package com.predic8.membrane.core.transport.ssl.acme;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.datatype.joda.JodaModule;
import com.google.common.collect.ImmutableMap;
import com.predic8.membrane.core.Constants;
import com.predic8.membrane.core.azure.AzureDns;
import com.predic8.membrane.core.azure.AzureTableStorage;
import com.predic8.membrane.core.azure.api.dns.DnsProvisionable;
import com.predic8.membrane.core.config.security.acme.Acme;
import com.predic8.membrane.core.config.security.acme.AcmeSynchronizedStorage;
import com.predic8.membrane.core.config.security.acme.AcmeValidation;
import com.predic8.membrane.core.config.security.acme.FileStorage;
import com.predic8.membrane.core.config.security.acme.KubernetesStorage;
import com.predic8.membrane.core.config.security.acme.MemoryStorage;
import com.predic8.membrane.core.exchange.Exchange;
import com.predic8.membrane.core.http.MimeType;
import com.predic8.membrane.core.http.Request;
import com.predic8.membrane.core.http.Response;
import com.predic8.membrane.core.kubernetes.client.KubernetesClientFactory;
import com.predic8.membrane.core.transport.http.HttpClient;
import com.predic8.membrane.core.transport.http.HttpClientFactory;
import com.predic8.membrane.core.transport.ssl.acme.AcmeException;
import com.predic8.membrane.core.util.URIFactory;
import java.io.IOException;
import java.io.StringReader;
import java.io.StringWriter;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import javax.annotation.Nullable;
import javax.security.auth.x500.X500Principal;
import org.apache.commons.text.lookup.StringLookupFactory;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.ExtensionsGenerator;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECPublicKeySpec;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.bouncycastle.util.io.pem.PemReader;
import org.joda.time.Duration;
import org.jose4j.base64url.Base64;
import org.jose4j.json.JsonUtil;
import org.jose4j.jwk.EcJwkGenerator;
import org.jose4j.jwk.EllipticCurveJsonWebKey;
import org.jose4j.jwk.JsonWebKey;
import org.jose4j.jwk.PublicJsonWebKey;
import org.jose4j.jwk.Use;
import org.jose4j.jws.AlgorithmIdentifiers;
import org.jose4j.jws.JsonWebSignature;
import org.jose4j.keys.EllipticCurves;
import org.jose4j.lang.JoseException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/service-proxy-core-5.5.1.jar:com/predic8/membrane/core/transport/ssl/acme/AcmeClient.class */
public class AcmeClient {
    private static final Logger LOG;
    private static final SecureRandom random;
    private static final SimpleDateFormat sdf;
    private final String directoryUrl;
    private final HttpClient hc;
    private final String challengeType;
    private final AcmeSynchronizedStorage ass;
    private String keyChangeUrl;
    private String newAccountUrl;
    private String newNonceUrl;
    private String newOrderUrl;
    private String revokeCertUrl;
    private final List<String> contacts;
    private final boolean termsOfServiceAgreed;
    private PrivateKey privateKey;
    private PublicJsonWebKey publicJsonWebKey;
    private final Duration validity;
    private AcmeSynchronizedStorageEngine asse;
    private AcmeValidation acmeValidation;
    private final ObjectMapper om = new ObjectMapper();
    private final List<String> nonces = new ArrayList();
    private final String algorithm = AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256;

    /* loaded from: input_file:WEB-INF/lib/service-proxy-core-5.5.1.jar:com/predic8/membrane/core/transport/ssl/acme/AcmeClient$HttpCallerWithNonce.class */
    public interface HttpCallerWithNonce {
        Exchange call(String str) throws Exception;
    }

