package org.apache.camel.component.milo.server;

import java.io.Closeable;
import java.io.File;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.security.KeyPair;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import org.apache.camel.Endpoint;
import org.apache.camel.RuntimeCamelException;
import org.apache.camel.component.milo.KeyStoreLoader;
import org.apache.camel.component.milo.server.internal.CamelNamespace;
import org.apache.camel.spi.Metadata;
import org.apache.camel.spi.annotations.Component;
import org.apache.camel.support.DefaultComponent;
import org.eclipse.milo.opcua.sdk.server.OpcUaServer;
import org.eclipse.milo.opcua.sdk.server.api.config.OpcUaServerConfig;
import org.eclipse.milo.opcua.sdk.server.api.config.OpcUaServerConfigBuilder;
import org.eclipse.milo.opcua.sdk.server.identity.AnonymousIdentityValidator;
import org.eclipse.milo.opcua.sdk.server.identity.UsernameIdentityValidator;
import org.eclipse.milo.opcua.sdk.server.util.HostnameUtil;
import org.eclipse.milo.opcua.stack.core.UaException;
import org.eclipse.milo.opcua.stack.core.security.CertificateManager;
import org.eclipse.milo.opcua.stack.core.security.CertificateValidator;
import org.eclipse.milo.opcua.stack.core.security.DefaultCertificateManager;
import org.eclipse.milo.opcua.stack.core.security.DefaultCertificateValidator;
import org.eclipse.milo.opcua.stack.core.security.DefaultTrustListManager;
import org.eclipse.milo.opcua.stack.core.security.SecurityPolicy;
import org.eclipse.milo.opcua.stack.core.transport.TransportProfile;
import org.eclipse.milo.opcua.stack.core.types.builtin.LocalizedText;
import org.eclipse.milo.opcua.stack.core.types.enumerated.MessageSecurityMode;
import org.eclipse.milo.opcua.stack.core.types.enumerated.UserTokenType;
import org.eclipse.milo.opcua.stack.core.types.structured.BuildInfo;
import org.eclipse.milo.opcua.stack.core.types.structured.UserTokenPolicy;
import org.eclipse.milo.opcua.stack.server.EndpointConfiguration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component("milo-server")
/* loaded from: input_file:org/apache/camel/component/milo/server/MiloServerComponent.class */
public class MiloServerComponent extends DefaultComponent {
    public static final String DEFAULT_NAMESPACE_URI = "urn:org:apache:camel";
    private static final Logger LOG = LoggerFactory.getLogger(MiloServerComponent.class);
    private static final String URL_CHARSET = "UTF-8";
    private final List<Runnable> runOnStop;
    private OpcUaServerConfigBuilder opcServerConfig;
    private OpcUaServer server;
    private CamelNamespace namespace;

    @Metadata
    private int port;

    @Metadata
    private List<String> bindAddresses;

    @Metadata(defaultValue = DEFAULT_NAMESPACE_URI)
    private String namespaceUri;

    @Metadata
    private String productUri;

    @Metadata
    private String applicationUri;

    @Metadata
    private String applicationName;

    @Metadata
    private String path;

    @Metadata
    private BuildInfo buildInfo;

    @Metadata(label = "security")
    private Boolean enableAnonymousAuthentication;

    @Metadata(label = "security")
    private CertificateManager certificateManager;

    @Metadata(label = "security")
    private String securityPoliciesById;

    @Metadata(label = "security")
    private Set<SecurityPolicy> securityPolicies;

    @Metadata(label = "security", secret = true)
    private String userAuthenticationCredentials;

    @Metadata(label = "security")
    private String usernameSecurityPolicyUri;

    @Metadata(label = "security")
    private String defaultCertificateValidator;

    @Metadata(label = "security")
    private CertificateValidator certificateValidator;

    @Metadata(label = "security")
    private X509Certificate certificate;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/camel/component/milo/server/MiloServerComponent$DenyAllCertificateValidator.class */
    public static final class DenyAllCertificateValidator implements CertificateValidator {
        public static final CertificateValidator INSTANCE = new DenyAllCertificateValidator();

        private DenyAllCertificateValidator() {
        }

        public void validate(X509Certificate x509Certificate) throws UaException {
            throw new UaException(2149056512L);
        }

        public void verifyTrustChain(List<X509Certificate> list) throws UaException {
            throw new UaException(2149056512L);
        }
    }

    public MiloServerComponent() {
        this.runOnStop = new LinkedList();
        this.namespaceUri = DEFAULT_NAMESPACE_URI;
        this.usernameSecurityPolicyUri = OpcUaServerConfig.USER_TOKEN_POLICY_USERNAME.getSecurityPolicyUri();
        this.opcServerConfig = null;
    }

