package net.corda.node.utilities;

import java.io.Closeable;
import java.io.FileReader;
import java.io.FileWriter;
import java.math.BigInteger;
import java.nio.file.Path;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalAmount;
import java.util.Date;
import java.util.Set;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.Unit;
import kotlin.collections.ArraysKt;
import kotlin.collections.SetsKt;
import kotlin.jvm.JvmStatic;
import kotlin.jvm.internal.Intrinsics;
import net.corda.core.crypto.Crypto;
import net.corda.core.crypto.CryptoUtils;
import net.corda.core.crypto.SignatureScheme;
import net.corda.core.identity.CordaX500Name;
import net.corda.core.internal.X500NameUtils;
import net.corda.core.utilities.KotlinUtilsKt;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERUTF8String;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.NameConstraints;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.bc.BcX509ExtensionUtils;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.bouncycastle.util.io.pem.PemReader;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* compiled from: X509Utilities.kt */
@Metadata(mv = {1, 1, 7}, bv = {1, 0, 2}, k = 1, d1 = {"��\u0096\u0001\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u000b\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n��\n\u0002\u0010\u0011\n\u0002\u0018\u0002\n\u0002\b\u0002\bÆ\u0002\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002JF\u0010\u0012\u001a\u00020\u00132\u0006\u0010\u0014\u001a\u00020\u00152\u0006\u0010\u0016\u001a\u00020\u00172\u0006\u0010\u0018\u001a\u00020\u00172\u0006\u0010\u0019\u001a\u00020\u001a2\u0012\u0010\u001b\u001a\u000e\u0012\u0004\u0012\u00020\u001c\u0012\u0004\u0012\u00020\u001c0\u00102\n\b\u0002\u0010\u001d\u001a\u0004\u0018\u00010\u001eJU\u0010\u0012\u001a\u00020\u001f2\u0006\u0010\u0014\u001a\u00020\u00152\u0006\u0010\u0016\u001a\u00020 2\u0006\u0010!\u001a\u00020\"2\u0006\u0010\u0018\u001a\u00020 2\u0006\u0010\u0019\u001a\u00020\u001a2\u0012\u0010\u001b\u001a\u000e\u0012\u0004\u0012\u00020\u001c\u0012\u0004\u0012\u00020\u001c0\u00102\n\b\u0002\u0010\u001d\u001a\u0004\u0018\u00010\u001eH��¢\u0006\u0002\b#JM\u0010\u0012\u001a\u00020\u00132\u0006\u0010\u0014\u001a\u00020\u00152\u0006\u0010\u0016\u001a\u00020 2\u0006\u0010\u0018\u001a\u00020 2\u0006\u0010\u0019\u001a\u00020\u001a2\u0012\u0010\u001b\u001a\u000e\u0012\u0004\u0012\u00020\u001c\u0012\u0004\u0012\u00020\u001c0\u00102\n\b\u0002\u0010\u001d\u001a\u0004\u0018\u00010\u001eH��¢\u0006\u0002\b#JU\u0010\u0012\u001a\u00020\u001f2\u0006\u0010\u0014\u001a\u00020\u00152\u0006\u0010\u0016\u001a\u00020 2\u0006\u0010$\u001a\u00020%2\u0006\u0010\u0018\u001a\u00020\u00172\u0006\u0010\u0019\u001a\u00020\u001a2\u0012\u0010\u001b\u001a\u000e\u0012\u0004\u0012\u00020\u001c\u0012\u0004\u0012\u00020\u001c0\u00102\n\b\u0002\u0010\u001d\u001a\u0004\u0018\u00010\u001eH��¢\u0006\u0002\b#JR\u0010\u0012\u001a\u00020\u001f2\u0006\u0010\u0014\u001a\u00020\u00152\u0006\u0010&\u001a\u00020\u001f2\u0006\u0010!\u001a\u00020\"2\u0006\u0010\u0018\u001a\u00020\u00172\u0006\u0010\u0019\u001a\u00020\u001a2\u0014\b\u0002\u0010\u001b\u001a\u000e\u0012\u0004\u0012\u00020\u0011\u0012\u0004\u0012\u00020\u00110\u00102\n\b\u0002\u0010\u001d\u001a\u0004\u0018\u00010\u001eH\u0007JR\u0010\u0012\u001a\u00020\u001f2\u0006\u0010\u0014\u001a\u00020\u00152\u0006\u0010&\u001a\u00020\u001f2\u0006\u0010!\u001a\u00020\"2\u0006\u0010\u0018\u001a\u00020 2\u0006\u0010\u0019\u001a\u00020\u001a2\u0014\b\u0002\u0010\u001b\u001a\u000e\u0012\u0004\u0012\u00020\u0011\u0012\u0004\u0012\u00020\u00110\u00102\n\b\u0002\u0010\u001d\u001a\u0004\u0018\u00010\u001eH\u0007J\u001e\u0010'\u001a\u00020(2\u0006\u0010\u0018\u001a\u00020\u00172\u0006\u0010)\u001a\u00020\u00042\u0006\u0010*\u001a\u00020\"J-\u0010'\u001a\u00020(2\u0006\u0010\u0018\u001a\u00020\u00172\u0006\u0010)\u001a\u00020\u00042\u0006\u0010*\u001a\u00020\"2\u0006\u0010+\u001a\u00020\nH��¢\u0006\u0002\b,J.