package org.eclipse.leshan.client.californium;

import java.io.IOException;
import java.net.InetSocketAddress;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import org.eclipse.californium.core.CoapServer;
import org.eclipse.californium.core.network.CoapEndpoint;
import org.eclipse.californium.core.network.Endpoint;
import org.eclipse.californium.core.network.config.NetworkConfig;
import org.eclipse.californium.core.observe.ObservationStore;
import org.eclipse.californium.elements.auth.RawPublicKeyIdentity;
import org.eclipse.californium.scandium.DTLSConnector;
import org.eclipse.californium.scandium.config.DtlsConnectorConfig;
import org.eclipse.californium.scandium.dtls.CertificateType;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
import org.eclipse.californium.scandium.dtls.pskstore.AdvancedSinglePskStore;
import org.eclipse.californium.scandium.dtls.x509.StaticNewAdvancedCertificateVerifier;
import org.eclipse.leshan.client.EndpointsManager;
import org.eclipse.leshan.client.servers.ServerIdentity;
import org.eclipse.leshan.client.servers.ServerInfo;
import org.eclipse.leshan.core.SecurityMode;
import org.eclipse.leshan.core.californium.EndpointContextUtil;
import org.eclipse.leshan.core.californium.EndpointFactory;
import org.eclipse.leshan.core.request.Identity;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/leshan/client/californium/CaliforniumEndpointsManager.class */
public class CaliforniumEndpointsManager implements EndpointsManager {
    private static final Logger LOG = LoggerFactory.getLogger(CaliforniumEndpointsManager.class);
    protected boolean started = false;
    protected ServerIdentity currentServer;
    protected CoapEndpoint currentEndpoint;
    protected DtlsConnectorConfig.Builder dtlsConfigbuilder;
    protected NetworkConfig coapConfig;
    protected InetSocketAddress localAddress;
    protected CoapServer coapServer;
    protected EndpointFactory endpointFactory;

    public CaliforniumEndpointsManager(InetSocketAddress inetSocketAddress, NetworkConfig networkConfig, DtlsConnectorConfig.Builder builder, EndpointFactory endpointFactory) {
        this.localAddress = inetSocketAddress;
        this.coapConfig = networkConfig;
        this.dtlsConfigbuilder = builder;
        this.endpointFactory = endpointFactory;
    }

    public void setCoapServer(CoapServer coapServer) {
        this.coapServer = coapServer;
    }

    public synchronized ServerIdentity createEndpoint(ServerInfo serverInfo) {
        Identity unsecure;
        if (this.currentEndpoint != null) {
            this.coapServer.getEndpoints().remove(this.currentEndpoint);
            this.currentEndpoint.destroy();
        }
        if (serverInfo.isSecure()) {
            DtlsConnectorConfig.Builder builder = new DtlsConnectorConfig.Builder(this.dtlsConfigbuilder.getIncompleteConfig());
            if (serverInfo.secureMode == SecurityMode.PSK) {
                builder.setAdvancedPskStore(new AdvancedSinglePskStore(serverInfo.pskId, serverInfo.pskKey));
                unsecure = Identity.psk(serverInfo.getAddress(), serverInfo.pskId);
                filterCipherSuites(builder, this.dtlsConfigbuilder.getIncompleteConfig().getSupportedCipherSuites(), true, false);
            } else if (serverInfo.secureMode == SecurityMode.RPK) {
                builder.setIdentity(serverInfo.privateKey, serverInfo.publicKey);
                PublicKey publicKey = serverInfo.serverPublicKey;
                builder.setAdvancedCertificateVerifier(new StaticNewAdvancedCertificateVerifier.Builder().setTrustedRPKs(new RawPublicKeyIdentity[]{new RawPublicKeyIdentity(publicKey)}).build());
                unsecure = Identity.rpk(serverInfo.getAddress(), publicKey);
                filterCipherSuites(builder, this.dtlsConfigbuilder.getIncompleteConfig().getSupportedCipherSuites(), false, true);
            } else {
                if (serverInfo.secureMode != SecurityMode.X509) {
                    throw new RuntimeException("Unable to create connector : unsupported security mode");
                }
                builder.setIdentity(serverInfo.privateKey, new Certificate[]{serverInfo.clientCertificate}, new CertificateType[0]);
                builder.setAdvancedCertificateVerifier(new DefaultLeshanCertificateVerifier(serverInfo.serverCertificate));
                unsecure = Identity.x509(serverInfo.getAddress(), EndpointContextUtil.extractCN(((X509Certificate) serverInfo.serverCertificate).getSubjectX500Principal().getName()));
                filterCipherSuites(builder, this.dtlsConfigbuilder.getIncompleteConfig().getSupportedCipherSuites(), false, true);
            }
            this.currentEndpoint = this.endpointFactory.createSecuredEndpoint(builder.build(), this.coapConfig, (ObservationStore) null);
        } else {
            this.currentEndpoint = this.endpointFactory.createUnsecuredEndpoint(this.localAddress, this.coapConfig, (ObservationStore) null);
            unsecure = Identity.unsecure(serverInfo.getAddress());
        }
        this.coapServer.addEndpoint(this.currentEndpoint);
        if (serverInfo.bootstrap) {
            this.currentServer = new ServerIdentity(unsecure, Long.valueOf(serverInfo.serverId), ServerIdentity.Role.LWM2M_BOOTSTRAP_SERVER);
        } else {
            this.currentServer = new ServerIdentity(unsecure, Long.valueOf(serverInfo.serverId));
        }
        if (this.started) {
            this.coapServer.start();
            try {
                this.currentEndpoint.start();
                LOG.info("New endpoint created for server {} at {}", this.currentServer.getUri(), this.currentEndpoint.getUri());
            } catch (IOException e) {
                throw new RuntimeException("Unable to start endpoint", e);
            }
        }
        return this.currentServer;
    }

