package org.shredzone.acme4j.connector;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.security.KeyPair;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.time.Instant;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import javax.annotation.CheckForNull;
import javax.annotation.Nullable;
import javax.annotation.ParametersAreNonnullByDefault;
import org.shredzone.acme4j.Login;
import org.shredzone.acme4j.Problem;
import org.shredzone.acme4j.Session;
import org.shredzone.acme4j.exception.AcmeException;
import org.shredzone.acme4j.exception.AcmeNetworkException;
import org.shredzone.acme4j.exception.AcmeProtocolException;
import org.shredzone.acme4j.exception.AcmeRateLimitedException;
import org.shredzone.acme4j.exception.AcmeRetryAfterException;
import org.shredzone.acme4j.exception.AcmeServerException;
import org.shredzone.acme4j.exception.AcmeUnauthorizedException;
import org.shredzone.acme4j.exception.AcmeUserActionRequiredException;
import org.shredzone.acme4j.toolbox.AcmeUtils;
import org.shredzone.acme4j.toolbox.JSON;
import org.shredzone.acme4j.toolbox.JSONBuilder;
import org.shredzone.acme4j.toolbox.JoseUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ParametersAreNonnullByDefault
/* loaded from: input_file:org/shredzone/acme4j/connector/DefaultConnection.class */
public class DefaultConnection implements Connection {
    private static final String ACCEPT_HEADER = "Accept";
    private static final String ACCEPT_CHARSET_HEADER = "Accept-Charset";
    private static final String ACCEPT_LANGUAGE_HEADER = "Accept-Language";
    private static final String CONTENT_TYPE_HEADER = "Content-Type";
    private static final String DATE_HEADER = "Date";
    private static final String LINK_HEADER = "Link";
    private static final String LOCATION_HEADER = "Location";
    private static final String REPLAY_NONCE_HEADER = "Replay-Nonce";
    private static final String RETRY_AFTER_HEADER = "Retry-After";
    private static final String DEFAULT_CHARSET = "utf-8";
    private static final String MIME_JSON = "application/json";
    private static final String MIME_JSON_PROBLEM = "application/problem+json";
    private static final String MIME_CERTIFICATE_CHAIN = "application/pem-certificate-chain";
    private static final int MAX_ATTEMPTS = 10;
    protected final HttpConnector httpConnector;
    protected HttpURLConnection conn;
    private static final Logger LOG = LoggerFactory.getLogger(DefaultConnection.class);
    private static final URI BAD_NONCE_ERROR = URI.create("urn:ietf:params:acme:error:badNonce");

    public DefaultConnection(HttpConnector httpConnector) {
        this.httpConnector = (HttpConnector) Objects.requireNonNull(httpConnector, "httpConnector");
    }

    @Override // org.shredzone.acme4j.connector.Connection
    public void resetNonce(Session session) throws AcmeException {
        assertConnectionIsClosed();
        try {
            try {
                session.setNonce(null);
                URL resourceUrl = session.resourceUrl(Resource.NEW_NONCE);
                LOG.debug("HEAD {}", resourceUrl);
                this.conn = this.httpConnector.openConnection(resourceUrl, session.getProxy());
                this.conn.setRequestMethod("HEAD");
                this.conn.setRequestProperty(ACCEPT_LANGUAGE_HEADER, session.getLocale().toLanguageTag());
                this.conn.connect();
                logHeaders();
                int responseCode = this.conn.getResponseCode();
                if (responseCode != 200 && responseCode != 204) {
                    throwAcmeException();
                }
                String nonce = getNonce();
                if (nonce == null) {
                    throw new AcmeProtocolException("Server did not provide a nonce");
                }
                session.setNonce(nonce);
                this.conn = null;
            } catch (IOException e) {
                throw new AcmeNetworkException(e);
            }
        } catch (Throwable th) {
            this.conn = null;
            throw th;
        }
    }

    @Override // org.shredzone.acme4j.connector.Connection
    public void sendRequest(URL url, Session session) throws AcmeException {
        sendRequest(url, session, MIME_JSON);
    }

    @Override // org.shredzone.acme4j.connector.Connection
    public int sendCertificateRequest(URL url, Login login) throws AcmeException {
        return sendSignedRequest(url, null, login.getSession(), login.getKeyPair(), login.getAccountLocation(), MIME_CERTIFICATE_CHAIN);
    }

