package com.venafi.vcert.sdk.connectors.cloud;

import com.google.common.io.CharStreams;
import com.google.gson.annotations.SerializedName;
import com.venafi.vcert.sdk.VCertException;
import com.venafi.vcert.sdk.certificate.CertificateRequest;
import com.venafi.vcert.sdk.certificate.CertificateStatus;
import com.venafi.vcert.sdk.certificate.ChainOption;
import com.venafi.vcert.sdk.certificate.CsrOriginOption;
import com.venafi.vcert.sdk.certificate.ImportRequest;
import com.venafi.vcert.sdk.certificate.ImportResponse;
import com.venafi.vcert.sdk.certificate.ManagedCertificate;
import com.venafi.vcert.sdk.certificate.PEMCollection;
import com.venafi.vcert.sdk.certificate.RenewalRequest;
import com.venafi.vcert.sdk.certificate.RevocationRequest;
import com.venafi.vcert.sdk.connectors.Connector;
import com.venafi.vcert.sdk.connectors.Policy;
import com.venafi.vcert.sdk.connectors.ZoneConfiguration;
import com.venafi.vcert.sdk.connectors.cloud.Cloud;
import com.venafi.vcert.sdk.connectors.cloud.domain.CertificateIssuingTemplate;
import com.venafi.vcert.sdk.connectors.cloud.domain.Project;
import com.venafi.vcert.sdk.connectors.cloud.domain.ProjectZone;
import com.venafi.vcert.sdk.connectors.cloud.domain.Projects;
import com.venafi.vcert.sdk.connectors.cloud.domain.TagProjectZone;
import com.venafi.vcert.sdk.connectors.cloud.domain.UserDetails;
import com.venafi.vcert.sdk.endpoint.Authentication;
import com.venafi.vcert.sdk.endpoint.ConnectorType;
import feign.Response;
import java.io.IOException;
import java.time.Duration;
import java.time.Instant;
import java.time.OffsetDateTime;
import java.time.temporal.TemporalAmount;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.message.ParameterizedMessage;
import org.bouncycastle.util.Strings;

/* loaded from: input_file:WEB-INF/lib/vcert-java-0.3.0.jar:com/venafi/vcert/sdk/connectors/cloud/CloudConnector.class */
public class CloudConnector implements Connector {
    private Cloud cloud;
    private UserDetails user;
    private Authentication auth;
    private String zone;
    private String vendorAndProductName;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/vcert-java-0.3.0.jar:com/venafi/vcert/sdk/connectors/cloud/CloudConnector$CertificateRequestsPayload.class */
    public static class CertificateRequestsPayload {

        @SerializedName("certificateSigningRequest")
        private String csr;
        private String zoneId;
        private String existingManagedCertificateId;
        private boolean reuseCSR;

        public String csr() {
            return this.csr;
        }

        public String zoneId() {
            return this.zoneId;
        }

        public String existingManagedCertificateId() {
            return this.existingManagedCertificateId;
        }

        public boolean reuseCSR() {
            return this.reuseCSR;
        }

        public CertificateRequestsPayload csr(String str) {
            this.csr = str;
            return this;
        }

        public CertificateRequestsPayload zoneId(String str) {
            this.zoneId = str;
            return this;
        }

        public CertificateRequestsPayload existingManagedCertificateId(String str) {
            this.existingManagedCertificateId = str;
            return this;
        }

        public CertificateRequestsPayload reuseCSR(boolean z) {
            this.reuseCSR = z;
            return this;
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof CertificateRequestsPayload)) {
                return false;
            }
            CertificateRequestsPayload certificateRequestsPayload = (CertificateRequestsPayload) obj;
            if (!certificateRequestsPayload.canEqual(this)) {
                return false;
            }
            String csr = csr();
            String csr2 = certificateRequestsPayload.csr();
            if (csr == null) {
                if (csr2 != null) {
                    return false;
                }
            } else if (!csr.equals(csr2)) {
                return false;
            }
            String zoneId = zoneId();
            String zoneId2 = certificateRequestsPayload.zoneId();
            if (zoneId == null) {
                if (zoneId2 != null) {
                    return false;
                }
            } else if (!zoneId.equals(zoneId2)) {
                return false;
            }
            String existingManagedCertificateId = existingManagedCertificateId();
            String existingManagedCertificateId2 = certificateRequestsPayload.existingManagedCertificateId();
            if (existingManagedCertificateId == null) {
                if (existingManagedCertificateId2 != null) {
                    return false;
                }
            } else if (!existingManagedCertificateId.equals(existingManagedCertificateId2)) {
                return false;
            }
            return reuseCSR() == certificateRequestsPayload.reuseCSR();
        }

