package org.eclipse.californium.cli;

import java.io.BufferedReader;
import java.io.File;
import java.io.FileReader;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.List;
import javax.crypto.SecretKey;
import org.eclipse.californium.core.config.CoapConfig;
import org.eclipse.californium.elements.config.Configuration;
import org.eclipse.californium.elements.config.UdpConfig;
import org.eclipse.californium.elements.util.SslContextUtil;
import org.eclipse.californium.elements.util.StringUtil;
import org.eclipse.californium.scandium.config.DtlsConfig;
import org.eclipse.californium.scandium.dtls.CertificateType;
import org.eclipse.californium.scandium.dtls.ExtendedMasterSecretMode;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
import org.eclipse.californium.scandium.dtls.pskstore.MultiPskFileStore;
import org.eclipse.californium.scandium.util.SecretUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import picocli.CommandLine;

/* loaded from: input_file:org/eclipse/californium/cli/ConnectorConfig.class */
public class ConnectorConfig implements Cloneable {
    public static final int MAX_WIDTH = 60;
    public static final String PSK_IDENTITY_PREFIX = "cali.";
    public Configuration.DefinitionsProvider customConfigurationDefaultsProvider;
    public Configuration configuration;

    @CommandLine.Option(names = {"-C", "--config"}, paramLabel = "FILE", description = {"configuration file. Default ${DEFAULT-VALUE}."})
    public File configurationFile;

    @CommandLine.Option(names = {"--tag"}, description = {"use logging tag."})
    public String tag;

    @CommandLine.Option(names = {"--record-size"}, description = {"record size limit."})
    public Integer recordSizeLimit;

    @CommandLine.Option(names = {"--mtu"}, description = {"MTU."})
    public Integer mtu;

    @CommandLine.Option(names = {"--extended-master-secret"}, description = {"Specify usage of extended master secret."})
    public ExtendedMasterSecretMode extendedMasterSecretMode;

    @CommandLine.Option(names = {"--cid-length"}, description = {"Use cid with length. 0 to support cid only without using it."})
    public Integer cidLength;

    @CommandLine.ArgGroup(exclusive = true)
    public Authentication authentication;

    @CommandLine.ArgGroup(exclusive = true)
    public Trust trust;

    @CommandLine.Option(names = {"--psk-index"}, description = {"Index of identity in PSK store. Starts at 0."})
    public Integer pskIndex;

    @CommandLine.Option(names = {"--psk-store"}, description = {"PSK store. Lines format: identity=secretkey (in base64)."})
    public PskCredentialStore pskStore;

    @CommandLine.Option(names = {"--cipher"}, split = ":", description = {"use ciphersuites. '--help-cipher' to list available cipher suites."})
    public List<CipherSuite> cipherSuites;

    @CommandLine.Option(names = {"-a", "--auth"}, split = ":", description = {"use authentikation modes. '--help-auth' to list available authentication modes."})
    public List<AuthenticationMode> authenticationModes;

    @CommandLine.Option(names = {"-i", "--identity"}, description = {"PSK identity"})
    public String identity;

    @CommandLine.ArgGroup(exclusive = true)
    public Secret secret;

    @CommandLine.Option(names = {"-v", "--verbose"}, negatable = true, description = {"verbose"})
    public boolean verbose;

    @CommandLine.Option(names = {"-h", "--help"}, usageHelp = true, description = {"display a help message"})
    public boolean helpRequested;

    @CommandLine.Option(names = {"--help-cipher"}, description = {"display a help message for cipher suites"})
    public boolean cipherHelpRequested;

    @CommandLine.Option(names = {"--help-auth"}, description = {"display a help message for authentication modes"})
    public boolean authHelpRequested;

