package org.openremote.manager.gateway;

import jakarta.persistence.EntityManager;
import java.time.Duration;
import java.time.temporal.TemporalAmount;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Objects;
import java.util.UUID;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.function.Consumer;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.stream.Collectors;
import org.apache.camel.Exchange;
import org.apache.camel.Predicate;
import org.apache.camel.builder.PredicateBuilder;
import org.apache.camel.builder.RouteBuilder;
import org.openremote.container.message.MessageBrokerService;
import org.openremote.container.persistence.PersistenceService;
import org.openremote.container.timer.TimerService;
import org.openremote.container.util.MapAccess;
import org.openremote.manager.asset.AssetProcessingException;
import org.openremote.manager.asset.AssetProcessingService;
import org.openremote.manager.asset.AssetStorageService;
import org.openremote.manager.event.AttributeEventInterceptor;
import org.openremote.manager.event.ClientEventService;
import org.openremote.manager.rules.RulesService;
import org.openremote.manager.rules.RulesetStorageService;
import org.openremote.manager.security.ManagerIdentityService;
import org.openremote.manager.security.ManagerKeycloakIdentityProvider;
import org.openremote.manager.web.ManagerWebService;
import org.openremote.model.Container;
import org.openremote.model.ContainerService;
import org.openremote.model.PersistenceEvent;
import org.openremote.model.asset.Asset;
import org.openremote.model.asset.impl.GatewayAsset;
import org.openremote.model.attribute.AttributeEvent;
import org.openremote.model.attribute.AttributeMap;
import org.openremote.model.attribute.AttributeWriteFailure;
import org.openremote.model.event.shared.SharedEvent;
import org.openremote.model.gateway.GatewayDisconnectEvent;
import org.openremote.model.gateway.GatewayTunnelInfo;
import org.openremote.model.query.AssetQuery;
import org.openremote.model.rules.Ruleset;
import org.openremote.model.security.Realm;
import org.openremote.model.security.User;
import org.openremote.model.syslog.SyslogCategory;
import org.openremote.model.util.TextUtil;
import org.openremote.model.value.MetaItemType;

/* loaded from: input_file:org/openremote/manager/gateway/GatewayService.class */
public class GatewayService extends RouteBuilder implements ContainerService {
    public static final int PRIORITY = -2147482548;
    public static final String GATEWAY_CLIENT_ID_PREFIX = "gateway-";
    public static final String OR_GATEWAY_TUNNEL_SSH_KEY_FILE = "OR_GATEWAY_TUNNEL_SSH_KEY_FILE";
    private static final Logger LOG = SyslogCategory.getLogger(SyslogCategory.GATEWAY, GatewayService.class.getName());
    public static final String OR_GATEWAY_TUNNEL_SSH_HOSTNAME = "OR_GATEWAY_TUNNEL_SSH_HOSTNAME";
    public static final String OR_GATEWAY_TUNNEL_SSH_PORT = "OR_GATEWAY_TUNNEL_SSH_PORT";
    public static final String OR_GATEWAY_TUNNEL_TCP_START = "OR_GATEWAY_TUNNEL_TCP_START";
    public static final String OR_GATEWAY_TUNNEL_HOSTNAME = "OR_GATEWAY_TUNNEL_HOSTNAME";
    public static final String OR_GATEWAY_TUNNEL_AUTO_CLOSE_MINUTES = "OR_GATEWAY_TUNNEL_AUTO_CLOSE_MINUTES";
    public static final int OR_GATEWAY_TUNNEL_TCP_START_DEFAULT = 9000;
    protected AssetStorageService assetStorageService;
    protected AssetProcessingService assetProcessingService;
    protected ManagerIdentityService identityService;
    protected ManagerKeycloakIdentityProvider identityProvider;
    protected ClientEventService clientEventService;
    protected RulesetStorageService rulesetStorageService;
    protected RulesService rulesService;
    protected ExecutorService executorService;
    protected ScheduledExecutorService scheduledExecutorService;
    protected TimerService timerService;
    protected String tunnelSSHHostname;
    protected String tunnelHostname;
    protected int tunnelSSHPort;
    protected int tunnelTCPStart;
    protected int tunnelAutoCloseMinutes;
    protected boolean active;
    protected final Map<String, GatewayConnector> gatewayConnectorMap = new ConcurrentHashMap();
    protected final Map<String, String> assetIdGatewayIdMap = new HashMap();
    protected List<String> realmIds = new ArrayList();
    protected Map<String, GatewayTunnelInfo> tunnelInfos = new ConcurrentHashMap();
    protected AtomicInteger pendingTunnelCounter = new AtomicInteger();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.openremote.manager.gateway.GatewayService$2, reason: invalid class name */
    /* loaded from: input_file:org/openremote/manager/gateway/GatewayService$2.class */
    public static /* synthetic */ class AnonymousClass2 {
        static final /* synthetic */ int[] $SwitchMap$org$openremote$model$PersistenceEvent$Cause = new int[PersistenceEvent.Cause.values().length];

