package com.foilen.infra.resource.letsencrypt.acme;

import com.foilen.infra.resource.letsencrypt.plugin.LetsencryptConfig;
import com.foilen.smalltools.crypt.spongycastle.asymmetric.RSACrypt;
import com.foilen.smalltools.crypt.spongycastle.cert.RSACertificate;
import com.foilen.smalltools.crypt.spongycastle.cert.RSATools;
import com.foilen.smalltools.tools.AbstractBasics;
import com.foilen.smalltools.tools.AssertTools;
import com.foilen.smalltools.tools.JsonTools;
import com.foilen.smalltools.tools.ThreadTools;
import com.foilen.smalltools.tuple.Tuple2;
import com.google.common.base.Joiner;
import java.net.URI;
import java.net.URL;
import java.security.KeyPair;
import java.util.ArrayList;
import org.shredzone.acme4j.Account;
import org.shredzone.acme4j.AccountBuilder;
import org.shredzone.acme4j.Authorization;
import org.shredzone.acme4j.Order;
import org.shredzone.acme4j.Session;
import org.shredzone.acme4j.Status;
import org.shredzone.acme4j.challenge.Challenge;
import org.shredzone.acme4j.challenge.Dns01Challenge;
import org.shredzone.acme4j.challenge.Http01Challenge;
import org.shredzone.acme4j.exception.AcmeException;

/* loaded from: input_file:com/foilen/infra/resource/letsencrypt/acme/AcmeServiceImpl.class */
public class AcmeServiceImpl extends AbstractBasics implements AcmeService {
    private LetsencryptConfig config;
    private Session session;
    private Account account;

    public AcmeServiceImpl(LetsencryptConfig letsencryptConfig) {
        this.config = letsencryptConfig;
        try {
            this.logger.info("Logging to {}", letsencryptConfig.getUrl());
            this.session = new Session(new URI(letsencryptConfig.getUrl()));
            login();
        } catch (Exception e) {
            throw new LetsencryptException("Problem connecting to ACME", e);
        }
    }

    @Override // com.foilen.infra.resource.letsencrypt.acme.AcmeService
    public void challengeComplete(Challenge challenge) {
        AssertTools.assertNotNull(this.account, "You need to log in first");
        try {
            this.logger.info("Triggering the challenge");
            challenge.trigger();
            while (challenge.getStatus() != Status.VALID) {
                if (challenge.getStatus() == Status.INVALID) {
                    throw new LetsencryptException("The challenge failed: " + getChallengeErrorDetails(challenge));
                }
                ThreadTools.sleep(5000L);
                try {
                    this.logger.info("Updating the status");
                    challenge.update();
                    this.logger.info("Current status: {}", challenge.getStatus());
                } catch (AcmeException e) {
                    this.logger.error("Problem updating the challenge status", (Throwable) e);
                    throw new LetsencryptException("Problem updating the challenge status: " + getChallengeErrorDetails(challenge), e);
                }
            }
        } catch (AcmeException e2) {
            this.logger.error("Problem triggering the challenge", (Throwable) e2);
            throw new LetsencryptException("Problem triggering the challenge: " + getChallengeErrorDetails(challenge), e2);
        }
    }

    @Override // com.foilen.infra.resource.letsencrypt.acme.AcmeService
    public Tuple2<Order, Dns01Challenge> challengeDnsInit(String str) {
        AssertTools.assertNotNull(this.account, "You need to log in first");
        try {
            Order create = this.account.newOrder().domains(str).create();
            Dns01Challenge dns01Challenge = null;
            ArrayList arrayList = new ArrayList();
            for (Authorization authorization : create.getAuthorizations()) {
                authorization.getChallenges().stream().map(challenge -> {
                    return challenge.getType();
                }).forEach(str2 -> {
                    arrayList.add(str2);
                });
                dns01Challenge = (Dns01Challenge) authorization.findChallenge(Dns01Challenge.TYPE);
            }
            if (dns01Challenge == null) {
                throw new LetsencryptException("DNS Challenge not found for " + str + " ; Available challenges are: [" + Joiner.on(", ").join(arrayList) + "]");
            }
            return new Tuple2<>(create, dns01Challenge);
        } catch (AcmeException e) {
            this.logger.error("Could not ask for domain {}", str, e);
            throw new LetsencryptException("Could not ask for domain " + str, e);
        }
    }

