package org.eclipse.californium.cli;

import java.io.IOException;
import java.io.PrintStream;
import java.net.InetSocketAddress;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TreeSet;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ExecutorService;
import javax.crypto.SecretKey;
import org.eclipse.californium.cli.ConnectorConfig;
import org.eclipse.californium.core.coap.CoAP;
import org.eclipse.californium.core.network.CoapEndpoint;
import org.eclipse.californium.core.network.EndpointManager;
import org.eclipse.californium.core.network.interceptors.MessageTracer;
import org.eclipse.californium.elements.Connector;
import org.eclipse.californium.elements.UDPConnector;
import org.eclipse.californium.elements.config.Configuration;
import org.eclipse.californium.elements.util.SslContextUtil;
import org.eclipse.californium.elements.util.StringUtil;
import org.eclipse.californium.scandium.DTLSConnector;
import org.eclipse.californium.scandium.config.DtlsConfig;
import org.eclipse.californium.scandium.config.DtlsConnectorConfig;
import org.eclipse.californium.scandium.dtls.CertificateType;
import org.eclipse.californium.scandium.dtls.ConnectionId;
import org.eclipse.californium.scandium.dtls.HandshakeResultHandler;
import org.eclipse.californium.scandium.dtls.PskPublicInformation;
import org.eclipse.californium.scandium.dtls.PskSecretResult;
import org.eclipse.californium.scandium.dtls.cipher.CipherSuite;
import org.eclipse.californium.scandium.dtls.pskstore.AdvancedPskStore;
import org.eclipse.californium.scandium.dtls.x509.SingleCertificateProvider;
import org.eclipse.californium.scandium.dtls.x509.StaticNewAdvancedCertificateVerifier;
import org.eclipse.californium.scandium.util.SecretUtil;
import org.eclipse.californium.scandium.util.ServerNames;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import picocli.CommandLine;

/* loaded from: input_file:org/eclipse/californium/cli/ClientInitializer.class */
public class ClientInitializer {
    private static final String DEFAULT_TCP_MODULE = "org.eclipse.californium.cli.tcp.netty.Initialize";
    private static final Logger LOGGER = LoggerFactory.getLogger(ClientInitializer.class);
    private static final List<String> loadErrors = new ArrayList();
    private static final Map<String, CliConnectorFactory> connectorFactories = new ConcurrentHashMap();
    private static final Set<String> registeredProtocols = new TreeSet();

