package org.eclipse.leshan.server.demo;

import ch.qos.logback.classic.util.ContextInitializer;
import ch.qos.logback.core.pattern.color.ANSIConstants;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.net.BindException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.URI;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
import javax.jmdns.JmDNS;
import javax.jmdns.ServiceInfo;
import org.apache.commons.cli.CommandLine;
import org.apache.commons.cli.DefaultParser;
import org.apache.commons.cli.HelpFormatter;
import org.apache.commons.cli.Options;
import org.apache.commons.cli.ParseException;
import org.eclipse.californium.core.network.config.NetworkConfig;
import org.eclipse.californium.scandium.config.DtlsConnectorConfig;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.servlet.ServletHolder;
import org.eclipse.jetty.webapp.WebAppContext;
import org.eclipse.leshan.core.model.ObjectLoader;
import org.eclipse.leshan.core.model.ObjectModel;
import org.eclipse.leshan.core.node.codec.DefaultLwM2mNodeDecoder;
import org.eclipse.leshan.core.node.codec.DefaultLwM2mNodeEncoder;
import org.eclipse.leshan.core.util.SecurityUtil;
import org.eclipse.leshan.server.californium.LeshanServer;
import org.eclipse.leshan.server.californium.LeshanServerBuilder;
import org.eclipse.leshan.server.demo.servlet.ClientServlet;
import org.eclipse.leshan.server.demo.servlet.EventServlet;
import org.eclipse.leshan.server.demo.servlet.ObjectSpecServlet;
import org.eclipse.leshan.server.demo.servlet.SecurityServlet;
import org.eclipse.leshan.server.demo.utils.MagicLwM2mValueConverter;
import org.eclipse.leshan.server.model.VersionedModelProvider;
import org.eclipse.leshan.server.redis.RedisRegistrationStore;
import org.eclipse.leshan.server.redis.RedisSecurityStore;
import org.eclipse.leshan.server.security.EditableSecurityStore;
import org.eclipse.leshan.server.security.FileSecurityStore;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import redis.clients.jedis.JedisPool;

/* loaded from: input_file:org/eclipse/leshan/server/demo/LeshanServerDemo.class */
public class LeshanServerDemo {
    private static final Logger LOG;
    private static final String USAGE = "java -jar leshan-server-demo.jar [OPTION]\n\n";
    private static final String DEFAULT_KEYSTORE_TYPE;
    private static final String DEFAULT_KEYSTORE_ALIAS = "leshan";

    public static void main(String[] strArr) throws FileNotFoundException {
        Options options = new Options();
        StringBuilder sb = new StringBuilder();
        sb.append("\n .");
        sb.append("\n .");
        sb.append("\n================================[ RPK ]=================================");
        sb.append("\n| By default Leshan demo uses an embedded self-signed certificate and  |");
        sb.append("\n| trusts any client certificates allowing to use RPK or X509           |");
        sb.append("\n| at client side.                                                      |");
        sb.append("\n| To use RPK only with your own keys :                                 |");
        sb.append("\n|            -pubk -prik options should be used together.              |");
        sb.append("\n| To get helps about files format and how to generate it, see :        |");
        sb.append("\n| See https://github.com/eclipse/leshan/wiki/Credential-files-format   |");
        sb.append("\n------------------------------------------------------------------------");
        StringBuilder sb2 = new StringBuilder();
        sb2.append("\n .");
        sb2.append("\n .");
        sb2.append("\n===============================[ X509 ]=================================");
        sb2.append("\n| By default Leshan demo uses an embedded self-signed certificate and  |");
        sb2.append("\n| trusts any client certificates allowing to use RPK or X509           |");
        sb2.append("\n| at client side.                                                      |");
        sb2.append("\n| To use X509 with your own server key, certificate and truststore :   |");
        sb2.append("\n|               [-cert, -prik], [-truststore] should be used together  |");
        sb2.append("\n| To get helps about files format and how to generate it, see :        |");
        sb2.append("\n| See https://github.com/eclipse/leshan/wiki/Credential-files-format   |");
        sb2.append("\n------------------------------------------------------------------------");
        StringBuilder sb3 = new StringBuilder();
        sb3.append("\n .");
        sb3.append("\n .");
        sb3.append("\n=======================[ X509 deprecated way]===========================");
