package org.opencms.letsencrypt;

import com.google.common.collect.ArrayListMultimap;
import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import de.malkusch.whoisServerList.publicSuffixList.PublicSuffixList;
import de.malkusch.whoisServerList.publicSuffixList.PublicSuffixListFactory;
import java.io.IOException;
import java.io.InputStream;
import java.net.InetAddress;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.UnknownHostException;
import java.security.MessageDigest;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.IdentityHashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.logging.Log;
import org.opencms.json.JSONArray;
import org.opencms.json.JSONObject;
import org.opencms.letsencrypt.CmsLetsEncryptConfiguration;
import org.opencms.main.CmsLog;
import org.opencms.report.I_CmsReport;
import org.opencms.site.CmsSSLMode;
import org.opencms.site.CmsSite;
import org.opencms.site.CmsSiteManagerImpl;
import org.opencms.site.CmsSiteMatcher;
import org.opencms.ui.apps.Messages;
import org.opencms.util.CmsStringUtil;

/* loaded from: input_file:org/opencms/letsencrypt/CmsSiteConfigToLetsEncryptConfigConverter.class */
public class CmsSiteConfigToLetsEncryptConfigConverter {
    public static final boolean GROUPING_DISABLED = true;
    private CmsLetsEncryptConfiguration m_config;
    private I_CmsLetsEncryptUpdater m_configUpdater;
    static final Log LOG = CmsLog.getLog(CmsSiteConfigToLetsEncryptConfigConverter.class);
    private static Object LOCK = new Object();
    private static SuffixListCache SUFFIX_LIST_CACHE = new SuffixListCache();

    /* loaded from: input_file:org/opencms/letsencrypt/CmsSiteConfigToLetsEncryptConfigConverter$DomainGrouping.class */
    public static class DomainGrouping {
        private List<Set<String>> m_domainGroups = Lists.newArrayList();

        public void addDomainSet(Set<String> set) {
            if (set.isEmpty()) {
                return;
            }
            this.m_domainGroups.add(set);
        }

        public String generateCertJson() {
            try {
                JSONObject jSONObject = new JSONObject();
                for (Set<String> set : this.m_domainGroups) {
                    String computeName = computeName(set);
                    if (computeName != null) {
                        jSONObject.put(computeName, new JSONArray((Collection<?>) set));
                    }
                }
                return jSONObject.toString();
            } catch (Exception e) {
                CmsSiteConfigToLetsEncryptConfigConverter.LOG.error(e.getLocalizedMessage(), e);
                return null;
            }
        }

        public Set<String> getUnresolvableDomains() {
            HashSet newHashSet = Sets.newHashSet();
            Iterator<Set<String>> it = this.m_domainGroups.iterator();
            while (it.hasNext()) {
                for (String str : it.next()) {
                    try {
                        InetAddress.getByName(str);
                    } catch (SecurityException e) {
                        CmsSiteConfigToLetsEncryptConfigConverter.LOG.error(e.getLocalizedMessage(), e);
                    } catch (UnknownHostException e2) {
                        newHashSet.add(str);
                    }
                }
            }
            return newHashSet;
        }

        public boolean isEmpty() {
            return this.m_domainGroups.isEmpty();
        }

        private String computeName(Set<String> set) {
            try {
                ArrayList newArrayList = Lists.newArrayList(set);
                Collections.sort(newArrayList);
                String str = (String) newArrayList.get(0);
                MessageDigest messageDigest = MessageDigest.getInstance("MD5");
                Iterator it = newArrayList.iterator();
                while (it.hasNext()) {
                    messageDigest.update(((String) it.next()).getBytes("UTF-8"));
                    messageDigest.update((byte) 10);
                }
                return str + "-" + new String(Hex.encodeHex(messageDigest.digest()));
            } catch (Exception e) {
                CmsSiteConfigToLetsEncryptConfigConverter.LOG.error(e.getLocalizedMessage(), e);
                return null;
            }
        }
    }