    /* loaded from: input_file:WEB-INF/lib/service-proxy-core-5.5.1.jar:com/predic8/membrane/core/transport/ssl/acme/AcmeClient$JWSParametrizer.class */
    public interface JWSParametrizer {
        void call(JsonWebSignature jsonWebSignature) throws Exception;
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/service-proxy-core-5.5.1.jar:com/predic8/membrane/core/transport/ssl/acme/AcmeClient$MyJsonWebSignature.class */
    public static class MyJsonWebSignature extends JsonWebSignature {
        private MyJsonWebSignature() {
        }

        @Override // org.jose4j.jwx.JsonWebStructure
        public String getEncodedHeader() {
            return super.getEncodedHeader();
        }
    }

    public AcmeClient(Acme acme, @Nullable HttpClientFactory httpClientFactory) {
        this.directoryUrl = acme.getDirectoryUrl();
        this.termsOfServiceAgreed = acme.isTermsOfServiceAgreed();
        this.ass = acme.getAcmeSynchronizedStorage();
        this.contacts = Arrays.asList(acme.getContacts().split(" +"));
        this.hc = (httpClientFactory == null ? new HttpClientFactory(null) : httpClientFactory).createClient(acme.getHttpClientConfiguration());
        this.validity = acme.getValidityDuration();
        this.acmeValidation = acme.getValidationMethod();
        this.challengeType = (acme.getValidationMethod() == null || !acme.getValidationMethod().useDnsValidation()) ? Challenge.TYPE_HTTP_01 : Challenge.TYPE_DNS_01;
        this.om.registerModule(new JodaModule());
        if (!acme.isExperimental()) {
            throw new RuntimeException("The ACME client is still experimental, please set <acme experimental=\"true\" ... /> to acknowledge.");
        }
    }

    public void init(@Nullable KubernetesClientFactory kubernetesClientFactory, @Nullable HttpClientFactory httpClientFactory) {
        if (this.ass == null) {
            throw new RuntimeException("<acme> is used, but to storage is configured.");
        }
        if (this.ass instanceof FileStorage) {
            this.asse = new AcmeFileStorageEngine((FileStorage) this.ass);
        } else if (this.ass instanceof KubernetesStorage) {
            this.asse = new AcmeKubernetesStorageEngine((KubernetesStorage) this.ass, kubernetesClientFactory);
        } else if (this.ass instanceof MemoryStorage) {
            this.asse = new AcmeMemoryStorageEngine();
        } else {
            if (!(this.ass instanceof AzureTableStorage)) {
                throw new RuntimeException("Unsupported: Storage type " + this.ass.getClass().getName());
            }
            this.asse = new AcmeAzureTableApiStorageEngine((AzureTableStorage) this.ass, (AzureDns) this.acmeValidation, httpClientFactory);
        }
        if (this.challengeType.equals(Challenge.TYPE_DNS_01) && !(this.asse instanceof DnsProvisionable)) {
            throw new RuntimeException("A");
        }
    }

    public void loadDirectory() throws Exception {
        Exchange call = this.hc.call(new Request.Builder().get(this.directoryUrl).header("User-Agent", Constants.VERSION).buildExchange());
        handleError(call);
        Map map = (Map) this.om.readValue(call.getResponse().getBodyAsStreamDecoded(), Map.class);
        this.keyChangeUrl = (String) map.get("keyChange");
        this.newAccountUrl = (String) map.get("newAccount");
        this.newNonceUrl = (String) map.get("newNonce");
        this.newOrderUrl = (String) map.get("newOrder");
        this.revokeCertUrl = (String) map.get("revokeCert");
    }

    private void handleError(Exchange exchange) throws IOException, AcmeException {
        if (exchange.getResponse().getStatusCode() >= 300) {
            if (!MimeType.isOfMediaType("application/problem+json", exchange.getResponse().getHeader().getFirstValue("Content-Type"))) {
                throw new RuntimeException("ACME Server returned " + exchange.getResponse() + " " + exchange.getResponse().getBodyAsStringDecoded());
            }
            Map map = (Map) this.om.readValue(exchange.getResponse().getBodyAsStreamDecoded(), Map.class);
            String str = (String) map.get("type");
            String str2 = (String) map.get("detail");
            List<Map> list = (List) map.get("subproblems");
            throw new AcmeException(str, str2, parse(list), exchange.getResponse().getHeader().getFirstValue("Replay-Nonce"));
        }
    }

