package org.eclipse.hono.adapter.coap;

import io.opentracing.Span;
import io.opentracing.Tracer;
import io.opentracing.tag.Tags;
import io.vertx.core.Context;
import io.vertx.core.Future;
import io.vertx.core.json.JsonObject;
import java.net.InetSocketAddress;
import java.security.Principal;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Objects;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionException;
import javax.crypto.SecretKey;
import org.eclipse.californium.elements.auth.AdditionalInfo;
import org.eclipse.californium.elements.auth.PreSharedKeyIdentity;
import org.eclipse.californium.scandium.auth.AdvancedApplicationLevelInfoSupplier;
import org.eclipse.californium.scandium.auth.ApplicationLevelInfoSupplier;
import org.eclipse.californium.scandium.dtls.ConnectionId;
import org.eclipse.californium.scandium.dtls.PskPublicInformation;
import org.eclipse.californium.scandium.dtls.PskSecretResult;
import org.eclipse.californium.scandium.dtls.PskSecretResultHandler;
import org.eclipse.californium.scandium.dtls.pskstore.AdvancedPskStore;
import org.eclipse.californium.scandium.util.SecretUtil;
import org.eclipse.californium.scandium.util.ServerNames;
import org.eclipse.hono.adapter.client.registry.CredentialsClient;
import org.eclipse.hono.adapter.client.registry.TenantClient;
import org.eclipse.hono.auth.Device;
import org.eclipse.hono.tracing.TenantTraceSamplingHelper;
import org.eclipse.hono.tracing.TracingHelper;
import org.eclipse.hono.util.CredentialsObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/hono/adapter/coap/DefaultDeviceResolver.class */
public class DefaultDeviceResolver implements ApplicationLevelInfoSupplier, AdvancedPskStore, AdvancedApplicationLevelInfoSupplier {
    public static final String EXT_INFO_KEY_HONO_AUTH_ID = "hono-auth-id";
    public static final String EXT_INFO_KEY_HONO_DEVICE = "hono-device";
    private static final Logger LOG = LoggerFactory.getLogger(DefaultDeviceResolver.class);
    private final Context context;
    private final Tracer tracer;
    private final String adapterName;
    private final CoapAdapterProperties config;
    private final CredentialsClient credentialsClient;
    private final TenantClient tenantClient;
    private volatile PskSecretResultHandler californiumResultHandler;

    public DefaultDeviceResolver(Context context, Tracer tracer, String str, CoapAdapterProperties coapAdapterProperties, CredentialsClient credentialsClient, TenantClient tenantClient) {
        this.context = (Context) Objects.requireNonNull(context);
        this.tracer = (Tracer) Objects.requireNonNull(tracer);
        this.adapterName = (String) Objects.requireNonNull(str);
        this.config = (CoapAdapterProperties) Objects.requireNonNull(coapAdapterProperties);
        this.credentialsClient = (CredentialsClient) Objects.requireNonNull(credentialsClient);
        this.tenantClient = (TenantClient) Objects.requireNonNull(tenantClient);
    }

    private static SecretKey getCandidateKey(CredentialsObject credentialsObject) {
        return (SecretKey) credentialsObject.getCandidateSecrets(jsonObject -> {
            return getKey(jsonObject);
        }).stream().findFirst().orElse(null);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static SecretKey getKey(JsonObject jsonObject) {
        try {
            byte[] binary = jsonObject.getBinary("key");
            SecretKey create = SecretUtil.create(binary, "PSK");
            Arrays.fill(binary, (byte) 0);
            return create;
        } catch (ClassCastException | IllegalArgumentException e) {
            return null;
        }
    }

    private Span newSpan(String str) {
        return this.tracer.buildSpan(str).withTag(Tags.SPAN_KIND.getKey(), "server").withTag(Tags.COMPONENT.getKey(), this.adapterName).start();
    }

    public AdditionalInfo getInfo(Principal principal) {
        return getInfo(principal, null);
    }