    @CommandLine.Option(names = {"-V", "--version"}, versionHelp = true, description = {"display version info"})
    boolean versionInfoRequested;
    protected static final Logger LOGGER = LoggerFactory.getLogger(ConnectorConfig.class);
    public static final SecretKey PSK_SECRET = SecretUtil.create(".fornium".getBytes(), "PSK");
    private static CommandLine.ITypeConverter<TrustedCertificates> trustsReader = new CommandLine.ITypeConverter<TrustedCertificates>() { // from class: org.eclipse.californium.cli.ConnectorConfig.3
        /* renamed from: convert, reason: merged with bridge method [inline-methods] */
        public TrustedCertificates m6convert(String str) throws Exception {
            return new TrustedCertificates(SslContextUtil.loadTrustedCertificates(str));
        }
    };
    private static CommandLine.ITypeConverter<SslContextUtil.Credentials> credentialsReader = new CommandLine.ITypeConverter<SslContextUtil.Credentials>() { // from class: org.eclipse.californium.cli.ConnectorConfig.4
        /* renamed from: convert, reason: merged with bridge method [inline-methods] */
        public SslContextUtil.Credentials m7convert(String str) throws Exception {
            try {
                return SslContextUtil.loadCredentials(str);
            } catch (SslContextUtil.IncompleteCredentialsException e) {
                return e.getIncompleteCredentials();
            }
        }
    };
    private static CommandLine.ITypeConverter<PskCredentialStore> pskCredentialsStoreReader = new CommandLine.ITypeConverter<PskCredentialStore>() { // from class: org.eclipse.californium.cli.ConnectorConfig.5
        /* renamed from: convert, reason: merged with bridge method [inline-methods] */
        public PskCredentialStore m8convert(String str) throws Exception {
            return ConnectorConfig.loadPskCredentials(str);
        }
    };
    public String defaultEcCredentials = createDescriptor("certs/keyStore.jks", "endPass".toCharArray(), "endPass".toCharArray(), "client");
    public String defaultEcTrusts = createDescriptor("certs/trustStore.jks", "rootPass".toCharArray(), null, null);
    public String configurationHeader = "Californium3 CoAP Properties file";
    protected CommandLine.IDefaultValueProvider defaultValueProvider = new CommandLine.IDefaultValueProvider() { // from class: org.eclipse.californium.cli.ConnectorConfig.2
        public String defaultValue(CommandLine.Model.ArgSpec argSpec) throws Exception {
            if ((argSpec instanceof CommandLine.Model.OptionSpec) && "--config".equals(((CommandLine.Model.OptionSpec) argSpec).longestName())) {
                return ConnectorConfig.this.configurationFile != null ? ConnectorConfig.this.configurationFile.getPath() : "Californium3.properties";
            }
            return null;
        }
    };

    /* loaded from: input_file:org/eclipse/californium/cli/ConnectorConfig$Authentication.class */
    public static class Authentication {
        public SslContextUtil.Credentials credentials;

        @CommandLine.ArgGroup(exclusive = false)
        public Identity identity;

        @CommandLine.Option(names = {"--anonymous"}, description = {"anonymous, no certificate."})
        public boolean anonymous;

        public void defaults() {
            if (this.anonymous) {
                return;
            }
            if (this.identity.certificate == null) {
                ConnectorConfig.LOGGER.info("x509 identity from private key.");
                this.credentials = this.identity.privateKey;
            } else if (this.identity.certificate.getPrivateKey() == null) {
                ConnectorConfig.LOGGER.info("x509 identity from certificate and private key.");
                this.credentials = new SslContextUtil.Credentials(this.identity.privateKey.getPrivateKey(), this.identity.certificate.getPublicKey(), this.identity.certificate.getCertificateChain());
            } else {
                ConnectorConfig.LOGGER.info("x509 identity from certificate.");
                this.credentials = this.identity.certificate;
            }
            if (this.credentials.getPrivateKey() == null) {
                throw new IllegalArgumentException("Missing private key!");
            }
            if (this.credentials.getPublicKey() == null) {
                throw new IllegalArgumentException("Missing public key or certificate!");
            }
        }

        public void defaults(String str) {
            if (!this.anonymous && this.identity == null) {
                try {
                    this.identity = new Identity();
                    this.identity.certificate = SslContextUtil.loadCredentials(str);
                    ConnectorConfig.LOGGER.info("x509 default identity.");
                } catch (IOException e) {
                    e.printStackTrace();
                } catch (GeneralSecurityException e2) {
                    e2.printStackTrace();
                }
            }
            defaults();
        }
    }

