package net.corda.node.utilities.registration;

import java.io.Closeable;
import java.io.IOException;
import java.io.PrintStream;
import java.io.StringWriter;
import java.net.ConnectException;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.util.List;
import java.util.stream.Stream;
import javax.naming.ServiceUnavailableException;
import javax.security.auth.x500.X500Principal;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.Unit;
import kotlin.collections.CollectionsKt;
import kotlin.io.CloseableKt;
import kotlin.io.ConsoleKt;
import kotlin.jdk7.AutoCloseableKt;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.FunctionReference;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.Reflection;
import kotlin.reflect.KDeclarationContainer;
import kotlin.text.StringsKt;
import net.corda.core.crypto.Crypto;
import net.corda.core.crypto.internal.AliasPrivateKey;
import net.corda.core.identity.CordaX500Name;
import net.corda.core.internal.CertRole;
import net.corda.core.internal.PathUtilsKt;
import net.corda.core.internal.X500UtilsKt;
import net.corda.core.utilities.KotlinUtilsKt;
import net.corda.node.services.config.shell.ShellSafetyConfigKt;
import net.corda.node.services.identity.PersistentIdentityService;
import net.corda.nodeapi.internal.config.CertificateStore;
import net.corda.nodeapi.internal.crypto.CertificateAndKeyPair;
import net.corda.nodeapi.internal.crypto.NOT_YET_REGISTERED_MARKER_KEYS_AND_CERTS;
import net.corda.nodeapi.internal.crypto.X509KeyStore;
import net.corda.nodeapi.internal.crypto.X509Utilities;
import net.corda.nodeapi.internal.cryptoservice.CryptoService;
import net.corda.nodeapi.internal.cryptoservice.bouncycastle.BCCryptoService;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.util.io.pem.PemObject;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.slf4j.Logger;