    public MiloServerComponent(OpcUaServerConfig opcUaServerConfig) {
        this.runOnStop = new LinkedList();
        this.namespaceUri = DEFAULT_NAMESPACE_URI;
        this.usernameSecurityPolicyUri = OpcUaServerConfig.USER_TOKEN_POLICY_USERNAME.getSecurityPolicyUri();
        this.opcServerConfig = OpcUaServerConfig.copy(opcUaServerConfig);
    }

    public CamelNamespace getNamespace() {
        return this.namespace;
    }

    protected void doStart() throws Exception {
        this.server = new OpcUaServer(buildServerConfig());
        this.namespace = new CamelNamespace(this.namespaceUri, this.server);
        this.namespace.startup();
        super.doStart();
        this.server.startup();
    }

    private OpcUaServerConfig buildServerConfig() {
        OpcUaServerConfigBuilder createDefaultConfiguration = this.opcServerConfig != null ? this.opcServerConfig : createDefaultConfiguration();
        this.securityPolicies = createSecurityPolicies();
        Map createUserMap = createUserMap();
        if (createUserMap.isEmpty() && this.enableAnonymousAuthentication == null) {
            createDefaultConfiguration.setEndpoints(createEndpointConfigurations(null, this.securityPolicies));
        } else {
            boolean equals = Boolean.TRUE.equals(this.enableAnonymousAuthentication);
            createDefaultConfiguration.setIdentityValidator(new UsernameIdentityValidator(equals, authenticationChallenge -> {
                String str = (String) createUserMap.get(authenticationChallenge.getUsername());
                if (str == null) {
                    return false;
                }
                return str.equals(authenticationChallenge.getPassword());
            }));
            LinkedList linkedList = new LinkedList();
            if (equals) {
                linkedList.add(OpcUaServerConfig.USER_TOKEN_POLICY_ANONYMOUS);
            }
            if (!createUserMap.isEmpty()) {
                linkedList.add(getUsernamePolicy());
            }
            createDefaultConfiguration.setEndpoints(createEndpointConfigurations(linkedList));
        }
        if (this.certificateValidator != null) {
            LOG.debug("Using validator: {}", this.certificateValidator);
            if (this.certificateValidator instanceof Closeable) {
                runOnStop(() -> {
                    try {
                        LOG.debug("Closing: {}", this.certificateValidator);
                        this.certificateValidator.close();
                    } catch (IOException e) {
                        LOG.debug("Failed to close. This exception is ignored.", e);
                    }
                });
            }
            createDefaultConfiguration.setCertificateValidator(this.certificateValidator);
        }
        return createDefaultConfiguration.build();
    }

    private OpcUaServerConfigBuilder createDefaultConfiguration() {
        OpcUaServerConfigBuilder builder = OpcUaServerConfig.builder();
        builder.setCertificateManager(new DefaultCertificateManager());
        builder.setCertificateValidator(DenyAllCertificateValidator.INSTANCE);
        builder.setEndpoints(createEndpointConfigurations(null));
        builder.setApplicationName(LocalizedText.english(this.applicationName == null ? "Apache Camel Milo Server" : this.applicationName));
        builder.setApplicationUri("urn:org:apache:camel:milo:server");
        builder.setProductUri("urn:org:apache:camel:milo");
        builder.setCertificateManager(this.certificateManager);
        if (this.productUri != null) {
            builder.setProductUri(this.productUri);
        }
        if (this.applicationUri != null) {
            builder.setApplicationUri(this.applicationUri);
        }
        if (this.buildInfo != null) {
            builder.setBuildInfo(this.buildInfo);
        }
        if (Boolean.getBoolean("org.apache.camel.milo.server.default.enableAnonymous")) {
            builder.setIdentityValidator(AnonymousIdentityValidator.INSTANCE);
        }
        return builder;
    }

    private Set<EndpointConfiguration> createEndpointConfigurations(List<UserTokenPolicy> list) {
        return createEndpointConfigurations(list, this.securityPolicies);
    }

