package com.predic8.membrane.core.transport.ssl.acme;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.datatype.joda.JodaModule;
import com.google.common.collect.ImmutableMap;
import com.predic8.membrane.core.Constants;
import com.predic8.membrane.core.azure.AzureDns;
import com.predic8.membrane.core.azure.AzureTableStorage;
import com.predic8.membrane.core.azure.api.dns.DnsProvisionable;
import com.predic8.membrane.core.config.security.acme.Acme;
import com.predic8.membrane.core.config.security.acme.AcmeSynchronizedStorage;
import com.predic8.membrane.core.config.security.acme.AcmeValidation;
import com.predic8.membrane.core.config.security.acme.FileStorage;
import com.predic8.membrane.core.config.security.acme.KubernetesStorage;
import com.predic8.membrane.core.config.security.acme.MemoryStorage;
import com.predic8.membrane.core.exchange.Exchange;
import com.predic8.membrane.core.http.Header;
import com.predic8.membrane.core.http.MimeType;
import com.predic8.membrane.core.http.Request;
import com.predic8.membrane.core.http.Response;
import com.predic8.membrane.core.kubernetes.client.KubernetesClientFactory;
import com.predic8.membrane.core.transport.http.HttpClient;
import com.predic8.membrane.core.transport.http.HttpClientFactory;
import com.predic8.membrane.core.transport.ssl.acme.AcmeException;
import com.predic8.membrane.core.util.Pair;
import com.predic8.membrane.core.util.URIFactory;
import java.io.IOException;
import java.io.StringReader;
import java.io.StringWriter;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.SwitchBootstraps;
import java.math.BigInteger;
import java.net.URISyntaxException;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import javax.annotation.Nullable;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.Extensions;
import org.bouncycastle.asn1.x509.ExtensionsGenerator;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECPublicKeySpec;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.bouncycastle.util.io.pem.PemReader;
import org.jetbrains.annotations.NotNull;
import org.joda.time.Duration;
import org.jose4j.base64url.Base64;
import org.jose4j.json.JsonUtil;
import org.jose4j.jwk.EcJwkGenerator;
import org.jose4j.jwk.EllipticCurveJsonWebKey;
import org.jose4j.jwk.JsonWebKey;
import org.jose4j.jwk.PublicJsonWebKey;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.keys.EllipticCurves;
import org.jose4j.lang.JoseException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/predic8/membrane/core/transport/ssl/acme/AcmeClient.class */
public class AcmeClient {
    public static final String BEGIN_CERTIFICATE_REQUEST = "-----BEGIN CERTIFICATE REQUEST-----";
    public static final String END_CERTIFICATE_REQUEST = "-----END CERTIFICATE REQUEST-----";
    private static final Logger LOG;
    private static final SecureRandom random;
    private static final SimpleDateFormat sdf;
    private final String directoryUrl;
    private final HttpClient hc;
    private final String challengeType;
    private final AcmeSynchronizedStorage ass;
    private String keyChangeUrl;
    private String newAccountUrl;
    private String newNonceUrl;
    private String newOrderUrl;
    private String revokeCertUrl;
    private final List<String> contacts;
    private final boolean termsOfServiceAgreed;
    private PrivateKey privateKey;
    private PublicJsonWebKey publicJsonWebKey;
    private final Duration validity;
    private AcmeSynchronizedStorageEngine asse;
    private final AcmeValidation acmeValidation;
    private final ObjectMapper om = new ObjectMapper();
    private final List<String> nonces = new ArrayList();
    private final String algorithm = "ES256";

    /* loaded from: input_file:com/predic8/membrane/core/transport/ssl/acme/AcmeClient$HttpCallerWithNonce.class */
    public interface HttpCallerWithNonce {
        Exchange call(String str) throws Exception;
    }

    /* loaded from: input_file:com/predic8/membrane/core/transport/ssl/acme/AcmeClient$JWSParametrizer.class */
    public interface JWSParametrizer {
        void call(JsonWebSignature jsonWebSignature) throws Exception;
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/predic8/membrane/core/transport/ssl/acme/AcmeClient$MyJsonWebSignature.class */
    public static class MyJsonWebSignature extends JsonWebSignature {
        private MyJsonWebSignature() {
        }

        public String getEncodedHeader() {
            return super.getEncodedHeader();
        }
    }