    /* loaded from: input_file:org/eclipse/californium/cli/ClientInitializer$DtlsConnectorFactory.class */
    public static class DtlsConnectorFactory implements CliConnectorFactory {
        public static DtlsConnectorConfig.Builder createDtlsConfig(ClientBaseConfig clientBaseConfig) {
            Configuration configuration = clientBaseConfig.configuration;
            int intValue = clientBaseConfig.localPort == null ? 0 : clientBaseConfig.localPort.intValue();
            int i = 97;
            Integer num = clientBaseConfig.cidLength;
            if (num == null) {
                num = (Integer) configuration.get(DtlsConfig.DTLS_CONNECTION_ID_LENGTH);
            }
            if (num != null) {
                i = 97 + num.intValue();
            }
            if (clientBaseConfig.mtu != null && clientBaseConfig.recordSizeLimit == null) {
                clientBaseConfig.recordSizeLimit = Integer.valueOf(clientBaseConfig.mtu.intValue() - i);
            } else if (clientBaseConfig.mtu == null && clientBaseConfig.recordSizeLimit != null) {
                clientBaseConfig.mtu = Integer.valueOf(clientBaseConfig.recordSizeLimit.intValue() + i);
            }
            if (clientBaseConfig.mtu != null) {
                configuration.set(DtlsConfig.DTLS_MAX_TRANSMISSION_UNIT, clientBaseConfig.mtu);
            }
            if (clientBaseConfig.recordSizeLimit != null) {
                configuration.set(DtlsConfig.DTLS_RECORD_SIZE_LIMIT, clientBaseConfig.recordSizeLimit);
            }
            if (clientBaseConfig.cidLength != null) {
                configuration.set(DtlsConfig.DTLS_CONNECTION_ID_LENGTH, clientBaseConfig.cidLength);
            }
            if (clientBaseConfig.dtlsAutoHandshake != null) {
                configuration.setFromText(DtlsConfig.DTLS_AUTO_HANDSHAKE_TIMEOUT, clientBaseConfig.dtlsAutoHandshake);
                ClientInitializer.LOGGER.info("set [{}] to {}", DtlsConfig.DTLS_AUTO_HANDSHAKE_TIMEOUT.getKey(), configuration.getAsText(DtlsConfig.DTLS_AUTO_HANDSHAKE_TIMEOUT));
            }
            if (clientBaseConfig.noCertificatesSubjectVerification != null) {
                configuration.set(DtlsConfig.DTLS_VERIFY_SERVER_CERTIFICATES_SUBJECT, Boolean.valueOf(!clientBaseConfig.noCertificatesSubjectVerification.booleanValue()));
            }
            if (clientBaseConfig.noServerNameIndication != null) {
                configuration.set(DtlsConfig.DTLS_USE_SERVER_NAME_INDICATION, Boolean.valueOf(!clientBaseConfig.noServerNameIndication.booleanValue()));
            }
            if (clientBaseConfig.extendedMasterSecretMode != null) {
                configuration.set(DtlsConfig.DTLS_EXTENDED_MASTER_SECRET_MODE, clientBaseConfig.extendedMasterSecretMode);
            }
            DtlsConnectorConfig.Builder builder = DtlsConnectorConfig.builder(configuration);
            boolean z = false;
            ArrayList arrayList = new ArrayList();
            ArrayList arrayList2 = new ArrayList();
            Iterator<ConnectorConfig.AuthenticationMode> it = clientBaseConfig.authenticationModes.iterator();
            while (it.hasNext()) {
                switch (it.next()) {
                    case PSK:
                        z = true;
                        arrayList.add(CipherSuite.KeyExchangeAlgorithm.PSK);
                        break;
                    case RPK:
                        arrayList2.add(CertificateType.RAW_PUBLIC_KEY);
                        arrayList.add(CipherSuite.KeyExchangeAlgorithm.EC_DIFFIE_HELLMAN);
                        builder.setAdvancedCertificateVerifier(StaticNewAdvancedCertificateVerifier.builder().setTrustAllRPKs().build());
                        break;
                    case X509:
                        arrayList2.add(CertificateType.X_509);
                        builder.setAdvancedCertificateVerifier(StaticNewAdvancedCertificateVerifier.builder().setTrustedCertificates(clientBaseConfig.trust.trusts).build());
                        arrayList.add(CipherSuite.KeyExchangeAlgorithm.EC_DIFFIE_HELLMAN);
                        break;
                    case ECDHE_PSK:
                        z = true;
                        arrayList.add(CipherSuite.KeyExchangeAlgorithm.ECDHE_PSK);
                        break;
                }
            }
            if (clientBaseConfig.authentication != null && clientBaseConfig.authentication.credentials != null) {
                SslContextUtil.Credentials credentials = clientBaseConfig.authentication.credentials;
                if (arrayList2.contains(CertificateType.X_509)) {
                    builder.setCertificateIdentityProvider(new SingleCertificateProvider(credentials.getPrivateKey(), credentials.getCertificateChain(), arrayList2));
                } else if (arrayList2.contains(CertificateType.RAW_PUBLIC_KEY)) {
                    builder.setCertificateIdentityProvider(new SingleCertificateProvider(credentials.getPrivateKey(), credentials.getPublicKey()));
                }
            }
            if (z) {
                if (clientBaseConfig.identity != null) {
                    builder.setAdvancedPskStore(new PlugPskStore(clientBaseConfig.identity, clientBaseConfig.getPskSecretKey()));
                } else {
                    byte[] bArr = new byte[8];
                    new SecureRandom().nextBytes(bArr);
                    builder.setAdvancedPskStore(new PlugPskStore(StringUtil.byteArray2Hex(bArr)));
                }
            }
            if (clientBaseConfig.cipherSuites != null && !clientBaseConfig.cipherSuites.isEmpty()) {
                builder.set(DtlsConfig.DTLS_CIPHER_SUITES, clientBaseConfig.cipherSuites);
                if (clientBaseConfig.verbose) {
                    System.out.println("cipher suites:");
                    ClientInitializer.print("   ", 50, clientBaseConfig.cipherSuites, System.out);
                }
            } else if (!arrayList.isEmpty()) {
                boolean booleanValue = ((Boolean) configuration.get(DtlsConfig.DTLS_RECOMMENDED_CIPHER_SUITES_ONLY)).booleanValue();
                List list = (List) configuration.get(DtlsConfig.DTLS_PRESELECTED_CIPHER_SUITES);
                List cipherSuitesByKeyExchangeAlgorithm = CipherSuite.getCipherSuitesByKeyExchangeAlgorithm(booleanValue, true, arrayList);
                if (list != null && !list.isEmpty()) {
                    cipherSuitesByKeyExchangeAlgorithm = CipherSuite.preselectCipherSuites(list, cipherSuitesByKeyExchangeAlgorithm);
                }
                builder.set(DtlsConfig.DTLS_PRESELECTED_CIPHER_SUITES, cipherSuitesByKeyExchangeAlgorithm);
            }
            builder.setAddress(new InetSocketAddress(intValue));
            return builder;
        }

