package org.wildfly.security.x500.cert.acme;

import java.net.URL;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.x500.X500Principal;
import org.dashbuilder.dataset.json.PrometheusDefJSONMarshaller;
import org.wildfly.common.Assert;
import org.wildfly.security.asn1.ASN1Encodable;
import org.wildfly.security.auth.realm.ldap.AttributeMapping;
import org.wildfly.security.x500.X500;
import org.wildfly.security.x500.X500AttributeTypeAndValue;
import org.wildfly.security.x500.X500PrincipalBuilder;
import org.wildfly.security.x500.cert.SelfSignedX509CertificateAndSigningKey;
import org.wildfly.security.x500.cert.util.KeyUtil;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/wildfly-elytron-1.15.16.Final.jar:org/wildfly/security/x500/cert/acme/AcmeAccount.class
 */
/* loaded from: input_file:WEB-INF/lib/wildfly-elytron-x500-cert-acme-1.17.1.Final.jar:org/wildfly/security/x500/cert/acme/AcmeAccount.class */
public final class AcmeAccount {
    private String[] contactUrls;
    private boolean termsOfServiceAgreed;
    private String serverUrl;
    private String stagingServerUrl;
    private PrivateKey privateKey;
    private X509Certificate certificate;
    private X500Principal dn;
    private String algHeader;
    private String signatureAlgorithm;
    private int keySize;
    private String keyAlgorithmName;
    private String accountUrl;
    private HashMap<AcmeResource, URL> resourceUrls;
    private HashMap<AcmeResource, URL> stagingResourceUrls;
    private byte[] nonce;

    /* JADX WARN: Classes with same name are omitted:
      input_file:WEB-INF/lib/wildfly-elytron-1.15.16.Final.jar:org/wildfly/security/x500/cert/acme/AcmeAccount$Builder.class
     */
    /* loaded from: input_file:WEB-INF/lib/wildfly-elytron-x500-cert-acme-1.17.1.Final.jar:org/wildfly/security/x500/cert/acme/AcmeAccount$Builder.class */
    public static class Builder {
        public static final String DEFAULT_ACCOUNT_KEY_ALGORITHM_NAME = "RSA";
        public static final int DEFAULT_ACCOUNT_KEY_SIZE = 2048;
        public static final int DEFAULT_ACCOUNT_EC_KEY_SIZE = 256;
        static final String ACCOUNT_KEY_NAME = "account.key";
        private String[] contactUrls;
        private boolean termsOfServiceAgreed;
        private String serverUrl;
        private String stagingServerUrl;
        private PrivateKey privateKey;
        private X509Certificate certificate;
        private X500Principal dn;
        private String keyAlgorithmName;
        private int keySize = -1;
        private String algHeader;
        private String signatureAlgorithm;

        Builder() {
        }

        public Builder setContactUrls(String[] strArr) {
            Assert.checkNotNullParam("contactUrls", strArr);
            this.contactUrls = strArr;
            return this;
        }

        public Builder setTermsOfServiceAgreed(boolean z) {
            Assert.checkNotNullParam(Acme.TERMS_OF_SERVICE_AGREED, Boolean.valueOf(z));
            this.termsOfServiceAgreed = z;
            return this;
        }

        public Builder setServerUrl(String str) {
            Assert.checkNotNullParam(PrometheusDefJSONMarshaller.SERVER_URL, str);
            this.serverUrl = str;
            return this;
        }

        public Builder setStagingServerUrl(String str) {
            Assert.checkNotNullParam("stagingServerUrl", str);
            this.stagingServerUrl = str;
            return this;
        }

        public Builder setKeyAlgorithmName(String str) {
            Assert.checkNotNullParam("keyAlgorithmName", str);
            this.keyAlgorithmName = str;
            return this;
        }

        public Builder setKeySize(int i) {
            this.keySize = i;
            return this;
        }

        public Builder setDn(X500Principal x500Principal) {
            Assert.checkNotNullParam(AttributeMapping.DEFAULT_DN_NAME, x500Principal);
            this.dn = x500Principal;
            return this;
        }

        public Builder setKey(X509Certificate x509Certificate, PrivateKey privateKey) {
            Assert.checkNotNullParam(Acme.CERTIFICATE, x509Certificate);
            Assert.checkNotNullParam("privateKey", privateKey);
            this.certificate = x509Certificate;
            this.privateKey = privateKey;
            return this;
        }