        sb3.append("\n| By default Leshan demo uses an embedded self-signed certificate and  |");
        sb3.append("\n| trusts any client certificates allowing to use RPK or X509           |");
        sb3.append("\n| at client side.                                                      |");
        sb3.append("\n| If you want to use your own server keys, certificates and truststore,|");
        sb3.append("\n| you can provide a keystore using :                                   |");
        sb3.append("\n|         -ks, -ksp, [-kst], [-ksa], -ksap should be used together     |");
        sb3.append("\n| To get helps about files format and how to generate it, see :        |");
        sb3.append("\n| See https://github.com/eclipse/leshan/wiki/Credential-files-format   |");
        sb3.append("\n------------------------------------------------------------------------");
        options.addOption("h", "help", false, "Display help information.");
        options.addOption("lh", "coaphost", true, "Set the local CoAP address.\n  Default: any local address.");
        options.addOption("lp", "coapport", true, String.format("Set the local CoAP port.\n  Default: %d.", 5683));
        options.addOption("slh", "coapshost", true, "Set the secure local CoAP address.\nDefault: any local address.");
        options.addOption("slp", "coapsport", true, String.format("Set the secure local CoAP port.\nDefault: %d.", 5684));
        options.addOption("wh", "webhost", true, "Set the HTTP address for web server.\nDefault: any local address.");
        options.addOption("wp", "webport", true, "Set the HTTP port for web server.\nDefault: 8080.");
        options.addOption(ANSIConstants.ESC_END, "modelsfolder", true, "A folder which contains object models in OMA DDF(.xml) format.");
        options.addOption("oc", "activate support of old/deprecated cipher suites.");
        options.addOption("r", "redis", true, "Use redis to store registration and securityInfo. \nThe URL of the redis server should be given using this format : 'redis://:password@hostname:port/db_number'\nExample without DB and password: 'redis://localhost:6379'\nDefault: redis is not used.");
        options.addOption("mdns", "publishDNSSdServices", false, "Publish leshan's services to DNS Service discovery" + ((Object) sb));
        options.addOption("pubk", true, "The path to your server public key file.\n The public Key should be in SubjectPublicKeyInfo format (DER encoding).");
        options.addOption("prik", true, "The path to your server private key file.\nThe private key should be in PKCS#8 format (DER encoding)." + ((Object) sb2));
        options.addOption("cert", true, "The path to your server certificate file.\nThe certificate Common Name (CN) should generally be equal to the server hostname.\nThe certificate should be in X509v3 format (DER encoding).");
        options.addOption("truststore", true, "The path to a root certificate file to trust or a folder containing all the trusted certificates in X509v3 format (DER encoding).\n Default: All certificates are trusted which is only OK for a demo." + ((Object) sb3));
        options.addOption("ks", "keystore", true, "Set the key store file.\nIf set, X.509 mode is enabled, otherwise built-in RPK credentials are used.");
        options.addOption("ksp", "storepass", true, "Set the key store password.");
        options.addOption("kst", "storetype", true, String.format("Set the key store type.\nDefault: %s.", DEFAULT_KEYSTORE_TYPE));
        options.addOption("ksa", "alias", true, String.format("Set the key store alias to use for server credentials.\nDefault: %s.\n All other alias referencing a certificate will be trusted.", DEFAULT_KEYSTORE_ALIAS));
        options.addOption("ksap", "keypass", true, "Set the key store alias password to use.");
        HelpFormatter helpFormatter = new HelpFormatter();
        helpFormatter.setWidth(120);
        helpFormatter.setOptionComparator(null);
        try {
            CommandLine parse = new DefaultParser().parse(options, strArr);
            if (parse.hasOption("help")) {
                helpFormatter.printHelp(USAGE, options);
                return;
            }
            if (parse.getArgs().length > 0) {
                System.err.println("Unexpected option or arguments : " + parse.getArgList());
                helpFormatter.printHelp(USAGE, options);
                return;
            }
            boolean z = false;
            if (parse.hasOption("pubk")) {
                if (!parse.hasOption("prik")) {
                    System.err.println("pubk, prik should be used together to connect using RPK");
