package org.shredzone.acme4j.connector;

import edu.umd.cs.findbugs.annotations.Nullable;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URL;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.security.KeyPair;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.time.Instant;
import java.time.ZoneId;
import java.time.ZonedDateTime;
import java.time.format.DateTimeFormatter;
import java.time.format.DateTimeParseException;
import java.util.Collection;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.function.Consumer;
import java.util.function.Predicate;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import java.util.zip.GZIPInputStream;
import org.shredzone.acme4j.Login;
import org.shredzone.acme4j.Problem;
import org.shredzone.acme4j.Session;
import org.shredzone.acme4j.exception.AcmeException;
import org.shredzone.acme4j.exception.AcmeNetworkException;
import org.shredzone.acme4j.exception.AcmeProtocolException;
import org.shredzone.acme4j.exception.AcmeRateLimitedException;
import org.shredzone.acme4j.exception.AcmeServerException;
import org.shredzone.acme4j.exception.AcmeUnauthorizedException;
import org.shredzone.acme4j.exception.AcmeUserActionRequiredException;
import org.shredzone.acme4j.toolbox.AcmeUtils;
import org.shredzone.acme4j.toolbox.JSON;
import org.shredzone.acme4j.toolbox.JSONBuilder;
import org.shredzone.acme4j.toolbox.JoseUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/shredzone/acme4j/connector/DefaultConnection.class */
public class DefaultConnection implements Connection {
    private static final int HTTP_OK = 200;
    private static final int HTTP_CREATED = 201;
    private static final int HTTP_NO_CONTENT = 204;
    private static final int HTTP_NOT_MODIFIED = 304;
    private static final String ACCEPT_HEADER = "Accept";
    private static final String ACCEPT_CHARSET_HEADER = "Accept-Charset";
    private static final String ACCEPT_LANGUAGE_HEADER = "Accept-Language";
    private static final String ACCEPT_ENCODING_HEADER = "Accept-Encoding";
    private static final String CACHE_CONTROL_HEADER = "Cache-Control";
    private static final String CONTENT_TYPE_HEADER = "Content-Type";
    private static final String DATE_HEADER = "Date";
    private static final String EXPIRES_HEADER = "Expires";
    private static final String IF_MODIFIED_SINCE_HEADER = "If-Modified-Since";
    private static final String LAST_MODIFIED_HEADER = "Last-Modified";
    private static final String LINK_HEADER = "Link";
    private static final String LOCATION_HEADER = "Location";
    private static final String REPLAY_NONCE_HEADER = "Replay-Nonce";
    private static final String RETRY_AFTER_HEADER = "Retry-After";
    private static final String DEFAULT_CHARSET = "utf-8";
    private static final String MIME_JSON = "application/json";
    private static final String MIME_JSON_PROBLEM = "application/problem+json";
    private static final String MIME_CERTIFICATE_CHAIN = "application/pem-certificate-chain";
    private static final int MAX_ATTEMPTS = 10;
    protected final HttpConnector httpConnector;
    protected final HttpClient httpClient;

    @Nullable
    protected HttpResponse<InputStream> lastResponse;
    private static final Logger LOG = LoggerFactory.getLogger(DefaultConnection.class);
    private static final URI BAD_NONCE_ERROR = URI.create("urn:ietf:params:acme:error:badNonce");
    private static final Pattern NO_CACHE_PATTERN = Pattern.compile("(?:^|.*?,)\\s*no-(?:cache|store)\\s*(?:,.*|$)", 2);
    private static final Pattern MAX_AGE_PATTERN = Pattern.compile("(?:^|.*?,)\\s*max-age=(\\d+)\\s*(?:,.*|$)", 2);
    private static final Pattern DIGITS_ONLY_PATTERN = Pattern.compile("^\\d+$");

    public DefaultConnection(HttpConnector httpConnector) {
        this.httpConnector = (HttpConnector) Objects.requireNonNull(httpConnector, "httpConnector");
        this.httpClient = httpConnector.createClientBuilder().build();
    }