        protected boolean canEqual(Object obj) {
            return obj instanceof CertificateRequestsPayload;
        }

        public int hashCode() {
            String csr = csr();
            int hashCode = (1 * 59) + (csr == null ? 43 : csr.hashCode());
            String zoneId = zoneId();
            int hashCode2 = (hashCode * 59) + (zoneId == null ? 43 : zoneId.hashCode());
            String existingManagedCertificateId = existingManagedCertificateId();
            return (((hashCode2 * 59) + (existingManagedCertificateId == null ? 43 : existingManagedCertificateId.hashCode())) * 59) + (reuseCSR() ? 79 : 97);
        }

        public String toString() {
            return "CloudConnector.CertificateRequestsPayload(csr=" + csr() + ", zoneId=" + zoneId() + ", existingManagedCertificateId=" + existingManagedCertificateId() + ", reuseCSR=" + reuseCSR() + ")";
        }
    }

    /* loaded from: input_file:WEB-INF/lib/vcert-java-0.3.0.jar:com/venafi/vcert/sdk/connectors/cloud/CloudConnector$CertificateRequestsResponse.class */
    public static class CertificateRequestsResponse {
        private List<CertificateRequestsResponseData> certificateRequests;

        public List<CertificateRequestsResponseData> certificateRequests() {
            return this.certificateRequests;
        }

        public CertificateRequestsResponse certificateRequests(List<CertificateRequestsResponseData> list) {
            this.certificateRequests = list;
            return this;
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof CertificateRequestsResponse)) {
                return false;
            }
            CertificateRequestsResponse certificateRequestsResponse = (CertificateRequestsResponse) obj;
            if (!certificateRequestsResponse.canEqual(this)) {
                return false;
            }
            List<CertificateRequestsResponseData> certificateRequests = certificateRequests();
            List<CertificateRequestsResponseData> certificateRequests2 = certificateRequestsResponse.certificateRequests();
            return certificateRequests == null ? certificateRequests2 == null : certificateRequests.equals(certificateRequests2);
        }

        protected boolean canEqual(Object obj) {
            return obj instanceof CertificateRequestsResponse;
        }

        public int hashCode() {
            List<CertificateRequestsResponseData> certificateRequests = certificateRequests();
            return (1 * 59) + (certificateRequests == null ? 43 : certificateRequests.hashCode());
        }

        public String toString() {
            return "CloudConnector.CertificateRequestsResponse(certificateRequests=" + certificateRequests() + ")";
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/lib/vcert-java-0.3.0.jar:com/venafi/vcert/sdk/connectors/cloud/CloudConnector$CertificateRequestsResponseData.class */
    public static class CertificateRequestsResponseData {
        private String id;
        private String zoneId;
        private String status;
        private String subjectDN;
        private boolean generatedKey;
        private boolean defaultKeyPassword;
        private Collection<String> certificateInstanceIds;
        private OffsetDateTime creationDate;
        private String pem;
        private String der;

        public String id() {
            return this.id;
        }

        public String zoneId() {
            return this.zoneId;
        }

        public String status() {
            return this.status;
        }

        public String subjectDN() {
            return this.subjectDN;
        }

        public boolean generatedKey() {
            return this.generatedKey;
        }

        public boolean defaultKeyPassword() {
            return this.defaultKeyPassword;
        }

        public Collection<String> certificateInstanceIds() {
            return this.certificateInstanceIds;
        }

        public OffsetDateTime creationDate() {
            return this.creationDate;
        }

        public String pem() {
            return this.pem;
        }

        public String der() {
            return this.der;
        }

        public CertificateRequestsResponseData id(String str) {
            this.id = str;
            return this;
        }

        public CertificateRequestsResponseData zoneId(String str) {
            this.zoneId = str;
            return this;
        }

