package io.quarkus.tls.cli.letsencrypt;

import io.smallrye.certs.CertificateUtils;
import io.vertx.core.json.JsonObject;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileReader;
import java.io.IOException;
import java.lang.System;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.nio.file.StandardCopyOption;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Base64;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemReader;
import org.wildfly.security.x500.cert.X509CertificateChainAndSigningKey;
import org.wildfly.security.x500.cert.acme.Acme;
import org.wildfly.security.x500.cert.acme.AcmeAccount;
import org.wildfly.security.x500.cert.acme.AcmeException;

/* loaded from: input_file:io/quarkus/tls/cli/letsencrypt/LetsEncryptHelpers.class */
public class LetsEncryptHelpers {
    static System.Logger LOGGER = System.getLogger("lets-encrypt");

    public static void writePrivateKeyAndCertificateChainsAsPem(PrivateKey privateKey, X509Certificate[] x509CertificateArr, File file, File file2) throws Exception {
        if (privateKey == null) {
            throw new IllegalArgumentException("The private key cannot be null");
        }
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("The certificate chain cannot be null or empty");
        }
        CertificateUtils.writePrivateKeyToPem(privateKey, file);
        if (x509CertificateArr.length == 1) {
            CertificateUtils.writeCertificateToPEM(x509CertificateArr[0], file2, new X509Certificate[0]);
            return;
        }
        X509Certificate[] x509CertificateArr2 = new X509Certificate[x509CertificateArr.length - 1];
        System.arraycopy(x509CertificateArr, 1, x509CertificateArr2, 0, x509CertificateArr.length - 1);
        CertificateUtils.writeCertificateToPEM(x509CertificateArr[0], file2, x509CertificateArr2);
    }

    public static X509Certificate loadCertificateFromPEM(String str) throws IOException, CertificateException {
        PemReader pemReader = new PemReader(new FileReader(str));
        try {
            PemObject readPemObject = pemReader.readPemObject();
            if (readPemObject == null) {
                throw new IOException("Invalid PEM file: No PEM content found.");
            }
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(readPemObject.getContent()));
            pemReader.close();
            return x509Certificate;
        } catch (Throwable th) {
            try {
                pemReader.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    public static String createAccount(AcmeClient acmeClient, String str, boolean z, String str2) {
        System.Logger logger = LOGGER;
        System.Logger.Level level = System.Logger.Level.INFO;
        Object[] objArr = new Object[1];
        objArr[0] = z ? "staging" : "production";
        logger.log(level, "�� Creating {0} Let's Encrypt account", objArr);
        AcmeAccount build = AcmeAccount.builder().setTermsOfServiceAgreed(true).setServerUrl("https://acme-v02.api.letsencrypt.org/directory").setStagingServerUrl("https://acme-staging-v02.api.letsencrypt.org/directory").setContactUrls(new String[]{"mailto:" + str2}).build();
        try {
            if (acmeClient.createAccount(build, z)) {
                System.Logger logger2 = LOGGER;
                System.Logger.Level level2 = System.Logger.Level.INFO;
                Object[] objArr2 = new Object[2];
                objArr2[0] = z ? "Staging" : "Production";
                objArr2[1] = str2;
                logger2.log(level2, "�� {0} Let's Encrypt account {1} has been created", objArr2);
            } else {
                System.Logger logger3 = LOGGER;
                System.Logger.Level level3 = System.Logger.Level.INFO;
                Object[] objArr3 = new Object[2];
                objArr3[0] = z ? "Staging" : "Production";
                objArr3[1] = str2;
                logger3.log(level3, "�� {0} Let's Encrypt account {1} already exists", objArr3);
            }
            JsonObject convertAccountToJson = convertAccountToJson(build);
            saveAccount(str, convertAccountToJson);
            return convertAccountToJson.encode();
        } catch (AcmeException e) {
            LOGGER.log(System.Logger.Level.ERROR, "⚠️ Failed to create Let's Encrypt account");
            throw new RuntimeException(e);
        }
    }

    private static JsonObject convertAccountToJson(AcmeAccount acmeAccount) {
        JsonObject jsonObject = new JsonObject();
        jsonObject.put("account-url", acmeAccount.getAccountUrl());
        jsonObject.put("contact-url", acmeAccount.getContactUrls()[0]);
        if (acmeAccount.getPrivateKey() != null) {
            jsonObject.put("private-key", new String(Base64.getEncoder().encode(acmeAccount.getPrivateKey().getEncoded()), StandardCharsets.US_ASCII));
        }
        if (acmeAccount.getCertificate() != null) {
            try {
                jsonObject.put(Acme.CERTIFICATE, new String(Base64.getEncoder().encode(acmeAccount.getCertificate().getEncoded()), StandardCharsets.US_ASCII));
            } catch (CertificateEncodingException e) {
                LOGGER.log(System.Logger.Level.INFO, "⚠️ Failed to get encoded certificate data");
                throw new RuntimeException(e);
            }
        }
        if (acmeAccount.getKeyAlgorithmName() != null) {
            jsonObject.put("key-algorithm", acmeAccount.getKeyAlgorithmName());
        }
        jsonObject.put("key-size", Integer.valueOf(acmeAccount.getKeySize()));
        return jsonObject;
    }

