package net.solarnetwork.node.setup.stomp.server;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.netty.buffer.ByteBufUtil;
import io.netty.channel.Channel;
import io.netty.channel.ChannelFuture;
import io.netty.channel.ChannelFutureListener;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelInboundHandlerAdapter;
import io.netty.handler.codec.stomp.DefaultStompFrame;
import io.netty.handler.codec.stomp.StompCommand;
import io.netty.handler.codec.stomp.StompFrame;
import io.netty.handler.codec.stomp.StompHeaders;
import io.netty.util.ReferenceCountUtil;
import io.netty.util.concurrent.Future;
import io.netty.util.concurrent.GenericFutureListener;
import java.time.Instant;
import java.time.format.DateTimeParseException;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.Executor;
import java.util.concurrent.atomic.AtomicInteger;
import net.solarnetwork.domain.InstructionStatus;
import net.solarnetwork.node.reactor.Instruction;
import net.solarnetwork.node.reactor.InstructionStatus;
import net.solarnetwork.node.reactor.InstructionUtils;
import net.solarnetwork.node.setup.UserAuthenticationInfo;
import net.solarnetwork.node.setup.stomp.SetupHeader;
import net.solarnetwork.node.setup.stomp.SetupStatus;
import net.solarnetwork.node.setup.stomp.SetupTopic;
import net.solarnetwork.node.setup.stomp.StompHeader;
import net.solarnetwork.node.setup.stomp.StompUtils;
import net.solarnetwork.security.AuthorizationUtils;
import net.solarnetwork.security.SnsAuthorizationBuilder;
import net.solarnetwork.security.SnsAuthorizationInfo;
import net.solarnetwork.util.NumberUtils;
import org.apache.commons.codec.digest.DigestUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;

/* loaded from: input_file:net/solarnetwork/node/setup/stomp/server/StompSetupServerHandler.class */
public class StompSetupServerHandler extends ChannelInboundHandlerAdapter {
    public static final String SERVER_VERSION = "1.0.0";
    public static final int DEFAULT_MAX_AUTH_DATE_SKEW_SECONDS = 300;
    private static final Set<String> STOMP_HEADER_NAMES = createStompHeaderNames();
    private static final Set<String> SETUP_HEADER_NAMES = createSetupHeaderNames();
    private final AtomicInteger messageIds;
    private final StompSetupServerService serverService;
    private final ObjectMapper objectMapper;
    private final Executor executor;
    private final ConcurrentMap<UUID, SetupSession> sessions;
    private int maxAuthDateSkewSeconds;
    private final Logger log;

    /* renamed from: net.solarnetwork.node.setup.stomp.server.StompSetupServerHandler$4, reason: invalid class name */
    /* loaded from: input_file:net/solarnetwork/node/setup/stomp/server/StompSetupServerHandler$4.class */
    static /* synthetic */ class AnonymousClass4 {
        static final /* synthetic */ int[] $SwitchMap$io$netty$handler$codec$stomp$StompCommand = new int[StompCommand.values().length];

        static {
            try {
                $SwitchMap$io$netty$handler$codec$stomp$StompCommand[StompCommand.STOMP.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$io$netty$handler$codec$stomp$StompCommand[StompCommand.CONNECT.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$io$netty$handler$codec$stomp$StompCommand[StompCommand.SEND.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$io$netty$handler$codec$stomp$StompCommand[StompCommand.SUBSCRIBE.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
        }
    }

    public StompSetupServerHandler(StompSetupServerService stompSetupServerService, ObjectMapper objectMapper, Executor executor) {
        this(new ConcurrentHashMap(4, 0.9f, 1), stompSetupServerService, objectMapper, executor);
    }