\u0010-\u001a\u00020\u001f2\u0006\u0010\u0018\u001a\u00020\u00172\u0006\u0010*\u001a\u00020\"2\u0014\b\u0002\u0010\u001b\u001a\u000e\u0012\u0004\u0012\u00020\u0011\u0012\u0004\u0012\u00020\u00110\u0010H\u0007J.\u0010.\u001a\u000e\u0012\u0004\u0012\u00020\u001c\u0012\u0004\u0012\u00020\u001c0\u00102\u0006\u0010/\u001a\u00020\u00112\u0006\u00100\u001a\u00020\u00112\n\b\u0002\u00101\u001a\u0004\u0018\u00010\u001fJ\u0010\u00102\u001a\u00020\u001f2\u0006\u00103\u001a\u000204H\u0007J\u001a\u00105\u001a\u00020\u001c2\u0006\u00106\u001a\u0002072\b\u00108\u001a\u0004\u0018\u00010\u001cH\u0002J\u001a\u00109\u001a\u00020\u001c2\u0006\u00106\u001a\u0002072\b\u00108\u001a\u0004\u0018\u00010\u001cH\u0002J\u0018\u0010:\u001a\u00020;2\u0006\u0010<\u001a\u00020\u001f2\u0006\u00103\u001a\u000204H\u0007J)\u0010=\u001a\u00020;2\u0006\u0010>\u001a\u00020?2\u0012\u0010@\u001a\n\u0012\u0006\b\u0001\u0012\u00020B0A\"\u00020BH\u0007¢\u0006\u0002\u0010CR\u000e\u0010\u0003\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n��R\u000e\u0010\u0005\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n��R\u000e\u0010\u0006\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n��R\u000e\u0010\u0007\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n��R\u000e\u0010\b\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n��R\u0011\u0010\t\u001a\u00020\n¢\u0006\b\n��\u001a\u0004\b\u000b\u0010\fR\u0011\u0010\r\u001a\u00020\n¢\u0006\b\n��\u001a\u0004\b\u000e\u0010\fR\u001a\u0010\u000f\u001a\u000e\u0012\u0004\u0012\u00020\u0011\u0012\u0004\u0012\u00020\u00110\u0010X\u0082\u0004¢\u0006\u0002\n��¨\u0006D"}, d2 = {"Lnet/corda/node/utilities/X509Utilities;", "", "()V", "CORDA_CLIENT_CA", "", "CORDA_CLIENT_CA_CN", "CORDA_CLIENT_TLS", "CORDA_INTERMEDIATE_CA", "CORDA_ROOT_CA", "DEFAULT_IDENTITY_SIGNATURE_SCHEME", "Lnet/corda/core/crypto/SignatureScheme;", "getDEFAULT_IDENTITY_SIGNATURE_SCHEME", "()Lnet/corda/core/crypto/SignatureScheme;", "DEFAULT_TLS_SIGNATURE_SCHEME", "getDEFAULT_TLS_SIGNATURE_SCHEME", "DEFAULT_VALIDITY_WINDOW", "Lkotlin/Pair;", "Ljava/time/Duration;", "createCertificate", "Lorg/bouncycastle/cert/X509v3CertificateBuilder;", "certificateType", "Lnet/corda/node/utilities/CertificateType;", "issuer", "Lnet/corda/core/identity/CordaX500Name;", "subject", "subjectPublicKey", "Ljava/security/PublicKey;", "validityWindow", "Ljava/util/Date;", "nameConstraints", "Lorg/bouncycastle/asn1/x509/NameConstraints;", "Lorg/bouncycastle/cert/X509CertificateHolder;", "Lorg/bouncycastle/asn1/x500/X500Name;", "issuerKeyPair", "Ljava/security/KeyPair;", "createCertificate$node_main", "issuerSigner", "Lorg/bouncycastle/operator/ContentSigner;", "issuerCertificate", "createCertificateSigningRequest", "Lorg/bouncycastle/pkcs/PKCS10CertificationRequest;", "email", "keyPair", "signatureScheme", "createCertificateSigningRequest$node_main", "createSelfSignedCACertificate", "getCertificateValidityWindow", "before", "after", "parent", "loadCertificateFromPEMFile", "filename", "Ljava/nio/file/Path;", "max", "first", "Ljava/time/Instant;", "second", "min", "saveCertificateAsPEMFile", "", "x509Certificate", "validateCertificateChain", "trustedRoot", "Ljava/security/cert/X509Certificate;", "certificates", "", "Ljava/security/cert/Certificate;", "(Ljava/security/cert/X509Certificate;[Ljava/security/cert/Certificate;)V", "node_main"})
/* loaded from: input_file:net/corda/node/utilities/X509Utilities.class */
public final class X509Utilities {