    @Override // org.shredzone.acme4j.connector.Connection
    public int sendSignedPostAsGetRequest(URL url, Login login) throws AcmeException {
        return sendSignedRequest(url, null, login.getSession(), login.getKeyPair(), login.getAccountLocation(), MIME_JSON);
    }

    @Override // org.shredzone.acme4j.connector.Connection
    public int sendSignedRequest(URL url, JSONBuilder jSONBuilder, Login login) throws AcmeException {
        return sendSignedRequest(url, jSONBuilder, login.getSession(), login.getKeyPair(), login.getAccountLocation(), MIME_JSON);
    }

    @Override // org.shredzone.acme4j.connector.Connection
    public int sendSignedRequest(URL url, JSONBuilder jSONBuilder, Session session, KeyPair keyPair) throws AcmeException {
        return sendSignedRequest(url, jSONBuilder, session, keyPair, null, MIME_JSON);
    }

    @Override // org.shredzone.acme4j.connector.Connection
    @CheckForNull
    public JSON readJsonResponse() throws AcmeException {
        assertConnectionIsOpen();
        if (this.conn.getContentLength() == 0) {
            return null;
        }
        String contentType = AcmeUtils.getContentType(this.conn.getHeaderField(CONTENT_TYPE_HEADER));
        if (!MIME_JSON.equals(contentType) && !MIME_JSON_PROBLEM.equals(contentType)) {
            throw new AcmeProtocolException("Unexpected content type: " + contentType);
        }
        JSON json = null;
        try {
            InputStream inputStream = this.conn.getResponseCode() < 400 ? this.conn.getInputStream() : this.conn.getErrorStream();
            if (inputStream != null) {
                json = JSON.parse(inputStream);
                LOG.debug("Result JSON: {}", json.toString());
            }
            return json;
        } catch (IOException e) {
            throw new AcmeNetworkException(e);
        }
    }

    @Override // org.shredzone.acme4j.connector.Connection
    public List<X509Certificate> readCertificates() throws AcmeException {
        assertConnectionIsOpen();
        String contentType = AcmeUtils.getContentType(this.conn.getHeaderField(CONTENT_TYPE_HEADER));
        if (!MIME_CERTIFICATE_CHAIN.equals(contentType)) {
            throw new AcmeProtocolException("Unexpected content type: " + contentType);
        }
        try {
            TrimmingInputStream trimmingInputStream = new TrimmingInputStream(this.conn.getInputStream());
            try {
                List<X509Certificate> list = (List) CertificateFactory.getInstance("X.509").generateCertificates(trimmingInputStream).stream().map(certificate -> {
                    return (X509Certificate) certificate;
                }).collect(Collectors.toList());
                trimmingInputStream.close();
                return list;
            } finally {
            }
        } catch (IOException e) {
            throw new AcmeNetworkException(e);
        } catch (CertificateException e2) {
            throw new AcmeProtocolException("Failed to read certificate", e2);
        }
    }

    @Override // org.shredzone.acme4j.connector.Connection
    public void handleRetryAfter(String str) throws AcmeException {
        assertConnectionIsOpen();
        Optional<Instant> retryAfterHeader = getRetryAfterHeader();
        if (retryAfterHeader.isPresent()) {
            throw new AcmeRetryAfterException(str, retryAfterHeader.get());
        }
    }

    @Override // org.shredzone.acme4j.connector.Connection
    @CheckForNull
    public String getNonce() {
        assertConnectionIsOpen();
        String headerField = this.conn.getHeaderField(REPLAY_NONCE_HEADER);
        if (headerField == null || headerField.trim().isEmpty()) {
            return null;
        }
        if (!AcmeUtils.isValidBase64Url(headerField)) {
            throw new AcmeProtocolException("Invalid replay nonce: " + headerField);
        }
        LOG.debug("Replay Nonce: {}", headerField);
        return headerField;
    }

    @Override // org.shredzone.acme4j.connector.Connection
    @CheckForNull
    public URL getLocation() {
        assertConnectionIsOpen();
        String headerField = this.conn.getHeaderField(LOCATION_HEADER);
        if (headerField == null) {
            return null;
        }
        LOG.debug("Location: {}", headerField);
        return resolveRelative(headerField);
    }

