package tigase.push.apns;

import java.io.IOException;
import java.io.Serializable;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionException;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.stream.Stream;
import tigase.component.exceptions.ComponentException;
import tigase.db.TigaseDBException;
import tigase.db.UserRepository;
import tigase.eventbus.EventBus;
import tigase.eventbus.EventBusEvent;
import tigase.eventbus.EventBusFactory;
import tigase.eventbus.HandleEvent;
import tigase.kernel.beans.Bean;
import tigase.kernel.beans.Initializable;
import tigase.kernel.beans.UnregisterAware;
import tigase.kernel.beans.config.ConfigField;
import tigase.kernel.beans.config.ConfigFieldType;
import tigase.kernel.beans.config.ConfigurationChangedAware;
import tigase.push.AbstractProvider;
import tigase.push.PushNotificationsComponent;
import tigase.push.api.IEncryptedNotification;
import tigase.push.api.INotification;
import tigase.push.api.IPlainNotification;
import tigase.push.api.IPushProvider;
import tigase.push.api.IPushSettings;
import tigase.push.apns.ApnsNotification;
import tigase.push.apns.ApnsPayload;
import tigase.push.apns.ApnsService;
import tigase.push.monitor.SSLCertificateExpirationAware;
import tigase.push.utils.ExceptionHelper;
import tigase.xmpp.Authorization;

@Bean(name = "apns-binary-api", parent = PushNotificationsComponent.class, active = false)
/* loaded from: input_file:tigase/push/apns/APNsBinaryApiProvider.class */
public class APNsBinaryApiProvider extends AbstractProvider implements Initializable, UnregisterAware, ConfigurationChangedAware, IPushProvider, SSLCertificateExpirationAware {
    private static final Logger a = Logger.getLogger(APNsBinaryApiProvider.class.getCanonicalName());
    protected final EventBus eventBus;

    @ConfigField(desc = "Password for certificate file", alias = "cert-password", type = ConfigFieldType.Password)
    private String certificatePassword;

    @ConfigField(desc = "Path to certificate file (.p12)", alias = "cert-file")
    private String certificatePath;

    @ConfigField(desc = "Certificate in PEM format", alias = "cert-base64")
    private String base64certificate;

    @ConfigField(desc = "Path to PushKit certificate file (.p12)", alias = "pushkit-cert-file")
    private String pushkitCertificatePath;

    @ConfigField(desc = "Path to PushKit certificate file (.p12)", alias = "pushkit-cert-base64")
    private String base64pushkitCertificate;

    @ConfigField(desc = "Path to encryption file (.p12)", alias = "key-file")
    private String encryptionKeyPath;

    @ConfigField(desc = "ID of encryption key", alias = "key-id")
    private String encryptionKeyId;
    private String b;

    @ConfigField(desc = "Team ID", alias = "team-id")
    private String teamId;

    @ConfigField(desc = "Provider description")
    private String description;

    @ConfigField(desc = "Fallback to sandbox")
    private boolean fallbackToSandbox;

    @ConfigField(desc = "APNS-Topic", alias = "apns-topic")
    private String apnsTopic;

    @ConfigField(desc = "Sandbox")
    private boolean sandbox;
    private ApnsService c;
    private ApnsService d;
    private ApnsService e;
    private ApnsService f;

    /* loaded from: input_file:tigase/push/apns/APNsBinaryApiProvider$APNSCertificateChangedEvent.class */
    public static class APNSCertificateChangedEvent implements Serializable, EventBusEvent {
        private String a;
        private String b;

        public APNSCertificateChangedEvent() {
        }

        public APNSCertificateChangedEvent(String str, String str2) {
            this.a = str;
            this.b = str2;
        }
    }

    public APNsBinaryApiProvider() {
        super("apns-binary-api");
        this.eventBus = EventBusFactory.getInstance();
        this.description = "Push provider for APNs - Binary API";
        this.fallbackToSandbox = false;
        this.sandbox = false;
    }

    @Override // tigase.push.api.IPushProvider
    public String getDescription() {
        return this.description;
    }

    public void initialize() {
        if (this.eventBus != null) {
            this.eventBus.registerAll(this);
        }
    }