    @NotNull
    private static final SignatureScheme DEFAULT_IDENTITY_SIGNATURE_SCHEME = null;

    @NotNull
    private static final SignatureScheme DEFAULT_TLS_SIGNATURE_SCHEME = null;

    @NotNull
    public static final String CORDA_ROOT_CA = "cordarootca";

    @NotNull
    public static final String CORDA_INTERMEDIATE_CA = "cordaintermediateca";

    @NotNull
    public static final String CORDA_CLIENT_TLS = "cordaclienttls";

    @NotNull
    public static final String CORDA_CLIENT_CA = "cordaclientca";

    @NotNull
    public static final String CORDA_CLIENT_CA_CN = "Corda Client CA Certificate";
    private static final Pair<Duration, Duration> DEFAULT_VALIDITY_WINDOW = null;
    public static final X509Utilities INSTANCE = null;

    @NotNull
    public final SignatureScheme getDEFAULT_IDENTITY_SIGNATURE_SCHEME() {
        return DEFAULT_IDENTITY_SIGNATURE_SCHEME;
    }

    @NotNull
    public final SignatureScheme getDEFAULT_TLS_SIGNATURE_SCHEME() {
        return DEFAULT_TLS_SIGNATURE_SCHEME;
    }

    private final Date max(Instant instant, Date date) {
        return (date == null || date.getTime() <= instant.toEpochMilli()) ? new Date(instant.toEpochMilli()) : date;
    }

    private final Date min(Instant instant, Date date) {
        return (date == null || date.getTime() >= instant.toEpochMilli()) ? new Date(instant.toEpochMilli()) : date;
    }

    @NotNull
    public final Pair<Date, Date> getCertificateValidityWindow(@NotNull Duration duration, @NotNull Duration duration2, @Nullable X509CertificateHolder x509CertificateHolder) {
        Intrinsics.checkParameterIsNotNull(duration, "before");
        Intrinsics.checkParameterIsNotNull(duration2, "after");
        Instant truncatedTo = Instant.now().truncatedTo(ChronoUnit.DAYS);
        Instant minus = truncatedTo.minus((TemporalAmount) duration);
        Intrinsics.checkExpressionValueIsNotNull(minus, "startOfDayUTC - before");
        Date max = max(minus, x509CertificateHolder != null ? x509CertificateHolder.getNotBefore() : null);
        Instant plus = truncatedTo.plus((TemporalAmount) duration2);
        Intrinsics.checkExpressionValueIsNotNull(plus, "startOfDayUTC + after");
        return new Pair<>(max, min(plus, x509CertificateHolder != null ? x509CertificateHolder.getNotAfter() : null));
    }