    private List<AcmeException.SubProblem> parse(List<Map> list) {
        if (list == null) {
            return null;
        }
        return (List) list.stream().map(map -> {
            return new AcmeException.SubProblem((String) map.get("type"), (String) map.get("detail"), (Map) map.get("identifier"));
        }).collect(Collectors.toList());
    }

    public String retrieveNewNonce() throws Exception {
        Exchange call = this.hc.call(new Request.Builder().method("HEAD").url(new URIFactory(), this.newNonceUrl).header("User-Agent", Constants.VERSION).buildExchange());
        handleError(call);
        String firstValue = call.getResponse().getHeader().getFirstValue("Replay-Nonce");
        call.getResponse().getBodyAsStringDecoded();
        return firstValue;
    }

    public AcmeKeyPair generateCertificateKey(String[] strArr) {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("ECDSA", BouncyCastleProvider.PROVIDER_NAME);
            keyPairGenerator.initialize(new ECGenParameterSpec("secp384r1"), random);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            return new AcmeKeyPair("-----BEGIN PUBLIC KEY-----\n" + Base64.encode(generateKeyPair.getPublic().getEncoded()) + "\n-----END PUBLIC KEY-----\n", "-----BEGIN EC PRIVATE KEY-----\n" + Base64.encode(generateKeyPair.getPrivate().getEncoded()) + "\n-----END EC PRIVATE KEY-----\n");
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e) {
            throw new RuntimeException(e);
        }
    }

    public String generateCSR(String[] strArr, String str) {
        try {
            KeyFactory keyFactory = KeyFactory.getInstance("ECDSA", BouncyCastleProvider.PROVIDER_NAME);
            PemReader pemReader = new PemReader(new StringReader(str));
            try {
                PrivateKey generatePrivate = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(pemReader.readPemObject().getContent()));
                pemReader.close();
                JcaPKCS10CertificationRequestBuilder jcaPKCS10CertificationRequestBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Principal("CN=" + strArr[0]), computePublicKeyFromPrivate(generatePrivate));
                GeneralName[] generalNameArr = new GeneralName[strArr.length];
                for (int i = 0; i < strArr.length; i++) {
                    generalNameArr[i] = new GeneralName(2, strArr[i]);
                }
                ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
                extensionsGenerator.addExtension(Extension.subjectAlternativeName, false, (ASN1Encodable) GeneralNames.getInstance(new DERSequence(generalNameArr)));
                jcaPKCS10CertificationRequestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate());
                PKCS10CertificationRequest build = jcaPKCS10CertificationRequestBuilder.build(new JcaContentSignerBuilder("SHA256withECDSA").build(generatePrivate));
                StringWriter stringWriter = new StringWriter();
                JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(stringWriter);
                jcaPEMWriter.writeObject(build);
                jcaPEMWriter.close();
                return stringWriter.toString().replaceAll("-----BEGIN CERTIFICATE REQUEST-----" + System.lineSeparator(), "").replaceAll(System.lineSeparator() + "-----END CERTIFICATE REQUEST-----", "").replaceAll(System.lineSeparator(), "").replaceAll("/", "_").replaceAll("\\+", "-").replaceAll("=", "");
            } finally {
            }
        } catch (IOException | NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException | OperatorCreationException e) {
            throw new RuntimeException(e);
        }
    }

    private PublicKey computePublicKeyFromPrivate(PrivateKey privateKey) {
        BCECPrivateKey bCECPrivateKey = (BCECPrivateKey) privateKey;
        return new BCECPublicKey("EC", new ECPublicKeySpec(bCECPrivateKey.getParameters().getG().multiply(bCECPrivateKey.getD()), bCECPrivateKey.getParameters()), BouncyCastleProvider.CONFIGURATION);
    }

