package net.bluemind.system.security.certificate;

import freemarker.template.Configuration;
import io.vertx.core.AbstractVerticle;
import java.io.IOException;
import java.time.Duration;
import java.time.Instant;
import java.time.LocalDate;
import java.time.LocalDateTime;
import java.time.LocalTime;
import java.time.ZoneId;
import java.time.ZoneOffset;
import java.util.Arrays;
import java.util.Date;
import java.util.Map;
import java.util.Optional;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.TimeUnit;
import net.bluemind.core.api.fault.ErrorCode;
import net.bluemind.core.api.fault.ServerFault;
import net.bluemind.core.container.model.ItemValue;
import net.bluemind.core.context.SecurityContext;
import net.bluemind.core.rest.ServerSideServiceProvider;
import net.bluemind.core.task.api.TaskStatus;
import net.bluemind.core.task.service.TaskUtils;
import net.bluemind.domain.api.Domain;
import net.bluemind.lib.vertx.VertxPlatform;
import net.bluemind.system.api.ISecurityMgmt;
import net.bluemind.system.security.certificate.CertificateTaskHelper;
import net.bluemind.system.service.certificate.IInCoreSecurityMgmt;
import net.bluemind.system.service.certificate.engine.CertifEngineFactory;
import net.bluemind.system.service.certificate.lets.encrypt.LetsEncryptCertificate;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/bluemind/system/security/certificate/CertificateLetsEncryptRenewal.class */
public class CertificateLetsEncryptRenewal extends AbstractVerticle {
    private static final Logger logger = LoggerFactory.getLogger(CertificateLetsEncryptRenewal.class);

    public void start() {
        VertxPlatform.getVertx().setTimer(Duration.between(Instant.now(), LocalDateTime.of(LocalDate.now(ZoneId.of("UTC")).plusDays(1L), LocalTime.MIDNIGHT.plusHours(7L)).toInstant(ZoneOffset.UTC)).toMillis(), (v1) -> {
            execute(v1);
        });
    }

    private void execute(long j) {
        CompletableFuture.runAsync(this::checkExpiration);
        VertxPlatform.executeBlockingPeriodic(TimeUnit.DAYS.toMillis(1L), l -> {
            checkExpiration();
        });
    }

    private void checkExpiration() {
        for (Map.Entry entry : ((IInCoreSecurityMgmt) ServerSideServiceProvider.getProvider(SecurityContext.SYSTEM).instance(IInCoreSecurityMgmt.class, new String[0])).getLetsEncryptDomainExternalUrls().entrySet()) {
            try {
                ItemValue<Domain> itemValue = (ItemValue) entry.getValue();
                Date certificateEndDateProperty = LetsEncryptCertificate.getCertificateEndDateProperty((Domain) itemValue.value);
                String str = (String) entry.getKey();
                int differenceDays = CertificateTaskHelper.getDifferenceDays(new Date(), certificateEndDateProperty);
                if (differenceDays <= 5 || differenceDays >= 30) {
                    if (differenceDays > 5) {
                        logger.info("Certificate {} is valid for {} days", str, Integer.valueOf(differenceDays));
                    } else if (!renewCertificate(itemValue, str)) {
                        logger.error("Let's Encrypt auto renewal certificate failed for domain {} ({}) - sending mail alert to {}", new Object[]{itemValue.uid, ((Domain) itemValue.value).defaultAlias, LetsEncryptCertificate.getContactProperty((Domain) itemValue.value)});
                        sendAlert(differenceDays, str, LetsEncryptCertificate.getContactProperty((Domain) itemValue.value), ((Domain) itemValue.value).name, "Renewal failed, please contact your support !");
                    }
                } else if (!renewCertificate(itemValue, str)) {
                    logger.error("Let's Encrypt auto renewal certificate failed for domain {} ({})", itemValue.uid, ((Domain) itemValue.value).defaultAlias);
                }
            } catch (Exception e) {
                logger.warn("Cannot check certificate expiration date", e);
            }
        }
    }

    private boolean renewCertificate(ItemValue<Domain> itemValue, String str) {
        return ((Boolean) CertifEngineFactory.get(itemValue.uid).filter(iCertifEngine -> {
            try {
                iCertifEngine.authorizeLetsEncrypt();
                return true;
            } catch (ServerFault unused) {
                logger.warn("Let's Encrypt is not enabled for domain {} ({})", itemValue.uid, ((Domain) itemValue.value).defaultAlias);
                return false;
            }
        }).map((v0) -> {
            return v0.getCertData();
        }).map(certData -> {
            certData.email = (String) Optional.ofNullable(LetsEncryptCertificate.getContactProperty((Domain) itemValue.value)).filter(str2 -> {
                return !str2.isEmpty();
            }).orElseThrow(() -> {
                return new ServerFault("Let's Encrypt contact email must be set", ErrorCode.INVALID_PARAMETER);
            });
            ServerSideServiceProvider provider = ServerSideServiceProvider.getProvider(SecurityContext.SYSTEM);
            return !TaskUtils.wait(provider, ((ISecurityMgmt) provider.instance(ISecurityMgmt.class, new String[0])).generateLetsEncrypt(certData), str3 -> {
                logger.info(str3);
            }).state.equals(TaskStatus.State.InError);
        }).orElseGet(() -> {
            logger.error("No CertifEngineFactory for domain {} ({})", itemValue.uid, ((Domain) itemValue.value).defaultAlias);
            return false;
        })).booleanValue();
    }

    private void sendAlert(int i, String str, String str2, String str3, String str4) {
        try {
            Configuration configuration = new Configuration(Configuration.DEFAULT_INCOMPATIBLE_IMPROVEMENTS);
            configuration.setClassForTemplateLoading(getClass(), "/template");
            CertificateTaskHelper.Mail generateMail = CertificateTaskHelper.generateMail(i, str, configuration.getTemplate("CertificateRenewalError.ftl"), str4);
            sendEmailToLetsEncryptContact(generateMail, str, str2);
            CertificateTaskHelper.sendEmailToSubscriptionContacts(str, Arrays.asList(str3), generateMail);
        } catch (IOException e) {
            throw new ServerFault(e);
        }
    }

    private void sendEmailToLetsEncryptContact(CertificateTaskHelper.Mail mail, String str, String str2) {
        CertificateTaskHelper.sendMessage(mail, "no-reply", str, str2);
    }
}
