package de.trustable.ca3s.acmeproxy.web.api;

import de.trustable.ca3s.acmeproxy.config.RequestProxyConfig;
import de.trustable.ca3s.acmeproxy.service.api.dto.DirectoryResponse;
import de.trustable.ca3s.acmeproxy.service.dto.problem.AcmeProblemException;
import de.trustable.ca3s.acmeproxy.service.dto.problem.ProblemDetail;
import de.trustable.ca3s.acmeproxy.web.rest.ACMEController;
import java.net.URI;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.CacheControl;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.stereotype.Component;
import org.springframework.util.MultiValueMap;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.servlet.support.ServletUriComponentsBuilder;

@Component
/* loaded from: input_file:BOOT-INF/classes/de/trustable/ca3s/acmeproxy/web/api/AcmeApiImpl.class */
public class AcmeApiImpl implements AcmeApiDelegate {
    public static final String ACME_ERROR_URI_NAMESPACE = "urn:ietf:params:acme:error";
    public static final URI REALM_DOES_NOT_EXIST = URI.create("urn:ietf:params:acme:error:accountDoesNotExist");
    public static final URI NO_INSTANCE = null;
    public static final String REPLAY_NONCE_HEADER = "Replay-Nonce";
    private final String targetUrl;
    private final RequestProxyConfig requestProxyConfig;
    transient Logger LOG = LoggerFactory.getLogger((Class<?>) AcmeApiImpl.class);
    private final RestTemplate restTemplate = new RestTemplate();
    private final Set<String> forwardResponseHeaderSet = new HashSet();

    public AcmeApiImpl(@Value("${acme.proxy.remote.server:http://localhost:8080}") String str, @Value("${acme.proxy.headers.forward.response:Location,Link,Replay-Nonce,Retry-After,Content-Type}") String[] strArr, RequestProxyConfig requestProxyConfig) {
        this.targetUrl = str + "/acme/{realm}/";
        this.requestProxyConfig = requestProxyConfig;
        this.forwardResponseHeaderSet.addAll(Arrays.asList(strArr));
        this.LOG.debug("remoteAcmeServer: '{}'", str);
        this.LOG.debug("target ACME server Url: '{}'", this.targetUrl);
        this.LOG.debug("forward response header headers: '{}'", Arrays.asList(strArr));
        this.restTemplate.setRequestFactory(new HttpComponentsClientHttpRequestFactory());
    }

    @Override // de.trustable.ca3s.acmeproxy.web.api.AcmeApiDelegate
    public ResponseEntity<Object> changeKey(String str, String str2, MultiValueMap<String, String> multiValueMap) {
        String str3 = this.targetUrl + "acct/changeKey";
        checkRealm(str, str3);
        this.LOG.debug("forwarding {}/acct/changeKey", str);
        return logResponseEntity(handleResponseEntity(this.restTemplate.exchange(str3, HttpMethod.POST, buildHttpEntity(multiValueMap, str2), Object.class, str)));
    }

    @Override // de.trustable.ca3s.acmeproxy.web.api.AcmeApiDelegate
    public ResponseEntity<Object> consumingPostedJws1(String str, String str2, MultiValueMap<String, String> multiValueMap) {
        String str3 = this.targetUrl + "newOrder";
        checkRealm(str, str3);
        this.LOG.debug("forwarding {}/newOrder", str);
        return logResponseEntity(handleResponseEntity(this.restTemplate.exchange(str3, HttpMethod.POST, buildHttpEntity(multiValueMap, str2), Object.class, str)));
    }

    @Override // de.trustable.ca3s.acmeproxy.web.api.AcmeApiDelegate
    public ResponseEntity<Object> consumingPostedJws2(String str, String str2, MultiValueMap<String, String> multiValueMap) {
        String str3 = this.targetUrl + "newAccount";
        checkRealm(str, str3);
        this.LOG.debug("forwarding {}/newAccount", str);
        return logResponseEntity(handleResponseEntity(this.restTemplate.exchange(str3, HttpMethod.POST, buildHttpEntity(multiValueMap, str2), Object.class, str)));
    }

    @Override // de.trustable.ca3s.acmeproxy.web.api.AcmeApiDelegate
    public ResponseEntity<Object> finalizeOrder(Long l, String str, String str2, MultiValueMap<String, String> multiValueMap) {
        String str3 = this.targetUrl + "order/finalize/{orderId}";
        checkRealm(str, str3);
        this.LOG.debug("forwarding {}/order/finalize/{}", str, l);
        return logResponseEntity(handleResponseEntity(this.restTemplate.exchange(str3, HttpMethod.POST, buildHttpEntity(multiValueMap, str2), Object.class, str, l)));
    }

