package zutil.net.acme;

import java.io.IOException;
import java.net.URI;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.shredzone.acme4j.Account;
import org.shredzone.acme4j.AccountBuilder;
import org.shredzone.acme4j.Authorization;
import org.shredzone.acme4j.Order;
import org.shredzone.acme4j.Session;
import org.shredzone.acme4j.Status;
import org.shredzone.acme4j.challenge.Challenge;
import org.shredzone.acme4j.exception.AcmeException;
import org.shredzone.acme4j.util.CSRBuilder;
import org.shredzone.acme4j.util.KeyPairUtils;
import zutil.StringUtil;
import zutil.log.LogUtil;
import zutil.net.http.HttpServer;

/* loaded from: input_file:zutil/net/acme/AcmeClient.class */
public class AcmeClient {
    private static final Logger logger = LogUtil.getLogger();
    public static final String ACME_SERVER_LETSENCRYPT_PRODUCTION = "acme://letsencrypt.org";
    public static final String ACME_SERVER_LETSENCRYPT_STAGING = "acme://letsencrypt.org/staging";
    private static final int KEY_SIZE = 2048;
    private String acmeServerUrl;
    private AcmeDataStore dataStore;
    private AcmeChallengeFactory challengeFactory;
    private Account acmeAccount;
    private ArrayList<String> domains;
    private Order order;
    private ArrayList<Challenge> challenges;

    public AcmeClient(AcmeDataStore acmeDataStore, HttpServer httpServer) throws AcmeException {
        this(acmeDataStore, new AcmeHttpChallengeFactory(httpServer), ACME_SERVER_LETSENCRYPT_PRODUCTION);
    }

    public AcmeClient(AcmeDataStore acmeDataStore, AcmeChallengeFactory acmeChallengeFactory) throws AcmeException {
        this(acmeDataStore, acmeChallengeFactory, ACME_SERVER_LETSENCRYPT_PRODUCTION);
    }

    public AcmeClient(AcmeDataStore acmeDataStore, AcmeChallengeFactory acmeChallengeFactory, String str) throws AcmeException {
        this.domains = new ArrayList<>();
        this.challenges = new ArrayList<>();
        Security.addProvider(new BouncyCastleProvider());
        this.dataStore = acmeDataStore;
        this.challengeFactory = acmeChallengeFactory;
        this.acmeServerUrl = str;
        this.acmeAccount = getAccount(new Session(str));
    }

    public void addDomain(String... strArr) {
        Collections.addAll(this.domains, strArr);
    }

    public void prepareRequest() throws AcmeException {
        this.order = this.acmeAccount.newOrder().domains(this.domains).create();
        for (Authorization authorization : this.order.getAuthorizations()) {
            if (authorization.getStatus() != Status.VALID) {
                this.challenges.add(this.challengeFactory.createChallenge(authorization));
            }
        }
    }

    public X509Certificate requestCertificate() throws IOException, AcmeException {
        if (this.order == null) {
            throw new IllegalStateException("prepareRequest() method has not been called before the request of certificate.");
        }
        X509Certificate certificate = this.dataStore.getCertificate();
        if (isCertificateValid(certificate)) {
            logger.info("Using existing certificate for domains: " + StringUtil.join(",", this.domains));
        } else {
            Iterator<Challenge> it = this.challenges.iterator();
            while (it.hasNext()) {
                execDomainChallenge(it.next());
            }
            KeyPair domainKeyPair = this.dataStore.getDomainKeyPair();
            if (domainKeyPair == null) {
                logger.fine("Creating new domain keys.");
                domainKeyPair = KeyPairUtils.createKeyPair(KEY_SIZE);
                this.dataStore.storeDomainKeyPair(domainKeyPair);
            }
            CSRBuilder cSRBuilder = new CSRBuilder();
            cSRBuilder.addDomains(this.domains);
            cSRBuilder.sign(domainKeyPair);
            this.order.execute(cSRBuilder.getEncoded());
            for (int i = 0; i < 10; i++) {
                try {
                    if (this.order.getStatus() == Status.VALID) {
                        break;
                    }
                    if (this.order.getStatus() == Status.INVALID) {
                        throw new AcmeException("Certificate order has failed, reason: " + this.order.getError());
                    }
                    long j = 100 + (1000 * i);
                    logger.fine("Challenge not yet completed, sleeping for: " + StringUtil.formatTimeToString(j));
                    Thread.sleep(j);
                    this.order.update();
                } catch (InterruptedException e) {
                    logger.log(Level.SEVERE, "Interrupted", (Throwable) e);
                }
            }
            certificate = this.order.getCertificate().getCertificate();
            this.dataStore.storeCertificate(certificate);
            logger.info("Successfully created new certificate for domains: " + StringUtil.join(",", this.domains));
        }
        this.order = null;
        this.challenges.clear();
        return certificate;
    }

    private Account getAccount(Session session) throws AcmeException {
        URL accountLocation = this.dataStore.getAccountLocation();
        KeyPair accountKeyPair = this.dataStore.getAccountKeyPair();
        URI termsOfService = session.getMetadata().getTermsOfService();
        if (termsOfService != null) {
            logger.info("By using this service you accept the Terms of Service: " + termsOfService);
        }
        if (accountLocation != null && accountKeyPair != null) {
            logger.info("Logging in existing account: " + accountLocation);
            return session.login(accountLocation, accountKeyPair).getAccount();
        }
        logger.fine("Creating new account keys.");
        KeyPair createKeyPair = KeyPairUtils.createKeyPair(KEY_SIZE);
        Account create = new AccountBuilder().agreeToTermsOfService().useKeyPair(createKeyPair).create(session);
        logger.info("Successfully registered new account, URL: " + create.getLocation());
        this.dataStore.storeAccountKeyPair(create.getLocation(), createKeyPair);
        return create;
    }

    private void execDomainChallenge(Challenge challenge) throws AcmeException {
        logger.info("Executing challenge: " + challenge);
        try {
            try {
            } catch (InterruptedException e) {
                logger.log(Level.SEVERE, "Interrupted", (Throwable) e);
                this.challengeFactory.postChallengeAction(challenge);
            }
            if (challenge.getStatus() == Status.VALID) {
                this.challengeFactory.postChallengeAction(challenge);
                return;
            }
            challenge.trigger();
            for (int i = 0; i < 30 && challenge.getStatus() != Status.VALID; i++) {
                if (challenge.getStatus() == Status.INVALID) {
                    throw new AcmeException("Certificate challenge failed: " + challenge.getError());
                }
                long j = 100 + (1000 * i);
                logger.fine("Challenge not yet completed, sleeping for: " + StringUtil.formatTimeToString(j));
                Thread.sleep(j);
                challenge.update();
            }
            if (challenge.getStatus() != Status.VALID) {
                throw new AcmeException("Failed to pass the challenge: " + challenge.getError());
            }
            this.challengeFactory.postChallengeAction(challenge);
            logger.fine("Domain challenge executed successfully.");
        } catch (Throwable th) {
            this.challengeFactory.postChallengeAction(challenge);
            throw th;
        }
    }

    public static boolean isCertificateValid(X509Certificate x509Certificate) {
        if (x509Certificate == null) {
            return false;
        }
        try {
            x509Certificate.checkValidity();
            return true;
        } catch (GeneralSecurityException e) {
            return false;
        }
    }
}