        @Override // org.eclipse.californium.cli.CliConnectorFactory
        public Connector create(ClientBaseConfig clientBaseConfig, ExecutorService executorService) {
            DTLSConnector dTLSConnector = new DTLSConnector(createDtlsConfig(clientBaseConfig).build());
            if (executorService != null) {
                dTLSConnector.setExecutor(executorService);
            }
            return dTLSConnector;
        }
    }

    /* loaded from: input_file:org/eclipse/californium/cli/ClientInitializer$PlugPskStore.class */
    public static class PlugPskStore implements AdvancedPskStore {
        private final PskPublicInformation identity;
        private final SecretKey secret;

        public PlugPskStore(String str, byte[] bArr) {
            this.identity = new PskPublicInformation(str);
            this.secret = bArr == null ? ConnectorConfig.PSK_SECRET : SecretUtil.create(bArr, "PSK");
            ClientInitializer.LOGGER.trace("DTLS-PSK-Identity: {}", this.identity);
        }

        public PlugPskStore(String str, SecretKey secretKey) {
            this.identity = new PskPublicInformation(str);
            this.secret = secretKey == null ? ConnectorConfig.PSK_SECRET : SecretUtil.create(secretKey);
            ClientInitializer.LOGGER.trace("DTLS-PSK-Identity: {}", this.identity);
        }

        public PlugPskStore(String str) {
            this.identity = new PskPublicInformation(ConnectorConfig.PSK_IDENTITY_PREFIX + str);
            this.secret = null;
            ClientInitializer.LOGGER.trace("DTLS-PSK-Identity: {} ({} random bytes)", this.identity, Integer.valueOf(str.length() / 2));
        }

        public boolean hasEcdhePskSupported() {
            return true;
        }

        public PskSecretResult requestPskSecretResult(ConnectionId connectionId, ServerNames serverNames, PskPublicInformation pskPublicInformation, String str, SecretKey secretKey, byte[] bArr, boolean z) {
            SecretKey secretKey2 = null;
            if (this.identity.equals(pskPublicInformation)) {
                secretKey2 = (this.secret == null && pskPublicInformation.getPublicInfoAsString().startsWith(ConnectorConfig.PSK_IDENTITY_PREFIX)) ? SecretUtil.create(ConnectorConfig.PSK_SECRET) : SecretUtil.create(this.secret);
            }
            return new PskSecretResult(connectionId, this.identity, secretKey2);
        }

        public PskPublicInformation getIdentity(InetSocketAddress inetSocketAddress, ServerNames serverNames) {
            return this.identity;
        }

        public void setResultHandler(HandshakeResultHandler handshakeResultHandler) {
        }
    }

    /* loaded from: input_file:org/eclipse/californium/cli/ClientInitializer$UdpConnectorFactory.class */
    public static class UdpConnectorFactory implements CliConnectorFactory {
        @Override // org.eclipse.californium.cli.CliConnectorFactory
        public Connector create(ClientBaseConfig clientBaseConfig, ExecutorService executorService) {
            return new UDPConnector(new InetSocketAddress(clientBaseConfig.localPort == null ? 0 : clientBaseConfig.localPort.intValue()), clientBaseConfig.configuration);
        }
    }

    public static CliConnectorFactory registerConnectorFactory(String str, CliConnectorFactory cliConnectorFactory) {
        registeredProtocols.add(str);
        return connectorFactories.put(str, cliConnectorFactory);
    }

    public static CliConnectorFactory unregisterConnectorFactory(String str) {
        registeredProtocols.remove(str);
        return connectorFactories.remove(str);
    }

    public static void init(String[] strArr, ClientBaseConfig clientBaseConfig) throws IOException {
        init(strArr, clientBaseConfig, true);
    }