        static {
            try {
                $SwitchMap$org$openremote$model$PersistenceEvent$Cause[PersistenceEvent.Cause.CREATE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$openremote$model$PersistenceEvent$Cause[PersistenceEvent.Cause.UPDATE.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$openremote$model$PersistenceEvent$Cause[PersistenceEvent.Cause.DELETE.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    public static Predicate isNotForGateway(GatewayService gatewayService) {
        return exchange -> {
            if (PersistenceService.isPersistenceEventForEntityType(Asset.class).matches(exchange)) {
                Asset asset = (Asset) ((PersistenceEvent) exchange.getIn().getBody(PersistenceEvent.class)).getEntity();
                return gatewayService.getLocallyRegisteredGatewayId(asset.getId(), asset.getParentId()) == null;
            }
            if (!PersistenceService.isPersistenceEventForEntityType(Realm.class).matches(exchange)) {
                if (!PersistenceService.isPersistenceEventForEntityType(Ruleset.class).matches(exchange)) {
                    return true;
                }
                PersistenceEvent persistenceEvent = (PersistenceEvent) exchange.getIn().getBody(PersistenceEvent.class);
                Ruleset ruleset = (Ruleset) persistenceEvent.getEntity();
                return persistenceEvent.getCause() == PersistenceEvent.Cause.DELETE ? gatewayService.rulesService.isRulesetKnown(ruleset) : gatewayService.rulesetStorageService.find(ruleset.getClass(), ruleset.getId()) != null;
            }
            PersistenceEvent persistenceEvent2 = (PersistenceEvent) exchange.getIn().getBody(PersistenceEvent.class);
            Realm realm = (Realm) persistenceEvent2.getEntity();
            if (persistenceEvent2.getCause() == PersistenceEvent.Cause.DELETE) {
                return gatewayService.realmIds.remove(realm.getId());
            }
            Realm realm2 = gatewayService.identityProvider.getRealm(realm.getName());
            if (realm2 == null || !realm2.getId().equals(realm.getId())) {
                return false;
            }
            gatewayService.realmIds.add(realm.getId());
            return true;
        };
    }

    protected static boolean isGatewayClientId(String str) {
        return str != null && str.startsWith(GATEWAY_CLIENT_ID_PREFIX);
    }

    public static String getGatewayIdFromClientId(String str) {
        return str.substring(GATEWAY_CLIENT_ID_PREFIX.length());
    }

    public int getPriority() {
        return PRIORITY;
    }

    public void init(Container container) throws Exception {
        this.assetStorageService = (AssetStorageService) container.getService(AssetStorageService.class);
        this.assetProcessingService = (AssetProcessingService) container.getService(AssetProcessingService.class);
        this.identityService = container.getService(ManagerIdentityService.class);
        this.clientEventService = (ClientEventService) container.getService(ClientEventService.class);
        this.executorService = container.getExecutor();
        this.scheduledExecutorService = container.getScheduledExecutor();
        this.rulesetStorageService = (RulesetStorageService) container.getService(RulesetStorageService.class);
        this.rulesService = (RulesService) container.getService(RulesService.class);
        this.timerService = container.getService(TimerService.class);
        container.getService(ManagerWebService.class).addApiSingleton(new GatewayServiceResourceImpl(this.timerService, this.identityService, this, this.assetStorageService));
        if (this.identityService.isKeycloakEnabled()) {
            this.active = true;
            this.identityProvider = (ManagerKeycloakIdentityProvider) this.identityService.getIdentityProvider();
            container.getService(MessageBrokerService.class).getContext().addRoutes(this);
            this.clientEventService.setGatewayInterceptor(this::onGatewayMessageIntercept);
            this.assetProcessingService.addEventInterceptor(new AttributeEventInterceptor() { // from class: org.openremote.manager.gateway.GatewayService.1
                @Override // org.openremote.manager.event.AttributeEventInterceptor
                public int getPriority() {
                    return 0;
                }

