package com.predic8.membrane.core.interceptor;

import com.predic8.membrane.annot.MCElement;
import com.predic8.membrane.core.exceptions.ProblemDetails;
import com.predic8.membrane.core.exchange.Exchange;
import com.predic8.membrane.core.http.Response;
import com.predic8.membrane.core.proxies.Proxy;
import com.predic8.membrane.core.proxies.SSLableProxy;
import com.predic8.membrane.core.transport.ssl.AcmeSSLContext;
import com.predic8.membrane.core.transport.ssl.SSLContext;
import com.predic8.membrane.core.transport.ssl.acme.AcmeClient;
import java.util.Arrays;
import org.jose4j.lang.JoseException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@MCElement(name = "acmeHttpChallenge")
/* loaded from: input_file:WEB-INF/lib/service-proxy-core-6.0.0.jar:com/predic8/membrane/core/interceptor/AcmeHttpChallengeInterceptor.class */
public class AcmeHttpChallengeInterceptor extends AbstractInterceptor {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) AcmeHttpChallengeInterceptor.class);
    public static final String PREFIX = "/.well-known/acme-challenge/";
    private boolean ignorePort;

    public AcmeHttpChallengeInterceptor() {
        this.name = "acme http challenge";
    }

    @Override // com.predic8.membrane.core.interceptor.AbstractInterceptor, com.predic8.membrane.core.interceptor.Interceptor
    public Outcome handleRequest(Exchange exchange) {
        AcmeClient client;
        String token;
        if (!exchange.getRequest().getUri().startsWith(PREFIX)) {
            return super.handleRequest(exchange);
        }
        String substring = exchange.getRequest().getUri().substring(PREFIX.length());
        String replaceAll = this.ignorePort ? exchange.getRequest().getHeader().getHost().replaceAll(":.*", "") : exchange.getRequest().getHeader().getHost();
        for (Proxy proxy : this.router.getRules()) {
            if (proxy instanceof SSLableProxy) {
                SSLContext sslInboundContext = ((SSLableProxy) proxy).getSslInboundContext();
                if (sslInboundContext instanceof AcmeSSLContext) {
                    AcmeSSLContext acmeSSLContext = (AcmeSSLContext) sslInboundContext;
                    if (!Arrays.stream(acmeSSLContext.getHosts()).noneMatch(str -> {
                        return str.equals(replaceAll);
                    }) && (token = (client = acmeSSLContext.getClient()).getToken(replaceAll)) != null && token.equals(substring)) {
                        try {
                            exchange.setResponse(Response.ok().header("Content-Type", "application/octet-stream").body(substring + "." + client.getThumbprint()).build());
                            return Outcome.RETURN;
                        } catch (JoseException e) {
                            ProblemDetails.user(this.router.isProduction(), getDisplayName()).detail("Could not create thumbprint!").exception(e).buildAndSetResponse(exchange);
                            return Outcome.ABORT;
                        }
                    }
                } else {
                    continue;
                }
            }
        }
        LOG.warn("Returning 404 in response to ACME challenge token {}", substring);
        exchange.setResponse(Response.notFound().build());
        return Outcome.RETURN;
    }

    public boolean isIgnorePort() {
        return this.ignorePort;
    }

    public void setIgnorePort(boolean z) {
        this.ignorePort = z;
    }

    @Override // com.predic8.membrane.core.interceptor.AbstractInterceptor, com.predic8.membrane.core.interceptor.Interceptor
    public String getShortDescription() {
        return "Responds to HTTP requests starting with <font style=\"font-family: monospace\">/.well-known/acme-challenge/</font>.";
    }

    @Override // com.predic8.membrane.core.interceptor.AbstractInterceptor, com.predic8.membrane.core.interceptor.Interceptor
    public String getLongDescription() {
        return "<div>Responds to HTTP requests starting with <font style=\"font-family: monospace\">/.well-known/acme-challenge/</font>.<br/>See ACME (RFC 8555, also known as \"Let's Encrypt\") <a href=\"https://www.rfc-editor.org/rfc/rfc8555.html#section-8.3\">HTTP Challenges</a> for details.</div>";
    }
}
