package com.foilen.infra.resource.letsencrypt.plugin;

import com.foilen.infra.plugin.v1.core.context.ChangesContext;
import com.foilen.infra.plugin.v1.core.context.CommonServicesContext;
import com.foilen.infra.plugin.v1.core.context.TimerEventContext;
import com.foilen.infra.plugin.v1.core.eventhandler.TimerEventHandler;
import com.foilen.infra.plugin.v1.core.service.IPResourceService;
import com.foilen.infra.resource.dns.DnsEntry;
import com.foilen.infra.resource.dns.model.DnsEntryType;
import com.foilen.infra.resource.letsencrypt.acme.AcmeService;
import com.foilen.infra.resource.letsencrypt.acme.LetsencryptException;
import com.foilen.infra.resource.webcertificate.WebsiteCertificate;
import com.foilen.infra.resource.webcertificate.helper.CertificateHelper;
import com.foilen.smalltools.crypt.spongycastle.asymmetric.AsymmetricKeys;
import com.foilen.smalltools.crypt.spongycastle.asymmetric.RSACrypt;
import com.foilen.smalltools.crypt.spongycastle.cert.RSACertificate;
import com.foilen.smalltools.crypt.spongycastle.cert.RSATools;
import com.foilen.smalltools.tuple.Tuple2;
import com.google.common.base.Joiner;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import org.bouncycastle.asn1.cmp.PKIFailureInfo;
import org.shredzone.acme4j.Order;
import org.shredzone.acme4j.challenge.Challenge;
import org.shredzone.acme4j.challenge.Dns01Challenge;
import org.shredzone.acme4j.util.CSRBuilder;

/* loaded from: input_file:com/foilen/infra/resource/letsencrypt/plugin/LetsEncryptRefreshOldCertsWaitDnsTimer.class */
public class LetsEncryptRefreshOldCertsWaitDnsTimer extends AbstractLetsEncryptRefreshOldCertsWaitTimer implements TimerEventHandler {
    private String dnsWaitDomain;
    private Map<String, Tuple2<Order, Dns01Challenge>> challengeByDomain;
    private boolean foundOnLastCheck;

    public LetsEncryptRefreshOldCertsWaitDnsTimer(AcmeService acmeService, LetsencryptHelper letsencryptHelper, String str, Map<String, Tuple2<Order, Dns01Challenge>> map) {
        super(acmeService, letsencryptHelper);
        this.foundOnLastCheck = false;
        this.dnsWaitDomain = str;
        this.challengeByDomain = map;
    }

