package org.shredzone.acme4j;

import com.ibm.ws.security.acme.internal.web.AcmeCaRestHandler;
import jakarta.annotation.Nullable;
import jakarta.annotation.ParametersAreNonnullByDefault;
import jakarta.annotation.WillNotClose;
import java.io.IOException;
import java.io.Writer;
import java.net.URL;
import java.security.KeyPair;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import org.shredzone.acme4j.connector.Connection;
import org.shredzone.acme4j.connector.Resource;
import org.shredzone.acme4j.exception.AcmeException;
import org.shredzone.acme4j.exception.AcmeLazyLoadingException;
import org.shredzone.acme4j.exception.AcmeProtocolException;
import org.shredzone.acme4j.toolbox.AcmeUtils;
import org.shredzone.acme4j.toolbox.JSONBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ParametersAreNonnullByDefault
/* loaded from: input_file:org/shredzone/acme4j/Certificate.class */
public class Certificate extends AcmeResource {
    private static final long serialVersionUID = 7381527770159084201L;
    private static final Logger LOG = LoggerFactory.getLogger(Certificate.class);
    private ArrayList<X509Certificate> certChain;
    private ArrayList<URL> alternates;

    /* JADX INFO: Access modifiers changed from: protected */
    public Certificate(Login login, URL url) {
        super(login, url);
        this.certChain = null;
        this.alternates = null;
    }

    public void download() throws AcmeException {
        if (this.certChain == null) {
            LOG.debug("download");
            Connection connect = getSession().connect();
            Throwable th = null;
            try {
                connect.sendCertificateRequest(getLocation(), getLogin());
                this.alternates = new ArrayList<>(connect.getLinks("alternate"));
                this.certChain = new ArrayList<>(connect.readCertificates());
                if (connect != null) {
                    if (0 == 0) {
                        connect.close();
                        return;
                    }
                    try {
                        connect.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                if (connect != null) {
                    if (0 != 0) {
                        try {
                            connect.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        connect.close();
                    }
                }
                throw th3;
            }
        }
    }

    public X509Certificate getCertificate() {
        lazyDownload();
        return this.certChain.get(0);
    }

    public List<X509Certificate> getCertificateChain() {
        lazyDownload();
        return Collections.unmodifiableList(this.certChain);
    }

    public List<URL> getAlternates() {
        lazyDownload();
        return this.alternates != null ? Collections.unmodifiableList(this.alternates) : Collections.emptyList();
    }

    public void writeCertificate(@WillNotClose Writer writer) throws IOException {
        try {
            Iterator<X509Certificate> it = getCertificateChain().iterator();
            while (it.hasNext()) {
                AcmeUtils.writeToPem(it.next().getEncoded(), AcmeUtils.PemLabel.CERTIFICATE, writer);
            }
        } catch (CertificateEncodingException e) {
            throw new IOException("Encoding error", e);
        }
    }

    public void revoke() throws AcmeException {
        revoke(null);
    }

    public void revoke(@Nullable RevocationReason revocationReason) throws AcmeException {
        revoke(getLogin(), getCertificate(), revocationReason);
    }

    public static void revoke(Login login, X509Certificate x509Certificate, @Nullable RevocationReason revocationReason) throws AcmeException {
        LOG.debug("revoke");
        Session session = login.getSession();
        URL resourceUrl = session.resourceUrl(Resource.REVOKE_CERT);
        if (resourceUrl == null) {
            throw new AcmeException("Server does not allow certificate revocation");
        }
        try {
            Connection connect = session.connect();
            Throwable th = null;
            try {
                try {
                    JSONBuilder jSONBuilder = new JSONBuilder();
                    jSONBuilder.putBase64("certificate", x509Certificate.getEncoded());
                    if (revocationReason != null) {
                        jSONBuilder.put(AcmeCaRestHandler.REASON_KEY, Integer.valueOf(revocationReason.getReasonCode()));
                    }
                    connect.sendSignedRequest(resourceUrl, jSONBuilder, login);
                    if (connect != null) {
                        if (0 != 0) {
                            try {
                                connect.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            connect.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        } catch (CertificateEncodingException e) {
            throw new AcmeProtocolException("Invalid certificate", e);
        }
    }

    public static void revoke(Session session, KeyPair keyPair, X509Certificate x509Certificate, @Nullable RevocationReason revocationReason) throws AcmeException {
        LOG.debug("revoke using the domain key pair");
        URL resourceUrl = session.resourceUrl(Resource.REVOKE_CERT);
        if (resourceUrl == null) {
            throw new AcmeException("Server does not allow certificate revocation");
        }
        try {
            Connection connect = session.connect();
            Throwable th = null;
            try {
                try {
                    JSONBuilder jSONBuilder = new JSONBuilder();
                    jSONBuilder.putBase64("certificate", x509Certificate.getEncoded());
                    if (revocationReason != null) {
                        jSONBuilder.put(AcmeCaRestHandler.REASON_KEY, Integer.valueOf(revocationReason.getReasonCode()));
                    }
                    connect.sendSignedRequest(resourceUrl, jSONBuilder, session, keyPair);
                    if (connect != null) {
                        if (0 != 0) {
                            try {
                                connect.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            connect.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        } catch (CertificateEncodingException e) {
            throw new AcmeProtocolException("Invalid certificate", e);
        }
    }

    private void lazyDownload() {
        try {
            download();
        } catch (AcmeException e) {
            throw new AcmeLazyLoadingException(this, e);
        }
    }
}