                @Override // org.openremote.manager.event.AttributeEventInterceptor
                public boolean intercept(EntityManager entityManager, AttributeEvent attributeEvent) throws AssetProcessingException {
                    return GatewayService.this.onAttributeEventIntercepted(entityManager, attributeEvent);
                }
            });
        } else {
            LOG.warning("Incoming edge gateway connections disabled: Not supported when not using Keycloak identity provider");
            this.active = false;
        }
        this.tunnelSSHHostname = MapAccess.getString(container.getConfig(), OR_GATEWAY_TUNNEL_SSH_HOSTNAME, (String) null);
        this.tunnelSSHPort = MapAccess.getInteger(container.getConfig(), OR_GATEWAY_TUNNEL_SSH_PORT, 0);
        this.tunnelTCPStart = MapAccess.getInteger(container.getConfig(), OR_GATEWAY_TUNNEL_TCP_START, OR_GATEWAY_TUNNEL_TCP_START_DEFAULT);
        this.tunnelHostname = MapAccess.getString(container.getConfig(), OR_GATEWAY_TUNNEL_HOSTNAME, (String) null);
        this.tunnelAutoCloseMinutes = MapAccess.getInteger(container.getConfig(), OR_GATEWAY_TUNNEL_AUTO_CLOSE_MINUTES, 0);
    }

    public void start(Container container) throws Exception {
        if (this.active) {
            List list = (List) this.assetStorageService.findAll(new AssetQuery().types(GatewayAsset.class)).stream().map(asset -> {
                return (GatewayAsset) asset;
            }).collect(Collectors.toList());
            List list2 = list.stream().map((v0) -> {
                return v0.getId();
            }).toList();
            List list3 = (List) list.stream().filter(gatewayAsset -> {
                return Arrays.stream(gatewayAsset.getPath()).noneMatch(str -> {
                    return !str.equals(gatewayAsset.getId()) && list2.contains(str);
                });
            }).collect(Collectors.toList());
            if (list3.isEmpty()) {
                return;
            }
            LOG.info("Directly registered gateways found = " + list3.size());
            list3.forEach(gatewayAsset2 -> {
                boolean isPresent = gatewayAsset2.getClientId().isPresent();
                boolean isPresent2 = gatewayAsset2.getClientSecret().isPresent();
                if (!isPresent || !isPresent2) {
                    createUpdateGatewayServiceUser(gatewayAsset2);
                }
                this.gatewayConnectorMap.put(gatewayAsset2.getId().toLowerCase(Locale.ROOT), new GatewayConnector(this.assetStorageService, this.assetProcessingService, this.executorService, this.scheduledExecutorService, this, gatewayAsset2));
                this.assetStorageService.findAll(new AssetQuery().parents(new String[]{gatewayAsset2.getId()}).select(new AssetQuery.Select().excludeAttributes()).recursive(true)).forEach(asset2 -> {
                    this.assetIdGatewayIdMap.put(asset2.getId(), gatewayAsset2.getId());
                });
            });
        }
    }

    public void stop(Container container) throws Exception {
        this.gatewayConnectorMap.values().forEach(gatewayConnector -> {
            gatewayConnector.disconnect(GatewayDisconnectEvent.Reason.TERMINATING);
        });
        this.gatewayConnectorMap.clear();
        this.assetIdGatewayIdMap.clear();
        this.tunnelInfos.clear();
    }

    public void configure() throws Exception {
        if (this.active) {
            from("seda://PersistenceTopic?multipleConsumers=true&concurrentConsumers=1&waitForTaskToComplete=NEVER&purgeWhenStopping=true&discardIfNoConsumers=true&size=25000").routeId("Persistence-GatewayAsset").filter(PersistenceService.isPersistenceEventForEntityType(Asset.class)).process(exchange -> {
                PersistenceEvent<Asset<?>> persistenceEvent = (PersistenceEvent) exchange.getIn().getBody(PersistenceEvent.class);
                Asset<?> asset = (Asset) persistenceEvent.getEntity();
                if ((asset instanceof GatewayAsset) || !this.gatewayConnectorMap.isEmpty()) {
                    if ((asset instanceof GatewayAsset) && (isLocallyRegisteredGateway(asset.getId()) || getLocallyRegisteredGatewayId(asset.getId(), asset.getParentId()) == null)) {
                        if (persistenceEvent.getCause() != PersistenceEvent.Cause.DELETE) {
                            asset = this.assetStorageService.find(asset.getId(), true);
                            if (asset == null) {
                                return;
                            }
                        }
                        processGatewayChange((GatewayAsset) asset, persistenceEvent);
                        return;
                    }
                    String locallyRegisteredGatewayId = getLocallyRegisteredGatewayId(asset.getId(), asset.getParentId());
                    if (locallyRegisteredGatewayId != null) {
                        if (persistenceEvent.getCause() != PersistenceEvent.Cause.DELETE) {
                            asset = this.assetStorageService.find(asset.getId(), true);
                            if (asset == null) {
                                return;
                            }
                        }
                        processGatewayChildAssetChange(locallyRegisteredGatewayId, asset, persistenceEvent);
                    }
                }
            });
        }
    }