        public CertificateRequestsResponseData status(String str) {
            this.status = str;
            return this;
        }

        public CertificateRequestsResponseData subjectDN(String str) {
            this.subjectDN = str;
            return this;
        }

        public CertificateRequestsResponseData generatedKey(boolean z) {
            this.generatedKey = z;
            return this;
        }

        public CertificateRequestsResponseData defaultKeyPassword(boolean z) {
            this.defaultKeyPassword = z;
            return this;
        }

        public CertificateRequestsResponseData certificateInstanceIds(Collection<String> collection) {
            this.certificateInstanceIds = collection;
            return this;
        }

        public CertificateRequestsResponseData creationDate(OffsetDateTime offsetDateTime) {
            this.creationDate = offsetDateTime;
            return this;
        }

        public CertificateRequestsResponseData pem(String str) {
            this.pem = str;
            return this;
        }

        public CertificateRequestsResponseData der(String str) {
            this.der = str;
            return this;
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof CertificateRequestsResponseData)) {
                return false;
            }
            CertificateRequestsResponseData certificateRequestsResponseData = (CertificateRequestsResponseData) obj;
            if (!certificateRequestsResponseData.canEqual(this)) {
                return false;
            }
            String id = id();
            String id2 = certificateRequestsResponseData.id();
            if (id == null) {
                if (id2 != null) {
                    return false;
                }
            } else if (!id.equals(id2)) {
                return false;
            }
            String zoneId = zoneId();
            String zoneId2 = certificateRequestsResponseData.zoneId();
            if (zoneId == null) {
                if (zoneId2 != null) {
                    return false;
                }
            } else if (!zoneId.equals(zoneId2)) {
                return false;
            }
            String status = status();
            String status2 = certificateRequestsResponseData.status();
            if (status == null) {
                if (status2 != null) {
                    return false;
                }
            } else if (!status.equals(status2)) {
                return false;
            }
            String subjectDN = subjectDN();
            String subjectDN2 = certificateRequestsResponseData.subjectDN();
            if (subjectDN == null) {
                if (subjectDN2 != null) {
                    return false;
                }
            } else if (!subjectDN.equals(subjectDN2)) {
                return false;
            }
            if (generatedKey() != certificateRequestsResponseData.generatedKey() || defaultKeyPassword() != certificateRequestsResponseData.defaultKeyPassword()) {
                return false;
            }
            Collection<String> certificateInstanceIds = certificateInstanceIds();
            Collection<String> certificateInstanceIds2 = certificateRequestsResponseData.certificateInstanceIds();
            if (certificateInstanceIds == null) {
                if (certificateInstanceIds2 != null) {
                    return false;
                }
            } else if (!certificateInstanceIds.equals(certificateInstanceIds2)) {
                return false;
            }
            OffsetDateTime creationDate = creationDate();
            OffsetDateTime creationDate2 = certificateRequestsResponseData.creationDate();
            if (creationDate == null) {
                if (creationDate2 != null) {
                    return false;
                }
            } else if (!creationDate.equals(creationDate2)) {
                return false;
            }
            String pem = pem();
            String pem2 = certificateRequestsResponseData.pem();
            if (pem == null) {
                if (pem2 != null) {
                    return false;
                }
            } else if (!pem.equals(pem2)) {
                return false;
            }
            String der = der();
            String der2 = certificateRequestsResponseData.der();
            return der == null ? der2 == null : der.equals(der2);
        }

        protected boolean canEqual(Object obj) {
            return obj instanceof CertificateRequestsResponseData;
        }

