package LetsEncrypt;

import com.crushftp.client.Common;
import com.crushftp.client.File_S;
import com.google.api.client.json.Json;
import com.google.common.net.HttpHeaders;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.RandomAccessFile;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.ProtocolException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Date;
import java.util.Enumeration;
import java.util.Properties;
import java.util.TreeMap;
import java.util.Vector;
import main.java.org.jose4j.base64url.Base64Url;
import main.java.org.jose4j.jwk.JsonWebKey;
import main.java.org.jose4j.jwk.PublicJsonWebKey;
import main.java.org.jose4j.jws.AlgorithmIdentifiers;
import main.java.org.jose4j.jws.JsonWebSignature;
import main.java.org.jose4j.lang.JoseException;
import org.apache.http.cookie.ClientCookie;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x509.AccessDescription;
import org.bouncycastle.asn1.x509.AuthorityInformationAccess;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.ExtensionsGenerator;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.asn1.x509.X509ObjectIdentifiers;
import org.bouncycastle.cert.X509v1CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.provider.X509CertParser;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.json.simple.JSONArray;
import org.json.simple.JSONObject;
import org.json.simple.JSONValue;

/* loaded from: input_file:LetsEncrypt/Start.class */
public class Start {
    private static final int KEY_SIZE = 2048;
    private static final int TIMEOUT = 10000;
    private static final String V01 = "https://acme-v01.api.letsencrypt.org/";
    private static final String STAGING = "https://acme-staging.api.letsencrypt.org/";
    private static Properties data = new Properties();
    private static String version = "1.0.7";

    public static void main(String[] strArr) throws Exception {
        try {
            data.put("key_pass", "password");
            data.put("keystore_pass", "password");
            data.put("keystore_path", "/Users/krivacszoltan/crushftp/cert_or_keys/domain.jks");
            data.put("challenge_path", "/Users/krivacszoltan/workspace/CrushFTP8/CrushFTP Files/WebInterface/");
            data.put("cacert_key", "changeit");
            data.put("commonName", "");
            data.put("organisationUnit", "organisationUnit");
            data.put("locality", "");
            data.put("state", "");
            data.put("countryCode", "");
            data.put("email", "");
            data.put("validity", "365");
            data.put("debug", "false");
            data.put("staging", "true");
            data.put(ClientCookie.VERSION_ATTR, version);
            try {
                fetchCertificate(strArr);
            } catch (Exception e) {
                msg(e);
            }
        } catch (Exception e2) {
            msg(e2);
        }
    }

    public Properties getDefaults() {
        Properties properties = new Properties();
        properties.put("key_pass", "");
        properties.put("keystore_pass", "");
        properties.put("keystore_path", "");
        properties.put("challenge_path", "");
        properties.put("cacert_key", "");
        properties.put("commonName", "");
        properties.put("organisationUnit", "");
        properties.put("locality", "");
        properties.put("state", "");
        properties.put("countryCode", "");
        properties.put("email", "");
        properties.put("validity", "");
        properties.put("debug", "false");
        properties.put("staging", "true");
        properties.put(ClientCookie.VERSION_ATTR, version);
        return properties;
    }

    public void setSettings(Properties properties) throws Exception {
        data = properties;
    }

    public Properties getSettings() {
        data.put(ClientCookie.VERSION_ATTR, version);
        return data;
    }