    protected void onGatewayMessageIntercept(Exchange exchange) {
        String clientId = ClientEventService.getClientId(exchange);
        if (isGatewayClientId(clientId)) {
            if (header("connection.sessionOpen").matches(exchange)) {
                processGatewayConnected(clientId, ClientEventService.getSessionKey(exchange));
                return;
            }
            if (PredicateBuilder.or(header("connection.sessionClose"), header("connection.sessionCloseError")).matches(exchange)) {
                processGatewayDisconnected(clientId, ClientEventService.getSessionKey(exchange));
            } else if (body().isInstanceOf(SharedEvent.class).matches(exchange)) {
                exchange.setRouteStop(true);
                processGatewayMessage(getGatewayIdFromClientId(clientId), ClientEventService.getSessionKey(exchange), (SharedEvent) exchange.getIn().getBody(SharedEvent.class));
            }
        }
    }

    public boolean onAttributeEventIntercepted(EntityManager entityManager, AttributeEvent attributeEvent) throws AssetProcessingException {
        if (getClass().getSimpleName().equals(attributeEvent.getSource())) {
            attributeEvent.getMeta().remove(MetaItemType.AGENT_LINK);
            return false;
        }
        GatewayConnector gatewayConnector = this.gatewayConnectorMap.get(attributeEvent.getId().toLowerCase(Locale.ROOT));
        if (gatewayConnector == null) {
            String str = this.assetIdGatewayIdMap.get(attributeEvent.getId());
            if (str == null) {
                return false;
            }
            LOG.fine("Attribute event for a gateway descendant asset (assetId=" + attributeEvent.getId() + ", gatewayId=" + str + ")");
            GatewayConnector gatewayConnector2 = this.gatewayConnectorMap.get(str.toLowerCase(Locale.ROOT));
            if (gatewayConnector2 == null) {
                String str2 = "Gateway not found for descendant asset, this should not happen!!! assetId=" + attributeEvent.getId() + ", gatewayId=" + str + ")";
                LOG.warning(str2);
                throw new AssetProcessingException(AttributeWriteFailure.CANNOT_PROCESS, str2);
            }
            if (!gatewayConnector2.isConnected()) {
                LOG.info("Gateway is not connected so attribute event for descendant asset will be dropped (assetId=" + attributeEvent.getId() + ", gatewayId=" + str + ")");
                throw new AssetProcessingException(AttributeWriteFailure.CANNOT_PROCESS, "Gateway is not connected: gatewayId=" + gatewayConnector2.gatewayId);
            }
            LOG.fine("Attribute event for a gateway descendant asset being forwarded to the gateway (assetRef=" + String.valueOf(attributeEvent.getRef()) + ", gatewayId=" + str + ")");
            gatewayConnector2.sendMessageToGateway(new AttributeEvent(GatewayConnector.mapAssetId(str, attributeEvent.getId(), true), attributeEvent.getName(), attributeEvent.getValue().orElse(null), Long.valueOf(attributeEvent.getTimestamp())).setParentId(GatewayConnector.mapAssetId(str, attributeEvent.getParentId(), true)).setRealm(attributeEvent.getRealm()));
            return true;
        }
        LOG.fine("Attribute event for a locally registered gateway asset (Asset ID=" + attributeEvent.getId() + "): " + String.valueOf(attributeEvent.getRef()));
        if (GatewayAsset.DISABLED.getName().equals(attributeEvent.getName())) {
            boolean booleanValue = ((Boolean) attributeEvent.getValue().orElse(false)).booleanValue();
            if (booleanValue == ((Boolean) attributeEvent.getOldValue().orElse(false)).booleanValue()) {
                return false;
            }
            GatewayAsset gatewayAsset = (GatewayAsset) this.assetStorageService.find(attributeEvent.getId(), GatewayAsset.class);
            if (gatewayAsset == null) {
                String str3 = "Gateway asset not found: ref=" + String.valueOf(attributeEvent.getRef());
                LOG.info(str3);
                throw new AssetProcessingException(AttributeWriteFailure.CANNOT_PROCESS, str3);
            }
            LOG.fine("Gateway client disabled attribute updated so updating gateway service user enabled flag: (gatewayId=" + attributeEvent.getId() + ")");
            gatewayAsset.setDisabled(Boolean.valueOf(booleanValue));
            createUpdateGatewayServiceUser(gatewayAsset);
            gatewayConnector.setDisabled(booleanValue);
            return false;
        }
        if (!GatewayAsset.CLIENT_SECRET.getName().equals(attributeEvent.getName())) {
            return false;
        }
        String str4 = (String) attributeEvent.getValue().orElse(null);
        GatewayAsset find = this.assetStorageService.find(attributeEvent.getId(), (Class<GatewayAsset>) GatewayAsset.class);
        if (find == null) {
            String str5 = "Gateway asset not found: ref=" + String.valueOf(attributeEvent.getRef());
            LOG.warning(str5);
            throw new AssetProcessingException(AttributeWriteFailure.CANNOT_PROCESS, str5);
        }
        LOG.fine("Gateway client secret attribute updated so updating gateway service user secret: (gatewayId=" + attributeEvent.getId() + ")");
        User userByUsername = this.identityProvider.getUserByUsername(attributeEvent.getRealm(), "service-account-" + ((String) find.getClientId().orElseThrow(() -> {
            LOG.warning("Gateway asset client ID is missing");
            return new AssetProcessingException(AttributeWriteFailure.CANNOT_PROCESS, "Gateway asset client ID is missing");
        })));
        if (userByUsername == null) {
            String str6 = "Couldn't retrieve gateway service user to update secret: (gatewayId=" + attributeEvent.getId() + ")";
            LOG.warning(str6);
            throw new AssetProcessingException(AttributeWriteFailure.CANNOT_PROCESS, str6);
        }
        String resetSecret = this.identityProvider.resetSecret(attributeEvent.getRealm(), userByUsername.getId(), str4);
        gatewayConnector.disconnect(GatewayDisconnectEvent.Reason.TERMINATING);
        attributeEvent.setValue(resetSecret);
        return false;
    }