        public int hashCode() {
            String id = id();
            int hashCode = (1 * 59) + (id == null ? 43 : id.hashCode());
            String zoneId = zoneId();
            int hashCode2 = (hashCode * 59) + (zoneId == null ? 43 : zoneId.hashCode());
            String status = status();
            int hashCode3 = (hashCode2 * 59) + (status == null ? 43 : status.hashCode());
            String subjectDN = subjectDN();
            int hashCode4 = (((((hashCode3 * 59) + (subjectDN == null ? 43 : subjectDN.hashCode())) * 59) + (generatedKey() ? 79 : 97)) * 59) + (defaultKeyPassword() ? 79 : 97);
            Collection<String> certificateInstanceIds = certificateInstanceIds();
            int hashCode5 = (hashCode4 * 59) + (certificateInstanceIds == null ? 43 : certificateInstanceIds.hashCode());
            OffsetDateTime creationDate = creationDate();
            int hashCode6 = (hashCode5 * 59) + (creationDate == null ? 43 : creationDate.hashCode());
            String pem = pem();
            int hashCode7 = (hashCode6 * 59) + (pem == null ? 43 : pem.hashCode());
            String der = der();
            return (hashCode7 * 59) + (der == null ? 43 : der.hashCode());
        }

        public String toString() {
            return "CloudConnector.CertificateRequestsResponseData(id=" + id() + ", zoneId=" + zoneId() + ", status=" + status() + ", subjectDN=" + subjectDN() + ", generatedKey=" + generatedKey() + ", defaultKeyPassword=" + defaultKeyPassword() + ", certificateInstanceIds=" + certificateInstanceIds() + ", creationDate=" + creationDate() + ", pem=" + pem() + ", der=" + der() + ")";
        }
    }

    public CloudConnector(Cloud cloud) {
        this.cloud = cloud;
    }

    @Override // com.venafi.vcert.sdk.connectors.Connector
    public ConnectorType getType() {
        return ConnectorType.CLOUD;
    }

    @Override // com.venafi.vcert.sdk.connectors.Connector
    public void setBaseUrl(String str) throws VCertException {
        throw new UnsupportedOperationException("Method not yet implemented");
    }

    @Override // com.venafi.vcert.sdk.connectors.Connector
    public void setZone(String str) {
        this.zone = str;
    }

    @Override // com.venafi.vcert.sdk.connectors.Connector
    public void setVendorAndProductName(String str) {
        this.vendorAndProductName = str;
    }

    @Override // com.venafi.vcert.sdk.connectors.Connector
    public String getVendorAndProductName() {
        return this.vendorAndProductName;
    }

    @Override // com.venafi.vcert.sdk.connectors.Connector
    public void ping() throws VCertException {
        Response doPing = doPing();
        if (doPing.status() != 200) {
            throw new VCertException(String.format("Unexpected status code on Venafi Cloud ping. Status: %d %s", Integer.valueOf(doPing.status()), doPing.reason()));
        }
    }

    private Response doPing() {
        return this.cloud.ping(this.auth.apiKey());
    }

    @Override // com.venafi.vcert.sdk.connectors.Connector
    public void authenticate(Authentication authentication) throws VCertException {
        VCertException.throwIfNull(authentication, "failed to authenticate: missing credentials");
        this.auth = authentication;
        this.user = this.cloud.authorize(authentication.apiKey());
    }

    @Override // com.venafi.vcert.sdk.connectors.Connector
    public ZoneConfiguration readZoneConfiguration(String str) throws VCertException {
        String id;
        CertificateIssuingTemplate cit;
        String[] parseZoneIdentifiers = parseZoneIdentifiers(str);
        if (parseZoneIdentifiers[0] != null) {
            String str2 = parseZoneIdentifiers[0];
            TagProjectZone zoneByTag = this.cloud.zoneByTag(str, this.auth.apiKey());
            if (zoneByTag == null) {
                throw new VCertException(String.format("No zone with Id '%s'.", str2));
            }
            id = zoneByTag.id();
            cit = this.cloud.certificateIssuingTemplateById(zoneByTag.certificateIssuingTemplateId(), this.auth.apiKey());
            if (cit == null) {
                throw new VCertException(String.format("Certificate issue template not found. Id provided =  [%s] ", zoneByTag.certificateIssuingTemplateId()));
            }
        } else {
            ProjectZone projectZone = null;
            Projects projects = this.cloud.projects(this.auth.apiKey());
            if (projects.projects().isEmpty()) {
                throw new VCertException("No projects present.");
            }
            String str3 = parseZoneIdentifiers[1];
            String str4 = parseZoneIdentifiers[2];
            for (Project project : projects.projects()) {
                if (project.name().equals(str3)) {
                    Iterator<ProjectZone> it = project.zones().iterator();
                    while (true) {
                        if (it.hasNext()) {
                            ProjectZone next = it.next();
                            if (str4.equals(next.name())) {
                                projectZone = next;
                                break;
                            }
                        }
                    }
                }
            }
            if (projectZone == null) {
                throw new VCertException(String.format("No zone with name '%s' in '%s' project.", str4, str3));
            }
            id = projectZone.id();
            cit = projectZone.cit();
            if (cit == null) {
                throw new VCertException(String.format("No certificate issuing template ID for '%s' zone.", str));
            }
        }
        ZoneConfiguration zoneConfig = cit.toZoneConfig();
        zoneConfig.policy(cit.toPolicy());
        zoneConfig.zoneId(id);
        return zoneConfig;
    }