        public AcmeAccount build() throws IllegalArgumentException {
            if (this.serverUrl == null) {
                throw ElytronMessages.log.noAcmeServerUrlGiven();
            }
            if (this.certificate == null || this.privateKey == null) {
                if (this.keyAlgorithmName == null) {
                    this.keyAlgorithmName = "RSA";
                }
                if (this.dn == null) {
                    X500PrincipalBuilder x500PrincipalBuilder = new X500PrincipalBuilder();
                    x500PrincipalBuilder.addItem(X500AttributeTypeAndValue.create(X500.OID_AT_COMMON_NAME, ASN1Encodable.ofUtf8String(ACCOUNT_KEY_NAME)));
                    this.dn = x500PrincipalBuilder.build();
                }
                if (this.keySize == -1) {
                    if (this.keyAlgorithmName.equals("EC")) {
                        this.keySize = 256;
                    } else {
                        this.keySize = 2048;
                    }
                }
                try {
                    SelfSignedX509CertificateAndSigningKey build = SelfSignedX509CertificateAndSigningKey.builder().setKeySize(this.keySize).setKeyAlgorithmName(this.keyAlgorithmName).setDn(this.dn).build();
                    this.privateKey = build.getSigningKey();
                    this.certificate = build.getSelfSignedCertificate();
                    this.signatureAlgorithm = KeyUtil.getDefaultCompatibleSignatureAlgorithmName(this.privateKey);
                    if (this.signatureAlgorithm == null) {
                        throw ElytronMessages.log.unableToDetermineDefaultCompatibleSignatureAlgorithmName(this.privateKey.getAlgorithm());
                    }
                    this.algHeader = Acme.getAlgHeaderFromSignatureAlgorithm(this.signatureAlgorithm);
                } catch (Exception e) {
                    throw ElytronMessages.acme.acmeAccountKeyPairGenerationFailed(e);
                }
            } else {
                this.keySize = KeyUtil.getKeySize(this.privateKey);
                if (this.keySize == -1) {
                    throw ElytronMessages.acme.unableToDetermineKeySize();
                }
                this.keyAlgorithmName = this.privateKey.getAlgorithm();
                this.signatureAlgorithm = KeyUtil.getDefaultCompatibleSignatureAlgorithmName(this.privateKey);
                if (this.signatureAlgorithm == null) {
                    throw ElytronMessages.log.unableToDetermineDefaultCompatibleSignatureAlgorithmName(this.privateKey.getAlgorithm());
                }
                this.algHeader = Acme.getAlgHeaderFromSignatureAlgorithm(this.signatureAlgorithm);
                this.dn = this.certificate.getSubjectX500Principal();
            }
            return new AcmeAccount(this);
        }
    }

    private AcmeAccount(Builder builder) {
        this.resourceUrls = new HashMap<>(AcmeResource.values().length);
        this.stagingResourceUrls = new HashMap<>(AcmeResource.values().length);
        this.contactUrls = builder.contactUrls;
        this.termsOfServiceAgreed = builder.termsOfServiceAgreed;
        this.serverUrl = builder.serverUrl;
        this.stagingServerUrl = builder.stagingServerUrl;
        this.privateKey = builder.privateKey;
        this.certificate = builder.certificate;
        this.algHeader = builder.algHeader;
        this.signatureAlgorithm = builder.signatureAlgorithm;
        this.keySize = builder.keySize;
        this.keyAlgorithmName = builder.keyAlgorithmName;
        this.dn = builder.dn;
    }

    public String[] getContactUrls() {
        return this.contactUrls;
    }

    public void setContactUrls(String[] strArr) {
        Assert.checkNotNullParam("contactUrls", strArr);
        this.contactUrls = strArr;
    }

    public boolean isTermsOfServiceAgreed() {
        return this.termsOfServiceAgreed;
    }

    public void setTermsOfServiceAgreed(boolean z) {
        Assert.checkNotNullParam(Acme.TERMS_OF_SERVICE_AGREED, Boolean.valueOf(z));
        this.termsOfServiceAgreed = z;
    }

    public String getServerUrl() {
        return this.serverUrl;
    }

    public String getServerUrl(boolean z) {
        return z ? getStagingServerUrl() : getServerUrl();
    }

    public String getStagingServerUrl() {
        return this.stagingServerUrl;
    }

    public PrivateKey getPrivateKey() {
        return this.privateKey;
    }

    public PublicKey getPublicKey() {
        return this.certificate.getPublicKey();
    }

    public X509Certificate getCertificate() {
        return this.certificate;
    }

    public X500Principal getDn() {
        return this.dn;
    }

    public String getAlgHeader() {
        return this.algHeader;
    }

    public Signature getSignature() {
        try {
            Signature signature = Signature.getInstance(this.signatureAlgorithm);
            signature.initSign(this.privateKey);
            return signature;
        } catch (InvalidKeyException | NoSuchAlgorithmException e) {
            throw ElytronMessages.acme.unableToCreateAcmeSignature(e);
        }
    }

    public int getKeySize() {
        return this.keySize;
    }

    public String getKeyAlgorithmName() {
        return this.keyAlgorithmName;
    }

    public String getAccountUrl() {
        return this.accountUrl;
    }

    public void setAccountUrl(String str) {
        Assert.checkNotNullParam("accountUrl", str);
        this.accountUrl = str;
    }

    public URL getResourceUrl(AcmeResource acmeResource, boolean z) {
        Assert.checkNotNullParam("resource", acmeResource);
        return getResourceUrls(z).get(acmeResource);
    }

    public Map<AcmeResource, URL> getResourceUrls(boolean z) {
        return z ? this.stagingResourceUrls : this.resourceUrls;
    }

    public byte[] getNonce() {
        return this.nonce;
    }

    public void setNonce(byte[] bArr) {
        Assert.checkNotNullParam("nonce", bArr);
        this.nonce = bArr;
    }

    public void changeCertificateAndPrivateKey(X509Certificate x509Certificate, PrivateKey privateKey) {
        Assert.checkNotNullParam(Acme.CERTIFICATE, x509Certificate);
        Assert.checkNotNullParam("privateKey", privateKey);
        this.certificate = x509Certificate;
        this.privateKey = privateKey;
        this.keySize = KeyUtil.getKeySize(privateKey);
        this.keyAlgorithmName = privateKey.getAlgorithm();
        this.signatureAlgorithm = KeyUtil.getDefaultCompatibleSignatureAlgorithmName(privateKey);
        this.algHeader = Acme.getAlgHeaderFromSignatureAlgorithm(this.signatureAlgorithm);
        this.dn = x509Certificate.getSubjectX500Principal();
    }

    public static Builder builder() {
        return new Builder();
    }
}