    public boolean deleteGateway(String str) {
        GatewayConnector gatewayConnector = this.gatewayConnectorMap.get(str.toLowerCase(Locale.ROOT));
        if (gatewayConnector == null) {
            String str2 = "Gateway is not known: Gateway ID=" + str;
            LOG.info(str2);
            throw new IllegalStateException(str2);
        }
        if (gatewayConnector.isConnected()) {
            gatewayConnector.setDisabled(true);
        }
        List<String> list = (List) this.assetIdGatewayIdMap.entrySet().stream().filter(entry -> {
            return ((String) entry.getValue()).equals(str);
        }).map((v0) -> {
            return v0.getKey();
        }).collect(Collectors.toList());
        list.add(str);
        return this.assetStorageService.delete(list, true);
    }

    public Collection<GatewayTunnelInfo> getTunnelInfos() {
        return this.tunnelInfos.values();
    }

    protected boolean tunnellingSupported() {
        return !TextUtil.isNullOrEmpty(this.tunnelSSHHostname) && this.tunnelSSHPort > 0;
    }

    public GatewayTunnelInfo startTunnel(GatewayTunnelInfo gatewayTunnelInfo) throws IllegalArgumentException, IllegalStateException {
        if (!tunnellingSupported()) {
            LOG.info("Failed to start tunnel: reason=tunnelling is not supported");
            throw new IllegalArgumentException("Failed to start tunnel: reason=tunnelling is not supported");
        }
        if (TextUtil.isNullOrEmpty(gatewayTunnelInfo.getGatewayId())) {
            LOG.info("Failed to start tunnel: reason=gateway ID cannot be null or empty");
            throw new IllegalArgumentException("Failed to start tunnel: reason=gateway ID cannot be null or empty");
        }
        String lowerCase = gatewayTunnelInfo.getGatewayId().toLowerCase(Locale.ROOT);
        String realm = gatewayTunnelInfo.getRealm();
        GatewayConnector gatewayConnector = this.gatewayConnectorMap.get(lowerCase);
        if (gatewayConnector == null || !realm.equals(gatewayConnector.getRealm())) {
            String str = "Failed to start tunnel: reason=Gateway disconnected or doesn't exist, id=" + lowerCase;
            LOG.info(str);
            throw new IllegalStateException(str);
        }
        if (!gatewayConnector.isTunnellingSupported()) {
            String str2 = "Failed to start tunnel: reason=Not supported by gateway, id=" + lowerCase;
            LOG.info(str2);
            throw new IllegalArgumentException(str2);
        }
        if (!gatewayConnector.isConnected()) {
            String str3 = "Failed to start tunnel: reason=Not connected, id=" + lowerCase;
            LOG.info(str3);
            throw new IllegalArgumentException(str3);
        }
        if (gatewayTunnelInfo.getType() == GatewayTunnelInfo.Type.TCP) {
            gatewayTunnelInfo.setAssignedPort(Integer.valueOf(this.tunnelTCPStart + Math.toIntExact(this.pendingTunnelCounter.get() + this.tunnelInfos.values().stream().filter(gatewayTunnelInfo2 -> {
                return gatewayTunnelInfo2.getType() == GatewayTunnelInfo.Type.TCP;
            }).count())));
        }
        if (!TextUtil.isNullOrEmpty(this.tunnelHostname)) {
            gatewayTunnelInfo.setHostname(this.tunnelHostname);
        }
        if (this.tunnelAutoCloseMinutes > 0) {
            gatewayTunnelInfo.setAutoCloseTime(this.timerService.getNow().plus((TemporalAmount) Duration.ofMinutes(this.tunnelAutoCloseMinutes)));
        }
        CompletableFuture<Void> startTunnel = gatewayConnector.startTunnel(gatewayTunnelInfo);
        try {
            try {
                this.pendingTunnelCounter.incrementAndGet();
                startTunnel.get();
                this.tunnelInfos.put(gatewayTunnelInfo.getId(), gatewayTunnelInfo);
                if (gatewayTunnelInfo.getAutoCloseTime() != null) {
                    this.scheduledExecutorService.schedule(() -> {
                        autoCloseTunnel(gatewayTunnelInfo.getId());
                    }, Duration.between(this.timerService.getNow(), gatewayTunnelInfo.getAutoCloseTime()).toMillis(), TimeUnit.MILLISECONDS);
                    LOG.fine("Scheduled job to automatically close tunnel '" + gatewayTunnelInfo.getId() + "' at " + String.valueOf(gatewayTunnelInfo.getAutoCloseTime()));
                }
                return gatewayTunnelInfo;
            } catch (InterruptedException e) {
                throw new RuntimeException(e);
            } catch (ExecutionException e2) {
                if (e2.getCause() instanceof TimeoutException) {
                    LOG.log(Level.WARNING, "Failed to start tunnel: A timeout occurred whilst waiting for the tunnel to be started: id=" + lowerCase);
                } else {
                    LOG.log(Level.WARNING, "Failed to start tunnel: An error occurred whilst waiting for the tunnel to be started: id=" + lowerCase, e2.getCause());
                }
                throw new RuntimeException(e2);
            }
        } finally {
            this.pendingTunnelCounter.decrementAndGet();
        }
    }