    @Override // com.venafi.vcert.sdk.connectors.Connector
    public CertificateRequest generateRequest(ZoneConfiguration zoneConfiguration, CertificateRequest certificateRequest) throws VCertException {
        switch (certificateRequest.csrOrigin()) {
            case LocalGeneratedCSR:
                if (zoneConfiguration == null) {
                    zoneConfiguration = readZoneConfiguration(this.zone);
                }
                zoneConfiguration.applyCertificateRequestDefaultSettingsIfNeeded(certificateRequest);
                zoneConfiguration.validateCertificateRequest(certificateRequest);
                certificateRequest.generatePrivateKey();
                certificateRequest.generateCSR();
                break;
            case UserProvidedCSR:
                if (certificateRequest.csr().length == 0) {
                    throw new VCertException("CSR was supposed to be provided by user, but it's empty");
                }
                break;
            case ServiceGeneratedCSR:
                certificateRequest.csr(null);
                break;
            default:
                throw new VCertException(String.format("Unrecognized request CSR origin %s", certificateRequest.csrOrigin()));
        }
        return certificateRequest;
    }

    @Override // com.venafi.vcert.sdk.connectors.Connector
    public String requestCertificate(CertificateRequest certificateRequest, String str) throws VCertException {
        return requestCertificate(certificateRequest, new ZoneConfiguration().zoneId(str));
    }

    @Override // com.venafi.vcert.sdk.connectors.Connector
    public String requestCertificate(CertificateRequest certificateRequest, ZoneConfiguration zoneConfiguration) throws VCertException {
        if (StringUtils.isBlank(zoneConfiguration.zoneId())) {
            zoneConfiguration.zoneId(this.zone);
        }
        if (CsrOriginOption.ServiceGeneratedCSR == certificateRequest.csrOrigin()) {
            throw new VCertException("service generated CSR is not supported by Saas service");
        }
        if (this.user == null || this.user.company() == null) {
            throw new VCertException("Must be authenticated to request a certificate");
        }
        String id = this.cloud.certificateRequest(this.auth.apiKey(), new CertificateRequestsPayload().zoneId(zoneConfiguration.zoneId()).csr(new String(certificateRequest.csr()))).certificateRequests().get(0).id();
        certificateRequest.pickupId(id);
        return id;
    }