    @Override // de.trustable.ca3s.acmeproxy.web.api.AcmeApiDelegate
    public ResponseEntity<Object> getAccountOrders(Long l, String str, String str2, String str3, MultiValueMap<String, String> multiValueMap) {
        String str4 = this.targetUrl + "acct/{accountId}/orders";
        checkRealm(str, str4);
        this.LOG.debug("forwarding {}/acct/{}/orders", str, l);
        return logResponseEntity(handleResponseEntity(this.restTemplate.exchange(str4, HttpMethod.POST, buildHttpEntity(multiValueMap, str2), Object.class, str, l)));
    }

    @Override // de.trustable.ca3s.acmeproxy.web.api.AcmeApiDelegate
    public ResponseEntity<Object> getAuthorization(Long l, String str, MultiValueMap<String, String> multiValueMap) {
        String str2 = this.targetUrl + "authorization/{authorizationId}";
        checkRealm(str, str2);
        this.LOG.debug("forwarding {}/authorization/{}", str, l);
        return logResponseEntity(handleResponseEntity(this.restTemplate.exchange(str2, HttpMethod.GET, buildHttpEntity(multiValueMap), Object.class, str, l)));
    }

    @Override // de.trustable.ca3s.acmeproxy.web.api.AcmeApiDelegate
    public ResponseEntity<Object> getCertificatePKIX(Long l, String str, MultiValueMap<String, String> multiValueMap) {
        String str2 = this.targetUrl + "cert/{certId}";
        checkRealm(str, str2);
        this.LOG.debug("forwarding {}/cert/{}", str, l);
        return logResponseEntity(handleResponseEntity(this.restTemplate.exchange(str2, HttpMethod.GET, buildHttpEntity(multiValueMap), Object.class, str, l)));
    }

    @Override // de.trustable.ca3s.acmeproxy.web.api.AcmeApiDelegate
    public ResponseEntity<Object> getChallenge(Long l, String str, MultiValueMap<String, String> multiValueMap) {
        String str2 = this.targetUrl + "challenge/{challengeId}";
        checkRealm(str, str2);
        this.LOG.debug("forwarding {}/challenge/{}", str, l);
        return logResponseEntity(handleResponseEntity(this.restTemplate.exchange(str2, HttpMethod.GET, buildHttpEntity(multiValueMap), Object.class, str, l)));
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // de.trustable.ca3s.acmeproxy.web.api.AcmeApiDelegate
    public ResponseEntity<DirectoryResponse> getDirectory(String str, MultiValueMap<String, String> multiValueMap) {
        String str2 = this.targetUrl + "directory";
        checkRealm(str, str2);
        this.LOG.debug("forwarding GET {}/directory", str);
        ResponseEntity exchange = this.restTemplate.exchange(str2, HttpMethod.GET, buildHttpEntity(multiValueMap), DirectoryResponse.class, str);
        return ResponseEntity.status(exchange.getStatusCode()).headers(filterResponseHttpHeaders(exchange)).body((DirectoryResponse) exchange.getBody());
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // de.trustable.ca3s.acmeproxy.web.api.AcmeApiDelegate
    public ResponseEntity<DirectoryResponse> getDirectoryPost(String str, MultiValueMap<String, String> multiValueMap) {
        String str2 = this.targetUrl + "directory";
        checkRealm(str, str2);
        this.LOG.debug("forwarding POST {}/directory", str);
        ResponseEntity exchange = this.restTemplate.exchange(str2, HttpMethod.POST, buildHttpEntity(multiValueMap), DirectoryResponse.class, str);
        return ResponseEntity.status(exchange.getStatusCode()).headers(filterResponseHttpHeaders(exchange)).body((DirectoryResponse) exchange.getBody());
    }

    @Override // de.trustable.ca3s.acmeproxy.web.api.AcmeApiDelegate
    public ResponseEntity<Object> postAsGetOrder(Long l, String str, String str2, MultiValueMap<String, String> multiValueMap) {
        String str3 = this.targetUrl + "order/{orderId}";
        checkRealm(str, str3);
        this.LOG.debug("forwarding {}/order/{}", str, l);
        return logResponseEntity(handleResponseEntity(this.restTemplate.exchange(str3, HttpMethod.POST, buildHttpEntity(multiValueMap, str2), Object.class, str, l)));
    }

    @Override // de.trustable.ca3s.acmeproxy.web.api.AcmeApiDelegate
    public ResponseEntity<Object> postAuthorization(Long l, String str, String str2, MultiValueMap<String, String> multiValueMap) {
        String str3 = this.targetUrl + "authorization/{authorizationId}";
        checkRealm(str, str3);
        this.LOG.debug("forwarding {}/authorization/{}", str, l);
        return logResponseEntity(handleResponseEntity(this.restTemplate.exchange(str3, HttpMethod.POST, buildHttpEntity(multiValueMap, str2), Object.class, str, l)));
    }