    @Override // com.foilen.infra.resource.letsencrypt.acme.AcmeService
    public Tuple2<Order, Http01Challenge> challengeHttpInit(String str) {
        AssertTools.assertNotNull(this.account, "You need to log in first");
        try {
            Order create = this.account.newOrder().domains(str).create();
            Http01Challenge http01Challenge = null;
            ArrayList arrayList = new ArrayList();
            for (Authorization authorization : create.getAuthorizations()) {
                authorization.getChallenges().stream().map(challenge -> {
                    return challenge.getType();
                }).forEach(str2 -> {
                    arrayList.add(str2);
                });
                http01Challenge = (Http01Challenge) authorization.findChallenge(Http01Challenge.TYPE);
            }
            if (http01Challenge == null) {
                throw new LetsencryptException("HTTP Challenge not found for " + str + " ; Available challenges are: [" + Joiner.on(", ").join(arrayList) + "]");
            }
            return new Tuple2<>(create, http01Challenge);
        } catch (AcmeException e) {
            this.logger.error("Could not ask for domain {}", str, e);
            throw new LetsencryptException("Could not ask for domain " + str, e);
        }
    }

    private String getChallengeErrorDetails(Challenge challenge) {
        this.logger.info("getChallengeErrorDetails: {}", JsonTools.compactPrintWithoutNulls(challenge));
        return (challenge == null || challenge.getError() == null) ? "no details" : challenge.getError().getDetail();
    }

    private void login() {
        KeyPair createKeyPair = RSATools.createKeyPair(RSACrypt.RSA_CRYPT.loadKeysPemFromString(new String[]{this.config.getAccountKeypairPem()}));
        this.logger.info("Registering account");
        try {
            this.account = new AccountBuilder().addContact("mailto:" + this.config.getContactEmail()).agreeToTermsOfService().useKeyPair(createKeyPair).create(this.session);
            URL location = this.account.getLocation();
            this.session.login(location, createKeyPair);
            this.logger.info("AcmeClient location: {}", location);
        } catch (AcmeException e) {
            this.logger.error("Problem logging in", (Throwable) e);
            throw new LetsencryptException("Problem logging in", e);
        }
    }

    @Override // com.foilen.infra.resource.letsencrypt.acme.AcmeService
    public RSACertificate requestCertificate(Order order, byte[] bArr) {
        AssertTools.assertNotNull(this.account, "You need to log in first");
        try {
            order.execute(bArr);
            for (int i = 0; order.getStatus() != Status.VALID && i < 6; i++) {
                if (order.getStatus() == Status.INVALID) {
                    throw new LetsencryptException("The order failed");
                }
                ThreadTools.sleep(10000L);
                try {
                    this.logger.info("Updating the status");
                    order.update();
                    this.logger.info("[{}] Current order status: {}", Integer.valueOf(i), order.getStatus());
                } catch (AcmeException e) {
                    this.logger.error("Problem updating the order status", (Throwable) e);
                    throw new LetsencryptException("Problem updating the order status", e);
                }
            }
            if (order.getStatus() == Status.VALID) {
                return new RSACertificate(order.getCertificate().getCertificate());
            }
            this.logger.error("Order status is still not valid after 1 minute. Status is {} ; problem is {} ; json: {}", order.getStatus(), order.getError(), order.getJSON().toString());
            throw new LetsencryptException("Order status is still not valid after 1 minute. Status is " + order.getStatus());
        } catch (AcmeException e2) {
            this.logger.error("Problem executing the cert request", (Throwable) e2);
            throw new LetsencryptException("Problem executing the cert request", e2);
        }
    }
}