    public void timerHandler(CommonServicesContext commonServicesContext, ChangesContext changesContext, TimerEventContext timerEventContext) {
        try {
            try {
                try {
                    this.logger.info("Checking for domain {}", this.dnsWaitDomain);
                    InetAddress.getByName(this.dnsWaitDomain);
                    this.logger.info("Domain {} found", this.dnsWaitDomain);
                    if (!this.foundOnLastCheck) {
                        this.logger.info("Wait 30 more seconds");
                        this.foundOnLastCheck = true;
                        commonServicesContext.getTimerService().timerAdd(new TimerEventContext(this, "Let Encrypt - Complete - Wait last", 13, 30, true, false));
                        this.logger.info("Timer completed");
                        return;
                    }
                    this.logger.info("Complete challenges");
                    IPResourceService resourceService = commonServicesContext.getResourceService();
                    Iterator<Map.Entry<String, Tuple2<Order, Dns01Challenge>>> it = this.challengeByDomain.entrySet().iterator();
                    ArrayList arrayList = new ArrayList();
                    while (it.hasNext()) {
                        Map.Entry<String, Tuple2<Order, Dns01Challenge>> next = it.next();
                        String key = next.getKey();
                        try {
                            this.logger.info("Complete the challenge for certificate: {}", key);
                            this.acmeService.challengeComplete((Challenge) next.getValue().getB());
                        } catch (LetsencryptException e) {
                            this.logger.info("Failed the challenge for certificate: {}", key);
                            arrayList.add(key + " : " + this.letsencryptHelper.getAllMessages(e));
                            resourceService.resourceFindAll(resourceService.createResourceQuery(WebsiteCertificate.class).addEditorEquals(new String[]{LetsEncryptWebsiteCertificateEditor.EDITOR_NAME}).propertyEquals("domainNames", Collections.singleton(key))).forEach(websiteCertificate -> {
                                websiteCertificate.getMeta().put(LetsencryptHelper.LAST_FAILURE, String.valueOf(System.currentTimeMillis()));
                                changesContext.resourceUpdate(websiteCertificate);
                            });
                            it.remove();
                        }
                    }
                    this.logger.info("Get all the certificates currently in the system");
                    ArrayList arrayList2 = new ArrayList();
                    Iterator<String> it2 = this.challengeByDomain.keySet().iterator();
                    while (it2.hasNext()) {
                        arrayList2.addAll(resourceService.resourceFindAll(resourceService.createResourceQuery(WebsiteCertificate.class).addEditorEquals(new String[]{LetsEncryptWebsiteCertificateEditor.EDITOR_NAME}).propertyEquals("domainNames", Collections.singleton(it2.next()))));
                    }
                    HashMap hashMap = new HashMap();
                    arrayList2.forEach(websiteCertificate2 -> {
                        hashMap.put((String) websiteCertificate2.getDomainNames().stream().findFirst().get(), websiteCertificate2);
                    });
                    this.logger.info("Get all the certificates from Lets Encrypt");
                    ArrayList arrayList3 = new ArrayList();
                    ArrayList arrayList4 = new ArrayList();
                    for (String str : this.challengeByDomain.keySet()) {
                        AsymmetricKeys generateKeyPair = RSACrypt.RSA_CRYPT.generateKeyPair(PKIFailureInfo.certConfirmed);
                        CSRBuilder cSRBuilder = new CSRBuilder();
                        cSRBuilder.addDomain(str);
                        try {
                            this.logger.info("Getting certificate for: {}", str);
                            cSRBuilder.sign(RSATools.createKeyPair(generateKeyPair));
                            RSACertificate requestCertificate = this.acmeService.requestCertificate((Order) this.challengeByDomain.get(str).getA(), cSRBuilder.getEncoded());
                            requestCertificate.setKeysForSigning(generateKeyPair);
                            arrayList3.add(new Tuple2(generateKeyPair, requestCertificate));
                            this.logger.info("Successfully updated certificate: {}", str);
                            arrayList4.add(str);
                        } catch (Exception e2) {
                            this.logger.info("Failed to retrieve the certificate for: {}", str);
                            arrayList.add(str + " : " + this.letsencryptHelper.getAllMessages(e2));
                        }
                    }
                    if (!arrayList.isEmpty()) {
                        commonServicesContext.getMessagingService().alertingWarn("Let's Encrypt - Domains Couldn't get certificate (DNS)", Joiner.on('\n').join(arrayList));
                    }
                    if (!arrayList4.isEmpty()) {
                        commonServicesContext.getMessagingService().alertingInfo("Let's Encrypt - Domains that got a new certificate (DNS)", Joiner.on('\n').join(arrayList4));
                    }
                    this.logger.info("Delete the DNS Wait entry: {}", this.dnsWaitDomain);
                    changesContext.resourceDelete(new DnsEntry(this.dnsWaitDomain, DnsEntryType.A, "127.0.0.1"));
                    this.logger.info("Update the certificates in the system");
                    Iterator it3 = arrayList3.iterator();
                    while (it3.hasNext()) {
                        WebsiteCertificate websiteCertificate3 = CertificateHelper.toWebsiteCertificate(CA_CERTIFICATE_TEXT, (RSACertificate) ((Tuple2) it3.next()).getB());
                        websiteCertificate3.setResourceEditorName(LetsEncryptWebsiteCertificateEditor.EDITOR_NAME);
                        changesContext.resourceUpdate((WebsiteCertificate) hashMap.get((String) websiteCertificate3.getDomainNames().stream().findFirst().get()), websiteCertificate3);
                    }
                    this.logger.info("Delete the DNS entries for challenges");
                    Iterator it4 = arrayList2.iterator();
                    while (it4.hasNext()) {
                        Iterator it5 = resourceService.linkFindAllByFromResourceAndLinkTypeAndToResourceClass((WebsiteCertificate) it4.next(), "MANAGES", DnsEntry.class).iterator();
                        while (it5.hasNext()) {
                            changesContext.resourceDelete((DnsEntry) it5.next());
                        }
                    }
                    this.logger.info("Timer completed");
                } catch (UnknownHostException e3) {
                    this.logger.info("Domain {} not present. Waiting 2 more minutes", this.dnsWaitDomain);
                    commonServicesContext.getTimerService().timerAdd(new TimerEventContext(this, "Let Encrypt - Complete - Wait DNS", 12, 2, true, false));
                    this.logger.info("Timer completed");
                }
            } catch (Exception e4) {
                this.logger.error("Problem while managing Lets Encrypt", (Throwable) e4);
                commonServicesContext.getMessagingService().alertingError("Problem while managing Lets Encrypt", e4.getMessage());
                this.logger.info("Timer completed");
            }
        } catch (Throwable th) {
            this.logger.info("Timer completed");
            throw th;
        }
    }
}
