package LetsEncrypt;

import com.crushftp.client.Common;
import com.crushftp.client.File_S;
import com.google.api.client.json.Json;
import com.google.common.net.HttpHeaders;
import com.joyent.manta.client.MantaObject;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.lang.reflect.Field;
import java.math.BigInteger;
import java.net.HttpURLConnection;
import java.net.URI;
import java.net.URL;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.LinkedHashMap;
import java.util.Properties;
import java.util.TreeMap;
import java.util.Vector;
import main.java.org.jose4j.base64url.Base64Url;
import main.java.org.jose4j.json.JsonUtil;
import main.java.org.jose4j.jwk.JsonWebKey;
import main.java.org.jose4j.jwk.PublicJsonWebKey;
import main.java.org.jose4j.jws.AlgorithmIdentifiers;
import main.java.org.jose4j.jws.JsonWebSignature;
import org.apache.http.cookie.ClientCookie;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.ExtensionsGenerator;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.provider.X509CertParser;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.json.simple.JSONArray;
import org.json.simple.JSONObject;
import org.json.simple.JSONValue;

/* loaded from: input_file:LetsEncrypt/FetchCertV02.class */
public class FetchCertV02 {
    private Properties data;
    private Start parent;
    private String challenge_type = "http-01";
    public static final String V02 = "https://acme-v02.api.letsencrypt.org/";
    public static final String STAGING = "https://acme-staging-v02.api.letsencrypt.org/";

    public FetchCertV02(Properties properties, Start start) {
        this.data = properties;
        this.parent = start;
    }

    public void fetchCertificate_V02(String[] strArr) throws Exception {
        Security.addProvider(new BouncyCastleProvider());
        KeyPair loadAccountKeyPair = loadAccountKeyPair();
        this.challenge_type = this.data.getProperty("challenge_type", "http-01");
        Start.getNonce(String.valueOf(getBaseUrl()) + MantaObject.DIRECTORY);
        try {
            if (this.data.getProperty("new_account_location", "").equals("") || this.data.getProperty("staging", "false").equals("true")) {
                newAccount(loadAccountKeyPair);
            }
        } catch (Exception e) {
            Start.msg(e);
        }
        try {
            newOrder(strArr, loadAccountKeyPair);
            Vector vector = (Vector) this.data.get("authorizations");
            for (int i = 0; i < vector.size(); i++) {
                Properties properties = (Properties) vector.get(i);
                fillChallengeInfo(properties, requestPostGETLocation(loadAccountKeyPair, properties.getProperty("authorization", ""), ""));
                if (!properties.getProperty("challenge_status", "").toUpperCase().equals("VALID")) {
                    String jSONString = JSONValue.toJSONString(new TreeMap(JsonWebKey.Factory.newJwk(loadAccountKeyPair.getPublic()).toParams(JsonWebKey.OutputControlLevel.PUBLIC_ONLY)));
                    MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
                    messageDigest.update(jSONString.getBytes("UTF-8"));
                    byte[] bytes = (String.valueOf(properties.getProperty("challenge_token")) + "." + Base64Url.encode(messageDigest.digest())).getBytes("UTF-8");
                    if (this.challenge_type.equals("http-01")) {
                        Properties properties2 = new Properties();
                        properties2.put("command", "saveHttpChallengeToken");
                        properties2.put("challenge_path", this.data.getProperty("challenge_path", ""));
                        properties2.put("challenge_token", properties.getProperty("challenge_token", ""));
                        properties2.put("authorization", bytes);
                        properties2.put("instance", this.data.getProperty("plugin_instance", "").trim());
                        requestPostGETLocation(loadAccountKeyPair, properties.getProperty("challenge_url", ""), JsonUtil.toJson(new LinkedHashMap()));
                        int i2 = 0;
