package org.eclipse.leshan.server.californium.endpoint.coaps;

import java.net.InetSocketAddress;
import java.net.URI;
import java.util.Arrays;
import java.util.List;
import java.util.function.Consumer;
import javax.security.auth.x500.X500Principal;
import org.eclipse.californium.core.coap.Message;
import org.eclipse.californium.core.coap.Request;
import org.eclipse.californium.core.config.CoapConfig;
import org.eclipse.californium.core.network.CoapEndpoint;
import org.eclipse.californium.core.network.serialization.UdpDataParser;
import org.eclipse.californium.core.network.serialization.UdpDataSerializer;
import org.eclipse.californium.core.observe.ObservationStore;
import org.eclipse.californium.elements.AddressEndpointContext;
import org.eclipse.californium.elements.Connector;
import org.eclipse.californium.elements.DtlsEndpointContext;
import org.eclipse.californium.elements.EndpointContext;
import org.eclipse.californium.elements.EndpointContextMatcher;
import org.eclipse.californium.elements.MapBasedEndpointContext;
import org.eclipse.californium.elements.auth.PreSharedKeyIdentity;
import org.eclipse.californium.elements.auth.RawPublicKeyIdentity;
import org.eclipse.californium.elements.auth.X509CertPath;
import org.eclipse.californium.elements.config.Configuration;
import org.eclipse.californium.elements.config.SystemConfig;
import org.eclipse.californium.elements.config.UdpConfig;
import org.eclipse.californium.scandium.DTLSConnector;
import org.eclipse.californium.scandium.config.DtlsConfig;
import org.eclipse.californium.scandium.config.DtlsConnectorConfig;
import org.eclipse.californium.scandium.dtls.CertificateType;
import org.eclipse.californium.scandium.dtls.DtlsHandshakeTimeoutException;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
import org.eclipse.californium.scandium.dtls.x509.SingleCertificateProvider;
import org.eclipse.californium.scandium.dtls.x509.StaticNewAdvancedCertificateVerifier;
import org.eclipse.leshan.core.californium.DefaultExceptionTranslator;
import org.eclipse.leshan.core.californium.ExceptionTranslator;
import org.eclipse.leshan.core.californium.Lwm2mEndpointContextMatcher;
import org.eclipse.leshan.core.californium.identity.IdentityHandler;
import org.eclipse.leshan.core.endpoint.EndpointUriUtil;
import org.eclipse.leshan.core.endpoint.Protocol;
import org.eclipse.leshan.core.peer.IpPeer;
import org.eclipse.leshan.core.peer.LwM2mPeer;
import org.eclipse.leshan.core.peer.PskIdentity;
import org.eclipse.leshan.core.peer.RpkIdentity;
import org.eclipse.leshan.core.peer.X509Identity;
import org.eclipse.leshan.core.request.exception.TimeoutException;
import org.eclipse.leshan.core.security.certificate.util.X509CertUtil;
import org.eclipse.leshan.server.LeshanServer;
import org.eclipse.leshan.server.californium.ConnectionCleaner;
import org.eclipse.leshan.server.californium.LwM2mPskStore;
import org.eclipse.leshan.server.californium.endpoint.CaliforniumServerEndpointFactory;
import org.eclipse.leshan.server.californium.observation.LwM2mObservationStore;
import org.eclipse.leshan.server.californium.observation.ObservationSerDes;
import org.eclipse.leshan.server.observation.LwM2mNotificationReceiver;
import org.eclipse.leshan.server.security.EditableSecurityStore;
import org.eclipse.leshan.server.security.SecurityInfo;
import org.eclipse.leshan.server.security.SecurityStore;
import org.eclipse.leshan.server.security.SecurityStoreListener;
import org.eclipse.leshan.server.security.ServerSecurityInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/leshan/server/californium/endpoint/coaps/CoapsServerEndpointFactory.class */
public class CoapsServerEndpointFactory implements CaliforniumServerEndpointFactory {
    private static final Logger LOG = LoggerFactory.getLogger(CoapsServerEndpointFactory.class);
    protected final URI endpointUri;
    protected final String loggingTagPrefix;
    protected final Configuration configuration;
    protected final Consumer<DtlsConnectorConfig.Builder> dtlsConnectorConfigInitializer;
    protected final Consumer<CoapEndpoint.Builder> coapEndpointConfigInitializer;

    public static Protocol getSupportedProtocol() {
        return Protocol.COAPS;
    }