    public AcmeClient(Acme acme, @Nullable HttpClientFactory httpClientFactory) {
        this.directoryUrl = acme.getDirectoryUrl();
        this.termsOfServiceAgreed = acme.isTermsOfServiceAgreed();
        this.ass = acme.getAcmeSynchronizedStorage();
        this.contacts = Arrays.asList(acme.getContacts().split(" +"));
        this.hc = (httpClientFactory == null ? new HttpClientFactory(null) : httpClientFactory).createClient(acme.getHttpClientConfiguration());
        this.validity = acme.getValidityDuration();
        this.acmeValidation = acme.getValidationMethod();
        this.challengeType = (acme.getValidationMethod() == null || !acme.getValidationMethod().useDnsValidation()) ? Challenge.TYPE_HTTP_01 : Challenge.TYPE_DNS_01;
        this.om.registerModule(new JodaModule());
        if (!acme.isExperimental()) {
            throw new RuntimeException("The ACME client is still experimental, please set <acme experimental=\"true\" ... /> to acknowledge.");
        }
    }

    public void init(@Nullable KubernetesClientFactory kubernetesClientFactory, @Nullable HttpClientFactory httpClientFactory) {
        AcmeSynchronizedStorage acmeSynchronizedStorage = this.ass;
        switch ((int) SwitchBootstraps.typeSwitch(MethodHandles.lookup(), "typeSwitch", MethodType.methodType(Integer.TYPE, Object.class, Integer.TYPE), FileStorage.class, KubernetesStorage.class, MemoryStorage.class, AzureTableStorage.class).dynamicInvoker().invoke(acmeSynchronizedStorage, 0) /* invoke-custom */) {
            case -1:
                throw new RuntimeException("<acme> is used, but to storage is configured.");
            case 0:
                this.asse = new AcmeFileStorageEngine((FileStorage) acmeSynchronizedStorage);
                break;
            case 1:
                this.asse = new AcmeKubernetesStorageEngine((KubernetesStorage) acmeSynchronizedStorage, kubernetesClientFactory);
                break;
            case 2:
                this.asse = new AcmeMemoryStorageEngine();
                break;
            case 3:
                this.asse = new AcmeAzureTableApiStorageEngine((AzureTableStorage) acmeSynchronizedStorage, (AzureDns) this.acmeValidation, httpClientFactory);
                break;
            default:
                throw new RuntimeException("Unsupported: Storage type " + this.ass.getClass().getName());
        }
        if (this.challengeType.equals(Challenge.TYPE_DNS_01) && !(this.asse instanceof DnsProvisionable)) {
            throw new RuntimeException("A");
        }
    }

    public void loadDirectory() throws Exception {
        Exchange call = this.hc.call(new Request.Builder().get(this.directoryUrl).header(Header.USER_AGENT, Constants.VERSION).buildExchange());
        handleError(call);
        Map map = (Map) this.om.readValue(call.getResponse().getBodyAsStreamDecoded(), Map.class);
        this.keyChangeUrl = (String) map.get("keyChange");
        this.newAccountUrl = (String) map.get("newAccount");
        this.newNonceUrl = (String) map.get("newNonce");
        this.newOrderUrl = (String) map.get("newOrder");
        this.revokeCertUrl = (String) map.get("revokeCert");
    }

    private void handleError(Exchange exchange) throws IOException, AcmeException {
        if (exchange.getResponse().getStatusCode() >= 300) {
            if (!MimeType.isOfMediaType(MimeType.APPLICATION_PROBLEM_JSON, getContentType(exchange))) {
                throw new RuntimeException("ACME Server returned " + String.valueOf(exchange.getResponse()) + " " + exchange.getResponse().getBodyAsStringDecoded());
            }
            Map map = (Map) this.om.readValue(exchange.getResponse().getBodyAsStreamDecoded(), Map.class);
            throw new AcmeException((String) map.get("type"), (String) map.get("detail"), parse((List) map.get("subproblems")), getReplayNonce(exchange));
        }
    }

    private static String getContentType(Exchange exchange) {
        return exchange.getResponse().getHeader().getFirstValue(Header.CONTENT_TYPE);
    }

    private List<AcmeException.SubProblem> parse(List<Map> list) {
        if (list == null) {
            return null;
        }
        return (List) list.stream().map(map -> {
            return new AcmeException.SubProblem((String) map.get("type"), (String) map.get("detail"), (Map) map.get("identifier"));
        }).collect(Collectors.toList());
    }

    public String retrieveNewNonce() throws Exception {
        Exchange call = this.hc.call(createHeadRequest());
        handleError(call);
        String replayNonce = getReplayNonce(call);
        call.getResponse().getBodyAsStringDecoded();
        return replayNonce;
    }

    private Exchange createHeadRequest() throws URISyntaxException {
        return new Request.Builder().method(Request.METHOD_HEAD).url(new URIFactory(), this.newNonceUrl).header(Header.USER_AGENT, Constants.VERSION).buildExchange();
    }

    public AcmeKeyPair generateCertificateKey() {
        try {
            return getAcmeKeyPair(getKeyPairGenerator().generateKeyPair());
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
            throw new RuntimeException(e);
        }
    }