                        while (!properties.getProperty("challenge_status", "").toUpperCase().equals("VALID") && i2 < 10) {
                            Thread.sleep(3000L);
                            i2++;
                            properties.put("challenge_status", ((JSONObject) JSONValue.parse(requestPostGETLocation(loadAccountKeyPair, properties.getProperty("challenge_url", ""), ""))).get("status"));
                        }
                    }
                    if (!this.challenge_type.equals("tls-alpn-01")) {
                        continue;
                    } else {
                        if (System.getProperty("java.version").startsWith("1.8") || System.getProperty("java.version").startsWith("1.8") || System.getProperty("java.version").startsWith("1.9") || System.getProperty("java.version").startsWith("1.10")) {
                            throw new Exception("Error : Wrong Java version! TLS ALPN challenge requires Java 11+.");
                        }
                        Properties properties3 = new Properties();
                        properties3.put("instance", this.data.getProperty("plugin_instance", "").trim());
                        properties3.put("command", "putTLSALPNChallengeJKS");
                        properties3.put("authorization", bytes);
                        properties3.put(ClientCookie.DOMAIN_ATTR, strArr[i]);
                        properties3.put("tls_alpn_https_port", this.data.getProperty("tls_alpn_https_port", "443").trim());
                        Properties properties4 = (Properties) Thread.currentThread().getContextClassLoader().loadClass("crushftp.server.AdminControls").getMethod("putTLSALPNChallengeJKS", Properties.class).invoke(null, properties3);
                        if (properties4 == null) {
                            throw new Exception("Error : Invalid port " + this.data.getProperty("tls_alpn_https_port", "443") + "!");
                        }
                        if (properties4 != null) {
                            try {
                                requestPostGETLocation(loadAccountKeyPair, properties.getProperty("challenge_url", ""), JsonUtil.toJson(new LinkedHashMap()));
                                int i3 = 0;
                                while (!properties.getProperty("challenge_status", "").toUpperCase().equals("VALID")) {
                                    int i4 = i3;
                                    i3++;
                                    if (i4 >= 10) {
                                        break;
                                    }
                                    Thread.sleep(3000L);
                                    String requestPostGETLocation = requestPostGETLocation(loadAccountKeyPair, properties.getProperty("challenge_url", ""), "");
                                    properties.put("challenge_status", ((JSONObject) JSONValue.parse(requestPostGETLocation)).get("status"));
                                    Start.msg("Challenge result: " + requestPostGETLocation);
                                }
                                Properties properties5 = new Properties();
                                properties5.put("instance", this.data.getProperty("plugin_instance", "").trim());
                                properties5.put("command", "removeTLSALPNChallengeJKS");
                                properties5.put("tls_alpn_https_port", this.data.getProperty("tls_alpn_https_port", "443").trim());
                                properties5.put("challenge_path", this.data.getProperty("challenge_path", ""));
                                properties5.put("server_item_original", properties4);
                            } catch (Throwable th) {
                                Properties properties6 = new Properties();
                                properties6.put("instance", this.data.getProperty("plugin_instance", "").trim());
                                properties6.put("command", "removeTLSALPNChallengeJKS");
                                properties6.put("tls_alpn_https_port", this.data.getProperty("tls_alpn_https_port", "443").trim());
