package net.corda.node.utilities;

import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.TypeCastException;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.internal.Intrinsics;
import net.corda.core.identity.CordaX500Name;
import net.corda.core.internal.InternalUtilsKt;
import org.bouncycastle.asn1.x509.NameConstraints;
import org.bouncycastle.cert.X509CertificateHolder;
import org.jetbrains.annotations.NotNull;

/* compiled from: KeyStoreUtilities.kt */
@Metadata(mv = {1, 1, 7}, bv = {1, 0, 2}, k = 1, d1 = {"��`\n\u0002\u0018\u0002\n\u0002\u0010��\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000b\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u0011\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n��\u0018��2\u00020\u0001B\u0015\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005¢\u0006\u0002\u0010\u0006J\u000e\u0010\t\u001a\u00020\n2\u0006\u0010\u000b\u001a\u00020\u0005J\u000e\u0010\f\u001a\u00020\r2\u0006\u0010\u000b\u001a\u00020\u0005J\u0018\u0010\u000e\u001a\u00020\u000f2\u0006\u0010\u0010\u001a\u00020\u00112\u0006\u0010\u0012\u001a\u00020\u0013H\u0002J\u000e\u0010\u0014\u001a\u00020\u00152\u0006\u0010\u000b\u001a\u00020\u0005J\u001b\u0010\u0016\u001a\n\u0012\u0006\b\u0001\u0012\u00020\u00150\u00172\u0006\u0010\u000b\u001a\u00020\u0005¢\u0006\u0002\u0010\u0018J\u000e\u0010\u0019\u001a\u00020\u001a2\u0006\u0010\u000b\u001a\u00020\u0005J\u001e\u0010\u001b\u001a\u00020\u001c2\u0006\u0010\u0010\u001a\u00020\u00112\u0006\u0010\u001d\u001a\u00020\u00052\u0006\u0010\u0012\u001a\u00020\u0013J\u001e\u0010\u001e\u001a\u00020\u001c2\u0006\u0010\u0010\u001a\u00020\u00112\u0006\u0010\u001f\u001a\u00020\u00052\u0006\u0010 \u001a\u00020!R\u000e\u0010\u0007\u001a\u00020\bX\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n��¨\u0006\""}, d2 = {"Lnet/corda/node/utilities/KeyStoreWrapper;", "", "storePath", "Ljava/nio/file/Path;", "storePassword", "", "(Ljava/nio/file/Path;Ljava/lang/String;)V", "keyStore", "Ljava/security/KeyStore;", "certificateAndKeyPair", "Lnet/corda/node/utilities/CertificateAndKeyPair;", "alias", "containsAlias", "", "createCertificate", "Ljava/security/cert/CertPath;", "serviceName", "Lnet/corda/core/identity/CordaX500Name;", "pubKey", "Ljava/security/PublicKey;", "getCertificate", "Ljava/security/cert/Certificate;", "getCertificateChain", "", "(Ljava/lang/String;)[Ljava/security/cert/Certificate;", "getX509Certificate", "Ljava/security/cert/X509Certificate;", "savePublicKey", "", "pubKeyAlias", "signAndSaveNewKeyPair", "privateKeyAlias", "keyPair", "Ljava/security/KeyPair;", "node_main"})
/* loaded from: input_file:net/corda/node/utilities/KeyStoreWrapper.class */
public final class KeyStoreWrapper {
    private final KeyStore keyStore;
    private final Path storePath;
    private final String storePassword;

    private final CertPath createCertificate(CordaX500Name cordaX500Name, PublicKey publicKey) {
        Certificate[] certificateChain = this.keyStore.getCertificateChain(X509Utilities.CORDA_CLIENT_CA);
        CertificateAndKeyPair certificateAndKeyPair = certificateAndKeyPair(X509Utilities.CORDA_CLIENT_CA);
        X509CertificateHolder createCertificate$default = X509Utilities.createCertificate$default(CertificateType.IDENTITY, certificateAndKeyPair.getCertificate(), certificateAndKeyPair.getKeyPair(), cordaX500Name, publicKey, (Pair) null, (NameConstraints) null, 96, (Object) null);
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
        List listOf = CollectionsKt.listOf(InternalUtilsKt.getCert(createCertificate$default));
        Intrinsics.checkExpressionValueIsNotNull(certificateChain, "clientCertPath");
        CertPath generateCertPath = certificateFactory.generateCertPath(CollectionsKt.plus(listOf, certificateChain));
        if (!(!generateCertPath.getCertificates().isEmpty())) {
            throw new IllegalArgumentException("Certificate path cannot be empty".toString());
        }
        Intrinsics.checkExpressionValueIsNotNull(generateCertPath, "certPath");
        return generateCertPath;
    }