    @Override // tigase.push.api.IPushProvider
    public Optional<Integer> maxPayloadSize() {
        return Optional.of(3072);
    }

    @Override // tigase.push.api.IPushProvider
    public Set<IPushProvider.Feature> supportedFeatures() {
        return Set.of(IPushProvider.Feature.plain, IPushProvider.Feature.encrypted);
    }

    @Override // tigase.push.api.IPushProvider
    public CompletableFuture<String> pushNotification(IPushSettings.IDevice iDevice, INotification iNotification) {
        boolean z = iNotification.getType() == INotification.Type.voip && iNotification.getPriority() == INotification.Priority.high;
        String deviceId = !z ? iDevice.getDeviceId() : iDevice.getDeviceSecondId();
        if (deviceId == null) {
            a.log(Level.FINEST, "there is no device (second) id for push notification for account " + iNotification.getAccount());
            return z ? CompletableFuture.completedFuture(null) : CompletableFuture.failedFuture(new ComponentException(Authorization.ITEM_NOT_FOUND, "Unknown device ID"));
        }
        ApnsPayload.Builder preparePayload = preparePayload(APNS.newPayload(), iNotification);
        ApnsNotification.Builder newNotification = APNS.newNotification();
        if (!z || this.e == null) {
            if (this.apnsTopic != null) {
                String str = this.apnsTopic;
                if (z) {
                    str = str + ".voip";
                }
                if (a.isLoggable(Level.FINEST)) {
                    a.log(Level.FINEST, "setting topic for notifications " + str);
                }
                newNotification.topic(str);
            }
            switch (iNotification.getPriority()) {
                case low:
                    newNotification.pushType(ApnsNotification.PushType.background);
                    break;
                case high:
                    preparePayload.body("New message!").sound("default").mutableContent(1).category("MESSAGE").threadId(iNotification.getAccount().toString());
                    if (!z) {
                        newNotification.pushType(ApnsNotification.PushType.alert);
                        break;
                    } else {
                        newNotification.pushType(ApnsNotification.PushType.voip);
                        break;
                    }
            }
        } else {
            newNotification.pushType(ApnsNotification.PushType.voip);
        }
        ApnsNotification build = newNotification.deviceId(deviceId).payload(preparePayload.build()).build();
        sendingPush();
        return (!z || this.e == null) ? pushNotification(iDevice, build, this.c, this.d) : pushNotification(iDevice, build, this.e, this.f);
    }

    @Override // tigase.push.monitor.SSLCertificateExpirationAware
    public Stream<SSLCertificateExpirationAware.Result> getSSLCertificatesValidPeriod() {
        Stream<SSLCertificateExpirationAware.Result> empty = Stream.empty();
        try {
            if (this.base64certificate != null) {
                empty = Stream.concat(empty, APNSUtil.getCertificateValidPeriodFromBase64(this.base64certificate, this.certificatePassword));
            } else if (this.certificatePath != null) {
                empty = Stream.concat(empty, APNSUtil.getCertificateValidPeriodFromFile(this.certificatePath, this.certificatePassword));
            }
        } catch (Throwable th) {
            a.log(Level.WARNING, th, () -> {
                return "Could not retrieve valid period for Push SSL certificate";
            });
        }
        try {
            if (this.base64pushkitCertificate != null) {
                empty = Stream.concat(empty, APNSUtil.getCertificateValidPeriodFromBase64(this.base64pushkitCertificate, this.certificatePassword));
            } else if (this.pushkitCertificatePath != null) {
                empty = Stream.concat(empty, APNSUtil.getCertificateValidPeriodFromFile(this.pushkitCertificatePath, this.certificatePassword));
            }
        } catch (Throwable th2) {
            a.log(Level.WARNING, th2, () -> {
                return "Could not retrieve valid period for PushKit SSL certificate";
            });
        }
        return empty;
    }

