package org.eclipse.milo.opcua.sdk.server;

import com.google.common.base.Objects;
import com.google.common.base.Strings;
import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import com.google.common.math.DoubleMath;
import com.google.common.primitives.Bytes;
import java.math.RoundingMode;
import java.nio.ByteBuffer;
import java.security.KeyPair;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import java.util.concurrent.CopyOnWriteArrayList;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.eclipse.milo.opcua.sdk.server.diagnostics.ServerDiagnosticsSummary;
import org.eclipse.milo.opcua.sdk.server.identity.IdentityValidator;
import org.eclipse.milo.opcua.sdk.server.services.ServiceAttributes;
import org.eclipse.milo.opcua.stack.core.StatusCodes;
import org.eclipse.milo.opcua.stack.core.UaException;
import org.eclipse.milo.opcua.stack.core.UaRuntimeException;
import org.eclipse.milo.opcua.stack.core.security.SecurityAlgorithm;
import org.eclipse.milo.opcua.stack.core.security.SecurityPolicy;
import org.eclipse.milo.opcua.stack.core.types.builtin.ByteString;
import org.eclipse.milo.opcua.stack.core.types.builtin.DiagnosticInfo;
import org.eclipse.milo.opcua.stack.core.types.builtin.ExtensionObject;
import org.eclipse.milo.opcua.stack.core.types.builtin.NodeId;
import org.eclipse.milo.opcua.stack.core.types.builtin.StatusCode;
import org.eclipse.milo.opcua.stack.core.types.builtin.unsigned.UInteger;
import org.eclipse.milo.opcua.stack.core.types.builtin.unsigned.Unsigned;
import org.eclipse.milo.opcua.stack.core.types.enumerated.ApplicationType;
import org.eclipse.milo.opcua.stack.core.types.enumerated.MessageSecurityMode;
import org.eclipse.milo.opcua.stack.core.types.enumerated.UserTokenType;
import org.eclipse.milo.opcua.stack.core.types.structured.ActivateSessionRequest;
import org.eclipse.milo.opcua.stack.core.types.structured.ActivateSessionResponse;
import org.eclipse.milo.opcua.stack.core.types.structured.AnonymousIdentityToken;
import org.eclipse.milo.opcua.stack.core.types.structured.ApplicationDescription;
import org.eclipse.milo.opcua.stack.core.types.structured.CloseSessionRequest;
import org.eclipse.milo.opcua.stack.core.types.structured.CloseSessionResponse;
import org.eclipse.milo.opcua.stack.core.types.structured.CreateSessionRequest;
import org.eclipse.milo.opcua.stack.core.types.structured.CreateSessionResponse;
import org.eclipse.milo.opcua.stack.core.types.structured.EndpointDescription;
import org.eclipse.milo.opcua.stack.core.types.structured.SignatureData;
import org.eclipse.milo.opcua.stack.core.types.structured.SignedSoftwareCertificate;
import org.eclipse.milo.opcua.stack.core.types.structured.UserIdentityToken;
import org.eclipse.milo.opcua.stack.core.types.structured.UserTokenPolicy;
import org.eclipse.milo.opcua.stack.core.util.CertificateUtil;
import org.eclipse.milo.opcua.stack.core.util.ConversionUtil;
import org.eclipse.milo.opcua.stack.core.util.DigestUtil;
import org.eclipse.milo.opcua.stack.core.util.EndpointUtil;
import org.eclipse.milo.opcua.stack.core.util.NonceUtil;
import org.eclipse.milo.opcua.stack.core.util.SignatureUtil;
import org.eclipse.milo.opcua.stack.server.services.AttributeHistoryServiceSet;
import org.eclipse.milo.opcua.stack.server.services.AttributeServiceSet;
import org.eclipse.milo.opcua.stack.server.services.MethodServiceSet;
import org.eclipse.milo.opcua.stack.server.services.MonitoredItemServiceSet;
import org.eclipse.milo.opcua.stack.server.services.NodeManagementServiceSet;
import org.eclipse.milo.opcua.stack.server.services.QueryServiceSet;
import org.eclipse.milo.opcua.stack.server.services.ServiceRequest;
import org.eclipse.milo.opcua.stack.server.services.SessionServiceSet;
import org.eclipse.milo.opcua.stack.server.services.SubscriptionServiceSet;
import org.eclipse.milo.opcua.stack.server.services.ViewServiceSet;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/sdk-server-0.5.2.jar:org/eclipse/milo/opcua/sdk/server/SessionManager.class */
public class SessionManager implements AttributeServiceSet, AttributeHistoryServiceSet, MethodServiceSet, MonitoredItemServiceSet, NodeManagementServiceSet, QueryServiceSet, SessionServiceSet, SubscriptionServiceSet, ViewServiceSet {
    private final Logger logger = LoggerFactory.getLogger(getClass());
    private final Map<NodeId, Session> createdSessions = Maps.newConcurrentMap();
    private final Map<NodeId, Session> activeSessions = Maps.newConcurrentMap();
    private final List<SessionListener> sessionListeners = new CopyOnWriteArrayList();
    private final List<ByteString> clientNonces = Lists.newCopyOnWriteArrayList();
    private final OpcUaServer server;

