package com.prosysopc.ua.stack.application;

import com.prosysopc.ua.stack.builtintypes.ByteString;
import com.prosysopc.ua.stack.builtintypes.DateTime;
import com.prosysopc.ua.stack.builtintypes.ExtensionObject;
import com.prosysopc.ua.stack.builtintypes.ServiceRequest;
import com.prosysopc.ua.stack.builtintypes.ServiceResponse;
import com.prosysopc.ua.stack.common.ServiceFaultException;
import com.prosysopc.ua.stack.common.ServiceResultException;
import com.prosysopc.ua.stack.core.ActivateSessionRequest;
import com.prosysopc.ua.stack.core.ActivateSessionResponse;
import com.prosysopc.ua.stack.core.AnonymousIdentityToken;
import com.prosysopc.ua.stack.core.CloseSessionResponse;
import com.prosysopc.ua.stack.core.IssuedIdentityToken;
import com.prosysopc.ua.stack.core.MessageSecurityMode;
import com.prosysopc.ua.stack.core.RequestHeader;
import com.prosysopc.ua.stack.core.SignatureData;
import com.prosysopc.ua.stack.core.StatusCodes;
import com.prosysopc.ua.stack.core.UserIdentityToken;
import com.prosysopc.ua.stack.core.UserNameIdentityToken;
import com.prosysopc.ua.stack.core.X509IdentityToken;
import com.prosysopc.ua.stack.transport.AsyncResult;
import com.prosysopc.ua.stack.transport.ChannelService;
import com.prosysopc.ua.stack.transport.RequestChannel;
import com.prosysopc.ua.stack.transport.ResultListener;
import com.prosysopc.ua.stack.transport.SecureChannel;
import com.prosysopc.ua.stack.transport.impl.AsyncResultImpl;
import com.prosysopc.ua.stack.transport.security.SecurityAlgorithm;
import com.prosysopc.ua.stack.transport.security.SecurityPolicy;
import com.prosysopc.ua.stack.utils.CryptoUtil;
import com.prosysopc.ua.stack.utils.EndpointUtil;
import com.prosysopc.ua.stack.utils.ObjectUtils;
import com.prosysopc.ua.stack.utils.bytebuffer.ByteBufferUtils;
import java.security.interfaces.RSAPrivateKey;
import java.util.concurrent.atomic.AtomicReference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/prosys-opc-ua-java-sdk-client-4.6.0-1594.jar:com/prosysopc/ua/stack/application/SessionChannel.class */
public class SessionChannel extends ChannelService implements RequestChannel {
    private static final Logger logger = LoggerFactory.getLogger(SessionChannel.class);
    private final Client es;
    private Session eZ;
    private SecureChannel gk;
    private final AtomicReference<RequestValidator> gl;

    /* loaded from: input_file:BOOT-INF/lib/prosys-opc-ua-java-sdk-client-4.6.0-1594.jar:com/prosysopc/ua/stack/application/SessionChannel$RequestValidator.class */
    public interface RequestValidator {
        <T extends ServiceResponse> void validateServiceRequest(SessionChannel sessionChannel, ServiceRequest<T> serviceRequest) throws ServiceResultException;
    }

    static void a(Session session, UserIdentityToken userIdentityToken, SignatureData signatureData) throws ServiceResultException {
        if (userIdentityToken instanceof AnonymousIdentityToken) {
            return;
        }
        if (userIdentityToken instanceof UserNameIdentityToken) {
            UserNameIdentityToken userNameIdentityToken = (UserNameIdentityToken) userIdentityToken;
            if (userNameIdentityToken.getEncryptionAlgorithm() == null || userNameIdentityToken.getEncryptionAlgorithm().isEmpty()) {
                return;
            }
        }
        if ((userIdentityToken instanceof X509IdentityToken) && (signatureData.getAlgorithm() == null || signatureData.getAlgorithm().isEmpty())) {
            return;
        }
        if (userIdentityToken instanceof IssuedIdentityToken) {
            IssuedIdentityToken issuedIdentityToken = (IssuedIdentityToken) userIdentityToken;
            if (issuedIdentityToken.getEncryptionAlgorithm() == null || issuedIdentityToken.getEncryptionAlgorithm().isEmpty()) {
                return;
            }
        }
        if (session.getServerNonce() == null || session.getServerNonce().getLength() < 32) {
            throw new ServiceResultException(StatusCodes.Bad_NonceInvalid, "ServerNonce from previous CreateSessionResponse or ActivateSessionResponse was not valid (must be at least 32 bytes): " + session.getServerNonce());
        }
        if (session.gd) {
            throw new ServiceResultException(StatusCodes.Bad_NonceInvalid, "ServerNonce based on previous CreateSessionResponse or ActivateSessionResponse is not unique, calling ActivateSession is not safe:" + session.getServerNonce());
        }
    }