    /* loaded from: input_file:org/opencms/letsencrypt/CmsSiteConfigToLetsEncryptConfigConverter$SiteDomainInfo.class */
    public static class SiteDomainInfo {
        private String m_commonRootDomain;
        private Set<String> m_domains;
        private boolean m_invalidPort;

        public SiteDomainInfo(Set<String> set, String str, boolean z) {
            this.m_domains = Sets.newHashSet();
            this.m_domains = set;
            this.m_commonRootDomain = str;
            this.m_invalidPort = z;
        }

        public String getCommonRootDomain() {
            return this.m_commonRootDomain;
        }

        public Set<String> getDomains() {
            return this.m_domains;
        }

        public boolean hasInvalidPort() {
            return this.m_invalidPort;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/opencms/letsencrypt/CmsSiteConfigToLetsEncryptConfigConverter$SuffixListCache.class */
    public static class SuffixListCache {
        private PublicSuffixList m_suffixList;
        private long m_timestamp = -1;

        SuffixListCache() {
        }

        public synchronized PublicSuffixList getPublicSuffixList() {
            long currentTimeMillis = System.currentTimeMillis();
            if (this.m_suffixList == null || currentTimeMillis - this.m_timestamp > 3600000) {
                PublicSuffixListFactory publicSuffixListFactory = new PublicSuffixListFactory();
                try {
                    InputStream resourceAsStream = CmsSiteConfigToLetsEncryptConfigConverter.class.getResourceAsStream("public_suffix_list.dat");
                    try {
                        this.m_suffixList = publicSuffixListFactory.build(resourceAsStream);
                        this.m_timestamp = currentTimeMillis;
                        if (resourceAsStream != null) {
                            resourceAsStream.close();
                        }
                    } finally {
                    }
                } catch (IOException e) {
                    CmsSiteConfigToLetsEncryptConfigConverter.LOG.error(e.getLocalizedMessage(), e);
                }
            }
            return this.m_suffixList;
        }
    }

    public CmsSiteConfigToLetsEncryptConfigConverter(CmsLetsEncryptConfiguration cmsLetsEncryptConfiguration) {
        this.m_config = cmsLetsEncryptConfiguration;
        this.m_configUpdater = new CmsLetsEncryptUpdater(cmsLetsEncryptConfiguration);
    }

    private static SiteDomainInfo getDomainInfo(CmsSite cmsSite) {
        ArrayList newArrayList = Lists.newArrayList();
        Iterator<CmsSiteMatcher> it = cmsSite.getAllMatchers().iterator();
        while (it.hasNext()) {
            newArrayList.add(it.next().getUrl());
        }
        return getDomainInfo(newArrayList);
    }

    private static SiteDomainInfo getDomainInfo(Collection<String> collection) {
        HashSet newHashSet = Sets.newHashSet();
        HashSet newHashSet2 = Sets.newHashSet();
        boolean z = false;
        for (String str : collection) {
            try {
                URI uri = new URI(str);
                int port = uri.getPort();
                if (port != 80 && port != 443 && port != -1) {
                    z = true;
                }
                String domainRoot = getDomainRoot(uri);
                if (domainRoot == null) {
                    LOG.warn("Host is not under public suffix, skipping it: " + uri);
                } else {
                    newHashSet2.add(uri.getHost());
                    newHashSet.add(domainRoot);
                }
            } catch (URISyntaxException e) {
                LOG.warn("getDomainInfo: invalid URI " + str, e);
            }
        }
        return new SiteDomainInfo(newHashSet2, newHashSet.size() == 1 ? (String) newHashSet.iterator().next() : null, z);
    }

    private static String getDomainRoot(URI uri) {
        return SUFFIX_LIST_CACHE.getPublicSuffixList().getRegistrableDomain(uri.getHost());
    }

    private static Set<String> getDomains(Collection<SiteDomainInfo> collection) {
        HashSet newHashSet = Sets.newHashSet();
        Iterator<SiteDomainInfo> it = collection.iterator();
        while (it.hasNext()) {
            Iterator<String> it2 = it.next().getDomains().iterator();
            while (it2.hasNext()) {
                newHashSet.add(it2.next());
            }
        }
        return newHashSet;
    }

