package cn.apisium.uniporter.acme;

import cn.apisium.uniporter.Constants;
import cn.apisium.uniporter.Uniporter;
import cn.apisium.uniporter.libs.org.jose4j.jwx.KeyValidationSupport;
import cn.apisium.uniporter.libs.org.shredzone.acme4j.AccountBuilder;
import cn.apisium.uniporter.libs.org.shredzone.acme4j.Authorization;
import cn.apisium.uniporter.libs.org.shredzone.acme4j.Certificate;
import cn.apisium.uniporter.libs.org.shredzone.acme4j.Order;
import cn.apisium.uniporter.libs.org.shredzone.acme4j.Session;
import cn.apisium.uniporter.libs.org.shredzone.acme4j.Status;
import cn.apisium.uniporter.libs.org.shredzone.acme4j.challenge.Http01Challenge;
import cn.apisium.uniporter.libs.org.shredzone.acme4j.exception.AcmeException;
import cn.apisium.uniporter.libs.org.shredzone.acme4j.util.CSRBuilder;
import cn.apisium.uniporter.libs.org.shredzone.acme4j.util.KeyPairUtils;
import cn.apisium.uniporter.router.exception.IllegalHttpStateException;
import cn.apisium.uniporter.server.SimpleServer;
import io.netty.buffer.Unpooled;
import io.netty.channel.ChannelFutureListener;
import io.netty.channel.ChannelHandler;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelPipeline;
import io.netty.channel.SimpleChannelInboundHandler;
import io.netty.handler.codec.http.DefaultFullHttpResponse;
import io.netty.handler.codec.http.FullHttpRequest;
import io.netty.handler.codec.http.HttpHeaderNames;
import io.netty.handler.codec.http.HttpObjectAggregator;
import io.netty.handler.codec.http.HttpRequestDecoder;
import io.netty.handler.codec.http.HttpResponseEncoder;
import io.netty.handler.codec.http.HttpResponseStatus;
import io.netty.handler.codec.http.HttpVersion;
import io.netty.handler.stream.ChunkedWriteHandler;
import java.io.File;
import java.io.FileOutputStream;
import java.io.FileReader;
import java.io.FileWriter;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.concurrent.CountDownLatch;
import java.util.logging.Logger;

/* loaded from: input_file:cn/apisium/uniporter/acme/Authorizer.class */
public class Authorizer extends SimpleChannelInboundHandler<FullHttpRequest> {
    public static SimpleServer server;
    final Logger logger;
    final Session session;
    final File database;
    final KeyPair keyPair;
    final Uniporter plugin;
    boolean authorized;
    Http01Challenge currentChallenge;
    static final /* synthetic */ boolean $assertionsDisabled;
    final CSRBuilder csrb = new CSRBuilder();
    CountDownLatch latch = new CountDownLatch(1);

    public static KeyPair createOrLoadKey(File file, String str) throws IOException {
        KeyPair createKeyPair;
        File file2 = new File(file, str + ".pem");
        if (file2.exists()) {
            FileReader fileReader = new FileReader(file2);
            Throwable th = null;
            try {
                try {
                    createKeyPair = KeyPairUtils.readKeyPair(fileReader);
                    if (fileReader != null) {
                        if (0 != 0) {
                            try {
                                fileReader.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileReader.close();
                        }
                    }
                } finally {
                }
            } catch (Throwable th3) {
                if (fileReader != null) {
                    if (th != null) {
                        try {
                            fileReader.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        fileReader.close();
                    }
                }
                throw th3;
            }
        } else {
            createKeyPair = KeyPairUtils.createKeyPair(KeyValidationSupport.MIN_RSA_KEY_LENGTH);
            FileWriter fileWriter = new FileWriter(file2);
            Throwable th5 = null;
            try {
                try {
                    KeyPairUtils.writeKeyPair(createKeyPair, fileWriter);
                    if (fileWriter != null) {
                        if (0 != 0) {
                            try {
                                fileWriter.close();
                            } catch (Throwable th6) {
                                th5.addSuppressed(th6);
                            }
                        } else {
                            fileWriter.close();
                        }
                    }
                } finally {
                }
            } catch (Throwable th7) {
                if (fileWriter != null) {
                    if (th5 != null) {
                        try {
                            fileWriter.close();
                        } catch (Throwable th8) {
                            th5.addSuppressed(th8);
                        }
                    } else {
                        fileWriter.close();
                    }
                }
                throw th7;
            }
        }
        return createKeyPair;
    }

    public Authorizer(Uniporter uniporter) throws IOException {
        this.plugin = uniporter;
        this.logger = uniporter.getLogger();
        this.logger.info("Start order certificate");
        this.authorized = uniporter.getConfig().getBoolean("authorized", false);
        this.session = new Session(Uniporter.isDebug() ? "https://acme-staging-v02.api.letsencrypt.org/directory" : "https://acme-v02.api.letsencrypt.org/directory");
        this.database = new File(uniporter.getDataFolder(), "keys");
        if (this.database.exists()) {
            String[] list = this.database.list();
            if (!$assertionsDisabled && list == null) {
                throw new AssertionError();
            }
            for (String str : list) {
                new File(this.database.getPath(), str).delete();
            }
        }
        if (!this.database.exists() && !this.database.mkdirs()) {
            throw new IOException("Failed to create " + this.database.getPath());
        }
        this.logger.info("Reading Keypair");
        this.keyPair = createOrLoadKey(this.database, "keypair.pem");
        this.logger.info("Creating HTTP challenge server");
        if (server != null) {
            server.getFuture().channel().close();
            server.getFuture().channel().closeFuture().syncUninterruptibly();
        }
        server = new SimpleServer(80, channel -> {
            ChannelPipeline pipeline = channel.pipeline();
            pipeline.addLast(new ChannelHandler[]{new HttpRequestDecoder()});
            pipeline.addLast(new ChannelHandler[]{new HttpObjectAggregator(1048576)});
            pipeline.addLast(new ChannelHandler[]{new HttpResponseEncoder()});
            pipeline.addLast(new ChannelHandler[]{new ChunkedWriteHandler()});
            pipeline.addLast(new ChannelHandler[]{new SimpleChannelInboundHandler<FullHttpRequest>() { // from class: cn.apisium.uniporter.acme.Authorizer.1
                /* JADX INFO: Access modifiers changed from: protected */
                public void channelRead0(ChannelHandlerContext channelHandlerContext, FullHttpRequest fullHttpRequest) {
                    Authorizer.this.channelRead0(channelHandlerContext, fullHttpRequest);
                }
            }});
        });
        new Thread(() -> {
            try {
                server.start();
                this.logger.info("HTTP challenge server created");
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        }).start();
    }