    @Override // org.shredzone.acme4j.connector.Connection
    public void resetNonce(Session session) throws AcmeException {
        assertConnectionIsClosed();
        try {
            try {
                session.setNonce(null);
                URL resourceUrl = session.resourceUrl(Resource.NEW_NONCE);
                LOG.debug("HEAD {}", resourceUrl);
                sendRequest(session, resourceUrl, builder -> {
                    builder.method("HEAD", HttpRequest.BodyPublishers.noBody());
                });
                logHeaders();
                int statusCode = getResponse().statusCode();
                if (statusCode != HTTP_OK && statusCode != HTTP_NO_CONTENT) {
                    throwAcmeException();
                }
                session.setNonce(getNonce().orElseThrow(() -> {
                    return new AcmeProtocolException("Server did not provide a nonce");
                }));
                close();
            } catch (IOException e) {
                throw new AcmeNetworkException(e);
            }
        } catch (Throwable th) {
            close();
            throw th;
        }
    }

    @Override // org.shredzone.acme4j.connector.Connection
    public int sendRequest(URL url, Session session, @Nullable ZonedDateTime zonedDateTime) throws AcmeException {
        Objects.requireNonNull(url, "url");
        Objects.requireNonNull(session, "session");
        assertConnectionIsClosed();
        LOG.debug("GET {}", url);
        try {
            sendRequest(session, url, builder -> {
                builder.GET();
                builder.header(ACCEPT_HEADER, MIME_JSON);
                if (zonedDateTime != null) {
                    builder.header(IF_MODIFIED_SINCE_HEADER, zonedDateTime.format(DateTimeFormatter.RFC_1123_DATE_TIME));
                }
            });
            logHeaders();
            Optional<String> nonce = getNonce();
            Objects.requireNonNull(session);
            nonce.ifPresent(session::setNonce);
            int statusCode = getResponse().statusCode();
            if (statusCode != HTTP_OK && statusCode != HTTP_CREATED && (statusCode != HTTP_NOT_MODIFIED || zonedDateTime == null)) {
                throwAcmeException();
            }
            return statusCode;
        } catch (IOException e) {
            throw new AcmeNetworkException(e);
        }
    }

    @Override // org.shredzone.acme4j.connector.Connection
    public int sendCertificateRequest(URL url, Login login) throws AcmeException {
        return sendSignedRequest(url, null, login.getSession(), login.getKeyPair(), login.getAccountLocation(), MIME_CERTIFICATE_CHAIN);
    }

    @Override // org.shredzone.acme4j.connector.Connection
    public int sendSignedPostAsGetRequest(URL url, Login login) throws AcmeException {
        return sendSignedRequest(url, null, login.getSession(), login.getKeyPair(), login.getAccountLocation(), MIME_JSON);
    }

    @Override // org.shredzone.acme4j.connector.Connection
    public int sendSignedRequest(URL url, JSONBuilder jSONBuilder, Login login) throws AcmeException {
        return sendSignedRequest(url, jSONBuilder, login.getSession(), login.getKeyPair(), login.getAccountLocation(), MIME_JSON);
    }

    @Override // org.shredzone.acme4j.connector.Connection
    public int sendSignedRequest(URL url, JSONBuilder jSONBuilder, Session session, KeyPair keyPair) throws AcmeException {
        return sendSignedRequest(url, jSONBuilder, session, keyPair, null, MIME_JSON);
    }

    @Override // org.shredzone.acme4j.connector.Connection
    public JSON readJsonResponse() throws AcmeException {
        expectContentType(Set.of(MIME_JSON, MIME_JSON_PROBLEM));
        try {
            InputStream responseBody = getResponseBody();
            try {
                JSON parse = JSON.parse(responseBody);
                LOG.debug("Result JSON: {}", parse);
                if (responseBody != null) {
                    responseBody.close();
                }
                return parse;
            } finally {
            }
        } catch (IOException e) {
            throw new AcmeNetworkException(e);
        }
    }