    public StompSetupServerHandler(ConcurrentMap<UUID, SetupSession> concurrentMap, StompSetupServerService stompSetupServerService, ObjectMapper objectMapper, Executor executor) {
        this.messageIds = new AtomicInteger(0);
        this.maxAuthDateSkewSeconds = DEFAULT_MAX_AUTH_DATE_SKEW_SECONDS;
        this.log = LoggerFactory.getLogger(getClass());
        if (concurrentMap == null) {
            throw new IllegalArgumentException("The sessions argument must not be null.");
        }
        this.sessions = concurrentMap;
        if (stompSetupServerService == null) {
            throw new IllegalArgumentException("The serverService argument must not be null.");
        }
        this.serverService = stompSetupServerService;
        if (objectMapper == null) {
            throw new IllegalArgumentException("The objectMapper argument must not be null.");
        }
        this.objectMapper = objectMapper;
        if (executor == null) {
            throw new IllegalArgumentException("The executor argument must not be null.");
        }
        this.executor = executor;
    }

    private static Set<String> createStompHeaderNames() {
        LinkedHashSet linkedHashSet = new LinkedHashSet(20);
        linkedHashSet.add(StompHeaders.ACCEPT_VERSION.toString());
        linkedHashSet.add(StompHeaders.HOST.toString());
        linkedHashSet.add(StompHeaders.LOGIN.toString());
        linkedHashSet.add(StompHeaders.PASSCODE.toString());
        linkedHashSet.add(StompHeaders.HEART_BEAT.toString());
        linkedHashSet.add(StompHeaders.VERSION.toString());
        linkedHashSet.add(StompHeaders.SESSION.toString());
        linkedHashSet.add(StompHeaders.SERVER.toString());
        linkedHashSet.add(StompHeaders.DESTINATION.toString());
        linkedHashSet.add(StompHeaders.ID.toString());
        linkedHashSet.add(StompHeaders.ACK.toString());
        linkedHashSet.add(StompHeaders.TRANSACTION.toString());
        linkedHashSet.add(StompHeaders.RECEIPT.toString());
        linkedHashSet.add(StompHeaders.MESSAGE_ID.toString());
        linkedHashSet.add(StompHeaders.SUBSCRIPTION.toString());
        linkedHashSet.add(StompHeaders.RECEIPT_ID.toString());
        linkedHashSet.add(StompHeaders.MESSAGE.toString());
        linkedHashSet.add(StompHeaders.CONTENT_LENGTH.toString());
        linkedHashSet.add(StompHeaders.CONTENT_TYPE.toString());
        return Collections.unmodifiableSet(linkedHashSet);
    }

    private static Set<String> createSetupHeaderNames() {
        LinkedHashSet linkedHashSet = new LinkedHashSet(8);
        for (SetupHeader setupHeader : SetupHeader.values()) {
            linkedHashSet.add(setupHeader.getValue());
        }
        return Collections.unmodifiableSet(linkedHashSet);
    }

    public void channelRead(ChannelHandlerContext channelHandlerContext, Object obj) {
        try {
            StompFrame stompFrame = obj instanceof StompFrame ? (StompFrame) obj : null;
            if (stompFrame == null) {
                return;
            }
            this.log.debug("Got stomp message: {}", stompFrame);
            SetupSession sessionForChannel = sessionForChannel(channelHandlerContext.channel());
            if (sessionForChannel == null) {
                setupSession(channelHandlerContext, stompFrame);
                ReferenceCountUtil.release(obj);
                return;
            }
            switch (AnonymousClass4.$SwitchMap$io$netty$handler$codec$stomp$StompCommand[stompFrame.command().ordinal()]) {
                case 1:
                case 2:
                    sendError(channelHandlerContext, "Already connected.");
                    break;
                case 3:
                    handleSend(channelHandlerContext, stompFrame, sessionForChannel);
                    break;
                case 4:
                    handleSubscribe(channelHandlerContext, stompFrame, sessionForChannel);
                    break;
                default:
                    sendError(channelHandlerContext, "Unsupported STOMP command");
                    break;
            }
            ReferenceCountUtil.release(obj);
        } finally {
            ReferenceCountUtil.release(obj);
        }
    }