    public void stopTunnel(GatewayTunnelInfo gatewayTunnelInfo) throws IllegalArgumentException, IllegalStateException {
        if (!tunnellingSupported()) {
            LOG.info("Failed to stop tunnel: reason=tunnelling is not supported");
            throw new IllegalArgumentException("Failed to stop tunnel: reason=tunnelling is not supported");
        }
        if (TextUtil.isNullOrEmpty(gatewayTunnelInfo.getGatewayId())) {
            LOG.info("Failed to stop tunnel: reason=gateway ID cannot be null or empty");
            throw new IllegalArgumentException("Failed to stop tunnel: reason=gateway ID cannot be null or empty");
        }
        String lowerCase = gatewayTunnelInfo.getGatewayId().toLowerCase(Locale.ROOT);
        String realm = gatewayTunnelInfo.getRealm();
        GatewayConnector gatewayConnector = this.gatewayConnectorMap.get(lowerCase);
        if (gatewayConnector == null || !realm.equals(gatewayConnector.getRealm())) {
            String str = "Failed to stop tunnel: reason=Gateway disconnected or doesn't exist, id=" + lowerCase;
            LOG.info(str);
            throw new IllegalStateException(str);
        }
        if (!gatewayConnector.isTunnellingSupported()) {
            String str2 = "Failed to stop tunnel: reason=Not supported by gateway, id=" + lowerCase;
            LOG.info(str2);
            throw new IllegalArgumentException(str2);
        }
        if (!gatewayConnector.isConnected()) {
            String str3 = "Failed to stop tunnel: reason=Not connected, id=" + lowerCase;
            LOG.info(str3);
            throw new IllegalArgumentException(str3);
        }
        try {
            try {
                gatewayConnector.stopTunnel(gatewayTunnelInfo).get(20L, TimeUnit.SECONDS);
                this.tunnelInfos.remove(gatewayTunnelInfo.getId(), gatewayTunnelInfo);
            } catch (InterruptedException | TimeoutException e) {
                String str4 = "Failed to stop tunnel: An error occurred whilst waiting for the tunnel to be stopped: id=" + lowerCase;
                LOG.warning(str4);
                throw new RuntimeException(str4);
            } catch (ExecutionException e2) {
                String str5 = "Failed to stop tunnel: An error occurred whilst waiting for the tunnel to be stopped: id=" + lowerCase;
                LOG.log(Level.WARNING, str5, e2.getCause());
                throw new RuntimeException(str5, e2.getCause());
            }
        } catch (Throwable th) {
            this.tunnelInfos.remove(gatewayTunnelInfo.getId(), gatewayTunnelInfo);
            throw th;
        }
    }

    public boolean isLocallyRegisteredGateway(String str) {
        return this.gatewayConnectorMap.containsKey(str.toLowerCase(Locale.ROOT));
    }

    public String getLocallyRegisteredGatewayId(String str, String str2) {
        String str3 = this.assetIdGatewayIdMap.get(str);
        if (str3 != null) {
            return str3;
        }
        if (str2 == null) {
            return null;
        }
        GatewayConnector gatewayConnector = this.gatewayConnectorMap.get(str2.toLowerCase(Locale.ROOT));
        return gatewayConnector != null ? gatewayConnector.gatewayId : getLocallyRegisteredGatewayId(str2, null);
    }

