package org.ar4k.agent.opcua.server;

import com.google.common.collect.Lists;
import java.io.File;
import java.security.KeyPair;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.Set;
import java.util.concurrent.CompletableFuture;
import org.ar4k.agent.core.interfaces.EdgeComponent;
import org.ar4k.agent.logger.EdgeLogger;
import org.ar4k.agent.logger.EdgeStaticLoggerBinder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.eclipse.milo.opcua.sdk.server.OpcUaServer;
import org.eclipse.milo.opcua.sdk.server.identity.CompositeValidator;
import org.eclipse.milo.opcua.sdk.server.identity.IdentityValidator;
import org.eclipse.milo.opcua.sdk.server.identity.UsernameIdentityValidator;
import org.eclipse.milo.opcua.sdk.server.identity.X509IdentityValidator;
import org.eclipse.milo.opcua.sdk.server.util.HostnameUtil;
import org.eclipse.milo.opcua.stack.core.UaRuntimeException;
import org.eclipse.milo.opcua.stack.core.security.DefaultCertificateManager;
import org.eclipse.milo.opcua.stack.core.security.DefaultTrustListManager;
import org.eclipse.milo.opcua.stack.core.security.SecurityPolicy;
import org.eclipse.milo.opcua.stack.core.transport.TransportProfile;
import org.eclipse.milo.opcua.stack.core.types.builtin.DateTime;
import org.eclipse.milo.opcua.stack.core.types.builtin.LocalizedText;
import org.eclipse.milo.opcua.stack.core.types.enumerated.MessageSecurityMode;
import org.eclipse.milo.opcua.stack.core.types.structured.BuildInfo;
import org.eclipse.milo.opcua.stack.core.types.structured.UserTokenPolicy;
import org.eclipse.milo.opcua.stack.core.util.CertificateUtil;
import org.eclipse.milo.opcua.stack.core.util.SelfSignedCertificateGenerator;
import org.eclipse.milo.opcua.stack.core.util.SelfSignedHttpsCertificateBuilder;
import org.eclipse.milo.opcua.stack.server.EndpointConfiguration;
import org.eclipse.milo.opcua.stack.server.security.DefaultServerCertificateValidator;

/* loaded from: input_file:org/ar4k/agent/opcua/server/Ar4kOpcUaServer.class */
public class Ar4kOpcUaServer {
    private static final EdgeLogger logger = EdgeStaticLoggerBinder.getClassLogger(Ar4kOpcUaServer.class);
    private final OpcUaServer server;
    private final OpcUaNamespace nameSpaceOpc;
    private final OpcUaServerConfig configuration;

    public Ar4kOpcUaServer(OpcUaServerConfig opcUaServerConfig) throws Exception {
        this.configuration = opcUaServerConfig;
        File file = new File(System.getProperty("java.io.tmpdir"), "security");
        if (!file.exists() && !file.mkdirs()) {
            throw new Exception("unable to create security temp dir: " + file);
        }
        logger.debug("security temp dir: {}", file.getAbsolutePath());
        KeyStoreLoader load = new KeyStoreLoader().load(file);
        DefaultCertificateManager defaultCertificateManager = new DefaultCertificateManager(load.getServerKeyPair(), load.getServerCertificateChain());
        File file2 = file.toPath().resolve("pki").toFile();
        DefaultTrustListManager defaultTrustListManager = new DefaultTrustListManager(file2);
        logger.debug("pki dir: {}", file2.getAbsolutePath());
        DefaultServerCertificateValidator defaultServerCertificateValidator = new DefaultServerCertificateValidator(defaultTrustListManager);
        KeyPair generateRsaKeyPair = SelfSignedCertificateGenerator.generateRsaKeyPair(2048);
        SelfSignedHttpsCertificateBuilder selfSignedHttpsCertificateBuilder = new SelfSignedHttpsCertificateBuilder(generateRsaKeyPair);
        selfSignedHttpsCertificateBuilder.setCommonName(HostnameUtil.getHostname());
        Set hostnames = HostnameUtil.getHostnames(opcUaServerConfig.bindAddress);
        selfSignedHttpsCertificateBuilder.getClass();
        hostnames.forEach(selfSignedHttpsCertificateBuilder::addDnsName);
        X509Certificate build = selfSignedHttpsCertificateBuilder.build();
        IdentityValidator usernameIdentityValidator = new UsernameIdentityValidator(true, authenticationChallenge -> {
            String username = authenticationChallenge.getUsername();
            String password = authenticationChallenge.getPassword();
            return ("user".equals(username) && "password1".equals(password)) || ("admin".equals(username) && "password2".equals(password));
        });
        IdentityValidator x509IdentityValidator = new X509IdentityValidator(x509Certificate -> {
            return true;
        });
        X509Certificate x509Certificate2 = (X509Certificate) defaultCertificateManager.getCertificates().stream().findFirst().orElseThrow(() -> {
            return new UaRuntimeException(2156462080L, "no certificate found");
        });
        this.server = new OpcUaServer(org.eclipse.milo.opcua.sdk.server.api.config.OpcUaServerConfig.builder().setApplicationUri((String) CertificateUtil.getSanUri(x509Certificate2).orElseThrow(() -> {
            return new UaRuntimeException(2156462080L, "certificate is missing the application URI");
        })).setApplicationName(LocalizedText.english(opcUaServerConfig.applicationName)).setEndpoints(createEndpointConfigurations(x509Certificate2)).setBuildInfo(new BuildInfo(opcUaServerConfig.productUri, opcUaServerConfig.manufacturerName, opcUaServerConfig.productName, OpcUaServer.SDK_VERSION, "", DateTime.now())).setCertificateManager(defaultCertificateManager).setTrustListManager(defaultTrustListManager).setCertificateValidator(defaultServerCertificateValidator).setHttpsKeyPair(generateRsaKeyPair).setHttpsCertificate(build).setIdentityValidator(new CompositeValidator(new IdentityValidator[]{usernameIdentityValidator, x509IdentityValidator})).setProductUri(opcUaServerConfig.productUri).build());
        this.nameSpaceOpc = new OpcUaNamespace(this.server, opcUaServerConfig);
    }

