package com.cumulocity.opcua.client.gateway.connection;

import c8y.ua.ClientConfig;
import c8y.ua.Constants;
import c8y.ua.IdentityConfig;
import ch.qos.logback.core.net.ssl.SSL;
import com.cumulocity.model.idtype.GId;
import com.cumulocity.opcua.client.OpcuaClient;
import com.cumulocity.opcua.client.SecurityModeParser;
import com.cumulocity.opcua.client.exception.OpcuaClientException;
import com.cumulocity.opcua.client.gateway.GatewayManager;
import com.cumulocity.opcua.client.gateway.ServerIdentifier;
import com.cumulocity.opcua.client.gateway.configuration.GatewayGeneralConfiguration;
import com.cumulocity.opcua.client.gateway.configuration.InventoryUpdateProcessingModeConfiguration;
import com.cumulocity.opcua.client.gateway.connection.exception.OpcuaConnectionException;
import com.cumulocity.opcua.client.gateway.connection.model.ConnectionEstablishedEvent;
import com.cumulocity.opcua.client.gateway.connection.model.NamespaceTableChangedEvent;
import com.cumulocity.opcua.client.gateway.connection.model.ServerConnectedEvent;
import com.cumulocity.opcua.client.gateway.connection.model.ServerConnectionDroppedEvent;
import com.cumulocity.opcua.client.gateway.connection.model.ServerConnectionFailedEvent;
import com.cumulocity.opcua.client.gateway.connection.model.ServerDisconnectedEvent;
import com.cumulocity.opcua.client.gateway.connection.security.KeystoreRetriever;
import com.cumulocity.opcua.client.gateway.encryption.EncryptionService;
import com.cumulocity.opcua.client.gateway.exception.ServerNotConnectedException;
import com.cumulocity.opcua.client.gateway.jmx.ServerMonitoringMBean;
import com.cumulocity.opcua.client.gateway.monitoring.OpcuaServerStateChangeListener;
import com.cumulocity.opcua.client.gateway.platform.configuration.PlatformProvider;
import com.cumulocity.opcua.common.repository.InventoryRepository;
import com.cumulocity.rest.representation.inventory.ManagedObjectRepresentation;
import com.prosysopc.ua.stack.common.NamespaceTable;
import com.prosysopc.ua.stack.core.UserTokenType;
import com.prosysopc.ua.stack.transport.security.SecurityMode;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.concurrent.ConcurrentHashMap;
import javax.annotation.PreDestroy;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.event.EventListener;
import org.springframework.stereotype.Component;
import org.springframework.util.CollectionUtils;

@Component
/* loaded from: input_file:BOOT-INF/classes/com/cumulocity/opcua/client/gateway/connection/ConnectionManager.class */
public class ConnectionManager {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) ConnectionManager.class);

    @Autowired
    private EncryptionService encryptionService;

    @Autowired
    private PlatformProvider platformProvider;

    @Autowired
    private ApplicationContext context;
    private Map<ServerIdentifier, ClientWithConfig> clientMap = new ConcurrentHashMap();

    @Autowired
    @Qualifier("pmAwareInventoryRepository")
    private InventoryRepository inventoryRepository;

    @Autowired
    private ApplicationEventPublisher eventPublisher;

    @Autowired
    private KeystoreRetriever keystoreRetriever;

    @Autowired
    private ServerMonitoringMBean mbean;

    @Autowired
    private GatewayGeneralConfiguration configuration;

    @Autowired
    private InventoryUpdateProcessingModeConfiguration processingModeConfiguration;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:BOOT-INF/classes/com/cumulocity/opcua/client/gateway/connection/ConnectionManager$ClientWithConfig.class */
    public static class ClientWithConfig {
        OpcuaClient client;
        ClientConfig config;

        static ClientWithConfig from(OpcuaClient opcuaClient, ClientConfig clientConfig) {
            return new ClientWithConfig(opcuaClient, clientConfig);
        }

        public ClientWithConfig(OpcuaClient opcuaClient, ClientConfig clientConfig) {
            this.client = opcuaClient;
            this.config = clientConfig;
        }
    }