    /* JADX INFO: Access modifiers changed from: package-private */
    public SessionManager(OpcUaServer opcUaServer) {
        this.server = opcUaServer;
    }

    public void killSession(NodeId nodeId, boolean z) {
        this.activeSessions.values().stream().filter(session -> {
            return session.getSessionId().equals(nodeId);
        }).findFirst().ifPresent(session2 -> {
            session2.close(z);
        });
    }

    public void addSessionListener(SessionListener sessionListener) {
        this.sessionListeners.add(sessionListener);
    }

    public void removeSessionListener(SessionListener sessionListener) {
        this.sessionListeners.remove(sessionListener);
    }

    public List<Session> getAllSessions() {
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(this.createdSessions.values());
        arrayList.addAll(this.activeSessions.values());
        return arrayList;
    }

    public UInteger getCurrentSessionCount() {
        return Unsigned.uint(this.createdSessions.size() + this.activeSessions.size());
    }

    private Session session(ServiceRequest serviceRequest) throws UaException {
        long secureChannelId = serviceRequest.getSecureChannelId();
        NodeId authenticationToken = serviceRequest.getRequest().getRequestHeader().getAuthenticationToken();
        Session session = this.activeSessions.get(authenticationToken);
        if (session == null) {
            Session session2 = this.createdSessions.get(authenticationToken);
            if (session2 == null) {
                throw new UaException(StatusCodes.Bad_SessionIdInvalid);
            }
            session2.close(true);
            throw new UaException(StatusCodes.Bad_SessionNotActivated);
        }
        if (session.getSecureChannelId() != secureChannelId) {
            session.getSessionDiagnostics().getUnauthorizedRequestCount().increment();
            throw new UaException(StatusCodes.Bad_SecureChannelIdInvalid);
        }
        session.updateLastActivity();
        serviceRequest.attr(ServiceAttributes.SERVER_KEY).set(this.server);
        serviceRequest.attr(ServiceAttributes.SESSION_KEY).set(session);
        return session;
    }

    @Override // org.eclipse.milo.opcua.stack.server.services.SessionServiceSet
    public void onCreateSession(ServiceRequest serviceRequest) {
        ServerDiagnosticsSummary diagnosticsSummary = this.server.getDiagnosticsSummary();
        try {
            CreateSessionResponse createSession = createSession(serviceRequest);
            diagnosticsSummary.getCumulatedSessionCount().increment();
            serviceRequest.setResponse(createSession);
        } catch (UaException e) {
            diagnosticsSummary.getRejectedSessionCount().increment();
            if (e.getStatusCode().isSecurityError()) {
                diagnosticsSummary.getSecurityRejectedSessionCount().increment();
            }
            serviceRequest.setServiceFault(e);
        }
    }

