package cc.blynk.server.acme;

import java.io.File;
import java.io.FileReader;
import java.io.FileWriter;
import java.io.IOException;
import java.security.KeyPair;
import java.util.Iterator;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.shredzone.acme4j.Account;
import org.shredzone.acme4j.AccountBuilder;
import org.shredzone.acme4j.Authorization;
import org.shredzone.acme4j.Certificate;
import org.shredzone.acme4j.Order;
import org.shredzone.acme4j.Session;
import org.shredzone.acme4j.Status;
import org.shredzone.acme4j.challenge.Http01Challenge;
import org.shredzone.acme4j.exception.AcmeException;
import org.shredzone.acme4j.util.CSRBuilder;
import org.shredzone.acme4j.util.KeyPairUtils;

/* loaded from: input_file:cc/blynk/server/acme/AcmeClient.class */
public class AcmeClient {
    private static final Logger log = LogManager.getLogger((Class<?>) AcmeClient.class);
    private static final File USER_KEY_FILE = new File("user.pem");
    public static final File DOMAIN_KEY_FILE = new File("privkey.pem");
    public static final File DOMAIN_CHAIN_FILE = new File("fullchain.crt");
    private static final String PRODUCTION = "acme://letsencrypt.org";
    private static final int KEY_SIZE = 2048;
    private static final int ATTEMPTS = 10;
    private static final long WAIT_MILLIS = 3000;
    private final String letsEncryptUrl;
    private final String email;
    private final String host;
    private final ContentHolder contentHolder;

    public AcmeClient(String str, String str2, ContentHolder contentHolder) {
        this(PRODUCTION, str, str2, contentHolder);
    }

    public AcmeClient(String str, String str2, String str3, ContentHolder contentHolder) {
        this.letsEncryptUrl = str;
        this.email = str2;
        this.host = str3;
        this.contentHolder = contentHolder;
    }

    public void requestCertificate() throws Exception {
        log.info("Starting up certificate retrieval process for host {} and email {}.", this.host, this.email);
        fetchCertificate(this.email, this.host);
    }

    private void fetchCertificate(String str, String str2) throws IOException, AcmeException {
        Account create = new AccountBuilder().agreeToTermsOfService().useKeyPair(loadOrCreateKeyPair(USER_KEY_FILE)).addEmail(str).create(new Session(this.letsEncryptUrl));
        log.info("Registered a new user, URL: {}", create.getLocation());
        KeyPair loadOrCreateKeyPair = loadOrCreateKeyPair(DOMAIN_KEY_FILE);
        Order create2 = create.newOrder().domain(str2).create();
        Iterator<Authorization> it = create2.getAuthorizations().iterator();
        while (it.hasNext()) {
            authorize(it.next());
        }
        CSRBuilder cSRBuilder = new CSRBuilder();
        cSRBuilder.addDomain(str2);
        cSRBuilder.setOrganization("Blynk Inc.");
        cSRBuilder.sign(loadOrCreateKeyPair);
        create2.execute(cSRBuilder.getEncoded());
        int i = 10;
        while (create2.getStatus() != Status.VALID) {
            try {
                int i2 = i;
                i--;
                if (i2 <= 0) {
                    break;
                }
                if (create2.getStatus() == Status.INVALID) {
                    throw new AcmeException("Order failed... Giving up.");
                }
                Thread.sleep(WAIT_MILLIS);
                create2.update();
            } catch (InterruptedException e) {
                log.error("interrupted", (Throwable) e);
            }
        }
        Certificate certificate = create2.getCertificate();
        if (certificate != null) {
            FileWriter fileWriter = new FileWriter(DOMAIN_CHAIN_FILE);
            Throwable th = null;
            try {
                certificate.writeCertificate(fileWriter);
                if (fileWriter != null) {
                    if (0 != 0) {
                        try {
                            fileWriter.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileWriter.close();
                    }
                }
                log.info("Overriding certificate. Expiration date is : {}", certificate.getCertificate().getNotAfter());
            } catch (Throwable th3) {
                if (fileWriter != null) {
                    if (0 != 0) {
                        try {
                            fileWriter.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        fileWriter.close();
                    }
                }
                throw th3;
            }
        }
    }

    private KeyPair loadOrCreateKeyPair(File file) throws IOException {
        if (file.exists()) {
            FileReader fileReader = new FileReader(file);
            Throwable th = null;
            try {
                KeyPair readKeyPair = KeyPairUtils.readKeyPair(fileReader);
                if (fileReader != null) {
                    if (0 != 0) {
                        try {
                            fileReader.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileReader.close();
                    }
                }
                return readKeyPair;
            } catch (Throwable th3) {
                if (fileReader != null) {
                    if (0 != 0) {
                        try {
                            fileReader.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        fileReader.close();
                    }
                }
                throw th3;
            }
        }
        KeyPair createKeyPair = KeyPairUtils.createKeyPair(2048);
        FileWriter fileWriter = new FileWriter(file);
        Throwable th5 = null;
        try {
            try {
                KeyPairUtils.writeKeyPair(createKeyPair, fileWriter);
                if (fileWriter != null) {
                    if (0 != 0) {
                        try {
                            fileWriter.close();
                        } catch (Throwable th6) {
                            th5.addSuppressed(th6);
                        }
                    } else {
                        fileWriter.close();
                    }
                }
                return createKeyPair;
            } finally {
            }
        } catch (Throwable th7) {
            if (fileWriter != null) {
                if (th5 != null) {
                    try {
                        fileWriter.close();
                    } catch (Throwable th8) {
                        th5.addSuppressed(th8);
                    }
                } else {
                    fileWriter.close();
                }
            }
            throw th7;
        }
    }

    private void authorize(Authorization authorization) throws AcmeException {
        log.info("Starting authorization for domain {}", authorization.getIdentifier().getDomain());
        Http01Challenge httpChallenge = httpChallenge(authorization);
        if (httpChallenge == null) {
            throw new AcmeException("No challenge found");
        }
        this.contentHolder.content = httpChallenge.getAuthorization();
        if (httpChallenge.getStatus() == Status.VALID) {
            return;
        }
        httpChallenge.trigger();
        int i = 10;
        while (httpChallenge.getStatus() != Status.VALID) {
            try {
                int i2 = i;
                i--;
                if (i2 <= 0) {
                    break;
                }
                if (httpChallenge.getStatus() == Status.INVALID) {
                    throw new AcmeException("Challenge failed... Giving up.");
                }
                Thread.sleep(WAIT_MILLIS);
                httpChallenge.update();
            } catch (InterruptedException e) {
                log.error("interrupted", (Throwable) e);
                return;
            }
        }
        if (httpChallenge.getStatus() != Status.VALID) {
            throw new AcmeException("Failed to pass the challenge for domain " + authorization.getIdentifier().getDomain() + ", ... Giving up.");
        }
    }

    private Http01Challenge httpChallenge(Authorization authorization) throws AcmeException {
        Http01Challenge http01Challenge = (Http01Challenge) authorization.findChallenge(Http01Challenge.TYPE);
        if (http01Challenge == null) {
            throw new AcmeException("Found no http-01 challenge, don't know what to do...");
        }
        log.debug("http://{}/.well-known/acme-challenge/{}", authorization.getIdentifier().getDomain(), http01Challenge.getToken());
        log.debug("Content: {}", http01Challenge.getAuthorization());
        return http01Challenge;
    }
}