    private SetupSession sessionForChannel(Channel channel) {
        return this.sessions.values().stream().filter(setupSession -> {
            return setupSession.getChannel() == channel;
        }).findAny().orElse(null);
    }

    private void setupSession(ChannelHandlerContext channelHandlerContext, StompFrame stompFrame) {
        if (stompFrame.command() != StompCommand.CONNECT && stompFrame.command() != StompCommand.STOMP) {
            sendError(channelHandlerContext, "Must start with CONNECT or STOMP frame.");
            return;
        }
        String asString = stompFrame.headers().getAsString(StompHeaders.LOGIN);
        if (asString == null || asString.isEmpty()) {
            sendError(channelHandlerContext, "The login header is required.");
            return;
        }
        UserAuthenticationInfo authenticationInfo = this.serverService.getUserService().authenticationInfo(asString);
        if (authenticationInfo == null) {
            sendError(channelHandlerContext, "Unauthorized.");
            return;
        }
        Channel channel = channelHandlerContext.channel();
        SetupSession setupSession = new SetupSession(asString, channel);
        final UUID sessionId = setupSession.getSessionId();
        this.sessions.put(setupSession.getSessionId(), setupSession);
        channel.closeFuture().addListener(new ChannelFutureListener() { // from class: net.solarnetwork.node.setup.stomp.server.StompSetupServerHandler.1
            public void operationComplete(ChannelFuture channelFuture) {
                StompSetupServerHandler.this.sessions.remove(sessionId);
            }
        });
        DefaultStompFrame defaultStompFrame = new DefaultStompFrame(StompCommand.CONNECTED);
        defaultStompFrame.headers().set(StompHeaders.VERSION, "1.2");
        defaultStompFrame.headers().set(StompHeaders.SERVER, "SolarNode-Setup/1.0.0");
        defaultStompFrame.headers().set(StompHeaders.SESSION, setupSession.getSessionId().toString());
        defaultStompFrame.headers().set(StompHeaders.MESSAGE, "Please authenticate.");
        defaultStompFrame.headers().set(SetupHeader.Authenticate.getValue(), "SNS");
        defaultStompFrame.headers().set(SetupHeader.AuthHash.getValue(), StompUtils.encodeStompHeaderValue(authenticationInfo.getHashAlgorithm()));
        for (Map.Entry entry : authenticationInfo.getHashParameters().entrySet()) {
            Object value = entry.getValue();
            if (value != null) {
                defaultStompFrame.headers().set("auth-hash-param-" + ((String) entry.getKey()), StompUtils.encodeStompHeaderValue(value.toString()));
            }
        }
        channelHandlerContext.writeAndFlush(defaultStompFrame);
    }

    private void handleSubscribe(ChannelHandlerContext channelHandlerContext, StompFrame stompFrame, SetupSession setupSession) {
        if (!setupSession.isAuthenticated()) {
            sendError(channelHandlerContext, "Not authorized.");
            return;
        }
        String decodeStompHeaderValue = StompUtils.decodeStompHeaderValue(stompFrame.headers().getAsString(StompHeaders.ID));
        if (decodeStompHeaderValue == null || decodeStompHeaderValue.isEmpty()) {
            sendError(channelHandlerContext, "Missing id header.");
            return;
        }
        String decodeStompHeaderValue2 = StompUtils.decodeStompHeaderValue(stompFrame.headers().getAsString(StompHeaders.DESTINATION));
        if (decodeStompHeaderValue2 == null || decodeStompHeaderValue2.isEmpty()) {
            sendError(channelHandlerContext, "Missing destination header.");
        } else {
            setupSession.addSubscription(decodeStompHeaderValue, decodeStompHeaderValue2);
        }
    }