                                properties6.put("challenge_path", this.data.getProperty("challenge_path", ""));
                                properties6.put("server_item_original", properties4);
                                throw th;
                            }
                        } else {
                            continue;
                        }
                    }
                }
            }
            KeyPair loadDomainKeyPair = loadDomainKeyPair();
            GeneralName[] generalNameArr = new GeneralName[strArr.length];
            Certificate[] certificateArr = new Certificate[strArr.length];
            for (int i5 = 0; i5 < strArr.length; i5++) {
                generalNameArr[i5] = new GeneralName(2, strArr[i5].trim());
                certificateArr[i5] = Start.generateCert(strArr[i5].trim().toString(), this.data.getProperty("commonName", ""), this.data.getProperty("organisationUnit", ""), this.data.getProperty("locality", ""), this.data.getProperty("state", ""), this.data.getProperty("countryCode", ""), this.data.getProperty("email", ""), Integer.parseInt(this.data.getProperty("validity", "")), loadDomainKeyPair.getPublic(), loadDomainKeyPair.getPrivate(), "SHA1WITHRSA");
            }
            GeneralNames generalNames = new GeneralNames(generalNameArr);
            JcaPKCS10CertificationRequestBuilder jcaPKCS10CertificationRequestBuilder = new JcaPKCS10CertificationRequestBuilder(new X500NameBuilder(X500Name.getDefaultStyle()).build(), loadDomainKeyPair.getPublic());
            ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
            extensionsGenerator.addExtension(Extension.subjectAlternativeName, false, (ASN1Encodable) generalNames);
            jcaPKCS10CertificationRequestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate());
            PKCS10CertificationRequest build = jcaPKCS10CertificationRequestBuilder.build(new JcaContentSignerBuilder("SHA256withRSA").build(loadDomainKeyPair.getPrivate()));
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("csr", Base64Url.encode(build.getEncoded()));
            X509Certificate downloadCertificate = downloadCertificate(loadAccountKeyPair, (String) ((JSONObject) JSONValue.parse(requestPostGETLocation(loadAccountKeyPair, this.data.getProperty("finalize", ""), jSONObject.toJSONString()))).get("certificate"));
            String cACertificateURL = Start.getCACertificateURL(downloadCertificate);
            X509Certificate x509Certificate = null;
            if (cACertificateURL != null) {
                try {
                    InputStream openStream = new URL(cACertificateURL).openStream();
                    X509CertParser x509CertParser = new X509CertParser();
                    x509CertParser.engineInit(openStream);
                    x509Certificate = (X509Certificate) x509CertParser.engineRead();
                } catch (Exception e2) {
                    Start.msg(e2);
                }
            } else {
                Start.msg("Could not found intermidiate cert url!");
            }
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
            String encryptDecrypt = Common.encryptDecrypt(this.data.getProperty("key_pass", ""), false);
            for (int i6 = 0; i6 < strArr.length; i6++) {
                keyStore.setKeyEntry(strArr[i6].trim().toString(), loadDomainKeyPair.getPrivate(), encryptDecrypt.toCharArray(), new Certificate[]{certificateArr[i6]});
                Start.addReply(keyStore, downloadCertificate, strArr[i6].trim().toString(), encryptDecrypt, x509Certificate);
            }
            String encryptDecrypt2 = Common.encryptDecrypt(this.data.getProperty("keystore_pass", ""), false);
            if (this.data.getProperty("staging", "false").equals("true")) {
                return;
            }
            keyStore.store(new FileOutputStream((File) new File_S(this.data.getProperty("keystore_path", ""))), encryptDecrypt2.toCharArray());
            Properties properties7 = new Properties();
            properties7.put("instance", Start.data.getProperty("plugin_instance", "").trim());
