package io.micronaut.acme.background;

import io.micronaut.acme.AcmeConfiguration;
import io.micronaut.acme.services.AcmeService;
import io.micronaut.runtime.event.ApplicationStartupEvent;
import io.micronaut.runtime.event.annotation.EventListener;
import io.micronaut.runtime.exceptions.ApplicationStartupException;
import io.micronaut.scheduling.annotation.Scheduled;
import jakarta.inject.Singleton;
import java.security.cert.X509Certificate;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.util.ArrayList;
import org.shredzone.acme4j.exception.AcmeException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
/* loaded from: input_file:io/micronaut/acme/background/AcmeCertRefresherTask.class */
public final class AcmeCertRefresherTask {
    private static final Logger LOG = LoggerFactory.getLogger(AcmeCertRefresherTask.class);
    private AcmeService acmeService;
    private final AcmeConfiguration acmeConfiguration;

    public AcmeCertRefresherTask(AcmeService acmeService, AcmeConfiguration acmeConfiguration) {
        this.acmeService = acmeService;
        this.acmeConfiguration = acmeConfiguration;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Scheduled(fixedDelay = "${acme.refresh.frequency:24h}", initialDelay = "${acme.refresh.delay:24h}")
    public void backgroundRenewal() throws AcmeException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Running background/scheduled renewal process");
        }
        renewCertIfNeeded();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @EventListener
    public void onStartup(ApplicationStartupEvent applicationStartupEvent) {
        try {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Running startup renewal process");
            }
            renewCertIfNeeded();
        } catch (Exception e) {
            LOG.error("Failed to initialize certificate for SSL no requests would be secure. Stopping application", e);
            throw new ApplicationStartupException("Failed to start due to SSL configuration issue.", e);
        }
    }

    protected void renewCertIfNeeded() throws AcmeException {
        if (!this.acmeConfiguration.isTosAgree()) {
            throw new IllegalStateException(String.format("Cannot refresh certificates until terms of service is accepted. Please review the TOS for Let's Encrypt and set \"%s\" to \"%s\" in configuration once complete", "acme.tos-agree", "true"));
        }
        ArrayList arrayList = new ArrayList();
        for (String str : this.acmeConfiguration.getDomains()) {
            arrayList.add(str);
            if (str.startsWith("*.")) {
                String substring = str.substring(2);
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Configured domain is a wildcard, including the base domain [{}] in addition", substring);
                }
                arrayList.add(substring);
            }
        }
        X509Certificate currentCertificate = this.acmeService.getCurrentCertificate();
        if (currentCertificate == null) {
            this.acmeService.orderCertificate(arrayList);
        } else if (ChronoUnit.SECONDS.between(Instant.now(), currentCertificate.getNotAfter().toInstant()) <= this.acmeConfiguration.getRenewWitin().getSeconds()) {
            this.acmeService.orderCertificate(arrayList);
        } else {
            this.acmeService.setupCurrentCertificate();
        }
    }
}