    public Object run(Properties properties) {
        String[] split;
        if (!properties.getProperty("enabled", "false").equals("true")) {
            return null;
        }
        String property = properties.getProperty("action", "");
        if (property.equals("fetch_certs")) {
            try {
                split = properties.getProperty("domains").trim().split(",");
                data.put("key_pass", properties.getProperty("key_pass", ""));
                data.put("keystore_pass", properties.getProperty("keystore_pass", ""));
            } catch (Exception e) {
                msg(e);
                properties.put("ERROR", e);
            }
            if (new File_S(Common.url_decode(properties.getProperty("keystore_path", "").replace('+', ' '))).exists() && new File_S(Common.url_decode(properties.getProperty("keystore_path", "").replace('+', ' '))).isDirectory()) {
                throw new Exception("Keystore path: The jks file was not specified!");
            }
            data.put("keystore_path", Common.url_decode(properties.getProperty("keystore_path", "").replace('+', ' ')));
            data.put("challenge_path", String.valueOf(System.getProperty("crushftp.prefs")) + "WebInterface/");
            data.put("cacert_key", properties.getProperty("cacert_key", ""));
            data.put("commonName", properties.getProperty("commonName", ""));
            data.put("organisationUnit", properties.getProperty("organisationUnit", ""));
            data.put("locality", properties.getProperty("locality", ""));
            data.put("state", properties.getProperty("state", ""));
            data.put("countryCode", properties.getProperty("countryCode", ""));
            data.put("email", properties.getProperty("email", ""));
            data.put("validity", properties.getProperty("validity", "365"));
            data.put("debug", properties.getProperty("debug", "false"));
            data.put("staging", properties.getProperty("staging", "true"));
            data.put(ClientCookie.VERSION_ATTR, version);
            fetchCertificate(split);
            properties.put("STATUS", "Success");
        }
        if (!property.equals("revoke_certs")) {
            return null;
        }
        try {
            data.put("keystore_pass", properties.getProperty("keystore_pass", ""));
            data.put("keystore_path", properties.getProperty("keystore_path", ""));
            data.put("revoke_reason", Common.url_decode(properties.getProperty("revoke_reason", "CrushFTP plugin -> Revoke ").replace('+', ' ')));
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(new FileInputStream((File) new File_S(data.getProperty("keystore_path", ""))), Common.encryptDecrypt(data.getProperty("keystore_pass", ""), false).toCharArray());
            Enumeration<String> aliases = keyStore.aliases();
            String[] split2 = properties.getProperty("domains").trim().split(",");
            KeyPair keyPair = null;
            if (new File_S(String.valueOf(data.getProperty("challenge_path", "")) + "account.key").exists() && new File_S(String.valueOf(data.getProperty("challenge_path", "")) + "account.pub").exists()) {
                keyPair = loadKeyPair(new File_S(String.valueOf(data.getProperty("challenge_path", "")) + "account.pub"), new File_S(String.valueOf(data.getProperty("challenge_path", "")) + "account.key"));
            }
            while (aliases.hasMoreElements()) {
                aliases.nextElement().toString();
            }
            for (int i = 0; i < split2.length; i++) {
                revokeCert(keyStore.getCertificate(split2[i]), keyPair, split2[i]);
            }
        } catch (Exception e2) {
            msg(e2);
            properties.put("ERROR", e2);
        }
        properties.put("STATUS", "Success");
        return null;
    }

    private void revokeCert(Certificate certificate, KeyPair keyPair, String str) throws IOException, MalformedURLException, URISyntaxException, ProtocolException, CertificateEncodingException, Exception, JoseException, UnsupportedEncodingException {
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URI(String.valueOf(getBaseUrl()) + "acme/revoke-cert").toURL().openConnection();
        httpURLConnection.setConnectTimeout(TIMEOUT);
        httpURLConnection.setReadTimeout(TIMEOUT);
        httpURLConnection.setUseCaches(false);
        httpURLConnection.setRequestProperty("User-Agent", "acme4j");
        httpURLConnection.setRequestMethod("POST");
        httpURLConnection.setRequestProperty(HttpHeaders.ACCEPT, Json.CONTENT_TYPE);
        httpURLConnection.setRequestProperty(HttpHeaders.ACCEPT_CHARSET, "utf-8");
        httpURLConnection.setRequestProperty("Content-Type", Json.CONTENT_TYPE);
        httpURLConnection.setDoOutput(true);
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("resource", "revoke-cert");
        jSONObject.put("certificate", Base64Url.encode(certificate.getEncoded()));
        JsonWebSignature jsonWebSignature = new JsonWebSignature();
        jsonWebSignature.setPayload(jSONObject.toString());
        jsonWebSignature.getHeaders().setObjectHeaderValue("nonce", getNonce(String.valueOf(getBaseUrl()) + "acme/revoke-cert"));
        jsonWebSignature.getHeaders().setJwkHeaderValue("jwk", PublicJsonWebKey.Factory.newPublicJwk(keyPair.getPublic()));
        jsonWebSignature.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256);
        jsonWebSignature.setKey(keyPair.getPrivate());
        byte[] bytes = jsonWebSignature.getCompactSerialization().getBytes("utf-8");
        httpURLConnection.connect();
        OutputStream outputStream = httpURLConnection.getOutputStream();
        outputStream.write(bytes);
        outputStream.close();
        if (httpURLConnection.getResponseCode() < 200 || httpURLConnection.getResponseCode() > 299) {
            throw new Exception(String.valueOf(httpURLConnection.getResponseCode()) + httpURLConnection.getResponseMessage() + consumeResponse(httpURLConnection.getInputStream()));
        }
        msg("Revoke  Certificate : " + str + " Result : " + httpURLConnection.getResponseCode() + httpURLConnection.getResponseMessage());
        httpURLConnection.disconnect();
    }