    @Override // org.shredzone.acme4j.connector.Connection
    public List<X509Certificate> readCertificates() throws AcmeException {
        expectContentType(Set.of(MIME_CERTIFICATE_CHAIN));
        try {
            TrimmingInputStream trimmingInputStream = new TrimmingInputStream(getResponseBody());
            try {
                Stream<? extends Certificate> stream = CertificateFactory.getInstance("X.509").generateCertificates(trimmingInputStream).stream();
                Class<X509Certificate> cls = X509Certificate.class;
                Objects.requireNonNull(X509Certificate.class);
                List<X509Certificate> list = (List) stream.map((v1) -> {
                    return r1.cast(v1);
                }).collect(Collectors.toUnmodifiableList());
                trimmingInputStream.close();
                return list;
            } finally {
            }
        } catch (IOException e) {
            throw new AcmeNetworkException(e);
        } catch (CertificateException e2) {
            throw new AcmeProtocolException("Failed to read certificate", e2);
        }
    }

    @Override // org.shredzone.acme4j.connector.Connection
    public Optional<String> getNonce() {
        Optional<String> filter = getResponse().headers().firstValue(REPLAY_NONCE_HEADER).map((v0) -> {
            return v0.trim();
        }).filter(Predicate.not((v0) -> {
            return v0.isEmpty();
        }));
        if (filter.isPresent()) {
            String str = filter.get();
            if (!AcmeUtils.isValidBase64Url(str)) {
                throw new AcmeProtocolException("Invalid replay nonce: " + str);
            }
            LOG.debug("Replay Nonce: {}", str);
        }
        return filter;
    }

    @Override // org.shredzone.acme4j.connector.Connection
    public URL getLocation() {
        return (URL) getResponse().headers().firstValue(LOCATION_HEADER).map(str -> {
            LOG.debug("Location: {}", str);
            return str;
        }).map(this::resolveRelative).orElseThrow(() -> {
            return new AcmeProtocolException("location header is missing");
        });
    }

    @Override // org.shredzone.acme4j.connector.Connection
    public Optional<ZonedDateTime> getLastModified() {
        return getResponse().headers().firstValue(LAST_MODIFIED_HEADER).map(str -> {
            try {
                return ZonedDateTime.parse(str, DateTimeFormatter.RFC_1123_DATE_TIME);
            } catch (DateTimeParseException e) {
                LOG.debug("Ignored invalid Last-Modified date: {}", str, e);
                return null;
            }
        });
    }

    @Override // org.shredzone.acme4j.connector.Connection
    public Optional<ZonedDateTime> getExpiration() {
        Optional filter = getResponse().headers().firstValue(CACHE_CONTROL_HEADER).filter(Predicate.not(str -> {
            return NO_CACHE_PATTERN.matcher(str).matches();
        }));
        Pattern pattern = MAX_AGE_PATTERN;
        Objects.requireNonNull(pattern);
        Optional<ZonedDateTime> map = filter.map((v1) -> {
            return r1.matcher(v1);
        }).filter((v0) -> {
            return v0.matches();
        }).map(matcher -> {
            return Integer.valueOf(Integer.parseInt(matcher.group(1)));
        }).filter(num -> {
            return num.intValue() != 0;
        }).map(num2 -> {
            return ZonedDateTime.now(ZoneId.of("UTC")).plusSeconds(num2.intValue());
        });
        return map.isPresent() ? map : getResponse().headers().firstValue(EXPIRES_HEADER).flatMap(str2 -> {
            try {
                return Optional.of(ZonedDateTime.parse(str2, DateTimeFormatter.RFC_1123_DATE_TIME));
            } catch (DateTimeParseException e) {
                LOG.debug("Ignored invalid Expires date: {}", str2, e);
                return Optional.empty();
            }
        });
    }

