package org.apache.plc4x.java.opcuaserver;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.dataformat.yaml.YAMLFactory;
import java.io.Console;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.net.InetAddress;
import java.nio.file.FileSystems;
import java.nio.file.Path;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.LinkedHashSet;
import java.util.Set;
import java.util.concurrent.CompletableFuture;
import java.util.stream.Stream;
import org.apache.commons.cli.CommandLine;
import org.apache.commons.cli.DefaultParser;
import org.apache.commons.cli.HelpFormatter;
import org.apache.commons.cli.Option;
import org.apache.commons.cli.Options;
import org.apache.commons.cli.ParseException;
import org.apache.plc4x.java.opcuaserver.backend.Plc4xNamespace;
import org.apache.plc4x.java.opcuaserver.configuration.Configuration;
import org.apache.plc4x.java.opcuaserver.configuration.PasswordConfiguration;
import org.apache.plc4x.java.opcuaserver.context.CertificateGenerator;
import org.apache.plc4x.java.opcuaserver.context.CertificateKeyPair;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.eclipse.milo.opcua.sdk.server.OpcUaServer;
import org.eclipse.milo.opcua.sdk.server.api.config.OpcUaServerConfig;
import org.eclipse.milo.opcua.sdk.server.identity.CompositeValidator;
import org.eclipse.milo.opcua.sdk.server.identity.UsernameIdentityValidator;
import org.eclipse.milo.opcua.sdk.server.identity.X509IdentityValidator;
import org.eclipse.milo.opcua.stack.core.StatusCodes;
import org.eclipse.milo.opcua.stack.core.UaRuntimeException;
import org.eclipse.milo.opcua.stack.core.security.CertificateManager;
import org.eclipse.milo.opcua.stack.core.security.DefaultCertificateManager;
import org.eclipse.milo.opcua.stack.core.security.DefaultTrustListManager;
import org.eclipse.milo.opcua.stack.core.security.SecurityPolicy;
import org.eclipse.milo.opcua.stack.core.security.TrustListManager;
import org.eclipse.milo.opcua.stack.core.transport.TransportProfile;
import org.eclipse.milo.opcua.stack.core.types.builtin.DateTime;
import org.eclipse.milo.opcua.stack.core.types.builtin.LocalizedText;
import org.eclipse.milo.opcua.stack.core.types.enumerated.MessageSecurityMode;
import org.eclipse.milo.opcua.stack.core.types.structured.BuildInfo;
import org.eclipse.milo.opcua.stack.core.util.CertificateUtil;
import org.eclipse.milo.opcua.stack.server.EndpointConfiguration;
import org.eclipse.milo.opcua.stack.server.security.DefaultServerCertificateValidator;
import org.eclipse.milo.opcua.stack.server.security.ServerCertificateValidator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/plc4x/java/opcuaserver/OPCUAServer.class */
public class OPCUAServer {
    private Configuration config;
    private PasswordConfiguration passwordConfig;
    private final OpcUaServer server;
    private final Plc4xNamespace plc4xNamespace;
    private final Logger logger = LoggerFactory.getLogger(getClass());
    private CommandLine cmd = null;
    private final String certificateFileName = "plc4x-opcuaserver.pfx";

    static {
        Security.addProvider(new BouncyCastleProvider());
    }

    protected String[] setPasswords() {
        Console console = System.console();
        System.out.println("Please enter password for certificate:- ");
        System.out.println("Please enter a username for the OPC UA server admin account:- ");
        System.out.println("Please enter a password for the OPC UA server admin account:- ");
        return new String[]{String.valueOf(console.readPassword()), String.valueOf(console.readLine()), String.valueOf(console.readPassword())};
    }

    private void setPasswordWrapper() {
        String[] passwords = this.cmd.hasOption("test") ? new String[]{"password", "admin", "password"} : setPasswords();
        try {
            this.passwordConfig.setSecurityPassword(passwords[0]);
            this.passwordConfig.createUser(passwords[1], passwords[2], "admin-group");
        } catch (IOException e) {
            this.logger.error("Unable to save config file, please check folder permissions. " + e);
            System.exit(1);
        }
    }

    private void readPasswordConfig() {
        ObjectMapper objectMapper = new ObjectMapper(new YAMLFactory());
        objectMapper.findAndRegisterModules();
        try {
            Path resolve = FileSystems.getDefault().getPath(this.config.getDir(), new String[0]).resolve("security/.jibberish");
            File file = resolve.toFile();
            if (file.isFile() && !this.cmd.hasOption("set-passwords")) {
                this.passwordConfig = (PasswordConfiguration) objectMapper.readValue(file, PasswordConfiguration.class);
                this.passwordConfig.setPasswordConfigFile(resolve);
            } else if (file.isFile() && this.cmd.hasOption("set-passwords")) {
                this.passwordConfig = (PasswordConfiguration) objectMapper.readValue(file, PasswordConfiguration.class);
                this.passwordConfig.setPasswordConfigFile(resolve);
                setPasswordWrapper();
            } else if (this.cmd.hasOption("interactive") || this.cmd.hasOption("set-passwords")) {
                file.getParentFile().mkdirs();
                this.passwordConfig = new PasswordConfiguration();
                this.passwordConfig.setVersion("0.8");
                this.passwordConfig.setPasswordConfigFile(resolve);
                setPasswordWrapper();
            } else {
                this.logger.info("Please re-run with the -i switch to setup the config file");
                System.exit(1);
            }
        } catch (IOException e) {
            this.logger.info("Error parsing password file " + e);
        }
    }