/* compiled from: NetworkRegistrationHelper.kt */
@Metadata(mv = {1, 1, 11}, bv = {1, 0, 2}, k = 1, d1 = {"��\u008e\u0001\n\u0002\u0018\u0002\n\u0002\u0010��\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0010\u000b\n��\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n��\n\u0002\u0010 \n��\n\u0002\u0018\u0002\n\u0002\b\u0007\n\u0002\u0018\u0002\n\u0002\b\u0004\b\u0016\u0018�� @2\u00020\u0001:\u0001@B{\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\u0006\u0010\u0006\u001a\u00020\u0007\u0012\u0006\u0010\b\u001a\u00020\t\u0012\u0006\u0010\n\u001a\u00020\t\u0012\u0006\u0010\u000b\u001a\u00020\f\u0012\u0018\b\u0002\u0010\r\u001a\u0012\u0012\u0006\u0012\u0004\u0018\u00010\u000f\u0012\u0006\u0012\u0004\u0018\u00010\u000f0\u000e\u0012\u0014\b\u0002\u0010\u0010\u001a\u000e\u0012\u0004\u0012\u00020\t\u0012\u0004\u0012\u00020\u00110\u000e\u0012\u0014\b\u0002\u0010\u0012\u001a\u000e\u0012\u0004\u0012\u00020\t\u0012\u0004\u0012\u00020\u00110\u000e¢\u0006\u0002\u0010\u0013J\u0006\u0010(\u001a\u00020\u0011J\n\u0010)\u001a\u0004\u0018\u00010!H\u0002J\b\u0010*\u001a\u00020+H\u0014J\b\u0010,\u001a\u00020-H\u0002J0\u0010.\u001a\u00020\u00112\u0006\u0010/\u001a\u00020-2\u0006\u00100\u001a\u0002012\f\u00102\u001a\b\u0012\u0004\u0012\u00020!032\b\u00104\u001a\u0004\u0018\u000105H\u0014J\u0016\u00106\u001a\b\u0012\u0004\u0012\u00020!032\u0006\u00107\u001a\u00020\tH\u0002J\u0018\u00108\u001a\u00020\t2\u0006\u0010/\u001a\u00020-2\u0006\u00100\u001a\u000201H\u0002J\n\u00109\u001a\u0004\u0018\u00010!H\u0014J\u001e\u0010:\u001a\u00020\u00112\u0006\u0010;\u001a\u00020-2\f\u00102\u001a\b\u0012\u0004\u0012\u00020!03H\u0002J\u001e\u0010<\u001a\u00020=*\u00020\u00152\u0006\u0010>\u001a\u00020\t2\b\b\u0002\u0010?\u001a\u00020\tH\u0002R\u000e\u0010\u000b\u001a\u00020\fX\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0014\u001a\u00020\u0015X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0016\u001a\u00020\u0007X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0017\u001a\u00020\u0018X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0019\u001a\u00020\tX\u0082\u0004¢\u0006\u0002\n��R \u0010\u0012\u001a\u000e\u0012\u0004\u0012\u00020\t\u0012\u0004\u0012\u00020\u00110\u000eX\u0084\u0004¢\u0006\b\n��\u001a\u0004\b\u001a\u0010\u001bR \u0010\u0010\u001a\u000e\u0012\u0004\u0012\u00020\t\u0012\u0004\u0012\u00020\u00110\u000eX\u0084\u0004¢\u0006\b\n��\u001a\u0004\b\u001c\u0010\u001bR\u000e\u0010\u001d\u001a\u00020\u001eX\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0006\u001a\u00020\u0007X\u0082\u0004¢\u0006\u0002\n��R\u001e\u0010\r\u001a\u0012\u0012\u0006\u0012\u0004\u0018\u00010\u000f\u0012\u0006\u0012\u0004\u0018\u00010\u000f0\u000eX\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\n\u001a\u00020\tX\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u001f\u001a\u00020\u0007X\u0082\u0004¢\u0006\u0002\n��R\u0014\u0010 \u001a\u00020!X\u0084\u0004¢\u0006\b\n��\u001a\u0004\b\"\u0010#R\u0014\u0010$\u001a\u00020%X\u0084\u0004¢\u0006\b\n��\u001a\u0004\b&\u0010'¨\u0006A"}, d2 = {"Lnet/corda/node/utilities/registration/NetworkRegistrationHelper;", ShellSafetyConfigKt.SAFE_INTERNAL_SHELL_PERMISSION, "config", "Lnet/corda/node/utilities/registration/NodeRegistrationConfiguration;", "certService", "Lnet/corda/node/utilities/registration/NetworkRegistrationService;", "networkRootTrustStorePath", "Ljava/nio/file/Path;", "networkRootTrustStorePassword", ShellSafetyConfigKt.SAFE_INTERNAL_SHELL_PERMISSION, "nodeCaKeyAlias", "certRole", "Lnet/corda/core/internal/CertRole;", "nextIdleDuration", "Lkotlin/Function1;", "Ljava/time/Duration;", "logProgress", ShellSafetyConfigKt.SAFE_INTERNAL_SHELL_PERMISSION, "logError", "(Lnet/corda/node/utilities/registration/NodeRegistrationConfiguration;Lnet/corda/node/utilities/registration/NetworkRegistrationService;Ljava/nio/file/Path;Ljava/lang/String;Ljava/lang/String;Lnet/corda/core/internal/CertRole;Lkotlin/jvm/functions/Function1;Lkotlin/jvm/functions/Function1;Lkotlin/jvm/functions/Function1;)V", "certificateStore", "Lnet/corda/nodeapi/internal/config/CertificateStore;", "certificatesDirectory", "cryptoService", "Lnet/corda/nodeapi/internal/cryptoservice/CryptoService;", "emailAddress", "getLogError", "()Lkotlin/jvm/functions/Function1;", "getLogProgress", "myLegalName", "Lnet/corda/core/identity/CordaX500Name;", "requestIdStore", "rootCert", "Ljava/security/cert/X509Certificate;", "getRootCert", "()Ljava/security/cert/X509Certificate;", "rootTrustStore", "Lnet/corda/nodeapi/internal/crypto/X509KeyStore;", "getRootTrustStore", "()Lnet/corda/nodeapi/internal/crypto/X509KeyStore;", "generateKeysAndRegister", "getTlsCrlIssuerCert", "isTlsCrlIssuerCertRequired", ShellSafetyConfigKt.SAFE_INTERNAL_SHELL_PERMISSION, "loadOrGenerateKeyPair", "Ljava/security/PublicKey;", "onSuccess", "publicKey", "contentSigner", "Lorg/bouncycastle/operator/ContentSigner;", "certificates", ShellSafetyConfigKt.SAFE_INTERNAL_SHELL_PERMISSION, "tlsCrlCertificateIssuer", "Lorg/bouncycastle/asn1/x500/X500Name;", "pollServerForCertificates", "requestId", "submitOrResumeCertificateSigningRequest", "validateAndGetTlsCrlIssuerCert", "validateCertificates", "registeringPublicKey", "loadOrCreateKeyPair", "Ljava/security/KeyPair;", "alias", "entryPassword", "Companion", "node"})
/* loaded from: input_file:net/corda/node/utilities/registration/NetworkRegistrationHelper.class */
public class NetworkRegistrationHelper {
    private final Path certificatesDirectory;
    private final CordaX500Name myLegalName;
    private final String emailAddress;
    private final CryptoService cryptoService;
    private final CertificateStore certificateStore;
    private final Path requestIdStore;