    public String getToken(String str) {
        return this.asse.getToken(str);
    }

    public String provision(Authorization authorization) throws Exception {
        Optional<Challenge> findAny = authorization.getChallenges().stream().filter(challenge -> {
            return this.challengeType.equals(challenge.getType());
        }).findAny();
        if (findAny.isEmpty()) {
            throw new RuntimeException("Could not find challenge of type " + this.challengeType + ": " + this.om.writeValueAsString(authorization));
        }
        if (!"dns".equals(authorization.getIdentifier().getType())) {
            throw new RuntimeException("Identifier type is not DNS: " + this.om.writeValueAsString(authorization));
        }
        if (Challenge.TYPE_HTTP_01.equals(this.challengeType)) {
            provisionHttp(authorization, findAny.get());
        } else {
            if (!Challenge.TYPE_DNS_01.equals(this.challengeType)) {
                throw new RuntimeException("Unimplemented challenge type handling " + this.challengeType);
            }
            provisionDns(authorization, findAny.get());
        }
        return findAny.get().getUrl();
    }

    private void provisionDns(Authorization authorization, Challenge challenge) throws JoseException, NoSuchAlgorithmException {
        String str = challenge.getToken() + "." + getThumbprint();
        ((DnsProvisionable) this.asse).provisionDns(authorization.getIdentifier().getValue(), java.util.Base64.getUrlEncoder().withoutPadding().encodeToString(MessageDigest.getInstance("SHA-256").digest(str.getBytes(StandardCharsets.UTF_8))));
    }

    private void provisionHttp(Authorization authorization, Challenge challenge) {
        this.asse.setToken(authorization.getIdentifier().getValue(), challenge.token);
    }

    public String getChallengeType() {
        return this.challengeType;
    }

    public Exchange doJWSRequest(String str, String str2, JWSParametrizer jWSParametrizer) throws Exception {
        MyJsonWebSignature myJsonWebSignature = new MyJsonWebSignature();
        myJsonWebSignature.setAlgorithmHeaderValue(AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256);
        myJsonWebSignature.setKey(getPrivateKey());
        myJsonWebSignature.setHeader("nonce", str2);
        myJsonWebSignature.setHeader(StringLookupFactory.KEY_URL, str);
        jWSParametrizer.call(myJsonWebSignature);
        myJsonWebSignature.sign();
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("protected", myJsonWebSignature.getEncodedHeader());
        linkedHashMap.put("payload", myJsonWebSignature.getEncodedPayload());
        linkedHashMap.put("signature", myJsonWebSignature.getEncodedSignature());
        Exchange call = this.hc.call(new Request.Builder().post(str).header("Content-Type", MimeType.APPLICATION_JOSE_JSON).header("User-Agent", Constants.VERSION).body(JsonUtil.toJson(linkedHashMap)).buildExchange());
        handleError(call);
        return call;
    }

    public Exchange withNonce(HttpCallerWithNonce httpCallerWithNonce) throws Exception {
        try {
            try {
                String rememberedNonce = getRememberedNonce();
                if (rememberedNonce == null) {
                    rememberedNonce = retrieveNewNonce();
                }
                Exchange call = httpCallerWithNonce.call(rememberedNonce);
                rememberNonce(call.getResponse().getHeader().getFirstValue("Replay-Nonce"));
                return call;
            } catch (AcmeException e) {
                if (!AcmeException.TYPE_BAD_NONCE.equals(e.getType())) {
                    throw e;
                }
                Exchange call2 = httpCallerWithNonce.call(e.getNonce());
                rememberNonce(call2.getResponse().getHeader().getFirstValue("Replay-Nonce"));
                return call2;
            }
        } catch (AcmeException e2) {
            rememberNonce(e2.getNonce());
            throw e2;
        }
    }