    public static void fetchCertificate(String[] strArr) throws Exception {
        KeyPair generateKeyPair;
        Security.addProvider(new BouncyCastleProvider());
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        if (new File_S(String.valueOf(data.getProperty("challenge_path", "")) + "account.key").exists() && new File_S(String.valueOf(data.getProperty("challenge_path", "")) + "account.pub").exists()) {
            generateKeyPair = loadKeyPair(new File_S(String.valueOf(data.getProperty("challenge_path", "")) + "account.pub"), new File_S(String.valueOf(data.getProperty("challenge_path", "")) + "account.key"));
        } else {
            keyPairGenerator.initialize(2048, SecureRandom.getInstance("SHA1PRNG"));
            generateKeyPair = keyPairGenerator.generateKeyPair();
            writeKeyPair(generateKeyPair, data.getProperty("challenge_path", ""), "account");
        }
        try {
            newRegistration(generateKeyPair);
            accept_agreement(generateKeyPair);
        } catch (Exception e) {
            msg(e);
        }
        for (int i = 0; i < strArr.length; i++) {
            try {
                new_authorization(strArr[i], generateKeyPair);
                challenge(generateKeyPair);
                try {
                    if (new File_S(String.valueOf(data.getProperty("challenge_path", "")) + data.getProperty("challenge_token")).exists()) {
                        new File_S(String.valueOf(data.getProperty("challenge_path", "")) + data.getProperty("challenge_token")).delete();
                    }
                } catch (Exception e2) {
                    msg(e2);
                }
            } catch (Exception e3) {
                msg("Domain : " + strArr[i] + " failed on authorization and challeange.");
                msg(e3);
            }
        }
        KeyPairGenerator.getInstance("RSA").initialize(2048, SecureRandom.getInstance("SHA1PRNG"));
        KeyPair generateKeyPair2 = keyPairGenerator.generateKeyPair();
        writeKeyPair(generateKeyPair2, data.getProperty("challenge_path", ""), ClientCookie.DOMAIN_ATTR);
        GeneralName[] generalNameArr = new GeneralName[strArr.length];
        Certificate[] certificateArr = new Certificate[strArr.length];
        for (int i2 = 0; i2 < strArr.length; i2++) {
            generalNameArr[i2] = new GeneralName(2, strArr[i2]);
            certificateArr[i2] = generateCert(strArr[i2].toString(), data.getProperty("commonName", ""), data.getProperty("organisationUnit", ""), data.getProperty("locality", ""), data.getProperty("state", ""), data.getProperty("countryCode", ""), data.getProperty("email", ""), Integer.parseInt(data.getProperty("validity", "")), generateKeyPair2.getPublic(), generateKeyPair2.getPrivate(), "SHA1WITHRSA");
        }
        GeneralNames generalNames = new GeneralNames(generalNameArr);
        JcaPKCS10CertificationRequestBuilder jcaPKCS10CertificationRequestBuilder = new JcaPKCS10CertificationRequestBuilder(new X500NameBuilder(X500Name.getDefaultStyle()).build(), generateKeyPair2.getPublic());
        ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
        extensionsGenerator.addExtension(Extension.subjectAlternativeName, false, (ASN1Encodable) generalNames);
        jcaPKCS10CertificationRequestBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate());
        X509Certificate downloadCertificate = downloadCertificate(requestCertificate(generateKeyPair, jcaPKCS10CertificationRequestBuilder.build(new JcaContentSignerBuilder("SHA256withRSA").build(generateKeyPair2.getPrivate()))));
        String cACertificateURL = getCACertificateURL(downloadCertificate);
        X509Certificate x509Certificate = null;
        if (cACertificateURL != null) {
            try {
                InputStream openStream = new URL(cACertificateURL).openStream();
                X509CertParser x509CertParser = new X509CertParser();
                x509CertParser.engineInit(openStream);
                x509Certificate = (X509Certificate) x509CertParser.engineRead();
            } catch (Exception e4) {
                msg(e4);
            }
        } else {
            msg("Could not found intermidiate cert url!");
        }
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        String encryptDecrypt = Common.encryptDecrypt(data.getProperty("key_pass", ""), false);
        for (int i3 = 0; i3 < strArr.length; i3++) {
            keyStore.setKeyEntry(strArr[i3].toString(), generateKeyPair2.getPrivate(), encryptDecrypt.toCharArray(), certificateArr);
            addReply(keyStore, downloadCertificate, strArr[i3].toString(), encryptDecrypt, x509Certificate);
        }
        keyStore.store(new FileOutputStream((File) new File_S(data.getProperty("keystore_path", ""))), Common.encryptDecrypt(data.getProperty("keystore_pass", ""), false).toCharArray());
    }