    @Override // org.shredzone.acme4j.connector.Connection
    public Collection<URL> getLinks(String str) {
        return (Collection) collectLinks(str).stream().map(this::resolveRelative).collect(Collectors.toUnmodifiableList());
    }

    @Override // org.shredzone.acme4j.connector.Connection, java.lang.AutoCloseable
    public void close() {
        this.lastResponse = null;
    }

    protected void sendRequest(Session session, URL url, Consumer<HttpRequest.Builder> consumer) throws IOException {
        try {
            HttpRequest.Builder header = this.httpConnector.createRequestBuilder(url).header(ACCEPT_CHARSET_HEADER, DEFAULT_CHARSET).header(ACCEPT_LANGUAGE_HEADER, session.getLanguageHeader());
            if (session.networkSettings().isCompressionEnabled()) {
                header.header(ACCEPT_ENCODING_HEADER, "gzip");
            }
            consumer.accept(header);
            this.lastResponse = this.httpClient.send(header.build(), HttpResponse.BodyHandlers.ofInputStream());
        } catch (InterruptedException e) {
            throw new IOException("Request was interrupted", e);
        }
    }

    protected int sendSignedRequest(URL url, @Nullable JSONBuilder jSONBuilder, Session session, KeyPair keyPair, @Nullable URL url2, String str) throws AcmeException {
        Objects.requireNonNull(url, "url");
        Objects.requireNonNull(session, "session");
        Objects.requireNonNull(keyPair, "keypair");
        Objects.requireNonNull(str, "accept");
        assertConnectionIsClosed();
        int i = 1;
        while (true) {
            try {
                return performRequest(url, jSONBuilder, session, keyPair, url2, str);
            } catch (AcmeServerException e) {
                if (!BAD_NONCE_ERROR.equals(e.getType())) {
                    throw e;
                }
                if (i == MAX_ATTEMPTS) {
                    throw e;
                }
                LOG.info("Bad Replay Nonce, trying again (attempt {}/{})", Integer.valueOf(i), Integer.valueOf(MAX_ATTEMPTS));
                i++;
            }
        }
    }

    private int performRequest(URL url, @Nullable JSONBuilder jSONBuilder, Session session, KeyPair keyPair, @Nullable URL url2, String str) throws AcmeException {
        try {
            if (session.getNonce() == null) {
                resetNonce(session);
            }
            String jSONBuilder2 = JoseUtils.createJoseRequest(url, keyPair, jSONBuilder, session.getNonce(), url2 != null ? url2.toString() : null).toString();
            sendRequest(session, url, builder -> {
                builder.POST(HttpRequest.BodyPublishers.ofString(jSONBuilder2));
                builder.header(ACCEPT_HEADER, str);
                builder.header(CONTENT_TYPE_HEADER, "application/jose+json");
            });
            logHeaders();
            session.setNonce(getNonce().orElse(null));
            int statusCode = getResponse().statusCode();
            if (statusCode != HTTP_OK && statusCode != HTTP_CREATED) {
                throwAcmeException();
            }
            return statusCode;
        } catch (IOException e) {
            throw new AcmeNetworkException(e);
        }
    }

    @Override // org.shredzone.acme4j.connector.Connection
    public Optional<Instant> getRetryAfter() {
        return getResponse().headers().firstValue(RETRY_AFTER_HEADER).map(this::parseRetryAfterHeader);
    }

    private Instant parseRetryAfterHeader(String str) {
        try {
            if (!DIGITS_ONLY_PATTERN.matcher(str).matches()) {
                return ZonedDateTime.parse(str, DateTimeFormatter.RFC_1123_DATE_TIME).toInstant();
            }
            return ((Instant) getResponse().headers().firstValue(DATE_HEADER).map(str2 -> {
                return ZonedDateTime.parse(str2, DateTimeFormatter.RFC_1123_DATE_TIME).toInstant();
            }).orElseGet(Instant::now)).plusSeconds(Integer.parseInt(str));
        } catch (RuntimeException e) {
            throw new AcmeProtocolException("Bad retry-after header value: " + str, e);
        }
    }