    @Override // org.eclipse.leshan.server.californium.endpoint.CaliforniumServerEndpointFactory
    public String getEndpointDescription() {
        return "CoAP over DTLS endpoint based on Californium/Scandium library";
    }

    public static void applyDefaultValue(Configuration configuration) {
        configuration.set(CoapConfig.MID_TRACKER, CoapConfig.TrackerMode.NULL);
        configuration.set(DtlsConfig.DTLS_DEFAULT_HANDSHAKE_MODE, "none");
        configuration.set(DtlsConfig.DTLS_ROLE, DtlsConfig.DtlsRole.BOTH);
    }

    public static List<Configuration.ModuleDefinitionsProvider> getModuleDefinitionsProviders() {
        return Arrays.asList(SystemConfig.DEFINITIONS, CoapConfig.DEFINITIONS, UdpConfig.DEFINITIONS, DtlsConfig.DEFINITIONS);
    }

    public CoapsServerEndpointFactory(URI uri) {
        this(uri, null, null, null, null);
    }

    public CoapsServerEndpointFactory(URI uri, String str, Configuration configuration, Consumer<DtlsConnectorConfig.Builder> consumer, Consumer<CoapEndpoint.Builder> consumer2) {
        EndpointUriUtil.validateURI(uri);
        this.endpointUri = uri;
        this.loggingTagPrefix = str == null ? "LWM2M Server" : str;
        this.configuration = configuration;
        this.dtlsConnectorConfigInitializer = consumer;
        this.coapEndpointConfigInitializer = consumer2;
    }

    @Override // org.eclipse.leshan.server.californium.endpoint.CaliforniumServerEndpointFactory
    public Protocol getProtocol() {
        return getSupportedProtocol();
    }

    @Override // org.eclipse.leshan.server.californium.endpoint.CaliforniumServerEndpointFactory
    public URI getUri() {
        return this.endpointUri;
    }

    protected String getLoggingTag() {
        return this.loggingTagPrefix != null ? String.format("[%s-%s]", this.loggingTagPrefix, getUri().toString()) : String.format("[%s]", getUri().toString());
    }

    @Override // org.eclipse.leshan.server.californium.endpoint.CaliforniumServerEndpointFactory
    public CoapEndpoint createCoapEndpoint(Configuration configuration, ServerSecurityInfo serverSecurityInfo, LwM2mNotificationReceiver lwM2mNotificationReceiver, LeshanServer leshanServer) {
        if (leshanServer.getSecurityStore() == null) {
            return null;
        }
        Configuration configuration2 = this.configuration == null ? configuration : this.configuration;
        DtlsConnectorConfig.Builder createDtlsConnectorConfigBuilder = createDtlsConnectorConfigBuilder(configuration2);
        setUpDtlsConfig(createDtlsConnectorConfigBuilder, EndpointUriUtil.getSocketAddr(this.endpointUri), serverSecurityInfo, leshanServer);
        try {
            CoapEndpoint build = createEndpointBuilder(createDtlsConnectorConfigBuilder.build(), configuration2, createObservationStore(leshanServer, lwM2mNotificationReceiver)).build();
            createConnectionCleaner(leshanServer.getSecurityStore(), build);
            return build;
        } catch (IllegalStateException e) {
            LOG.warn("Unable to create DTLS config for endpont {}.", this.endpointUri.toString(), e);
            return null;
        }
    }

    protected DtlsConnectorConfig.Builder createDtlsConnectorConfigBuilder(Configuration configuration) {
        DtlsConnectorConfig.Builder builder = new DtlsConnectorConfig.Builder(configuration);
        if (this.dtlsConnectorConfigInitializer != null) {
            this.dtlsConnectorConfigInitializer.accept(builder);
        }
        return builder;
    }