    private static X509Certificate downloadCertificate(String str) throws Exception {
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URI(str).toURL().openConnection();
        httpURLConnection.setRequestMethod("GET");
        httpURLConnection.setRequestProperty(HttpHeaders.ACCEPT_CHARSET, "utf-8");
        httpURLConnection.setDoOutput(false);
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        if (httpURLConnection.getResponseCode() < 200 || httpURLConnection.getResponseCode() > 299) {
            throw new Exception(String.valueOf(httpURLConnection.getResponseCode()) + httpURLConnection.getResponseMessage() + consumeResponse(httpURLConnection.getInputStream()));
        }
        msg("Download Certificate : " + httpURLConnection.getResponseCode() + httpURLConnection.getResponseMessage());
        X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(httpURLConnection.getInputStream());
        httpURLConnection.disconnect();
        return x509Certificate;
    }

    private static String requestCertificate(KeyPair keyPair, PKCS10CertificationRequest pKCS10CertificationRequest) throws IOException, MalformedURLException, URISyntaxException, ProtocolException, Exception, JoseException, UnsupportedEncodingException {
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URI(String.valueOf(getBaseUrl()) + "acme/new-cert").toURL().openConnection();
        httpURLConnection.setConnectTimeout(TIMEOUT);
        httpURLConnection.setReadTimeout(TIMEOUT);
        httpURLConnection.setUseCaches(false);
        httpURLConnection.setRequestProperty("User-Agent", "acme4j");
        httpURLConnection.setRequestMethod("POST");
        httpURLConnection.setRequestProperty(HttpHeaders.ACCEPT, Json.CONTENT_TYPE);
        httpURLConnection.setRequestProperty(HttpHeaders.ACCEPT_CHARSET, "utf-8");
        httpURLConnection.setRequestProperty("Content-Type", Json.CONTENT_TYPE);
        httpURLConnection.setDoOutput(true);
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("resource", "new-cert");
        jSONObject.put("csr", Base64Url.encode(pKCS10CertificationRequest.getEncoded()));
        JsonWebSignature jsonWebSignature = new JsonWebSignature();
        jsonWebSignature.setPayload(jSONObject.toString());
        jsonWebSignature.getHeaders().setObjectHeaderValue("nonce", getNonce(String.valueOf(getBaseUrl()) + "acme/new-cert"));
        jsonWebSignature.getHeaders().setJwkHeaderValue("jwk", PublicJsonWebKey.Factory.newPublicJwk(keyPair.getPublic()));
        jsonWebSignature.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256);
        jsonWebSignature.setKey(keyPair.getPrivate());
        byte[] bytes = jsonWebSignature.getCompactSerialization().getBytes("utf-8");
        httpURLConnection.connect();
        OutputStream outputStream = httpURLConnection.getOutputStream();
        outputStream.write(bytes);
        outputStream.close();
        if (httpURLConnection.getResponseCode() < 200 || httpURLConnection.getResponseCode() > 299) {
            throw new Exception(String.valueOf(httpURLConnection.getResponseCode()) + httpURLConnection.getResponseMessage() + consumeResponse(httpURLConnection.getInputStream()));
        }
        msg("Request Certificate : " + httpURLConnection.getResponseCode() + httpURLConnection.getResponseMessage());
        String headerField = httpURLConnection.getHeaderField(HttpHeaders.LOCATION);
        httpURLConnection.disconnect();
        return headerField;
    }

