package org.webpieces.plugin.secure.sslcert.acme;

import java.io.IOException;
import java.io.StringWriter;
import java.net.URL;
import java.security.KeyPair;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.concurrent.CompletableFuture;
import javax.inject.Inject;
import org.shredzone.acme4j.Account;
import org.shredzone.acme4j.AccountBuilder;
import org.shredzone.acme4j.Authorization;
import org.shredzone.acme4j.Metadata;
import org.shredzone.acme4j.Order;
import org.shredzone.acme4j.Session;
import org.shredzone.acme4j.Status;
import org.shredzone.acme4j.challenge.Http01Challenge;
import org.shredzone.acme4j.exception.AcmeException;
import org.shredzone.acme4j.util.CSRBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.webpieces.plugin.secure.sslcert.CertAndSigningRequest;
import org.webpieces.plugin.secure.sslcert.ChallengeInBadStateException;
import org.webpieces.plugin.secure.sslcert.InstallSslCertConfig;
import org.webpieces.util.exceptions.SneakyThrow;
import org.webpieces.util.futures.CompletableFutureCollector;

/* loaded from: input_file:org/webpieces/plugin/secure/sslcert/acme/AcmeClientProxy.class */
public class AcmeClientProxy {
    private static final Logger log = LoggerFactory.getLogger(AcmeClientProxy.class);
    private InstallSslCertConfig config;

    @Inject
    public AcmeClientProxy(InstallSslCertConfig installSslCertConfig) {
        this.config = installSslCertConfig;
    }

    public CompletableFuture<AcmeInfo> fetchRemoteInfo() {
        try {
            Metadata metadata = new Session(this.config.getProviderLocation()).getMetadata();
            return CompletableFuture.completedFuture(new AcmeInfo(metadata.getTermsOfService(), metadata.getWebsite()));
        } catch (AcmeException e) {
            throw SneakyThrow.sneak(e);
        }
    }

    public CompletableFuture<URL> openAccount(String str, KeyPair keyPair) {
        try {
            log.info("open account");
            URL location = new AccountBuilder().addContact("mailto:" + str).agreeToTermsOfService().useKeyPair(keyPair).create(new Session("acme://letsencrypt.org/staging")).getLocation();
            log.info("account location=" + location);
            return CompletableFuture.completedFuture(location);
        } catch (AcmeException e) {
            throw SneakyThrow.sneak(e);
        }
    }

    public CompletableFuture<ProxyOrder> placeOrder(URL url, KeyPair keyPair) {
        try {
            log.info("reestablish account from location=" + url + " and keypair");
            Account account = new Session("acme://letsencrypt.org/staging").login(url, keyPair).getAccount();
            log.info("create an order");
            Order create = account.newOrder().domain("something.com").create();
            checkAuthStatii(create);
            ArrayList arrayList = new ArrayList();
            Iterator it = create.getAuthorizations().iterator();
            while (it.hasNext()) {
                arrayList.add(new ProxyAuthorization((Authorization) it.next()));
            }
            return CompletableFuture.completedFuture(new ProxyOrder(create, arrayList));
        } catch (AcmeException e) {
            throw SneakyThrow.sneak(e);
        }
    }

    public CompletableFuture<CertAndSigningRequest> finalizeOrder(ProxyOrder proxyOrder, KeyPair keyPair, String str, String str2, String str3) {
        return ((CompletableFuture) proxyOrder.getOrder().getAuthorizations().stream().map(authorization -> {
            return processChallenge(authorization);
        }).collect(CompletableFutureCollector.allOf())).thenCompose(list -> {
            return finalizeOrder(proxyOrder, str2, str3, keyPair);
        });
    }

    private CompletableFuture<CertAndSigningRequest> finalizeOrder(ProxyOrder proxyOrder, String str, String str2, KeyPair keyPair) {
        try {
            StringWriter stringWriter = new StringWriter();
            try {
                Order order = proxyOrder.getOrder();
                CSRBuilder cSRBuilder = new CSRBuilder();
                cSRBuilder.addDomain(str);
                cSRBuilder.setOrganization(str2);
                cSRBuilder.sign(keyPair);
                order.execute(cSRBuilder.getEncoded());
                while (order.getStatus() != Status.VALID) {
                    Thread.sleep(3000L);
                    order.update();
                }
                cSRBuilder.write(stringWriter);
                CompletableFuture<CertAndSigningRequest> completedFuture = CompletableFuture.completedFuture(new CertAndSigningRequest(stringWriter.toString(), order.getCertificate().getCertificateChain()));
                stringWriter.close();
                return completedFuture;
            } finally {
            }
        } catch (AcmeException | IOException | InterruptedException e) {
            throw SneakyThrow.sneak(e);
        }
    }

    private CompletableFuture<Void> processChallenge(Authorization authorization) {
        try {
            Http01Challenge findChallenge = authorization.findChallenge("http-01");
            log.info("tell remote end to trigger a call now. status=" + authorization.getStatus() + " domain=" + authorization.getIdentifier().getDomain() + " expires=" + authorization.getExpires());
            findChallenge.trigger();
            log.info("status after=" + authorization.getStatus());
            while (authorization.getStatus() != Status.VALID) {
                Thread.sleep(3000L);
                log.info("reupdate status");
                authorization.update();
                log.info("updated to status=" + authorization.getStatus());
            }
            return null;
        } catch (AcmeException | InterruptedException e) {
            throw SneakyThrow.sneak(e);
        }
    }

    private void checkAuthStatii(Order order) {
        for (Authorization authorization : order.getAuthorizations()) {
            Status status = authorization.getStatus();
            log.info("checking auth=" + authorization.getIdentifier().getDomain() + " status=" + status + " location=" + authorization.getLocation() + " expires=" + authorization.getExpires());
            if (status != Status.PENDING) {
                throw new ChallengeInBadStateException("challenge in bad state=" + authorization.getJSON());
            }
        }
    }
}
