package net.bluemind.system.service.certificate.lets.encrypt;

import com.google.common.base.Strings;
import java.io.FileWriter;
import java.io.IOException;
import java.io.StringWriter;
import java.net.ProxySelector;
import java.net.URI;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Paths;
import java.security.KeyPair;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.stream.Collectors;
import net.bluemind.core.api.fault.ErrorCode;
import net.bluemind.core.api.fault.ServerFault;
import net.bluemind.core.container.model.ItemValue;
import net.bluemind.core.rest.BmContext;
import net.bluemind.core.task.service.IServerTaskMonitor;
import net.bluemind.domain.api.Domain;
import net.bluemind.domain.api.IDomains;
import net.bluemind.system.api.CertData;
import net.bluemind.system.service.certificate.engine.ICertifEngine;
import net.bluemind.system.service.helper.SecurityCertificateHelper;
import org.shredzone.acme4j.Account;
import org.shredzone.acme4j.AccountBuilder;
import org.shredzone.acme4j.Authorization;
import org.shredzone.acme4j.Certificate;
import org.shredzone.acme4j.Order;
import org.shredzone.acme4j.Session;
import org.shredzone.acme4j.Status;
import org.shredzone.acme4j.challenge.Challenge;
import org.shredzone.acme4j.challenge.Http01Challenge;
import org.shredzone.acme4j.exception.AcmeException;
import org.shredzone.acme4j.provider.letsencrypt.LetsEncryptAcmeProvider;
import org.shredzone.acme4j.toolbox.AcmeUtils;
import org.shredzone.acme4j.util.CSRBuilder;
import org.shredzone.acme4j.util.KeyPairUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/bluemind/system/service/certificate/lets/encrypt/LetsEncryptCertificate.class */
public class LetsEncryptCertificate {
    private static final Logger logger = LoggerFactory.getLogger(LetsEncryptCertificate.class);
    private static final int RSA_KEY_SIZE = 2048;
    private static final String LETS_ENCRYPT_PROD_SERVER = "acme://letsencrypt.org";
    private static final String LETS_ENCRYPT_TEST_SERVER = "acme://letsencrypt.org/staging";
    public static final String CHALLENGE_LOCATION = "/var/www/letsencrypt/";
    private static final String LETS_ENCRYPT_STAGING_LOCATION = "/etc/bm/lets-encrypt.staging";
    public static final String CERT_END_DATE_FORMAT = "yyyy-MM-dd";
    private Certificate certificate;
    private String letsEncryptServer;
    private SecurityCertificateHelper systemHelper;
    private ICertifEngine certifEngine;

    /* loaded from: input_file:net/bluemind/system/service/certificate/lets/encrypt/LetsEncryptCertificate$LetsEncryptProperties.class */
    public enum LetsEncryptProperties {
        CERTIFICATE_END_DATE,
        TOS_APPROVAL,
        LETS_ENCRYPT_CONTACT;

        /* renamed from: values, reason: to resolve conflict with enum method */
        public static LetsEncryptProperties[] valuesCustom() {
            LetsEncryptProperties[] valuesCustom = values();
            int length = valuesCustom.length;
            LetsEncryptProperties[] letsEncryptPropertiesArr = new LetsEncryptProperties[length];
            System.arraycopy(valuesCustom, 0, letsEncryptPropertiesArr, 0, length);
            return letsEncryptPropertiesArr;
        }
    }

    public ICertifEngine getCertifEngine() {
        return this.certifEngine;
    }

    public LetsEncryptCertificate(ICertifEngine iCertifEngine, BmContext bmContext) {
        this(bmContext);
        this.certifEngine = iCertifEngine;
    }

    public LetsEncryptCertificate(BmContext bmContext) {
        this.systemHelper = new SecurityCertificateHelper(bmContext);
        init();
    }

    public LetsEncryptCertificate(SecurityCertificateHelper securityCertificateHelper) {
        this.systemHelper = securityCertificateHelper;
        init();
    }

    private void init() {
        if (Files.exists(Paths.get(LETS_ENCRYPT_STAGING_LOCATION, new String[0]), new LinkOption[0])) {
            this.letsEncryptServer = LETS_ENCRYPT_TEST_SERVER;
        } else {
            this.letsEncryptServer = LETS_ENCRYPT_PROD_SERVER;
        }
        logger.info("Let's Encrypt URL server used: {}", this.letsEncryptServer);
    }

