package org.apache.camel.coap;

import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import org.apache.camel.Category;
import org.apache.camel.Consumer;
import org.apache.camel.Processor;
import org.apache.camel.Producer;
import org.apache.camel.spi.UriEndpoint;
import org.apache.camel.spi.UriParam;
import org.apache.camel.spi.UriPath;
import org.apache.camel.support.DefaultEndpoint;
import org.apache.camel.support.jsse.ClientAuthentication;
import org.apache.camel.support.jsse.KeyManagersParameters;
import org.apache.camel.support.jsse.SSLContextParameters;
import org.eclipse.californium.core.CoapClient;
import org.eclipse.californium.core.CoapServer;
import org.eclipse.californium.core.network.CoapEndpoint;
import org.eclipse.californium.core.network.config.NetworkConfig;
import org.eclipse.californium.core.server.resources.Resource;
import org.eclipse.californium.elements.tcp.netty.TcpClientConnector;
import org.eclipse.californium.elements.tcp.netty.TlsClientConnector;
import org.eclipse.californium.scandium.DTLSConnector;
import org.eclipse.californium.scandium.config.DtlsConnectorConfig;
import org.eclipse.californium.scandium.dtls.CertificateType;
import org.eclipse.californium.scandium.dtls.pskstore.PskStore;
import org.eclipse.californium.scandium.dtls.rpkstore.TrustedRpkStore;

@UriEndpoint(firstVersion = "2.16.0", scheme = "coap,coaps,coap+tcp,coaps+tcp", title = "CoAP", syntax = "coap:uri", category = {Category.IOT}, headersClass = CoAPConstants.class)
/* loaded from: input_file:org/apache/camel/coap/CoAPEndpoint.class */
public class CoAPEndpoint extends DefaultEndpoint {

    @UriPath
    private URI uri;

    @UriParam(label = "consumer", enums = "DELETE,GET,POST,PUT")
    private String coapMethodRestrict;

    @UriParam(label = "security", secret = true)
    private PrivateKey privateKey;

    @UriParam(label = "security")
    private PublicKey publicKey;

    @UriParam(label = "security")
    private TrustedRpkStore trustedRpkStore;

    @UriParam(label = "security")
    private PskStore pskStore;

    @UriParam(label = "security")
    private String cipherSuites;
    private transient String[] configuredCipherSuites;

    @UriParam(label = "security")
    private String clientAuthentication;

    @UriParam(label = "security", enums = "NONE,WANT,REQUIRE")
    private String alias;

    @UriParam(label = "security")
    private SSLContextParameters sslContextParameters;

    @UriParam(label = "security", defaultValue = "true")
    private boolean recommendedCipherSuitesOnly;

    @UriParam(label = "consumer", defaultValue = "false")
    private boolean observe;

    @UriParam(label = "consumer", defaultValue = "false")
    private boolean observable;

    @UriParam(label = "producer", defaultValue = "false")
    private boolean notify;
    private CoAPComponent component;

    public CoAPEndpoint(String str, CoAPComponent coAPComponent) {
        super(str, coAPComponent);
        this.recommendedCipherSuitesOnly = true;
        try {
            this.uri = new URI(str);
        } catch (URISyntaxException e) {
            this.uri = null;
        }
        this.component = coAPComponent;
    }

    public void setCoapMethodRestrict(String str) {
        this.coapMethodRestrict = str;
    }

    public String getCoapMethodRestrict() {
        return this.coapMethodRestrict;
    }

    public Producer createProducer() throws Exception {
        return isNotify() ? new CoAPNotifier(this) : new CoAPProducer(this);
    }

    public Consumer createConsumer(Processor processor) throws Exception {
        Consumer coAPObserver = isObserve() ? new CoAPObserver(this, processor) : new CoAPConsumer(this, processor);
        configureConsumer(coAPObserver);
        return coAPObserver;
    }

    public void setUri(URI uri) {
        this.uri = uri;
    }

    public URI getUri() {
        return this.uri;
    }

    public CamelCoapResource getCamelCoapResource(String str) throws IOException, GeneralSecurityException {
        Resource resource;
        Iterator<String> it = CoAPHelper.getPathSegmentsFromPath(str).iterator();
        if (!it.hasNext()) {
            return null;
        }
        Resource root = getCoapServer().getRoot();
        while (true) {
            resource = root;
            if (!it.hasNext() || resource == null) {
                break;
            }
            root = resource.getChild(it.next());
        }
        return (CamelCoapResource) resource;
    }

    public List<String> getPathSegmentsFromURI() {
        return CoAPHelper.getPathSegmentsFromPath(getUri().getPath());
    }