    private String getRememberedNonce() {
        synchronized (this.nonces) {
            int size = this.nonces.size();
            if (size == 0) {
                return null;
            }
            return this.nonces.remove(size - 1);
        }
    }

    private void rememberNonce(@Nullable String str) {
        if (str != null) {
            synchronized (this.nonces) {
                this.nonces.add(str);
            }
        }
    }

    public String createAccount() throws Exception {
        Exchange withNonce = withNonce(str -> {
            return doJWSRequest(this.newAccountUrl, str, jsonWebSignature -> {
                HashMap hashMap = new HashMap();
                hashMap.put("termsOfServiceAgreed", Boolean.valueOf(this.termsOfServiceAgreed));
                hashMap.put("contact", this.contacts);
                jsonWebSignature.setPayload(this.om.writeValueAsString(hashMap));
                jsonWebSignature.setJwkHeader(getPublicJwk());
            });
        });
        withNonce.getResponse().getBodyAsStringDecoded();
        return withNonce.getResponse().getHeader().getFirstValue("Location");
    }

    private PublicJsonWebKey getPublicJwk() throws JoseException {
        getPrivateKey();
        return this.publicJsonWebKey;
    }

    public OrderAndLocation createOrder(String str, List<String> list) throws Exception {
        String str2;
        String str3;
        if (this.validity != null) {
            Date date = new Date();
            synchronized (sdf) {
                str2 = sdf.format(date);
                str3 = sdf.format(new Date(date.getTime() + this.validity.getMillis()));
            }
        } else {
            str2 = null;
            str3 = null;
        }
        String str4 = str2;
        String str5 = str3;
        Exchange withNonce = withNonce(str6 -> {
            return doJWSRequest(this.newOrderUrl, str6, jsonWebSignature -> {
                HashMap hashMap = new HashMap();
                if (this.validity != null) {
                    hashMap.put("notBefore", str4);
                    hashMap.put("notAfter", str5);
                }
                hashMap.put("identifiers", list.stream().map(str6 -> {
                    return ImmutableMap.of("type", "dns", "value", str6);
                }).collect(Collectors.toList()));
                jsonWebSignature.setPayload(this.om.writeValueAsString(hashMap));
                jsonWebSignature.setKeyIdHeaderValue(str);
            });
        });
        return new OrderAndLocation(parseOrder(withNonce.getResponse()), withNonce.getResponse().getHeader().getFirstValue("Location"));
    }

    public OrderAndLocation getOrder(String str, String str2) throws Exception {
        return new OrderAndLocation(parseOrder(withNonce(str3 -> {
            return doJWSRequest(str2, str3, jsonWebSignature -> {
                jsonWebSignature.setPayload("");
                jsonWebSignature.setKeyIdHeaderValue(str);
            });
        }).getResponse()), str2);
    }

    private Order parseOrder(Response response) throws IOException {
        return (Order) this.om.readValue(response.getBodyAsStreamDecoded(), Order.class);
    }

    private Challenge parseChallenge(Response response) throws IOException {
        return (Challenge) this.om.readValue(response.getBodyAsStreamDecoded(), Challenge.class);
    }

    public Order finalizeOrder(String str, String str2, String str3) throws Exception {
        return parseOrder(withNonce(str4 -> {
            return doJWSRequest(str2, str4, jsonWebSignature -> {
                HashMap hashMap = new HashMap();
                hashMap.put("csr", str3);
                jsonWebSignature.setPayload(this.om.writeValueAsString(hashMap));
                jsonWebSignature.setKeyIdHeaderValue(str);
            });
        }).getResponse());
    }

    public Authorization getAuth(String str, String str2) throws Exception {
        return parseAuthorization(withNonce(str3 -> {
            return doJWSRequest(str2, str3, jsonWebSignature -> {
                jsonWebSignature.setPayload("");
                jsonWebSignature.setKeyIdHeaderValue(str);
            });
        }).getResponse());
    }