    public void letsEncrypt(IServerTaskMonitor iServerTaskMonitor) {
        iServerTaskMonitor.begin(10.0d, "Start Let's Encrypt generation");
        if (!isTosApproved((Domain) this.certifEngine.getDomain().value)) {
            throw new ServerFault("Let's Encrypt terms of service must been approved to continue");
        }
        String externalUrl = this.systemHelper.getExternalUrl(this.certifEngine.getDomain().uid);
        if (Strings.isNullOrEmpty(this.certifEngine.getCertData().email)) {
            throw new ServerFault("Let's Encrypt contact email must be set", ErrorCode.INVALID_PARAMETER);
        }
        iServerTaskMonitor.progress(1.0d, "Verifications done continue...");
        fetchCertificate(externalUrl, this.systemHelper.getProxySelector(), iServerTaskMonitor);
        iServerTaskMonitor.progress(1.0d, "Let's Encrypt certificate generated !");
    }

    public String getTermsOfService() {
        try {
            return ((URI) createSession(this.letsEncryptServer).getMetadata().getTermsOfService().orElseThrow(() -> {
                return new LetsEncryptException("Error occurred trying to get Let's Encrypt Terms of service");
            })).toString();
        } catch (AcmeException e) {
            throw new LetsEncryptException("Error occurred trying to get Let's Encrypt Terms of service", e);
        }
    }

    public void approveTermsOfService(String str) {
        if (Strings.isNullOrEmpty(str)) {
            return;
        }
        IDomains domainService = this.systemHelper.getDomainService();
        ItemValue itemValue = domainService.get(str);
        ((Domain) itemValue.value).properties.put(LetsEncryptProperties.TOS_APPROVAL.name(), "true");
        domainService.update(itemValue.uid, (Domain) itemValue.value);
    }

    public void cleanLetsEncryptProperties(String str) {
        IDomains domainService = this.systemHelper.getDomainService();
        ItemValue itemValue = domainService.get(str);
        ((Domain) itemValue.value).properties.remove(LetsEncryptProperties.CERTIFICATE_END_DATE.name());
        ((Domain) itemValue.value).properties.remove(LetsEncryptProperties.TOS_APPROVAL.name());
        ((Domain) itemValue.value).properties.remove(LetsEncryptProperties.LETS_ENCRYPT_CONTACT.name());
        domainService.update(itemValue.uid, (Domain) itemValue.value);
    }

    private void fetchCertificate(String str, ProxySelector proxySelector, IServerTaskMonitor iServerTaskMonitor) {
        CertData certData = this.certifEngine.getCertData();
        Session createSession = createSession(this.letsEncryptServer);
        if (proxySelector != null) {
            createSession.networkSettings().setProxySelector(proxySelector);
        }
        iServerTaskMonitor.progress(1.0d, "Session created");
        Account findOrRegisterAccount = findOrRegisterAccount(createSession, KeyPairUtils.createKeyPair(RSA_KEY_SIZE), certData.email);
        iServerTaskMonitor.progress(1.0d, "Account " + certData.email + " registered");
        KeyPair createKeyPair = KeyPairUtils.createKeyPair(RSA_KEY_SIZE);
        iServerTaskMonitor.progress(1.0d, "Certificate ordered");
        HashSet hashSet = new HashSet();
        hashSet.add(str);
        hashSet.addAll(this.systemHelper.getOtherUrls(this.certifEngine.getDomain().uid));
        Order creatingOrder = creatingOrder(findOrRegisterAccount, hashSet);
        Iterator it = creatingOrder.getAuthorizations().iterator();
        while (it.hasNext()) {
            authorize((Authorization) it.next());
        }
        iServerTaskMonitor.progress(1.0d, "Valid authorizations");
        this.certificate = orderAndGetCertificate(creatingOrder, createCsr(createKeyPair, hashSet));
        String format = String.format("Success! The certificate for domains '%s' has been generated!", hashSet.stream().map((v0) -> {
            return String.valueOf(v0);
        }).collect(Collectors.joining("-", "{", "}")));
        iServerTaskMonitor.progress(1.0d, format);
        updateCertData(createKeyPair, certData);
        logger.info(format);
        logger.info("Certificate URL: {}", this.certificate.getLocation());
    }