    private Set<EndpointConfiguration> createEndpointConfigurations(List<UserTokenPolicy> list, Set<SecurityPolicy> set) {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        if (this.bindAddresses == null) {
            return Collections.emptySet();
        }
        for (String str : this.bindAddresses) {
            LinkedHashSet linkedHashSet2 = new LinkedHashSet();
            linkedHashSet2.add(HostnameUtil.getHostname());
            linkedHashSet2.addAll(HostnameUtil.getHostnames(str));
            UserTokenPolicy[] userTokenPolicyArr = list != null ? (UserTokenPolicy[]) list.toArray(new UserTokenPolicy[list.size()]) : (this.enableAnonymousAuthentication != null && this.enableAnonymousAuthentication.booleanValue()) || Boolean.getBoolean("org.apache.camel.milo.server.default.enableAnonymous") ? new UserTokenPolicy[]{OpcUaServerConfig.USER_TOKEN_POLICY_ANONYMOUS, OpcUaServerConfig.USER_TOKEN_POLICY_USERNAME, OpcUaServerConfig.USER_TOKEN_POLICY_X509} : new UserTokenPolicy[]{OpcUaServerConfig.USER_TOKEN_POLICY_USERNAME, OpcUaServerConfig.USER_TOKEN_POLICY_X509};
            Iterator it = linkedHashSet2.iterator();
            while (it.hasNext()) {
                EndpointConfiguration.Builder addTokenPolicies = EndpointConfiguration.newBuilder().setBindAddress(str).setHostname((String) it.next()).setCertificate(this.certificate).setPath(this.path == null ? "" : this.path).addTokenPolicies(userTokenPolicyArr);
                if (set == null || set.contains(SecurityPolicy.None)) {
                    EndpointConfiguration.Builder securityMode = addTokenPolicies.copy().setSecurityPolicy(SecurityPolicy.None).setSecurityMode(MessageSecurityMode.None);
                    linkedHashSet.add(buildTcpEndpoint(securityMode));
                    linkedHashSet.add(buildHttpsEndpoint(securityMode));
                } else if (set.contains(SecurityPolicy.Basic256Sha256)) {
                    linkedHashSet.add(buildTcpEndpoint(addTokenPolicies.copy().setSecurityPolicy(SecurityPolicy.Basic256Sha256).setSecurityMode(MessageSecurityMode.SignAndEncrypt)));
                } else if (set.contains(SecurityPolicy.Basic256Sha256)) {
                    linkedHashSet.add(buildHttpsEndpoint(addTokenPolicies.copy().setSecurityPolicy(SecurityPolicy.Basic256Sha256).setSecurityMode(MessageSecurityMode.Sign)));
                }
                EndpointConfiguration.Builder securityMode2 = addTokenPolicies.copy().setPath("/discovery").setSecurityPolicy(SecurityPolicy.None).setSecurityMode(MessageSecurityMode.None);
                linkedHashSet.add(buildTcpEndpoint(securityMode2));
                linkedHashSet.add(buildHttpsEndpoint(securityMode2));
            }
        }
        return linkedHashSet;
    }

    private EndpointConfiguration buildTcpEndpoint(EndpointConfiguration.Builder builder) {
        return builder.copy().setTransportProfile(TransportProfile.TCP_UASC_UABINARY).setBindPort(this.port).build();
    }

    private EndpointConfiguration buildHttpsEndpoint(EndpointConfiguration.Builder builder) {
        return builder.copy().setTransportProfile(TransportProfile.HTTPS_UABINARY).setBindPort(this.port).build();
    }

    private UserTokenPolicy getUsernamePolicy() {
        return (this.usernameSecurityPolicyUri == null || this.usernameSecurityPolicyUri.isEmpty()) ? OpcUaServerConfig.USER_TOKEN_POLICY_USERNAME : new UserTokenPolicy("username", UserTokenType.UserName, (String) null, (String) null, this.usernameSecurityPolicyUri);
    }

    private void runOnStop(Runnable runnable) {
        this.runOnStop.add(runnable);
    }

    private Map createUserMap() {
        HashMap hashMap = null;
        if (this.userAuthenticationCredentials != null) {
            hashMap = new HashMap();
            for (String str : this.userAuthenticationCredentials.split(",")) {
                String[] split = str.split(":", 2);
                if (split.length == 2) {
                    try {
                        hashMap.put(URLDecoder.decode(split[0], URL_CHARSET), URLDecoder.decode(split[1], URL_CHARSET));
                    } catch (UnsupportedEncodingException e) {
                        LOG.warn("Failed to decode user map entry", e);
                    }
                }
            }
        }
        return hashMap != null ? hashMap : Collections.emptyMap();
    }

    protected void doStop() throws Exception {
        if (this.server != null) {
            this.server.shutdown();
        }
        super.doStop();
        this.runOnStop.forEach(runnable -> {
            try {
                runnable.run();
            } catch (Exception e) {
                LOG.warn("Failed to run on stop", e);
            }
        });
        this.runOnStop.clear();
    }

    protected Endpoint createEndpoint(String str, String str2, Map<String, Object> map) throws Exception {
        MiloServerEndpoint miloServerEndpoint = new MiloServerEndpoint(str, str2, this);
        setProperties(miloServerEndpoint, map);
        return miloServerEndpoint;
    }

    public void loadServerCertificate(KeyStoreLoader.Result result) {
        Objects.requireNonNull(result, "Setting a null is not supported. call setCertificateManager(null) instead.)");
        loadServerCertificate(result.getKeyPair(), result.getCertificate());
    }

