package io.quarkus.tls.cli.letsencrypt;

import io.quarkus.tls.cli.DotEnvHelper;
import io.smallrye.certs.CertificateGenerator;
import io.smallrye.certs.CertificateRequest;
import io.smallrye.certs.Format;
import java.lang.System;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.time.Duration;
import java.util.List;
import java.util.concurrent.Callable;
import picocli.CommandLine;

@CommandLine.Command(name = "prepare", mixinStandardHelpOptions = true, description = {"Prepare the environment to receive Let's Encrypt certificates. Make sure to restart the application after having run this command."})
/* loaded from: input_file:io/quarkus/tls/cli/letsencrypt/LetsEncryptPrepareCommand.class */
public class LetsEncryptPrepareCommand implements Callable<Integer> {
    static System.Logger LOGGER = System.getLogger("lets-encrypt-prepare");

    @CommandLine.Option(names = {"-d", "--domain"}, description = {"The domain for which the certificate will be generated"}, required = true)
    String domain;

    @CommandLine.Option(names = {"-n", "--tls-configuration-name"}, description = {"The name of the TLS configuration to be used, if not set, the default configuration is used"})
    String tlsConfigurationName;

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // java.util.concurrent.Callable
    public Integer call() throws Exception {
        String str;
        if (!LetsEncryptConstants.LETS_ENCRYPT_DIR.exists() && LetsEncryptConstants.LETS_ENCRYPT_DIR.mkdir()) {
            LOGGER.log(System.Logger.Level.INFO, "✅ Created .letsencrypt directory: {0}", new Object[]{LetsEncryptConstants.LETS_ENCRYPT_DIR.getAbsolutePath()});
        }
        boolean z = false;
        if (LetsEncryptConstants.CERT_FILE.isFile() && LetsEncryptConstants.KEY_FILE.isFile()) {
            try {
                LetsEncryptHelpers.loadCertificateFromPEM(LetsEncryptConstants.CERT_FILE.getAbsolutePath()).checkValidity();
                z = true;
            } catch (Exception e) {
                LOGGER.log(System.Logger.Level.INFO, "⚠️ The existing certificate is expired, regenerating it...");
            }
        }
        if (z) {
            LOGGER.log(System.Logger.Level.INFO, "✅ Certificate already exists and is still valid: {0}", new Object[]{LetsEncryptConstants.CERT_FILE.getAbsolutePath()});
        } else {
            new CertificateGenerator(LetsEncryptConstants.LETS_ENCRYPT_DIR.toPath(), true).generate(new CertificateRequest().withCN(this.domain).withSubjectAlternativeName("DNS:" + this.domain).withDuration(Duration.ofDays(30L)).withFormat(Format.PEM).withName("lets-encrypt"));
        }
        DotEnvHelper.deleteQuietly(LetsEncryptConstants.CA_FILE);
        List<String> readDotEnvFile = DotEnvHelper.readDotEnvFile();
        str = "quarkus.tls";
        str = this.tlsConfigurationName != null ? str + "." + this.tlsConfigurationName : "quarkus.tls";
        DotEnvHelper.addOrReplaceProperty(readDotEnvFile, str + ".key-store.pem.acme.cert", LetsEncryptConstants.CERT_FILE.getAbsolutePath());
        DotEnvHelper.addOrReplaceProperty(readDotEnvFile, str + ".key-store.pem.acme.key", LetsEncryptConstants.KEY_FILE.getAbsolutePath());
        Files.write(LetsEncryptConstants.DOT_ENV_FILE.toPath(), readDotEnvFile, new OpenOption[0]);
        LOGGER.log(System.Logger.Level.INFO, "✅ .env file configured for Let's Encrypt: {0}", new Object[]{LetsEncryptConstants.DOT_ENV_FILE.getAbsolutePath()});
        System.Logger logger = LOGGER;
        System.Logger.Level level = System.Logger.Level.INFO;
        Object[] objArr = new Object[2];
        objArr[0] = this.domain;
        objArr[1] = this.tlsConfigurationName != null ? " -tls-configuration-name=" + this.tlsConfigurationName : "";
        logger.log(level, "➡️ Start the application and run `quarkus tls lets-encrypt issue-certificate --domain={0}{1}` to complete the challenge", objArr);
        return 0;
    }
}