    public SessionChannel(Client client, Session session, SecureChannel secureChannel) {
        this.eZ = session;
        this.es = client;
        this.gk = secureChannel;
        setRequestChannel(this);
        this.gl = new AtomicReference<>();
    }

    public ActivateSessionResponse activate() throws ServiceResultException {
        return activate(EndpointUtil.createAnonymousIdentityToken(this.eZ.getEndpoint()), (SignatureData) null);
    }

    public ActivateSessionResponse activate(byte[] bArr) throws ServiceResultException {
        return activate(EndpointUtil.createIssuedIdentityToken(this.eZ.getEndpoint(), this.eZ.getServerNonce(), bArr), (SignatureData) null);
    }

    public ActivateSessionResponse activate(String str, String str2) throws ServiceResultException {
        return activate(EndpointUtil.createUserNameIdentityToken(this.eZ.getEndpoint(), this.eZ.getServerNonce(), str, str2), (SignatureData) null);
    }

    /* JADX WARN: Type inference failed for: r0v74, types: [byte[], byte[][]] */
    public ActivateSessionResponse activate(UserIdentityToken userIdentityToken, SignatureData signatureData) throws ServiceResultException {
        if (this.gk == null || userIdentityToken == null) {
            throw new IllegalArgumentException("null arg");
        }
        String policyId = userIdentityToken.getPolicyId();
        if (policyId != null && EndpointUtil.findUserTokenPolicy(this.eZ.getEndpoint(), policyId) == null) {
            throw new ServiceResultException("UserIdentityPolicy \"" + policyId + "\" is not supported by the given endpoint");
        }
        a(this.eZ, userIdentityToken, signatureData);
        SignatureData signatureData2 = null;
        if (!MessageSecurityMode.None.equals(this.gk.getMessageSecurityMode())) {
            SecurityPolicy securityPolicy = this.gk.getSecurityPolicy();
            RSAPrivateKey privateKey = this.eZ.getClientPrivateKey().getPrivateKey();
            SecurityAlgorithm asymmetricSignatureAlgorithm = securityPolicy.getAsymmetricSignatureAlgorithm();
            byte[] encoded = this.eZ.getServerCertificate().getEncoded();
            if (this.eZ.getServerNonce() != null) {
                encoded = ByteBufferUtils.concatenate(new byte[]{encoded, this.eZ.getServerNonce().getValue()});
            }
            signatureData2 = new SignatureData(asymmetricSignatureAlgorithm.getUri(), ByteString.valueOf(CryptoUtil.getCryptoProvider().signAsymm(privateKey, asymmetricSignatureAlgorithm, encoded)));
        }
        ActivateSessionRequest activateSessionRequest = new ActivateSessionRequest();
        activateSessionRequest.setLocaleIds(this.es.getApplication().getLocaleIds());
        activateSessionRequest.setClientSoftwareCertificates(this.es.getApplication().getSoftwareCertificates());
        activateSessionRequest.setClientSignature(signatureData2);
        activateSessionRequest.setUserIdentityToken(ExtensionObject.binaryEncode(userIdentityToken, this.es.getEncoderContext()));
        activateSessionRequest.setUserTokenSignature(signatureData);
        ActivateSessionResponse ActivateSession = ActivateSession(activateSessionRequest);
        ByteString serverNonce = this.eZ.getServerNonce();
        ByteString serverNonce2 = ActivateSession.getServerNonce();
        boolean equals = ObjectUtils.equals(serverNonce, serverNonce2);
        if (equals) {
            this.eZ.gd = true;
        }
        boolean z = serverNonce2 == null || serverNonce2.getLength() < 32;
        if (MessageSecurityMode.None.equals(this.gk.getMessageSecurityMode()) && (userIdentityToken instanceof AnonymousIdentityToken)) {
            if (equals) {
                logger.warn("ServerNonce from ActivateSessionResponse was not unique (equals to previous ServerNonce): {}", serverNonce2);
            }
            if (z) {
                logger.warn("ServerNonce from ActivateSessionResponse was not valid (must be at least 32 bytes): {}", serverNonce2);
            }
        } else {
            if (z) {
                throw new ServiceResultException(StatusCodes.Bad_NonceInvalid, "ServerNonce from ActivateSessionResponse was not valid (must be at least 32 bytes): " + serverNonce2);
            }
            if (equals) {
                if (MessageSecurityMode.SignAndEncrypt.equals(this.gk.getMessageSecurityMode()) || (userIdentityToken instanceof AnonymousIdentityToken)) {
                    throw new ServiceResultException(StatusCodes.Bad_NonceInvalid, "ServerNonce from ActivateSessionResponse was not unique (equals to previous ServerNonce): " + serverNonce2);
                }
                throw new ServiceResultException(StatusCodes.Bad_NonceInvalid, "ServerNonce from ActivateSessionResponse was not unique (equals to previous ServerNonce): " + serverNonce2 + " WARNING, credentials might be compromized");
            }
        }
        this.eZ.serverNonce = ActivateSession.getServerNonce();
        return ActivateSession;
    }