    private Authorization parseAuthorization(Response response) throws IOException {
        return (Authorization) this.om.readValue(response.getBodyAsStreamDecoded(), Authorization.class);
    }

    public Challenge readyForChallenge(String str, String str2) throws Exception {
        return parseChallenge(withNonce(str3 -> {
            return doJWSRequest(str2, str3, jsonWebSignature -> {
                jsonWebSignature.setPayload("{}");
                jsonWebSignature.setKeyIdHeaderValue(str);
            });
        }).getResponse());
    }

    public String downloadCertificate(String str, String[] strArr, String str2) throws Exception {
        return withNonce(str3 -> {
            return doJWSRequest(str2, str3, jsonWebSignature -> {
                jsonWebSignature.setPayload("");
                jsonWebSignature.setKeyIdHeaderValue(str);
            });
        }).getResponse().getBodyAsStringDecoded();
    }

    public String getThumbprint() throws JoseException {
        return getPublicJwk().calculateBase64urlEncodedThumbprint("SHA-256");
    }

    private Key getPrivateKey() throws JoseException {
        String accountKey = this.asse.getAccountKey();
        if (accountKey != null) {
            EllipticCurveJsonWebKey ellipticCurveJsonWebKey = new EllipticCurveJsonWebKey(JsonUtil.parseJson(accountKey));
            this.privateKey = ellipticCurveJsonWebKey.getPrivateKey();
            this.publicJsonWebKey = ellipticCurveJsonWebKey;
        } else {
            if (LOG.isDebugEnabled()) {
                LOG.debug("acme: generating key");
            }
            EllipticCurveJsonWebKey generateKey = generateKey();
            this.privateKey = generateKey.getPrivateKey();
            this.asse.setAccountKey(generateKey.toJson(JsonWebKey.OutputControlLevel.INCLUDE_PRIVATE));
            this.publicJsonWebKey = generateKey;
        }
        return this.privateKey;
    }

    private EllipticCurveJsonWebKey generateKey() throws JoseException {
        EllipticCurveJsonWebKey generateJwk = EcJwkGenerator.generateJwk(EllipticCurves.getSpec(EllipticCurves.P_256), null, random);
        generateJwk.setKeyId(new BigInteger(130, random).toString(32));
        generateJwk.setUse(Use.SIGNATURE);
        generateJwk.setAlgorithm(AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256);
        return generateJwk;
    }

    public String getKey(String[] strArr) {
        return this.asse.getPrivateKey(strArr);
    }

    public String getCertificates(String[] strArr) {
        return this.asse.getCertChain(strArr);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AcmeSynchronizedStorageEngine getAsse() {
        return this.asse;
    }

    public void ensureAccountKeyExists() throws JoseException {
        getPrivateKey();
    }

    public List<String> getContacts() {
        return this.contacts;
    }

    public void setOALKey(String[] strArr, AcmeKeyPair acmeKeyPair) throws JsonProcessingException {
        this.asse.setOALKey(strArr, this.om.writeValueAsString(acmeKeyPair));
    }

    public AcmeKeyPair getOALKey(String[] strArr) throws JsonProcessingException {
        String oALKey = this.asse.getOALKey(strArr);
        if (oALKey == null) {
            return null;
        }
        return (AcmeKeyPair) this.om.readValue(oALKey, AcmeKeyPair.class);
    }

    public void setOALError(String[] strArr, AcmeErrorLog acmeErrorLog) throws JsonProcessingException {
        this.asse.setOALError(strArr, this.om.writeValueAsString(acmeErrorLog));
    }

    public AcmeErrorLog getOALError(String[] strArr) throws JsonProcessingException {
        String oALError = this.asse.getOALError(strArr);
        if (oALError == null) {
            return null;
        }
        return (AcmeErrorLog) this.om.readValue(oALError, AcmeErrorLog.class);
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
        LOG = LoggerFactory.getLogger((Class<?>) AcmeClient.class);
        random = new SecureRandom();
        sdf = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssXXX");
    }
}
