package org.shredzone.acme4j.provider.pebble;

import java.io.IOException;
import java.io.InputStream;
import java.net.http.HttpClient;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.Objects;
import java.util.Optional;
import java.util.concurrent.atomic.AtomicReference;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import org.shredzone.acme4j.connector.HttpConnector;
import org.shredzone.acme4j.connector.NetworkSettings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/shredzone/acme4j/provider/pebble/PebbleHttpConnector.class */
public class PebbleHttpConnector extends HttpConnector {
    private static final Logger LOG = LoggerFactory.getLogger(PebbleHttpConnector.class);
    private static final AtomicReference<SSLContext> SSL_CONTEXT_REF = new AtomicReference<>();

    public PebbleHttpConnector(NetworkSettings networkSettings) {
        super(networkSettings);
    }

    @Override // org.shredzone.acme4j.connector.HttpConnector
    public HttpClient.Builder createClientBuilder() {
        HttpClient.Builder createClientBuilder = super.createClientBuilder();
        createClientBuilder.sslContext(createSSLContext());
        return createClientBuilder;
    }

    protected SSLContext createSSLContext() {
        if (SSL_CONTEXT_REF.get() == null) {
            try {
                KeyStore orElseThrow = readPemFile("/pebble.minica.pem").or(() -> {
                    return readPemFile("/META-INF/pebble.minica.pem");
                }).or(() -> {
                    return readPemFile("/org/shredzone/acme4j/provider/pebble/pebble.minica.pem");
                }).orElseThrow(() -> {
                    return new RuntimeException("Could not find a Pebble root certificate");
                });
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(orElseThrow);
                SSLContext sSLContext = SSLContext.getInstance("TLS");
                sSLContext.init(null, trustManagerFactory.getTrustManagers(), null);
                SSL_CONTEXT_REF.set(sSLContext);
            } catch (KeyManagementException | KeyStoreException | NoSuchAlgorithmException e) {
                throw new RuntimeException("Could not create truststore", e);
            }
        }
        return (SSLContext) Objects.requireNonNull(SSL_CONTEXT_REF.get());
    }

    private Optional<KeyStore> readPemFile(String str) {
        try {
            InputStream resourceAsStream = getClass().getResourceAsStream(str);
            try {
                if (resourceAsStream == null) {
                    Optional<KeyStore> empty = Optional.empty();
                    if (resourceAsStream != null) {
                        resourceAsStream.close();
                    }
                    return empty;
                }
                Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(resourceAsStream);
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(null, "acme4j".toCharArray());
                keyStore.setCertificateEntry("pebble", generateCertificate);
                Optional<KeyStore> of = Optional.of(keyStore);
                if (resourceAsStream != null) {
                    resourceAsStream.close();
                }
                return of;
            } catch (Throwable th) {
                if (resourceAsStream != null) {
                    try {
                        resourceAsStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            LOG.error("Failed to read PEM from resource '{}'", str, e);
            return Optional.empty();
        }
    }
}