    private CreateSessionResponse createSession(ServiceRequest serviceRequest) throws UaException {
        CreateSessionRequest createSessionRequest = (CreateSessionRequest) serviceRequest.getRequest();
        if (this.createdSessions.size() + this.activeSessions.size() >= this.server.getConfig().getLimits().getMaxSessionCount().longValue()) {
            throw new UaException(StatusCodes.Bad_TooManySessions);
        }
        ByteString generateNonce = NonceUtil.generateNonce(32);
        NodeId nodeId = new NodeId(0, NonceUtil.generateNonce(32));
        long maxMessageSize = serviceRequest.getServer().getConfig().getMessageLimits().getMaxMessageSize();
        double max = Math.max(5000.0d, Math.min(this.server.getConfig().getLimits().getMaxSessionTimeout().doubleValue(), createSessionRequest.getRequestedSessionTimeout().doubleValue()));
        ApplicationDescription clientDescription = createSessionRequest.getClientDescription();
        long secureChannelId = serviceRequest.getSecureChannelId();
        EndpointDescription endpoint = serviceRequest.getEndpoint();
        SecurityPolicy fromUri = SecurityPolicy.fromUri(endpoint.getSecurityPolicyUri());
        EndpointDescription[] endpointDescriptionArr = (EndpointDescription[]) this.server.getEndpointDescriptions().stream().filter(endpointDescription -> {
            return !endpointDescription.getEndpointUrl().endsWith("/discovery");
        }).filter(endpointDescription2 -> {
            return endpointMatchesUrl(endpointDescription2, createSessionRequest.getEndpointUrl());
        }).filter(endpointDescription3 -> {
            return Objects.equal(endpoint.getTransportProfileUri(), endpointDescription3.getTransportProfileUri());
        }).map(SessionManager::stripNonEssentialFields).toArray(i -> {
            return new EndpointDescription[i];
        });
        if (endpointDescriptionArr.length == 0) {
            endpointDescriptionArr = (EndpointDescription[]) this.server.getEndpointDescriptions().stream().filter(endpointDescription4 -> {
                return !endpointDescription4.getEndpointUrl().endsWith("/discovery");
            }).filter(endpointDescription5 -> {
                return Objects.equal(endpoint.getTransportProfileUri(), endpointDescription5.getTransportProfileUri());
            }).map(SessionManager::stripNonEssentialFields).toArray(i2 -> {
                return new EndpointDescription[i2];
            });
        }
        ByteString clientNonce = createSessionRequest.getClientNonce();
        if (fromUri != SecurityPolicy.None) {
            NonceUtil.validateNonce(clientNonce);
            if (this.clientNonces.contains(clientNonce)) {
                throw new UaException(StatusCodes.Bad_NonceInvalid);
            }
        }
        if (fromUri != SecurityPolicy.None && clientNonce.isNotNull()) {
            this.clientNonces.add(clientNonce);
            while (this.clientNonces.size() > 64) {
                this.clientNonces.remove(0);
            }
        }
        ByteString clientCertificate = createSessionRequest.getClientCertificate();
        if (fromUri != SecurityPolicy.None && serviceRequest.getClientCertificateBytes() != null && !Objects.equal(clientCertificate, serviceRequest.getClientCertificateBytes())) {
            throw new UaException(StatusCodes.Bad_SecurityChecksFailed, "certificate used to open secure channel differs from certificate used to create session");
        }
        SecurityConfiguration createSecurityConfiguration = createSecurityConfiguration(endpoint, clientCertificate);
        if (fromUri != SecurityPolicy.None) {
            X509Certificate clientCertificate2 = createSecurityConfiguration.getClientCertificate();
            List<X509Certificate> clientCertificateChain = createSecurityConfiguration.getClientCertificateChain();
            if (clientCertificate2 == null || clientCertificateChain == null) {
                throw new UaException(StatusCodes.Bad_SecurityChecksFailed, "client certificate must be non-null");
            }
            this.server.getConfig().getCertificateValidator().validateCertificateChain(clientCertificateChain, clientDescription.getApplicationUri());
        }
        SignatureData serverSignature = getServerSignature(fromUri, createSecurityConfiguration.getKeyPair(), clientNonce, createSecurityConfiguration.getClientCertificateBytes());
        NodeId nodeId2 = new NodeId(1, "Session:" + UUID.randomUUID());
        Session session = new Session(this.server, nodeId2, createSessionRequest.getSessionName(), Duration.ofMillis(DoubleMath.roundToLong(max, RoundingMode.UP)), clientDescription, createSessionRequest.getServerUri(), createSessionRequest.getMaxResponseMessageSize(), endpoint, secureChannelId, createSecurityConfiguration);
        session.setLastNonce(generateNonce);
        session.addLifecycleListener((session2, z) -> {
            this.createdSessions.remove(nodeId);
            this.activeSessions.remove(nodeId);
            this.sessionListeners.forEach(sessionListener -> {
                sessionListener.onSessionClosed(session2);
            });
        });
        this.createdSessions.put(nodeId, session);
        this.sessionListeners.forEach(sessionListener -> {
            sessionListener.onSessionCreated(session);
        });
        return new CreateSessionResponse(serviceRequest.createResponseHeader(), nodeId2, nodeId, Double.valueOf(max), generateNonce, endpoint.getServerCertificate(), endpointDescriptionArr, new SignedSoftwareCertificate[0], serverSignature, Unsigned.uint(maxMessageSize));
    }

    private SecurityConfiguration createSecurityConfiguration(EndpointDescription endpointDescription, ByteString byteString) throws UaException {
        SecurityPolicy fromUri = SecurityPolicy.fromUri(endpointDescription.getSecurityPolicyUri());
        MessageSecurityMode securityMode = endpointDescription.getSecurityMode();
        X509Certificate x509Certificate = null;
        List<X509Certificate> list = null;
        KeyPair keyPair = null;
        X509Certificate x509Certificate2 = null;
        List list2 = null;
        if (fromUri != SecurityPolicy.None) {
            x509Certificate = CertificateUtil.decodeCertificate(byteString.bytes());
            list = CertificateUtil.decodeCertificates(byteString.bytes());
            ByteString of = ByteString.of(DigestUtil.sha1(endpointDescription.getServerCertificate().bytesOrEmpty()));
            keyPair = this.server.getConfig().getCertificateManager().getKeyPair(of).orElseThrow(() -> {
                return new UaException(StatusCodes.Bad_ConfigurationError);
            });
            x509Certificate2 = this.server.getConfig().getCertificateManager().getCertificate(of).orElseThrow(() -> {
                return new UaException(StatusCodes.Bad_ConfigurationError);
            });
            list2 = (List) this.server.getConfig().getCertificateManager().getCertificateChain(of).map((v0) -> {
                return Lists.newArrayList(v0);
            }).orElseThrow(() -> {
                return new UaException(StatusCodes.Bad_ConfigurationError);
            });
        }
        return new SecurityConfiguration(fromUri, securityMode, keyPair, x509Certificate2, list2, x509Certificate, list);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean endpointMatchesUrl(EndpointDescription endpointDescription, String str) {
        return Strings.nullToEmpty(EndpointUtil.getHost(Strings.nullToEmpty(endpointDescription.getEndpointUrl()))).equalsIgnoreCase(Strings.nullToEmpty(EndpointUtil.getHost(Strings.nullToEmpty(str))));
    }

    private static EndpointDescription stripNonEssentialFields(EndpointDescription endpointDescription) {
        return new EndpointDescription(endpointDescription.getEndpointUrl(), new ApplicationDescription(endpointDescription.getServer().getApplicationUri(), null, null, ApplicationType.Server, null, null, null), ByteString.NULL_VALUE, endpointDescription.getSecurityMode(), endpointDescription.getSecurityPolicyUri(), endpointDescription.getUserIdentityTokens(), endpointDescription.getTransportProfileUri(), endpointDescription.getSecurityLevel());
    }

