package org.eclipse.leshan.client.californium.impl;

import java.io.IOException;
import java.net.InetSocketAddress;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import org.eclipse.californium.core.CoapServer;
import org.eclipse.californium.core.network.CoapEndpoint;
import org.eclipse.californium.core.network.Endpoint;
import org.eclipse.californium.core.network.config.NetworkConfig;
import org.eclipse.californium.elements.Connector;
import org.eclipse.californium.elements.auth.RawPublicKeyIdentity;
import org.eclipse.californium.scandium.DTLSConnector;
import org.eclipse.californium.scandium.config.DtlsConnectorConfig;
import org.eclipse.californium.scandium.dtls.AlertMessage;
import org.eclipse.californium.scandium.dtls.CertificateMessage;
import org.eclipse.californium.scandium.dtls.CertificateType;
import org.eclipse.californium.scandium.dtls.DTLSSession;
import org.eclipse.californium.scandium.dtls.HandshakeException;
import org.eclipse.californium.scandium.dtls.pskstore.StaticPskStore;
import org.eclipse.californium.scandium.dtls.rpkstore.TrustedRpkStore;
import org.eclipse.californium.scandium.dtls.x509.CertificateVerifier;
import org.eclipse.leshan.SecurityMode;
import org.eclipse.leshan.client.servers.EndpointsManager;
import org.eclipse.leshan.client.servers.Server;
import org.eclipse.leshan.client.servers.ServerInfo;
import org.eclipse.leshan.core.californium.EndpointContextUtil;
import org.eclipse.leshan.core.californium.EndpointFactory;
import org.eclipse.leshan.core.request.Identity;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/leshan/client/californium/impl/CaliforniumEndpointsManager.class */
public class CaliforniumEndpointsManager implements EndpointsManager {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) CaliforniumEndpointsManager.class);
    private boolean started = false;
    private CoapEndpoint currentEndpoint;
    private DtlsConnectorConfig.Builder dtlsConfigbuilder;
    private NetworkConfig coapConfig;
    private InetSocketAddress localAddress;
    private CoapServer coapServer;
    private EndpointFactory endpointFactory;

    public CaliforniumEndpointsManager(CoapServer coapServer, InetSocketAddress inetSocketAddress, NetworkConfig networkConfig, DtlsConnectorConfig.Builder builder, EndpointFactory endpointFactory) {
        this.coapServer = coapServer;
        this.localAddress = inetSocketAddress;
        this.coapConfig = networkConfig;
        this.dtlsConfigbuilder = builder;
        this.endpointFactory = endpointFactory;
    }

    @Override // org.eclipse.leshan.client.servers.EndpointsManager
    public synchronized Server createEndpoint(ServerInfo serverInfo) {
        Identity unsecure;
        if (this.currentEndpoint != null) {
            this.coapServer.getEndpoints().remove(this.currentEndpoint);
            this.currentEndpoint.destroy();
        }
        if (serverInfo.isSecure()) {
            DtlsConnectorConfig.Builder builder = new DtlsConnectorConfig.Builder(this.dtlsConfigbuilder.getIncompleteConfig());
            if (serverInfo.secureMode == SecurityMode.PSK) {
                builder.setPskStore(new StaticPskStore(serverInfo.pskId, serverInfo.pskKey));
                unsecure = Identity.psk(serverInfo.getAddress(), serverInfo.pskId);
            } else if (serverInfo.secureMode == SecurityMode.RPK) {
                builder.setIdentity(serverInfo.privateKey, serverInfo.publicKey);
                final PublicKey publicKey = serverInfo.serverPublicKey;
                builder.setRpkTrustStore(new TrustedRpkStore() { // from class: org.eclipse.leshan.client.californium.impl.CaliforniumEndpointsManager.1
                    @Override // org.eclipse.californium.scandium.dtls.rpkstore.TrustedRpkStore
                    public boolean isTrusted(RawPublicKeyIdentity rawPublicKeyIdentity) {
                        PublicKey key = rawPublicKeyIdentity.getKey();
                        if (key == null) {
                            CaliforniumEndpointsManager.LOG.warn("The server public key is null {}", rawPublicKeyIdentity);
                            return false;
                        }
                        if (key.equals(publicKey)) {
                            return true;
                        }
                        CaliforniumEndpointsManager.LOG.debug("Server public key received does match with the expected one.\nReceived: {}\nExpected: {}", key, publicKey);
                        return false;
                    }
                });
                unsecure = Identity.rpk(serverInfo.getAddress(), publicKey);
            } else {
                if (serverInfo.secureMode != SecurityMode.X509) {
                    throw new RuntimeException("Unable to create connector : unsupported security mode");
                }
                builder.setIdentity(serverInfo.privateKey, new Certificate[]{serverInfo.clientCertificate}, new CertificateType[0]);
                final Certificate certificate = serverInfo.serverCertificate;
                builder.setCertificateVerifier(new CertificateVerifier() { // from class: org.eclipse.leshan.client.californium.impl.CaliforniumEndpointsManager.2
                    @Override // org.eclipse.californium.scandium.dtls.x509.CertificateVerifier
                    public void verifyCertificate(CertificateMessage certificateMessage, DTLSSession dTLSSession) throws HandshakeException {
                        if (certificateMessage.getCertificateChain().getCertificates().size() == 0) {
                            throw new HandshakeException("Certificate chain could not be validated", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.BAD_CERTIFICATE, dTLSSession.getPeer()));
                        }
                        if (!certificate.equals(certificateMessage.getCertificateChain().getCertificates().get(0))) {
                            throw new HandshakeException("Certificate chain could not be validated", new AlertMessage(AlertMessage.AlertLevel.FATAL, AlertMessage.AlertDescription.BAD_CERTIFICATE, dTLSSession.getPeer()));
                        }
                    }