    private static void challenge(KeyPair keyPair) throws JoseException, NoSuchAlgorithmException, UnsupportedEncodingException, FileNotFoundException, IOException, MalformedURLException, URISyntaxException, ProtocolException, Exception, InterruptedException {
        JsonWebKey newJwk = JsonWebKey.Factory.newJwk(keyPair.getPublic());
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
        messageDigest.update(JSONValue.toJSONString(new TreeMap(newJwk.toParams(JsonWebKey.OutputControlLevel.PUBLIC_ONLY))).getBytes("UTF-8"));
        RandomAccessFile randomAccessFile = new RandomAccessFile(String.valueOf(data.getProperty("challenge_path", "")) + data.getProperty("challenge_token"), "rw");
        randomAccessFile.setLength(0L);
        randomAccessFile.write((String.valueOf(data.getProperty("challenge_token")) + "." + Base64Url.encode(messageDigest.digest())).getBytes());
        randomAccessFile.close();
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URI(data.getProperty("challenge_uri")).toURL().openConnection();
        httpURLConnection.setConnectTimeout(TIMEOUT);
        httpURLConnection.setReadTimeout(TIMEOUT);
        httpURLConnection.setUseCaches(false);
        httpURLConnection.setRequestProperty("User-Agent", "acme4j");
        httpURLConnection.setRequestMethod("POST");
        httpURLConnection.setRequestProperty(HttpHeaders.ACCEPT, Json.CONTENT_TYPE);
        httpURLConnection.setRequestProperty(HttpHeaders.ACCEPT_CHARSET, "utf-8");
        httpURLConnection.setRequestProperty("Content-Type", Json.CONTENT_TYPE);
        httpURLConnection.setDoOutput(true);
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("resource", "challenge");
        JsonWebSignature jsonWebSignature = new JsonWebSignature();
        jsonWebSignature.setPayload(jSONObject.toString());
        jsonWebSignature.getHeaders().setObjectHeaderValue("nonce", getNonce(data.getProperty("challenge_uri")));
        jsonWebSignature.getHeaders().setJwkHeaderValue("jwk", PublicJsonWebKey.Factory.newPublicJwk(keyPair.getPublic()));
        jsonWebSignature.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256);
        jsonWebSignature.setKey(keyPair.getPrivate());
        byte[] bytes = jsonWebSignature.getCompactSerialization().getBytes("utf-8");
        httpURLConnection.connect();
        OutputStream outputStream = httpURLConnection.getOutputStream();
        outputStream.write(bytes);
        outputStream.close();
        if (httpURLConnection.getResponseCode() < 200 || httpURLConnection.getResponseCode() > 299) {
            throw new Exception(String.valueOf(httpURLConnection.getResponseCode()) + httpURLConnection.getResponseMessage() + consumeResponse(httpURLConnection.getInputStream()));
        }
        msg("Challenge : " + httpURLConnection.getResponseCode() + httpURLConnection.getResponseMessage());
        consumeResponse(httpURLConnection.getInputStream());
        httpURLConnection.disconnect();
        int i = 0;
        while (data.getProperty("challenge_status", "").equals("") && i < 10) {
            Thread.sleep(3000L);
            i++;
            HttpURLConnection httpURLConnection2 = (HttpURLConnection) new URI(data.getProperty("challenge_uri")).toURL().openConnection();
            httpURLConnection2.setConnectTimeout(TIMEOUT);
            httpURLConnection2.setReadTimeout(TIMEOUT);
            httpURLConnection2.setUseCaches(false);
            httpURLConnection2.setRequestProperty("User-Agent", "acme4j");
            httpURLConnection2.setRequestMethod("GET");
            httpURLConnection2.setRequestProperty(HttpHeaders.ACCEPT_CHARSET, "utf-8");
            httpURLConnection2.setDoOutput(false);
            httpURLConnection2.connect();
            if (httpURLConnection2.getResponseCode() < 200 || httpURLConnection2.getResponseCode() > 299) {
                throw new Exception(String.valueOf(httpURLConnection2.getResponseCode()) + httpURLConnection2.getResponseMessage() + consumeResponse(httpURLConnection2.getInputStream()));
            }
            msg("Challenge validation : " + httpURLConnection2.getResponseCode() + httpURLConnection2.getResponseMessage());
            JSONObject jSONObject2 = (JSONObject) JSONValue.parse(consumeResponse(httpURLConnection2.getInputStream()));
            httpURLConnection2.disconnect();
            if (jSONObject2.get("status").equals("valid")) {
                return;
            }
        }
    }