    protected CompletableFuture<String> pushNotification(IPushSettings.IDevice iDevice, ApnsNotification apnsNotification, ApnsService apnsService, ApnsService apnsService2) {
        return a(apnsService, apnsService2, apnsNotification).whenComplete((str, th) -> {
            if (th != null) {
                pushFailed();
                Optional.ofNullable((ApnsServiceException) ExceptionHelper.findThrowable(th, ApnsServiceException.class)).filter(apnsServiceException -> {
                    switch (apnsServiceException.getErrorType()) {
                        case badDeviceToken:
                        case deviceTokenNotForTopic:
                        case unregistred:
                            return true;
                        default:
                            return false;
                    }
                }).ifPresent(apnsServiceException2 -> {
                    unregisterDevice(iDevice.getDeviceId());
                });
            }
        });
    }

    private CompletableFuture<String> a(ApnsService apnsService, ApnsNotification apnsNotification) {
        if (a.isLoggable(Level.FINEST)) {
            a.log(Level.FINEST, "sending push notification " + apnsNotification.getId() + " at service " + apnsService);
        }
        return a(apnsService, apnsNotification, 1).whenComplete((str, th) -> {
            if (th == null) {
                if (a.isLoggable(Level.FINEST)) {
                    a.log(Level.FINEST, "sent push notification = " + apnsNotification.getId() + " at service = " + apnsService);
                }
            } else if (a.isLoggable(Level.FINEST)) {
                Throwable findLoggableException = ExceptionHelper.findLoggableException(th);
                if (th instanceof ApnsServiceException) {
                    a.log(Level.FINEST, "failed to send push notification = " + apnsNotification.getId() + " at service = " + apnsService + ", error: " + findLoggableException);
                } else {
                    a.log(Level.FINEST, "failed to send push notification = " + apnsNotification.getId() + " at service = " + apnsService, findLoggableException);
                }
            }
        });
    }

    private CompletableFuture<String> a(ApnsService apnsService, ApnsNotification apnsNotification, int i) {
        CompletableFuture<String> completableFuture = new CompletableFuture<>();
        try {
            apnsService.push(apnsNotification).thenAccept(str -> {
                completableFuture.complete(str);
            }).exceptionally(th -> {
                if (i > 3 || !a(th)) {
                    completableFuture.completeExceptionally(th);
                    return null;
                }
                a(apnsService, apnsNotification, i + 1).thenAccept(str2 -> {
                    completableFuture.complete(str2);
                }).exceptionally(th -> {
                    completableFuture.completeExceptionally(th);
                    return null;
                });
                return null;
            });
        } catch (Throwable th2) {
            completableFuture.completeExceptionally(th2);
        }
        return completableFuture;
    }

    private CompletableFuture<String> a(ApnsService apnsService, ApnsService apnsService2, ApnsNotification apnsNotification) {
        CompletableFuture<String> completableFuture = new CompletableFuture<>();
        a(apnsService, apnsNotification).thenAccept(str -> {
            completableFuture.complete(str);
        }).exceptionally(th -> {
            if (apnsService2 == null || !a(th, ApnsService.ErrorType.badDeviceToken)) {
                completableFuture.completeExceptionally(th);
                return null;
            }
            if (a.isLoggable(Level.FINEST)) {
                a.log(Level.FINEST, "trying to use fallback service " + apnsService2 + " for notification " + apnsNotification.getId());
            }
            a(apnsService2, apnsNotification).thenAccept(str2 -> {
                completableFuture.complete(str2);
            }).exceptionally(th -> {
                completableFuture.completeExceptionally(th);
                return null;
            });
            return null;
        });
        return completableFuture;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private static boolean a(Throwable th) {
        if (th instanceof CompletionException) {
            return a(th.getCause());
        }
        if (th instanceof IOException) {
            return true;
        }
        if (th instanceof ApnsServiceException) {
            return ((ApnsServiceException) th).getErrorType().shouldRetry();
        }
        return false;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private static boolean a(Throwable th, ApnsService.ErrorType errorType) {
        if (th instanceof CompletionException) {
            return a(th.getCause(), errorType);
        }
        if (th instanceof ApnsServiceException) {
            return ((ApnsServiceException) th).isErrorType(errorType);
        }
        return false;
    }

    public void beforeUnregister() {
        if (this.eventBus != null) {
            this.eventBus.unregisterAll(this);
        }
        a((ApnsService) null);
        b((ApnsService) null);
        c(null);
        d(null);
    }