    public OpcuaClient connect(ServerIdentifier serverIdentifier, ClientConfig clientConfig) throws OpcuaConnectionException {
        String userPassword = clientConfig.getUserPassword();
        String passwordFromCredentials = this.encryptionService.getPasswordFromCredentials();
        String fetchSalt = this.encryptionService.fetchSalt();
        String fetchIv = this.encryptionService.fetchIv();
        log.info("Configuring connection to OPC-UA Server: {}", serverIdentifier.getName());
        try {
            IdentityConfig applicationIdentity = ((GatewayManager) this.context.getBean(GatewayManager.class)).getApplicationIdentity();
            SecurityMode parse = SecurityModeParser.parse(clientConfig.getSecurityMode());
            this.mbean.addServer(serverIdentifier.getName(), clientConfig);
            OpcuaClient opcuaClient = (OpcuaClient) this.context.getBean(OpcuaClient.class);
            if (Objects.isNull(clientConfig.getPasswordEncrypted())) {
                clientConfig.setPasswordEncrypted(false);
            } else if (clientConfig.getPasswordEncrypted().booleanValue()) {
                try {
                    userPassword = clientConfig.getUserPassword();
                    clientConfig.setUserPassword(new String(EncryptionService.decryptAESGCM(passwordFromCredentials, fetchSalt, fetchIv, userPassword)));
                } catch (Exception e) {
                    log.error("Problems while trying to decrypt, cause: {}", e.getMessage());
                }
            }
            if (UserTokenType.Certificate.toString().equalsIgnoreCase(clientConfig.getUserIdentityMode())) {
                log.info("New client config with Certificate");
                try {
                    opcuaClient.configure(clientConfig.getServerUrl(), parse, clientConfig.getUserIdentityMode(), applicationIdentity, getUserIdentity(clientConfig), clientConfig.getTimeout(), clientConfig.getStatusCheckInterval(), clientConfig.isAutoReconnect(), clientConfig.getMaxResponseMessageSize());
                } catch (Exception e2) {
                    log.error("Error reading user identity from client config!");
                    throw new OpcuaConnectionException(e2);
                }
            } else {
                if (UserTokenType.IssuedToken.toString().equals(clientConfig.getUserIdentityMode())) {
                    log.error("Not supported UserIdentityMode {} used", clientConfig.getUserIdentityMode());
                    throw new OpcuaConnectionException(new Throwable("Not supported UserIdentityMode" + clientConfig.getUserIdentityMode() + "used"));
                }
                log.info("New client config with userName or Anonymous");
                opcuaClient.configure(clientConfig.getServerUrl(), parse, clientConfig.getUserIdentityMode(), clientConfig.getUserName(), clientConfig.getUserPassword(), applicationIdentity, clientConfig.getTimeout(), clientConfig.getStatusCheckInterval(), clientConfig.isAutoReconnect(), clientConfig.getMaxResponseMessageSize());
            }
            OpcuaServerStateChangeListener opcuaServerStateChangeListener = (OpcuaServerStateChangeListener) this.context.getBean(OpcuaServerStateChangeListener.class, serverIdentifier, this.mbean);
            if (!Constants.TARGET_CONNECTION_STATE_DISABLED.equals(clientConfig.getTargetConnectionState())) {
                try {
                    opcuaClient.connect(opcuaServerStateChangeListener);
                    log.info("Connection is being established to server: {}", serverIdentifier);
                    log.info("Connected to server {} successfully", serverIdentifier);
                } catch (Exception e3) {
                    log.error("Connection to server {} failed, cause {}.", serverIdentifier.getName(), e3.getMessage());
                    this.mbean.increaseFailedConnectionAttemptsForServer(serverIdentifier.getName());
                    this.eventPublisher.publishEvent(new ServerConnectionFailedEvent(serverIdentifier, e3.getMessage()));
                    throw new OpcuaConnectionException(e3);
                }
            }
            if (clientConfig.getPasswordEncrypted().booleanValue()) {
                opcuaClient.setUserPassword(userPassword);
            } else if (this.platformProvider.isCredentialsAvailable()) {
                try {
                    if (StringUtils.isNotEmpty(opcuaClient.getUserPassword())) {
                        clientConfig.setUserPassword(EncryptionService.encryptAESGCM(passwordFromCredentials, fetchSalt, fetchIv, clientConfig.getUserPassword().getBytes()));
                        clientConfig.setPasswordEncrypted(true);
                        log.info("Encrypted password set");
                    }
                    ManagedObjectRepresentation managedObjectRepresentation = new ManagedObjectRepresentation();
                    managedObjectRepresentation.set(clientConfig, Constants.SERVER_CONFIG);
                    managedObjectRepresentation.setId(serverIdentifier.getInventoryIdentifier());
                    this.inventoryRepository.update(managedObjectRepresentation, this.processingModeConfiguration.getServerUpdateProcessingMode());
                    log.info("Inventory updated with new password");
                } catch (Exception e4) {
                    log.error("Problems while trying to encrypt, cause: {}", e4.getMessage());
                }
            }
            if (!Constants.TARGET_CONNECTION_STATE_DISABLED.equals(clientConfig.getTargetConnectionState())) {
                this.clientMap.put(serverIdentifier, ClientWithConfig.from(opcuaClient, clientConfig));
                this.eventPublisher.publishEvent(new ServerConnectedEvent(serverIdentifier, clientConfig));
            }
            return opcuaClient;
        } catch (Exception e5) {
            log.error("Error getting gateways application identity");
            throw new OpcuaConnectionException(e5);
        }
    }