    public void loadServerCertificate(KeyPair keyPair, X509Certificate x509Certificate) {
        this.certificate = x509Certificate;
        setCertificateManager(new DefaultCertificateManager(keyPair, x509Certificate));
    }

    public void setCertificate(X509Certificate x509Certificate) {
        this.certificate = x509Certificate;
    }

    private Set<SecurityPolicy> createSecurityPolicies() {
        if (this.securityPoliciesById != null) {
            String[] split = this.securityPoliciesById.split(",");
            EnumSet noneOf = EnumSet.noneOf(SecurityPolicy.class);
            for (String str : split) {
                noneOf.add((SecurityPolicy) SecurityPolicy.fromUriSafe(str).orElseGet(() -> {
                    return SecurityPolicy.valueOf(str);
                }));
            }
            if (this.securityPolicies == null) {
                this.securityPolicies = new HashSet();
            }
            this.securityPolicies.addAll(noneOf);
        }
        return this.securityPolicies;
    }

    public void setNamespaceUri(String str) {
        this.namespaceUri = str;
    }

    public void setApplicationName(String str) {
        Objects.requireNonNull(str);
        this.applicationName = str;
    }

    public void setPath(String str) {
        Objects.requireNonNull(str);
        this.path = str;
    }

    public void setApplicationUri(String str) {
        Objects.requireNonNull(str);
        this.applicationUri = str;
    }

    public void setProductUri(String str) {
        Objects.requireNonNull(str);
        this.productUri = str;
    }

    public void setPort(int i) {
        this.port = i;
    }

    public void setSecurityPolicies(Set<SecurityPolicy> set) {
        if (set == null || set.isEmpty()) {
            this.securityPolicies = EnumSet.noneOf(SecurityPolicy.class);
        } else {
            this.securityPolicies = EnumSet.copyOf((Collection) set);
        }
        this.securityPoliciesById = null;
    }

    public void setSecurityPoliciesById(String str) {
        this.securityPoliciesById = str;
    }

    public String getSecurityPoliciesById() {
        return this.securityPoliciesById;
    }

    public void setUserAuthenticationCredentials(String str) {
        this.userAuthenticationCredentials = str;
    }

    public String getUserAuthenticationCredentials() {
        return this.userAuthenticationCredentials;
    }

    public void setEnableAnonymousAuthentication(boolean z) {
        this.enableAnonymousAuthentication = Boolean.valueOf(z);
    }

    public void setUsernameSecurityPolicyUri(SecurityPolicy securityPolicy) {
        this.usernameSecurityPolicyUri = securityPolicy.getUri();
    }

    public void setUsernameSecurityPolicyUri(String str) {
        this.usernameSecurityPolicyUri = str;
    }

    public void setBindAddresses(String str) {
        if (str != null) {
            this.bindAddresses = Arrays.asList(str.split(","));
        } else {
            this.bindAddresses = null;
        }
    }

    public void setBuildInfo(BuildInfo buildInfo) {
        this.buildInfo = buildInfo;
    }

    public void setCertificateManager(CertificateManager certificateManager) {
        this.certificateManager = certificateManager != null ? certificateManager : new DefaultCertificateManager();
    }

    public void setCertificateValidator(CertificateValidator certificateValidator) {
        this.certificateValidator = certificateValidator;
    }

    public void setDefaultCertificateValidator(String str) {
        this.defaultCertificateValidator = str;
        try {
            this.certificateValidator = new DefaultCertificateValidator(new DefaultTrustListManager(new File(str)));
        } catch (IOException e) {
            throw new RuntimeCamelException(e);
        }
    }

    public String getDefaultCertificateValidator() {
        return this.defaultCertificateValidator;
    }

    public int getPort() {
        return this.port;
    }

    public String getNamespaceUri() {
        return this.namespaceUri;
    }

    public OpcUaServer getServer() {
        return this.server;
    }

    public Boolean isEnableAnonymousAuthentication() {
        return this.enableAnonymousAuthentication;
    }

    public CertificateManager getCertificateManager() {
        return this.certificateManager;
    }

    public Set<SecurityPolicy> getSecurityPolicies() {
        return this.securityPolicies;
    }

    public String getUsernameSecurityPolicyUri() {
        return this.usernameSecurityPolicyUri;
    }

    public List<String> getBindAddresses() {
        return this.bindAddresses;
    }

    public CertificateValidator getCertificateValidator() {
        return this.certificateValidator;
    }

    public X509Certificate getCertificate() {
        return this.certificate;
    }

    public String getProductUri() {
        return this.productUri;
    }

    public String getApplicationUri() {
        return this.applicationUri;
    }

    public String getApplicationName() {
        return this.applicationName;
    }

    public String getPath() {
        return this.path;
    }

    public BuildInfo getBuildInfo() {
        return this.buildInfo;
    }
}