    @HandleEvent(filter = HandleEvent.Type.remote)
    public void certificateChange(APNSCertificateChangedEvent aPNSCertificateChangedEvent) {
        try {
            reloadAPNSSecretsFromRepository();
        } catch (TigaseDBException e) {
            a.log(Level.WARNING, "Reloading APNS certificate failed", e);
        }
    }

    public void reloadAPNSCertificateFromRepository() throws TigaseDBException {
        reloadAPNSSecretsFromRepository();
    }

    public void reloadAPNSSecretsFromRepository() throws TigaseDBException {
        ArrayList arrayList = new ArrayList();
        this.base64certificate = getData("base64certificate");
        if (this.base64certificate != null) {
            arrayList.add("base64certificate");
        }
        this.base64pushkitCertificate = getData("base64pushkitCertificate");
        if (this.base64pushkitCertificate != null) {
            arrayList.add("base64pushkitCertificate");
        }
        if (this.base64certificate != null || this.base64pushkitCertificate != null) {
            this.certificatePassword = getData("certificatePassword");
            if (this.certificatePassword != null) {
                arrayList.add("certificatePassword");
            }
        }
        this.b = getData("encryptionKey");
        if (this.b != null) {
            arrayList.add("encryptionKey");
            this.encryptionKeyId = getData("encryptionKeyId");
            if (this.encryptionKeyId != null) {
                arrayList.add("encryptionKeyId");
            }
            this.teamId = getData("teamId");
            if (this.teamId != null) {
                arrayList.add("teamId");
            }
        }
        beanConfigurationChanged(arrayList);
    }

    public void setAPNSCertificate(String str, String str2, String str3) throws TigaseDBException {
        Objects.requireNonNull(str);
        Objects.requireNonNull(str2);
        Objects.requireNonNull(str3);
        b();
        this.base64certificate = str;
        this.base64pushkitCertificate = str2;
        this.certificatePassword = str3;
        beanConfigurationChanged(List.of("base64certificate", "base64pushkitCertificate", "certificatePassword"));
        b(str, str2, str3);
        this.eventBus.fire(new APNSCertificateChangedEvent("push", getName()));
    }

    private void a() {
        this.base64certificate = null;
        this.base64pushkitCertificate = null;
    }

    public void setAPNSEncryptionKey(String str, String str2, String str3) throws TigaseDBException {
        Objects.requireNonNull(str);
        Objects.requireNonNull(str2);
        Objects.requireNonNull(str3);
        a();
        this.encryptionKeyId = str;
        this.b = str2;
        this.teamId = str3;
        beanConfigurationChanged(List.of("encryptionKeyId", "encryptionKey", "teamId"));
        a(str, str2, str3);
        this.eventBus.fire(new APNSCertificateChangedEvent("push", getName()));
    }

    private void b() {
        this.b = null;
    }

    public void beanConfigurationChanged(Collection<String> collection) {
        if (collection.contains("certificatePath") || collection.contains("pushkitCertificatePath") || collection.contains("base64certificate") || collection.contains("base64pushkitCertificate") || collection.contains("certificatePassword") || collection.contains("poolSize") || collection.contains("fallbackToSandbox") || collection.contains("userRepository") || collection.contains("encryptionKey") || collection.contains("encryptionKeyId") || collection.contains("encryptionKeyPath") || collection.contains("teamId")) {
            try {
                if (c()) {
                    b(this.fallbackToSandbox ? a(false) : null);
                    a(a(!this.sandbox));
                } else {
                    b((ApnsService) null);
                    a((ApnsService) null);
                }
                if (d()) {
                    d(this.fallbackToSandbox ? b(false) : null);
                    c(b(!this.sandbox));
                } else {
                    d(null);
                    c(null);
                }
            } catch (IOException | NoSuchAlgorithmException | InvalidKeySpecException e) {
                throw new RuntimeException("Could not configure APNs provider!", e);
            }
        }
    }

    private boolean c() {
        return (this.certificatePath == null && this.base64certificate == null && this.b == null && this.encryptionKeyPath == null) ? false : true;
    }

    private boolean d() {
        return (this.pushkitCertificatePath == null && this.base64pushkitCertificate == null) ? false : true;
    }