                    helpFormatter.printHelp(USAGE, options);
                    return;
                }
                z = true;
            }
            boolean z2 = false;
            if (parse.hasOption("cert")) {
                if (!parse.hasOption("prik")) {
                    System.err.println("cert, prik should be used together to connect using X509");
                    helpFormatter.printHelp(USAGE, options);
                    return;
                }
                z2 = true;
            }
            if (parse.hasOption("prik") && !z && !z2) {
                System.err.println("prik should be used with cert for X509 config OR pubk for RPK config");
                helpFormatter.printHelp(USAGE, options);
                return;
            }
            String optionValue = parse.getOptionValue("lh");
            String optionValue2 = parse.getOptionValue("lp");
            Integer valueOf = optionValue2 != null ? Integer.valueOf(Integer.parseInt(optionValue2)) : null;
            String optionValue3 = parse.getOptionValue("slh");
            String optionValue4 = parse.getOptionValue("slp");
            Integer valueOf2 = optionValue4 != null ? Integer.valueOf(Integer.parseInt(optionValue4)) : null;
            String optionValue5 = parse.getOptionValue("wh");
            String optionValue6 = parse.getOptionValue("wp");
            int parseInt = optionValue6 != null ? Integer.parseInt(optionValue6) : 8080;
            String optionValue7 = parse.getOptionValue(ANSIConstants.ESC_END);
            String optionValue8 = parse.getOptionValue("r");
            PublicKey publicKey = null;
            PrivateKey privateKey = null;
            if (z) {
                try {
                    privateKey = SecurityUtil.privateKey.readFromFile(parse.getOptionValue("prik"));
                    publicKey = SecurityUtil.publicKey.readFromFile(parse.getOptionValue("pubk"));
                } catch (Exception e) {
                    System.err.println("Unable to load RPK files : " + e.getMessage());
                    e.printStackTrace();
                    helpFormatter.printHelp(USAGE, options);
                    return;
                }
            }
            X509Certificate x509Certificate = null;
            if (parse.hasOption("cert")) {
                try {
                    privateKey = SecurityUtil.privateKey.readFromFile(parse.getOptionValue("prik"));
                    x509Certificate = SecurityUtil.certificate.readFromFile(parse.getOptionValue("cert"));
                } catch (Exception e2) {
                    System.err.println("Unable to load X509 files : " + e2.getMessage());
                    e2.printStackTrace();
                    helpFormatter.printHelp(USAGE, options);
                    return;
                }
            }
            ArrayList arrayList = null;
            if (parse.hasOption("truststore")) {
                arrayList = new ArrayList();
                File file = new File(parse.getOptionValue("truststore"));
                if (!file.exists()) {
                    throw new FileNotFoundException(file.toString());
                }
                for (File file2 : file.isDirectory() ? file.listFiles() : new File[]{file}) {
                    try {
                        arrayList.add(SecurityUtil.certificate.readFromFile(file2.getAbsolutePath()));
                    } catch (Exception e3) {
                        LOG.warn("Unable to load X509 files {}:{} ", file2.getAbsolutePath(), e3.getMessage());
                    }
                }
            }
            try {
                createAndStartServer(optionValue5, parseInt, optionValue, valueOf, optionValue3, valueOf2, optionValue7, optionValue8, publicKey, privateKey, x509Certificate, arrayList, parse.getOptionValue("ks"), parse.getOptionValue("kst", KeyStore.getDefaultType()), parse.getOptionValue("ksp"), parse.getOptionValue("ksa"), parse.getOptionValue("ksap"), Boolean.valueOf(parse.hasOption("mdns")), parse.hasOption("oc"));
            } catch (BindException e4) {
                System.err.println(String.format("Web port %s is already used, you could change it using 'webport' option.", Integer.valueOf(parseInt)));
                helpFormatter.printHelp(USAGE, options);
            } catch (Exception e5) {
                LOG.error("Jetty stopped with unexpected error ...", (Throwable) e5);
            }
        } catch (ParseException e6) {
            System.err.println("Parsing failed.  Reason: " + e6.getMessage());
            helpFormatter.printHelp(USAGE, options);
        }
    }