    private void handleSend(ChannelHandlerContext channelHandlerContext, StompFrame stompFrame, SetupSession setupSession) {
        String decodeStompHeaderValue = StompUtils.decodeStompHeaderValue(stompFrame.headers().getAsString(StompHeaders.DESTINATION));
        if (decodeStompHeaderValue == null || decodeStompHeaderValue.isEmpty()) {
            sendError(channelHandlerContext, "Missing destination header.");
            return;
        }
        if (setupSession.isAuthenticated()) {
            executeInstruction(channelHandlerContext, stompFrame, setupSession, headerMap(stompFrame), decodeStompHeaderValue, "SystemConfigure");
        } else if (SetupTopic.Authenticate.getValue().equals(decodeStompHeaderValue)) {
            authenticate(channelHandlerContext, stompFrame, setupSession);
        } else {
            sendError(channelHandlerContext, "Not authorized.");
        }
    }

    private void authenticate(ChannelHandlerContext channelHandlerContext, StompFrame stompFrame, SetupSession setupSession) {
        String decodeStompHeaderValue = StompUtils.decodeStompHeaderValue(stompFrame.headers().getAsString(SetupHeader.Date.getValue()));
        if (decodeStompHeaderValue == null) {
            sendError(channelHandlerContext, "Missing date header.");
            return;
        }
        try {
            Instant instant = (Instant) AuthorizationUtils.AUTHORIZATION_DATE_HEADER_FORMATTER.parse(decodeStompHeaderValue, Instant::from);
            int i = this.maxAuthDateSkewSeconds;
            if (i > 0 && Math.abs(System.currentTimeMillis() - instant.toEpochMilli()) > i * 1000) {
                sendError(channelHandlerContext, "Invalidate date header value: too much skew.");
                return;
            }
            try {
                SnsAuthorizationInfo forAuthorizationHeader = SnsAuthorizationInfo.forAuthorizationHeader(StompUtils.decodeStompHeaderValue(stompFrame.headers().getAsString(SetupHeader.Authorization.getValue())));
                if (!"SNS".equals(forAuthorizationHeader.getScheme())) {
                    throw new IllegalArgumentException("Unsupported authorization scheme.");
                }
                if (!setupSession.getLogin().equals(forAuthorizationHeader.getIdentifier())) {
                    sendError(channelHandlerContext, "Authorization denied: credential does not match session login.");
                    return;
                }
                SnsAuthorizationBuilder path = new SnsAuthorizationBuilder(setupSession.getLogin()).date(instant).verb(StompCommand.SEND.toString()).path(SetupTopic.Authenticate.getValue());
                for (String str : forAuthorizationHeader.getHeaderNames()) {
                    path.header(str, new String[]{StompUtils.decodeStompHeaderValue(stompFrame.headers().getAsString(str))});
                }
                UserDetails loadUserByUsername = this.serverService.getUserDetailsService().loadUserByUsername(setupSession.getLogin());
                if (loadUserByUsername == null) {
                    sendError(channelHandlerContext, "Authorization denied: user not available.");
                    return;
                }
                String password = loadUserByUsername.getPassword();
                if (password == null) {
                    sendError(channelHandlerContext, "Authorization deined: user unavailable.");
                } else if (!path.buildSignature(DigestUtils.sha256Hex(password)).equals(forAuthorizationHeader.getSignature())) {
                    sendError(channelHandlerContext, "Authorization deined: invalid signature.");
                } else {
                    this.log.info("STOMP authentication success: {}", setupSession.getLogin());
                    setupSession.setAuthentication(createSuccessfulAuthentication(setupSession, loadUserByUsername));
                }
            } catch (IllegalArgumentException e) {
                sendError(channelHandlerContext, "Authorization denied: " + e.getMessage());
            }
        } catch (DateTimeParseException e2) {
            sendError(channelHandlerContext, "Invalidate date header value. Must be HTTP Date header format.");
        }
    }

    private Authentication createSuccessfulAuthentication(SetupSession setupSession, UserDetails userDetails) {
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(userDetails, userDetails.getPassword(), userDetails.getAuthorities());
        usernamePasswordAuthenticationToken.eraseCredentials();
        usernamePasswordAuthenticationToken.setDetails(new StompAuthenticationDetails(setupSession.getSessionId()));
        return usernamePasswordAuthenticationToken;
    }