    @NotNull
    private final X509KeyStore rootTrustStore;

    @NotNull
    private final X509Certificate rootCert;
    private final NetworkRegistrationService certService;
    private final Path networkRootTrustStorePath;
    private final String nodeCaKeyAlias;
    private final CertRole certRole;
    private final Function1<Duration, Duration> nextIdleDuration;

    @NotNull
    private final Function1<String, Unit> logProgress;

    @NotNull
    private final Function1<String, Unit> logError;

    @NotNull
    public static final String SELF_SIGNED_PRIVATE_KEY = "SelfSignedPrivateKey";
    public static final Companion Companion = new Companion(null);

    @NotNull
    private static final Logger logger = KotlinUtilsKt.contextLogger(Companion);

    /* compiled from: NetworkRegistrationHelper.kt */
    @Metadata(mv = {1, 1, 11}, bv = {1, 0, 2}, k = 3, d1 = {"��\u0014\n��\n\u0002\u0010\u0002\n��\n\u0002\u0010��\n\u0002\u0018\u0002\n\u0002\b\u0003\u0010��\u001a\u00020\u00012\u0017\u0010\u0002\u001a\u0013\u0018\u00010\u0003¢\u0006\f\b\u0004\u0012\b\b\u0005\u0012\u0004\b\b(\u0006¢\u0006\u0002\b\u0007"}, d2 = {"<anonymous>", ShellSafetyConfigKt.SAFE_INTERNAL_SHELL_PERMISSION, "p1", ShellSafetyConfigKt.SAFE_INTERNAL_SHELL_PERMISSION, "Lkotlin/ParameterName;", PersistentIdentityService.NAME_COLUMN_NAME, "message", "invoke"})
    /* renamed from: net.corda.node.utilities.registration.NetworkRegistrationHelper$1, reason: invalid class name */
    /* loaded from: input_file:net/corda/node/utilities/registration/NetworkRegistrationHelper$1.class */
    static final class AnonymousClass1 extends FunctionReference implements Function1<Object, Unit> {
        public static final AnonymousClass1 INSTANCE = new AnonymousClass1();

        public /* bridge */ /* synthetic */ Object invoke(Object obj) {
            m617invoke(obj);
            return Unit.INSTANCE;
        }

        /* renamed from: invoke, reason: collision with other method in class */
        public final void m617invoke(@Nullable Object obj) {
            System.out.println(obj);
        }

        public final KDeclarationContainer getOwner() {
            return Reflection.getOrCreateKotlinPackage(ConsoleKt.class, "node");
        }

        public final String getName() {
            return "println";
        }

        public final String getSignature() {
            return "println(Ljava/lang/Object;)V";
        }