    protected void setUpDtlsConfig(DtlsConnectorConfig.Builder builder, InetSocketAddress inetSocketAddress, ServerSecurityInfo serverSecurityInfo, LeshanServer leshanServer) {
        List list;
        DtlsConnectorConfig incompleteConfig = builder.getIncompleteConfig();
        if (incompleteConfig.getAdvancedPskStore() != null) {
            LOG.warn("PskStore should be automatically set by Leshan. Using a custom implementation is not advised.");
        } else if (leshanServer.getSecurityStore() != null && ((list = (List) incompleteConfig.getConfiguration().get(DtlsConfig.DTLS_CIPHER_SUITES)) == null || CipherSuite.containsPskBasedCipherSuite(list))) {
            builder.setAdvancedPskStore(new LwM2mPskStore(leshanServer.getSecurityStore(), leshanServer.getRegistrationStore()));
        }
        if (incompleteConfig.getAddress() == null) {
            builder.setAddress(inetSocketAddress);
        } else if (inetSocketAddress != null && !inetSocketAddress.equals(incompleteConfig.getAddress())) {
            throw new IllegalStateException(String.format("Configuration conflict between Endpoint Factory and DtlsConnectorConfig.Builder for address: %s != %s", inetSocketAddress, incompleteConfig.getAddress()));
        }
        if (incompleteConfig.getCertificateIdentityProvider() != null) {
            if (serverSecurityInfo.getPrivateKey() != null) {
                throw new IllegalStateException(String.format("Configuration conflict between LeshanBuilder and DtlsConnectorConfig.Builder for private key", new Object[0]));
            }
            if (serverSecurityInfo.getPublicKey() != null) {
                throw new IllegalStateException(String.format("Configuration conflict between LeshanBuilder and DtlsConnectorConfig.Builder for public key", new Object[0]));
            }
            if (serverSecurityInfo.getCertificateChain() != null) {
                throw new IllegalStateException(String.format("Configuration conflict between LeshanBuilder and DtlsConnectorConfig.Builder for certificate chain", new Object[0]));
            }
        } else if (serverSecurityInfo.getPrivateKey() != null) {
            if (serverSecurityInfo.getCertificateChain() == null && serverSecurityInfo.getPublicKey() != null) {
                builder.setCertificateIdentityProvider(new SingleCertificateProvider(serverSecurityInfo.getPrivateKey(), serverSecurityInfo.getPublicKey()));
            }
            if (serverSecurityInfo.getCertificateChain() != null && serverSecurityInfo.getCertificateChain().length > 0) {
                builder.setCertificateIdentityProvider(new SingleCertificateProvider(serverSecurityInfo.getPrivateKey(), serverSecurityInfo.getCertificateChain(), new CertificateType[]{CertificateType.X_509, CertificateType.RAW_PUBLIC_KEY}));
            }
        }
        if (incompleteConfig.getAdvancedCertificateVerifier() != null) {
            if (serverSecurityInfo.getTrustedCertificates() != null) {
                throw new IllegalStateException("Configuration conflict between LeshanBuilder and DtlsConnectorConfig.Builder: if a AdvancedCertificateVerifier is set, trustedCertificates must not be set.");
            }
        } else if (incompleteConfig.getCertificateIdentityProvider() != null) {
            StaticNewAdvancedCertificateVerifier.Builder builder2 = StaticNewAdvancedCertificateVerifier.builder();
            builder2.setTrustAllRPKs();
            if (serverSecurityInfo.getTrustedCertificates() != null) {
                builder2.setTrustedCertificates(serverSecurityInfo.getTrustedCertificates());
            }
            builder.setAdvancedCertificateVerifier(builder2.build());
        }
    }

    protected LwM2mObservationStore createObservationStore(LeshanServer leshanServer, LwM2mNotificationReceiver lwM2mNotificationReceiver) {
        return new LwM2mObservationStore(leshanServer.getRegistrationStore(), lwM2mNotificationReceiver, new ObservationSerDes(new UdpDataParser(), new UdpDataSerializer()));
    }

    protected CoapEndpoint.Builder createEndpointBuilder(DtlsConnectorConfig dtlsConnectorConfig, Configuration configuration, ObservationStore observationStore) {
        CoapEndpoint.Builder builder = new CoapEndpoint.Builder();
        builder.setConnector(createConnector(dtlsConnectorConfig));
        builder.setConfiguration(configuration);
        builder.setLoggingTag(getLoggingTag());
        builder.setEndpointContextMatcher(createEndpointContextMatcher());
        builder.setObservationStore(observationStore);
        if (this.coapEndpointConfigInitializer != null) {
            this.coapEndpointConfigInitializer.accept(builder);
        }
        return builder;
    }

    protected EndpointContextMatcher createEndpointContextMatcher() {
        return new Lwm2mEndpointContextMatcher();
    }

