package net.corda.node.utilities.certsigning;

import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.time.Duration;
import java.util.stream.Stream;
import kotlin.Metadata;
import kotlin.TypeCastException;
import kotlin.collections.ArraysKt;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlinx.support.jdk7.AutoCloseableKt;
import net.corda.core.Utils;
import net.corda.core.crypto.X509Utilities;
import net.corda.node.services.config.NodeConfiguration;
import org.jetbrains.annotations.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* compiled from: CertificateSigner.kt */
@Metadata(mv = {1, 1, 1}, bv = {1, 0, 0}, k = 1, d1 = {"��8\n\u0002\u0018\u0002\n\u0002\u0010��\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0006\n\u0002\u0010\u0002\n��\n\u0002\u0010\u0011\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0002\u0018�� \u00162\u00020\u0001:\u0001\u0016B\u0015\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005¢\u0006\u0002\u0010\u0006J\u0006\u0010\u000b\u001a\u00020\fJ\u001b\u0010\r\u001a\b\u0012\u0004\u0012\u00020\u000f0\u000e2\u0006\u0010\u0010\u001a\u00020\u0011H\u0002¢\u0006\u0002\u0010\u0012J\u0010\u0010\u0013\u001a\u00020\u00112\u0006\u0010\u0014\u001a\u00020\u0015H\u0002R\u0011\u0010\u0004\u001a\u00020\u0005¢\u0006\b\n��\u001a\u0004\b\u0007\u0010\bR\u0011\u0010\u0002\u001a\u00020\u0003¢\u0006\b\n��\u001a\u0004\b\t\u0010\n¨\u0006\u0017"}, d2 = {"Lnet/corda/node/utilities/certsigning/CertificateSigner;", "", "config", "Lnet/corda/node/services/config/NodeConfiguration;", "certService", "Lnet/corda/node/utilities/certsigning/CertificateSigningService;", "(Lnet/corda/node/services/config/NodeConfiguration;Lnet/corda/node/utilities/certsigning/CertificateSigningService;)V", "getCertService", "()Lnet/corda/node/utilities/certsigning/CertificateSigningService;", "getConfig", "()Lnet/corda/node/services/config/NodeConfiguration;", "buildKeyStore", "", "pollServerForCertificates", "", "Ljava/security/cert/Certificate;", "requestId", "", "(Ljava/lang/String;)[Ljava/security/cert/Certificate;", "submitCertificateSigningRequest", "keyPair", "Ljava/security/KeyPair;", "Companion", "node_main"})
/* loaded from: input_file:net/corda/node/utilities/certsigning/CertificateSigner.class */
public final class CertificateSigner {

    @NotNull
    private final NodeConfiguration config;

    @NotNull
    private final CertificateSigningService certService;

    @NotNull
    private static final Logger log;
    public static final Companion Companion = new Companion(null);

    @NotNull
    private static final Duration pollInterval = Utils.getMinutes(1);

    /* compiled from: CertificateSigner.kt */
    @Metadata(mv = {1, 1, 1}, bv = {1, 0, 0}, k = 1, d1 = {"��\u001c\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0003\b\u0086\u0003\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002R\u0011\u0010\u0003\u001a\u00020\u0004¢\u0006\b\n��\u001a\u0004\b\u0005\u0010\u0006R\u0011\u0010\u0007\u001a\u00020\b¢\u0006\b\n��\u001a\u0004\b\t\u0010\n¨\u0006\u000b"}, d2 = {"Lnet/corda/node/utilities/certsigning/CertificateSigner$Companion;", "", "()V", "log", "Lorg/slf4j/Logger;", "getLog", "()Lorg/slf4j/Logger;", "pollInterval", "Ljava/time/Duration;", "getPollInterval", "()Ljava/time/Duration;", "node_main"})
    /* loaded from: input_file:net/corda/node/utilities/certsigning/CertificateSigner$Companion.class */
    public static final class Companion {
        @NotNull
        public final Duration getPollInterval() {
            return CertificateSigner.pollInterval;
        }