    @Override // de.trustable.ca3s.acmeproxy.web.api.AcmeApiDelegate
    public ResponseEntity<Object> postChallenge(Long l, String str, String str2, MultiValueMap<String, String> multiValueMap) {
        String str3 = this.targetUrl + "challenge/{challengeId}";
        checkRealm(str, str3);
        this.LOG.debug("forwarding {}/challenge/{}", str, l);
        return logResponseEntity(handleResponseEntity(this.restTemplate.exchange(str3, HttpMethod.POST, buildHttpEntity(multiValueMap, str2), Object.class, str, l)));
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // de.trustable.ca3s.acmeproxy.web.api.AcmeApiDelegate
    public ResponseEntity<?> retrieveCertificate(String str, Long l, String str2, String str3, String str4, MultiValueMap<String, String> multiValueMap) {
        String str5 = this.targetUrl + "cert/{certId}";
        checkRealm(str2, str5);
        String first = multiValueMap.getFirst("Accept");
        this.LOG.debug("forwarding {}/cert/{} with media type {}", str2, l, first);
        if (ACMEController.APPLICATION_PKIX_CERT_VALUE.equals(first)) {
            ResponseEntity exchange = this.restTemplate.exchange(str5, HttpMethod.POST, buildHttpEntity(multiValueMap, str3), byte[].class, str2, l);
            return logResponseEntity(ResponseEntity.status(exchange.getStatusCode()).headers(filterResponseHttpHeaders(exchange)).body((byte[]) exchange.getBody()));
        }
        ResponseEntity exchange2 = this.restTemplate.exchange(str5, HttpMethod.POST, buildHttpEntity(multiValueMap, str3), String.class, str2, l);
        return logResponseEntity(ResponseEntity.status(exchange2.getStatusCode()).headers(filterResponseHttpHeaders(exchange2)).body((String) exchange2.getBody()));
    }

    @Override // de.trustable.ca3s.acmeproxy.web.api.AcmeApiDelegate
    public ResponseEntity<?> revokeCertificate(String str, String str2, MultiValueMap<String, String> multiValueMap) {
        String str3 = this.targetUrl + "cert/revoke";
        checkRealm(str, str3);
        this.LOG.debug("forwarding {}/cert/revoke", str);
        return logResponseEntity(handleResponseEntity(this.restTemplate.exchange(str3, HttpMethod.POST, buildHttpEntity(multiValueMap, str2), Object.class, str)));
    }

    @Override // de.trustable.ca3s.acmeproxy.web.api.AcmeApiDelegate
    public ResponseEntity<?> updateAccount(Long l, String str, String str2, MultiValueMap<String, String> multiValueMap) {
        String str3 = this.targetUrl + "acct/{accountId}";
        checkRealm(str, str3);
        this.LOG.debug("forwarding {}/acct/{}", str, l);
        return logResponseEntity(handleResponseEntity(this.restTemplate.exchange(str3, HttpMethod.POST, buildHttpEntity(multiValueMap, str2), Object.class, str, l)));
    }

    /* JADX WARN: Type inference failed for: r1v4, types: [org.springframework.http.ResponseEntity$HeadersBuilder] */
    @Override // de.trustable.ca3s.acmeproxy.web.api.AcmeApiDelegate
    public ResponseEntity<String> viaGet(String str, MultiValueMap<String, String> multiValueMap) {
        String str2 = this.targetUrl + "newNonce";
        checkRealm(str, str2);
        ResponseEntity exchange = this.restTemplate.exchange(str2, HttpMethod.GET, buildHttpEntity(), String.class, str);
        this.LOG.debug("forwarding GET {}/newNonce : {}", str, exchange.getHeaders().getFirst(REPLAY_NONCE_HEADER));
        return logResponseEntity(ResponseEntity.noContent().headers(filterResponseHttpHeaders(exchange)).cacheControl(CacheControl.noStore()).build());
    }

    /* JADX WARN: Type inference failed for: r1v4, types: [org.springframework.http.ResponseEntity$HeadersBuilder] */
    @Override // de.trustable.ca3s.acmeproxy.web.api.AcmeApiDelegate
    public ResponseEntity<String> viaPost(String str, MultiValueMap<String, String> multiValueMap) {
        String str2 = this.targetUrl + "newNonce";
        checkRealm(str, str2);
        ResponseEntity exchange = this.restTemplate.exchange(str2, HttpMethod.POST, buildHttpEntity(), String.class, str);
        this.LOG.debug("forwarding POST {}/newNonce: {}", str, exchange.getHeaders().getFirst(REPLAY_NONCE_HEADER));
        return logResponseEntity(ResponseEntity.noContent().headers(filterResponseHttpHeaders(exchange)).cacheControl(CacheControl.noStore()).build());
    }