    @Override // org.eclipse.milo.opcua.stack.server.services.SessionServiceSet
    public void onActivateSession(ServiceRequest serviceRequest) {
        try {
            serviceRequest.setResponse(activateSession(serviceRequest));
        } catch (UaException e) {
            ServerDiagnosticsSummary diagnosticsSummary = this.server.getDiagnosticsSummary();
            diagnosticsSummary.getRejectedSessionCount().increment();
            if (e.getStatusCode().isSecurityError()) {
                diagnosticsSummary.getSecurityRejectedSessionCount().increment();
            }
            serviceRequest.setServiceFault(e);
        }
    }

    private ActivateSessionResponse activateSession(ServiceRequest serviceRequest) throws UaException {
        ActivateSessionRequest activateSessionRequest = (ActivateSessionRequest) serviceRequest.getRequest();
        long secureChannelId = serviceRequest.getSecureChannelId();
        NodeId authenticationToken = activateSessionRequest.getRequestHeader().getAuthenticationToken();
        List l = ConversionUtil.l(activateSessionRequest.getClientSoftwareCertificates());
        Session session = this.createdSessions.get(authenticationToken);
        if (session != null) {
            if (secureChannelId != session.getSecureChannelId()) {
                throw new UaException(StatusCodes.Bad_SecurityChecksFailed);
            }
            verifyClientSignature(session, activateSessionRequest);
            UserIdentityToken decodeIdentityToken = decodeIdentityToken(activateSessionRequest.getUserIdentityToken(), session.getEndpoint().getUserIdentityTokens());
            Object validateIdentityToken = validateIdentityToken(session, decodeIdentityToken, activateSessionRequest.getUserTokenSignature());
            this.createdSessions.remove(authenticationToken);
            this.activeSessions.put(authenticationToken, session);
            StatusCode[] statusCodeArr = new StatusCode[l.size()];
            Arrays.fill(statusCodeArr, StatusCode.GOOD);
            ByteString generateNonce = NonceUtil.generateNonce(32);
            session.setClientAddress(serviceRequest.getClientAddress());
            session.setIdentityObject(validateIdentityToken, decodeIdentityToken);
            session.setLocaleIds(activateSessionRequest.getLocaleIds());
            session.setLastNonce(generateNonce);
            return new ActivateSessionResponse(serviceRequest.createResponseHeader(), generateNonce, statusCodeArr, new DiagnosticInfo[0]);
        }
        Session session2 = this.activeSessions.get(authenticationToken);
        if (session2 == null) {
            throw new UaException(StatusCodes.Bad_SessionIdInvalid);
        }
        verifyClientSignature(session2, activateSessionRequest);
        SecurityConfiguration securityConfiguration = session2.getSecurityConfiguration();
        if (session2.getSecureChannelId() == secureChannelId) {
            UserIdentityToken decodeIdentityToken2 = decodeIdentityToken(activateSessionRequest.getUserIdentityToken(), session2.getEndpoint().getUserIdentityTokens());
            Object validateIdentityToken2 = validateIdentityToken(session2, decodeIdentityToken2, activateSessionRequest.getUserTokenSignature());
            StatusCode[] statusCodeArr2 = new StatusCode[l.size()];
            Arrays.fill(statusCodeArr2, StatusCode.GOOD);
            ByteString generateNonce2 = NonceUtil.generateNonce(32);
            session2.setClientAddress(serviceRequest.getClientAddress());
            session2.setIdentityObject(validateIdentityToken2, decodeIdentityToken2);
            session2.setLastNonce(generateNonce2);
            session2.setLocaleIds(activateSessionRequest.getLocaleIds());
            return new ActivateSessionResponse(serviceRequest.createResponseHeader(), generateNonce2, statusCodeArr2, new DiagnosticInfo[0]);
        }
        ByteString clientCertificateBytes = serviceRequest.getClientCertificateBytes();
        boolean equal = Objects.equal(validateIdentityToken(session2, decodeIdentityToken(activateSessionRequest.getUserIdentityToken(), session2.getEndpoint().getUserIdentityTokens()), activateSessionRequest.getUserTokenSignature()), session2.getIdentityObject());
        boolean equal2 = Objects.equal(clientCertificateBytes, securityConfiguration.getClientCertificateBytes());
        if (!equal || !equal2) {
            throw new UaException(StatusCodes.Bad_SecurityChecksFailed);
        }
        SecurityConfiguration createSecurityConfiguration = createSecurityConfiguration(serviceRequest.getEndpoint(), clientCertificateBytes);
        session2.setEndpoint(serviceRequest.getEndpoint());
        session2.setSecureChannelId(secureChannelId);
        session2.setSecurityConfiguration(createSecurityConfiguration);
        this.logger.debug("Session id={} is now associated with secureChannelId={}", session2.getSessionId(), Long.valueOf(secureChannelId));
        StatusCode[] statusCodeArr3 = new StatusCode[l.size()];
        Arrays.fill(statusCodeArr3, StatusCode.GOOD);
        ByteString generateNonce3 = NonceUtil.generateNonce(32);
        session2.setClientAddress(serviceRequest.getClientAddress());
        session2.setLastNonce(generateNonce3);
        session2.setLocaleIds(activateSessionRequest.getLocaleIds());
        return new ActivateSessionResponse(serviceRequest.createResponseHeader(), generateNonce3, statusCodeArr3, new DiagnosticInfo[0]);
    }