    private static void saveAccount(String str, JsonObject jsonObject) {
        LOGGER.log(System.Logger.Level.DEBUG, "Saving account to {0}", new Object[]{str});
        try {
            Files.copy(new ByteArrayInputStream(jsonObject.encode().getBytes(StandardCharsets.US_ASCII)), Paths.get(str + "/account.json", new String[0]), StandardCopyOption.REPLACE_EXISTING);
        } catch (IOException e) {
            throw new RuntimeException("Failure to save the account", e);
        }
    }

    public static void issueCertificate(AcmeClient acmeClient, File file, boolean z, String str, File file2, File file3) {
        try {
            X509CertificateChainAndSigningKey obtainCertificateChain = acmeClient.obtainCertificateChain(getAccount(file), z, str);
            LOGGER.log(System.Logger.Level.INFO, "�� Certificate and private key issued, converting them to PEM files");
            try {
                writePrivateKeyAndCertificateChainsAsPem(obtainCertificateChain.getSigningKey(), obtainCertificateChain.getCertificateChain(), file3, file2);
            } catch (Exception e) {
                throw new RuntimeException("Failure to copy certificate pem");
            }
        } catch (AcmeException e2) {
            throw new RuntimeException(e2.getMessage());
        }
    }

    private static AcmeAccount getAccount(File file) {
        LOGGER.log(System.Logger.Level.DEBUG, "Getting account from {0}", new Object[]{file});
        JsonObject readAccountJson = readAccountJson(file);
        AcmeAccount.Builder stagingServerUrl = AcmeAccount.builder().setTermsOfServiceAgreed(true).setServerUrl("https://acme-v02.api.letsencrypt.org/directory").setStagingServerUrl("https://acme-staging-v02.api.letsencrypt.org/directory");
        String string = readAccountJson.getString("key-algorithm");
        stagingServerUrl.setKeyAlgorithmName(string);
        stagingServerUrl.setKeySize(readAccountJson.getInteger("key-size").intValue());
        if (readAccountJson.containsKey("private-key") && readAccountJson.containsKey(Acme.CERTIFICATE)) {
            stagingServerUrl.setKey(getCertificate(readAccountJson.getString(Acme.CERTIFICATE)), getPrivateKey(readAccountJson.getString("private-key"), string));
        }
        AcmeAccount build = stagingServerUrl.build();
        build.setContactUrls(new String[]{readAccountJson.getString("contact-url")});
        build.setAccountUrl(readAccountJson.getString("account-url"));
        return build;
    }

    private static JsonObject readAccountJson(File file) {
        LOGGER.log(System.Logger.Level.DEBUG, "Reading account information from {0}", new Object[]{file});
        try {
            FileInputStream fileInputStream = new FileInputStream(Paths.get(String.valueOf(file) + "/account.json", new String[0]).toString());
            try {
                JsonObject jsonObject = new JsonObject(new String(fileInputStream.readAllBytes(), StandardCharsets.US_ASCII));
                fileInputStream.close();
                return jsonObject;
            } finally {
            }
        } catch (IOException e) {
            throw new RuntimeException("Unable to read the account file, you must create account first");
        }
    }

    private static X509Certificate getCertificate(String str) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(Base64.getDecoder().decode(str)));
        } catch (Exception e) {
            throw new RuntimeException("Failure to create a certificate", e);
        }
    }

    private static PrivateKey getPrivateKey(String str, String str2) {
        String str3;
        if (str2 != null) {
            try {
                if (!"RSA".equals(str2)) {
                    str3 = "EC";
                    return KeyFactory.getInstance(str3).generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder().decode(str)));
                }
            } catch (Exception e) {
                throw new RuntimeException("Failure to create a private key", e);
            }
        }
        str3 = "RSA";
        return KeyFactory.getInstance(str3).generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder().decode(str)));
    }

    public static void renewCertificate(AcmeClient acmeClient, File file, boolean z, String str, File file2, File file3) {
        System.Logger logger = LOGGER;
        System.Logger.Level level = System.Logger.Level.INFO;
        Object[] objArr = new Object[1];
        objArr[0] = z ? "staging" : "production";
        logger.log(level, "�� Renewing {0} Let's Encrypt certificate chain and private key", objArr);
        issueCertificate(acmeClient, file, z, str, file2, file3);
    }

    public static void deactivateAccount(AcmeClient acmeClient, File file, boolean z) throws IOException {
        AcmeAccount account = getAccount(file);
        System.Logger logger = LOGGER;
        System.Logger.Level level = System.Logger.Level.INFO;
        Object[] objArr = new Object[1];
        objArr[0] = z ? "staging" : "production";
        logger.log(level, "Deactivating {0} Let's Encrypt account", objArr);
        acmeClient.deactivateAccount(account, z);
        LOGGER.log(System.Logger.Level.INFO, "Removing account file from {0}", new Object[]{file});
        Files.deleteIfExists(Paths.get(String.valueOf(file) + "/account.json", new String[0]));
    }

    public static void adjustPermissions(File file, File file2) {
        if (!file.setReadable(true, false)) {
            LOGGER.log(System.Logger.Level.ERROR, "Failed to set certificate file readable");
        }
        if (!file.setWritable(true, true)) {
            LOGGER.log(System.Logger.Level.ERROR, "Failed to set certificate file as not writable");
        }
        if (!file2.setReadable(true, false)) {
            LOGGER.log(System.Logger.Level.ERROR, "Failed to set key file as readable");
        }
        if (file2.setWritable(true, true)) {
            return;
        }
        LOGGER.log(System.Logger.Level.ERROR, "Failed to set key file as not writable");
    }
}