            properties7.put("keystore_path", Start.data.getProperty("keystore_path", "").trim());
            Start.msg("JKS update: " + ((String) Thread.currentThread().getContextClassLoader().loadClass("crushftp.server.AdminControls").getMethod("updateJKS", Properties.class).invoke(null, properties7)));
        } catch (Exception e3) {
            Start.msg(e3);
            throw e3;
        }
    }

    private void save_restart_server(Class cls, Field field, Object obj, int i, boolean z) throws Exception {
        cls.getDeclaredMethod("siPUT2", String.class, Object.class).invoke(field.get(null), "server_list", obj);
        cls.getDeclaredMethod("save_server_settings", Boolean.TYPE).invoke(field.get(null), new Boolean(false));
        cls.getDeclaredMethod("stop_this_server", Integer.TYPE).invoke(field.get(null), new Integer(i));
        Thread.sleep(1000L);
        if (z) {
            System.getProperties().put("crushftp.letsencrypt.acme4j_alpn", "true");
        } else {
            System.getProperties().put("crushftp.letsencrypt.acme4j_alpn", "false");
        }
        cls.getDeclaredMethod("start_this_server", Integer.TYPE).invoke(field.get(null), new Integer(i));
    }

    private void fillChallengeInfo(Properties properties, String str) {
        Object obj = ((JSONObject) JSONValue.parse(str)).get("challenges");
        if (obj instanceof JSONArray) {
            JSONArray jSONArray = (JSONArray) obj;
            for (int i = 0; i < jSONArray.size(); i++) {
                Object obj2 = jSONArray.get(i);
                if (obj2 instanceof JSONObject) {
                    JSONObject jSONObject = (JSONObject) obj2;
                    if (jSONObject.get("type").equals(this.challenge_type)) {
                        properties.put("challenge_status", jSONObject.get("status"));
                        properties.put("challenge_token", jSONObject.get("token"));
                        properties.put("challenge_url", jSONObject.get("url"));
                        properties.put("challenge_type", this.challenge_type);
                    }
                }
            }
        }
    }

    private KeyPair loadAccountKeyPair() throws Exception {
        KeyPair generateKeyPair;
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        if (this.data.getProperty("staging", "false").equals("true") || !new File_S(String.valueOf(this.data.getProperty("challenge_path", "")) + "account_V02.key").exists() || !new File_S(String.valueOf(this.data.getProperty("challenge_path", "")) + "account_V02.pub").exists()) {
            keyPairGenerator.initialize(2048, SecureRandom.getInstance("SHA1PRNG"));
            generateKeyPair = keyPairGenerator.generateKeyPair();
            if (!this.data.getProperty("staging", "false").equals("true")) {
                Start.writeKeyPair(generateKeyPair, this.data.getProperty("challenge_path", ""), "account_V02");
            }
        } else if (this.data.getProperty("delete_account_keys", "false").equals("false")) {
            generateKeyPair = Start.loadKeyPair(new File_S(String.valueOf(this.data.getProperty("challenge_path", "")) + "account_V02.pub"), new File_S(String.valueOf(this.data.getProperty("challenge_path", "")) + "account_V02.key"));
            if (new File_S(String.valueOf(this.data.getProperty("challenge_path", "")) + "account_mata_info_V02.XML").exists()) {
                this.data.putAll((Properties) Common.readXMLObject(String.valueOf(this.data.getProperty("challenge_path", "")) + "account_mata_info_V02.XML"));
            }
        } else {
            if (new File_S(String.valueOf(this.data.getProperty("challenge_path", "")) + "account_V02.pub").exists()) {
                new File_S(String.valueOf(this.data.getProperty("challenge_path", "")) + "account_V02.pub").delete();
            }
            if (new File_S(String.valueOf(this.data.getProperty("challenge_path", "")) + "account_V02.key").exists()) {
                new File_S(String.valueOf(this.data.getProperty("challenge_path", "")) + "account_V02.key").delete();
            }
            if (new File_S(String.valueOf(this.data.getProperty("challenge_path", "")) + "account_V02_mata_info.XML").exists()) {
