package net.corda.node.services.keys;

import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertPath;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.time.Duration;
import java.util.List;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.internal.Intrinsics;
import net.corda.core.crypto.CertificateType;
import net.corda.core.crypto.ContentSignerBuilder;
import net.corda.core.crypto.Crypto;
import net.corda.core.crypto.SignatureScheme;
import net.corda.core.crypto.X509Utilities;
import net.corda.core.crypto.X509UtilitiesKt;
import net.corda.core.identity.AnonymousPartyAndPath;
import net.corda.core.identity.PartyAndCertificate;
import net.corda.core.node.services.IdentityService;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.NameConstraints;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.operator.ContentSigner;
import org.jetbrains.annotations.NotNull;

/* compiled from: KMSUtils.kt */
@Metadata(mv = {1, 1, 5}, bv = {1, 0, 1}, k = 2, d1 = {"��.\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000b\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\u001a0\u0010��\u001a\u00020\u00012\u0006\u0010\u0002\u001a\u00020\u00032\u0006\u0010\u0004\u001a\u00020\u00052\u0006\u0010\u0006\u001a\u00020\u00072\u0006\u0010\b\u001a\u00020\t2\b\b\u0002\u0010\n\u001a\u00020\u000b\u001a\u000e\u0010\f\u001a\u00020\t2\u0006\u0010\r\u001a\u00020\u000e¨\u0006\u000f"}, d2 = {"freshCertificate", "Lnet/corda/core/identity/AnonymousPartyAndPath;", "identityService", "Lnet/corda/core/node/services/IdentityService;", "subjectPublicKey", "Ljava/security/PublicKey;", "issuer", "Lnet/corda/core/identity/PartyAndCertificate;", "issuerSigner", "Lorg/bouncycastle/operator/ContentSigner;", "revocationEnabled", "", "getSigner", "issuerKeyPair", "Ljava/security/KeyPair;", "node_main"})
/* loaded from: input_file:net/corda/node/services/keys/KMSUtilsKt.class */
public final class KMSUtilsKt {
    @NotNull
    public static final AnonymousPartyAndPath freshCertificate(@NotNull IdentityService identityService, @NotNull PublicKey publicKey, @NotNull PartyAndCertificate partyAndCertificate, @NotNull ContentSigner contentSigner, boolean z) {
        Intrinsics.checkParameterIsNotNull(identityService, "identityService");
        Intrinsics.checkParameterIsNotNull(publicKey, "subjectPublicKey");
        Intrinsics.checkParameterIsNotNull(partyAndCertificate, "issuer");
        Intrinsics.checkParameterIsNotNull(contentSigner, "issuerSigner");
        X509CertificateHolder certificate = partyAndCertificate.getCertificate();
        X509Utilities x509Utilities = X509Utilities.INSTANCE;
        Duration duration = Duration.ZERO;
        Intrinsics.checkExpressionValueIsNotNull(duration, "Duration.ZERO");
        Duration ofDays = Duration.ofDays(3650);
        Intrinsics.checkExpressionValueIsNotNull(ofDays, "Duration.ofDays(toLong())");
        Pair certificateValidityWindow = x509Utilities.getCertificateValidityWindow(duration, ofDays, certificate);
        Crypto crypto = Crypto.INSTANCE;
        CertificateType certificateType = CertificateType.IDENTITY;
        X500Name subject = certificate.getSubject();
        Intrinsics.checkExpressionValueIsNotNull(subject, "issuerCertificate.subject");
        X509CertificateHolder createCertificate$default = Crypto.createCertificate$default(crypto, certificateType, subject, contentSigner, partyAndCertificate.getName(), publicKey, certificateValidityWindow, (NameConstraints) null, 64, (Object) null);
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
        List listOf = CollectionsKt.listOf(X509UtilitiesKt.getCert(createCertificate$default));
        List<? extends Certificate> certificates = partyAndCertificate.getCertPath().getCertificates();
        Intrinsics.checkExpressionValueIsNotNull(certificates, "issuer.certPath.certificates");
        CertPath generateCertPath = certificateFactory.generateCertPath(CollectionsKt.plus(listOf, certificates));
        Intrinsics.checkExpressionValueIsNotNull(generateCertPath, "ourCertPath");
        AnonymousPartyAndPath anonymousPartyAndPath = new AnonymousPartyAndPath(publicKey, generateCertPath);
        identityService.verifyAndRegisterAnonymousIdentity(anonymousPartyAndPath, partyAndCertificate.getParty());
        return anonymousPartyAndPath;
    }

    @NotNull
    public static /* bridge */ /* synthetic */ AnonymousPartyAndPath freshCertificate$default(IdentityService identityService, PublicKey publicKey, PartyAndCertificate partyAndCertificate, ContentSigner contentSigner, boolean z, int i, Object obj) {
        if ((i & 16) != 0) {
            z = false;
        }
        return freshCertificate(identityService, publicKey, partyAndCertificate, contentSigner, z);
    }

    @NotNull
    public static final ContentSigner getSigner(@NotNull KeyPair keyPair) {
        Intrinsics.checkParameterIsNotNull(keyPair, "issuerKeyPair");
        Crypto crypto = Crypto.INSTANCE;
        PrivateKey privateKey = keyPair.getPrivate();
        Intrinsics.checkExpressionValueIsNotNull(privateKey, "issuerKeyPair.private");
        SignatureScheme findSignatureScheme = crypto.findSignatureScheme(privateKey);
        Provider provider = Security.getProvider(findSignatureScheme.getProviderName());
        ContentSignerBuilder contentSignerBuilder = ContentSignerBuilder.INSTANCE;
        PrivateKey privateKey2 = keyPair.getPrivate();
        Intrinsics.checkExpressionValueIsNotNull(privateKey2, "issuerKeyPair.private");
        return ContentSignerBuilder.build$default(contentSignerBuilder, findSignatureScheme, privateKey2, provider, (SecureRandom) null, 8, (Object) null);
    }
}