    @Override // de.trustable.ca3s.acmeproxy.web.api.AcmeApiDelegate
    public ResponseEntity<String> viaHead(String str, MultiValueMap<String, String> multiValueMap) {
        checkRealm(str, this.targetUrl + "newNonce");
        this.LOG.debug("forwarding HEAD {}/newNonce", str);
        ResponseEntity<String> viaPost = viaPost(str, multiValueMap);
        multiValueMap.addAll(filterResponseHttpHeaders(viaPost));
        return new ResponseEntity<>("", multiValueMap, viaPost.getStatusCode());
    }

    <T> ResponseEntity<T> logResponseEntity(ResponseEntity<T> responseEntity) {
        HttpHeaders headers = responseEntity.getHeaders();
        for (String str : responseEntity.getHeaders().keySet()) {
            this.LOG.debug("response header {} : {}", str, headers.get((Object) str));
        }
        this.LOG.debug("response status {}", responseEntity.getStatusCode());
        return responseEntity;
    }

    HttpEntity buildHttpEntity() {
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.setContentType(ACMEController.APPLICATION_JWS);
        httpHeaders.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON));
        httpHeaders.add(ACMEController.HEADER_X_CA3S_FORWARDED_HOST, ServletUriComponentsBuilder.fromCurrentRequestUri().build().toString());
        httpHeaders.add(ACMEController.HEADER_X_CA3S_PROXY_ID, String.valueOf(this.requestProxyConfig.getConfig().getId()));
        return new HttpEntity((MultiValueMap<String, String>) httpHeaders);
    }

    HttpEntity buildHttpEntity(MultiValueMap<String, String> multiValueMap) {
        return new HttpEntity((MultiValueMap<String, String>) processHttpHeaders(multiValueMap));
    }

    HttpEntity buildHttpEntity(MultiValueMap<String, String> multiValueMap, String str) {
        return new HttpEntity(str, processHttpHeaders(multiValueMap));
    }

    private HttpHeaders processHttpHeaders(MultiValueMap<String, String> multiValueMap) {
        boolean z = false;
        for (String str : multiValueMap.keySet()) {
            if (multiValueMap.containsKey(str)) {
                this.LOG.debug("incoming header '{}' with value(s) '{}'", str, String.join(",", (Iterable<? extends CharSequence>) multiValueMap.get(str)));
            } else {
                this.LOG.debug("incoming header '{}' without value", str);
            }
            if ("Accept".equalsIgnoreCase(str)) {
                z = true;
            }
        }
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.addAll(multiValueMap);
        if (!z) {
            httpHeaders.setAccept(Collections.singletonList(MediaType.ALL));
            this.LOG.debug("added default Accept header");
        }
        httpHeaders.add(ACMEController.HEADER_X_CA3S_FORWARDED_HOST, ServletUriComponentsBuilder.fromCurrentRequestUri().build().toString());
        httpHeaders.add(ACMEController.HEADER_X_CA3S_PROXY_ID, String.valueOf(this.requestProxyConfig.getConfig().getId()));
        return httpHeaders;
    }

    private ResponseEntity<Object> handleResponseEntity(ResponseEntity<Object> responseEntity) {
        return responseEntity.getBody() == null ? ResponseEntity.status(responseEntity.getStatusCode()).headers(filterResponseHttpHeaders(responseEntity)).build() : ResponseEntity.status(responseEntity.getStatusCode()).headers(filterResponseHttpHeaders(responseEntity)).body(responseEntity.getBody());
    }

    private HttpHeaders filterResponseHttpHeaders(ResponseEntity responseEntity) {
        HttpHeaders headers = responseEntity.getHeaders();
        HttpHeaders httpHeaders = new HttpHeaders();
        for (String str : headers.keySet()) {
            if (this.forwardResponseHeaderSet.contains(str)) {
                List<String> list = headers.get((Object) str);
                if (list == null) {
                    list = new ArrayList();
                }
                httpHeaders.addAll(str, (List<? extends String>) list);
            }
        }
        return httpHeaders;
    }

    void checkRealm(String str, String str2) {
        if (Arrays.stream(this.requestProxyConfig.getConfig().getAcmeRealmArr()).noneMatch(str3 -> {
            return Objects.equals(str3, str);
        })) {
            String str4 = "unexpected realm '" + str + "' calling '" + str2 + "'";
            this.LOG.warn(str4);
            throw new AcmeProblemException(new ProblemDetail(REALM_DOES_NOT_EXIST, str4, HttpStatus.BAD_REQUEST, "", NO_INSTANCE));
        }
    }
}