    /* loaded from: input_file:org/eclipse/californium/cli/ConnectorConfig$AuthenticationMode.class */
    public enum AuthenticationMode {
        NONE,
        PSK,
        RPK,
        X509,
        ECDHE_PSK
    }

    /* loaded from: input_file:org/eclipse/californium/cli/ConnectorConfig$Identity.class */
    public static class Identity {

        @CommandLine.Option(names = {"-c", "--cert"}, description = {"certificate store. Format keystore#hexstorepwd#hexkeypwd#alias or keystore.pem. If the private key is not contained, use '--private-key' to add it from a separate file."})
        public SslContextUtil.Credentials certificate;

        @CommandLine.Option(names = {"--private-key"}, description = {"private key store. Format keystore#hexstorepwd#hexkeypwd#alias or keystore.pem"})
        public SslContextUtil.Credentials privateKey;
    }

    /* loaded from: input_file:org/eclipse/californium/cli/ConnectorConfig$PskCredentialStore.class */
    public static class PskCredentialStore extends MultiPskFileStore {
    }

    /* loaded from: input_file:org/eclipse/californium/cli/ConnectorConfig$Secret.class */
    public static class Secret {

        @CommandLine.Option(names = {"-s", "--secret"}, description = {"PSK secret, UTF-8"})
        public String text;

        @CommandLine.Option(names = {"--secrethex"}, description = {"PSK secret, hexadecimal"})
        public String hex;

        @CommandLine.Option(names = {"--secret64"}, description = {"PSK secret, base64"})
        public String base64;
        public SecretKey key;

        public SecretKey toKey() {
            if (this.key == null) {
                byte[] bArr = null;
                if (this.text != null && this.text.length() > 0) {
                    bArr = this.text.getBytes();
                } else if (this.hex != null && this.hex.length() > 0) {
                    bArr = StringUtil.hex2ByteArray(this.hex);
                } else if (this.base64 != null && this.base64.length() > 0) {
                    bArr = StringUtil.base64ToByteArray(this.base64);
                }
                if (bArr != null) {
                    this.key = SecretUtil.create(bArr, "PSK");
                }
            }
            return this.key;
        }
    }

    /* loaded from: input_file:org/eclipse/californium/cli/ConnectorConfig$Trust.class */
    public static class Trust {
        public Certificate[] trusts;

        @CommandLine.Option(names = {"-t", "--trusts"}, description = {"trusted certificates. Format keystore#hexstorepwd#alias or truststore.pem"})
        public TrustedCertificates trusted;

        @CommandLine.Option(names = {"--trust-all"}, description = {"trust all valid certificates."})
        public boolean trustall;

        public void defaults(String str) {
            if (this.trusted != null && this.trusts == null) {
                this.trusts = this.trusted.trusts;
            }
            if (this.trusts == null) {
                if (this.trustall) {
                    this.trusts = new Certificate[0];
                    return;
                }
                try {
                    this.trusts = SslContextUtil.loadTrustedCertificates(str);
                } catch (IOException e) {
                    e.printStackTrace();
                } catch (GeneralSecurityException e2) {
                    e2.printStackTrace();
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/eclipse/californium/cli/ConnectorConfig$TrustedCertificates.class */
    public static class TrustedCertificates {
        private final Certificate[] trusts;

        private TrustedCertificates(Certificate[] certificateArr) {
            this.trusts = certificateArr;
        }
    }

    public SecretKey getPskSecretKey() {
        return this.secret != null ? this.secret.toKey() : PSK_SECRET;
    }

    public void register(CommandLine commandLine) {
        commandLine.registerConverter(SslContextUtil.Credentials.class, credentialsReader);
        commandLine.registerConverter(TrustedCertificates.class, trustsReader);
        commandLine.registerConverter(PskCredentialStore.class, pskCredentialsStoreReader);
        commandLine.setDefaultValueProvider(this.defaultValueProvider);
    }