    @NotNull
    public static /* bridge */ /* synthetic */ Pair getCertificateValidityWindow$default(X509Utilities x509Utilities, Duration duration, Duration duration2, X509CertificateHolder x509CertificateHolder, int i, Object obj) {
        if ((i & 4) != 0) {
            x509CertificateHolder = (X509CertificateHolder) null;
        }
        return x509Utilities.getCertificateValidityWindow(duration, duration2, x509CertificateHolder);
    }

    @JvmStatic
    @NotNull
    public static final X509CertificateHolder createSelfSignedCACertificate(@NotNull CordaX500Name cordaX500Name, @NotNull KeyPair keyPair, @NotNull Pair<Duration, Duration> pair) {
        Intrinsics.checkParameterIsNotNull(cordaX500Name, "subject");
        Intrinsics.checkParameterIsNotNull(keyPair, "keyPair");
        Intrinsics.checkParameterIsNotNull(pair, "validityWindow");
        Pair certificateValidityWindow$default = getCertificateValidityWindow$default(INSTANCE, (Duration) pair.getFirst(), (Duration) pair.getSecond(), null, 4, null);
        X509Utilities x509Utilities = INSTANCE;
        CertificateType certificateType = CertificateType.ROOT_CA;
        X500Name x500Name = X500NameUtils.getX500Name(cordaX500Name);
        X500Name x500Name2 = X500NameUtils.getX500Name(cordaX500Name);
        PublicKey publicKey = keyPair.getPublic();
        Intrinsics.checkExpressionValueIsNotNull(publicKey, "keyPair.public");
        return createCertificate$node_main$default(x509Utilities, certificateType, x500Name, keyPair, x500Name2, publicKey, certificateValidityWindow$default, (NameConstraints) null, 64, (Object) null);
    }

    @JvmStatic
    @NotNull
    public static /* bridge */ /* synthetic */ X509CertificateHolder createSelfSignedCACertificate$default(CordaX500Name cordaX500Name, KeyPair keyPair, Pair pair, int i, Object obj) {
        if ((i & 4) != 0) {
            pair = DEFAULT_VALIDITY_WINDOW;
        }
        return createSelfSignedCACertificate(cordaX500Name, keyPair, pair);
    }

    @JvmStatic
    @NotNull
    public static final X509CertificateHolder createCertificate(@NotNull CertificateType certificateType, @NotNull X509CertificateHolder x509CertificateHolder, @NotNull KeyPair keyPair, @NotNull CordaX500Name cordaX500Name, @NotNull PublicKey publicKey, @NotNull Pair<Duration, Duration> pair, @Nullable NameConstraints nameConstraints) {
        Intrinsics.checkParameterIsNotNull(certificateType, "certificateType");
        Intrinsics.checkParameterIsNotNull(x509CertificateHolder, "issuerCertificate");
        Intrinsics.checkParameterIsNotNull(keyPair, "issuerKeyPair");
        Intrinsics.checkParameterIsNotNull(cordaX500Name, "subject");
        Intrinsics.checkParameterIsNotNull(publicKey, "subjectPublicKey");
        Intrinsics.checkParameterIsNotNull(pair, "validityWindow");
        return createCertificate(certificateType, x509CertificateHolder, keyPair, X500NameUtils.getX500Name(cordaX500Name), publicKey, pair, nameConstraints);
    }

    @JvmStatic
    @NotNull
    public static /* bridge */ /* synthetic */ X509CertificateHolder createCertificate$default(CertificateType certificateType, X509CertificateHolder x509CertificateHolder, KeyPair keyPair, CordaX500Name cordaX500Name, PublicKey publicKey, Pair pair, NameConstraints nameConstraints, int i, Object obj) {
        if ((i & 32) != 0) {
            pair = DEFAULT_VALIDITY_WINDOW;
        }
        if ((i & 64) != 0) {
            nameConstraints = (NameConstraints) null;
        }
        return createCertificate(certificateType, x509CertificateHolder, keyPair, cordaX500Name, publicKey, (Pair<Duration, Duration>) pair, nameConstraints);
    }