    @NotNull
    private static AcmeKeyPair getAcmeKeyPair(KeyPair keyPair) {
        return new AcmeKeyPair(getPublicKeyBase64Encoded(keyPair), getKeyBase64Encoded(keyPair));
    }

    @NotNull
    private static String getPublicKeyBase64Encoded(KeyPair keyPair) {
        return "-----BEGIN PUBLIC KEY-----\n" + Base64.encode(keyPair.getPublic().getEncoded()) + "\n-----END PUBLIC KEY-----\n";
    }

    @NotNull
    private static String getKeyBase64Encoded(KeyPair keyPair) {
        return "-----BEGIN EC PRIVATE KEY-----\n" + Base64.encode(keyPair.getPrivate().getEncoded()) + "\n-----END EC PRIVATE KEY-----\n";
    }

    @NotNull
    private static KeyPairGenerator getKeyPairGenerator() throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("ECDSA", "BC");
        keyPairGenerator.initialize(new ECGenParameterSpec("secp384r1"), random);
        return keyPairGenerator;
    }

    public String generateCSR(String[] strArr, String str) {
        try {
            PrivateKey privateKeyFromString = getPrivateKeyFromString(str);
            JcaPKCS10CertificationRequestBuilder jcaPKCS10CertificationRequestBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Principal("CN=" + strArr[0]), computePublicKeyFromPrivate(privateKeyFromString));
            jcaPKCS10CertificationRequestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, getExtensions(GeneralNames.getInstance(new DERSequence(getGeneralNames(strArr)))));
            return formatCSR(convertCSR2String(getPkcs10CertificationRequest(privateKeyFromString, jcaPKCS10CertificationRequestBuilder)));
        } catch (IOException | NoSuchAlgorithmException | OperatorCreationException | NoSuchProviderException | InvalidKeySpecException e) {
            throw new RuntimeException(e);
        }
    }

    @NotNull
    private static String formatCSR(String str) {
        return str.replaceAll("-----BEGIN CERTIFICATE REQUEST-----" + System.lineSeparator(), "").replaceAll(System.lineSeparator() + "-----END CERTIFICATE REQUEST-----", "").replaceAll(System.lineSeparator(), "").replaceAll("/", "_").replaceAll("\\+", "-").replaceAll("=", "");
    }

    @NotNull
    private static String convertCSR2String(PKCS10CertificationRequest pKCS10CertificationRequest) throws IOException {
        StringWriter stringWriter = new StringWriter();
        JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(stringWriter);
        jcaPEMWriter.writeObject(pKCS10CertificationRequest);
        jcaPEMWriter.close();
        return stringWriter.toString();
    }

    private static PKCS10CertificationRequest getPkcs10CertificationRequest(PrivateKey privateKey, JcaPKCS10CertificationRequestBuilder jcaPKCS10CertificationRequestBuilder) throws OperatorCreationException {
        return jcaPKCS10CertificationRequestBuilder.build(new JcaContentSignerBuilder("SHA256withECDSA").build(privateKey));
    }

    private static Extensions getExtensions(GeneralNames generalNames) throws IOException {
        ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
        extensionsGenerator.addExtension(Extension.subjectAlternativeName, false, generalNames);
        return extensionsGenerator.generate();
    }

    private static GeneralName[] getGeneralNames(String[] strArr) {
        return (GeneralName[]) Arrays.stream(strArr).map(str -> {
            return new GeneralName(2, str);
        }).toArray(i -> {
            return new GeneralName[i];
        });
    }