    /* JADX WARN: Type inference failed for: r0v15, types: [byte[], byte[][]] */
    /* JADX WARN: Type inference failed for: r0v23, types: [byte[], byte[][]] */
    private static void verifyClientSignature(Session session, ActivateSessionRequest activateSessionRequest) throws UaException {
        SecurityConfiguration securityConfiguration = session.getSecurityConfiguration();
        if (securityConfiguration.getSecurityPolicy() != SecurityPolicy.None) {
            SignatureData clientSignature = activateSessionRequest.getClientSignature();
            ByteString serverCertificateBytes = securityConfiguration.getServerCertificateBytes();
            ByteString lastNonce = session.getLastNonce();
            try {
                try {
                    SignatureUtil.verify(SecurityAlgorithm.fromUri(clientSignature.getAlgorithm()), securityConfiguration.getClientCertificate(), Bytes.concat(new byte[]{serverCertificateBytes.bytesOrEmpty(), lastNonce.bytesOrEmpty()}), clientSignature.getSignature().bytesOrEmpty());
                } catch (UaException e) {
                    throw new UaException(StatusCodes.Bad_ApplicationSignatureInvalid, e);
                }
            } catch (UaException e2) {
                ByteString serverCertificateChainBytes = securityConfiguration.getServerCertificateChainBytes();
                if (serverCertificateBytes.equals(serverCertificateChainBytes)) {
                    throw e2;
                }
                try {
                    SignatureUtil.verify(SecurityAlgorithm.fromUri(clientSignature.getAlgorithm()), securityConfiguration.getClientCertificate(), Bytes.concat(new byte[]{serverCertificateChainBytes.bytesOrEmpty(), lastNonce.bytesOrEmpty()}), clientSignature.getSignature().bytesOrEmpty());
                } catch (UaException e3) {
                    throw new UaException(StatusCodes.Bad_ApplicationSignatureInvalid, e2);
                }
            }
        }
    }

    @Nonnull
    private UserIdentityToken decodeIdentityToken(@Nullable ExtensionObject extensionObject, @Nullable UserTokenPolicy[] userTokenPolicyArr) {
        if (extensionObject != null && !extensionObject.isNull()) {
            Object decodeOrNull = extensionObject.decodeOrNull(this.server.getSerializationContext());
            if (decodeOrNull instanceof UserIdentityToken) {
                return (UserIdentityToken) decodeOrNull;
            }
        }
        return new AnonymousIdentityToken((String) ConversionUtil.l(userTokenPolicyArr).stream().filter(userTokenPolicy -> {
            return userTokenPolicy.getTokenType() == UserTokenType.Anonymous;
        }).findFirst().map((v0) -> {
            return v0.getPolicyId();
        }).orElse(null));
    }

    private Object validateIdentityToken(Session session, Object obj, SignatureData signatureData) throws UaException {
        IdentityValidator identityValidator = this.server.getConfig().getIdentityValidator();
        UserTokenPolicy validatePolicyId = validatePolicyId(session, obj);
        if (obj instanceof UserIdentityToken) {
            return identityValidator.validateIdentityToken(session, (UserIdentityToken) obj, validatePolicyId, signatureData);
        }
        throw new UaException(StatusCodes.Bad_IdentityTokenInvalid);
    }

    private UserTokenPolicy validatePolicyId(Session session, Object obj) throws UaException {
        if (!(obj instanceof UserIdentityToken)) {
            throw new UaException(StatusCodes.Bad_IdentityTokenInvalid);
        }
        String policyId = ((UserIdentityToken) obj).getPolicyId();
        return (UserTokenPolicy) ConversionUtil.l(session.getEndpoint().getUserIdentityTokens()).stream().filter(userTokenPolicy -> {
            return Objects.equal(policyId, userTokenPolicy.getPolicyId());
        }).findFirst().orElseThrow(() -> {
            return new UaException(StatusCodes.Bad_IdentityTokenInvalid, "policy not found: " + policyId);
        });
    }