    public synchronized Collection<ServerIdentity> createEndpoints(Collection<? extends ServerInfo> collection) {
        if (collection == null || collection.isEmpty()) {
            return null;
        }
        if (collection.size() > 1) {
            LOG.warn("CaliforniumEndpointsManager support only connection to 1 LWM2M server, first server will be used from the server list of {}", Integer.valueOf(collection.size()));
        }
        ServerInfo next = collection.iterator().next();
        ArrayList arrayList = new ArrayList(1);
        arrayList.add(createEndpoint(next));
        return arrayList;
    }

    public long getMaxCommunicationPeriodFor(ServerIdentity serverIdentity, long j) {
        long j2 = this.coapConfig.getLong("EXCHANGE_LIFETIME", 247L);
        if (j - j2 >= 30000) {
            return j - j2;
        }
        LOG.warn("Too small lifetime : we advice to not use a lifetime < (COAP EXCHANGE LIFETIME + 30s)");
        return ((j * (30000 - 1000)) / (j2 + 30000)) + 1000;
    }

    public synchronized void forceReconnection(ServerIdentity serverIdentity, boolean z) {
        if (serverIdentity == null || !serverIdentity.equals(this.currentServer)) {
            return;
        }
        DTLSConnector connector = this.currentEndpoint.getConnector();
        if (connector instanceof DTLSConnector) {
            if (z) {
                LOG.info("Clear DTLS session for resumption for server {}", serverIdentity.getUri());
                connector.forceResumeAllSessions();
            } else {
                LOG.info("Clear DTLS session for server {}", serverIdentity.getUri());
                connector.clearConnectionState();
            }
        }
    }

    public synchronized Endpoint getEndpoint(ServerIdentity serverIdentity) {
        if (serverIdentity != null && serverIdentity.equals(this.currentServer) && this.currentEndpoint.isStarted()) {
            return this.currentEndpoint;
        }
        return null;
    }

    public synchronized void start() {
        if (this.started) {
            return;
        }
        this.started = true;
        if (this.currentEndpoint == null) {
            return;
        }
        this.coapServer.start();
    }

    public synchronized void stop() {
        if (this.started) {
            this.started = false;
            if (this.currentEndpoint == null) {
                return;
            }
            this.coapServer.stop();
        }
    }

    public synchronized void destroy() {
        if (this.started) {
            this.started = false;
        }
        this.coapServer.destroy();
    }

    private void filterCipherSuites(DtlsConnectorConfig.Builder builder, List<CipherSuite> list, boolean z, boolean z2) {
        if (list == null) {
            return;
        }
        ArrayList arrayList = new ArrayList();
        for (CipherSuite cipherSuite : list) {
            if (z && cipherSuite.isPskBased()) {
                arrayList.add(cipherSuite);
            } else if (z2 && cipherSuite.requiresServerCertificateMessage()) {
                arrayList.add(cipherSuite);
            }
        }
        builder.setSupportedCipherSuites(arrayList);
    }
}