    public static void createAndStartServer(String str, int i, String str2, Integer num, String str3, Integer num2, String str4, String str5, PublicKey publicKey, PrivateKey privateKey, X509Certificate x509Certificate, List<Certificate> list, String str6, String str7, String str8, String str9, String str10, Boolean bool, boolean z) throws Exception {
        NetworkConfig createDefaultNetworkConfig;
        char[] charArray;
        EditableSecurityStore redisSecurityStore;
        LeshanServerBuilder leshanServerBuilder = new LeshanServerBuilder();
        leshanServerBuilder.setEncoder(new DefaultLwM2mNodeEncoder());
        leshanServerBuilder.setDecoder(new DefaultLwM2mNodeDecoder());
        File file = new File(NetworkConfig.DEFAULT_FILE_NAME);
        if (file.isFile()) {
            createDefaultNetworkConfig = new NetworkConfig();
            createDefaultNetworkConfig.load(file);
        } else {
            createDefaultNetworkConfig = LeshanServerBuilder.createDefaultNetworkConfig();
            createDefaultNetworkConfig.store(file);
        }
        leshanServerBuilder.setCoapConfig(createDefaultNetworkConfig);
        leshanServerBuilder.setLocalAddress(str2, num == null ? createDefaultNetworkConfig.getInt(NetworkConfig.Keys.COAP_PORT, 5683) : num.intValue());
        leshanServerBuilder.setLocalSecureAddress(str3, num2 == null ? createDefaultNetworkConfig.getInt(NetworkConfig.Keys.COAP_SECURE_PORT, 5684) : num2.intValue());
        JedisPool jedisPool = str5 != null ? new JedisPool(new URI(str5)) : null;
        DtlsConnectorConfig.Builder builder = new DtlsConnectorConfig.Builder();
        builder.setRecommendedCipherSuitesOnly(!z);
        X509Certificate x509Certificate2 = null;
        if (x509Certificate != null) {
            x509Certificate2 = x509Certificate;
            leshanServerBuilder.setPrivateKey(privateKey);
            leshanServerBuilder.setCertificateChain(new X509Certificate[]{x509Certificate2});
        } else if (publicKey != null) {
            leshanServerBuilder.setPublicKey(publicKey);
            leshanServerBuilder.setPrivateKey(privateKey);
        } else if (str6 != null) {
            LOG.warn("Keystore way [-ks, -ksp, -kst, -ksa, -ksap] is DEPRECATED for leshan demo and will probably be removed soon, please use [-cert, -prik, -truststore] options");
            try {
                KeyStore keyStore = KeyStore.getInstance(str7);
                FileInputStream fileInputStream = new FileInputStream(str6);
                Throwable th = null;
                if (str8 == null) {
                    charArray = null;
                } else {
                    try {
                        try {
                            charArray = str8.toCharArray();
                        } finally {
                        }
                    } finally {
                    }
                }
                keyStore.load(fileInputStream, charArray);
                ArrayList arrayList = new ArrayList();
                Enumeration<String> aliases = keyStore.aliases();
                while (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    if (keyStore.isCertificateEntry(nextElement)) {
                        arrayList.add(keyStore.getCertificate(nextElement));
                    } else if (keyStore.isKeyEntry(nextElement) && nextElement.equals(str9)) {
                        ArrayList arrayList2 = new ArrayList();
                        Certificate[] certificateChain = keyStore.getCertificateChain(nextElement);
                        if (certificateChain == null || certificateChain.length == 0) {
                            LOG.error("Keystore alias must have a non-empty chain of X509Certificates.");
                            System.exit(-1);
                        }
                        for (Certificate certificate : certificateChain) {
                            if (!(certificate instanceof X509Certificate)) {
                                LOG.error("Non-X.509 certificate in alias chain is not supported: {}", certificate);
                                System.exit(-1);
                            }
                            arrayList2.add((X509Certificate) certificate);
                        }
                        Key key = keyStore.getKey(nextElement, str10 == null ? new char[0] : str10.toCharArray());
                        if (!(key instanceof PrivateKey)) {
                            LOG.error("Keystore alias must have a PrivateKey entry, was {}", key == null ? null : key.getClass().getName());
                            System.exit(-1);
                        }
                        leshanServerBuilder.setPrivateKey((PrivateKey) key);