    private InputStream getResponseBody() throws IOException {
        InputStream inputStream = (InputStream) getResponse().body();
        if (inputStream == null) {
            throw new AcmeProtocolException("Unexpected empty response");
        }
        String str = "gzip";
        if (getResponse().headers().firstValue("Content-Encoding").filter(str::equalsIgnoreCase).isPresent()) {
            inputStream = new GZIPInputStream(inputStream);
        }
        return inputStream;
    }

    private void throwAcmeException() throws AcmeException {
        try {
            Optional map = getResponse().headers().firstValue(CONTENT_TYPE_HEADER).map(AcmeUtils::getContentType);
            String str = MIME_JSON_PROBLEM;
            if (map.filter((v1) -> {
                return r1.equals(v1);
            }).isEmpty()) {
                throw new AcmeException("HTTP " + getResponse().statusCode());
            }
            Problem problem = new Problem(readJsonResponse(), getResponse().request().uri().toURL());
            String stripErrorPrefix = AcmeUtils.stripErrorPrefix(problem.getType().toString());
            if ("unauthorized".equals(stripErrorPrefix)) {
                throw new AcmeUnauthorizedException(problem);
            }
            if ("userActionRequired".equals(stripErrorPrefix)) {
                throw new AcmeUserActionRequiredException(problem, (URI) collectLinks("terms-of-service").stream().findFirst().map(this::resolveUri).orElse(null));
            }
            if (!"rateLimited".equals(stripErrorPrefix)) {
                throw new AcmeServerException(problem);
            }
            Optional<Instant> retryAfter = getRetryAfter();
            throw new AcmeRateLimitedException(problem, retryAfter.orElse(null), getLinks("help"));
        } catch (IOException e) {
            throw new AcmeNetworkException(e);
        }
    }

    private void expectContentType(Set<String> set) {
        String str = (String) getResponse().headers().firstValue(CONTENT_TYPE_HEADER).map(AcmeUtils::getContentType).orElseThrow(() -> {
            return new AcmeProtocolException("No content type header found");
        });
        if (!set.contains(str)) {
            throw new AcmeProtocolException("Unexpected content type: " + str);
        }
    }

    private HttpResponse<InputStream> getResponse() {
        if (this.lastResponse == null) {
            throw new IllegalStateException("Not connected.");
        }
        return this.lastResponse;
    }

    private void assertConnectionIsClosed() {
        if (this.lastResponse != null) {
            throw new IllegalStateException("Previous connection is not closed.");
        }
    }

    private void logHeaders() {
        if (LOG.isDebugEnabled()) {
            getResponse().headers().map().forEach((str, list) -> {
                list.forEach(str -> {
                    LOG.debug("HEADER {}: {}", str, str);
                });
            });
        }
    }

    private Collection<String> collectLinks(String str) {
        Pattern compile = Pattern.compile("<(.*?)>\\s*;\\s*rel=\"?" + Pattern.quote(str) + "\"?");
        Stream stream = getResponse().headers().allValues(LINK_HEADER).stream();
        Objects.requireNonNull(compile);
        return (Collection) stream.map((v1) -> {
            return r1.matcher(v1);
        }).filter((v0) -> {
            return v0.matches();
        }).map(matcher -> {
            return matcher.group(1);
        }).peek(str2 -> {
            LOG.debug("Link: {} -> {}", str, str2);
        }).collect(Collectors.toUnmodifiableList());
    }

    private URL resolveRelative(String str) {
        try {
            return resolveUri(str).toURL();
        } catch (MalformedURLException e) {
            throw new AcmeProtocolException("Cannot resolve relative link: " + str, e);
        }
    }

    private URI resolveUri(String str) {
        return getResponse().request().uri().resolve(str);
    }
}