    public CoapServer getCoapServer() throws IOException, GeneralSecurityException {
        return this.component.getServer(getUri().getPort(), this);
    }

    public String getAlias() {
        return this.alias;
    }

    public void setAlias(String str) {
        this.alias = str;
    }

    public boolean isObserve() {
        return this.observe;
    }

    public void setObserve(boolean z) {
        this.observe = z;
    }

    public boolean isObservable() {
        return this.observable;
    }

    public void setObservable(boolean z) {
        this.observable = z;
    }

    public boolean isNotify() {
        return this.notify;
    }

    public void setNotify(boolean z) {
        this.notify = z;
    }

    public SSLContextParameters getSslContextParameters() {
        return this.sslContextParameters;
    }

    public void setSslContextParameters(SSLContextParameters sSLContextParameters) {
        this.sslContextParameters = sSLContextParameters;
    }

    public TrustedRpkStore getTrustedRpkStore() {
        return this.trustedRpkStore;
    }

    public void setTrustedRpkStore(TrustedRpkStore trustedRpkStore) {
        this.trustedRpkStore = trustedRpkStore;
    }

    public PskStore getPskStore() {
        return this.pskStore;
    }

    public void setPskStore(PskStore pskStore) {
        this.pskStore = pskStore;
    }

    public PrivateKey getPrivateKey() {
        return this.privateKey;
    }

    public void setPrivateKey(PrivateKey privateKey) {
        this.privateKey = privateKey;
    }

    public PublicKey getPublicKey() {
        return this.publicKey;
    }

    public void setPublicKey(PublicKey publicKey) {
        this.publicKey = publicKey;
    }

    public String getCipherSuites() {
        return this.cipherSuites;
    }

    public void setCipherSuites(String str) {
        this.cipherSuites = str;
        if (str != null) {
            this.configuredCipherSuites = str.split(",");
        }
    }

    private String[] getConfiguredCipherSuites() {
        if (this.configuredCipherSuites != null) {
            return this.configuredCipherSuites;
        }
        if (this.sslContextParameters == null || this.sslContextParameters.getCipherSuites() == null) {
            return null;
        }
        return (String[]) this.sslContextParameters.getCipherSuites().getCipherSuite().toArray(new String[0]);
    }

    public String getClientAuthentication() {
        return this.clientAuthentication;
    }

    public void setClientAuthentication(String str) {
        this.clientAuthentication = str;
    }

    public boolean isRecommendedCipherSuitesOnly() {
        return this.recommendedCipherSuitesOnly;
    }

    public void setRecommendedCipherSuitesOnly(boolean z) {
        this.recommendedCipherSuitesOnly = z;
    }

    public boolean isClientAuthenticationRequired() {
        String str = this.clientAuthentication;
        if (str == null && this.sslContextParameters != null && this.sslContextParameters.getServerParameters() != null) {
            str = this.sslContextParameters.getServerParameters().getClientAuthentication();
        }
        return str != null && ClientAuthentication.valueOf(str) == ClientAuthentication.REQUIRE;
    }

    public boolean isClientAuthenticationWanted() {
        String str = this.clientAuthentication;
        if (str == null && this.sslContextParameters != null && this.sslContextParameters.getServerParameters() != null) {
            str = this.sslContextParameters.getServerParameters().getClientAuthentication();
        }
        return str != null && ClientAuthentication.valueOf(str) == ClientAuthentication.WANT;
    }

    private Certificate[] getTrustedCerts() throws GeneralSecurityException, IOException {
        if (this.sslContextParameters == null || this.sslContextParameters.getTrustManagers() == null) {
            return new Certificate[0];
        }
        KeyStore createKeyStore = this.sslContextParameters.getTrustManagers().getKeyStore().createKeyStore();
        Enumeration<String> aliases = createKeyStore.aliases();
        ArrayList arrayList = new ArrayList();
        while (aliases.hasMoreElements()) {
            X509Certificate x509Certificate = (X509Certificate) createKeyStore.getCertificate(aliases.nextElement());
            if (x509Certificate != null) {
                arrayList.add(x509Certificate);
            }
        }
        return (Certificate[]) arrayList.toArray(new Certificate[0]);
    }

    public static boolean enableDTLS(URI uri) {
        return "coaps".equals(uri.getScheme());
    }

    public static boolean enableTCP(URI uri) {
        return uri.getScheme().endsWith("+tcp");
    }