    @Override // org.eclipse.milo.opcua.stack.server.services.SessionServiceSet
    public void onCloseSession(ServiceRequest serviceRequest) {
        try {
            serviceRequest.setResponse(closeSession(serviceRequest));
        } catch (UaException e) {
            serviceRequest.setServiceFault(e);
        }
    }

    private CloseSessionResponse closeSession(ServiceRequest serviceRequest) throws UaException {
        CloseSessionRequest closeSessionRequest = (CloseSessionRequest) serviceRequest.getRequest();
        long secureChannelId = serviceRequest.getSecureChannelId();
        NodeId authenticationToken = serviceRequest.getRequest().getRequestHeader().getAuthenticationToken();
        Session session = this.activeSessions.get(authenticationToken);
        if (session != null) {
            if (session.getSecureChannelId() != secureChannelId) {
                throw new UaException(StatusCodes.Bad_SecureChannelIdInvalid);
            }
            this.activeSessions.remove(authenticationToken);
            session.close(closeSessionRequest.getDeleteSubscriptions().booleanValue());
            return new CloseSessionResponse(serviceRequest.createResponseHeader());
        }
        Session session2 = this.createdSessions.get(authenticationToken);
        if (session2 == null) {
            throw new UaException(StatusCodes.Bad_SessionIdInvalid);
        }
        if (session2.getSecureChannelId() != secureChannelId) {
            throw new UaException(StatusCodes.Bad_SecureChannelIdInvalid);
        }
        this.createdSessions.remove(authenticationToken);
        session2.close(closeSessionRequest.getDeleteSubscriptions().booleanValue());
        return new CloseSessionResponse(serviceRequest.createResponseHeader());
    }

    @Override // org.eclipse.milo.opcua.stack.server.services.SessionServiceSet
    public void onCancel(ServiceRequest serviceRequest) throws UaException {
        session(serviceRequest).onCancel(serviceRequest);
    }

    /* JADX WARN: Type inference failed for: r0v5, types: [byte[], byte[][]] */
    private SignatureData getServerSignature(SecurityPolicy securityPolicy, KeyPair keyPair, ByteString byteString, ByteString byteString2) throws UaException {
        if (securityPolicy == SecurityPolicy.None) {
            return new SignatureData(null, null);
        }
        try {
            SecurityAlgorithm asymmetricSignatureAlgorithm = securityPolicy.getAsymmetricSignatureAlgorithm();
            return new SignatureData(asymmetricSignatureAlgorithm.getUri(), ByteString.of(SignatureUtil.sign(asymmetricSignatureAlgorithm, keyPair.getPrivate(), ByteBuffer.wrap(Bytes.concat(new byte[]{byteString2.bytes(), byteString.bytes()})))));
        } catch (UaRuntimeException e) {
            throw new UaException(StatusCodes.Bad_SecurityChecksFailed);
        }
    }

    @Override // org.eclipse.milo.opcua.stack.server.services.AttributeServiceSet
    public void onRead(ServiceRequest serviceRequest) throws UaException {
        Session session = session(serviceRequest);
        session.getSessionDiagnostics().getReadCount().record(serviceRequest);
        session.getSessionDiagnostics().getTotalRequestCount().record(serviceRequest);
        session.getAttributeServiceSet().onRead(serviceRequest);
    }

    @Override // org.eclipse.milo.opcua.stack.server.services.AttributeServiceSet
    public void onWrite(ServiceRequest serviceRequest) throws UaException {
        Session session = session(serviceRequest);
        session.getSessionDiagnostics().getWriteCount().record(serviceRequest);
        session.getSessionDiagnostics().getTotalRequestCount().record(serviceRequest);
        session.getAttributeServiceSet().onWrite(serviceRequest);
    }

    @Override // org.eclipse.milo.opcua.stack.server.services.AttributeHistoryServiceSet
    public void onHistoryRead(ServiceRequest serviceRequest) throws UaException {
        Session session = session(serviceRequest);
        session.getSessionDiagnostics().getHistoryReadCount().record(serviceRequest);
        session.getSessionDiagnostics().getTotalRequestCount().record(serviceRequest);
        session.getAttributeHistoryServiceSet().onHistoryRead(serviceRequest);
    }

    @Override // org.eclipse.milo.opcua.stack.server.services.AttributeHistoryServiceSet
    public void onHistoryUpdate(ServiceRequest serviceRequest) throws UaException {
        Session session = session(serviceRequest);
        session.getSessionDiagnostics().getHistoryUpdateCount().record(serviceRequest);
        session.getSessionDiagnostics().getTotalRequestCount().record(serviceRequest);
        session.getAttributeHistoryServiceSet().onHistoryUpdate(serviceRequest);
    }

    @Override // org.eclipse.milo.opcua.stack.server.services.ViewServiceSet
    public void onBrowse(ServiceRequest serviceRequest) throws UaException {
        Session session = session(serviceRequest);
        session.getSessionDiagnostics().getBrowseCount().record(serviceRequest);
        session.getSessionDiagnostics().getTotalRequestCount().record(serviceRequest);
        session.getViewServiceSet().onBrowse(serviceRequest);
    }

    @Override // org.eclipse.milo.opcua.stack.server.services.ViewServiceSet
    public void onBrowseNext(ServiceRequest serviceRequest) throws UaException {
        Session session = session(serviceRequest);
        session.getSessionDiagnostics().getBrowseNextCount().record(serviceRequest);
        session.getSessionDiagnostics().getTotalRequestCount().record(serviceRequest);
        session.getViewServiceSet().onBrowseNext(serviceRequest);
    }

