method' has invalid data type. Only string type is supported!");
        }
        if (findFieldByName.isRepeated()) {
            throw new DataValidationException(DynamicProtoUtils.invalidSchemaProvidedMessage(RPC_REQUEST_PROTO_SCHEMA, EXCEPTION_PREFIX) + " Field 'method' has invalid label!");
        }
        Descriptors.FieldDescriptor findFieldByName2 = descriptorForType.findFieldByName("requestId");
        if (findFieldByName2 == null) {
            throw new DataValidationException(DynamicProtoUtils.invalidSchemaProvidedMessage(RPC_REQUEST_PROTO_SCHEMA, EXCEPTION_PREFIX) + " Failed to get field descriptor for field: requestId!");
        }
        if (!Descriptors.FieldDescriptor.Type.INT32.equals(findFieldByName2.getType())) {
            throw new DataValidationException(DynamicProtoUtils.invalidSchemaProvidedMessage(RPC_REQUEST_PROTO_SCHEMA, EXCEPTION_PREFIX) + " Field 'requestId' has invalid data type. Only int32 type is supported!");
        }
        if (findFieldByName2.isRepeated()) {
            throw new DataValidationException(DynamicProtoUtils.invalidSchemaProvidedMessage(RPC_REQUEST_PROTO_SCHEMA, EXCEPTION_PREFIX) + " Field 'requestId' has invalid label!");
        }
        Descriptors.FieldDescriptor findFieldByName3 = descriptorForType.findFieldByName("params");
        if (findFieldByName3 == null) {
            throw new DataValidationException(DynamicProtoUtils.invalidSchemaProvidedMessage(RPC_REQUEST_PROTO_SCHEMA, EXCEPTION_PREFIX) + " Failed to get field descriptor for field: params!");
        }
        if (findFieldByName3.isRepeated()) {
            throw new DataValidationException(DynamicProtoUtils.invalidSchemaProvidedMessage(RPC_REQUEST_PROTO_SCHEMA, EXCEPTION_PREFIX) + " Field 'params' has invalid label!");
        }
    }

    private void validateLwm2mServersConfigOfBootstrapForClient(List<LwM2MBootstrapServerCredential> list, boolean z) {
        int i;
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        Iterator<LwM2MBootstrapServerCredential> it = list.iterator();
        while (it.hasNext()) {
            AbstractLwM2MBootstrapServerCredential abstractLwM2MBootstrapServerCredential = (LwM2MBootstrapServerCredential) it.next();
            if (!z && abstractLwM2MBootstrapServerCredential.isBootstrapServerIs()) {
                throw new DeviceCredentialsValidationException("Bootstrap config must not include \"Bootstrap Server\". \"Include Bootstrap Server updates\" is " + z + ".");
            }
            String str = abstractLwM2MBootstrapServerCredential.isBootstrapServerIs() ? "Bootstrap Server" : "LwM2M Server shortServerId: " + abstractLwM2MBootstrapServerCredential.getShortServerId() + ":";
            if (abstractLwM2MBootstrapServerCredential.getShortServerId().intValue() < 1 || abstractLwM2MBootstrapServerCredential.getShortServerId().intValue() > 65534) {
                throw new DeviceCredentialsValidationException(str + " ShortServerId must not be less than 1 and more than 65534!");
            }
            if (!hashSet2.add(abstractLwM2MBootstrapServerCredential.getShortServerId())) {
                throw new DeviceCredentialsValidationException(str + " \"Short server Id\" value = " + abstractLwM2MBootstrapServerCredential.getShortServerId() + ". This value must be a unique value for all servers!");
            }
            String str2 = abstractLwM2MBootstrapServerCredential.getHost() + ":" + abstractLwM2MBootstrapServerCredential.getPort();
            if (!hashSet.add(str2)) {
                throw new DeviceCredentialsValidationException(str + " \"Host + port\" value = " + str2 + ". This value must be a unique value for all servers!");
            }
            if (LwM2MSecurityMode.NO_SEC.equals(abstractLwM2MBootstrapServerCredential.getSecurityMode())) {
                i = abstractLwM2MBootstrapServerCredential.isBootstrapServerIs() ? 5687 : 5685;
            } else {
                i = abstractLwM2MBootstrapServerCredential.isBootstrapServerIs() ? 5688 : 5686;
            }
            if (abstractLwM2MBootstrapServerCredential.getPort() == null || abstractLwM2MBootstrapServerCredential.getPort().intValue() != i) {
                throw new DeviceCredentialsValidationException(str + " \"Port\" value = " + abstractLwM2MBootstrapServerCredential.getPort() + ". This value for security " + abstractLwM2MBootstrapServerCredential.getSecurityMode().name() + " must be " + i + "!");
            }
        }
    }

