package test.de.iip_ecosphere.platform.connectors.opcuav1;

import de.iip_ecosphere.platform.connectors.ConnectorParameter;
import de.iip_ecosphere.platform.support.Schema;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.PrintStream;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.ExecutionException;
import org.apache.commons.io.FileUtils;
import org.eclipse.milo.opcua.sdk.server.api.config.OpcUaServerConfig;
import org.eclipse.milo.opcua.sdk.server.api.config.OpcUaServerConfigBuilder;
import org.eclipse.milo.opcua.sdk.server.identity.CompositeValidator;
import org.eclipse.milo.opcua.sdk.server.identity.IdentityValidator;
import org.eclipse.milo.opcua.sdk.server.identity.UsernameIdentityValidator;
import org.eclipse.milo.opcua.sdk.server.identity.X509IdentityValidator;
import org.eclipse.milo.opcua.sdk.server.util.HostnameUtil;
import org.eclipse.milo.opcua.stack.core.UaRuntimeException;
import org.eclipse.milo.opcua.stack.core.security.DefaultCertificateManager;
import org.eclipse.milo.opcua.stack.core.security.DefaultTrustListManager;
import org.eclipse.milo.opcua.stack.core.security.SecurityPolicy;
import org.eclipse.milo.opcua.stack.core.types.enumerated.MessageSecurityMode;
import org.eclipse.milo.opcua.stack.core.types.structured.UserTokenPolicy;
import org.eclipse.milo.opcua.stack.core.util.CertificateUtil;
import org.eclipse.milo.opcua.stack.core.util.SelfSignedCertificateGenerator;
import org.eclipse.milo.opcua.stack.core.util.SelfSignedHttpsCertificateBuilder;
import org.eclipse.milo.opcua.stack.server.EndpointConfiguration;
import org.eclipse.milo.opcua.stack.server.security.DefaultServerCertificateValidator;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:test/de/iip_ecosphere/platform/connectors/opcuav1/SecureSetup.class */
public class SecureSetup extends ServerSetup {
    private File securityTempDir;
    private X509Certificate certificate;
    private DefaultCertificateManager certificateManager;
    private DefaultTrustListManager trustListManager;
    private DefaultServerCertificateValidator certificateValidator;
    private KeyPair httpsKeyPair;
    private X509Certificate httpsCertificate;
    private X509IdentityValidator x509IdentityValidator;
    private String applicationUri;
    private IdentityValidator<String> identityValidator;
    private X509Certificate clientCertificate;
    private KeyPair clientKeyPair;

    public SecureSetup(String str, int i, int i2) {
        super(str, i, i2);
        this.identityValidator = new UsernameIdentityValidator(true, authenticationChallenge -> {
            String username = authenticationChallenge.getUsername();
            String password = authenticationChallenge.getPassword();
            return ("user".equals(username) && "password1".equals(password)) || ("admin".equals(username) && "password2".equals(password));
        });
    }

    @Override // test.de.iip_ecosphere.platform.connectors.opcuav1.ServerSetup
    public String initializeApplication() throws ExecutionException {
        try {
            File file = new File(System.getProperty("java.io.tmpdir"), "security");
            FileUtils.deleteDirectory(file);
            if (!file.exists() && !file.mkdirs()) {
                throw new IOException("unable to create security temp dir: " + file);
            }
            LoggerFactory.getLogger(getClass()).info("security temp dir: {}", file.getAbsolutePath());
            setupServer();
            setupClient();
            return this.applicationUri;
        } catch (IOException e) {
            throw new ExecutionException(e);
        }
    }

    private void setupServer() throws ExecutionException {
        try {
            this.securityTempDir = new File(System.getProperty("java.io.tmpdir"), "security");
            FileUtils.deleteDirectory(this.securityTempDir);
            if (!this.securityTempDir.exists() && !this.securityTempDir.mkdirs()) {
                throw new Exception("unable to create security temp dir: " + this.securityTempDir);
            }
            LoggerFactory.getLogger(getClass()).info("security temp dir: {}", this.securityTempDir.getAbsolutePath());
            ServerKeystoreLoader load = new ServerKeystoreLoader().load(this.securityTempDir);
            this.certificateManager = new DefaultCertificateManager(load.getServerKeyPair(), load.getServerCertificateChain());
            File file = this.securityTempDir.toPath().resolve("pki").toFile();
            this.trustListManager = new DefaultTrustListManager(file);
            LoggerFactory.getLogger(getClass()).info("pki dir: {}", file.getAbsolutePath());
            this.certificateValidator = new DefaultServerCertificateValidator(this.trustListManager);
            LoggerFactory.getLogger(getClass()).info("Generating RSA KeyPair length 2048");
            this.httpsKeyPair = SelfSignedCertificateGenerator.generateRsaKeyPair(2048);
            SelfSignedHttpsCertificateBuilder selfSignedHttpsCertificateBuilder = new SelfSignedHttpsCertificateBuilder(this.httpsKeyPair);
            selfSignedHttpsCertificateBuilder.setCommonName(HostnameUtil.getHostname());
            Set hostnames = HostnameUtil.getHostnames("0.0.0.0");
            Objects.requireNonNull(selfSignedHttpsCertificateBuilder);
            hostnames.forEach(selfSignedHttpsCertificateBuilder::addDnsName);
            this.httpsCertificate = selfSignedHttpsCertificateBuilder.build();
            this.x509IdentityValidator = new X509IdentityValidator(x509Certificate -> {
                return true;
            });
            this.certificate = (X509Certificate) this.certificateManager.getCertificates().stream().findFirst().orElseThrow(() -> {
                return new UaRuntimeException(2156462080L, "no certificate found");
            });
            this.applicationUri = (String) CertificateUtil.getSanUri(this.certificate).orElseThrow(() -> {
                return new UaRuntimeException(2156462080L, "certificate is missing the application URI");
            });
        } catch (Exception e) {
            throw new ExecutionException(e);
        }
    }