    public int clientMapSize() {
        return this.clientMap.size();
    }

    public OpcuaClient getClient(String str) throws ServerNotConnectedException {
        Optional<OpcuaClient> connection = getConnection(new ServerIdentifier(GId.asGId(str)));
        if (connection.isEmpty()) {
            throw new ServerNotConnectedException(str);
        }
        return connection.get();
    }

    private IdentityConfig getUserIdentity(ClientConfig clientConfig) throws CertificateException, NoSuchAlgorithmException, IOException, KeyStoreException, UnrecoverableKeyException {
        IdentityConfig identityConfig = new IdentityConfig();
        if (clientConfig.getKeystoreBinaryId() != null) {
            byte[] readKeystoreFromBinary = this.keystoreRetriever.readKeystoreFromBinary(clientConfig.getKeystoreBinaryId());
            KeyStore keyStore = KeyStore.getInstance(SSL.DEFAULT_KEYSTORE_TYPE);
            keyStore.load(new ByteArrayInputStream(readKeystoreFromBinary), clientConfig.getKeystorePass().toCharArray());
            if (!keyStore.containsAlias(Constants.USER_CERTIFICATE_ALIAS)) {
                throw new CertificateException("Keystore doesn't contain certificate with alias: opcuauser");
            }
            identityConfig.setCert(new String(Base64.getEncoder().encode(keyStore.getCertificate(Constants.USER_CERTIFICATE_ALIAS).getEncoded())));
            identityConfig.setPk(new String(Base64.getEncoder().encode(keyStore.getKey(Constants.USER_CERTIFICATE_ALIAS, clientConfig.getCertificatePass().toCharArray()).getEncoded())));
            identityConfig.setPassword(clientConfig.getCertificatePass());
        }
        return identityConfig;
    }

    public boolean isServerConnected(ServerIdentifier serverIdentifier) {
        return this.clientMap.containsKey(serverIdentifier);
    }

    public Collection<ServerIdentifier> getAllServerIdentifiers() {
        return this.clientMap.keySet();
    }

    public OpcuaClient getOrConnect(ServerIdentifier serverIdentifier, ClientConfig clientConfig) throws OpcuaConnectionException {
        return isServerConnected(serverIdentifier) ? this.clientMap.get(serverIdentifier).client : connect(serverIdentifier, clientConfig);
    }

    public Optional<OpcuaClient> getConnection(ServerIdentifier serverIdentifier) {
        return this.clientMap.containsKey(serverIdentifier) ? Optional.of(this.clientMap.get(serverIdentifier).client) : Optional.empty();
    }

    public Optional<ClientConfig> getClientConfig(ServerIdentifier serverIdentifier) {
        return this.clientMap.containsKey(serverIdentifier) ? Optional.of(this.clientMap.get(serverIdentifier).config) : Optional.empty();
    }

    public void disconnect(ServerIdentifier serverIdentifier) {
        log.info("Disconnecting from server: {}", serverIdentifier);
        ClientWithConfig remove = this.clientMap.remove(serverIdentifier);
        if (Objects.isNull(remove)) {
            return;
        }
        OpcuaClient opcuaClient = remove.client;
        if (opcuaClient.isConnected()) {
            disconnect(opcuaClient);
        } else {
            log.info("Client was already disconnected, skipping client disconnection.");
        }
        try {
            this.eventPublisher.publishEvent(new ServerDisconnectedEvent(serverIdentifier));
        } catch (Exception e) {
            log.warn("Unable to publish event on server disconnected", (Throwable) e);
        }
        this.mbean.removeServer(serverIdentifier.getName());
        log.info("Disconnected from server: {}", serverIdentifier);
    }

    @EventListener
    public void onConnectionDropped(ServerConnectionDroppedEvent serverConnectionDroppedEvent) {
        Optional<OpcuaClient> connection = getConnection(ServerIdentifier.of(serverConnectionDroppedEvent.getServerId()));
        if (!connection.isPresent() || connection.get().isAutoReconnect()) {
            return;
        }
        log.info("Auto reconnect is OFF on server {}, client SDK won't try to reconnect", serverConnectionDroppedEvent.getServerId());
        if (!isTriggerManualReconnectOnConnectionDropEnabled()) {
            log.info("Gateway is not configured to trigger manual reconnect.");
            return;
        }
        log.info("Triggering manual reconnect to server: {}", serverConnectionDroppedEvent.getServerId());
        try {
            boolean reconnect = connection.get().reconnect();
            log.info("Server connection reestablished: {}, new session: {}", serverConnectionDroppedEvent.getServerId(), Boolean.valueOf(reconnect));
            this.eventPublisher.publishEvent(new ConnectionEstablishedEvent(serverConnectionDroppedEvent.getServerId(), connection.get().getSessionId().orElse(null), reconnect));
        } catch (Exception e) {
            log.error("Unable to reconnect to server: {}", serverConnectionDroppedEvent.getServerId(), e);
        }
    }

    public boolean isTriggerManualReconnectOnConnectionDropEnabled() {
        return Objects.isNull(this.configuration.getTriggerManualReconnectOnConnectionDrop()) || this.configuration.getTriggerManualReconnectOnConnectionDrop().booleanValue();
    }