    private static MultiValueMap<String, String> headerMap(StompFrame stompFrame) {
        StompHeaders headers = stompFrame.headers();
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap(headers.size());
        Iterator iteratorAsString = headers.iteratorAsString();
        while (iteratorAsString.hasNext()) {
            Map.Entry entry = (Map.Entry) iteratorAsString.next();
            linkedMultiValueMap.add((String) entry.getKey(), StompUtils.decodeStompHeaderValue((String) entry.getValue()));
        }
        return linkedMultiValueMap;
    }

    private void executeInstruction(final ChannelHandlerContext channelHandlerContext, StompFrame stompFrame, final SetupSession setupSession, final MultiValueMap<String, String> multiValueMap, final String str, String str2) {
        byte[] bytes;
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        for (Map.Entry entry : multiValueMap.entrySet()) {
            String str3 = (String) entry.getKey();
            if (StompHeader.ContentType.getValue().equals(str3) || (!STOMP_HEADER_NAMES.contains(str3) && !SETUP_HEADER_NAMES.contains(str3))) {
                List list = (List) entry.getValue();
                if (!list.isEmpty()) {
                    linkedHashMap.put(str3, list.get(0));
                }
            }
        }
        linkedHashMap.put("service", str);
        if (stompFrame.content().isReadable() && (bytes = ByteBufUtil.getBytes(stompFrame.content())) != null && bytes.length > 0) {
            linkedHashMap.put("arg", new String(bytes, StompUtils.UTF8));
        }
        final Instruction createLocalInstruction = InstructionUtils.createLocalInstruction("SystemConfigure", linkedHashMap);
        this.executor.execute(new Runnable() { // from class: net.solarnetwork.node.setup.stomp.server.StompSetupServerHandler.2
            @Override // java.lang.Runnable
            public void run() {
                try {
                    try {
                        SecurityContextHolder.getContext().setAuthentication(setupSession.getAuthentication());
                        InstructionStatus executeInstruction = StompSetupServerHandler.this.serverService.getInstructionService().executeInstruction(createLocalInstruction);
                        String str4 = null;
                        Object obj = null;
                        int code = (executeInstruction == null || executeInstruction.getInstructionState() == null) ? SetupStatus.NotFound.getCode() : executeInstruction.getInstructionState() == InstructionStatus.InstructionState.Declined ? SetupStatus.Unprocessable.getCode() : executeInstruction.getInstructionState() != InstructionStatus.InstructionState.Completed ? SetupStatus.Accepted.getCode() : SetupStatus.Ok.getCode();
                        if (executeInstruction != null && executeInstruction.getResultParameters() != null) {
                            obj = executeInstruction.getResultParameters().get("result");
                            if (executeInstruction.getResultParameters().get("statusCode") instanceof Integer) {
                                code = ((Integer) executeInstruction.getResultParameters().get("statusCode")).intValue();
                            }
                            if (executeInstruction.getResultParameters().get("message") != null) {
                                str4 = executeInstruction.getResultParameters().get("message").toString();
                            }
                        }
                        StompSetupServerHandler.this.pubStatusMessage(channelHandlerContext, setupSession, str, multiValueMap, code, str4, obj);
                        SecurityContextHolder.getContext().setAuthentication((Authentication) null);
                    } catch (Exception e) {
                        Exception exc = e;
                        while (exc.getCause() != null) {
                            exc = exc.getCause();
                        }
                        String message = exc.getMessage();
                        if (message == null) {
                            message = exc.toString();
                        }
                        StompSetupServerHandler.this.pubStatusMessage(channelHandlerContext, setupSession, str, multiValueMap, SetupStatus.InternalError.getCode(), message, null);
                        SecurityContextHolder.getContext().setAuthentication((Authentication) null);
                    }
                } catch (Throwable th) {
                    SecurityContextHolder.getContext().setAuthentication((Authentication) null);
                    throw th;
                }
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void pubStatusMessage(ChannelHandlerContext channelHandlerContext, SetupSession setupSession, String str, MultiValueMap<String, String> multiValueMap, int i, String str2, Object obj) {
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap(multiValueMap.size() + 2);
        linkedMultiValueMap.putAll(multiValueMap);
        linkedMultiValueMap.set(SetupHeader.Status.getValue(), String.valueOf(i));
        if (str2 != null) {
            linkedMultiValueMap.set(StompHeaders.MESSAGE.toString(), str2);
        }
        pubMessage(channelHandlerContext, setupSession, str, linkedMultiValueMap, obj);
    }