    public final void signAndSaveNewKeyPair(@NotNull CordaX500Name cordaX500Name, @NotNull String str, @NotNull KeyPair keyPair) {
        Intrinsics.checkParameterIsNotNull(cordaX500Name, "serviceName");
        Intrinsics.checkParameterIsNotNull(str, "privateKeyAlias");
        Intrinsics.checkParameterIsNotNull(keyPair, "keyPair");
        PublicKey publicKey = keyPair.getPublic();
        Intrinsics.checkExpressionValueIsNotNull(publicKey, "keyPair.public");
        CertPath createCertificate = createCertificate(cordaX500Name, publicKey);
        KeyStore keyStore = this.keyStore;
        PrivateKey privateKey = keyPair.getPrivate();
        Intrinsics.checkExpressionValueIsNotNull(privateKey, "keyPair.private");
        PrivateKey privateKey2 = privateKey;
        String str2 = this.storePassword;
        if (str2 == null) {
            throw new TypeCastException("null cannot be cast to non-null type java.lang.String");
        }
        char[] charArray = str2.toCharArray();
        Intrinsics.checkExpressionValueIsNotNull(charArray, "(this as java.lang.String).toCharArray()");
        List<? extends Certificate> certificates = createCertificate.getCertificates();
        if (certificates == null) {
            throw new TypeCastException("null cannot be cast to non-null type java.util.Collection<T>");
        }
        Object[] array = certificates.toArray(new Certificate[certificates.size()]);
        if (array == null) {
            throw new TypeCastException("null cannot be cast to non-null type kotlin.Array<T>");
        }
        KeyStoreUtilities.addOrReplaceKey(keyStore, str, privateKey2, charArray, (Certificate[]) array);
        KeyStoreUtilities.save(this.keyStore, this.storePath, this.storePassword);
    }

    public final void savePublicKey(@NotNull CordaX500Name cordaX500Name, @NotNull String str, @NotNull PublicKey publicKey) {
        Intrinsics.checkParameterIsNotNull(cordaX500Name, "serviceName");
        Intrinsics.checkParameterIsNotNull(str, "pubKeyAlias");
        Intrinsics.checkParameterIsNotNull(publicKey, "pubKey");
        CertPath createCertificate = createCertificate(cordaX500Name, publicKey);
        KeyStore keyStore = this.keyStore;
        Object first = CollectionsKt.first(createCertificate.getCertificates());
        Intrinsics.checkExpressionValueIsNotNull(first, "certPath.certificates.first()");
        KeyStoreUtilities.addOrReplaceCertificate(keyStore, str, (Certificate) first);
        KeyStoreUtilities.save(this.keyStore, this.storePath, this.storePassword);
    }

    public final boolean containsAlias(@NotNull String str) {
        Intrinsics.checkParameterIsNotNull(str, "alias");
        return this.keyStore.containsAlias(str);
    }

    @NotNull
    public final X509Certificate getX509Certificate(@NotNull String str) {
        Intrinsics.checkParameterIsNotNull(str, "alias");
        return KeyStoreUtilities.getX509Certificate(this.keyStore, str);
    }

    @NotNull
    public final Certificate[] getCertificateChain(@NotNull String str) {
        Intrinsics.checkParameterIsNotNull(str, "alias");
        Certificate[] certificateChain = this.keyStore.getCertificateChain(str);
        Intrinsics.checkExpressionValueIsNotNull(certificateChain, "keyStore.getCertificateChain(alias)");
        return certificateChain;
    }

    @NotNull
    public final Certificate getCertificate(@NotNull String str) {
        Intrinsics.checkParameterIsNotNull(str, "alias");
        Certificate certificate = this.keyStore.getCertificate(str);
        Intrinsics.checkExpressionValueIsNotNull(certificate, "keyStore.getCertificate(alias)");
        return certificate;
    }

    @NotNull
    public final CertificateAndKeyPair certificateAndKeyPair(@NotNull String str) {
        Intrinsics.checkParameterIsNotNull(str, "alias");
        return KeyStoreUtilities.getCertificateAndKeyPair(this.keyStore, str, this.storePassword);
    }

    public KeyStoreWrapper(@NotNull Path path, @NotNull String str) {
        Intrinsics.checkParameterIsNotNull(path, "storePath");
        Intrinsics.checkParameterIsNotNull(str, "storePassword");
        this.storePath = path;
        this.storePassword = str;
        OpenOption[] openOptionArr = new OpenOption[0];
        InputStream newInputStream = Files.newInputStream(this.storePath, (OpenOption[]) Arrays.copyOf(openOptionArr, openOptionArr.length));
        try {
            try {
                KeyStore loadKeyStore = KeyStoreUtilities.loadKeyStore(newInputStream, this.storePassword);
                if (newInputStream != null) {
                    newInputStream.close();
                }
                this.keyStore = loadKeyStore;
            } catch (Exception e) {
                if (newInputStream != null) {
                    try {
                        newInputStream.close();
                    } catch (Exception e2) {
                        throw e;
                    }
                }
                throw e;
            }
        } catch (Throwable th) {
            if (0 == 0 && newInputStream != null) {
                newInputStream.close();
            }
            throw th;
        }
    }
}