    @JvmStatic
    @NotNull
    public static final X509CertificateHolder createCertificate(@NotNull CertificateType certificateType, @NotNull X509CertificateHolder x509CertificateHolder, @NotNull KeyPair keyPair, @NotNull X500Name x500Name, @NotNull PublicKey publicKey, @NotNull Pair<Duration, Duration> pair, @Nullable NameConstraints nameConstraints) {
        Intrinsics.checkParameterIsNotNull(certificateType, "certificateType");
        Intrinsics.checkParameterIsNotNull(x509CertificateHolder, "issuerCertificate");
        Intrinsics.checkParameterIsNotNull(keyPair, "issuerKeyPair");
        Intrinsics.checkParameterIsNotNull(x500Name, "subject");
        Intrinsics.checkParameterIsNotNull(publicKey, "subjectPublicKey");
        Intrinsics.checkParameterIsNotNull(pair, "validityWindow");
        Pair<Date, Date> certificateValidityWindow = INSTANCE.getCertificateValidityWindow((Duration) pair.getFirst(), (Duration) pair.getSecond(), x509CertificateHolder);
        X509Utilities x509Utilities = INSTANCE;
        X500Name subject = x509CertificateHolder.getSubject();
        Intrinsics.checkExpressionValueIsNotNull(subject, "issuerCertificate.subject");
        return x509Utilities.createCertificate$node_main(certificateType, subject, keyPair, x500Name, publicKey, certificateValidityWindow, nameConstraints);
    }

    @JvmStatic
    @NotNull
    public static /* bridge */ /* synthetic */ X509CertificateHolder createCertificate$default(CertificateType certificateType, X509CertificateHolder x509CertificateHolder, KeyPair keyPair, X500Name x500Name, PublicKey publicKey, Pair pair, NameConstraints nameConstraints, int i, Object obj) {
        if ((i & 32) != 0) {
            pair = DEFAULT_VALIDITY_WINDOW;
        }
        if ((i & 64) != 0) {
            nameConstraints = (NameConstraints) null;
        }
        return createCertificate(certificateType, x509CertificateHolder, keyPair, x500Name, publicKey, (Pair<Duration, Duration>) pair, nameConstraints);
    }

    public final void validateCertificateChain(@NotNull X509Certificate x509Certificate, @NotNull Certificate... certificateArr) throws CertPathValidatorException {
        Intrinsics.checkParameterIsNotNull(x509Certificate, "trustedRoot");
        Intrinsics.checkParameterIsNotNull(certificateArr, "certificates");
        if (!(!(certificateArr.length == 0))) {
            throw new IllegalArgumentException("Certificate path must contain at least one certificate".toString());
        }
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
        PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) SetsKt.setOf(new TrustAnchor(x509Certificate, null)));
        pKIXParameters.setRevocationEnabled(false);
        CertPathValidator.getInstance("PKIX").validate(certificateFactory.generateCertPath(ArraysKt.toList(certificateArr)), pKIXParameters);
    }

    @JvmStatic
    public static final void saveCertificateAsPEMFile(@NotNull X509CertificateHolder x509CertificateHolder, @NotNull Path path) {
        Intrinsics.checkParameterIsNotNull(x509CertificateHolder, "x509Certificate");
        Intrinsics.checkParameterIsNotNull(path, "filename");
        FileWriter fileWriter = new FileWriter(path.toFile());
        try {
            try {
                JcaPEMWriter jcaPEMWriter = (Closeable) new JcaPEMWriter(fileWriter);
                try {
                    try {
                        jcaPEMWriter.writeObject(x509CertificateHolder);
                        Unit unit = Unit.INSTANCE;
                        jcaPEMWriter.close();
                        Unit unit2 = Unit.INSTANCE;
                        fileWriter.close();
                    } catch (Throwable th) {
                        if (0 == 0) {
                            jcaPEMWriter.close();
                        }
                        throw th;
                    }
                } catch (Exception e) {
                    try {
                        jcaPEMWriter.close();
                    } catch (Exception e2) {
                    }
                    throw e;
                }
            } catch (Exception e3) {
                try {
                    fileWriter.close();
                } catch (Exception e4) {
                }
                throw e3;
            }
        } catch (Throwable th2) {
            if (0 == 0) {
                fileWriter.close();
            }
            throw th2;
        }
    }