        AnonymousClass1() {
            super(1);
        }
    }

    /* compiled from: NetworkRegistrationHelper.kt */
    @Metadata(mv = {1, 1, 11}, bv = {1, 0, 2}, k = 3, d1 = {"��\u0014\n��\n\u0002\u0010\u0002\n��\n\u0002\u0010\u000e\n\u0002\u0018\u0002\n\u0002\b\u0004\u0010��\u001a\u00020\u00012,\u0010\u0002\u001a( \u0007*\u0013\u0018\u00010\u0003¢\u0006\f\b\u0004\u0012\b\b\u0005\u0012\u0004\b\b(\u00060\u0003¢\u0006\f\b\u0004\u0012\b\b\u0005\u0012\u0004\b\b(\u0006¢\u0006\u0002\b\b"}, d2 = {"<anonymous>", ShellSafetyConfigKt.SAFE_INTERNAL_SHELL_PERMISSION, "p1", ShellSafetyConfigKt.SAFE_INTERNAL_SHELL_PERMISSION, "Lkotlin/ParameterName;", PersistentIdentityService.NAME_COLUMN_NAME, "p0", "kotlin.jvm.PlatformType", "invoke"})
    /* renamed from: net.corda.node.utilities.registration.NetworkRegistrationHelper$2, reason: invalid class name */
    /* loaded from: input_file:net/corda/node/utilities/registration/NetworkRegistrationHelper$2.class */
    static final class AnonymousClass2 extends FunctionReference implements Function1<String, Unit> {
        public /* bridge */ /* synthetic */ Object invoke(Object obj) {
            invoke((String) obj);
            return Unit.INSTANCE;
        }

        public final void invoke(String str) {
            ((PrintStream) this.receiver).println(str);
        }

        public final KDeclarationContainer getOwner() {
            return Reflection.getOrCreateKotlinClass(PrintStream.class);
        }

        public final String getName() {
            return "println";
        }

        public final String getSignature() {
            return "println(Ljava/lang/String;)V";
        }

        AnonymousClass2(PrintStream printStream) {
            super(1, printStream);
        }
    }

    /* compiled from: NetworkRegistrationHelper.kt */
    @Metadata(mv = {1, 1, 11}, bv = {1, 0, 2}, k = 1, d1 = {"��\u001a\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0010\u000e\n��\n\u0002\u0018\u0002\n\u0002\b\u0003\b\u0086\u0003\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002R\u000e\u0010\u0003\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n��R\u0011\u0010\u0005\u001a\u00020\u0006¢\u0006\b\n��\u001a\u0004\b\u0007\u0010\b¨\u0006\t"}, d2 = {"Lnet/corda/node/utilities/registration/NetworkRegistrationHelper$Companion;", ShellSafetyConfigKt.SAFE_INTERNAL_SHELL_PERMISSION, "()V", "SELF_SIGNED_PRIVATE_KEY", ShellSafetyConfigKt.SAFE_INTERNAL_SHELL_PERMISSION, "logger", "Lorg/slf4j/Logger;", "getLogger", "()Lorg/slf4j/Logger;", "node"})
    /* loaded from: input_file:net/corda/node/utilities/registration/NetworkRegistrationHelper$Companion.class */
    public static final class Companion {
        @NotNull
        public final Logger getLogger() {
            return NetworkRegistrationHelper.logger;
        }

        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @NotNull
    public final X509KeyStore getRootTrustStore() {
        return this.rootTrustStore;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @NotNull
    public final X509Certificate getRootCert() {
        return this.rootCert;
    }

    public final void generateKeysAndRegister() {
        X500Name x500Name;
        PathUtilsKt.createDirectories(PathUtilsKt.safeSymbolicRead(this.certificatesDirectory), new FileAttribute[0]);
        CertificateStore certificateStore = this.cryptoService instanceof BCCryptoService ? this.cryptoService.getCertificateStore() : this.certificateStore;
        if (certificateStore.contains(this.nodeCaKeyAlias) && !certificateStore.contains(SELF_SIGNED_PRIVATE_KEY)) {
            this.logProgress.invoke("Certificate already exists, Corda node will now terminate...");
            return;
        }
        X509Certificate tlsCrlIssuerCert = getTlsCrlIssuerCert();
        certificateStore.query(new Function1<X509KeyStore, Unit>() { // from class: net.corda.node.utilities.registration.NetworkRegistrationHelper$generateKeysAndRegister$1
            public /* bridge */ /* synthetic */ Object invoke(Object obj) {
                invoke((X509KeyStore) obj);
                return Unit.INSTANCE;
            }