    @Override // org.eclipse.milo.opcua.stack.server.services.ViewServiceSet
    public void onTranslateBrowsePaths(ServiceRequest serviceRequest) throws UaException {
        Session session = session(serviceRequest);
        session.getSessionDiagnostics().getTranslateBrowsePathsToNodeIdsCount().record(serviceRequest);
        session.getSessionDiagnostics().getTotalRequestCount().record(serviceRequest);
        session.getViewServiceSet().onTranslateBrowsePaths(serviceRequest);
    }

    @Override // org.eclipse.milo.opcua.stack.server.services.ViewServiceSet
    public void onRegisterNodes(ServiceRequest serviceRequest) throws UaException {
        Session session = session(serviceRequest);
        session.getSessionDiagnostics().getRegisterNodesCount().record(serviceRequest);
        session.getSessionDiagnostics().getTotalRequestCount().record(serviceRequest);
        session.getViewServiceSet().onRegisterNodes(serviceRequest);
    }

    @Override // org.eclipse.milo.opcua.stack.server.services.ViewServiceSet
    public void onUnregisterNodes(ServiceRequest serviceRequest) throws UaException {
        Session session = session(serviceRequest);
        session.getSessionDiagnostics().getUnregisterNodesCount().record(serviceRequest);
        session.getSessionDiagnostics().getTotalRequestCount().record(serviceRequest);
        session.getViewServiceSet().onUnregisterNodes(serviceRequest);
    }

    @Override // org.eclipse.milo.opcua.stack.server.services.NodeManagementServiceSet
    public void onAddNodes(ServiceRequest serviceRequest) throws UaException {
        Session session = session(serviceRequest);
        session.getSessionDiagnostics().getAddNodesCount().record(serviceRequest);
        session.getSessionDiagnostics().getTotalRequestCount().record(serviceRequest);
        session.getNodeManagementServiceSet().onAddNodes(serviceRequest);
    }

    @Override // org.eclipse.milo.opcua.stack.server.services.NodeManagementServiceSet
    public void onAddReferences(ServiceRequest serviceRequest) throws UaException {
        Session session = session(serviceRequest);
        session.getSessionDiagnostics().getAddReferencesCount().record(serviceRequest);
        session.getSessionDiagnostics().getTotalRequestCount().record(serviceRequest);
        session.getNodeManagementServiceSet().onAddReferences(serviceRequest);
    }

    @Override // org.eclipse.milo.opcua.stack.server.services.NodeManagementServiceSet
    public void onDeleteNodes(ServiceRequest serviceRequest) throws UaException {
        Session session = session(serviceRequest);
        session.getSessionDiagnostics().getDeleteNodesCount().record(serviceRequest);
        session.getSessionDiagnostics().getTotalRequestCount().record(serviceRequest);
        session.getNodeManagementServiceSet().onDeleteNodes(serviceRequest);
    }

    @Override // org.eclipse.milo.opcua.stack.server.services.NodeManagementServiceSet
    public void onDeleteReferences(ServiceRequest serviceRequest) throws UaException {
        Session session = session(serviceRequest);
        session.getSessionDiagnostics().getDeleteReferencesCount().record(serviceRequest);
        session.getSessionDiagnostics().getTotalRequestCount().record(serviceRequest);
        session.getNodeManagementServiceSet().onDeleteReferences(serviceRequest);
    }

    @Override // org.eclipse.milo.opcua.stack.server.services.SubscriptionServiceSet
    public void onCreateSubscription(ServiceRequest serviceRequest) throws UaException {
        Session session = session(serviceRequest);
        session.getSessionDiagnostics().getCreateSubscriptionCount().record(serviceRequest);
        session.getSessionDiagnostics().getTotalRequestCount().record(serviceRequest);
        session.getSubscriptionServiceSet().onCreateSubscription(serviceRequest);
    }

    @Override // org.eclipse.milo.opcua.stack.server.services.SubscriptionServiceSet
    public void onModifySubscription(ServiceRequest serviceRequest) throws UaException {
        Session session = session(serviceRequest);
        session.getSessionDiagnostics().getModifySubscriptionCount().record(serviceRequest);
        session.getSessionDiagnostics().getTotalRequestCount().record(serviceRequest);
        session.getSubscriptionServiceSet().onModifySubscription(serviceRequest);
    }

    @Override // org.eclipse.milo.opcua.stack.server.services.SubscriptionServiceSet
    public void onSetPublishingMode(ServiceRequest serviceRequest) throws UaException {
        Session session = session(serviceRequest);
        session.getSessionDiagnostics().getSetPublishingModeCount().record(serviceRequest);
        session.getSessionDiagnostics().getTotalRequestCount().record(serviceRequest);
        session.getSubscriptionServiceSet().onSetPublishingMode(serviceRequest);
    }

    @Override // org.eclipse.milo.opcua.stack.server.services.SubscriptionServiceSet
    public void onPublish(ServiceRequest serviceRequest) throws UaException {
        Session session = session(serviceRequest);
        session.getSessionDiagnostics().getPublishCount().record(serviceRequest);
        session.getSessionDiagnostics().getTotalRequestCount().record(serviceRequest);
        session.getSubscriptionServiceSet().onPublish(serviceRequest);
    }