                new File_S(String.valueOf(this.data.getProperty("challenge_path", "")) + "account_mata_info_V02.XML").delete();
            }
            keyPairGenerator.initialize(2048, SecureRandom.getInstance("SHA1PRNG"));
            generateKeyPair = keyPairGenerator.generateKeyPair();
            Start.writeKeyPair(generateKeyPair, this.data.getProperty("challenge_path", ""), "account_V02");
        }
        return generateKeyPair;
    }

    private KeyPair loadDomainKeyPair() throws Exception {
        KeyPair generateKeyPair;
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(2048, SecureRandom.getInstance("SHA1PRNG"));
        if (this.data.getProperty("staging", "false").equals("true") || !new File_S(String.valueOf(this.data.getProperty("challenge_path", "")) + "domain_V02.key").exists() || !new File_S(String.valueOf(this.data.getProperty("challenge_path", "")) + "domain_V02.pub").exists()) {
            generateKeyPair = keyPairGenerator.generateKeyPair();
            if (!this.data.getProperty("staging", "false").equals("true")) {
                Start.writeKeyPair(generateKeyPair, this.data.getProperty("challenge_path", ""), "domain_V02");
            }
        } else if (this.data.getProperty("delete_account_keys", "false").equals("false")) {
            generateKeyPair = Start.loadKeyPair(new File_S(String.valueOf(this.data.getProperty("challenge_path", "")) + "domain_V02.pub"), new File_S(String.valueOf(this.data.getProperty("challenge_path", "")) + "domain_V02.key"));
        } else {
            new File_S(String.valueOf(this.data.getProperty("challenge_path", "")) + "domain_V02.key").delete();
            new File_S(String.valueOf(this.data.getProperty("challenge_path", "")) + "domain_V02.pub").delete();
            generateKeyPair = keyPairGenerator.generateKeyPair();
            Start.writeKeyPair(generateKeyPair, this.data.getProperty("challenge_path", ""), "domain_V02");
        }
        return generateKeyPair;
    }

    private void newOrder(String[] strArr, KeyPair keyPair) throws Exception {
        String nonce = Start.getNonce(String.valueOf(getBaseUrl()) + "acme/new-nonce");
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URI(String.valueOf(getBaseUrl()) + "acme/new-order").toURL().openConnection();
        httpURLConnection.setConnectTimeout(Start.TIMEOUT);
        httpURLConnection.setReadTimeout(Start.TIMEOUT);
        httpURLConnection.setUseCaches(false);
        httpURLConnection.setRequestProperty("User-Agent", "acme4j");
        httpURLConnection.setRequestMethod("POST");
        httpURLConnection.setRequestProperty(HttpHeaders.ACCEPT, Json.CONTENT_TYPE);
        httpURLConnection.setRequestProperty(HttpHeaders.ACCEPT_CHARSET, "utf-8");
        httpURLConnection.setRequestProperty("Content-Type", "application/jose+json");
        httpURLConnection.setDoOutput(true);
        JsonWebSignature jsonWebSignature = new JsonWebSignature();
        JSONObject jSONObject = new JSONObject();
        JSONArray jSONArray = new JSONArray();
        for (String str : strArr) {
            JSONObject jSONObject2 = new JSONObject();
            jSONObject2.put("type", "dns");
            jSONObject2.put("value", str);
            jSONArray.add(jSONObject2);
        }
        jSONObject.put("identifiers", jSONArray);
        jsonWebSignature.setPayload(jSONObject.toString());
        jsonWebSignature.getHeaders().setObjectHeaderValue("nonce", nonce);
        jsonWebSignature.getHeaders().setObjectHeaderValue("url", String.valueOf(getBaseUrl()) + "acme/new-order");
        jsonWebSignature.getHeaders().setObjectHeaderValue("kid", this.data.getProperty("new_account_location"));
        jsonWebSignature.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256);
        jsonWebSignature.setKey(keyPair.getPrivate());
        jsonWebSignature.sign();
        JSONObject jSONObject3 = new JSONObject();
        jSONObject3.put("protected", jsonWebSignature.getHeaders().getEncodedHeader());
        jSONObject3.put("payload", jsonWebSignature.getEncodedPayload());