    public void close() throws ServiceFaultException, ServiceResultException {
        CloseSession(null, true);
        closeSecureChannel();
    }

    public AsyncResult<SecureChannel> closeAsync() {
        final AsyncResultImpl asyncResultImpl = new AsyncResultImpl();
        CloseSessionAsync(null, true).setListener(new ResultListener<CloseSessionResponse>() { // from class: com.prosysopc.ua.stack.application.SessionChannel.1
            @Override // com.prosysopc.ua.stack.transport.ResultListener
            /* renamed from: a, reason: merged with bridge method [inline-methods] */
            public void onCompleted(CloseSessionResponse closeSessionResponse) {
                asyncResultImpl.setSource(SessionChannel.this.gk.closeAsync());
            }

            @Override // com.prosysopc.ua.stack.transport.ResultListener
            public void onError(ServiceResultException serviceResultException) {
                asyncResultImpl.setSource(SessionChannel.this.gk.closeAsync());
            }
        });
        return asyncResultImpl;
    }

    public void closeSecureChannel() {
        this.gk.close();
    }

    public void closeUnsafe() {
        try {
            close();
        } catch (ServiceResultException e) {
            logger.error("Failed to close session channel", (Throwable) e);
        }
    }

    public void dispose() {
        this.gk.close();
        this.gk.dispose();
        this.gk = null;
        this.eZ = null;
    }

    public RequestValidator getRequestValidator() {
        return this.gl.get();
    }

    public SecureChannel getSecureChannel() {
        return this.gk;
    }

    public Session getSession() {
        return this.eZ;
    }

    @Override // com.prosysopc.ua.stack.transport.RequestChannel
    public <T extends ServiceResponse> T serviceRequest(ServiceRequest<T> serviceRequest) throws ServiceResultException {
        RequestHeader requestHeader = serviceRequest.getRequestHeader();
        if (requestHeader == null) {
            RequestHeader requestHeader2 = new RequestHeader();
            requestHeader = requestHeader2;
            serviceRequest.setRequestHeader(requestHeader2);
        }
        requestHeader.setAuthenticationToken(this.eZ.getAuthenticationToken());
        requestHeader.setTimestamp(new DateTime());
        if (logger.isTraceEnabled()) {
            logger.trace("serviceRequest: Request={} SecureChannelId={}", serviceRequest.getClass().getSimpleName(), Integer.valueOf(this.gk.getSecureChannelId()));
        }
        RequestValidator requestValidator = this.gl.get();
        if (requestValidator != null) {
            requestValidator.validateServiceRequest(this, serviceRequest);
        }
        return (T) this.gk.serviceRequest(serviceRequest);
    }

    @Override // com.prosysopc.ua.stack.transport.RequestChannel
    public <T extends ServiceResponse> AsyncResult<T> serviceRequestAsync(ServiceRequest<T> serviceRequest) {
        RequestHeader requestHeader = serviceRequest.getRequestHeader();
        if (requestHeader == null) {
            RequestHeader requestHeader2 = new RequestHeader();
            requestHeader = requestHeader2;
            serviceRequest.setRequestHeader(requestHeader2);
        }
        requestHeader.setAuthenticationToken(this.eZ.getAuthenticationToken());
        requestHeader.setTimestamp(new DateTime());
        RequestValidator requestValidator = this.gl.get();
        if (requestValidator != null) {
            try {
                requestValidator.validateServiceRequest(this, serviceRequest);
            } catch (ServiceResultException e) {
                logger.trace("SessionChannel.RequestValidator rejected the request to be sent to the secure channel, returning as an error within the AsyncResult.");
                AsyncResultImpl asyncResultImpl = new AsyncResultImpl();
                asyncResultImpl.setErrorSync(e);
                return asyncResultImpl;
            }
        }
        return this.gk.serviceRequestAsync(serviceRequest);
    }

    public RequestValidator setRequestValidator(RequestValidator requestValidator) {
        return this.gl.getAndSet(requestValidator);
    }
}