    public static void init(String[] strArr, ClientBaseConfig clientBaseConfig, boolean z) throws IOException {
        CommandLine commandLine = new CommandLine(clientBaseConfig);
        clientBaseConfig.register(commandLine);
        try {
            if (commandLine.parseArgs(strArr).isVersionHelpRequested()) {
                System.out.println("\nCalifornium (Cf) " + commandLine.getCommandName() + " " + (StringUtil.CALIFORNIUM_VERSION == null ? "" : StringUtil.CALIFORNIUM_VERSION));
                commandLine.printVersionHelp(System.out);
                System.out.println();
            }
            clientBaseConfig.defaults();
            if (clientBaseConfig.helpRequested) {
                commandLine.usage(System.out);
                if (clientBaseConfig.authHelpRequested) {
                    System.out.println();
                    System.out.println("   --auth: values");
                    print("      ", 60, Arrays.asList(ConnectorConfig.AuthenticationMode.values()), System.out);
                }
                if (clientBaseConfig.cipherHelpRequested) {
                    ArrayList arrayList = new ArrayList();
                    for (CipherSuite cipherSuite : CipherSuite.values()) {
                        if (cipherSuite.isSupported() && !CipherSuite.TLS_NULL_WITH_NULL_NULL.equals(cipherSuite)) {
                            arrayList.add(cipherSuite);
                        }
                    }
                    System.out.println();
                    System.out.println("   --cipher: values");
                    print("      ", 60, arrayList, System.out);
                    return;
                }
                return;
            }
        } catch (CommandLine.ParameterException e) {
            e.printStackTrace();
            System.err.println(e.getMessage());
            System.err.println();
            commandLine.usage(System.err);
            System.err.println();
            StringBuilder sb = new StringBuilder();
            for (String str : strArr) {
                sb.append(str).append(" ");
            }
            System.err.println(sb);
            System.exit(-1);
        }
        if (z) {
            registerEndpoint(clientBaseConfig, null);
        }
    }

    public static void registerEndpoint(ClientBaseConfig clientBaseConfig, ExecutorService executorService) throws IOException {
        CoapEndpoint createEndpoint = createEndpoint(clientBaseConfig, null);
        createEndpoint.start();
        LOGGER.info("endpoint started at {}", createEndpoint.getAddress());
        EndpointManager.getEndpointManager().setDefaultEndpoint(createEndpoint);
    }

    public static CoapEndpoint createEndpoint(ClientBaseConfig clientBaseConfig, ExecutorService executorService) {
        String schemeFromUri = CoAP.getSchemeFromUri(clientBaseConfig.uri);
        if (schemeFromUri == null) {
            throw new IllegalArgumentException("Missing scheme in " + clientBaseConfig.uri);
        }
        String protocolForScheme = CoAP.getProtocolForScheme(schemeFromUri);
        if (protocolForScheme == null) {
            throw new IllegalArgumentException("Scheme '" + schemeFromUri + "' is unknown!");
        }
        CliConnectorFactory cliConnectorFactory = connectorFactories.get(protocolForScheme);
        if (cliConnectorFactory == null) {
            if (CoAP.isTcpProtocol(protocolForScheme) && loadErrors.contains(DEFAULT_TCP_MODULE)) {
                throw new IllegalArgumentException("Protocol '" + protocolForScheme + " is not supported! TCP-module not found!");
            }
            throw new IllegalArgumentException("Protocol '" + protocolForScheme + "' is not supported!");
        }
        CoapEndpoint.Builder builder = new CoapEndpoint.Builder();
        builder.setLoggingTag(clientBaseConfig.tag);
        builder.setConnector(cliConnectorFactory.create(clientBaseConfig, executorService));
        builder.setConfiguration(clientBaseConfig.configuration);
        CoapEndpoint build = builder.build();
        if (clientBaseConfig.verbose) {
            build.addInterceptor(new MessageTracer());
        }
        return build;
    }

    public static void print(String str, int i, List<?> list, PrintStream printStream) {
        StringBuilder sb = new StringBuilder();
        sb.append(str);
        Iterator<?> it = list.iterator();
        while (it.hasNext()) {
            String obj = it.next().toString();
            if (sb.length() + obj.length() > i) {
                printStream.println(sb);
                sb.setLength(str.length());
            }
            sb.append(obj).append(" ");
        }
        printStream.println(sb);
    }

    static {
        connectorFactories.put("UDP", new UdpConnectorFactory());
        connectorFactories.put("DTLS", new DtlsConnectorFactory());
        String configuration = StringUtil.getConfiguration("CONNECTOR_FACTORIES");
        if (configuration == null) {
            configuration = DEFAULT_TCP_MODULE;
        }
        if (configuration.isEmpty()) {
            return;
        }
        for (String str : configuration.split("#")) {
            registeredProtocols.clear();
            try {
                Class.forName(str);
            } catch (ClassNotFoundException e) {
                loadErrors.add(str);
            }
            if (!registeredProtocols.isEmpty()) {
                LOGGER.info("loaded {} - {}", str, registeredProtocols);
                registeredProtocols.clear();
            }
        }
    }
}
