package org.jetlinks.protocol.official;

import com.alibaba.fastjson.JSONObject;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.util.Arrays;
import java.util.Optional;
import java.util.function.Consumer;
import org.apache.commons.codec.digest.DigestUtils;
import org.eclipse.californium.core.coap.CoAP;
import org.hswebframework.web.id.IDGenerator;
import org.jetlinks.core.message.DeviceMessage;
import org.jetlinks.core.message.codec.CoapMessage;
import org.jetlinks.core.message.codec.DefaultTransport;
import org.jetlinks.core.message.codec.MessageDecodeContext;
import org.jetlinks.core.message.codec.Transport;
import org.jetlinks.core.metadata.DefaultConfigMetadata;
import org.jetlinks.core.metadata.types.PasswordType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.MediaType;
import org.springframework.util.StringUtils;
import reactor.core.publisher.Flux;
import reactor.core.publisher.Mono;

/* loaded from: input_file:jetlinks-official-protocol-3.0-SNAPSHOT.jar:org/jetlinks/protocol/official/JetLinksCoapDTLSDeviceMessageCodec.class */
public class JetLinksCoapDTLSDeviceMessageCodec extends AbstractCoapDeviceMessageCodec {
    private static final Logger log = LoggerFactory.getLogger(JetLinksCoapDTLSDeviceMessageCodec.class);
    private static final DefaultConfigMetadata coapDTLSConfig = new DefaultConfigMetadata("CoAP DTLS配置", "使用CoAP DTLS 进行数据上报需要先进行签名认证获取token.\n之后上报数据需要在Option中携带token信息. \n自定义Option: 2110,sign ; 2111,token ").add("secureKey", "密钥", "认证签名密钥", new PasswordType());

    public Transport getSupportTransport() {
        return DefaultTransport.CoAP_DTLS;
    }

    @Override // org.jetlinks.protocol.official.AbstractCoapDeviceMessageCodec
    public Flux<DeviceMessage> decode(CoapMessage coapMessage, MessageDecodeContext messageDecodeContext, Consumer<Object> consumer) {
        return messageDecodeContext.getDevice() == null ? Flux.empty() : Flux.defer(() -> {
            String path = getPath(coapMessage);
            String deviceId = getDeviceId(coapMessage);
            String str = (String) coapMessage.getStringOption(2110).orElse(null);
            String str2 = (String) coapMessage.getStringOption(2111).orElse(null);
            byte[] payloadAsBytes = coapMessage.payloadAsBytes();
            Optional map = coapMessage.getStringOption(12).map(MediaType::valueOf);
            MediaType mediaType = MediaType.APPLICATION_CBOR;
            mediaType.getClass();
            ObjectMapper objectMapper = ((Boolean) map.map(mediaType::includes).orElse(false)).booleanValue() ? ObjectMappers.CBOR_MAPPER : ObjectMappers.JSON_MAPPER;
            if (StringUtils.isEmpty(deviceId)) {
                consumer.accept(CoAP.ResponseCode.UNAUTHORIZED);
                return Mono.empty();
            }
            if (path.endsWith("/request-token")) {
                return messageDecodeContext.getDevice(deviceId).switchIfEmpty(Mono.fromRunnable(() -> {
                    consumer.accept(CoAP.ResponseCode.UNAUTHORIZED);
                })).flatMap(deviceOperator -> {
                    return deviceOperator.getConfig("secureKey").flatMap(value -> {
                        if (verifySign(value.asString(), deviceId, payloadAsBytes, str)) {
                            String str3 = (String) IDGenerator.MD5.generate();
                            return deviceOperator.setConfig("coap-token", str3).doOnSuccess(bool -> {
                                JSONObject jSONObject = new JSONObject();
                                jSONObject.put("token", str3);
                                consumer.accept(jSONObject.toJSONString());
                            });
                        }
                        consumer.accept(CoAP.ResponseCode.BAD_REQUEST);
                        return Mono.empty();
                    });
                }).then(Mono.empty());
            }
            if (!StringUtils.isEmpty(str2)) {
                return messageDecodeContext.getDevice(deviceId).flatMapMany(deviceOperator2 -> {
                    return deviceOperator2.getSelfConfig("coap-token").switchIfEmpty(Mono.fromRunnable(() -> {
                        consumer.accept(CoAP.ResponseCode.UNAUTHORIZED);
                    })).flatMapMany(value -> {
                        if (str2.equals(value.asString())) {
                            return TopicMessageCodec.decode(objectMapper, TopicMessageCodec.removeProductPath(path), payloadAsBytes).switchIfEmpty(FunctionalTopicHandlers.handle(deviceOperator2, path.split("/"), payloadAsBytes, objectMapper, topicPayload -> {
                                return Mono.fromRunnable(() -> {
                                    consumer.accept(topicPayload.getPayload());
                                });
                            }));
                        }
                        consumer.accept(CoAP.ResponseCode.UNAUTHORIZED);
                        return Mono.empty();
                    });
                }).doOnComplete(() -> {
                    consumer.accept(CoAP.ResponseCode.CREATED);
                }).doOnError(th -> {
                    log.error("decode coap message error", th);
                    consumer.accept(CoAP.ResponseCode.BAD_REQUEST);
                });
            }
            consumer.accept(CoAP.ResponseCode.UNAUTHORIZED);
            return Mono.empty();
        });
    }

    protected boolean verifySign(String str, String str2, byte[] bArr, String str3) {
        byte[] bytes = str.getBytes();
        byte[] copyOf = Arrays.copyOf(bArr, bArr.length + bytes.length);
        System.arraycopy(bytes, 0, copyOf, 0, bytes.length);
        if (!StringUtils.isEmpty(str) && DigestUtils.md5Hex(copyOf).equalsIgnoreCase(str3)) {
            return true;
        }
        log.info("device [{}] coap sign [{}] error, payload:{}", new Object[]{str2, str3, bArr});
        return false;
    }
}