    @JvmStatic
    @NotNull
    public static final X509CertificateHolder loadCertificateFromPEMFile(@NotNull Path path) {
        Intrinsics.checkParameterIsNotNull(path, "filename");
        X509CertificateHolder x509CertificateHolder = new X509CertificateHolder(new PemReader(new FileReader(path.toFile())).readPemObject().getContent());
        x509CertificateHolder.isValidOn(new Date());
        return x509CertificateHolder;
    }

    @NotNull
    public final X509v3CertificateBuilder createCertificate(@NotNull CertificateType certificateType, @NotNull CordaX500Name cordaX500Name, @NotNull CordaX500Name cordaX500Name2, @NotNull PublicKey publicKey, @NotNull Pair<? extends Date, ? extends Date> pair, @Nullable NameConstraints nameConstraints) {
        Intrinsics.checkParameterIsNotNull(certificateType, "certificateType");
        Intrinsics.checkParameterIsNotNull(cordaX500Name, "issuer");
        Intrinsics.checkParameterIsNotNull(cordaX500Name2, "subject");
        Intrinsics.checkParameterIsNotNull(publicKey, "subjectPublicKey");
        Intrinsics.checkParameterIsNotNull(pair, "validityWindow");
        return createCertificate$node_main(certificateType, X500NameUtils.getX500Name(cordaX500Name), X500NameUtils.getX500Name(cordaX500Name2), publicKey, pair, nameConstraints);
    }

    @NotNull
    public static /* bridge */ /* synthetic */ X509v3CertificateBuilder createCertificate$default(X509Utilities x509Utilities, CertificateType certificateType, CordaX500Name cordaX500Name, CordaX500Name cordaX500Name2, PublicKey publicKey, Pair pair, NameConstraints nameConstraints, int i, Object obj) {
        if ((i & 32) != 0) {
            nameConstraints = (NameConstraints) null;
        }
        return x509Utilities.createCertificate(certificateType, cordaX500Name, cordaX500Name2, publicKey, pair, nameConstraints);
    }

    @NotNull
    public final X509v3CertificateBuilder createCertificate$node_main(@NotNull CertificateType certificateType, @NotNull X500Name x500Name, @NotNull X500Name x500Name2, @NotNull PublicKey publicKey, @NotNull Pair<? extends Date, ? extends Date> pair, @Nullable NameConstraints nameConstraints) {
        Intrinsics.checkParameterIsNotNull(certificateType, "certificateType");
        Intrinsics.checkParameterIsNotNull(x500Name, "issuer");
        Intrinsics.checkParameterIsNotNull(x500Name2, "subject");
        Intrinsics.checkParameterIsNotNull(publicKey, "subjectPublicKey");
        Intrinsics.checkParameterIsNotNull(pair, "validityWindow");
        BigInteger valueOf = BigInteger.valueOf(CryptoUtils.random63BitValue());
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        for (ASN1Encodable aSN1Encodable : certificateType.getPurposes()) {
            aSN1EncodableVector.add((KeyPurposeId) aSN1Encodable);
        }
        X509v3CertificateBuilder addExtension = new JcaX509v3CertificateBuilder(x500Name, valueOf, (Date) pair.getFirst(), (Date) pair.getSecond(), x500Name2, publicKey).addExtension(Extension.subjectKeyIdentifier, false, new BcX509ExtensionUtils().createSubjectKeyIdentifier(SubjectPublicKeyInfo.getInstance(ASN1Sequence.getInstance(publicKey.getEncoded())))).addExtension(Extension.basicConstraints, certificateType.isCA(), new BasicConstraints(certificateType.isCA())).addExtension(Extension.keyUsage, false, certificateType.getKeyUsage()).addExtension(Extension.extendedKeyUsage, false, new DERSequence(aSN1EncodableVector));
        if (nameConstraints != null) {
            addExtension.addExtension(Extension.nameConstraints, true, (ASN1Encodable) nameConstraints);
        }
        Intrinsics.checkExpressionValueIsNotNull(addExtension, "builder");
        return addExtension;
    }