            public final void invoke(@NotNull X509KeyStore x509KeyStore) {
                CertificateStore certificateStore2;
                Intrinsics.checkParameterIsNotNull(x509KeyStore, "$receiver");
                PrivateKey aliasPrivateKey = new AliasPrivateKey(NetworkRegistrationHelper.SELF_SIGNED_PRIVATE_KEY);
                List listOf = CollectionsKt.listOf(NOT_YET_REGISTERED_MARKER_KEYS_AND_CERTS.INSTANCE.getECDSAR1_CERT());
                certificateStore2 = NetworkRegistrationHelper.this.certificateStore;
                x509KeyStore.setPrivateKey(NetworkRegistrationHelper.SELF_SIGNED_PRIVATE_KEY, aliasPrivateKey, listOf, certificateStore2.getEntryPassword());
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(1);
            }
        });
        PublicKey loadOrGenerateKeyPair = loadOrGenerateKeyPair();
        List<X509Certificate> pollServerForCertificates = pollServerForCertificates(submitOrResumeCertificateSigningRequest(loadOrGenerateKeyPair, this.cryptoService.getSigner(this.nodeCaKeyAlias)));
        validateCertificates(loadOrGenerateKeyPair, pollServerForCertificates);
        certificateStore.setCertPathOnly(this.nodeCaKeyAlias, pollServerForCertificates);
        certificateStore.getValue().getInternal().deleteEntry(SELF_SIGNED_PRIVATE_KEY);
        certificateStore.getValue().save();
        this.logProgress.invoke("Private key '" + this.nodeCaKeyAlias + "' and its certificate-chain stored successfully.");
        ContentSigner signer = this.cryptoService.getSigner(this.nodeCaKeyAlias);
        if (tlsCrlIssuerCert != null) {
            X500Principal subjectX500Principal = tlsCrlIssuerCert.getSubjectX500Principal();
            if (subjectX500Principal != null) {
                x500Name = X500UtilsKt.toX500Name(subjectX500Principal);
                onSuccess(loadOrGenerateKeyPair, signer, pollServerForCertificates, x500Name);
                PathUtilsKt.deleteIfExists(this.requestIdStore);
            }
        }
        x500Name = null;
        onSuccess(loadOrGenerateKeyPair, signer, pollServerForCertificates, x500Name);
        PathUtilsKt.deleteIfExists(this.requestIdStore);
    }

    private final PublicKey loadOrGenerateKeyPair() {
        if (!this.cryptoService.containsKey(this.nodeCaKeyAlias)) {
            return this.cryptoService.generateKeyPair(this.nodeCaKeyAlias, this.cryptoService.defaultTLSSignatureScheme());
        }
        PublicKey publicKey = this.cryptoService.getPublicKey(this.nodeCaKeyAlias);
        if (publicKey != null) {
            return publicKey;
        }
        Intrinsics.throwNpe();
        return publicKey;
    }

    private final X509Certificate getTlsCrlIssuerCert() {
        X509Certificate validateAndGetTlsCrlIssuerCert = validateAndGetTlsCrlIssuerCert();
        if (validateAndGetTlsCrlIssuerCert != null || !isTlsCrlIssuerCertRequired()) {
            return validateAndGetTlsCrlIssuerCert;
        }
        this.logError.invoke(StringsKt.trimMargin$default("tlsCrlIssuerCert config does not match the root certificate issuer and nor is there any other certificate in the trust store with a matching issuer.\n                    | Please make sure the config is correct or that the correct certificate for the CRL issuer is added to the node's trust store.\n                    | The node registration will now terminate.", (String) null, 1, (Object) null));
        throw new IllegalArgumentException("TLS CRL issuer certificate not found in the trust store.");
    }