    private void pubMessage(ChannelHandlerContext channelHandlerContext, SetupSession setupSession, String str, MultiValueMap<String, String> multiValueMap, Object obj) {
        Collection<String> subscriptionIdsForTopic = setupSession.subscriptionIdsForTopic(str, this.serverService.getPathMatcher());
        if (subscriptionIdsForTopic == null || subscriptionIdsForTopic.isEmpty()) {
            return;
        }
        byte[] bArr = null;
        if (obj != null) {
            try {
                bArr = this.objectMapper.writeValueAsBytes(obj);
            } catch (JsonProcessingException e) {
                sendError(channelHandlerContext, "Error encoding message body as JSON: " + e.toString());
                return;
            }
        }
        for (String str2 : subscriptionIdsForTopic) {
            DefaultStompFrame defaultStompFrame = new DefaultStompFrame(StompCommand.MESSAGE);
            if (multiValueMap != null) {
                for (Map.Entry entry : multiValueMap.entrySet()) {
                    List list = (List) entry.getValue();
                    if (list != null) {
                        Iterator it = list.iterator();
                        while (it.hasNext()) {
                            defaultStompFrame.headers().set(entry.getKey(), StompUtils.encodeStompHeaderValue((String) it.next()));
                        }
                    }
                }
            }
            defaultStompFrame.headers().set(StompHeaders.DESTINATION, str);
            defaultStompFrame.headers().set(StompHeaders.SUBSCRIPTION, StompUtils.encodeStompHeaderValue(str2));
            defaultStompFrame.headers().set(StompHeaders.MESSAGE_ID, String.valueOf(NumberUtils.getAndIncrementWithWrap(this.messageIds, 0)));
            if (bArr != null && bArr.length > 0) {
                defaultStompFrame.headers().set(StompHeaders.CONTENT_TYPE, StompUtils.JSON_UTF8_CONTENT_TYPE);
                defaultStompFrame.headers().set(StompHeaders.CONTENT_LENGTH, String.valueOf(bArr.length));
                defaultStompFrame.content().writeBytes(bArr);
            }
            channelHandlerContext.writeAndFlush(defaultStompFrame);
        }
    }

    private void sendError(final ChannelHandlerContext channelHandlerContext, String str) {
        DefaultStompFrame defaultStompFrame = new DefaultStompFrame(StompCommand.ERROR);
        defaultStompFrame.headers().set(StompHeaders.MESSAGE, StompUtils.encodeStompHeaderValue(str));
        channelHandlerContext.writeAndFlush(defaultStompFrame).addListener(new GenericFutureListener<Future<Void>>() { // from class: net.solarnetwork.node.setup.stomp.server.StompSetupServerHandler.3
            public void operationComplete(Future<Void> future) throws Exception {
                channelHandlerContext.close();
            }
        });
    }

    public void exceptionCaught(ChannelHandlerContext channelHandlerContext, Throwable th) {
        th.printStackTrace();
        channelHandlerContext.close();
    }

    public int getMaxAuthDateSkewSeconds() {
        return this.maxAuthDateSkewSeconds;
    }

    public void setMaxAuthDateSkewSeconds(int i) {
        this.maxAuthDateSkewSeconds = i;
    }
}
