package net.corda.node.services.config;

import com.typesafe.config.Config;
import com.typesafe.config.ConfigFactory;
import com.typesafe.config.ConfigMergeable;
import java.io.InputStream;
import java.nio.file.CopyOption;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.Arrays;
import java.util.Map;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.TypeCastException;
import kotlin.collections.MapsKt;
import kotlin.jvm.internal.Intrinsics;
import net.corda.core.crypto.CertificateAndKeyPair;
import net.corda.core.crypto.CertificateType;
import net.corda.core.crypto.Crypto;
import net.corda.core.crypto.SignatureScheme;
import net.corda.core.crypto.X509Utilities;
import net.corda.core.internal.InternalUtilsKt;
import net.corda.node.utilities.KeyStoreUtilitiesKt;
import net.corda.nodeapi.config.SSLConfiguration;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralSubtree;
import org.bouncycastle.asn1.x509.NameConstraints;
import org.bouncycastle.cert.X509CertificateHolder;
import org.jetbrains.annotations.NotNull;

/* compiled from: ConfigUtilities.kt */
@Metadata(mv = {1, 1, 5}, bv = {1, 0, 1}, k = 2, d1 = {"��T\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u0011\n\u0002\u0018\u0002\n\u0002\u0010\u000e\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0010\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010$\n��\u001a;\u0010��\u001a\u00020\u00012.\u0010\u0002\u001a\u0018\u0012\u0014\b\u0001\u0012\u0010\u0012\u0004\u0012\u00020\u0005\u0012\u0006\u0012\u0004\u0018\u00010\u00060\u00040\u0003\"\u0010\u0012\u0004\u0012\u00020\u0005\u0012\u0006\u0012\u0004\u0018\u00010\u00060\u0004¢\u0006\u0002\u0010\u0007\u001aH\u0010\b\u001a\u00020\t2\u0006\u0010\n\u001a\u00020\u000b2\u0006\u0010\f\u001a\u00020\u000b2\u0006\u0010\r\u001a\u00020\u00052\u0006\u0010\u000e\u001a\u00020\u00052\u0006\u0010\u000f\u001a\u00020\u00102\u0006\u0010\u0011\u001a\u00020\u00052\u0006\u0010\u0012\u001a\u00020\u00132\b\b\u0002\u0010\u0014\u001a\u00020\u0015\u001a\u0012\u0010\u0016\u001a\u00020\t*\u00020\u00172\u0006\u0010\u0018\u001a\u00020\u0013\u001a\n\u0010\u0019\u001a\u00020\t*\u00020\u001a\u001a#\u0010\u001b\u001a\u00020\u0001*\u00020\u00012\u0014\u0010\u001c\u001a\u0010\u0012\u0004\u0012\u00020\u0005\u0012\u0006\u0012\u0004\u0018\u00010\u00060\u001dH\u0086\u0002¨\u0006\u001e"}, d2 = {"configOf", "Lcom/typesafe/config/Config;", "pairs", "", "Lkotlin/Pair;", "", "", "([Lkotlin/Pair;)Lcom/typesafe/config/Config;", "createKeystoreForCordaNode", "", "sslKeyStorePath", "Ljava/nio/file/Path;", "clientCAKeystorePath", "storePassword", "keyPassword", "caKeyStore", "Ljava/security/KeyStore;", "caKeyPassword", "legalName", "Lorg/bouncycastle/asn1/x500/X500Name;", "signatureScheme", "Lnet/corda/core/crypto/SignatureScheme;", "configureDevKeyAndTrustStores", "Lnet/corda/nodeapi/config/SSLConfiguration;", "myLegalName", "configureWithDevSSLCertificate", "Lnet/corda/node/services/config/NodeConfiguration;", "plus", "overrides", "", "node_main"})
/* loaded from: input_file:net/corda/node/services/config/ConfigUtilitiesKt.class */
public final class ConfigUtilitiesKt {
    @NotNull
    public static final Config configOf(@NotNull Pair<String, ? extends Object>... pairArr) {
        Intrinsics.checkParameterIsNotNull(pairArr, "pairs");
        Config parseMap = ConfigFactory.parseMap(MapsKt.mapOf((Pair[]) Arrays.copyOf(pairArr, pairArr.length)));
        Intrinsics.checkExpressionValueIsNotNull(parseMap, "ConfigFactory.parseMap(mapOf(*pairs))");
        return parseMap;
    }

