package org.eclipse.hono.adapter.coap;

import io.opentracing.Span;
import io.opentracing.SpanContext;
import io.opentracing.Tracer;
import io.opentracing.tag.Tags;
import io.vertx.core.Context;
import io.vertx.core.Future;
import io.vertx.core.json.JsonObject;
import java.net.InetSocketAddress;
import java.security.Principal;
import java.util.HashMap;
import java.util.Objects;
import java.util.Optional;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionException;
import javax.crypto.SecretKey;
import org.eclipse.californium.elements.auth.AdditionalInfo;
import org.eclipse.californium.elements.auth.PreSharedKeyIdentity;
import org.eclipse.californium.scandium.auth.ApplicationLevelInfoSupplier;
import org.eclipse.californium.scandium.dtls.PskPublicInformation;
import org.eclipse.californium.scandium.dtls.pskstore.PskStore;
import org.eclipse.californium.scandium.util.SecretUtil;
import org.eclipse.californium.scandium.util.ServerNames;
import org.eclipse.hono.auth.Device;
import org.eclipse.hono.client.ClientErrorException;
import org.eclipse.hono.client.CredentialsClientFactory;
import org.eclipse.hono.util.CredentialsObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/hono/adapter/coap/DefaultDeviceResolver.class */
public class DefaultDeviceResolver implements ApplicationLevelInfoSupplier, PskStore {
    private static final Logger LOG = LoggerFactory.getLogger(DefaultDeviceResolver.class);
    private final Context context;
    private final Tracer tracer;
    private final String adapterName;
    private final CoapAdapterProperties config;
    private final CredentialsClientFactory credentialsClientFactory;

    public DefaultDeviceResolver(Context context, Tracer tracer, String str, CoapAdapterProperties coapAdapterProperties, CredentialsClientFactory credentialsClientFactory) {
        this.context = (Context) Objects.requireNonNull(context);
        this.tracer = (Tracer) Objects.requireNonNull(tracer);
        this.adapterName = (String) Objects.requireNonNull(str);
        this.config = (CoapAdapterProperties) Objects.requireNonNull(coapAdapterProperties);
        this.credentialsClientFactory = (CredentialsClientFactory) Objects.requireNonNull(credentialsClientFactory);
    }

    private static SecretKey getCandidateKey(CredentialsObject credentialsObject) {
        return (SecretKey) credentialsObject.getCandidateSecrets(jsonObject -> {
            return getKey(jsonObject);
        }).stream().findFirst().orElse(null);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static SecretKey getKey(JsonObject jsonObject) {
        try {
            return SecretUtil.create(jsonObject.getBinary("key"), "PSK");
        } catch (ClassCastException | IllegalArgumentException e) {
            return null;
        }
    }

    private Span newSpan(String str) {
        return this.tracer.buildSpan(str).withTag(Tags.SPAN_KIND.getKey(), "server").withTag(Tags.COMPONENT.getKey(), this.adapterName).start();
    }

    public AdditionalInfo getInfo(Principal principal) {
        HashMap hashMap = new HashMap();
        if (principal instanceof PreSharedKeyIdentity) {
            Span newSpan = newSpan("PSK-getDeviceIdentityInfo");
            PreSharedKeyDeviceIdentity handshakeIdentity = getHandshakeIdentity(newSpan, principal.getName());
            newSpan.setTag("tenant_id", handshakeIdentity.getTenantId()).setTag("device_id", handshakeIdentity.getAuthId());
            CompletableFuture completableFuture = new CompletableFuture();
            this.context.runOnContext(r8 -> {
                this.credentialsClientFactory.getOrCreateCredentialsClient(handshakeIdentity.getTenantId()).compose(credentialsClient -> {
                    return credentialsClient.get("psk", handshakeIdentity.getAuthId(), new JsonObject(), newSpan.context());
                }).setHandler(asyncResult -> {
                    if (asyncResult.succeeded()) {
                        completableFuture.complete((CredentialsObject) asyncResult.result());
                    } else {
                        completableFuture.completeExceptionally(asyncResult.cause());
                    }
                });
            });
            try {
                CredentialsObject credentialsObject = (CredentialsObject) completableFuture.join();
                hashMap.put("hono-device", new Device(handshakeIdentity.getTenantId(), credentialsObject.getDeviceId()));
                newSpan.setTag("device_id", credentialsObject.getDeviceId());
            } catch (CompletionException e) {
                LOG.debug("could not resolve authenticated principal [type: {}, tenant-id: {}, auth-id: {}]", new Object[]{principal.getClass(), handshakeIdentity.getTenantId(), handshakeIdentity.getAuthId(), e});
            }
            newSpan.finish();
        } else {
            LOG.info("unsupported Principal type: {}", principal.getClass());
        }
        return AdditionalInfo.from(hashMap);
    }