    @NotNull
    public static /* bridge */ /* synthetic */ X509v3CertificateBuilder createCertificate$node_main$default(X509Utilities x509Utilities, CertificateType certificateType, X500Name x500Name, X500Name x500Name2, PublicKey publicKey, Pair pair, NameConstraints nameConstraints, int i, Object obj) {
        if ((i & 32) != 0) {
            nameConstraints = (NameConstraints) null;
        }
        return x509Utilities.createCertificate$node_main(certificateType, x500Name, x500Name2, publicKey, pair, nameConstraints);
    }

    @NotNull
    public final X509CertificateHolder createCertificate$node_main(@NotNull CertificateType certificateType, @NotNull X500Name x500Name, @NotNull ContentSigner contentSigner, @NotNull CordaX500Name cordaX500Name, @NotNull PublicKey publicKey, @NotNull Pair<? extends Date, ? extends Date> pair, @Nullable NameConstraints nameConstraints) {
        Intrinsics.checkParameterIsNotNull(certificateType, "certificateType");
        Intrinsics.checkParameterIsNotNull(x500Name, "issuer");
        Intrinsics.checkParameterIsNotNull(contentSigner, "issuerSigner");
        Intrinsics.checkParameterIsNotNull(cordaX500Name, "subject");
        Intrinsics.checkParameterIsNotNull(publicKey, "subjectPublicKey");
        Intrinsics.checkParameterIsNotNull(pair, "validityWindow");
        X509CertificateHolder build = createCertificate$node_main(certificateType, x500Name, X500NameUtils.getX500Name(cordaX500Name), publicKey, pair, nameConstraints).build(contentSigner);
        if (!build.isValidOn(new Date())) {
            throw new IllegalArgumentException("Failed requirement.".toString());
        }
        Intrinsics.checkExpressionValueIsNotNull(build, "builder.build(issuerSign…alidOn(Date()))\n        }");
        return build;
    }

    @NotNull
    public static /* bridge */ /* synthetic */ X509CertificateHolder createCertificate$node_main$default(X509Utilities x509Utilities, CertificateType certificateType, X500Name x500Name, ContentSigner contentSigner, CordaX500Name cordaX500Name, PublicKey publicKey, Pair pair, NameConstraints nameConstraints, int i, Object obj) {
        if ((i & 64) != 0) {
            nameConstraints = (NameConstraints) null;
        }
        return x509Utilities.createCertificate$node_main(certificateType, x500Name, contentSigner, cordaX500Name, publicKey, (Pair<? extends Date, ? extends Date>) pair, nameConstraints);
    }

    @NotNull
    public final X509CertificateHolder createCertificate$node_main(@NotNull CertificateType certificateType, @NotNull X500Name x500Name, @NotNull KeyPair keyPair, @NotNull X500Name x500Name2, @NotNull PublicKey publicKey, @NotNull Pair<? extends Date, ? extends Date> pair, @Nullable NameConstraints nameConstraints) {
        Intrinsics.checkParameterIsNotNull(certificateType, "certificateType");
        Intrinsics.checkParameterIsNotNull(x500Name, "issuer");
        Intrinsics.checkParameterIsNotNull(keyPair, "issuerKeyPair");
        Intrinsics.checkParameterIsNotNull(x500Name2, "subject");
        Intrinsics.checkParameterIsNotNull(publicKey, "subjectPublicKey");
        Intrinsics.checkParameterIsNotNull(pair, "validityWindow");
        PrivateKey privateKey = keyPair.getPrivate();
        Intrinsics.checkExpressionValueIsNotNull(privateKey, "issuerKeyPair.private");
        SignatureScheme findSignatureScheme = Crypto.findSignatureScheme(privateKey);
        Provider findProvider = Crypto.findProvider(findSignatureScheme.getProviderName());
        X509v3CertificateBuilder createCertificate$node_main = createCertificate$node_main(certificateType, x500Name, x500Name2, publicKey, pair, nameConstraints);
        ContentSignerBuilder contentSignerBuilder = ContentSignerBuilder.INSTANCE;
        PrivateKey privateKey2 = keyPair.getPrivate();
        Intrinsics.checkExpressionValueIsNotNull(privateKey2, "issuerKeyPair.private");
        X509CertificateHolder build = createCertificate$node_main.build(ContentSignerBuilder.build$default(contentSignerBuilder, findSignatureScheme, privateKey2, findProvider, null, 8, null));
        if (!build.isValidOn(new Date())) {
            throw new IllegalArgumentException("Failed requirement.".toString());
        }
        if (!build.isSignatureValid(new JcaContentVerifierProviderBuilder().build(keyPair.getPublic()))) {
            throw new IllegalArgumentException("Failed requirement.".toString());
        }
        Intrinsics.checkExpressionValueIsNotNull(build, "builder.build(signer).ap…yPair.public)))\n        }");
        return build;
    }