    @NotNull
    public static final Config plus(@NotNull Config config, @NotNull Map<String, ? extends Object> map) {
        Intrinsics.checkParameterIsNotNull(config, "$receiver");
        Intrinsics.checkParameterIsNotNull(map, "overrides");
        Config withFallback = ConfigFactory.parseMap(map).withFallback((ConfigMergeable) config);
        Intrinsics.checkExpressionValueIsNotNull(withFallback, "ConfigFactory.parseMap(o…rides).withFallback(this)");
        return withFallback;
    }

    public static final void configureWithDevSSLCertificate(@NotNull NodeConfiguration nodeConfiguration) {
        Intrinsics.checkParameterIsNotNull(nodeConfiguration, "$receiver");
        configureDevKeyAndTrustStores((SSLConfiguration) nodeConfiguration, nodeConfiguration.getMyLegalName());
    }

    public static final void configureDevKeyAndTrustStores(@NotNull SSLConfiguration sSLConfiguration, @NotNull X500Name x500Name) {
        Intrinsics.checkParameterIsNotNull(sSLConfiguration, "$receiver");
        Intrinsics.checkParameterIsNotNull(x500Name, "myLegalName");
        InternalUtilsKt.createDirectories(sSLConfiguration.getCertificatesDirectory(), new FileAttribute[0]);
        if (!InternalUtilsKt.exists(sSLConfiguration.getTrustStoreFile(), new LinkOption[0])) {
            InternalUtilsKt.copyTo(sSLConfiguration.getClass().getClassLoader().getResourceAsStream("net/corda/node/internal/certificates/cordatruststore.jks"), sSLConfiguration.getTrustStoreFile(), new CopyOption[0]);
        }
        if (InternalUtilsKt.exists(sSLConfiguration.getSslKeystore(), new LinkOption[0]) && InternalUtilsKt.exists(sSLConfiguration.getNodeKeystore(), new LinkOption[0])) {
            return;
        }
        InputStream resourceAsStream = sSLConfiguration.getClass().getClassLoader().getResourceAsStream("net/corda/node/internal/certificates/cordadevcakeys.jks");
        Intrinsics.checkExpressionValueIsNotNull(resourceAsStream, "javaClass.classLoader.ge…ates/cordadevcakeys.jks\")");
        createKeystoreForCordaNode$default(sSLConfiguration.getSslKeystore(), sSLConfiguration.getNodeKeystore(), sSLConfiguration.getKeyStorePassword(), sSLConfiguration.getKeyStorePassword(), KeyStoreUtilitiesKt.loadKeyStore(resourceAsStream, "cordacadevpass"), "cordacadevkeypass", x500Name, null, 128, null);
    }