    protected void processGatewayConnected(String str, String str2) {
        String gatewayIdFromClientId = getGatewayIdFromClientId(str);
        GatewayConnector gatewayConnector = this.gatewayConnectorMap.get(gatewayIdFromClientId.toLowerCase(Locale.ROOT));
        if (gatewayConnector == null) {
            LOG.warning("Gateway connected but not recognised which shouldn't happen: GatewayID=" + gatewayIdFromClientId);
            this.clientEventService.sendToWebsocketSession(str2, new GatewayDisconnectEvent(GatewayDisconnectEvent.Reason.UNRECOGNISED));
            this.clientEventService.closeWebsocketSession(str2);
        } else {
            if (!gatewayConnector.isDisabled()) {
                gatewayConnector.connected(str2, createConnectorMessageConsumer(str2), () -> {
                    this.clientEventService.closeWebsocketSession(str2);
                    this.tunnelInfos.values().removeIf(gatewayTunnelInfo -> {
                        return gatewayTunnelInfo.getGatewayId().equals(gatewayIdFromClientId);
                    });
                });
                return;
            }
            LOG.warning("Gateway is currently disabled so will be ignored: " + String.valueOf(this));
            this.clientEventService.sendToWebsocketSession(str2, new GatewayDisconnectEvent(GatewayDisconnectEvent.Reason.DISABLED));
            this.clientEventService.closeWebsocketSession(str2);
        }
    }

    protected void processGatewayDisconnected(String str, String str2) {
        GatewayConnector gatewayConnector = this.gatewayConnectorMap.get(getGatewayIdFromClientId(str).toLowerCase(Locale.ROOT));
        if (gatewayConnector != null) {
            gatewayConnector.disconnected(str2);
        }
    }

    protected void processGatewayMessage(String str, String str2, SharedEvent sharedEvent) {
        GatewayConnector gatewayConnector = this.gatewayConnectorMap.get(str.toLowerCase(Locale.ROOT));
        if (gatewayConnector == null) {
            return;
        }
        if (gatewayConnector.isConnected() && str2.equals(gatewayConnector.getSessionId())) {
            gatewayConnector.onGatewayEvent(sharedEvent);
        } else {
            LOG.finest("Gateway event received for an obsolete session so ignoring: " + String.valueOf(this));
        }
    }

    protected void processGatewayChange(GatewayAsset gatewayAsset, PersistenceEvent<Asset<?>> persistenceEvent) {
        switch (AnonymousClass2.$SwitchMap$org$openremote$model$PersistenceEvent$Cause[persistenceEvent.getCause().ordinal()]) {
            case 1:
                createUpdateGatewayServiceUser(gatewayAsset);
                this.gatewayConnectorMap.put(gatewayAsset.getId().toLowerCase(Locale.ROOT), new GatewayConnector(this.assetStorageService, this.assetProcessingService, this.executorService, this.scheduledExecutorService, this, gatewayAsset));
                return;
            case 2:
                GatewayConnector gatewayConnector = this.gatewayConnectorMap.get(gatewayAsset.getId().toLowerCase(Locale.ROOT));
                if (gatewayConnector == null) {
                    return;
                }
                boolean booleanValue = ((Boolean) gatewayAsset.getDisabled().orElse(false)).booleanValue();
                gatewayConnector.setDisabled(booleanValue);
                if (!persistenceEvent.hasPropertyChanged("attributes") || ((Boolean) ((AttributeMap) persistenceEvent.getPreviousState("attributes")).getValue(GatewayAsset.DISABLED).orElse(false)).booleanValue() == booleanValue) {
                    return;
                }
                createUpdateGatewayServiceUser(gatewayAsset);
                return;
            case 3:
                if (this.gatewayConnectorMap.get(gatewayAsset.getId().toLowerCase(Locale.ROOT)) == null) {
                    return;
                }
                this.tunnelInfos.values().forEach(gatewayTunnelInfo -> {
                    if (gatewayTunnelInfo.getGatewayId().equals(gatewayAsset.getId())) {
                        try {
                            stopTunnel(gatewayTunnelInfo);
                        } catch (IllegalArgumentException | IllegalStateException e) {
                        }
                    }
                });
                GatewayConnector remove = this.gatewayConnectorMap.remove(gatewayAsset.getId().toLowerCase(Locale.ROOT));
                if (remove != null) {
                    remove.disconnect(GatewayDisconnectEvent.Reason.UNRECOGNISED);
                }
                removeGatewayServiceUser(gatewayAsset);
                return;
            default:
                return;
        }
    }