        jSONObject3.put("signature", jsonWebSignature.getEncodedSignature());
        byte[] bytes = jSONObject3.toJSONString().getBytes("utf-8");
        httpURLConnection.setFixedLengthStreamingMode(bytes.length);
        httpURLConnection.connect();
        OutputStream outputStream = httpURLConnection.getOutputStream();
        outputStream.write(bytes);
        outputStream.close();
        if (httpURLConnection.getResponseCode() < 200 || httpURLConnection.getResponseCode() > 299) {
            throw new Exception(String.valueOf(httpURLConnection.getResponseCode()) + httpURLConnection.getResponseMessage() + Start.consumeResponse(httpURLConnection.getErrorStream()));
        }
        Start.msg("V02 New order : " + httpURLConnection.getResponseCode() + httpURLConnection.getResponseMessage());
        String consumeResponse = Start.consumeResponse(httpURLConnection.getInputStream());
        this.data.put("new_order_location", httpURLConnection.getHeaderField(HttpHeaders.LOCATION));
        this.data.put("terms-of-service_V02", httpURLConnection.getHeaderField(HttpHeaders.LINK));
        this.data.put("nonce_V02", httpURLConnection.getHeaderField("Replay-Nonce"));
        httpURLConnection.disconnect();
        Vector vector = new Vector();
        Object obj = ((JSONObject) JSONValue.parse(consumeResponse)).get("authorizations");
        if (obj instanceof JSONArray) {
            JSONArray jSONArray2 = (JSONArray) obj;
            for (int i = 0; i < jSONArray2.size(); i++) {
                Properties properties = new Properties();
                properties.put("authorization", new StringBuilder().append(jSONArray2.get(i)).toString());
                vector.add(properties);
            }
        }
        this.data.put("authorizations", vector);
        this.data.put("finalize", ((JSONObject) JSONValue.parse(consumeResponse)).get("finalize"));
        if (this.data.getProperty("staging", "false").equals("true")) {
            return;
        }
        Properties properties2 = (Properties) Common.readXMLObject(String.valueOf(this.data.getProperty("challenge_path", "")) + "account_mata_info_V02.XML");
        properties2.put("authorizations", this.data.get("authorizations"));
        properties2.put("finalize", this.data.getProperty("finalize", ""));
        Common.writeXMLObject(String.valueOf(this.data.getProperty("challenge_path", "")) + "account_mata_info_V02.XML", properties2, "meta_info");
    }

    private void newAccount(KeyPair keyPair) throws Exception {
        String nonce = Start.getNonce(String.valueOf(getBaseUrl()) + "acme/new-nonce");
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URI(String.valueOf(getBaseUrl()) + "acme/new-acct").toURL().openConnection();
        httpURLConnection.setConnectTimeout(Start.TIMEOUT);
        httpURLConnection.setReadTimeout(Start.TIMEOUT);
        httpURLConnection.setUseCaches(false);
        httpURLConnection.setRequestProperty("User-Agent", "acme4j");
        httpURLConnection.setRequestMethod("POST");
        httpURLConnection.setRequestProperty(HttpHeaders.ACCEPT, Json.CONTENT_TYPE);
        httpURLConnection.setRequestProperty(HttpHeaders.ACCEPT_CHARSET, "utf-8");
        httpURLConnection.setRequestProperty("Content-Type", "application/jose+json");
        httpURLConnection.setDoOutput(true);
        PublicJsonWebKey newPublicJwk = PublicJsonWebKey.Factory.newPublicJwk(keyPair.getPublic());
        JsonWebSignature jsonWebSignature = new JsonWebSignature();
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("contact", new JSONArray());
        jSONObject.put("termsOfServiceAgreed", true);
        jsonWebSignature.setPayload(jSONObject.toString());
        jsonWebSignature.getHeaders().setObjectHeaderValue("nonce", nonce);
        jsonWebSignature.getHeaders().setObjectHeaderValue("url", String.valueOf(getBaseUrl()) + "acme/new-acct");
        jsonWebSignature.getHeaders().setJwkHeaderValue("jwk", newPublicJwk);
        jsonWebSignature.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256);
        jsonWebSignature.setKey(keyPair.getPrivate());
        jsonWebSignature.sign();