    @EventListener
    public void onConnectionEstablished(ConnectionEstablishedEvent connectionEstablishedEvent) {
        Optional<OpcuaClient> connection = getConnection(ServerIdentifier.of(connectionEstablishedEvent.getServerId()));
        try {
            if (connection.isPresent()) {
                tryPersistServerNamespaceTable(connection.get(), connectionEstablishedEvent.getServerId(), 10);
            }
        } catch (Exception e) {
            log.error("Unable to persist namespace table for server: {}", connectionEstablishedEvent.getServerId(), e);
        }
    }

    private void tryPersistServerNamespaceTable(OpcuaClient opcuaClient, String str, int i) throws OpcuaClientException, InterruptedException {
        try {
            persistServerNamespaceTable(opcuaClient, str);
        } catch (Exception e) {
            if (i == 0) {
                throw e;
            }
            log.warn("Unable to persist namespace table for server: {}, still {} retries", str, Integer.valueOf(i), e);
            Thread.sleep(500L);
            tryPersistServerNamespaceTable(opcuaClient, str, i - 1);
        }
    }

    private void persistServerNamespaceTable(OpcuaClient opcuaClient, String str) throws OpcuaClientException {
        NamespaceTable namespaceTable = opcuaClient.getNamespaceTable(true);
        if (namespaceTable != null) {
            if (log.isTraceEnabled()) {
                log.trace("Namespace table: {}", namespaceTable);
            }
            List list = null;
            try {
                list = (List) this.inventoryRepository.get(GId.asGId(str)).get(Constants.OPCUA_NAMESPACE_TABLE);
                if (!CollectionUtils.isEmpty(list) && !list.equals(new ArrayList(Arrays.asList(namespaceTable.toArray()))) && !CollectionUtils.isEmpty(list)) {
                    this.eventPublisher.publishEvent(new NamespaceTableChangedEvent(ServerIdentifier.of(str)));
                }
                ManagedObjectRepresentation managedObjectRepresentation = new ManagedObjectRepresentation();
                managedObjectRepresentation.setId(GId.asGId(str));
                managedObjectRepresentation.setProperty(Constants.OPCUA_NAMESPACE_TABLE, namespaceTable.toArray());
                this.inventoryRepository.update(managedObjectRepresentation, this.processingModeConfiguration.getServerUpdateProcessingMode());
                log.info("Namespace table persisted for server: {}", str);
            } catch (Throwable th) {
                if (!CollectionUtils.isEmpty(list) && !list.equals(new ArrayList(Arrays.asList(namespaceTable.toArray()))) && !CollectionUtils.isEmpty(list)) {
                    this.eventPublisher.publishEvent(new NamespaceTableChangedEvent(ServerIdentifier.of(str)));
                }
                ManagedObjectRepresentation managedObjectRepresentation2 = new ManagedObjectRepresentation();
                managedObjectRepresentation2.setId(GId.asGId(str));
                managedObjectRepresentation2.setProperty(Constants.OPCUA_NAMESPACE_TABLE, namespaceTable.toArray());
                this.inventoryRepository.update(managedObjectRepresentation2, this.processingModeConfiguration.getServerUpdateProcessingMode());
                log.info("Namespace table persisted for server: {}", str);
                throw th;
            }
        }
    }

    private void disconnectOnDestroy(ServerIdentifier serverIdentifier) {
        ClientWithConfig remove = this.clientMap.remove(serverIdentifier);
        if (Objects.isNull(remove)) {
            return;
        }
        OpcuaClient opcuaClient = remove.client;
        if (opcuaClient.isConnected()) {
            disconnect(opcuaClient);
        } else {
            log.info("Client was already disconnected, skipping client disconnection.");
        }
    }

    @PreDestroy
    public void closeAllConnections() {
        log.info("Disconnecting from server(s)");
        try {
            this.clientMap.keySet().forEach(this::disconnectOnDestroy);
        } finally {
            this.clientMap.clear();
        }
    }

    private void disconnect(OpcuaClient opcuaClient) {
        if (Objects.isNull(opcuaClient) || !opcuaClient.isConnected()) {
            return;
        }
        opcuaClient.disconnect();
    }

    public Map<ServerIdentifier, ClientWithConfig> getClientMap() {
        return this.clientMap;
    }
}