    private static Certificate orderAndGetCertificate(Order order, CSRBuilder cSRBuilder) {
        try {
            order.execute(cSRBuilder.getEncoded());
            int i = 10;
            while (order.getStatus() != Status.VALID) {
                int i2 = i;
                i--;
                if (i2 <= 0) {
                    break;
                }
                if (order.getStatus() == Status.INVALID) {
                    logger.error("Order has failed, reason: {}", order.getError());
                    throw new AcmeException("Order failed... Giving up.");
                }
                Thread.sleep(3000L);
                order.update();
            }
        } catch (InterruptedException e) {
            logger.error("interrupted", e);
            Thread.currentThread().interrupt();
        } catch (Exception e2) {
            throw new LetsEncryptException("Error occurred trying to get certificate from the order", e2);
        }
        Certificate certificate = order.getCertificate();
        if (certificate == null) {
            throw new LetsEncryptException("No certificate has been retrieved from the order");
        }
        return certificate;
    }

    private CSRBuilder createCsr(KeyPair keyPair, Collection<String> collection) {
        try {
            CSRBuilder cSRBuilder = new CSRBuilder();
            cSRBuilder.addDomains(collection);
            cSRBuilder.sign(keyPair);
            return cSRBuilder;
        } catch (IOException e) {
            throw new LetsEncryptException("CSR generation failed", e);
        }
    }

    private static Session createSession(String str) {
        return new Session(URI.create(str), new LetsEncryptAcmeProvider());
    }

    private Order creatingOrder(Account account, Collection<String> collection) {
        try {
            return account.newOrder().domains(collection).create();
        } catch (AcmeException e) {
            throw new LetsEncryptException("Order creation failed for domains " + ((String) collection.stream().collect(Collectors.joining("-", "{", "}"))) + " because: " + e.getMessage(), e);
        }
    }

    private Account findOrRegisterAccount(Session session, KeyPair keyPair, String str) {
        try {
            Account create = new AccountBuilder().addEmail(str).agreeToTermsOfService().useKeyPair(keyPair).create(session);
            logger.info("Registered a new user, URL: {}", create.getLocation());
            return create;
        } catch (AcmeException e) {
            throw new LetsEncryptException("Account creation failed", e);
        }
    }

    private void authorize(Authorization authorization) {
        String domain = authorization.getIdentifier().getDomain();
        logger.info("Authorization for domain {}", domain);
        if (authorization.getStatus() == Status.VALID) {
            return;
        }
        Http01Challenge http01Challenge = (Http01Challenge) authorization.findChallenge(Http01Challenge.class).orElseThrow(() -> {
            return new LetsEncryptException("Found no http-01 challenge, don't know what to do...");
        });
        createTokenFile(http01Challenge, domain);
        if (http01Challenge.getStatus() == Status.VALID) {
            return;
        }
        pollForChallengeToComplete(http01Challenge, 10, domain);
    }

    private void pollForChallengeToComplete(Challenge challenge, int i, String str) {
        try {
            challenge.trigger();
            while (challenge.getStatus() != Status.VALID) {
                int i2 = i;
                i--;
                if (i2 <= 0) {
                    break;
                }
                if (challenge.getStatus() == Status.INVALID) {
                    throw new LetsEncryptException("Challenge failed... Giving up because: " + String.valueOf(challenge.getError()));
                }
                Thread.sleep(3000L);
                challenge.update();
            }
        } catch (InterruptedException e) {
            logger.error("interrupted", e);
            Thread.currentThread().interrupt();
        } catch (AcmeException e2) {
            throw new LetsEncryptException(e2.getMessage());
        }
        if (challenge.getStatus() != Status.VALID) {
            throw new LetsEncryptException("Failed to pass the challenge for domain " + str + ", ... Giving up.");
        }
        logger.info("Challenge has been completed. Remember to remove the validation resource.");
    }

    private void createTokenFile(Http01Challenge http01Challenge, String str) {
        Throwable th = null;
        try {
            try {
                FileWriter fileWriter = new FileWriter("/var/www/letsencrypt/" + http01Challenge.getToken());
                try {
                    fileWriter.write(http01Challenge.getAuthorization());
                    StringBuilder sb = new StringBuilder();
                    sb.append("Challenge file created in your web server : ");
                    sb.append("http://").append(str).append(CHALLENGE_LOCATION).append(http01Challenge.getToken()).append("\n");
                    sb.append("Content: ").append(http01Challenge.getAuthorization());
                    logger.info(sb.toString());
                    if (fileWriter != null) {
                        fileWriter.close();
                    }
                } catch (Throwable th2) {
                    if (fileWriter != null) {
                        fileWriter.close();
                    }
                    throw th2;
                }
            } catch (Throwable th3) {
                if (0 == 0) {
                    th = th3;
                } else if (null != th3) {
                    th.addSuppressed(th3);
                }
                throw th;
            }
        } catch (IOException e) {
            throw new LetsEncryptException(String.format("Error occurred trying to create Token file for domain '%s'", str), e);
        }
    }