    private static PrivateKey getPrivateKeyFromString(String str) throws NoSuchAlgorithmException, NoSuchProviderException, IOException, InvalidKeySpecException {
        KeyFactory keyFactory = KeyFactory.getInstance("ECDSA", "BC");
        PemReader pemReader = new PemReader(new StringReader(str));
        try {
            PrivateKey generatePrivate = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(pemReader.readPemObject().getContent()));
            pemReader.close();
            return generatePrivate;
        } catch (Throwable th) {
            try {
                pemReader.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private PublicKey computePublicKeyFromPrivate(PrivateKey privateKey) {
        BCECPrivateKey bCECPrivateKey = (BCECPrivateKey) privateKey;
        return new BCECPublicKey("EC", new ECPublicKeySpec(bCECPrivateKey.getParameters().getG().multiply(bCECPrivateKey.getD()), bCECPrivateKey.getParameters()), BouncyCastleProvider.CONFIGURATION);
    }

    public String getToken(String str) {
        return this.asse.getToken(str);
    }

    public String provision(Authorization authorization) throws Exception {
        Optional<Challenge> findAny = authorization.getChallenges().stream().filter(challenge -> {
            return this.challengeType.equals(challenge.getType());
        }).findAny();
        if (findAny.isEmpty()) {
            throw new RuntimeException("Could not find challenge of type " + this.challengeType + ": " + this.om.writeValueAsString(authorization));
        }
        if (!Identifier.TYPE_DNS.equals(authorization.getIdentifier().getType())) {
            throw new RuntimeException("Identifier type is not DNS: " + this.om.writeValueAsString(authorization));
        }
        if (Challenge.TYPE_HTTP_01.equals(this.challengeType)) {
            provisionHttp(authorization, findAny.get());
        } else {
            if (!Challenge.TYPE_DNS_01.equals(this.challengeType)) {
                throw new RuntimeException("Unimplemented challenge type handling " + this.challengeType);
            }
            provisionDns(authorization, findAny.get());
        }
        return findAny.get().getUrl();
    }

    private void provisionDns(Authorization authorization, Challenge challenge) throws JoseException, NoSuchAlgorithmException {
        String str = challenge.getToken() + "." + getThumbprint();
        ((DnsProvisionable) this.asse).provisionDns(authorization.getIdentifier().getValue(), java.util.Base64.getUrlEncoder().withoutPadding().encodeToString(MessageDigest.getInstance("SHA-256").digest(str.getBytes(StandardCharsets.UTF_8))));
    }

    private void provisionHttp(Authorization authorization, Challenge challenge) {
        this.asse.setToken(authorization.getIdentifier().getValue(), challenge.token);
    }

    public String getChallengeType() {
        return this.challengeType;
    }

    public Exchange doJWSRequest(String str, String str2, JWSParametrizer jWSParametrizer) throws Exception {
        Exchange createExchange = createExchange(str, str2, jWSParametrizer);
        handleError(createExchange);
        return createExchange;
    }

    private Exchange createExchange(String str, String str2, JWSParametrizer jWSParametrizer) throws Exception {
        return this.hc.call(new Request.Builder().post(str).header(Header.CONTENT_TYPE, MimeType.APPLICATION_JOSE_JSON).header(Header.USER_AGENT, Constants.VERSION).body(convert2String(getMyJsonWebSignature(str, str2, jWSParametrizer))).buildExchange());
    }

    private static String convert2String(MyJsonWebSignature myJsonWebSignature) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("protected", myJsonWebSignature.getEncodedHeader());
        linkedHashMap.put("payload", myJsonWebSignature.getEncodedPayload());
        linkedHashMap.put("signature", myJsonWebSignature.getEncodedSignature());
        return JsonUtil.toJson(linkedHashMap);
    }

    @NotNull
    private MyJsonWebSignature getMyJsonWebSignature(String str, String str2, JWSParametrizer jWSParametrizer) throws Exception {
        MyJsonWebSignature myJsonWebSignature = new MyJsonWebSignature();
        myJsonWebSignature.setAlgorithmHeaderValue("ES256");
        myJsonWebSignature.setKey(getPrivateKey());
        myJsonWebSignature.setHeader("nonce", str2);
        myJsonWebSignature.setHeader("url", str);
        jWSParametrizer.call(myJsonWebSignature);
        myJsonWebSignature.sign();
        return myJsonWebSignature;
    }

    public Exchange withNonce(HttpCallerWithNonce httpCallerWithNonce) throws Exception {
        try {
            try {
                rememberNonce(getReplayNonce(httpCallerWithNonce.call(getNonce())));
                return httpCallerWithNonce.call(getNonce());
            } catch (AcmeException e) {
                if (!AcmeException.TYPE_BAD_NONCE.equals(e.getType())) {
                    throw e;
                }
                Exchange call = httpCallerWithNonce.call(e.getNonce());
                rememberNonce(getReplayNonce(call));
                return call;
            }
        } catch (AcmeException e2) {
            rememberNonce(e2.getNonce());
            throw e2;
        }
    }