    public static final void createKeystoreForCordaNode(@NotNull Path path, @NotNull Path path2, @NotNull String str, @NotNull String str2, @NotNull KeyStore keyStore, @NotNull String str3, @NotNull X500Name x500Name, @NotNull SignatureScheme signatureScheme) {
        Intrinsics.checkParameterIsNotNull(path, "sslKeyStorePath");
        Intrinsics.checkParameterIsNotNull(path2, "clientCAKeystorePath");
        Intrinsics.checkParameterIsNotNull(str, "storePassword");
        Intrinsics.checkParameterIsNotNull(str2, "keyPassword");
        Intrinsics.checkParameterIsNotNull(keyStore, "caKeyStore");
        Intrinsics.checkParameterIsNotNull(str3, "caKeyPassword");
        Intrinsics.checkParameterIsNotNull(x500Name, "legalName");
        Intrinsics.checkParameterIsNotNull(signatureScheme, "signatureScheme");
        X509CertificateHolder x509Certificate = KeyStoreUtilitiesKt.getX509Certificate(keyStore, X509Utilities.INSTANCE.getCORDA_ROOT_CA());
        CertificateAndKeyPair certificateAndKeyPair = KeyStoreUtilitiesKt.getCertificateAndKeyPair(keyStore, X509Utilities.INSTANCE.getCORDA_INTERMEDIATE_CA(), str3);
        X509CertificateHolder component1 = certificateAndKeyPair.component1();
        KeyPair component2 = certificateAndKeyPair.component2();
        KeyPair generateKeyPair = Crypto.INSTANCE.generateKeyPair(signatureScheme);
        NameConstraints nameConstraints = new NameConstraints(new GeneralSubtree[]{new GeneralSubtree(new GeneralName(4, (ASN1Encodable) x500Name))}, new GeneralSubtree[0]);
        CertificateType certificateType = CertificateType.INTERMEDIATE_CA;
        PublicKey publicKey = generateKeyPair.getPublic();
        Intrinsics.checkExpressionValueIsNotNull(publicKey, "clientKey.public");
        X509CertificateHolder createCertificate$default = X509Utilities.createCertificate$default(certificateType, component1, component2, x500Name, publicKey, (Pair) null, nameConstraints, 32, (Object) null);
        KeyPair generateKeyPair2 = Crypto.INSTANCE.generateKeyPair(signatureScheme);
        CertificateType certificateType2 = CertificateType.TLS;
        PublicKey publicKey2 = generateKeyPair2.getPublic();
        Intrinsics.checkExpressionValueIsNotNull(publicKey2, "tlsKey.public");
        X509CertificateHolder createCertificate$default2 = X509Utilities.createCertificate$default(certificateType2, createCertificate$default, generateKeyPair, x500Name, publicKey2, (Pair) null, (NameConstraints) null, 96, (Object) null);
        if (str2 == null) {
            throw new TypeCastException("null cannot be cast to non-null type java.lang.String");
        }
        char[] charArray = str2.toCharArray();
        Intrinsics.checkExpressionValueIsNotNull(charArray, "(this as java.lang.String).toCharArray()");
        KeyStore loadOrCreateKeyStore = KeyStoreUtilitiesKt.loadOrCreateKeyStore(path2, str);
        String corda_client_ca = X509Utilities.INSTANCE.getCORDA_CLIENT_CA();
        PrivateKey privateKey = generateKeyPair.getPrivate();
        Intrinsics.checkExpressionValueIsNotNull(privateKey, "clientKey.private");
        KeyStoreUtilitiesKt.addOrReplaceKey(loadOrCreateKeyStore, corda_client_ca, privateKey, charArray, new X509CertificateHolder[]{createCertificate$default, component1, x509Certificate});
        KeyStoreUtilitiesKt.save(loadOrCreateKeyStore, path2, str);
        KeyStore loadOrCreateKeyStore2 = KeyStoreUtilitiesKt.loadOrCreateKeyStore(path, str);
        String corda_client_tls = X509Utilities.INSTANCE.getCORDA_CLIENT_TLS();
        PrivateKey privateKey2 = generateKeyPair2.getPrivate();
        Intrinsics.checkExpressionValueIsNotNull(privateKey2, "tlsKey.private");
        KeyStoreUtilitiesKt.addOrReplaceKey(loadOrCreateKeyStore2, corda_client_tls, privateKey2, charArray, new X509CertificateHolder[]{createCertificate$default2, createCertificate$default, component1, x509Certificate});
        KeyStoreUtilitiesKt.save(loadOrCreateKeyStore2, path, str);
    }

    public static /* bridge */ /* synthetic */ void createKeystoreForCordaNode$default(Path path, Path path2, String str, String str2, KeyStore keyStore, String str3, X500Name x500Name, SignatureScheme signatureScheme, int i, Object obj) {
        if ((i & 128) != 0) {
            signatureScheme = X509Utilities.INSTANCE.getDEFAULT_TLS_SIGNATURE_SCHEME();
        }
        createKeystoreForCordaNode(path, path2, str, str2, keyStore, str3, x500Name, signatureScheme);
    }
}
