package com.foilen.infra.resource.letsencrypt.plugin;

import com.foilen.infra.plugin.v1.core.context.ChangesContext;
import com.foilen.infra.plugin.v1.core.context.CommonServicesContext;
import com.foilen.infra.plugin.v1.core.context.TimerEventContext;
import com.foilen.infra.plugin.v1.core.exception.IllegalUpdateException;
import com.foilen.infra.plugin.v1.core.service.IPResourceService;
import com.foilen.infra.resource.dns.DnsEntry;
import com.foilen.infra.resource.dns.model.DnsEntryType;
import com.foilen.infra.resource.letsencrypt.acme.AcmeService;
import com.foilen.infra.resource.letsencrypt.acme.AcmeServiceImpl;
import com.foilen.infra.resource.letsencrypt.acme.LetsencryptException;
import com.foilen.infra.resource.webcertificate.WebsiteCertificate;
import com.foilen.smalltools.tools.AbstractBasics;
import com.foilen.smalltools.tools.DateTools;
import com.foilen.smalltools.tools.SecureRandomTools;
import com.foilen.smalltools.tuple.Tuple2;
import com.google.common.base.Joiner;
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Optional;
import java.util.function.Function;
import java.util.stream.Collectors;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.shredzone.acme4j.Order;
import org.shredzone.acme4j.challenge.Dns01Challenge;
import org.shredzone.acme4j.challenge.Http01Challenge;

/* loaded from: input_file:com/foilen/infra/resource/letsencrypt/plugin/LetsencryptHelperImpl.class */
public class LetsencryptHelperImpl extends AbstractBasics implements LetsencryptHelper {
    static SSLContext allTrustingSslContext;
    private static Function<LetsencryptConfig, AcmeService> _acmeServiceGenerator;

    public static Function<LetsencryptConfig, AcmeService> getAcmeServiceGenerator() {
        return _acmeServiceGenerator;
    }

    public static void setAcmeServiceGenerator(Function<LetsencryptConfig, AcmeService> function) {
        _acmeServiceGenerator = function;
    }

    @Override // com.foilen.infra.resource.letsencrypt.plugin.LetsencryptHelper
    public void checkUrlOrFail(String str) {
        try {
            this.logger.info("Checking for url {}", str);
            HttpResponse send = HttpClient.newBuilder().version(HttpClient.Version.HTTP_1_1).followRedirects(HttpClient.Redirect.NORMAL).connectTimeout(Duration.ofSeconds(20L)).sslContext(allTrustingSslContext).build().send(HttpRequest.newBuilder().GET().uri(new URI(str)).build(), HttpResponse.BodyHandlers.ofString());
            if (send.statusCode() != 200) {
                throw new LetsencryptException("Could not get the url. " + send.statusCode() + " " + ((String) send.body()));
            }
        } catch (Exception e) {
            throw new LetsencryptException("Could not get the url", e);
        }
    }