    private static void new_authorization(String str, KeyPair keyPair) throws IOException, MalformedURLException, URISyntaxException, ProtocolException, JoseException, Exception, UnsupportedEncodingException {
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URI(String.valueOf(getBaseUrl()) + "acme/new-authz").toURL().openConnection();
        httpURLConnection.setConnectTimeout(TIMEOUT);
        httpURLConnection.setReadTimeout(TIMEOUT);
        httpURLConnection.setUseCaches(false);
        httpURLConnection.setRequestProperty("User-Agent", "acme4j");
        httpURLConnection.setRequestMethod("POST");
        httpURLConnection.setRequestProperty(HttpHeaders.ACCEPT, Json.CONTENT_TYPE);
        httpURLConnection.setRequestProperty(HttpHeaders.ACCEPT_CHARSET, "utf-8");
        httpURLConnection.setRequestProperty("Content-Type", Json.CONTENT_TYPE);
        httpURLConnection.setDoOutput(true);
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("agreement", data.getProperty("terms-of-service").substring(1, data.getProperty("terms-of-service").indexOf(">")));
        JSONObject jSONObject2 = new JSONObject();
        jSONObject2.put("type", "dns");
        jSONObject2.put("value", str);
        jSONObject.put("identifier", jSONObject2);
        jSONObject.put("resource", "new-authz");
        PublicJsonWebKey newPublicJwk = PublicJsonWebKey.Factory.newPublicJwk(keyPair.getPublic());
        JsonWebSignature jsonWebSignature = new JsonWebSignature();
        jsonWebSignature.setPayload(jSONObject.toString());
        jsonWebSignature.getHeaders().setObjectHeaderValue("nonce", getNonce(String.valueOf(getBaseUrl()) + "acme/new-authz"));
        jsonWebSignature.getHeaders().setJwkHeaderValue("jwk", newPublicJwk);
        jsonWebSignature.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256);
        jsonWebSignature.setKey(keyPair.getPrivate());
        byte[] bytes = jsonWebSignature.getCompactSerialization().getBytes("utf-8");
        httpURLConnection.connect();
        OutputStream outputStream = httpURLConnection.getOutputStream();
        outputStream.write(bytes);
        outputStream.close();
        if (httpURLConnection.getResponseCode() < 200 || httpURLConnection.getResponseCode() > 299) {
            throw new Exception(String.valueOf(httpURLConnection.getResponseCode()) + httpURLConnection.getResponseMessage() + consumeResponse(httpURLConnection.getInputStream()));
        }
        msg("New Authorization : " + httpURLConnection.getResponseCode() + httpURLConnection.getResponseMessage());
        String consumeResponse = consumeResponse(httpURLConnection.getInputStream());
        httpURLConnection.disconnect();
        Object obj = ((JSONObject) JSONValue.parse(consumeResponse)).get("challenges");
        if (obj instanceof JSONArray) {
            JSONArray jSONArray = (JSONArray) obj;
            for (int i = 0; i < jSONArray.size(); i++) {
                Object obj2 = jSONArray.get(i);
                if (obj2 instanceof JSONObject) {
                    JSONObject jSONObject3 = (JSONObject) obj2;
                    if (jSONObject3.get("type").equals("http-01")) {
                        data.put("challenge_token", jSONObject3.get("token"));
                        data.put("challenge_uri", jSONObject3.get("uri"));
                    }
                }
            }
        }
    }

    private static void accept_agreement(KeyPair keyPair) throws Exception {
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URI(data.getProperty("new-reg_location")).toURL().openConnection();
        httpURLConnection.setConnectTimeout(TIMEOUT);
        httpURLConnection.setReadTimeout(TIMEOUT);
        httpURLConnection.setUseCaches(false);
        httpURLConnection.setRequestProperty("User-Agent", "acme4j");
        httpURLConnection.setRequestMethod("POST");
        httpURLConnection.setDoInput(true);
        httpURLConnection.setDoOutput(true);
        httpURLConnection.setUseCaches(false);
        httpURLConnection.setRequestProperty(HttpHeaders.ACCEPT, Json.CONTENT_TYPE);
        httpURLConnection.setRequestProperty(HttpHeaders.ACCEPT_CHARSET, "utf-8");
        httpURLConnection.setRequestProperty("Content-Type", Json.CONTENT_TYPE);
        PublicJsonWebKey newPublicJwk = PublicJsonWebKey.Factory.newPublicJwk(keyPair.getPublic());
        JsonWebSignature jsonWebSignature = new JsonWebSignature();
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("agreement", data.getProperty("terms-of-service").substring(1, data.getProperty("terms-of-service").indexOf(">")));
        jSONObject.put("resource", "reg");
        jsonWebSignature.setPayload(jSONObject.toString());
        jsonWebSignature.getHeaders().setObjectHeaderValue("nonce", getNonce(data.getProperty("new-reg_location")));
        jsonWebSignature.getHeaders().setJwkHeaderValue("jwk", newPublicJwk);
        jsonWebSignature.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256);
        jsonWebSignature.setKey(keyPair.getPrivate());
        byte[] bytes = jsonWebSignature.getCompactSerialization().getBytes("utf-8");
        httpURLConnection.connect();
        OutputStream outputStream = httpURLConnection.getOutputStream();
        outputStream.write(bytes);
        outputStream.close();
        if (httpURLConnection.getResponseCode() < 200 || httpURLConnection.getResponseCode() > 299) {
            throw new Exception(String.valueOf(httpURLConnection.getResponseCode()) + httpURLConnection.getResponseMessage() + consumeResponse(httpURLConnection.getInputStream()));
        }
        msg("Accept Agreement : " + httpURLConnection.getResponseCode() + httpURLConnection.getResponseMessage());
        data.put("terms-of-service", httpURLConnection.getHeaderField(HttpHeaders.LINK));
        data.put("nonce", httpURLConnection.getHeaderField("Replay-Nonce"));
        httpURLConnection.disconnect();
    }