    public AdditionalInfo getInfo(Principal principal, Object obj) {
        HashMap hashMap = new HashMap();
        if (!(principal instanceof PreSharedKeyIdentity)) {
            LOG.info("unsupported Principal type: {}", principal.getClass());
        } else if (obj instanceof String) {
            PreSharedKeyDeviceIdentity handshakeIdentity = getHandshakeIdentity(principal.getName(), null);
            hashMap.put(EXT_INFO_KEY_HONO_DEVICE, new Device(handshakeIdentity.getTenantId(), (String) obj));
            hashMap.put(EXT_INFO_KEY_HONO_AUTH_ID, handshakeIdentity.getAuthId());
        } else {
            Span newSpan = newSpan("PSK-getDeviceIdentityInfo");
            PreSharedKeyDeviceIdentity handshakeIdentity2 = getHandshakeIdentity(principal.getName(), newSpan);
            TracingHelper.TAG_TENANT_ID.set(newSpan, handshakeIdentity2.getTenantId());
            TracingHelper.TAG_AUTH_ID.set(newSpan, handshakeIdentity2.getAuthId());
            CompletableFuture completableFuture = new CompletableFuture();
            this.context.runOnContext(r9 -> {
                applyTraceSamplingPriority(handshakeIdentity2, newSpan).compose(r10 -> {
                    return this.credentialsClient.get(handshakeIdentity2.getTenantId(), "psk", handshakeIdentity2.getAuthId(), new JsonObject(), newSpan.context());
                }).onSuccess(credentialsObject -> {
                    completableFuture.complete(credentialsObject);
                }).onFailure(th -> {
                    completableFuture.completeExceptionally(th);
                });
            });
            try {
                CredentialsObject credentialsObject = (CredentialsObject) completableFuture.join();
                hashMap.put(EXT_INFO_KEY_HONO_DEVICE, new Device(handshakeIdentity2.getTenantId(), credentialsObject.getDeviceId()));
                hashMap.put(EXT_INFO_KEY_HONO_AUTH_ID, handshakeIdentity2.getAuthId());
                newSpan.log("successfully resolved device identity");
                TracingHelper.TAG_DEVICE_ID.set(newSpan, credentialsObject.getDeviceId());
            } catch (CompletionException e) {
                TracingHelper.logError(newSpan, "could not resolve authenticated principal", e);
                LOG.debug("could not resolve authenticated principal [type: {}, tenant-id: {}, auth-id: {}]", new Object[]{principal.getClass(), handshakeIdentity2.getTenantId(), handshakeIdentity2.getAuthId(), e});
            }
            newSpan.finish();
        }
        return AdditionalInfo.from(hashMap);
    }

    private void loadCredentialsForDevice(ConnectionId connectionId, PskPublicInformation pskPublicInformation) {
        String publicInfoAsString = pskPublicInformation.getPublicInfoAsString();
        LOG.debug("getting PSK secret for identity [{}]", publicInfoAsString);
        Span newSpan = newSpan("PSK-getDeviceCredentials");
        PreSharedKeyDeviceIdentity handshakeIdentity = getHandshakeIdentity(publicInfoAsString, newSpan);
        if (handshakeIdentity == null) {
            newSpan.finish();
            return;
        }
        TracingHelper.TAG_TENANT_ID.set(newSpan, handshakeIdentity.getTenantId());
        TracingHelper.TAG_AUTH_ID.set(newSpan, handshakeIdentity.getAuthId());
        applyTraceSamplingPriority(handshakeIdentity, newSpan).compose(r10 -> {
            return this.credentialsClient.get(handshakeIdentity.getTenantId(), handshakeIdentity.getType(), handshakeIdentity.getAuthId(), new JsonObject(), newSpan.context());
        }).map(credentialsObject -> {
            String deviceId = credentialsObject.getDeviceId();
            TracingHelper.TAG_DEVICE_ID.set(newSpan, deviceId);
            SecretKey candidateKey = getCandidateKey(credentialsObject);
            if (candidateKey == null) {
                TracingHelper.logError(newSpan, "PSK credentials for device do not contain proper key");
                return new PskSecretResult(connectionId, pskPublicInformation, (SecretKey) null, (Object) null);
            }
            newSpan.log("successfully retrieved PSK for device");
            return new PskSecretResult(connectionId, pskPublicInformation, candidateKey, deviceId);
        }).otherwise(th -> {
            TracingHelper.logError(newSpan, "could not retrieve PSK credentials for device", th);
            LOG.debug("error retrieving credentials for PSK identity [{}]", publicInfoAsString, th);
            return new PskSecretResult(connectionId, pskPublicInformation, (SecretKey) null, (Object) null);
        }).onSuccess(pskSecretResult -> {
            newSpan.finish();
            this.californiumResultHandler.apply(pskSecretResult);
        });
    }

    private Future<Void> applyTraceSamplingPriority(PreSharedKeyDeviceIdentity preSharedKeyDeviceIdentity, Span span) {
        return this.tenantClient.get(preSharedKeyDeviceIdentity.getTenantId(), span.context()).map(tenantObject -> {
            TracingHelper.setDeviceTags(span, tenantObject.getTenantId(), (String) null, preSharedKeyDeviceIdentity.getAuthId());
            TenantTraceSamplingHelper.applyTraceSamplingPriority(tenantObject, preSharedKeyDeviceIdentity.getAuthId(), span);
            return (Void) null;
        }).recover(th -> {
            return Future.succeededFuture();
        });
    }

    public PskPublicInformation getIdentity(InetSocketAddress inetSocketAddress, ServerNames serverNames) {
        throw new UnsupportedOperationException("this adapter does not support DTLS client role");
    }

    private PreSharedKeyDeviceIdentity getHandshakeIdentity(String str, Span span) {
        return PreSharedKeyDeviceIdentity.create(str, this.config.getIdSplitRegex(), span);
    }

    public boolean hasEcdhePskSupported() {
        return true;
    }

    public PskSecretResult requestPskSecretResult(ConnectionId connectionId, ServerNames serverNames, PskPublicInformation pskPublicInformation, String str, SecretKey secretKey, byte[] bArr) {
        this.context.runOnContext(r7 -> {
            loadCredentialsForDevice(connectionId, pskPublicInformation);
        });
        return null;
    }

    public void setResultHandler(PskSecretResultHandler pskSecretResultHandler) {
        this.californiumResultHandler = pskSecretResultHandler;
    }
}