    @NotNull
    public static /* bridge */ /* synthetic */ X509CertificateHolder createCertificate$node_main$default(X509Utilities x509Utilities, CertificateType certificateType, X500Name x500Name, KeyPair keyPair, X500Name x500Name2, PublicKey publicKey, Pair pair, NameConstraints nameConstraints, int i, Object obj) {
        if ((i & 64) != 0) {
            nameConstraints = (NameConstraints) null;
        }
        return x509Utilities.createCertificate$node_main(certificateType, x500Name, keyPair, x500Name2, publicKey, (Pair<? extends Date, ? extends Date>) pair, nameConstraints);
    }

    @NotNull
    public final PKCS10CertificationRequest createCertificateSigningRequest$node_main(@NotNull CordaX500Name cordaX500Name, @NotNull String str, @NotNull KeyPair keyPair, @NotNull SignatureScheme signatureScheme) {
        Intrinsics.checkParameterIsNotNull(cordaX500Name, "subject");
        Intrinsics.checkParameterIsNotNull(str, "email");
        Intrinsics.checkParameterIsNotNull(keyPair, "keyPair");
        Intrinsics.checkParameterIsNotNull(signatureScheme, "signatureScheme");
        ContentSignerBuilder contentSignerBuilder = ContentSignerBuilder.INSTANCE;
        PrivateKey privateKey = keyPair.getPrivate();
        Intrinsics.checkExpressionValueIsNotNull(privateKey, "keyPair.private");
        PKCS10CertificationRequest build = new JcaPKCS10CertificationRequestBuilder(X500NameUtils.getX500Name(cordaX500Name), keyPair.getPublic()).addAttribute(BCStyle.E, new DERUTF8String(str)).build(ContentSignerBuilder.build$default(contentSignerBuilder, signatureScheme, privateKey, Crypto.findProvider(signatureScheme.getProviderName()), null, 8, null));
        Intrinsics.checkExpressionValueIsNotNull(build, "JcaPKCS10CertificationRe…ing(email)).build(signer)");
        return build;
    }

    @NotNull
    public final PKCS10CertificationRequest createCertificateSigningRequest(@NotNull CordaX500Name cordaX500Name, @NotNull String str, @NotNull KeyPair keyPair) {
        Intrinsics.checkParameterIsNotNull(cordaX500Name, "subject");
        Intrinsics.checkParameterIsNotNull(str, "email");
        Intrinsics.checkParameterIsNotNull(keyPair, "keyPair");
        return createCertificateSigningRequest$node_main(cordaX500Name, str, keyPair, DEFAULT_TLS_SIGNATURE_SCHEME);
    }

    private X509Utilities() {
        INSTANCE = this;
        DEFAULT_IDENTITY_SIGNATURE_SCHEME = Crypto.EDDSA_ED25519_SHA512;
        DEFAULT_TLS_SIGNATURE_SCHEME = Crypto.ECDSA_SECP256R1_SHA256;
        DEFAULT_VALIDITY_WINDOW = new Pair<>(KotlinUtilsKt.getMillis(0), KotlinUtilsKt.getDays(3650));
    }

    static {
        new X509Utilities();
    }
}
