package org.shredzone.acme4j;

import edu.umd.cs.findbugs.annotations.Nullable;
import java.net.URI;
import java.net.URL;
import java.security.KeyPair;
import java.util.ArrayList;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.shredzone.acme4j.connector.Connection;
import org.shredzone.acme4j.connector.Resource;
import org.shredzone.acme4j.exception.AcmeException;
import org.shredzone.acme4j.provider.AcmeProvider;
import org.shredzone.acme4j.toolbox.AcmeUtils;
import org.shredzone.acme4j.toolbox.JSONBuilder;
import org.shredzone.acme4j.toolbox.JoseUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/shredzone/acme4j/AccountBuilder.class */
public class AccountBuilder {
    private static final Logger LOG = LoggerFactory.getLogger(AccountBuilder.class);
    private static final Set<String> VALID_ALGORITHMS = Set.of("HS256", "HS384", "HS512");
    private final List<URI> contacts = new ArrayList();

    @Nullable
    private Boolean termsOfServiceAgreed;

    @Nullable
    private Boolean onlyExisting;

    @Nullable
    private String keyIdentifier;

    @Nullable
    private KeyPair keyPair;

    @Nullable
    private SecretKey macKey;

    @Nullable
    private String macAlgorithm;

    public AccountBuilder addContact(URI uri) {
        AcmeUtils.validateContact(uri);
        this.contacts.add(uri);
        return this;
    }

    public AccountBuilder addContact(String str) {
        addContact(URI.create(str));
        return this;
    }

    public AccountBuilder addEmail(String str) {
        if (str.startsWith("mailto:")) {
            addContact(str);
        } else {
            addContact("mailto:" + str);
        }
        return this;
    }

    public AccountBuilder agreeToTermsOfService() {
        this.termsOfServiceAgreed = true;
        return this;
    }

    public AccountBuilder onlyExisting() {
        this.onlyExisting = true;
        return this;
    }

    public AccountBuilder useKeyPair(KeyPair keyPair) {
        this.keyPair = (KeyPair) Objects.requireNonNull(keyPair, "keyPair");
        return this;
    }

    public AccountBuilder withKeyIdentifier(String str, SecretKey secretKey) {
        if (str != null && str.isEmpty()) {
            throw new IllegalArgumentException("kid must not be empty");
        }
        this.macKey = (SecretKey) Objects.requireNonNull(secretKey, "macKey");
        this.keyIdentifier = str;
        return this;
    }

    public AccountBuilder withKeyIdentifier(String str, String str2) {
        return withKeyIdentifier(str, new SecretKeySpec(AcmeUtils.base64UrlDecode((String) Objects.requireNonNull(str2, "encodedMacKey")), "HMAC"));
    }

    public AccountBuilder withMacAlgorithm(String str) {
        String str2 = (String) Objects.requireNonNull(str, "macAlgorithm");
        if (!VALID_ALGORITHMS.contains(str2)) {
            throw new IllegalArgumentException("Invalid MAC algorithm: " + str);
        }
        this.macAlgorithm = str2;
        return this;
    }

    public Account create(Session session) throws AcmeException {
        return createLogin(session).getAccount();
    }

    public Login createLogin(Session session) throws AcmeException {
        Objects.requireNonNull(session, "session");
        if (this.keyPair == null) {
            throw new IllegalStateException("Use AccountBuilder.useKeyPair() to set the account's key pair.");
        }
        LOG.debug("create");
        Connection connect = session.connect();
        try {
            URL resourceUrl = session.resourceUrl(Resource.NEW_ACCOUNT);
            JSONBuilder jSONBuilder = new JSONBuilder();
            if (!this.contacts.isEmpty()) {
                jSONBuilder.put("contact", this.contacts);
            }
            if (this.termsOfServiceAgreed != null) {
                jSONBuilder.put("termsOfServiceAgreed", this.termsOfServiceAgreed);
            }
            if (this.keyIdentifier != null && this.macKey != null) {
                Optional ofNullable = Optional.ofNullable(this.macAlgorithm);
                AcmeProvider provider = session.provider();
                Objects.requireNonNull(provider);
                jSONBuilder.put("externalAccountBinding", JoseUtils.createExternalAccountBinding(this.keyIdentifier, this.keyPair.getPublic(), this.macKey, (String) ofNullable.or(provider::getProposedEabMacAlgorithm).orElse(JoseUtils.macKeyAlgorithm(this.macKey)), resourceUrl));
            }
            if (this.onlyExisting != null) {
                jSONBuilder.put("onlyReturnExisting", this.onlyExisting);
            }
            connect.sendSignedRequest(resourceUrl, jSONBuilder, session, this.keyPair);
            Login login = new Login(connect.getLocation(), this.keyPair, session);
            login.getAccount().setJSON(connect.readJsonResponse());
            if (connect != null) {
                connect.close();
            }
            return login;
        } catch (Throwable th) {
            if (connect != null) {
                try {
                    connect.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