    @Override // org.shredzone.acme4j.connector.Connection
    public Collection<URL> getLinks(String str) {
        return (Collection) collectLinks(str).stream().map(this::resolveRelative).collect(Collectors.toList());
    }

    @Override // org.shredzone.acme4j.connector.Connection, java.lang.AutoCloseable
    public void close() {
        this.conn = null;
    }

    protected int sendRequest(URL url, Session session, String str) throws AcmeException {
        Objects.requireNonNull(url, "url");
        Objects.requireNonNull(session, "session");
        Objects.requireNonNull(str, "accept");
        assertConnectionIsClosed();
        LOG.debug("GET {}", url);
        try {
            this.conn = this.httpConnector.openConnection(url, session.getProxy());
            this.conn.setRequestMethod("GET");
            this.conn.setRequestProperty(ACCEPT_HEADER, str);
            this.conn.setRequestProperty(ACCEPT_CHARSET_HEADER, DEFAULT_CHARSET);
            this.conn.setRequestProperty(ACCEPT_LANGUAGE_HEADER, session.getLocale().toLanguageTag());
            this.conn.setDoOutput(false);
            this.conn.connect();
            logHeaders();
            String nonce = getNonce();
            if (nonce != null) {
                session.setNonce(nonce);
            }
            int responseCode = this.conn.getResponseCode();
            if (responseCode != 200 && responseCode != 201) {
                throwAcmeException();
            }
            return responseCode;
        } catch (IOException e) {
            throw new AcmeNetworkException(e);
        }
    }

    protected int sendSignedRequest(URL url, @Nullable JSONBuilder jSONBuilder, Session session, KeyPair keyPair, @Nullable URL url2, String str) throws AcmeException {
        Objects.requireNonNull(url, "url");
        Objects.requireNonNull(session, "session");
        Objects.requireNonNull(keyPair, "keypair");
        Objects.requireNonNull(str, "accept");
        assertConnectionIsClosed();
        AcmeServerException acmeServerException = null;
        for (int i = 1; i <= MAX_ATTEMPTS; i++) {
            try {
                return performRequest(url, jSONBuilder, session, keyPair, url2, str);
            } catch (AcmeServerException e) {
                if (!BAD_NONCE_ERROR.equals(e.getType())) {
                    throw e;
                }
                acmeServerException = e;
                LOG.info("Bad Replay Nonce, trying again (attempt {}/{})", Integer.valueOf(i), Integer.valueOf(MAX_ATTEMPTS));
            }
        }
        throw new AcmeException("Too many reattempts", acmeServerException);
    }

    private int performRequest(URL url, @Nullable JSONBuilder jSONBuilder, Session session, KeyPair keyPair, @Nullable URL url2, String str) throws AcmeException {
        try {
            if (session.getNonce() == null) {
                resetNonce(session);
            }
            this.conn = this.httpConnector.openConnection(url, session.getProxy());
            this.conn.setRequestMethod("POST");
            this.conn.setRequestProperty(ACCEPT_HEADER, str);
            this.conn.setRequestProperty(ACCEPT_CHARSET_HEADER, DEFAULT_CHARSET);
            this.conn.setRequestProperty(ACCEPT_LANGUAGE_HEADER, session.getLocale().toLanguageTag());
            this.conn.setRequestProperty(CONTENT_TYPE_HEADER, "application/jose+json");
            this.conn.setDoOutput(true);
            byte[] bytes = JoseUtils.createJoseRequest(url, keyPair, jSONBuilder, session.getNonce(), url2 != null ? url2.toString() : null).toString().getBytes(StandardCharsets.UTF_8);
            this.conn.setFixedLengthStreamingMode(bytes.length);
            this.conn.connect();
            OutputStream outputStream = this.conn.getOutputStream();
            try {
                outputStream.write(bytes);
                if (outputStream != null) {
                    outputStream.close();
                }
                logHeaders();
                session.setNonce(getNonce());
                int responseCode = this.conn.getResponseCode();
                if (responseCode != 200 && responseCode != 201) {
                    throwAcmeException();
                }
                return responseCode;
            } finally {
            }
        } catch (IOException e) {
            throw new AcmeNetworkException(e);
        }
    }