    private void updateCertData(KeyPair keyPair, CertData certData) {
        List certificateChain = this.certificate.getCertificateChain();
        if (certificateChain.size() < 2) {
            throw new LetsEncryptException("Error occurred trying to get chains certificate");
        }
        certData.certificate = getPemEncodedCertificate(Arrays.asList((X509Certificate) certificateChain.get(0)));
        ArrayList arrayList = new ArrayList(certificateChain);
        arrayList.remove(0);
        certData.certificateAuthority = getPemEncodedCertificate(arrayList);
        certData.privateKey = getPemEncodedKey(keyPair.getPrivate().getEncoded());
    }

    private String getPemEncodedCertificate(List<X509Certificate> list) {
        Throwable th = null;
        try {
            try {
                StringWriter stringWriter = new StringWriter();
                try {
                    Iterator<X509Certificate> it = list.iterator();
                    while (it.hasNext()) {
                        AcmeUtils.writeToPem(it.next().getEncoded(), AcmeUtils.PemLabel.CERTIFICATE, stringWriter);
                    }
                    String obj = stringWriter.toString();
                    if (stringWriter != null) {
                        stringWriter.close();
                    }
                    return obj;
                } catch (Throwable th2) {
                    if (stringWriter != null) {
                        stringWriter.close();
                    }
                    throw th2;
                }
            } catch (Throwable th3) {
                if (0 == 0) {
                    th = th3;
                } else if (null != th3) {
                    th.addSuppressed(th3);
                }
                throw th;
            }
        } catch (IOException | CertificateEncodingException e) {
            throw new LetsEncryptException("Certificate Encoding error", e);
        }
    }

    private String getPemEncodedKey(byte[] bArr) {
        Throwable th = null;
        try {
            try {
                StringWriter stringWriter = new StringWriter();
                try {
                    AcmeUtils.writeToPem(bArr, AcmeUtils.PemLabel.PRIVATE_KEY, stringWriter);
                    String obj = stringWriter.toString();
                    if (stringWriter != null) {
                        stringWriter.close();
                    }
                    return obj;
                } catch (Throwable th2) {
                    if (stringWriter != null) {
                        stringWriter.close();
                    }
                    throw th2;
                }
            } catch (Throwable th3) {
                if (0 == 0) {
                    th = th3;
                } else if (null != th3) {
                    th.addSuppressed(th3);
                }
                throw th;
            }
        } catch (IOException e) {
            throw new LetsEncryptException("Private Key Encoding error", e);
        }
    }

    public static Date getCertificateEndDateProperty(Domain domain) throws ParseException {
        return new SimpleDateFormat(CERT_END_DATE_FORMAT).parse((String) domain.properties.get(LetsEncryptProperties.CERTIFICATE_END_DATE.name()));
    }

    public static boolean isTosApproved(Domain domain) {
        return "true".equals(domain.properties.get(LetsEncryptProperties.TOS_APPROVAL.name()));
    }

    public static String getContactProperty(Domain domain) {
        return (String) domain.properties.get(LetsEncryptProperties.LETS_ENCRYPT_CONTACT.name());
    }

    public void updateDomainProperties() {
        if (this.certificate == null || this.certificate.getCertificate() == null) {
            return;
        }
        ItemValue<Domain> domain = this.certifEngine.getDomain();
        ((Domain) domain.value).properties.put(LetsEncryptProperties.CERTIFICATE_END_DATE.name(), new SimpleDateFormat(CERT_END_DATE_FORMAT).format(this.certificate.getCertificate().getNotAfter()));
        ((Domain) domain.value).properties.put(LetsEncryptProperties.LETS_ENCRYPT_CONTACT.name(), this.certifEngine.getCertData().email);
        this.systemHelper.getDomainService().update(domain.uid, (Domain) domain.value);
    }
}