    public DTLSConnector createDTLSConnector(InetSocketAddress inetSocketAddress, boolean z) throws IOException {
        DtlsConnectorConfig.Builder builder = new DtlsConnectorConfig.Builder();
        if (z) {
            if (this.trustedRpkStore == null && this.sslContextParameters == null && this.pskStore == null) {
                throw new IllegalStateException("Either a trustedRpkStore, sslContextParameters or pskStore object must be configured for a TLS client");
            }
            builder.setRecommendedCipherSuitesOnly(isRecommendedCipherSuitesOnly());
            builder.setClientOnly();
        } else {
            if (this.privateKey == null && this.sslContextParameters == null && this.pskStore == null) {
                throw new IllegalStateException("Either a privateKey, sslContextParameters or pskStore object must be configured for a TLS service");
            }
            if (this.privateKey != null && this.publicKey == null) {
                throw new IllegalStateException("A public key must be configured to use a Raw Public Key with TLS");
            }
            if ((isClientAuthenticationRequired() || isClientAuthenticationWanted()) && ((this.sslContextParameters == null || this.sslContextParameters.getTrustManagers() == null) && this.publicKey == null)) {
                throw new IllegalStateException("A truststore must be configured to support TLS client authentication");
            }
            builder.setAddress(inetSocketAddress);
            builder.setClientAuthenticationRequired(isClientAuthenticationRequired());
            builder.setClientAuthenticationWanted(isClientAuthenticationWanted());
            builder.setRecommendedCipherSuitesOnly(isRecommendedCipherSuitesOnly());
        }
        try {
            if (this.sslContextParameters != null && this.sslContextParameters.getKeyManagers() != null) {
                KeyManagersParameters keyManagers = this.sslContextParameters.getKeyManagers();
                KeyStore createKeyStore = keyManagers.getKeyStore().createKeyStore();
                String alias = getAlias();
                if (alias == null) {
                    Enumeration<String> aliases = createKeyStore.aliases();
                    while (true) {
                        if (!aliases.hasMoreElements()) {
                            break;
                        }
                        String nextElement = aliases.nextElement();
                        if (createKeyStore.isKeyEntry(nextElement)) {
                            alias = nextElement;
                            break;
                        }
                    }
                }
                if (alias == null) {
                    throw new IllegalStateException("The sslContextParameters keystore must contain a key entry");
                }
                builder.setIdentity((PrivateKey) createKeyStore.getKey(alias, keyManagers.getKeyPassword().toCharArray()), createKeyStore.getCertificateChain(alias), new CertificateType[0]);
            } else if (this.privateKey != null) {
                builder.setIdentity(this.privateKey, this.publicKey);
            }
            if (this.pskStore != null) {
                builder.setPskStore(this.pskStore);
            }
            Certificate[] trustedCerts = getTrustedCerts();
            if (trustedCerts.length > 0) {
                builder.setTrustStore(trustedCerts);
            }
            if (this.trustedRpkStore != null) {
                builder.setTrustCertificateTypes(new CertificateType[]{CertificateType.RAW_PUBLIC_KEY});
                builder.setRpkTrustStore(this.trustedRpkStore);
            }
            if (getConfiguredCipherSuites() != null) {
                builder.setSupportedCipherSuites(getConfiguredCipherSuites());
            }
            return new DTLSConnector(builder.build());
        } catch (GeneralSecurityException e) {
            throw new IllegalStateException("Error in configuring TLS", e);
        }
    }

    public CoapClient createCoapClient(URI uri) throws IOException, GeneralSecurityException {
        CoapClient coapClient = new CoapClient(uri);
        if (enableDTLS(uri)) {
            DTLSConnector createDTLSConnector = createDTLSConnector(null, true);
            CoapEndpoint.Builder builder = new CoapEndpoint.Builder();
            builder.setConnector(createDTLSConnector);
            coapClient.setEndpoint(builder.build());
        } else if (enableTCP(getUri())) {
            NetworkConfig createStandardWithoutFile = NetworkConfig.createStandardWithoutFile();
            int i = createStandardWithoutFile.getInt("TCP_WORKER_THREADS");
            int i2 = createStandardWithoutFile.getInt("TCP_CONNECT_TIMEOUT");
            int i3 = createStandardWithoutFile.getInt("TCP_CONNECTION_IDLE_TIMEOUT");
            TlsClientConnector tlsClientConnector = getUri().getScheme().startsWith("coaps") ? new TlsClientConnector(getSslContextParameters().createSSLContext(getCamelContext()), i, i2, i3) : new TcpClientConnector(i, i2, i3);
            CoapEndpoint.Builder builder2 = new CoapEndpoint.Builder();
            builder2.setConnector(tlsClientConnector);
            coapClient.setEndpoint(builder2.build());
        }
        return coapClient;
    }
}