    private Set<EndpointConfiguration> createEndpointConfigurations(X509Certificate x509Certificate) {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        ArrayList<String> newArrayList = Lists.newArrayList();
        newArrayList.add(this.configuration.bindAddress);
        LinkedHashSet linkedHashSet2 = new LinkedHashSet();
        linkedHashSet2.add(HostnameUtil.getHostname());
        linkedHashSet2.addAll(HostnameUtil.getHostnames(this.configuration.bindAddress));
        for (String str : newArrayList) {
            Iterator it = linkedHashSet2.iterator();
            while (it.hasNext()) {
                EndpointConfiguration.Builder addTokenPolicies = EndpointConfiguration.newBuilder().setBindAddress(str).setHostname((String) it.next()).setPath(this.configuration.serverPath).setCertificate(x509Certificate).addTokenPolicies(new UserTokenPolicy[]{org.eclipse.milo.opcua.sdk.server.api.config.OpcUaServerConfig.USER_TOKEN_POLICY_ANONYMOUS, org.eclipse.milo.opcua.sdk.server.api.config.OpcUaServerConfig.USER_TOKEN_POLICY_USERNAME, org.eclipse.milo.opcua.sdk.server.api.config.OpcUaServerConfig.USER_TOKEN_POLICY_X509});
                EndpointConfiguration.Builder securityMode = addTokenPolicies.copy().setSecurityPolicy(SecurityPolicy.None).setSecurityMode(MessageSecurityMode.None);
                linkedHashSet.add(buildTcpEndpoint(securityMode));
                linkedHashSet.add(buildHttpsEndpoint(securityMode));
                linkedHashSet.add(buildTcpEndpoint(addTokenPolicies.copy().setSecurityPolicy(SecurityPolicy.Basic256Sha256).setSecurityMode(MessageSecurityMode.SignAndEncrypt)));
                linkedHashSet.add(buildHttpsEndpoint(addTokenPolicies.copy().setSecurityPolicy(SecurityPolicy.Basic256Sha256).setSecurityMode(MessageSecurityMode.Sign)));
                EndpointConfiguration.Builder securityMode2 = addTokenPolicies.copy().setPath(this.configuration.serverPath + "/discovery").setSecurityPolicy(SecurityPolicy.None).setSecurityMode(MessageSecurityMode.None);
                linkedHashSet.add(buildTcpEndpoint(securityMode2));
                linkedHashSet.add(buildHttpsEndpoint(securityMode2));
            }
        }
        return linkedHashSet;
    }

    private EndpointConfiguration buildTcpEndpoint(EndpointConfiguration.Builder builder) {
        return builder.copy().setTransportProfile(TransportProfile.TCP_UASC_UABINARY).setBindPort(this.configuration.serverPort.intValue()).build();
    }

    private EndpointConfiguration buildHttpsEndpoint(EndpointConfiguration.Builder builder) {
        return builder.copy().setTransportProfile(TransportProfile.HTTPS_UABINARY).setBindPort(this.configuration.serverPortHttps.intValue()).build();
    }

    public OpcUaServer getServer() {
        return this.server;
    }

    public CompletableFuture<OpcUaServer> startup() {
        return this.server.startup();
    }

    public CompletableFuture<OpcUaServer> shutdown() {
        return this.server.shutdown();
    }

    public EdgeComponent.ServiceStatus updateAndGetStatus() {
        return null;
    }

    public OpcUaServerConfig getConfiguration() {
        return this.configuration;
    }

    public OpcUaNamespace getNamespace() {
        return this.nameSpaceOpc;
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