        JSONObject jSONObject2 = new JSONObject();
        jSONObject2.put("protected", jsonWebSignature.getHeaders().getEncodedHeader());
        jSONObject2.put("payload", jsonWebSignature.getEncodedPayload());
        jSONObject2.put("signature", jsonWebSignature.getEncodedSignature());
        byte[] bytes = jSONObject2.toJSONString().getBytes("utf-8");
        httpURLConnection.setFixedLengthStreamingMode(bytes.length);
        httpURLConnection.connect();
        OutputStream outputStream = httpURLConnection.getOutputStream();
        outputStream.write(bytes);
        outputStream.close();
        if (httpURLConnection.getResponseCode() < 200 || httpURLConnection.getResponseCode() > 299) {
            throw new Exception(String.valueOf(httpURLConnection.getResponseCode()) + httpURLConnection.getResponseMessage() + Start.consumeResponse(httpURLConnection.getErrorStream()));
        }
        Start.msg("V02 New Account : " + httpURLConnection.getResponseCode() + httpURLConnection.getResponseMessage());
        Start.consumeResponse(httpURLConnection.getInputStream());
        this.data.put("new_account_location", httpURLConnection.getHeaderField(HttpHeaders.LOCATION));
        this.data.put("terms-of-service_V02", httpURLConnection.getHeaderField(HttpHeaders.LINK));
        this.data.put("nonce_V02", httpURLConnection.getHeaderField("Replay-Nonce"));
        httpURLConnection.disconnect();
        Properties properties = new Properties();
        properties.put("new_account_location", this.data.getProperty("new_account_location"));
        if (this.data.getProperty("staging", "false").equals("true")) {
            return;
        }
        Common.writeXMLObject(String.valueOf(this.data.getProperty("challenge_path", "")) + "account_mata_info_V02.XML", properties, "meta_info");
    }

    private String requestPostGETLocation(KeyPair keyPair, String str, String str2) throws Exception {
        String nonce = Start.getNonce(String.valueOf(getBaseUrl()) + "acme/new-nonce");
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URI(str).toURL().openConnection();
        httpURLConnection.setConnectTimeout(Start.TIMEOUT);
        httpURLConnection.setReadTimeout(Start.TIMEOUT);
        httpURLConnection.setUseCaches(false);
        httpURLConnection.setRequestProperty("User-Agent", "acme4j");
        httpURLConnection.setRequestMethod("POST");
        httpURLConnection.setRequestProperty(HttpHeaders.ACCEPT, Json.CONTENT_TYPE);
        httpURLConnection.setRequestProperty(HttpHeaders.ACCEPT_CHARSET, "utf-8");
        httpURLConnection.setRequestProperty("Content-Type", "application/jose+json");
        httpURLConnection.setDoOutput(true);
        JsonWebSignature jsonWebSignature = new JsonWebSignature();
        jsonWebSignature.setPayload(str2);
        jsonWebSignature.getHeaders().setObjectHeaderValue("nonce", nonce);
        jsonWebSignature.getHeaders().setObjectHeaderValue("url", str);
        jsonWebSignature.getHeaders().setObjectHeaderValue("kid", this.data.getProperty("new_account_location"));
        jsonWebSignature.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256);
        jsonWebSignature.setKey(keyPair.getPrivate());
        jsonWebSignature.sign();
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("protected", jsonWebSignature.getHeaders().getEncodedHeader());
        jSONObject.put("payload", jsonWebSignature.getEncodedPayload());
        jSONObject.put("signature", jsonWebSignature.getEncodedSignature());
        byte[] bytes = jSONObject.toJSONString().getBytes("utf-8");
        httpURLConnection.setFixedLengthStreamingMode(bytes.length);
        httpURLConnection.connect();
        OutputStream outputStream = httpURLConnection.getOutputStream();
        outputStream.write(bytes);
        outputStream.close();
        if (httpURLConnection.getResponseCode() < 200 || httpURLConnection.getResponseCode() > 299) {
            throw new Exception(String.valueOf(httpURLConnection.getResponseCode()) + httpURLConnection.getResponseMessage() + Start.consumeResponse(httpURLConnection.getErrorStream()));
        }
