package org.apache.plc4x.java.opcua.context;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.Optional;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.plc4x.java.api.exceptions.PlcRuntimeException;
import org.apache.plc4x.java.opcua.config.OpcuaConfiguration;
import org.apache.plc4x.java.opcua.readwrite.PascalByteString;
import org.apache.plc4x.java.opcua.security.CertificateVerifier;
import org.apache.plc4x.java.opcua.security.PermissiveCertificateVerifier;
import org.apache.plc4x.java.opcua.security.SecurityPolicy;
import org.apache.plc4x.java.opcua.security.TrustStoreCertificateVerifier;
import org.apache.plc4x.java.spi.configuration.HasConfiguration;
import org.apache.plc4x.java.spi.context.DriverContext;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/plc4x/java/opcua/context/OpcuaDriverContext.class */
public class OpcuaDriverContext implements DriverContext, HasConfiguration<OpcuaConfiguration> {
    private static final Logger LOGGER = LoggerFactory.getLogger(OpcuaDriverContext.class);
    public static final Pattern INET_ADDRESS_PATTERN = Pattern.compile("(:(?<transportCode>[a-z0-9]*))?://(?<transportHost>[\\w.-]+)(:(?<transportPort>\\d*))?");
    public static final Pattern URI_PATTERN = Pattern.compile("^(?<protocolCode>opcua)" + INET_ADDRESS_PATTERN + "(?<transportEndpoint>[\\w/=]*)[?]?(?<paramString>([^=]+=[^=&]+&?)*)");
    private String code;
    private String host;
    private String port;
    private String endpoint;
    private String transportEndpoint;
    private CertificateKeyPair certificateKeyPair;
    private X509Certificate serverCertificate;
    private PascalByteString thumbprint;
    private CertificateVerifier certificateVerifier = new PermissiveCertificateVerifier();

    static {
        Security.addProvider(new BouncyCastleProvider());
    }

    public void openKeyStore(OpcuaConfiguration opcuaConfiguration) throws IOException, GeneralSecurityException {
        String keyStoreFile = opcuaConfiguration.getKeyStoreFile();
        if (keyStoreFile == null) {
            LOGGER.info("Client certificate not provided, creating temporary certificate and private key");
            this.certificateKeyPair = CertificateGenerator.generateCertificate();
        } else {
            LOGGER.info("Loading KeyStore at {}", keyStoreFile);
            KeyStore openKeyStore = openKeyStore(opcuaConfiguration.getKeyStoreFile(), opcuaConfiguration.getKeyStoreType(), opcuaConfiguration.getKeyStorePassword());
            String nextElement = openKeyStore.aliases().nextElement();
            this.certificateKeyPair = new CertificateKeyPair(new KeyPair(openKeyStore.getCertificate(nextElement).getPublicKey(), (PrivateKey) openKeyStore.getKey(nextElement, opcuaConfiguration.getKeyStorePassword())), (X509Certificate) openKeyStore.getCertificate(nextElement));
        }
        if (opcuaConfiguration.getServerCertificate() != null) {
            this.serverCertificate = opcuaConfiguration.getServerCertificate();
            byte[] sha1 = DigestUtils.sha1(this.serverCertificate.getEncoded());
            this.thumbprint = new PascalByteString(sha1.length, sha1);
        }
        if (opcuaConfiguration.getTrustStoreFile() != null) {
            this.certificateVerifier = new TrustStoreCertificateVerifier(openKeyStore(opcuaConfiguration.getTrustStoreFile(), opcuaConfiguration.getTrustStoreType(), opcuaConfiguration.getTrustStorePassword()));
        }
    }

    public String getHost() {
        return this.host;
    }

    public void setHost(String str) {
        this.host = str;
    }

    public String getPort() {
        return this.port;
    }

    public String getEndpoint() {
        return this.endpoint;
    }

    public String getTransportEndpoint() {
        return this.transportEndpoint;
    }

    public void setTransportEndpoint(String str) {
        this.transportEndpoint = str;
    }

    public X509Certificate getServerCertificate() {
        return this.serverCertificate;
    }

    public CertificateKeyPair getCertificateKeyPair() {
        return this.certificateKeyPair;
    }

    public void setConfiguration(OpcuaConfiguration opcuaConfiguration) {
        Matcher matcher = getMatcher(opcuaConfiguration);
        this.code = matcher.group("transportCode");
        this.host = matcher.group("transportHost");
        this.port = matcher.group("transportPort");
        this.transportEndpoint = matcher.group("transportEndpoint");
        this.endpoint = "opc." + this.code + "://" + this.host + (this.port != null ? ":" + this.port : "") + this.transportEndpoint;
        if (opcuaConfiguration.getSecurityPolicy() == null || opcuaConfiguration.getSecurityPolicy() == SecurityPolicy.NONE) {
            return;
        }
        try {
            openKeyStore(opcuaConfiguration);
        } catch (IOException | GeneralSecurityException e) {
            throw new PlcRuntimeException("Unable to open keystore, please confirm you have the correct permissions", e);
        }
    }

    private static Matcher getMatcher(OpcuaConfiguration opcuaConfiguration) {
        String str = String.valueOf(opcuaConfiguration.getProtocolCode()) + ":" + opcuaConfiguration.getTransportCode() + "://" + opcuaConfiguration.getTransportConfig();
        Matcher matcher = URI_PATTERN.matcher(str);
        if (matcher.matches()) {
            return matcher;
        }
        throw new PlcRuntimeException("Connection string doesn't match the format '{protocol-code}:({transport-code})?//{transport-host}(:{transport-port})(/{transport-endpoint})(?{parameter-string)?': " + str);
    }

    public Optional<String> getApplicationUri() {
        return Optional.ofNullable(this.certificateKeyPair).flatMap((v0) -> {
            return v0.getApplicationUri();
        });
    }

    public PascalByteString getThumbprint() {
        return this.thumbprint;
    }

    public CertificateVerifier getCertificateVerifier() {
        return this.certificateVerifier;
    }

    private static KeyStore openKeyStore(String str, String str2, char[] cArr) throws IOException, GeneralSecurityException {
        File file = null;
        if (str != null) {
            file = Paths.get(str, new String[0]).toFile();
        }
        if (str == null || !file.exists()) {
            throw new FileNotFoundException("Invalid parameter - specified file " + str + " does not exist");
        }
        KeyStore keyStore = KeyStore.getInstance(str2);
        keyStore.load(new FileInputStream(file), cArr);
        return keyStore;
    }
}