    private static void newRegistration(KeyPair keyPair) throws Exception {
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URI(String.valueOf(getBaseUrl()) + "acme/new-reg").toURL().openConnection();
        httpURLConnection.setConnectTimeout(TIMEOUT);
        httpURLConnection.setReadTimeout(TIMEOUT);
        httpURLConnection.setUseCaches(false);
        httpURLConnection.setRequestProperty("User-Agent", "acme4j");
        httpURLConnection.setRequestMethod("POST");
        httpURLConnection.setRequestProperty(HttpHeaders.ACCEPT, Json.CONTENT_TYPE);
        httpURLConnection.setRequestProperty(HttpHeaders.ACCEPT_CHARSET, "utf-8");
        httpURLConnection.setRequestProperty("Content-Type", Json.CONTENT_TYPE);
        httpURLConnection.setDoOutput(true);
        PublicJsonWebKey newPublicJwk = PublicJsonWebKey.Factory.newPublicJwk(keyPair.getPublic());
        JsonWebSignature jsonWebSignature = new JsonWebSignature();
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("resource", "new-reg");
        jsonWebSignature.setPayload(jSONObject.toString());
        jsonWebSignature.getHeaders().setObjectHeaderValue("nonce", getNonce(String.valueOf(getBaseUrl()) + "acme/new-reg"));
        jsonWebSignature.getHeaders().setJwkHeaderValue("jwk", newPublicJwk);
        jsonWebSignature.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256);
        jsonWebSignature.setKey(keyPair.getPrivate());
        byte[] bytes = jsonWebSignature.getCompactSerialization().getBytes("utf-8");
        httpURLConnection.setFixedLengthStreamingMode(bytes.length);
        httpURLConnection.connect();
        OutputStream outputStream = httpURLConnection.getOutputStream();
        outputStream.write(bytes);
        outputStream.close();
        if (httpURLConnection.getResponseCode() < 200 || httpURLConnection.getResponseCode() > 299) {
            throw new Exception(String.valueOf(httpURLConnection.getResponseCode()) + httpURLConnection.getResponseMessage() + consumeResponse(httpURLConnection.getInputStream()));
        }
        msg("New Registration : " + httpURLConnection.getResponseCode() + httpURLConnection.getResponseMessage());
        data.put("new-reg_location", httpURLConnection.getHeaderField(HttpHeaders.LOCATION));
        data.put("terms-of-service", httpURLConnection.getHeaderField(HttpHeaders.LINK));
        data.put("nonce", httpURLConnection.getHeaderField("Replay-Nonce"));
        httpURLConnection.disconnect();
    }

    private static String getNonce(String str) throws Exception {
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URI(str).toURL().openConnection();
        httpURLConnection.setConnectTimeout(TIMEOUT);
        httpURLConnection.setReadTimeout(TIMEOUT);
        httpURLConnection.setUseCaches(false);
        httpURLConnection.setRequestProperty("User-Agent", "acme4j");
        httpURLConnection.setRequestMethod("HEAD");
        httpURLConnection.setRequestProperty(HttpHeaders.ACCEPT_CHARSET, "utf-8");
        httpURLConnection.setDoOutput(false);
        httpURLConnection.connect();
        httpURLConnection.getResponseCode();
        httpURLConnection.getResponseMessage();
        String headerField = httpURLConnection.getHeaderField("Replay-Nonce");
        httpURLConnection.disconnect();
        return headerField.trim();
    }

    public static void addReply(KeyStore keyStore, X509Certificate x509Certificate, String str, String str2, X509Certificate x509Certificate2) throws Exception {
        Vector vector = new Vector();
        vector.addElement(x509Certificate);
        if (x509Certificate2 != null) {
            vector.addElement(x509Certificate2);
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[vector.size()];
        for (int i = 0; i < vector.size(); i++) {
            x509CertificateArr[i] = (X509Certificate) vector.elementAt(i);
        }
        keyStore.setKeyEntry(str, keyStore.getKey(str, str2.toCharArray()), str2.toCharArray(), x509CertificateArr);
    }