    @Override // org.eclipse.leshan.server.californium.endpoint.CaliforniumServerEndpointFactory
    public IdentityHandler createIdentityHandler() {
        return new IdentityHandler() { // from class: org.eclipse.leshan.server.californium.endpoint.coaps.CoapsServerEndpointFactory.1
            public LwM2mPeer getIdentity(Message message) {
                EndpointContext sourceContext = message.getSourceContext();
                InetSocketAddress peerAddress = sourceContext.getPeerAddress();
                PreSharedKeyIdentity peerIdentity = sourceContext.getPeerIdentity();
                if (peerIdentity == null) {
                    return null;
                }
                if (peerIdentity instanceof PreSharedKeyIdentity) {
                    return new IpPeer(peerAddress, new PskIdentity(peerIdentity.getIdentity()));
                }
                if (peerIdentity instanceof RawPublicKeyIdentity) {
                    return new IpPeer(peerAddress, new RpkIdentity(((RawPublicKeyIdentity) peerIdentity).getKey()));
                }
                if ((peerIdentity instanceof X500Principal) || (peerIdentity instanceof X509CertPath)) {
                    return new IpPeer(peerAddress, new X509Identity(X509CertUtil.extractCN(peerIdentity.getName())));
                }
                throw new IllegalStateException(String.format("Unable to extract sender identity : unexpected type of Principal %s [%s]", peerIdentity.getClass(), peerIdentity.toString()));
            }

            public EndpointContext createEndpointContext(LwM2mPeer lwM2mPeer, boolean z) {
                PreSharedKeyIdentity x500Principal;
                if (lwM2mPeer.getIdentity() instanceof PskIdentity) {
                    x500Principal = new PreSharedKeyIdentity(lwM2mPeer.getIdentity().getPskIdentity());
                } else if (lwM2mPeer.getIdentity() instanceof RpkIdentity) {
                    x500Principal = new RawPublicKeyIdentity(lwM2mPeer.getIdentity().getPublicKey());
                } else {
                    if (!(lwM2mPeer.getIdentity() instanceof X509Identity)) {
                        throw new IllegalStateException(String.format("Unsupported Identity : %s", lwM2mPeer.getIdentity()));
                    }
                    x500Principal = new X500Principal("CN=" + lwM2mPeer.getIdentity().getX509CommonName());
                }
                if (!(lwM2mPeer instanceof IpPeer)) {
                    throw new IllegalStateException(String.format("Unsupported peer : %s", lwM2mPeer));
                }
                IpPeer ipPeer = (IpPeer) lwM2mPeer;
                return (x500Principal == null || !z) ? new AddressEndpointContext(ipPeer.getSocketAddress(), x500Principal) : new MapBasedEndpointContext(ipPeer.getSocketAddress(), x500Principal, new MapBasedEndpointContext.Attributes().add(DtlsEndpointContext.KEY_HANDSHAKE_MODE, "auto"));
            }
        };
    }

    protected Connector createConnector(DtlsConnectorConfig dtlsConnectorConfig) {
        return new DTLSConnector(dtlsConnectorConfig);
    }

    protected void createConnectionCleaner(SecurityStore securityStore, CoapEndpoint coapEndpoint) {
        if (coapEndpoint != null && (coapEndpoint.getConnector() instanceof DTLSConnector) && (securityStore instanceof EditableSecurityStore)) {
            final ConnectionCleaner connectionCleaner = new ConnectionCleaner(coapEndpoint.getConnector());
            ((EditableSecurityStore) securityStore).addListener(new SecurityStoreListener() { // from class: org.eclipse.leshan.server.californium.endpoint.coaps.CoapsServerEndpointFactory.2
                public void securityInfoRemoved(boolean z, SecurityInfo... securityInfoArr) {
                    if (z) {
                        connectionCleaner.cleanConnectionFor(securityInfoArr);
                    }
                }
            });
        }
    }

    @Override // org.eclipse.leshan.server.californium.endpoint.CaliforniumServerEndpointFactory
    public ExceptionTranslator createExceptionTranslator() {
        return new DefaultExceptionTranslator() { // from class: org.eclipse.leshan.server.californium.endpoint.coaps.CoapsServerEndpointFactory.3
            public Exception translate(Request request, Throwable th) {
                return th instanceof DtlsHandshakeTimeoutException ? new TimeoutException(TimeoutException.Type.DTLS_HANDSHAKE_TIMEOUT, th, "Request %s timeout : dtls handshake timeout", new Object[]{request.getURI()}) : super.translate(request, th);
            }
        };
    }
}