    public void order() throws AcmeException, InterruptedException, IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException {
        this.logger.info("Ordering certificate");
        Order create = new AccountBuilder().addContact("mailto:" + this.plugin.getConfig().getString("email", "temp@example.com")).agreeToTermsOfService().useKeyPair(this.keyPair).create(this.session).newOrder().domains((String[]) this.plugin.getConfig().getStringList("domains").toArray(new String[0])).create();
        for (Authorization authorization : create.getAuthorizations()) {
            this.logger.info("Processing " + authorization.getIdentifier().getDomain());
            if (authorization.getStatus() == Status.PENDING) {
                process(authorization);
                this.csrb.addDomain(authorization.getIdentifier().getDomain());
                this.logger.info("Processed " + authorization.getIdentifier().getDomain());
            }
        }
        this.csrb.setOrganization(this.plugin.getConfig().getString("organization", "Uniporter User"));
        KeyPair createOrLoadKey = createOrLoadKey(this.database, "private.pem");
        this.csrb.sign(createOrLoadKey);
        byte[] encoded = this.csrb.getEncoded();
        this.csrb.write(new FileWriter(new File(this.database, "keys.csr")));
        create.execute(encoded);
        int i = 10;
        while (create.getStatus() != Status.VALID && i > 0) {
            i--;
            this.logger.info("Waiting for order status, " + i + " time(s) left.");
            Thread.sleep(3000L);
            create.update();
        }
        if (create.getStatus() != Status.VALID) {
            throw new IllegalStateException("ACME Timeout");
        }
        Certificate certificate = create.getCertificate();
        if (!$assertionsDisabled && certificate == null) {
            throw new AssertionError();
        }
        X509Certificate certificate2 = certificate.getCertificate();
        char[] charArray = Uniporter.getRouteConfig().getSslKeyStorePassword().toCharArray();
        KeyStore keyStore = KeyStore.getInstance(Constants.KEY_STORE_FORMAT);
        keyStore.load(null, charArray);
        keyStore.setCertificateEntry("letsencrypt", certificate2);
        keyStore.setKeyEntry("letsencrypt_private", createOrLoadKey.getPrivate(), charArray, (java.security.cert.Certificate[]) certificate.getCertificateChain().toArray(new X509Certificate[0]));
        keyStore.store(new FileOutputStream(Uniporter.getRouteConfig().getKeyStore().getPath()), charArray);
    }

    protected void process(Authorization authorization) throws AcmeException, InterruptedException {
        this.currentChallenge = (Http01Challenge) authorization.findChallenge(Http01Challenge.class);
        if (!$assertionsDisabled && this.currentChallenge == null) {
            throw new AssertionError();
        }
        this.currentChallenge.trigger();
        int i = 10;
        this.logger.info("Token: " + this.currentChallenge.getToken());
        this.logger.info("Content: " + this.currentChallenge.getAuthorization());
        while (authorization.getStatus() != Status.VALID && i > 0) {
            i--;
            this.logger.info("Waiting for auth status, " + i + "time(s) left, current status " + authorization.getStatus());
            Thread.sleep(3000L);
            authorization.update();
        }
        if (authorization.getStatus() != Status.VALID) {
            throw new IllegalStateException("ACME Timeout");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void channelRead0(ChannelHandlerContext channelHandlerContext, FullHttpRequest fullHttpRequest) {
        try {
            if (!fullHttpRequest.uri().contains(".well-known/acme-challenge")) {
                throw new IllegalStateException();
            }
            String replaceAll = fullHttpRequest.uri().substring(fullHttpRequest.uri().lastIndexOf(".well-known/acme-challenge") + ".well-known/acme-challenge".length()).replaceAll("[/]", "");
            this.logger.info("Accessing token: " + replaceAll);
            if (this.currentChallenge == null || !this.currentChallenge.getToken().equalsIgnoreCase(replaceAll)) {
                IllegalHttpStateException.send(channelHandlerContext, HttpResponseStatus.NOT_FOUND, "Not a valid token");
            } else {
                DefaultFullHttpResponse defaultFullHttpResponse = new DefaultFullHttpResponse(HttpVersion.HTTP_1_1, HttpResponseStatus.OK, Unpooled.copiedBuffer(this.currentChallenge.getAuthorization(), StandardCharsets.UTF_8));
                defaultFullHttpResponse.headers().set(HttpHeaderNames.CONTENT_TYPE, "text/plain");
                channelHandlerContext.writeAndFlush(defaultFullHttpResponse).addListener(ChannelFutureListener.CLOSE);
                this.latch.countDown();
            }
        } catch (Throwable th) {
            IllegalHttpStateException.send(channelHandlerContext, th);
        }
    }

    static {
        $assertionsDisabled = !Authorizer.class.desiredAssertionStatus();
        server = null;
    }
}