    public static String getCACertificateURL(X509Certificate x509Certificate) throws IOException {
        AuthorityInformationAccess authorityInformationAccess = AuthorityInformationAccess.getInstance(ASN1Sequence.fromByteArray(((ASN1OctetString) ASN1Primitive.fromByteArray(x509Certificate.getExtensionValue(Extension.authorityInfoAccess.getId()))).getOctets()));
        for (int i = 0; i < authorityInformationAccess.getAccessDescriptions().length; i++) {
            AccessDescription accessDescription = authorityInformationAccess.getAccessDescriptions()[i];
            if (accessDescription.getAccessMethod().equals(X509ObjectIdentifiers.id_ad_caIssuers)) {
                return accessDescription.getAccessLocation().getName().toString();
            }
        }
        return null;
    }

    public static X509Certificate generateCert(String str, String str2, String str3, String str4, String str5, String str6, String str7, int i, PublicKey publicKey, PrivateKey privateKey, String str8) throws Exception {
        String str9 = String.valueOf(String.valueOf(String.valueOf(String.valueOf(String.valueOf(String.valueOf(String.valueOf("") + "  OU=\"" + str2 + "\"") + ", O=\"" + str3 + "\"") + ", L=\"" + str4 + "\"") + ", ST=" + str5) + ", C=" + str6) + ", EMAILADDRESS=" + str7) + ", CN=" + str;
        return new JcaX509CertificateConverter().setProvider("BC").getCertificate(new X509v1CertificateBuilder(new X500Name(str9), new BigInteger(Long.toString(System.currentTimeMillis() / 1000)), new Date(), new Date(System.currentTimeMillis() + (i * 24 * 60 * 60 * 1000)), new X500Name(str9), new SubjectPublicKeyInfo(ASN1Sequence.getInstance(publicKey.getEncoded()))).build(new JcaContentSignerBuilder(str8).setProvider("BC").build(privateKey)));
    }

    public static String findCN(String str) {
        String upperCase = str.toUpperCase();
        if (upperCase.indexOf("CN=") < 0) {
            return upperCase;
        }
        String substring = upperCase.substring(upperCase.indexOf("CN="));
        if (substring.indexOf(",") >= 0) {
            substring = substring.substring(0, substring.indexOf(","));
        }
        return substring.trim();
    }

    private static String getBaseUrl() {
        return data.getProperty("staging", "false").equals("true") ? STAGING : V01;
    }

    public static String consumeResponse(InputStream inputStream) throws Exception {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        Common.streamCopier(inputStream, byteArrayOutputStream, false, true, true);
        return new String(byteArrayOutputStream.toByteArray());
    }

    public static KeyPair loadKeyPair(File_S file_S, File_S file_S2) throws Exception {
        FileInputStream fileInputStream = new FileInputStream((File) file_S);
        byte[] bArr = new byte[(int) file_S.length()];
        fileInputStream.read(bArr);
        fileInputStream.close();
        FileInputStream fileInputStream2 = new FileInputStream((File) file_S2);
        byte[] bArr2 = new byte[(int) file_S2.length()];
        fileInputStream2.read(bArr2);
        fileInputStream2.close();
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        return new KeyPair(keyFactory.generatePublic(new X509EncodedKeySpec(bArr)), keyFactory.generatePrivate(new PKCS8EncodedKeySpec(bArr2)));
    }

    public static void writeKeyPair(KeyPair keyPair, String str, String str2) throws IOException {
        try {
            PrivateKey privateKey = keyPair.getPrivate();
            X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(keyPair.getPublic().getEncoded());
            FileOutputStream fileOutputStream = new FileOutputStream(String.valueOf(str) + str2 + ".pub");
            fileOutputStream.write(x509EncodedKeySpec.getEncoded());
            fileOutputStream.close();
            PKCS8EncodedKeySpec pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(privateKey.getEncoded());
            FileOutputStream fileOutputStream2 = new FileOutputStream(String.valueOf(str) + str2 + ".key");
            fileOutputStream2.write(pKCS8EncodedKeySpec.getEncoded());
            fileOutputStream2.close();
        } catch (Exception e) {
            msg(e);
        }
    }

    public static void msg(String str) {
        if (data.getProperty("debug", "false").equals("true")) {
            Common.log("SERVER", 0, "LetsEncrypt:" + str);
        }
    }

    public static void msg(Exception exc) {
        if (data.getProperty("debug", "false").equals("true")) {
            Common.log("SERVER", 0, exc);
        }
    }
}