    private void readCommandLineArgs(String[] strArr) {
        Options options = new Options();
        Option option = new Option("c", "configfile", true, "configuration file");
        option.setRequired(true);
        options.addOption(option);
        Option option2 = new Option("s", "set-passwords", false, "Reset passwords");
        option2.setRequired(false);
        options.addOption(option2);
        Option option3 = new Option("i", "interactive", false, "Interactively get asked to setup the config file from the console");
        option3.setRequired(false);
        options.addOption(option3);
        Option option4 = new Option("t", "test", false, "Used for testing the OPC UA Server");
        option4.setRequired(false);
        options.addOption(option4);
        DefaultParser defaultParser = new DefaultParser();
        HelpFormatter helpFormatter = new HelpFormatter();
        this.cmd = null;
        try {
            this.cmd = defaultParser.parse(options, strArr);
        } catch (ParseException e) {
            this.logger.info(e.getMessage());
            helpFormatter.printHelp("Plc4x OPC UA Server", options);
            System.exit(1);
        }
        String optionValue = this.cmd.getOptionValue("configfile");
        this.logger.info("Reading configuration file: {}", optionValue);
        ObjectMapper objectMapper = new ObjectMapper(new YAMLFactory());
        objectMapper.findAndRegisterModules();
        try {
            this.config = (Configuration) objectMapper.readValue(new File(optionValue), Configuration.class);
            this.config.setConfigFile(optionValue);
            if (this.config.getDir() == null) {
                throw new IOException("Please set the dir in the config file");
            }
            readPasswordConfig();
        } catch (IOException e2) {
            this.logger.info("Error parsing config file " + e2);
            System.exit(1);
        }
    }

    public static void main(String[] strArr) throws Exception {
        new OPCUAServer(strArr).getServer().startup().get();
        new CompletableFuture().get();
    }