    private void validateLwm2mServersCredentialOfBootstrapForClient(LwM2MBootstrapServerCredential lwM2MBootstrapServerCredential) {
        switch (AnonymousClass1.$SwitchMap$org$thingsboard$server$common$data$device$credentials$lwm2m$LwM2MSecurityMode[lwM2MBootstrapServerCredential.getSecurityMode().ordinal()]) {
            case 1:
            case 2:
            default:
                return;
            case 3:
                RPKLwM2MBootstrapServerCredential rPKLwM2MBootstrapServerCredential = (RPKLwM2MBootstrapServerCredential) lwM2MBootstrapServerCredential;
                String str = rPKLwM2MBootstrapServerCredential.isBootstrapServerIs() ? "Bootstrap Server" : "LwM2M Server";
                if (StringUtils.isEmpty(rPKLwM2MBootstrapServerCredential.getServerPublicKey())) {
                    throw new DeviceCredentialsValidationException(str + " RPK public key must be specified!");
                }
                try {
                    rPKLwM2MBootstrapServerCredential.setServerPublicKey(EncryptionUtil.pubkTrimNewLines(rPKLwM2MBootstrapServerCredential.getServerPublicKey()));
                    SecurityUtil.publicKey.decode(rPKLwM2MBootstrapServerCredential.getDecodedCServerPublicKey());
                    return;
                } catch (Exception e) {
                    throw new DeviceCredentialsValidationException(str + " RPK public key must be in standard [RFC7250] and then encoded to Base64 format!");
                }
            case 4:
                X509LwM2MBootstrapServerCredential x509LwM2MBootstrapServerCredential = (X509LwM2MBootstrapServerCredential) lwM2MBootstrapServerCredential;
                String str2 = x509LwM2MBootstrapServerCredential.isBootstrapServerIs() ? "Bootstrap Server" : "LwM2M Server";
                if (StringUtils.isEmpty(x509LwM2MBootstrapServerCredential.getServerPublicKey())) {
                    throw new DeviceCredentialsValidationException(str2 + " X509 certificate must be specified!");
                }
                try {
                    x509LwM2MBootstrapServerCredential.setServerPublicKey(EncryptionUtil.certTrimNewLines(x509LwM2MBootstrapServerCredential.getServerPublicKey()));
                    SecurityUtil.certificate.decode(x509LwM2MBootstrapServerCredential.getDecodedCServerPublicKey());
                    return;
                } catch (Exception e2) {
                    throw new DeviceCredentialsValidationException(str2 + " X509 certificate must be in DER-encoded X509v3 format and support only EC algorithm and then encoded to Base64 format!");
                }
        }
    }

    private boolean isDeviceProfileCertificateInJavaCacerts(String str) {
        try {
            FileInputStream fileInputStream = new FileInputStream(this.javaCacertsPath);
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(fileInputStream, this.javaCacertsPassword.toCharArray());
            Iterator<TrustAnchor> it = new PKIXParameters(keyStore).getTrustAnchors().iterator();
            while (it.hasNext()) {
                if (getCertificateString(it.next().getTrustedCert()).equals(str)) {
                    return true;
                }
            }
            return false;
        } catch (Exception e) {
            log.trace("Failed to validate certificate due to: ", e);
            return false;
        }
    }

    private String getCertificateString(X509Certificate x509Certificate) throws CertificateEncodingException {
        return EncryptionUtil.certTrimNewLines(Base64Utils.encodeToString(x509Certificate.getEncoded()));
    }
}