                    @Override // org.eclipse.californium.scandium.dtls.x509.CertificateVerifier
                    public X509Certificate[] getAcceptedIssuers() {
                        return null;
                    }
                });
                unsecure = Identity.x509(serverInfo.getAddress(), EndpointContextUtil.extractCN(((X509Certificate) certificate).getSubjectX500Principal().getName()));
            }
            this.currentEndpoint = this.endpointFactory.createSecuredEndpoint(builder.build(), this.coapConfig, null);
        } else {
            this.currentEndpoint = this.endpointFactory.createUnsecuredEndpoint(this.localAddress, this.coapConfig, null);
            unsecure = Identity.unsecure(serverInfo.getAddress());
        }
        this.coapServer.addEndpoint(this.currentEndpoint);
        Server server = new Server(unsecure, Long.valueOf(serverInfo.serverId));
        if (this.started) {
            this.coapServer.start();
            try {
                this.currentEndpoint.start();
                LOG.info("New endpoint created for server {} at {}", server.getUri(), this.currentEndpoint.getUri());
            } catch (IOException e) {
                throw new RuntimeException("Unable to start endpoint", e);
            }
        }
        return server;
    }

    @Override // org.eclipse.leshan.client.servers.EndpointsManager
    public synchronized Collection<Server> createEndpoints(Collection<? extends ServerInfo> collection) {
        if (collection == null || collection.isEmpty()) {
            return null;
        }
        ServerInfo next = collection.iterator().next();
        ArrayList arrayList = new ArrayList(1);
        arrayList.add(createEndpoint(next));
        return arrayList;
    }

    @Override // org.eclipse.leshan.client.servers.EndpointsManager
    public synchronized void forceReconnection(Server server) {
        Connector connector = this.currentEndpoint.getConnector();
        if (connector instanceof DTLSConnector) {
            ((DTLSConnector) connector).forceResumeAllSessions();
        }
        LOG.info("Clear DTLS session for server {}", server.getUri());
    }

    public synchronized Endpoint getEndpoint(Identity identity) {
        if (this.currentEndpoint.isStarted()) {
            return this.currentEndpoint;
        }
        return null;
    }

    @Override // org.eclipse.leshan.client.servers.EndpointsManager
    public synchronized void start() {
        if (this.started) {
            return;
        }
        this.started = true;
        if (this.currentEndpoint == null) {
            return;
        }
        this.coapServer.start();
    }

    @Override // org.eclipse.leshan.client.servers.EndpointsManager
    public synchronized void stop() {
        if (this.started) {
            this.started = false;
            if (this.currentEndpoint == null) {
                return;
            }
            this.coapServer.stop();
        }
    }

    @Override // org.eclipse.leshan.client.servers.EndpointsManager
    public synchronized void destroy() {
        if (this.started) {
            this.started = false;
        }
        this.coapServer.destroy();
    }
}