    public OPCUAServer(String[] strArr) throws Exception {
        CertificateKeyPair certificateKeyPair;
        readCommandLineArgs(strArr);
        File file = new File(this.config.getDir(), "security");
        if (!file.exists() && !file.mkdirs()) {
            this.logger.error("Unable to create directory please confirm folder permissions on " + file);
            System.exit(1);
        }
        this.logger.info("Security Directory is: {}", file.getAbsolutePath());
        File file2 = FileSystems.getDefault().getPath(this.config.getDir(), new String[0]).resolve("pki").toFile();
        DefaultTrustListManager defaultTrustListManager = new DefaultTrustListManager(file2);
        this.logger.info("Certificate directory is: {}, Please move certificates from the reject dir to the trusted directory to allow encrypted access", file2.getAbsolutePath());
        DefaultServerCertificateValidator defaultServerCertificateValidator = new DefaultServerCertificateValidator(defaultTrustListManager);
        UsernameIdentityValidator usernameIdentityValidator = new UsernameIdentityValidator(true, authenticationChallenge -> {
            boolean checkPassword = this.passwordConfig.checkPassword(authenticationChallenge.getUsername(), authenticationChallenge.getPassword());
            if (!checkPassword) {
                this.logger.info("Invalid password for user:- " + authenticationChallenge.getUsername());
            }
            return checkPassword;
        });
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        File file3 = file.toPath().resolve("plc4x-opcuaserver.pfx").toFile();
        X509IdentityValidator x509IdentityValidator = new X509IdentityValidator(x509Certificate -> {
            return true;
        });
        if (file3.exists()) {
            this.logger.info("Loading KeyStore at {}", file3);
            keyStore.load(new FileInputStream(file3), this.passwordConfig.getSecurityPassword().toCharArray());
            String nextElement = keyStore.aliases().nextElement();
            certificateKeyPair = new CertificateKeyPair(new KeyPair(keyStore.getCertificate(nextElement).getPublicKey(), (PrivateKey) keyStore.getKey(nextElement, this.passwordConfig.getSecurityPassword().toCharArray())), (X509Certificate) keyStore.getCertificate(nextElement));
        } else {
            if (!this.cmd.hasOption("interactive")) {
                this.logger.info("Please re-run with the -i switch to setup the security certificate key store");
                System.exit(1);
            }
            certificateKeyPair = CertificateGenerator.generateCertificate();
            this.logger.info("Creating new KeyStore at {}", file3);
            keyStore.load(null, this.passwordConfig.getSecurityPassword().toCharArray());
            keyStore.setKeyEntry("plc4x-certificate-alias", certificateKeyPair.getKeyPair().getPrivate(), this.passwordConfig.getSecurityPassword().toCharArray(), new X509Certificate[]{certificateKeyPair.getCertificate()});
            keyStore.store(new FileOutputStream(file3), this.passwordConfig.getSecurityPassword().toCharArray());
        }
        String orElseThrow = CertificateUtil.getSanUri(certificateKeyPair.getCertificate()).orElseThrow(() -> {
            return new UaRuntimeException(StatusCodes.Bad_ConfigurationError, "certificate is missing the application URI");
        });
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        EndpointConfiguration.Builder addTokenPolicies = EndpointConfiguration.newBuilder().setBindAddress("0.0.0.0").setHostname(InetAddress.getLocalHost().getHostName()).setPath("/plc4x").setCertificate(certificateKeyPair.getCertificate()).setBindPort(this.config.getTcpPort().intValue()).setSecurityMode(MessageSecurityMode.None).addTokenPolicies(OpcUaServerConfig.USER_TOKEN_POLICY_ANONYMOUS, OpcUaServerConfig.USER_TOKEN_POLICY_USERNAME, OpcUaServerConfig.USER_TOKEN_POLICY_X509);
        linkedHashSet.add(addTokenPolicies.copy().setSecurityPolicy(SecurityPolicy.Basic256Sha256).setSecurityMode(MessageSecurityMode.SignAndEncrypt).build());
        linkedHashSet.add(addTokenPolicies.copy().setHostname("127.0.0.1").setSecurityPolicy(SecurityPolicy.Basic256Sha256).setSecurityMode(MessageSecurityMode.SignAndEncrypt).build());
        linkedHashSet.add(addTokenPolicies.copy().setPath("/discovery").setSecurityPolicy(SecurityPolicy.None).setSecurityMode(MessageSecurityMode.None).build());
        linkedHashSet.add(addTokenPolicies.copy().setPath("/discovery").setHostname("127.0.0.1").setSecurityPolicy(SecurityPolicy.None).setSecurityMode(MessageSecurityMode.None).build());
        linkedHashSet.add(addTokenPolicies.copy().setPath("/plc4x/discovery").setHostname("127.0.0.1").setSecurityPolicy(SecurityPolicy.None).setSecurityMode(MessageSecurityMode.None).build());
        if (!this.config.getDisableInsecureEndpoint()) {
            linkedHashSet.add(addTokenPolicies.copy().setSecurityPolicy(SecurityPolicy.None).setTransportProfile(TransportProfile.TCP_UASC_UABINARY).build());
        }
        linkedHashSet.add(addTokenPolicies.copy().setSecurityPolicy(SecurityPolicy.None).setHostname("127.0.0.1").setTransportProfile(TransportProfile.TCP_UASC_UABINARY).setSecurityMode(MessageSecurityMode.None).build());
        KeyPair keyPair = certificateKeyPair.getKeyPair();
        Stream stream = Arrays.stream(keyStore.getCertificateChain(keyStore.getCertificateAlias(certificateKeyPair.getCertificate())));
        Class<X509Certificate> cls = X509Certificate.class;
        X509Certificate.class.getClass();
        this.server = new OpcUaServer(OpcUaServerConfig.builder().setApplicationUri(orElseThrow).setApplicationName(LocalizedText.english(orElseThrow)).setEndpoints((Set<EndpointConfiguration>) linkedHashSet).setBuildInfo(new BuildInfo(Plc4xNamespace.APPLICATIONID, "org.apache.plc4x", this.config.getName(), OpcUaServer.SDK_VERSION, "", DateTime.now())).setCertificateManager((CertificateManager) new DefaultCertificateManager(keyPair, (X509Certificate[]) stream.map((v1) -> {
            return r4.cast(v1);
        }).toArray(i -> {
            return new X509Certificate[i];
        }))).setTrustListManager((TrustListManager) defaultTrustListManager).setCertificateValidator((ServerCertificateValidator) defaultServerCertificateValidator).setIdentityValidator(new CompositeValidator(usernameIdentityValidator, x509IdentityValidator)).setProductUri(Plc4xNamespace.APPLICATIONID).build());
        this.plc4xNamespace = new Plc4xNamespace(this.server, this.config);
        this.plc4xNamespace.startup();
    }

    public OpcUaServer getServer() {
        return this.server;
    }

    public CompletableFuture<OpcUaServer> startup() {
        return this.server.startup();
    }

    public CompletableFuture<OpcUaServer> shutdown() {
        this.plc4xNamespace.shutdown();
        return this.server.shutdown();
    }
}
