package io.quarkus.tls.runtime;

import io.quarkus.runtime.annotations.Recorder;
import io.quarkus.tls.CertificateUpdatedEvent;
import io.quarkus.tls.TlsConfiguration;
import io.quarkus.tls.TlsConfigurationRegistry;
import io.quarkus.tls.runtime.config.TlsConfig;
import io.vertx.core.Handler;
import io.vertx.core.http.HttpMethod;
import io.vertx.core.json.JsonObject;
import io.vertx.ext.web.Route;
import io.vertx.ext.web.RoutingContext;
import jakarta.enterprise.event.Event;
import jakarta.enterprise.inject.spi.CDI;
import java.lang.annotation.Annotation;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.util.Optional;
import java.util.concurrent.Callable;
import java.util.concurrent.atomic.AtomicReference;
import java.util.function.Consumer;
import java.util.function.Supplier;
import org.gitlab4j.api.services.HipChatService;
import org.jboss.logging.Logger;

@Recorder
/* loaded from: input_file:io/quarkus/tls/runtime/LetsEncryptRecorder.class */
public class LetsEncryptRecorder {
    private TlsConfigurationRegistry registry;
    private Event<CertificateUpdatedEvent> event;
    private final AtomicReference<AcmeChallenge> acmeChallenge = new AtomicReference<>();
    private static final Logger LOGGER = Logger.getLogger((Class<?>) LetsEncryptRecorder.class);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/quarkus/tls/runtime/LetsEncryptRecorder$AcmeChallenge.class */
    public static final class AcmeChallenge extends Record {
        private final String token;
        private final String challenge;

        private AcmeChallenge(String str, String str2) {
            this.token = str;
            this.challenge = str2;
        }

        boolean matches(String str) {
            return this.token.equals(str);
        }

        boolean isValid() {
            return (this.token == null || this.challenge == null) ? false : true;
        }

        public String asJson() {
            return new JsonObject().put("challenge-resource", this.token).put("challenge-content", this.challenge).encode();
        }

        public static AcmeChallenge fromJson(JsonObject jsonObject) {
            return new AcmeChallenge(jsonObject.getString("challenge-resource"), jsonObject.getString("challenge-content"));
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, AcmeChallenge.class), AcmeChallenge.class, "token;challenge", "FIELD:Lio/quarkus/tls/runtime/LetsEncryptRecorder$AcmeChallenge;->token:Ljava/lang/String;", "FIELD:Lio/quarkus/tls/runtime/LetsEncryptRecorder$AcmeChallenge;->challenge:Ljava/lang/String;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, AcmeChallenge.class), AcmeChallenge.class, "token;challenge", "FIELD:Lio/quarkus/tls/runtime/LetsEncryptRecorder$AcmeChallenge;->token:Ljava/lang/String;", "FIELD:Lio/quarkus/tls/runtime/LetsEncryptRecorder$AcmeChallenge;->challenge:Ljava/lang/String;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, AcmeChallenge.class, Object.class), AcmeChallenge.class, "token;challenge", "FIELD:Lio/quarkus/tls/runtime/LetsEncryptRecorder$AcmeChallenge;->token:Ljava/lang/String;", "FIELD:Lio/quarkus/tls/runtime/LetsEncryptRecorder$AcmeChallenge;->challenge:Ljava/lang/String;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public String token() {
            return this.token;
        }

        public String challenge() {
            return this.challenge;
        }
    }

    public void initialize(Supplier<TlsConfigurationRegistry> supplier) {
        this.registry = supplier.get();
        this.event = CDI.current().getBeanManager().getEvent().select(CertificateUpdatedEvent.class, new Annotation[0]);
    }

    public Handler<RoutingContext> challengeHandler() {
        return new Handler<RoutingContext>() { // from class: io.quarkus.tls.runtime.LetsEncryptRecorder.1
            @Override // io.vertx.core.Handler
            public void handle(RoutingContext routingContext) {
                if (routingContext.request().method() != HttpMethod.GET) {
                    routingContext.response().setStatusCode(405).end();
                    return;
                }
                String pathParam = routingContext.pathParam(HipChatService.TOKEN_PROP);
                if (pathParam == null) {
                    routingContext.response().setStatusCode(404).end();
                    return;
                }
                AcmeChallenge acmeChallenge = LetsEncryptRecorder.this.acmeChallenge.get();
                if (acmeChallenge == null) {
                    LetsEncryptRecorder.LOGGER.debug("No Let's Encrypt challenge has been set");
                    routingContext.response().setStatusCode(404).end();
                } else if (acmeChallenge.matches(pathParam)) {
                    routingContext.response().end(acmeChallenge.challenge());
                } else {
                    routingContext.response().setStatusCode(404).end();
                }
            }
        };
    }

    public void cleanupChallenge(RoutingContext routingContext) {
        if (this.acmeChallenge.getAndSet(null) == null) {
            routingContext.response().setStatusCode(404).end();
        } else {
            routingContext.response().setStatusCode(204).end();
        }
    }