    protected void processGatewayChildAssetChange(String str, Asset<?> asset, PersistenceEvent<Asset<?>> persistenceEvent) {
        switch (AnonymousClass2.$SwitchMap$org$openremote$model$PersistenceEvent$Cause[persistenceEvent.getCause().ordinal()]) {
            case 1:
            case 2:
                synchronized (this.assetIdGatewayIdMap) {
                    this.assetIdGatewayIdMap.put(asset.getId(), str);
                }
                return;
            case 3:
                synchronized (this.assetIdGatewayIdMap) {
                    this.assetIdGatewayIdMap.remove(asset.getId());
                }
                return;
            default:
                return;
        }
    }

    protected boolean isGatewayConnected(String str) {
        AtomicBoolean atomicBoolean = new AtomicBoolean(false);
        this.gatewayConnectorMap.computeIfPresent(str.toLowerCase(Locale.ROOT), (str2, gatewayConnector) -> {
            atomicBoolean.set(gatewayConnector.isConnected());
            return gatewayConnector;
        });
        return atomicBoolean.get();
    }

    public static String getGatewayClientId(String str) {
        String str2 = "gateway-" + str.toLowerCase(Locale.ROOT);
        if (str2.length() > 255) {
            str2 = str2.substring(0, 254);
        }
        return str2;
    }

    protected void createUpdateGatewayServiceUser(GatewayAsset gatewayAsset) {
        LOG.info("Creating/updating gateway service user for gateway id: " + gatewayAsset.getId());
        String gatewayClientId = getGatewayClientId(gatewayAsset.getId());
        String str = (String) gatewayAsset.getClientSecret().orElseGet(() -> {
            return UUID.randomUUID().toString();
        });
        try {
            User userByUsername = this.identityProvider.getUserByUsername(gatewayAsset.getRealm(), "service-account-" + gatewayClientId);
            boolean z = userByUsername != null;
            if (userByUsername == null || userByUsername.getEnabled() == gatewayAsset.getDisabled().orElse(false) || Objects.equals(userByUsername.getSecret(), gatewayAsset.getClientSecret().orElse(null))) {
                userByUsername = this.identityProvider.createUpdateUser(gatewayAsset.getRealm(), new User().setServiceAccount(true).setSystemAccount(true).setUsername(gatewayClientId).setEnabled(Boolean.valueOf(!((Boolean) gatewayAsset.getDisabled().orElse(false)).booleanValue())), str, true);
            }
            if (!z && userByUsername != null) {
                this.identityProvider.updateUserRealmRoles(gatewayAsset.getRealm(), userByUsername.getId(), this.identityProvider.addRealmRoles(gatewayAsset.getRealm(), userByUsername.getId(), "restricted_user"));
            }
            if (!gatewayClientId.equals(gatewayAsset.getClientId().orElse(null)) || !str.equals(gatewayAsset.getClientSecret().orElse(null))) {
                gatewayAsset.setClientId(gatewayClientId);
                gatewayAsset.setClientSecret(str);
                this.assetStorageService.merge(gatewayAsset);
            }
            try {
                LOG.info("Created gateway keycloak client for gateway id: " + gatewayAsset.getId());
            } catch (Exception e) {
                LOG.log(Level.SEVERE, "Failed to merge registered gateway: " + gatewayAsset.getId(), (Throwable) e);
            }
        } catch (Exception e2) {
            LOG.warning("Failed to create client for gateway: " + gatewayAsset.getId());
        }
    }

    protected void removeGatewayServiceUser(GatewayAsset gatewayAsset) {
        String str = (String) gatewayAsset.getClientId().orElse(null);
        if (TextUtil.isNullOrEmpty(str)) {
            LOG.warning("Cannot find gateway keycloak client ID so cannot remove keycloak client for gateway: " + gatewayAsset.getId());
        } else {
            this.identityProvider.deleteClient(gatewayAsset.getRealm(), str);
        }
    }

    protected Consumer<Object> createConnectorMessageConsumer(String str) {
        return obj -> {
            this.clientEventService.sendToWebsocketSession(str, obj);
        };
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getTunnelSSHHostname() {
        return this.tunnelSSHHostname;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int getTunnelSSHPort() {
        return this.tunnelSSHPort;
    }

    public int getTunnelTCPStart() {
        return this.tunnelTCPStart;
    }

    protected void autoCloseTunnel(String str) {
        GatewayTunnelInfo gatewayTunnelInfo = this.tunnelInfos.get(str);
        if (gatewayTunnelInfo == null) {
            LOG.fine("Tunnel '" + str + "' not found so it cannot be automatically closed");
            return;
        }
        try {
            LOG.info("Automatically closing tunnel: " + str);
            stopTunnel(gatewayTunnelInfo);
        } catch (IllegalArgumentException | IllegalStateException e) {
            LOG.log(Level.WARNING, "Failed to automatically close tunnel: " + str, e);
        }
    }

    public String toString() {
        return getClass().getSimpleName() + "{active=" + this.active + "}";
    }
}