    public boolean run(I_CmsReport i_CmsReport, CmsSiteManagerImpl cmsSiteManagerImpl) {
        boolean run;
        synchronized (LOCK) {
            IdentityHashMap identityHashMap = new IdentityHashMap();
            for (CmsSite cmsSite : cmsSiteManagerImpl.getSites().values()) {
                if (cmsSite.getSSLMode() == CmsSSLMode.LETS_ENCRYPT) {
                    identityHashMap.put(cmsSite, cmsSite);
                }
            }
            run = run(i_CmsReport, Lists.newArrayList(identityHashMap.values()), cmsSiteManagerImpl.getWorkplaceServers(CmsSSLMode.LETS_ENCRYPT));
        }
        return run;
    }

    private DomainGrouping computeDomainGrouping(Collection<CmsSite> collection, Collection<String> collection2) {
        DomainGrouping domainGrouping = new DomainGrouping();
        if (LOG.isInfoEnabled()) {
            LOG.info("Computing domain grouping for sites...");
            ArrayList newArrayList = Lists.newArrayList();
            Iterator<CmsSite> it = collection.iterator();
            while (it.hasNext()) {
                newArrayList.add(it.next().getUrl());
            }
            LOG.info("SITES = " + CmsStringUtil.listAsString(newArrayList, ", "));
        }
        CmsLetsEncryptConfiguration.Mode mode = this.m_config.getMode();
        boolean z = mode == CmsLetsEncryptConfiguration.Mode.all || mode == CmsLetsEncryptConfiguration.Mode.sites;
        if (mode == CmsLetsEncryptConfiguration.Mode.all || mode == CmsLetsEncryptConfiguration.Mode.workplace) {
            HashSet newHashSet = Sets.newHashSet();
            Iterator<String> it2 = collection2.iterator();
            while (it2.hasNext()) {
                try {
                    newHashSet.add(new URI(it2.next()).getHost());
                } catch (Exception e) {
                    LOG.error(e.getLocalizedMessage(), e);
                }
            }
            domainGrouping.addDomainSet(newHashSet);
        }
        if (z) {
            ArrayListMultimap create = ArrayListMultimap.create();
            ArrayList newArrayList2 = Lists.newArrayList();
            for (CmsSite cmsSite : collection) {
                SiteDomainInfo domainInfo = getDomainInfo(cmsSite);
                if (domainInfo.hasInvalidPort()) {
                    LOG.warn("Invalid port occuring in site definition: " + cmsSite);
                } else {
                    if (domainInfo.getCommonRootDomain() != null) {
                    }
                    newArrayList2.add(domainInfo);
                }
            }
            ArrayList newArrayList3 = Lists.newArrayList();
            for (String str : create.keySet()) {
                Collection collection3 = create.get(str);
                if (getDomains(collection3).size() > 100) {
                    LOG.info("Too many domains for root domain " + str + ", splitting them up by site instead.");
                    newArrayList3.add(str);
                    Iterator it3 = collection3.iterator();
                    while (it3.hasNext()) {
                        newArrayList2.add((SiteDomainInfo) it3.next());
                    }
                }
            }
            Iterator it4 = newArrayList3.iterator();
            while (it4.hasNext()) {
                create.removeAll((String) it4.next());
            }
            Iterator it5 = newArrayList2.iterator();
            while (it5.hasNext()) {
                Set<String> domains = getDomains(Collections.singletonList((SiteDomainInfo) it5.next()));
                domainGrouping.addDomainSet(domains);
                LOG.info("DOMAINS (site config): " + domains);
            }
            for (String str2 : create.keySet()) {
                Set<String> domains2 = getDomains(create.get(str2));
                domainGrouping.addDomainSet(domains2);
                LOG.info("DOMAINS (" + str2 + ")" + domains2);
            }
        }
        return domainGrouping;
    }

    private boolean run(I_CmsReport i_CmsReport, Collection<CmsSite> collection, Collection<String> collection2) {
        try {
            DomainGrouping computeDomainGrouping = computeDomainGrouping(collection, collection2);
            if (computeDomainGrouping.isEmpty()) {
                i_CmsReport.println(Messages.get().container(Messages.RPT_LETSENCRYPT_NO_DOMAINS_0));
                return false;
            }
            if (this.m_configUpdater.update(computeDomainGrouping.generateCertJson())) {
                return true;
            }
            i_CmsReport.println(Messages.get().container(Messages.RPT_LETSENCRYPT_UPDATE_FAILED_0), 1);
            return false;
        } catch (Exception e) {
            i_CmsReport.println(e);
            return false;
        }
    }
}