        @NotNull
        public final Logger getLog() {
            return CertificateSigner.log;
        }

        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    public final void buildKeyStore() {
        Utils.createDirectories(this.config.getCertificatesPath(), new FileAttribute[0]);
        KeyStore loadOrCreateKeyStore = X509Utilities.INSTANCE.loadOrCreateKeyStore(this.config.getKeyStorePath(), this.config.getKeyStorePassword());
        X509Utilities x509Utilities = X509Utilities.INSTANCE;
        X509Utilities x509Utilities2 = X509Utilities.INSTANCE;
        if (loadOrCreateKeyStore.containsAlias(x509Utilities.getCORDA_CLIENT_CA())) {
            Companion.getLog().trace("Certificate already exists, exiting certificate signer...");
            return;
        }
        Companion.getLog().info("No certificate found in key store, creating certificate signing request...");
        X509Utilities x509Utilities3 = X509Utilities.INSTANCE;
        Path keyStorePath = this.config.getKeyStorePath();
        String keyStorePassword = this.config.getKeyStorePassword();
        String keyStorePassword2 = this.config.getKeyStorePassword();
        X509Utilities x509Utilities4 = X509Utilities.INSTANCE;
        X509Utilities x509Utilities5 = X509Utilities.INSTANCE;
        KeyPair loadOrCreateKeyPairFromKeyStore = x509Utilities3.loadOrCreateKeyPairFromKeyStore(keyStorePath, keyStorePassword, keyStorePassword2, x509Utilities4.getCORDA_CLIENT_CA_PRIVATE_KEY(), new Function0<X509Utilities.CACertAndKey>() { // from class: net.corda.node.utilities.certsigning.CertificateSigner$buildKeyStore$keyPair$1
            @NotNull
            public final X509Utilities.CACertAndKey invoke() {
                return X509Utilities.INSTANCE.createSelfSignedCACert(CertificateSigner.this.getConfig().getMyLegalName());
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(0);
            }
        });
        Companion.getLog().info("Submitting certificate signing request to Corda certificate signing server.");
        String submitCertificateSigningRequest = submitCertificateSigningRequest(loadOrCreateKeyPairFromKeyStore);
        Companion.getLog().info("Successfully submitted request to Corda certificate signing server, request ID : " + submitCertificateSigningRequest);
        Companion.getLog().info("Start polling server for certificate signing approval.");
        Certificate[] pollServerForCertificates = pollServerForCertificates(submitCertificateSigningRequest);
        Companion.getLog().info("Certificate signing request approved, installing new certificates.");
        X509Utilities x509Utilities6 = X509Utilities.INSTANCE;
        X509Utilities x509Utilities7 = X509Utilities.INSTANCE;
        X509Utilities x509Utilities8 = X509Utilities.INSTANCE;
        String corda_client_ca_private_key = x509Utilities7.getCORDA_CLIENT_CA_PRIVATE_KEY();
        PrivateKey privateKey = loadOrCreateKeyPairFromKeyStore.getPrivate();
        Intrinsics.checkExpressionValueIsNotNull(privateKey, "keyPair.private");
        String keyStorePassword3 = this.config.getKeyStorePassword();
        if (keyStorePassword3 == null) {
            throw new TypeCastException("null cannot be cast to non-null type java.lang.String");
        }
        char[] charArray = keyStorePassword3.toCharArray();
        Intrinsics.checkExpressionValueIsNotNull(charArray, "(this as java.lang.String).toCharArray()");
        x509Utilities6.addOrReplaceKey(loadOrCreateKeyStore, corda_client_ca_private_key, privateKey, charArray, pollServerForCertificates);
        X509Utilities x509Utilities9 = X509Utilities.INSTANCE;
        X509Utilities x509Utilities10 = X509Utilities.INSTANCE;
        X509Utilities x509Utilities11 = X509Utilities.INSTANCE;
        x509Utilities9.addOrReplaceCertificate(loadOrCreateKeyStore, x509Utilities10.getCORDA_CLIENT_CA(), (Certificate) ArraysKt.first(pollServerForCertificates));
        X509Utilities.INSTANCE.saveKeyStore(loadOrCreateKeyStore, this.config.getKeyStorePath(), this.config.getKeyStorePassword());
        KeyStore loadOrCreateKeyStore2 = X509Utilities.INSTANCE.loadOrCreateKeyStore(this.config.getTrustStorePath(), this.config.getTrustStorePassword());
        X509Utilities x509Utilities12 = X509Utilities.INSTANCE;
        X509Utilities x509Utilities13 = X509Utilities.INSTANCE;
        X509Utilities x509Utilities14 = X509Utilities.INSTANCE;
        x509Utilities12.addOrReplaceCertificate(loadOrCreateKeyStore2, x509Utilities13.getCORDA_ROOT_CA(), (Certificate) ArraysKt.last(pollServerForCertificates));
        X509Utilities.INSTANCE.saveKeyStore(loadOrCreateKeyStore2, this.config.getTrustStorePath(), this.config.getTrustStorePassword());
    }