    @Override // com.foilen.infra.resource.letsencrypt.plugin.LetsencryptHelper
    public void createChallengesAndCreateTimer(CommonServicesContext commonServicesContext, ChangesContext changesContext, List<WebsiteCertificate> list) {
        IPResourceService resourceService = commonServicesContext.getResourceService();
        this.logger.info("Getting the config");
        Optional resourceFind = resourceService.resourceFind(resourceService.createResourceQuery(LetsencryptConfig.class));
        this.logger.info("Config is present? {}", Boolean.valueOf(resourceFind.isPresent()));
        if (!resourceFind.isPresent()) {
            throw new IllegalUpdateException("Could not find a LetsencryptConfig. Create one first");
        }
        LetsencryptConfig letsencryptConfig = (LetsencryptConfig) resourceFind.get();
        String tagName = letsencryptConfig.getTagName();
        if (tagName == null) {
            throw new IllegalUpdateException("The LetsencryptConfig does not have a tag name");
        }
        list.removeIf(websiteCertificate -> {
            return recentlyFailed(websiteCertificate);
        });
        if (list.isEmpty()) {
            this.logger.info("No certs to update");
            return;
        }
        this.logger.info("Will update certificates: {}", list.stream().flatMap(websiteCertificate2 -> {
            return websiteCertificate2.getDomainNames().stream();
        }).sorted().collect(Collectors.toList()));
        AcmeService apply = _acmeServiceGenerator.apply(letsencryptConfig);
        this.logger.info("Getting the challenges");
        ArrayList arrayList = new ArrayList();
        HashMap hashMap = new HashMap();
        for (WebsiteCertificate websiteCertificate3 : list) {
            List linkFindAllByFromResourceClassAndLinkTypeAndToResource = resourceService.linkFindAllByFromResourceClassAndLinkTypeAndToResource(LetsEncryptWithFileAttachable.class, "USES", websiteCertificate3);
            this.logger.info("Certificate {} has {} files attachables", websiteCertificate3.getResourceName(), Integer.valueOf(linkFindAllByFromResourceClassAndLinkTypeAndToResource.size()));
            if (linkFindAllByFromResourceClassAndLinkTypeAndToResource.isEmpty()) {
                this.logger.info("Certificate {} uses DNS validation", websiteCertificate3.getResourceName());
                String str = (String) websiteCertificate3.getDomainNames().stream().findFirst().get();
                try {
                    Tuple2<Order, Dns01Challenge> challengeDnsInit = apply.challengeDnsInit(str);
                    Dns01Challenge dns01Challenge = (Dns01Challenge) challengeDnsInit.getB();
                    hashMap.put(str, challengeDnsInit);
                    DnsEntry dnsEntry = new DnsEntry("_acme-challenge." + str, DnsEntryType.TXT, dns01Challenge.getDigest());
                    if (!resourceService.resourceFindByPk(dnsEntry).isPresent()) {
                        changesContext.resourceAdd(dnsEntry);
                        changesContext.linkAdd(websiteCertificate3, "MANAGES", dnsEntry);
                        changesContext.tagAdd(dnsEntry, tagName);
                    }
                } catch (LetsencryptException e) {
                    this.logger.error("Cannot get the challenge for domain {}", str, e);
                    arrayList.add(str + " : " + getAllMessages(e));
                } catch (Exception e2) {
                    this.logger.error("Unexpected failure while getting the challenge for domain {}", str, e2);
                    arrayList.add(str + " : " + getAllMessages(e2));
                }
            } else {
                this.logger.info("Certificate {} uses http validation", websiteCertificate3.getResourceName());
                if (linkFindAllByFromResourceClassAndLinkTypeAndToResource.stream().anyMatch(letsEncryptWithFileAttachable -> {
                    return recentlyStarted(letsEncryptWithFileAttachable);
                })) {
                    this.logger.info("Recently started. Skipping", websiteCertificate3.getResourceName());
                } else {
                    String str2 = (String) websiteCertificate3.getDomainNames().stream().findFirst().get();
                    try {
                        Tuple2<Order, Http01Challenge> challengeHttpInit = apply.challengeHttpInit(str2);
                        Http01Challenge http01Challenge = (Http01Challenge) challengeHttpInit.getB();
                        String token = http01Challenge.getToken();
                        String authorization = http01Challenge.getAuthorization();
                        linkFindAllByFromResourceClassAndLinkTypeAndToResource.forEach(letsEncryptWithFileAttachable2 -> {
                            letsEncryptWithFileAttachable2.getMeta().put(LetsEncryptWithFileAttachable.META_FILE_NAME, token);
                            letsEncryptWithFileAttachable2.getMeta().put(LetsEncryptWithFileAttachable.META_FILE_CONTENT, authorization);
                            letsEncryptWithFileAttachable2.getMeta().put(LetsEncryptWithFileAttachable.META_LAST_START, String.valueOf(System.currentTimeMillis()));
                            changesContext.resourceUpdate(letsEncryptWithFileAttachable2);
                        });
                        String str3 = "http://" + str2 + "/.well-known/acme-challenge/" + token;
                        this.logger.info("Start the Waiting for the HTTP: {} ; url: {} ; content: {}", str2, str3, authorization);
                        commonServicesContext.getTimerService().timerAdd(new TimerEventContext(new LetsEncryptRefreshOldCertsWaitHttpTimer(apply, this, str2, (Order) challengeHttpInit.getA(), (Http01Challenge) challengeHttpInit.getB(), str3, websiteCertificate3), "Let Encrypt - Complete - Wait URL", 13, 10, true, false));
                    } catch (LetsencryptException e3) {
                        this.logger.error("Cannot get the challenge for domain {}", str2, e3);
                        arrayList.add(str2 + " : " + getAllMessages(e3));
                    } catch (Exception e4) {
                        this.logger.error("Unexpected failure while getting the challenge for domain {}", str2, e4);
                        arrayList.add(str2 + " : " + getAllMessages(e4));
                    }
                }
            }
        }
        if (!arrayList.isEmpty()) {
            commonServicesContext.getMessagingService().alertingWarn("Let's Encrypt - Domains Without Challenge", Joiner.on('\n').join(arrayList));
        }
        if (!hashMap.isEmpty()) {
            String str4 = "z" + SecureRandomTools.randomHexString(5).toLowerCase() + letsencryptConfig.getDnsUpdatedSubDomain();
            this.logger.info("Adding the DNS Wait domain {}", str4);
            DnsEntry dnsEntry2 = new DnsEntry(str4, DnsEntryType.A, "127.0.0.1");
            changesContext.resourceAdd(dnsEntry2);
            changesContext.linkAdd(letsencryptConfig, "MANAGES", dnsEntry2);
            changesContext.tagAdd(dnsEntry2, tagName);
            this.logger.info("Start the Waiting for the DNS");
            commonServicesContext.getTimerService().timerAdd(new TimerEventContext(new LetsEncryptRefreshOldCertsWaitDnsTimer(apply, this, str4, hashMap), "Let Encrypt - Complete - Wait DNS", 12, 2, true, false));
        }
        this.logger.info("Done creating the challenges");
    }

