package net.eightlives.friendlyssl.service;

import java.security.KeyPair;
import java.time.Clock;
import java.time.Instant;
import java.time.ZoneOffset;
import java.time.format.DateTimeFormatter;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import net.eightlives.friendlyssl.config.FriendlySSLConfig;
import net.eightlives.friendlyssl.model.CertificateRenewal;
import net.eightlives.friendlyssl.model.CertificateRenewalStatus;
import org.shredzone.acme4j.Login;
import org.shredzone.acme4j.Session;
import org.shredzone.acme4j.util.KeyPairUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:net/eightlives/friendlyssl/service/CertificateCreateRenewService.class */
public class CertificateCreateRenewService {
    private static final Logger LOG = LoggerFactory.getLogger(CertificateCreateRenewService.class);
    private final FriendlySSLConfig config;
    private final AcmeAccountService accountService;
    private final PKCS12KeyStoreService keyStoreService;
    private final CertificateOrderHandlerService certificateOrderHandlerService;
    private final SSLContextService sslContextService;
    private final Clock clock;

    public CertificateCreateRenewService(FriendlySSLConfig friendlySSLConfig, AcmeAccountService acmeAccountService, PKCS12KeyStoreService pKCS12KeyStoreService, CertificateOrderHandlerService certificateOrderHandlerService, SSLContextService sSLContextService, Clock clock) {
        this.config = friendlySSLConfig;
        this.accountService = acmeAccountService;
        this.keyStoreService = pKCS12KeyStoreService;
        this.certificateOrderHandlerService = certificateOrderHandlerService;
        this.sslContextService = sSLContextService;
        this.clock = clock;
    }

    public CertificateRenewal createCertificate() {
        LOG.info("Starting certificate create");
        return orderCertificate(KeyPairUtils.createKeyPair(2048));
    }

    public CertificateRenewal renewCertificate() {
        LOG.info("Starting certificate renew");
        KeyPair keyPair = this.keyStoreService.getKeyPair(this.config.getCertificateKeyAlias());
        return keyPair == null ? createCertificate() : orderCertificate(keyPair);
    }

    private CertificateRenewal orderCertificate(KeyPair keyPair) {
        try {
            Login orCreateAccountLogin = this.accountService.getOrCreateAccountLogin(new Session(this.config.getAcmeSessionUrl()));
            LOG.info("Certificate account login accessed");
            LOG.info("Beginning certificate order.");
            Instant ofEpochMilli = Instant.ofEpochMilli(this.certificateOrderHandlerService.handleCertificateOrder(orCreateAccountLogin, keyPair).getCertificate().getNotAfter().getTime());
            LOG.info("Certificate renewal successful. New certificate expiration time is " + DateTimeFormatter.RFC_1123_DATE_TIME.format(ofEpochMilli.atZone(ZoneOffset.UTC)));
            LOG.info("Reloading SSL context...");
            this.sslContextService.reloadSSLConfig();
            return new CertificateRenewal(CertificateRenewalStatus.SUCCESS, ofEpochMilli.minus(this.config.getAutoRenewalHoursBefore(), (TemporalUnit) ChronoUnit.HOURS));
        } catch (IllegalArgumentException e) {
            LOG.error("acmeSessionUrl " + this.config.getAcmeSessionUrl() + " is invalid", e);
            throw e;
        } catch (Exception e2) {
            LOG.error("Exception while ordering certificate, retry in " + this.config.getErrorRetryWaitHours() + " hours", e2);
            return new CertificateRenewal(CertificateRenewalStatus.ERROR, this.clock.instant().plus(this.config.getErrorRetryWaitHours(), (TemporalUnit) ChronoUnit.HOURS));
        }
    }
}