    @Override // com.venafi.vcert.sdk.connectors.Connector
    public PEMCollection retrieveCertificate(CertificateRequest certificateRequest) throws VCertException {
        String str;
        if (certificateRequest.fetchPrivateKey()) {
            throw new VCertException("Failed to retrieve private key from Venafi Cloud service: not supported");
        }
        String str2 = "";
        if (StringUtils.isBlank(certificateRequest.pickupId()) && StringUtils.isNotBlank(certificateRequest.thumbprint())) {
            String str3 = null;
            Cloud.CertificateSearchResponse searchCertificatesByFingerprint = searchCertificatesByFingerprint(certificateRequest.thumbprint());
            if (searchCertificatesByFingerprint.certificates().size() == 0) {
                throw new VCertException(String.format("No certificate found using fingerprint %s", certificateRequest.thumbprint()));
            }
            ArrayList arrayList = new ArrayList();
            boolean z = true;
            for (Cloud.Certificate certificate : searchCertificatesByFingerprint.certificates()) {
                arrayList.add(certificate.certificateRequestId());
                if (StringUtils.isNotBlank(str3) && str3.equals(certificate.certificateRequestId())) {
                    z = true;
                }
                if (StringUtils.isNotBlank(certificate.certificateRequestId())) {
                    str3 = certificate.certificateRequestId();
                } else {
                    str2 = certificate.id();
                }
            }
            if (!z) {
                throw new VCertException(String.format("More than one CertificateRequestId was found with the same Fingerprint: %s", arrayList));
            }
            certificateRequest.pickupId(str3);
        }
        Instant now = Instant.now();
        while (!StringUtils.isBlank(certificateRequest.pickupId())) {
            CertificateStatus certificateStatus = getCertificateStatus(certificateRequest.pickupId());
            if ("ISSUED".equals(certificateStatus.status())) {
                break;
            }
            if ("FAILED".equals(certificateStatus.status())) {
                throw new VCertException(String.format("Failed to retrieve certificate. Status: %s", certificateStatus.toString()));
            }
            if (Duration.ZERO.equals(certificateRequest.timeout())) {
                throw new VCertException(String.format("Failed to retrieve certificate %s. Status %s", certificateRequest.pickupId(), certificateStatus.status()));
            }
            if (Instant.now().isAfter(now.plus((TemporalAmount) certificateRequest.timeout()))) {
                throw new VCertException(String.format("Timeout trying to retrieve certificate %s", certificateRequest.pickupId()));
            }
            try {
                TimeUnit.SECONDS.sleep(2L);
            } catch (InterruptedException e) {
                e.printStackTrace();
                throw new VCertException("Error attempting to retry", e);
            }
        }
        if (this.user == null || this.user.company() == null) {
            throw new VCertException("Must be authenticated to retieve certificate");
        }
        if (!StringUtils.isNotBlank(certificateRequest.pickupId())) {
            return PEMCollection.fromResponse(certificateAsPem(str2), ChainOption.ChainOptionIgnore, certificateRequest.privateKey(), certificateRequest.keyPassword());
        }
        switch (certificateRequest.chainOption()) {
            case ChainOptionRootFirst:
                str = "ROOT_FIRST";
                break;
            case ChainOptionRootLast:
            case ChainOptionIgnore:
            default:
                str = "EE_FIRST";
                break;
        }
        PEMCollection fromResponse = PEMCollection.fromResponse(certificateViaCSR(certificateRequest.pickupId(), str), certificateRequest.chainOption(), certificateRequest.privateKey(), certificateRequest.keyPassword());
        certificateRequest.checkCertificate(fromResponse.certificate());
        return fromResponse;
    }

    private String certificateViaCSR(String str, String str2) throws VCertException {
        Response certificateViaCSR = this.cloud.certificateViaCSR(str, this.auth.apiKey(), str2);
        if (certificateViaCSR.status() != 200) {
            throw new VCertException(String.format("Invalid response fetching the certificate via CSR: %s", certificateViaCSR.reason()));
        }
        try {
            return CharStreams.toString(certificateViaCSR.body().asReader());
        } catch (IOException e) {
            throw new VCertException("Unable to read the PEM certificate");
        }
    }

    private String certificateAsPem(String str) {
        return this.cloud.certificateAsPem(str, this.auth.apiKey());
    }

    private CertificateStatus getCertificateStatus(String str) {
        return this.cloud.certificateStatus(str, this.auth.apiKey());
    }

    @Override // com.venafi.vcert.sdk.connectors.Connector
    public void revokeCertificate(RevocationRequest revocationRequest) throws VCertException {
        throw new UnsupportedOperationException("not supported by endpoint");
    }