    @Override // org.eclipse.milo.opcua.stack.server.services.SubscriptionServiceSet
    public void onRepublish(ServiceRequest serviceRequest) throws UaException {
        Session session = session(serviceRequest);
        session.getSessionDiagnostics().getRepublishCount().record(serviceRequest);
        session.getSessionDiagnostics().getTotalRequestCount().record(serviceRequest);
        session.getSubscriptionServiceSet().onRepublish(serviceRequest);
    }

    @Override // org.eclipse.milo.opcua.stack.server.services.SubscriptionServiceSet
    public void onTransferSubscriptions(ServiceRequest serviceRequest) throws UaException {
        Session session = session(serviceRequest);
        session.getSessionDiagnostics().getTransferSubscriptionsCount().record(serviceRequest);
        session.getSessionDiagnostics().getTotalRequestCount().record(serviceRequest);
        session.getSubscriptionServiceSet().onTransferSubscriptions(serviceRequest);
    }

    @Override // org.eclipse.milo.opcua.stack.server.services.SubscriptionServiceSet
    public void onDeleteSubscriptions(ServiceRequest serviceRequest) throws UaException {
        Session session = session(serviceRequest);
        session.getSessionDiagnostics().getDeleteSubscriptionsCount().record(serviceRequest);
        session.getSessionDiagnostics().getTotalRequestCount().record(serviceRequest);
        session.getSubscriptionServiceSet().onDeleteSubscriptions(serviceRequest);
    }

    @Override // org.eclipse.milo.opcua.stack.server.services.MonitoredItemServiceSet
    public void onCreateMonitoredItems(ServiceRequest serviceRequest) throws UaException {
        Session session = session(serviceRequest);
        session.getSessionDiagnostics().getCreateMonitoredItemsCount().record(serviceRequest);
        session.getSessionDiagnostics().getTotalRequestCount().record(serviceRequest);
        session.getMonitoredItemServiceSet().onCreateMonitoredItems(serviceRequest);
    }

    @Override // org.eclipse.milo.opcua.stack.server.services.MonitoredItemServiceSet
    public void onModifyMonitoredItems(ServiceRequest serviceRequest) throws UaException {
        Session session = session(serviceRequest);
        session.getSessionDiagnostics().getModifyMonitoredItemsCount().record(serviceRequest);
        session.getSessionDiagnostics().getTotalRequestCount().record(serviceRequest);
        session.getMonitoredItemServiceSet().onModifyMonitoredItems(serviceRequest);
    }

    @Override // org.eclipse.milo.opcua.stack.server.services.MonitoredItemServiceSet
    public void onSetMonitoringMode(ServiceRequest serviceRequest) throws UaException {
        Session session = session(serviceRequest);
        session.getSessionDiagnostics().getSetMonitoringModeCount().record(serviceRequest);
        session.getSessionDiagnostics().getTotalRequestCount().record(serviceRequest);
        session.getMonitoredItemServiceSet().onSetMonitoringMode(serviceRequest);
    }

    @Override // org.eclipse.milo.opcua.stack.server.services.MonitoredItemServiceSet
    public void onSetTriggering(ServiceRequest serviceRequest) throws UaException {
        Session session = session(serviceRequest);
        session.getSessionDiagnostics().getSetTriggeringCount().record(serviceRequest);
        session.getSessionDiagnostics().getTotalRequestCount().record(serviceRequest);
        session.getMonitoredItemServiceSet().onSetTriggering(serviceRequest);
    }

    @Override // org.eclipse.milo.opcua.stack.server.services.MonitoredItemServiceSet
    public void onDeleteMonitoredItems(ServiceRequest serviceRequest) throws UaException {
        Session session = session(serviceRequest);
        session.getSessionDiagnostics().getDeleteMonitoredItemsCount().record(serviceRequest);
        session.getSessionDiagnostics().getTotalRequestCount().record(serviceRequest);
        session.getMonitoredItemServiceSet().onDeleteMonitoredItems(serviceRequest);
    }

    @Override // org.eclipse.milo.opcua.stack.server.services.MethodServiceSet
    public void onCall(ServiceRequest serviceRequest) throws UaException {
        Session session = session(serviceRequest);
        session.getSessionDiagnostics().getCallCount().record(serviceRequest);
        session.getSessionDiagnostics().getTotalRequestCount().record(serviceRequest);
        session.getMethodServiceSet().onCall(serviceRequest);
    }

    @Override // org.eclipse.milo.opcua.stack.server.services.QueryServiceSet
    public void onQueryFirst(ServiceRequest serviceRequest) throws UaException {
        Session session = session(serviceRequest);
        session.getSessionDiagnostics().getQueryFirstCount().record(serviceRequest);
        session.getSessionDiagnostics().getTotalRequestCount().record(serviceRequest);
        session.getQueryServiceSet().onQueryFirst(serviceRequest);
    }

    @Override // org.eclipse.milo.opcua.stack.server.services.QueryServiceSet
    public void onQueryNext(ServiceRequest serviceRequest) throws UaException {
        Session session = session(serviceRequest);
        session.getSessionDiagnostics().getQueryNextCount().record(serviceRequest);
        session.getSessionDiagnostics().getTotalRequestCount().record(serviceRequest);
        session.getQueryServiceSet().onQueryNext(serviceRequest);
    }
}