    private Optional<Instant> getRetryAfterHeader() {
        String headerField = this.conn.getHeaderField(RETRY_AFTER_HEADER);
        if (headerField != null) {
            try {
                if (headerField.matches("^\\d+$")) {
                    return Optional.of(Instant.ofEpochMilli(this.conn.getHeaderFieldDate(DATE_HEADER, System.currentTimeMillis())).plusSeconds(Integer.parseInt(headerField)));
                }
                long headerFieldDate = this.conn.getHeaderFieldDate(RETRY_AFTER_HEADER, 0L);
                if (headerFieldDate != 0) {
                    return Optional.of(Instant.ofEpochMilli(headerFieldDate));
                }
            } catch (Exception e) {
                throw new AcmeProtocolException("Bad retry-after header value: " + headerField, e);
            }
        }
        return Optional.empty();
    }

    private void throwAcmeException() throws AcmeException {
        try {
            if (!MIME_JSON_PROBLEM.equals(AcmeUtils.getContentType(this.conn.getHeaderField(CONTENT_TYPE_HEADER)))) {
                throw new AcmeException("HTTP " + this.conn.getResponseCode() + ": " + this.conn.getResponseMessage());
            }
            JSON readJsonResponse = readJsonResponse();
            if (readJsonResponse == null) {
                throw new AcmeProtocolException("Empty problem response");
            }
            Problem problem = new Problem(readJsonResponse, this.conn.getURL());
            String stripErrorPrefix = AcmeUtils.stripErrorPrefix(problem.getType().toString());
            if ("unauthorized".equals(stripErrorPrefix)) {
                throw new AcmeUnauthorizedException(problem);
            }
            if ("userActionRequired".equals(stripErrorPrefix)) {
                throw new AcmeUserActionRequiredException(problem, (URI) collectLinks("terms-of-service").stream().findFirst().map(this::resolveUri).orElse(null));
            }
            if (!"rateLimited".equals(stripErrorPrefix)) {
                throw new AcmeServerException(problem);
            }
            throw new AcmeRateLimitedException(problem, getRetryAfterHeader().orElse(null), getLinks("urn:ietf:params:acme:documentation"));
        } catch (IOException e) {
            throw new AcmeNetworkException(e);
        }
    }

    private void assertConnectionIsOpen() {
        if (this.conn == null) {
            throw new IllegalStateException("Not connected.");
        }
    }

    private void assertConnectionIsClosed() {
        if (this.conn != null) {
            throw new IllegalStateException("Previous connection is not closed.");
        }
    }

    private void logHeaders() {
        if (LOG.isDebugEnabled()) {
            this.conn.getHeaderFields().forEach((str, list) -> {
                list.forEach(str -> {
                    LOG.debug("HEADER {}: {}", str, str);
                });
            });
        }
    }

    private Collection<String> collectLinks(String str) {
        assertConnectionIsOpen();
        ArrayList arrayList = new ArrayList();
        List<String> list = this.conn.getHeaderFields().get(LINK_HEADER);
        if (list != null) {
            Pattern compile = Pattern.compile("<(.*?)>\\s*;\\s*rel=\"?" + Pattern.quote(str) + "\"?");
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                Matcher matcher = compile.matcher(it.next());
                if (matcher.matches()) {
                    String group = matcher.group(1);
                    LOG.debug("Link: {} -> {}", str, group);
                    arrayList.add(group);
                }
            }
        }
        return arrayList;
    }

    @CheckForNull
    private URL resolveRelative(@Nullable String str) {
        if (str == null) {
            return null;
        }
        assertConnectionIsOpen();
        try {
            return new URL(this.conn.getURL(), str);
        } catch (MalformedURLException e) {
            throw new AcmeProtocolException("Cannot resolve relative link: " + str, e);
        }
    }

    @CheckForNull
    private URI resolveUri(@Nullable String str) {
        if (str == null) {
            return null;
        }
        try {
            return this.conn.getURL().toURI().resolve(str);
        } catch (URISyntaxException e) {
            throw new AcmeProtocolException("Invalid URI", e);
        }
    }
}
