package org.eclipse.milo.opcua.stack.client.transport.uasc;

import com.google.common.base.MoreObjects;
import io.netty.channel.Channel;
import io.netty.util.AttributeKey;
import io.netty.util.DefaultAttributeMap;
import java.security.KeyPair;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import org.eclipse.milo.opcua.stack.client.UaStackClientConfig;
import org.eclipse.milo.opcua.stack.core.StatusCodes;
import org.eclipse.milo.opcua.stack.core.UaException;
import org.eclipse.milo.opcua.stack.core.channel.ChannelSecurity;
import org.eclipse.milo.opcua.stack.core.channel.SecureChannel;
import org.eclipse.milo.opcua.stack.core.security.SecurityPolicy;
import org.eclipse.milo.opcua.stack.core.types.builtin.ByteString;
import org.eclipse.milo.opcua.stack.core.types.enumerated.MessageSecurityMode;
import org.eclipse.milo.opcua.stack.core.types.structured.EndpointDescription;
import org.eclipse.milo.opcua.stack.core.util.CertificateUtil;
import org.eclipse.milo.opcua.stack.core.util.LongSequence;

/* loaded from: input_file:dependencies/stack-client-0.6.1.jar:org/eclipse/milo/opcua/stack/client/transport/uasc/ClientSecureChannel.class */
public class ClientSecureChannel extends DefaultAttributeMap implements SecureChannel {
    public static final AttributeKey<LongSequence> KEY_REQUEST_ID_SEQUENCE = AttributeKey.valueOf("request-id-sequence");
    private volatile Channel channel;
    private volatile long channelId;
    private volatile ChannelSecurity channelSecurity;
    private volatile ByteString localNonce;
    private volatile ByteString remoteNonce;
    private final KeyPair keyPair;
    private final X509Certificate localCertificate;
    private final List<X509Certificate> localCertificateChain;
    private final X509Certificate remoteCertificate;
    private final List<X509Certificate> remoteCertificateChain;
    private final SecurityPolicy securityPolicy;
    private final MessageSecurityMode messageSecurityMode;

    public ClientSecureChannel(SecurityPolicy securityPolicy, MessageSecurityMode messageSecurityMode) {
        this(null, null, null, null, null, securityPolicy, messageSecurityMode);
    }

    public ClientSecureChannel(KeyPair keyPair, X509Certificate x509Certificate, List<X509Certificate> list, X509Certificate x509Certificate2, List<X509Certificate> list2, SecurityPolicy securityPolicy, MessageSecurityMode messageSecurityMode) {
        this.channelId = 0L;
        this.localNonce = ByteString.NULL_VALUE;
        this.remoteNonce = ByteString.NULL_VALUE;
        this.keyPair = keyPair;
        this.localCertificate = x509Certificate;
        this.localCertificateChain = list;
        this.remoteCertificate = x509Certificate2;
        this.remoteCertificateChain = list2;
        this.securityPolicy = securityPolicy;
        this.messageSecurityMode = messageSecurityMode;
    }

    public void setChannel(Channel channel) {
        this.channel = channel;
    }

    public void setChannelId(long j) {
        this.channelId = j;
    }

    public void setChannelSecurity(ChannelSecurity channelSecurity) {
        this.channelSecurity = channelSecurity;
    }

    public void setLocalNonce(ByteString byteString) {
        this.localNonce = byteString;
    }

    public void setRemoteNonce(ByteString byteString) {
        this.remoteNonce = byteString;
    }

    public Channel getChannel() {
        return this.channel;
    }

    @Override // org.eclipse.milo.opcua.stack.core.channel.SecureChannel
    public long getChannelId() {
        return this.channelId;
    }

    @Override // org.eclipse.milo.opcua.stack.core.channel.SecureChannel
    public KeyPair getKeyPair() {
        return this.keyPair;
    }

    @Override // org.eclipse.milo.opcua.stack.core.channel.SecureChannel
    public ByteString getLocalNonce() {
        return this.localNonce;
    }

    @Override // org.eclipse.milo.opcua.stack.core.channel.SecureChannel
    public ByteString getRemoteNonce() {
        return this.remoteNonce;
    }

    @Override // org.eclipse.milo.opcua.stack.core.channel.SecureChannel
    public SecurityPolicy getSecurityPolicy() {
        return this.securityPolicy;
    }

    @Override // org.eclipse.milo.opcua.stack.core.channel.SecureChannel
    public MessageSecurityMode getMessageSecurityMode() {
        return this.messageSecurityMode;
    }

    @Override // org.eclipse.milo.opcua.stack.core.channel.SecureChannel
    public X509Certificate getLocalCertificate() {
        return this.localCertificate;
    }

    @Override // org.eclipse.milo.opcua.stack.core.channel.SecureChannel
    public List<X509Certificate> getLocalCertificateChain() {
        return this.localCertificateChain;
    }

    @Override // org.eclipse.milo.opcua.stack.core.channel.SecureChannel
    public X509Certificate getRemoteCertificate() {
        return this.remoteCertificate;
    }

    @Override // org.eclipse.milo.opcua.stack.core.channel.SecureChannel
    public List<X509Certificate> getRemoteCertificateChain() {
        return this.remoteCertificateChain;
    }

    @Override // org.eclipse.milo.opcua.stack.core.channel.SecureChannel
    public ChannelSecurity getChannelSecurity() {
        return this.channelSecurity;
    }

    @Override // org.eclipse.milo.opcua.stack.core.channel.SecureChannel
    public ChannelSecurity.SecretKeys getEncryptionKeys(ChannelSecurity.SecurityKeys securityKeys) {
        return securityKeys.getClientKeys();
    }

    @Override // org.eclipse.milo.opcua.stack.core.channel.SecureChannel
    public ChannelSecurity.SecretKeys getDecryptionKeys(ChannelSecurity.SecurityKeys securityKeys) {
        return securityKeys.getServerKeys();
    }

    public String toString() {
        return MoreObjects.toStringHelper(this).add("channelId", this.channelId).add("securityPolicy", this.securityPolicy).toString();
    }

    public static ClientSecureChannel fromConfig(UaStackClientConfig uaStackClientConfig) throws UaException {
        EndpointDescription endpoint = uaStackClientConfig.getEndpoint();
        SecurityPolicy fromUri = SecurityPolicy.fromUri(endpoint.getSecurityPolicyUri());
        return fromUri == SecurityPolicy.None ? new ClientSecureChannel(fromUri, endpoint.getSecurityMode()) : new ClientSecureChannel(uaStackClientConfig.getKeyPair().orElseThrow(() -> {
            return new UaException(StatusCodes.Bad_ConfigurationError, "no KeyPair configured");
        }), uaStackClientConfig.getCertificate().orElseThrow(() -> {
            return new UaException(StatusCodes.Bad_ConfigurationError, "no certificate configured");
        }), Arrays.asList(uaStackClientConfig.getCertificateChain().orElseThrow(() -> {
            return new UaException(StatusCodes.Bad_ConfigurationError, "no certificate chain configured");
        })), CertificateUtil.decodeCertificate(endpoint.getServerCertificate().bytes()), CertificateUtil.decodeCertificates(endpoint.getServerCertificate().bytes()), fromUri, endpoint.getSecurityMode());
    }
}