    private ApnsService a(boolean z) throws InvalidKeySpecException, NoSuchAlgorithmException, IOException {
        return APNS.newService().withEncryptionKey(this.encryptionKeyId, this.b, this.encryptionKeyPath, this.teamId).withCert(this.certificatePath, this.base64certificate, this.certificatePassword).withAppleDestination(z).build();
    }

    private ApnsService b(boolean z) throws InvalidKeySpecException, NoSuchAlgorithmException, IOException {
        return APNS.newService().withCert(this.pushkitCertificatePath, this.base64pushkitCertificate, this.certificatePassword).withAppleDestination(z).build();
    }

    void a(String str, String str2, String str3) throws TigaseDBException {
        setData("encryptionKeyId", str);
        setData("encryptionKey", str2);
        setData("teamId", str3);
        f();
    }

    private void e() throws TigaseDBException {
        removeData("encryptionKeyId", "encryptionKey", "teamId");
    }

    void b(String str, String str2, String str3) throws TigaseDBException {
        setData("base64certificate", str);
        setData("base64pushkitCertificate", str2);
        setData("certificatePassword", str3);
        e();
    }

    private void f() throws TigaseDBException {
        removeData("base64certificate", "base64pushkitCertificate", "certificatePassword");
    }

    protected ApnsPayload.Builder preparePayload(ApnsPayload.Builder builder, INotification iNotification) {
        if (iNotification instanceof IPlainNotification) {
            return preparePlainPayload(builder, (IPlainNotification) iNotification);
        }
        if (iNotification instanceof IEncryptedNotification) {
            return prepareEncryptedPayload(builder, (IEncryptedNotification) iNotification);
        }
        throw new IllegalArgumentException("Not supported notification class:" + iNotification.getClass().getCanonicalName());
    }

    protected ApnsPayload.Builder preparePlainPayload(ApnsPayload.Builder builder, IPlainNotification iPlainNotification) {
        if (iPlainNotification.getPriority() != INotification.Priority.high) {
            builder.instantDeliveryOrSilentNotification();
        }
        builder.customField("account", iPlainNotification.getAccount().toString());
        iPlainNotification.ifMessageCount(l -> {
            builder.customField("unread-messages", l);
        });
        iPlainNotification.ifLastMessageSender(jid -> {
            builder.customField("sender", jid.getBareJID().toString());
        });
        iPlainNotification.ifGroupchatSenderNickname(str -> {
            builder.customField("nickname", str);
        });
        iPlainNotification.ifLastMessageBody(str2 -> {
            if (str2.length() > 512) {
                str2 = str2.substring(0, 500) + "...";
            }
            builder.customField("body", str2);
        });
        return builder;
    }

    protected ApnsPayload.Builder prepareEncryptedPayload(ApnsPayload.Builder builder, IEncryptedNotification iEncryptedNotification) {
        if (iEncryptedNotification.getPriority() != INotification.Priority.high) {
            builder.instantDeliveryOrSilentNotification();
        }
        builder.customField("account", iEncryptedNotification.getAccount().toString()).customField("encrypted", iEncryptedNotification.getEncrypted()).customField("iv", iEncryptedNotification.getIV());
        return builder;
    }

    private void a(ApnsService apnsService) {
        ApnsService apnsService2 = this.c;
        this.c = apnsService;
        if (apnsService2 != null) {
            apnsService2.stop();
        }
    }

    private void b(ApnsService apnsService) {
        ApnsService apnsService2 = this.d;
        this.d = apnsService;
        if (apnsService2 != null) {
            apnsService2.stop();
        }
    }

    private void c(ApnsService apnsService) {
        ApnsService apnsService2 = this.e;
        this.e = apnsService;
        if (apnsService2 != null) {
            apnsService2.stop();
        }
    }

    @Override // tigase.push.AbstractProvider
    public void setUserRepository(UserRepository userRepository) {
        super.setUserRepository(userRepository);
        try {
            reloadAPNSCertificateFromRepository();
        } catch (TigaseDBException e) {
            a.log(Level.WARNING, "Reloading APNS certificate failed", e);
        }
    }

    private void d(ApnsService apnsService) {
        ApnsService apnsService2 = this.f;
        this.f = apnsService;
        if (apnsService2 != null) {
            apnsService2.stop();
        }
    }
}