    private void setupChallenge(RoutingContext routingContext) {
        AcmeChallenge fromJson = routingContext.request().method() == HttpMethod.POST ? AcmeChallenge.fromJson(routingContext.body().asJsonObject()) : new AcmeChallenge(routingContext.request().getParam("challenge-resource"), routingContext.request().getParam("challenge-content"));
        if (!fromJson.isValid()) {
            LOGGER.warn("Invalid Let's Encrypt challenge: " + routingContext.body().asJsonObject());
            routingContext.response().setStatusCode(400).end();
        } else if (this.acmeChallenge.compareAndSet(null, fromJson)) {
            routingContext.response().setStatusCode(204).end();
        } else {
            LOGGER.warn("Let's Encrypt challenge already set");
            routingContext.response().setStatusCode(400).end();
        }
    }

    public void ready(RoutingContext routingContext) {
        TlsConfiguration orElse;
        String param = routingContext.request().getParam("key");
        if (param == null) {
            param = TlsConfig.DEFAULT_NAME;
            orElse = this.registry.getDefault().orElse(null);
            if (orElse == null) {
                LOGGER.warn("Cannot handle Let's Encrypt flow - No default TLS configuration found. You must configure the quarkus.tls.* properties.");
                routingContext.response().setStatusCode(503).end();
                return;
            }
        } else {
            orElse = this.registry.get(param).orElse(null);
            if (orElse == null) {
                LOGGER.warn("Cannot handle Let's Encrypt flow - No " + param + " TLS configuration found. You must configure the quarkus.tls." + param + ".* properties.");
                routingContext.response().setStatusCode(503).end();
                return;
            }
        }
        if (orElse.getKeyStore() == null) {
            LOGGER.warn("Cannot handle Let's Encrypt flow - No keystore configured in quarkus.tls." + (param.equalsIgnoreCase(TlsConfig.DEFAULT_NAME) ? "" : param) + ".key-store");
            routingContext.response().setStatusCode(503).end();
            return;
        }
        AcmeChallenge acmeChallenge = this.acmeChallenge.get();
        if (acmeChallenge == null) {
            routingContext.response().setStatusCode(204).end();
        } else {
            routingContext.response().end(acmeChallenge.asJson());
        }
    }

    public Handler<RoutingContext> reload() {
        return new Handler<RoutingContext>() { // from class: io.quarkus.tls.runtime.LetsEncryptRecorder.2
            @Override // io.vertx.core.Handler
            public void handle(final RoutingContext routingContext) {
                if (routingContext.request().method() != HttpMethod.POST) {
                    routingContext.response().setStatusCode(405).end();
                    return;
                }
                final String param = routingContext.request().getParam("key");
                Optional<TlsConfiguration> optional = param != null ? LetsEncryptRecorder.this.registry.get(param) : LetsEncryptRecorder.this.registry.getDefault();
                if (optional.isEmpty()) {
                    LetsEncryptRecorder.LOGGER.warn("Cannot reload certificate, no configuration found for " + (param == null ? "quarkus.tls" : "quarkus.tls." + param));
                    routingContext.response().setStatusCode(404).end();
                } else {
                    final Optional<TlsConfiguration> optional2 = optional;
                    routingContext.vertx().executeBlocking((Callable) new Callable<Void>() { // from class: io.quarkus.tls.runtime.LetsEncryptRecorder.2.1
                        /* JADX WARN: Can't rename method to resolve collision */
                        @Override // java.util.concurrent.Callable
                        public Void call() {
                            if (((TlsConfiguration) optional2.get()).reload()) {
                                LetsEncryptRecorder.this.event.fire(new CertificateUpdatedEvent(param == null ? TlsConfig.DEFAULT_NAME : param, (TlsConfiguration) optional2.get()));
                                routingContext.response().setStatusCode(204).end();
                                return null;
                            }
                            LetsEncryptRecorder.LOGGER.error("Failed to reload certificate");
                            routingContext.response().setStatusCode(500).end();
                            return null;
                        }
                    }, false);
                }
            }
        };
    }

    public Consumer<Route> setupCustomizer() {
        return new Consumer<Route>() { // from class: io.quarkus.tls.runtime.LetsEncryptRecorder.3
            @Override // java.util.function.Consumer
            public void accept(Route route) {
                route.method(HttpMethod.POST).method(HttpMethod.GET).method(HttpMethod.DELETE);
            }
        };
    }

    public Handler<RoutingContext> chalengeAdminHandler() {
        return new Handler<RoutingContext>() { // from class: io.quarkus.tls.runtime.LetsEncryptRecorder.4
            @Override // io.vertx.core.Handler
            public void handle(RoutingContext routingContext) {
                if (routingContext.request().method() == HttpMethod.POST) {
                    LetsEncryptRecorder.this.setupChallenge(routingContext);
                    return;
                }
                if (routingContext.request().method() == HttpMethod.DELETE) {
                    LetsEncryptRecorder.this.cleanupChallenge(routingContext);
                    return;
                }
                if (routingContext.request().method() != HttpMethod.GET) {
                    routingContext.response().setStatusCode(405).end();
                } else if (routingContext.request().getParam("challenge-resource") != null) {
                    LetsEncryptRecorder.this.setupChallenge(routingContext);
                } else {
                    LetsEncryptRecorder.this.ready(routingContext);
                }
            }
        };
    }
}