                        x509Certificate2 = (X509Certificate) keyStore.getCertificate(nextElement);
                        leshanServerBuilder.setCertificateChain((X509Certificate[]) arrayList2.toArray(new X509Certificate[arrayList2.size()]));
                    }
                }
                leshanServerBuilder.setTrustedCertificates((Certificate[]) arrayList.toArray(new Certificate[arrayList.size()]));
                if (fileInputStream != null) {
                    if (0 != 0) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
            } catch (IOException | KeyStoreException e) {
                LOG.error("Unable to initialize X.509.", e);
                System.exit(-1);
            }
        }
        if (publicKey == null && x509Certificate2 == null) {
            try {
                PrivateKey readFromResource = SecurityUtil.privateKey.readFromResource("credentials/server_privkey.der");
                x509Certificate2 = SecurityUtil.certificate.readFromResource("credentials/server_cert.der");
                leshanServerBuilder.setPrivateKey(readFromResource);
                leshanServerBuilder.setCertificateChain(new X509Certificate[]{x509Certificate2});
            } catch (Exception e2) {
                LOG.error("Unable to load embedded X.509 certificate.", (Throwable) e2);
                System.exit(-1);
            }
        }
        if (x509Certificate2 != null && str6 == null) {
            if (list == null || list.isEmpty()) {
                leshanServerBuilder.setTrustedCertificates(new X509Certificate[0]);
            } else {
                leshanServerBuilder.setTrustedCertificates((Certificate[]) list.toArray(new Certificate[list.size()]));
            }
        }
        leshanServerBuilder.setDtlsConfig(builder);
        List<ObjectModel> loadAllDefault = ObjectLoader.loadAllDefault();
        loadAllDefault.addAll(ObjectLoader.loadDdfResources("/models/", LwM2mDemoConstant.modelPaths));
        if (str4 != null) {
            loadAllDefault.addAll(ObjectLoader.loadObjectsFromDir(new File(str4), true));
        }
        leshanServerBuilder.setObjectModelProvider(new VersionedModelProvider(loadAllDefault));
        if (jedisPool == null) {
            redisSecurityStore = new FileSecurityStore();
        } else {
            redisSecurityStore = new RedisSecurityStore(jedisPool);
            leshanServerBuilder.setRegistrationStore(new RedisRegistrationStore(jedisPool));
        }
        leshanServerBuilder.setSecurityStore(redisSecurityStore);
        leshanServerBuilder.setEncoder(new DefaultLwM2mNodeEncoder(new MagicLwM2mValueConverter()));
        LeshanServer build = leshanServerBuilder.build();
        Server server = new Server(str == null ? new InetSocketAddress(i) : new InetSocketAddress(str, i));
        WebAppContext webAppContext = new WebAppContext();
        webAppContext.setContextPath("/");
        webAppContext.setResourceBase(LeshanServerDemo.class.getClassLoader().getResource("webapp").toExternalForm());
        webAppContext.setParentLoaderPriority(true);
        server.setHandler(webAppContext);
        webAppContext.addServlet(new ServletHolder(new EventServlet(build, build.getSecuredAddress().getPort())), "/event/*");
        webAppContext.addServlet(new ServletHolder(new ClientServlet(build)), "/api/clients/*");
        webAppContext.addServlet(publicKey != null ? new ServletHolder(new SecurityServlet(redisSecurityStore, publicKey)) : new ServletHolder(new SecurityServlet(redisSecurityStore, x509Certificate2)), "/api/security/*");
        webAppContext.addServlet(new ServletHolder(new ObjectSpecServlet(build.getModelProvider(), build.getRegistrationService())), "/api/objectspecs/*");
        if (bool.booleanValue()) {
            JmDNS create = JmDNS.create(InetAddress.getLocalHost());
            create.registerService(ServiceInfo.create("_http._tcp.local.", DEFAULT_KEYSTORE_ALIAS, i, ""));
            create.registerService(ServiceInfo.create("_coap._udp.local.", DEFAULT_KEYSTORE_ALIAS, num.intValue(), ""));
            create.registerService(ServiceInfo.create("_coaps._udp.local.", DEFAULT_KEYSTORE_ALIAS, num2.intValue(), ""));
        }
        build.start();
        server.start();
        LOG.info("Web server started at {}.", server.getURI());
    }

    static {
        if (System.getProperty(ContextInitializer.CONFIG_FILE_PROPERTY) == null) {
            System.setProperty(ContextInitializer.CONFIG_FILE_PROPERTY, "logback-config.xml");
        }
        LOG = LoggerFactory.getLogger((Class<?>) LeshanServerDemo.class);
        DEFAULT_KEYSTORE_TYPE = KeyStore.getDefaultType();
    }
}