    public SecretKey getKey(PskPublicInformation pskPublicInformation) {
        SecretKey secretKey;
        Span newSpan = newSpan("PSK-getSecretKey");
        PreSharedKeyDeviceIdentity handshakeIdentity = getHandshakeIdentity(newSpan, pskPublicInformation.getPublicInfoAsString());
        if (handshakeIdentity == null) {
            newSpan.finish();
            return null;
        }
        newSpan.setTag("tenant_id", handshakeIdentity.getTenantId()).setTag("device_id", handshakeIdentity.getAuthId());
        CompletableFuture completableFuture = new CompletableFuture();
        this.context.runOnContext(r8 -> {
            LOG.debug("getting PSK secret for identity [{}]", handshakeIdentity.getAuthId());
            getSharedKeyForDevice(handshakeIdentity, newSpan.context()).setHandler(asyncResult -> {
                if (asyncResult.succeeded()) {
                    completableFuture.complete((SecretKey) asyncResult.result());
                } else {
                    completableFuture.completeExceptionally(asyncResult.cause());
                }
            });
        });
        try {
            secretKey = (SecretKey) completableFuture.join();
            newSpan.log("secret key available.");
        } catch (CompletionException e) {
            LOG.debug("error retrieving credentials for PSK identity [{}]", handshakeIdentity.getAuthId());
            secretKey = null;
            newSpan.log("no secret key available!");
        }
        newSpan.finish();
        return secretKey;
    }

    private Future<SecretKey> getSharedKeyForDevice(PreSharedKeyDeviceIdentity preSharedKeyDeviceIdentity, SpanContext spanContext) {
        return this.credentialsClientFactory.getOrCreateCredentialsClient(preSharedKeyDeviceIdentity.getTenantId()).compose(credentialsClient -> {
            return credentialsClient.get(preSharedKeyDeviceIdentity.getType(), preSharedKeyDeviceIdentity.getAuthId(), new JsonObject(), spanContext);
        }).compose(credentialsObject -> {
            return (Future) Optional.ofNullable(getCandidateKey(credentialsObject)).map(secretKey -> {
                return Future.succeededFuture(secretKey);
            }).orElseGet(() -> {
                return Future.failedFuture(new ClientErrorException(401, "no shared key registered for identity"));
            });
        });
    }

    public SecretKey getKey(ServerNames serverNames, PskPublicInformation pskPublicInformation) {
        return getKey(pskPublicInformation);
    }

    public PskPublicInformation getIdentity(InetSocketAddress inetSocketAddress) {
        throw new UnsupportedOperationException("this adapter does not support DTLS client role");
    }

    public PskPublicInformation getIdentity(InetSocketAddress inetSocketAddress, ServerNames serverNames) {
        throw new UnsupportedOperationException("this adapter does not support DTLS client role");
    }

    private PreSharedKeyDeviceIdentity getHandshakeIdentity(Span span, String str) {
        return PreSharedKeyDeviceIdentity.create(span, str, this.config.isSingleTenant() ? null : this.config.getIdSplitRegex());
    }
}