    private static String getReplayNonce(Exchange exchange) {
        return exchange.getResponse().getHeader().getFirstValue("Replay-Nonce");
    }

    private String getNonce() throws Exception {
        String rememberedNonce = getRememberedNonce();
        if (rememberedNonce == null) {
            rememberedNonce = retrieveNewNonce();
        }
        return rememberedNonce;
    }

    private String getRememberedNonce() {
        synchronized (this.nonces) {
            int size = this.nonces.size();
            if (size == 0) {
                return null;
            }
            return this.nonces.remove(size - 1);
        }
    }

    private void rememberNonce(@Nullable String str) {
        if (str != null) {
            synchronized (this.nonces) {
                this.nonces.add(str);
            }
        }
    }

    public String createAccount() throws Exception {
        Exchange withNonce = withNonce(str -> {
            return doJWSRequest(this.newAccountUrl, str, jsonWebSignature -> {
                HashMap hashMap = new HashMap();
                hashMap.put("termsOfServiceAgreed", Boolean.valueOf(this.termsOfServiceAgreed));
                hashMap.put("contact", this.contacts);
                jsonWebSignature.setPayload(this.om.writeValueAsString(hashMap));
                jsonWebSignature.setJwkHeader(getPublicJwk());
            });
        });
        withNonce.getResponse().getBodyAsStringDecoded();
        return withNonce.getResponse().getHeader().getFirstValue(Header.LOCATION);
    }

    private PublicJsonWebKey getPublicJwk() throws JoseException {
        getPrivateKey();
        return this.publicJsonWebKey;
    }

    public OrderAndLocation createOrder(String str, List<String> list) throws Exception {
        return getOrderAndLocation(createExchange(str, list, getNotBeforeNotAfter()));
    }

    @NotNull
    private OrderAndLocation getOrderAndLocation(Exchange exchange) throws IOException {
        return new OrderAndLocation(parseOrder(exchange.getResponse()), exchange.getResponse().getHeader().getFirstValue(Header.LOCATION));
    }

    private Exchange createExchange(String str, List<String> list, Pair<String, String> pair) throws Exception {
        return withNonce(str2 -> {
            return doJWSRequest(this.newOrderUrl, str2, jsonWebSignature -> {
                HashMap hashMap = new HashMap();
                if (this.validity != null) {
                    hashMap.put("notBefore", pair.first());
                    hashMap.put("notAfter", pair.second());
                }
                hashMap.put("identifiers", getIdentifiers(list));
                jsonWebSignature.setPayload(this.om.writeValueAsString(hashMap));
                jsonWebSignature.setKeyIdHeaderValue(str);
            });
        });
    }

    @NotNull
    private static List<ImmutableMap<String, String>> getIdentifiers(List<String> list) {
        return list.stream().map(str -> {
            return ImmutableMap.of("type", Identifier.TYPE_DNS, "value", str);
        }).toList();
    }

    @NotNull
    private Pair<String, String> getNotBeforeNotAfter() {
        Pair<String, String> pair;
        if (this.validity == null) {
            return new Pair<>(null, null);
        }
        Date date = new Date();
        synchronized (sdf) {
            pair = new Pair<>(sdf.format(date), sdf.format(new Date(date.getTime() + this.validity.getMillis())));
        }
        return pair;
    }

    public OrderAndLocation getOrder(String str, String str2) throws Exception {
        return new OrderAndLocation(parseOrder(withNonce(str3 -> {
            return doJWSRequest(str2, str3, jsonWebSignature -> {
                jsonWebSignature.setPayload("");
                jsonWebSignature.setKeyIdHeaderValue(str);
            });
        }).getResponse()), str2);
    }

    private Order parseOrder(Response response) throws IOException {
        return (Order) this.om.readValue(response.getBodyAsStreamDecoded(), Order.class);
    }

    private void parseChallenge(Response response) throws IOException {
        this.om.readValue(response.getBodyAsStreamDecoded(), Challenge.class);
    }

    public Order finalizeOrder(String str, String str2, String str3) throws Exception {
        return parseOrder(withNonce(str4 -> {
            return doJWSRequest(str2, str4, jsonWebSignature -> {
                HashMap hashMap = new HashMap();
                hashMap.put("csr", str3);
                jsonWebSignature.setPayload(this.om.writeValueAsString(hashMap));
                jsonWebSignature.setKeyIdHeaderValue(str);
            });
        }).getResponse());
    }