    private void setupClient() throws ExecutionException {
        ClientKeystoreLoader load = new ClientKeystoreLoader().load(this.securityTempDir);
        this.clientCertificate = load.getClientCertificate();
        this.clientKeyPair = load.getClientKeyPair();
    }

    @Override // test.de.iip_ecosphere.platform.connectors.opcuav1.ServerSetup
    public void shutdownApplication() throws ExecutionException {
        try {
            FileUtils.deleteDirectory(this.securityTempDir);
        } catch (IOException e) {
            throw new ExecutionException(e);
        }
    }

    @Override // test.de.iip_ecosphere.platform.connectors.opcuav1.ServerSetup
    public void configureCommonEndpointBuilder(EndpointConfiguration.Builder builder) {
        builder.setCertificate(this.certificate).addTokenPolicies(new UserTokenPolicy[]{OpcUaServerConfig.USER_TOKEN_POLICY_ANONYMOUS, OpcUaServerConfig.USER_TOKEN_POLICY_USERNAME, OpcUaServerConfig.USER_TOKEN_POLICY_X509});
    }

    @Override // test.de.iip_ecosphere.platform.connectors.opcuav1.ServerSetup
    public EndpointConfiguration.Builder configureNoSecurityBuilder(EndpointConfiguration.Builder builder) {
        return builder.setSecurityPolicy(SecurityPolicy.None).setSecurityMode(MessageSecurityMode.None);
    }

    @Override // test.de.iip_ecosphere.platform.connectors.opcuav1.ServerSetup
    public EndpointConfiguration.Builder configureTcpEndpointBuilder(EndpointConfiguration.Builder builder) {
        return builder.setSecurityPolicy(SecurityPolicy.Basic256Sha256).setSecurityMode(MessageSecurityMode.SignAndEncrypt);
    }

    @Override // test.de.iip_ecosphere.platform.connectors.opcuav1.ServerSetup
    public EndpointConfiguration.Builder configureHttpsEndpointBuilder(EndpointConfiguration.Builder builder) {
        return builder.setSecurityPolicy(SecurityPolicy.Basic256Sha256).setSecurityMode(MessageSecurityMode.Sign);
    }

    @Override // test.de.iip_ecosphere.platform.connectors.opcuav1.ServerSetup
    public void configureServerBuilder(OpcUaServerConfigBuilder opcUaServerConfigBuilder) {
        opcUaServerConfigBuilder.setCertificateManager(this.certificateManager).setTrustListManager(this.trustListManager).setCertificateValidator(this.certificateValidator).setHttpsKeyPair(this.httpsKeyPair).setHttpsCertificateChain(new X509Certificate[]{this.httpsCertificate}).setIdentityValidator(new CompositeValidator(new IdentityValidator[]{this.identityValidator, this.x509IdentityValidator}));
    }

    @Override // test.de.iip_ecosphere.platform.connectors.opcuav1.ServerSetup
    public ConnectorParameter getConnectorParameter() {
        File file = new File("target/test-classes/iip-opcua.jks");
        file.delete();
        file.deleteOnExit();
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, "abcd1234".toCharArray());
            keyStore.setCertificateEntry("opcuaTest", this.clientCertificate);
            FileOutputStream fileOutputStream = new FileOutputStream(file);
            keyStore.store(fileOutputStream, "abcd1234".toCharArray());
            fileOutputStream.close();
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            System.out.println("Client keystore exception: " + e.getMessage());
            e.printStackTrace(System.out);
        }
        try {
            PrintStream printStream = new PrintStream(new FileOutputStream("target/test-classes/identityStore.yml"));
            printStream.println("identities:");
            printStream.println("  \"mqttKeyStore\":");
            printStream.println("    type: USERNAME");
            printStream.println("    tokenData: " + "abcd1234");
            printStream.println("    tokenEncryptionAlgorithm: UTF-8");
            printStream.println("    file: iip-opcua.jks");
            printStream.close();
        } catch (IOException e2) {
            System.out.println("Cannot write temporary identity store: " + e2.getMessage());
        }
        return ConnectorParameter.ConnectorParameterBuilder.newBuilder("localhost", getHttpsPort(), Schema.HTTPS).setEndpointPath(getPath()).setApplicationInformation("urn:eclipse:milo:examples:client", "eclipse milo opc-ua client").setKeyAlias("opcuaTest").setKeystoreKey("mqttKeyStore").setNotificationInterval(1000).build();
    }
}