        Start.msg("Get Location : " + str + " => " + httpURLConnection.getResponseCode() + httpURLConnection.getResponseMessage());
        String consumeResponse = Start.consumeResponse(httpURLConnection.getInputStream());
        httpURLConnection.disconnect();
        return consumeResponse;
    }

    X509Certificate downloadCertificate(KeyPair keyPair, String str) throws Exception {
        String nonce = Start.getNonce(String.valueOf(getBaseUrl()) + "acme/new-nonce");
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URI(str).toURL().openConnection();
        httpURLConnection.setConnectTimeout(Start.TIMEOUT);
        httpURLConnection.setReadTimeout(Start.TIMEOUT);
        httpURLConnection.setUseCaches(false);
        httpURLConnection.setRequestProperty("User-Agent", "acme4j");
        httpURLConnection.setRequestMethod("POST");
        httpURLConnection.setRequestProperty(HttpHeaders.ACCEPT, Json.CONTENT_TYPE);
        httpURLConnection.setRequestProperty(HttpHeaders.ACCEPT_CHARSET, "utf-8");
        httpURLConnection.setRequestProperty("Content-Type", "application/jose+json");
        httpURLConnection.setDoOutput(true);
        JsonWebSignature jsonWebSignature = new JsonWebSignature();
        jsonWebSignature.setPayload("");
        jsonWebSignature.getHeaders().setObjectHeaderValue("nonce", nonce);
        jsonWebSignature.getHeaders().setObjectHeaderValue("url", str);
        jsonWebSignature.getHeaders().setObjectHeaderValue("kid", this.data.getProperty("new_account_location"));
        jsonWebSignature.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256);
        jsonWebSignature.setKey(keyPair.getPrivate());
        jsonWebSignature.sign();
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("protected", jsonWebSignature.getHeaders().getEncodedHeader());
        jSONObject.put("payload", jsonWebSignature.getEncodedPayload());
        jSONObject.put("signature", jsonWebSignature.getEncodedSignature());
        byte[] bytes = jSONObject.toJSONString().getBytes("utf-8");
        httpURLConnection.setFixedLengthStreamingMode(bytes.length);
        httpURLConnection.connect();
        OutputStream outputStream = httpURLConnection.getOutputStream();
        outputStream.write(bytes);
        outputStream.close();
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        if (httpURLConnection.getResponseCode() < 200 || httpURLConnection.getResponseCode() > 299) {
            throw new Exception(String.valueOf(httpURLConnection.getResponseCode()) + httpURLConnection.getResponseMessage() + Start.consumeResponse(httpURLConnection.getInputStream()));
        }
        Start.msg("Download Certificate : " + httpURLConnection.getResponseCode() + httpURLConnection.getResponseMessage());
        X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(httpURLConnection.getInputStream());
        httpURLConnection.disconnect();
        return x509Certificate;
    }

    public X509Certificate createTlsAlpn01Certificate(KeyPair keyPair, String str, byte[] bArr) throws Exception {
        if (bArr == null || bArr.length != 32) {
            throw new IllegalArgumentException("Bad acmeValidation parameter");
        }
        X500Name x500Name = new X500Name("CN=acme.invalid");
        BigInteger valueOf = BigInteger.valueOf(System.currentTimeMillis());
        Date date = new Date();
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(x500Name, valueOf, date, new Date(date.getTime() + 604800000), x500Name, keyPair.getPublic());
        jcaX509v3CertificateBuilder.addExtension(Extension.subjectAlternativeName, false, new GeneralNames(new GeneralName[]{new GeneralName(2, str)}));
        jcaX509v3CertificateBuilder.addExtension(new ASN1ObjectIdentifier("1.3.6.1.5.5.7.1.31").intern(), true, new DEROctetString(bArr));
        return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(jcaX509v3CertificateBuilder.build(new JcaContentSignerBuilder("SHA256withRSA").build(keyPair.getPrivate())).getEncoded()));
    }

    private String getBaseUrl() {
        return this.data.getProperty("staging", "false").equals("true") ? STAGING : V02;
    }
}
