package de.trustable.ca3s.acmeproxy.service;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.nimbusds.jose.JOSEException;
import de.trustable.ca3s.acmeproxy.config.RequestProxyConfig;
import de.trustable.ca3s.acmeproxy.service.dto.AcmeChallenge;
import de.trustable.ca3s.acmeproxy.service.dto.AcmeChallengeValidation;
import de.trustable.ca3s.acmeproxy.service.dto.AcmeChallenges;
import de.trustable.ca3s.acmeproxy.service.dto.ChallengeStatus;
import de.trustable.ca3s.acmeproxy.service.dto.RemoteRequestProxyConfigView;
import de.trustable.ca3s.challenge.ChallengeValidator;
import de.trustable.ca3s.challenge.exception.ChallengeDNSException;
import de.trustable.ca3s.challenge.exception.ChallengeDNSIdentifierException;
import de.trustable.ca3s.challenge.exception.ChallengeUnknownHostException;
import de.trustable.ca3s.challenge.exception.ChallengeValidationFailedException;
import java.security.GeneralSecurityException;
import java.time.Instant;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.concurrent.Executors;
import java.util.concurrent.RejectedExecutionException;
import java.util.concurrent.ThreadPoolExecutor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.scheduling.annotation.Scheduled;
import org.springframework.stereotype.Component;
import org.springframework.web.client.HttpClientErrorException;
import org.springframework.web.client.ResourceAccessException;
import org.springframework.web.client.RestTemplate;

@Component
/* loaded from: input_file:BOOT-INF/classes/de/trustable/ca3s/acmeproxy/service/ChallengeScheduler.class */
public class ChallengeScheduler {
    private final String remoteAcmeServer;
    private final RequestProxyConfig requestProxyConfig;
    private final ChallengeValidator challengeValidator;
    private final JWSService jwsService;
    private final ObjectMapper objectMapper;
    private final ThreadPoolExecutor executor;
    transient Logger LOG = LoggerFactory.getLogger((Class<?>) ChallengeScheduler.class);
    private final RestTemplate restTemplate = new RestTemplate();
    private final Map<Long, Instant> currentChallengeMap = new HashMap();

    public ChallengeScheduler(@Value("${acme.proxy.remote.server:http://localhost:8080}") String str, RequestProxyConfig requestProxyConfig, @Value("${acme.proxy.dns.server:}") String str2, @Value("${acme.proxy.dns.port:53}") int i, @Value("${acme.proxy.http.timeoutMilliSec:1000}") int i2, @Value("${acme.challenge.http.ports:80}") int[] iArr, @Value("${acme.challenge.http.maxRedirects:0}") int i3, @Value("${acme.challenge.https.ports:443}") int[] iArr2, @Value("${acme.challenge.threads:4}") int i4, JWSService jWSService, ObjectMapper objectMapper) {
        this.remoteAcmeServer = str;
        this.requestProxyConfig = requestProxyConfig;
        this.jwsService = jWSService;
        this.objectMapper = objectMapper;
        this.executor = (ThreadPoolExecutor) Executors.newFixedThreadPool(i4);
        this.challengeValidator = new ChallengeValidator(str2, i, i2, iArr, i3, iArr2);
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Scheduled(fixedDelay = 5000)
    public void runFiveSeconds() {
        String str = this.remoteAcmeServer + "/api/acme-challenges/pending/request-proxy-configs/{requestProxyId}";
        String str2 = this.remoteAcmeServer + "/api/acme-challenges/validation";
        try {
            RemoteRequestProxyConfigView config = this.requestProxyConfig.getConfig();
            this.LOG.debug("checking for challenges at {}", this.remoteAcmeServer);
            try {
                ResponseEntity exchange = this.restTemplate.exchange(str, HttpMethod.POST, buildHttpEntityBody(this.jwsService.buildJWT()), AcmeChallenges.class, config.getId());
                if (exchange.getBody() == 0) {
                    this.LOG.info("server returns empty response");
                } else {
                    this.LOG.info("server returns #{} pending challenge", Integer.valueOf(((AcmeChallenges) exchange.getBody()).size()));
                }
                this.LOG.debug("challenge request returns {}", exchange.getStatusCode());
                if (HttpStatus.OK.equals(exchange.getStatusCode())) {
                    Iterator<AcmeChallenge> it = ((AcmeChallenges) exchange.getBody()).iterator();
                    while (it.hasNext()) {
                        AcmeChallenge next = it.next();
                        this.LOG.debug("pending challenge request relevant for this proxy: {}", next);
                        if (this.currentChallengeMap.containsKey(next.getChallengeId())) {
                            this.LOG.debug("challenge #{} being processed, currently", next.getChallengeId());
                        } else {
                            try {
                                this.executor.submit(() -> {
                                    this.LOG.debug("challenge #{} in processing thread", next.getChallengeId());
                                    processChallenge(str2, config, next);
                                });
                            } catch (RejectedExecutionException e) {
                                this.LOG.info("too many challenges ...", (Throwable) e);
                            }
                        }
                    }
                }
            } catch (JOSEException e2) {
                this.LOG.warn("problem creating JWS for validation payload", (Throwable) e2);
            }
        } catch (HttpClientErrorException e3) {
            if (e3.getRawStatusCode() == 404) {
                this.LOG.debug("no pending challenges");
            } else {
                this.LOG.warn("problem retrieving pending challenges: {}", e3.getMessage());
            }
        } catch (ResourceAccessException e4) {
            if (this.LOG.isDebugEnabled()) {
                this.LOG.debug("ca3s server not accessible", (Throwable) e4);
            } else {
                this.LOG.info("ca3s server not accessible");
            }
        }
    }