    @Override // com.foilen.infra.resource.letsencrypt.plugin.LetsencryptHelper
    public String getAllMessages(Throwable th) {
        StringBuilder sb = new StringBuilder();
        boolean z = true;
        while (th != null) {
            if (z) {
                z = true;
            } else {
                sb.append(" ; ");
            }
            if (th.getMessage() != null) {
                sb.append(th.getMessage());
            }
            th = th.getCause();
        }
        return sb.toString();
    }

    @Override // com.foilen.infra.resource.letsencrypt.plugin.LetsencryptHelper
    public boolean recentlyFailed(WebsiteCertificate websiteCertificate) {
        long currentTimeMillis = System.currentTimeMillis() - 21600000;
        String str = (String) websiteCertificate.getMeta().get(LetsencryptHelper.LAST_FAILURE);
        if (str == null) {
            return false;
        }
        try {
            long longValue = Long.valueOf(str).longValue();
            boolean z = longValue > currentTimeMillis;
            if (z) {
                this.logger.info("{} recently failed. On {}", websiteCertificate.getDomainNames(), DateTools.formatFull(new Date(longValue)));
            }
            return z;
        } catch (Exception e) {
            return false;
        }
    }

    @Override // com.foilen.infra.resource.letsencrypt.plugin.LetsencryptHelper
    public boolean recentlyStarted(LetsEncryptWithFileAttachable letsEncryptWithFileAttachable) {
        long currentTimeMillis = System.currentTimeMillis() - 600000;
        String str = (String) letsEncryptWithFileAttachable.getMeta().get(LetsEncryptWithFileAttachable.META_LAST_START);
        if (str == null) {
            return false;
        }
        try {
            long longValue = Long.valueOf(str).longValue();
            boolean z = longValue > currentTimeMillis;
            if (z) {
                this.logger.info("{} recently started. On {}", letsEncryptWithFileAttachable.getName(), DateTools.formatFull(new Date(longValue)));
            }
            return z;
        } catch (Exception e) {
            return false;
        }
    }

    static {
        TrustManager[] trustManagerArr = {new X509TrustManager() { // from class: com.foilen.infra.resource.letsencrypt.plugin.LetsencryptHelperImpl.1
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }
        }};
        try {
            allTrustingSslContext = SSLContext.getInstance("SSL");
            allTrustingSslContext.init(null, trustManagerArr, new SecureRandom());
            _acmeServiceGenerator = letsencryptConfig -> {
                return new AcmeServiceImpl(letsencryptConfig);
            };
        } catch (Exception e) {
            throw new LetsencryptException("Could not create an SSL that trusts all certs", e);
        }
    }
}