    public Authorization getAuth(String str, String str2) throws Exception {
        return parseAuthorization(withNonce(str3 -> {
            return doJWSRequest(str2, str3, jsonWebSignature -> {
                jsonWebSignature.setPayload("");
                jsonWebSignature.setKeyIdHeaderValue(str);
            });
        }).getResponse());
    }

    private Authorization parseAuthorization(Response response) throws IOException {
        return (Authorization) this.om.readValue(response.getBodyAsStreamDecoded(), Authorization.class);
    }

    public void readyForChallenge(String str, String str2) throws Exception {
        parseChallenge(withNonce(str3 -> {
            return doJWSRequest(str2, str3, jsonWebSignature -> {
                jsonWebSignature.setPayload("{}");
                jsonWebSignature.setKeyIdHeaderValue(str);
            });
        }).getResponse());
    }

    public String downloadCertificate(String str, String str2) throws Exception {
        return withNonce(str3 -> {
            return doJWSRequest(str2, str3, jsonWebSignature -> {
                jsonWebSignature.setPayload("");
                jsonWebSignature.setKeyIdHeaderValue(str);
            });
        }).getResponse().getBodyAsStringDecoded();
    }

    public String getThumbprint() throws JoseException {
        return getPublicJwk().calculateBase64urlEncodedThumbprint("SHA-256");
    }

    private Key getPrivateKey() throws JoseException {
        String accountKey = this.asse.getAccountKey();
        if (accountKey != null) {
            EllipticCurveJsonWebKey ellipticCurveJsonWebKey = new EllipticCurveJsonWebKey(JsonUtil.parseJson(accountKey));
            this.privateKey = ellipticCurveJsonWebKey.getPrivateKey();
            this.publicJsonWebKey = ellipticCurveJsonWebKey;
        } else {
            if (LOG.isDebugEnabled()) {
                LOG.debug("acme: generating key");
            }
            EllipticCurveJsonWebKey generateKey = generateKey();
            this.privateKey = generateKey.getPrivateKey();
            this.asse.setAccountKey(generateKey.toJson(JsonWebKey.OutputControlLevel.INCLUDE_PRIVATE));
            this.publicJsonWebKey = generateKey;
        }
        return this.privateKey;
    }

    private EllipticCurveJsonWebKey generateKey() throws JoseException {
        EllipticCurveJsonWebKey generateJwk = EcJwkGenerator.generateJwk(EllipticCurves.getSpec("P-256"), (String) null, random);
        generateJwk.setKeyId(new BigInteger(130, random).toString(32));
        generateJwk.setUse("sig");
        generateJwk.setAlgorithm("ES256");
        return generateJwk;
    }

    public String getKey(String[] strArr) {
        return this.asse.getPrivateKey(strArr);
    }

    public String getCertificates(String[] strArr) {
        return this.asse.getCertChain(strArr);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AcmeSynchronizedStorageEngine getAsse() {
        return this.asse;
    }

    public void ensureAccountKeyExists() throws JoseException {
        getPrivateKey();
    }

    public List<String> getContacts() {
        return this.contacts;
    }

    public void setOALKey(String[] strArr, AcmeKeyPair acmeKeyPair) throws JsonProcessingException {
        this.asse.setOALKey(strArr, this.om.writeValueAsString(acmeKeyPair));
    }

    public AcmeKeyPair getOALKey(String[] strArr) throws JsonProcessingException {
        String oALKey = this.asse.getOALKey(strArr);
        if (oALKey == null) {
            return null;
        }
        return (AcmeKeyPair) this.om.readValue(oALKey, AcmeKeyPair.class);
    }

    public void setOALError(String[] strArr, AcmeErrorLog acmeErrorLog) throws JsonProcessingException {
        this.asse.setOALError(strArr, this.om.writeValueAsString(acmeErrorLog));
    }

    public AcmeErrorLog getOALError(String[] strArr) throws JsonProcessingException {
        String oALError = this.asse.getOALError(strArr);
        if (oALError == null) {
            return null;
        }
        return (AcmeErrorLog) this.om.readValue(oALError, AcmeErrorLog.class);
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
        LOG = LoggerFactory.getLogger(AcmeClient.class);
        random = new SecureRandom();
        sdf = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssXXX");
    }
}