    public void defaults() {
        CoapConfig.register();
        UdpConfig.register();
        DtlsConfig.register();
        this.configuration = Configuration.createWithFile(this.configurationFile, this.configurationHeader, new Configuration.DefinitionsProvider() { // from class: org.eclipse.californium.cli.ConnectorConfig.1
            public void applyDefinitions(Configuration configuration) {
                configuration.set(DtlsConfig.DTLS_ROLE, DtlsConfig.DtlsRole.CLIENT_ONLY);
                configuration.set(DtlsConfig.DTLS_RECOMMENDED_CIPHER_SUITES_ONLY, false);
                if (ConnectorConfig.this.customConfigurationDefaultsProvider != null) {
                    ConnectorConfig.this.customConfigurationDefaultsProvider.applyDefinitions(configuration);
                }
            }
        });
        if (this.pskStore != null) {
            if (this.identity != null || this.secret != null) {
                System.err.println("Use either '--psk-store' or single psk credentials!");
                this.helpRequested = true;
            }
            if (this.pskIndex != null) {
                this.identity = this.pskStore.getIdentity(this.pskIndex.intValue());
                this.secret = new Secret();
                this.secret.key = this.pskStore.getSecret(this.pskIndex.intValue());
            }
        }
        if (this.authenticationModes == null) {
            this.authenticationModes = new ArrayList();
        }
        if (this.authenticationModes.isEmpty()) {
            defaultAuthenticationModes();
        }
        if (this.authenticationModes.contains(AuthenticationMode.X509) || this.authenticationModes.contains(AuthenticationMode.RPK)) {
            if (this.trust == null) {
                this.trust = new Trust();
            }
            this.trust.defaults(this.defaultEcTrusts);
            if (this.authentication == null) {
                this.authentication = new Authentication();
            }
            this.authentication.defaults(this.defaultEcCredentials);
        }
        if (this.cipherHelpRequested || this.authHelpRequested) {
            this.helpRequested = true;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void defaultAuthenticationModes() {
        if (this.identity != null || this.pskStore != null) {
            this.authenticationModes.add(AuthenticationMode.PSK);
        }
        if (this.authentication != null) {
            List<CertificateType> list = (List) this.configuration.get(DtlsConfig.DTLS_CERTIFICATE_TYPES);
            if (list.isEmpty()) {
                this.authenticationModes.add(AuthenticationMode.X509);
                this.authenticationModes.add(AuthenticationMode.RPK);
                return;
            }
            for (CertificateType certificateType : list) {
                if (CertificateType.RAW_PUBLIC_KEY == certificateType) {
                    this.authenticationModes.add(AuthenticationMode.RPK);
                } else if (CertificateType.X_509 == certificateType) {
                    this.authenticationModes.add(AuthenticationMode.X509);
                }
            }
        }
    }

    public static String createDescriptor(String str, char[] cArr, char[] cArr2, String str2) {
        StringBuilder sb = new StringBuilder("classpath://");
        sb.append(str).append('#');
        if (cArr != null) {
            sb.append(StringUtil.charArray2hex(cArr)).append('#');
        }
        if (cArr2 != null) {
            sb.append(StringUtil.charArray2hex(cArr2)).append('#');
        }
        if (str2 != null) {
            sb.append(str2);
        }
        return sb.toString();
    }

    public static PskCredentialStore loadPskCredentials(String str) {
        BufferedReader bufferedReader = null;
        try {
            FileReader fileReader = new FileReader(str);
            Throwable th = null;
            try {
                try {
                    PskCredentialStore pskCredentialStore = new PskCredentialStore();
                    pskCredentialStore.loadPskCredentials(fileReader);
                    if (fileReader != null) {
                        if (0 != 0) {
                            try {
                                fileReader.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileReader.close();
                        }
                    }
                    if (0 != 0) {
                        try {
                            bufferedReader.close();
                        } catch (IOException e) {
                        }
                    }
                    return pskCredentialStore;
                } catch (Throwable th3) {
                    th = th3;
                    throw th3;
                }
            } finally {
            }
        } catch (IOException e2) {
            if (0 == 0) {
                return null;
            }
            try {
                bufferedReader.close();
                return null;
            } catch (IOException e3) {
                return null;
            }
        } catch (Throwable th4) {
            if (0 != 0) {
                try {
                    bufferedReader.close();
                } catch (IOException e4) {
                }
            }
            throw th4;
        }
    }
}