    @Override // com.venafi.vcert.sdk.connectors.Connector
    public String renewCertificate(RenewalRequest renewalRequest) throws VCertException {
        String certificateDN;
        if (StringUtils.isNotBlank(renewalRequest.thumbprint())) {
            Set set = (Set) searchCertificatesByFingerprint(renewalRequest.thumbprint()).certificates().stream().map(certificate -> {
                return certificate.certificateRequestId();
            }).collect(Collectors.toSet());
            if (set.size() > 1) {
                throw new VCertException(String.format("More than one CertificateRequestId was found with the same Fingerprint: %s", renewalRequest.thumbprint()));
            }
            if (set.size() == 0) {
                throw new VCertException(String.format("Cloud service can not find a certificate with Fingerprint: %s", renewalRequest.thumbprint()));
            }
            certificateDN = (String) set.iterator().next();
        } else {
            if (!StringUtils.isNotBlank(renewalRequest.certificateDN())) {
                throw new VCertException("failed to create renewal request: CertificateDN or Thumbprint required");
            }
            certificateDN = renewalRequest.certificateDN();
        }
        CertificateStatus certificateStatus = this.cloud.certificateStatus(certificateDN, this.auth.apiKey());
        VCertException.throwIfNull(certificateStatus.managedCertificateId(), String.format("failed to submit renewal request for certificate: ManagedCertificateId is empty, certificate status is %s", certificateStatus.status()));
        VCertException.throwIfNull(certificateStatus.zoneId(), String.format("failed to submit renewal request for certificate: ZoneId is empty, certificate status is %s", certificateStatus.status()));
        ManagedCertificate managedCertificate = this.cloud.managedCertificate(certificateStatus.managedCertificateId(), this.auth.apiKey());
        if (!managedCertificate.latestCertificateRequestId().equals(certificateDN)) {
            StringBuilder sb = new StringBuilder();
            sb.append("Certificate under requestId %s ");
            sb.append(StringUtils.isNotBlank(renewalRequest.thumbprint()) ? String.format("with thumbprint %s ", renewalRequest.thumbprint()) : "");
            sb.append("is not the latest under ManagedCertificateId %s. The latest request is %s. ");
            sb.append("This error may happen when revoked certificate is requested to be renewed.");
            throw new VCertException(String.format(sb.toString(), certificateDN, managedCertificate.id(), managedCertificate.latestCertificateRequestId()));
        }
        CertificateRequestsPayload certificateRequestsPayload = new CertificateRequestsPayload();
        certificateRequestsPayload.zoneId(certificateStatus.zoneId());
        certificateRequestsPayload.existingManagedCertificateId(managedCertificate.id());
        certificateRequestsPayload.reuseCSR(!Objects.nonNull(renewalRequest.request()) || renewalRequest.request().csr().length <= 0);
        if (!certificateRequestsPayload.reuseCSR) {
            certificateRequestsPayload.csr(Strings.fromByteArray(renewalRequest.request().csr()));
        }
        return this.cloud.certificateRequest(this.auth.apiKey(), certificateRequestsPayload).certificateRequests().get(0).id();
    }

    @Override // com.venafi.vcert.sdk.connectors.Connector
    public ImportResponse importCertificate(ImportRequest importRequest) throws VCertException {
        throw new UnsupportedOperationException("Method not yet implemented");
    }

    @Override // com.venafi.vcert.sdk.connectors.Connector
    public Policy readPolicyConfiguration(String str) throws VCertException {
        throw new UnsupportedOperationException("Method not yet implemented");
    }

    private Cloud.CertificateSearchResponse searchCertificates(Cloud.SearchRequest searchRequest) {
        return this.cloud.searchCertificates(this.auth.apiKey(), searchRequest);
    }

    private Cloud.CertificateSearchResponse searchCertificatesByFingerprint(String str) {
        return searchCertificates(Cloud.SearchRequest.findByFingerPrint(str.replaceAll(ParameterizedMessage.ERROR_MSG_SEPARATOR, "").replaceAll("/.", "")));
    }

    private String[] parseZoneIdentifiers(String str) throws VCertException {
        try {
            UUID.fromString(str);
            return new String[]{str, null, null};
        } catch (IllegalArgumentException e) {
            String[] split = str.split(Pattern.quote("\\"));
            if (split.length != 2) {
                throw new VCertException(String.format("Invalid zone ID or path. We expect UUID or 'ProjectName\\ZoneName', but we got '%s'.", str));
            }
            if (StringUtils.isBlank(split[0])) {
                throw new VCertException(String.format("Unable to get Project Name from '%s'", str));
            }
            if (StringUtils.isBlank(split[1])) {
                throw new VCertException(String.format("Unable to get Zone Name from '%s'", str));
            }
            return new String[]{null, split[0], split[1]};
        }
    }

    public UserDetails user() {
        return this.user;
    }

    public String vendorAndProductName() {
        return this.vendorAndProductName;
    }
}