    private void processChallenge(String str, RemoteRequestProxyConfigView remoteRequestProxyConfigView, AcmeChallenge acmeChallenge) {
        AcmeChallengeValidation acmeChallengeValidation = new AcmeChallengeValidation();
        acmeChallengeValidation.setChallengeId(acmeChallenge.getChallengeId());
        acmeChallengeValidation.setRequestProxyConfigId(remoteRequestProxyConfigView.getId());
        try {
            try {
                Collection<String> processChallenge = processChallenge(acmeChallenge);
                acmeChallengeValidation.setStatus(ChallengeStatus.VALID);
                acmeChallengeValidation.setResponses((String[]) processChallenge.toArray(new String[0]));
            } catch (ChallengeDNSException | ChallengeDNSIdentifierException | ChallengeUnknownHostException | ChallengeValidationFailedException | GeneralSecurityException e) {
                acmeChallengeValidation.setStatus(ChallengeStatus.PENDING);
                acmeChallengeValidation.setError(e.getMessage());
            }
            try {
                String writeValueAsString = this.objectMapper.writeValueAsString(acmeChallengeValidation);
                this.LOG.debug("serialized acmeChallengeValidation: '{}'", writeValueAsString);
                this.LOG.info("challenge update response {}", this.restTemplate.exchange(str, HttpMethod.POST, buildHttpEntityBody(this.jwsService.buildEmbeddingJWS(writeValueAsString)), Void.class, new Object[0]));
            } catch (JsonProcessingException | JOSEException e2) {
                this.LOG.warn("problem creating JWS for validation payload", e2);
            }
        } catch (Throwable th) {
            this.LOG.warn("unexpected exception in challange processing", th);
        }
        this.currentChallengeMap.remove(acmeChallenge.getChallengeId());
    }

    private Collection<String> processChallenge(AcmeChallenge acmeChallenge) throws ChallengeUnknownHostException, ChallengeValidationFailedException, ChallengeDNSException, ChallengeDNSIdentifierException, GeneralSecurityException {
        ArrayList arrayList = new ArrayList();
        String type = acmeChallenge.getType();
        boolean z = -1;
        switch (type.hashCode()) {
            case -1326994139:
                if (type.equals(AcmeChallenge.CHALLENGE_TYPE_DNS_01)) {
                    z = true;
                    break;
                }
                break;
            case 768886803:
                if (type.equals(AcmeChallenge.CHALLENGE_TYPE_ALPN_01)) {
                    z = 2;
                    break;
                }
                break;
            case 1242593638:
                if (type.equals(AcmeChallenge.CHALLENGE_TYPE_HTTP_01)) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                arrayList.add(this.challengeValidator.retrieveChallengeHttp(acmeChallenge.getValue(), acmeChallenge.getToken()));
                break;
            case true:
                arrayList.addAll(this.challengeValidator.retrieveChallengeDNS(acmeChallenge.getValue()));
                break;
            case true:
                arrayList.add(this.challengeValidator.retrieveChallengeALPN(acmeChallenge.getValue()));
                break;
            default:
                this.LOG.warn("unexpected challenge type: {}", acmeChallenge.getType());
                break;
        }
        this.LOG.debug("challenge response for '{}' found: {}", acmeChallenge.getValue(), arrayList);
        return arrayList;
    }

    HttpEntity<String> buildHttpEntityBody(String str) throws JOSEException {
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.setContentType(MediaType.APPLICATION_JSON);
        httpHeaders.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON));
        return new HttpEntity<>(str, httpHeaders);
    }
}