    private final Certificate[] pollServerForCertificates(String str) {
        Certificate[] retrieveCertificates = this.certService.retrieveCertificates(str);
        while (true) {
            Certificate[] certificateArr = retrieveCertificates;
            if (certificateArr != null) {
                return certificateArr;
            }
            Thread.sleep(Companion.getPollInterval().toMillis());
            retrieveCertificates = this.certService.retrieveCertificates(str);
        }
    }

    private final String submitCertificateSigningRequest(KeyPair keyPair) {
        Path div = Utils.div(this.config.getCertificatesPath(), "certificate-request-id.txt");
        if (!Utils.exists(div, new LinkOption[0])) {
            String submitRequest = this.certService.submitRequest(X509Utilities.INSTANCE.createCertificateSigningRequest(this.config.getMyLegalName(), this.config.getNearestCity(), this.config.getEmailAddress(), keyPair));
            Utils.writeLines$default(div, CollectionsKt.listOf(submitRequest), (Charset) null, new OpenOption[0], 2, (Object) null);
            return submitRequest;
        }
        Charset charset = null;
        if (0 != 0) {
            throw new UnsupportedOperationException("Super calls with default arguments not supported in this target, function: readLines");
        }
        if (true & true) {
            Charset charset2 = StandardCharsets.UTF_8;
            Intrinsics.checkExpressionValueIsNotNull(charset2, "UTF_8");
            charset = charset2;
        }
        Stream<String> lines = Files.lines(div, charset);
        boolean z = false;
        try {
            try {
                String str = lines.findFirst().get();
                if (lines != null && 0 == 0) {
                    lines.close();
                }
                String str2 = str;
                Intrinsics.checkExpressionValueIsNotNull(str2, "requestIdStore.readLines { it.findFirst().get() }");
                return str2;
            } catch (Throwable th) {
                z = true;
                if (lines != null) {
                    AutoCloseableKt.closeSuppressed(lines, th);
                }
                throw th;
            }
        } catch (Throwable th2) {
            if (lines != null && !z) {
                lines.close();
            }
            throw th2;
        }
    }

    @NotNull
    public final NodeConfiguration getConfig() {
        return this.config;
    }

    @NotNull
    public final CertificateSigningService getCertService() {
        return this.certService;
    }

    public CertificateSigner(@NotNull NodeConfiguration nodeConfiguration, @NotNull CertificateSigningService certificateSigningService) {
        Intrinsics.checkParameterIsNotNull(nodeConfiguration, "config");
        Intrinsics.checkParameterIsNotNull(certificateSigningService, "certService");
        this.config = nodeConfiguration;
        this.certService = certificateSigningService;
    }

    static {
        Logger logger = LoggerFactory.getLogger(CertificateSigner.class);
        Intrinsics.checkExpressionValueIsNotNull(logger, "LoggerFactory.getLogger(T::class.java)");
        log = logger;
    }
}