    private final void validateCertificates(PublicKey publicKey, List<? extends X509Certificate> list) {
        X509Certificate x509Certificate = (X509Certificate) CollectionsKt.first(list);
        try {
            CordaX500Name.Companion companion = CordaX500Name.Companion;
            X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
            Intrinsics.checkExpressionValueIsNotNull(subjectX500Principal, "nodeCACertificate.subjectX500Principal");
            CordaX500Name build = companion.build(subjectX500Principal);
            if (!Intrinsics.areEqual(build, this.myLegalName)) {
                throw ((Throwable) new CertificateRequestException("Subject of received node CA cert doesn't match with node legal name: " + build));
            }
            try {
                CertRole extract = CertRole.Companion.extract(x509Certificate);
                if (this.certRole != extract) {
                    throw ((Throwable) new CertificateRequestException("Received certificate contains invalid cert role, expected '" + this.certRole + "', got '" + extract + "'."));
                }
                Intrinsics.checkExpressionValueIsNotNull(((X509Certificate) CollectionsKt.first(list)).getPublicKey(), "certificates.first().publicKey");
                if (!Intrinsics.areEqual(Crypto.toSupportedPublicKey(r0), Crypto.toSupportedPublicKey(publicKey))) {
                    throw ((Throwable) new CertificateRequestException("Received certificate contains incorrect public key, expected '" + publicKey + "', got '" + ((X509Certificate) CollectionsKt.first(list)).getPublicKey() + "'."));
                }
                X509Utilities.INSTANCE.validateCertificateChain(this.rootCert, list);
                this.logProgress.invoke("Certificate signing request approved, storing private key with the certificate chain.");
            } catch (IllegalArgumentException e) {
                throw ((Throwable) new CertificateRequestException("Unable to extract cert role from received node CA cert: " + e.getMessage()));
            }
        } catch (IllegalArgumentException e2) {
            throw ((Throwable) new CertificateRequestException("Received node CA cert has invalid subject name: " + e2.getMessage()));
        }
    }

    private final KeyPair loadOrCreateKeyPair(@NotNull CertificateStore certificateStore, final String str, final String str2) {
        if (!certificateStore.contains(str)) {
            KeyPair generateKeyPair = Crypto.generateKeyPair(X509Utilities.INSTANCE.getDEFAULT_TLS_SIGNATURE_SCHEME());
            X509Certificate createSelfSignedCACertificate$default = X509Utilities.createSelfSignedCACertificate$default(this.myLegalName.getX500Principal(), generateKeyPair, (Pair) null, 4, (Object) null);
            X509KeyStore value = certificateStore.getValue();
            PrivateKey privateKey = generateKeyPair.getPrivate();
            Intrinsics.checkExpressionValueIsNotNull(privateKey, "keyPair.private");
            value.setPrivateKey(str, privateKey, CollectionsKt.listOf(createSelfSignedCACertificate$default), str2);
            value.save();
        }
        return ((CertificateAndKeyPair) certificateStore.query(new Function1<X509KeyStore, CertificateAndKeyPair>() { // from class: net.corda.node.utilities.registration.NetworkRegistrationHelper$loadOrCreateKeyPair$2
            @NotNull
            public final CertificateAndKeyPair invoke(@NotNull X509KeyStore x509KeyStore) {
                Intrinsics.checkParameterIsNotNull(x509KeyStore, "$receiver");
                return x509KeyStore.getCertificateAndKeyPair(str, str2);
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(1);
            }
        })).getKeyPair();
    }

    static /* bridge */ /* synthetic */ KeyPair loadOrCreateKeyPair$default(NetworkRegistrationHelper networkRegistrationHelper, CertificateStore certificateStore, String str, String str2, int i, Object obj) {
        if (obj != null) {
            throw new UnsupportedOperationException("Super calls with default arguments not supported in this target, function: loadOrCreateKeyPair");
        }
        if ((i & 2) != 0) {
            str2 = certificateStore.getPassword();
        }
        return networkRegistrationHelper.loadOrCreateKeyPair(certificateStore, str, str2);
    }

    /* JADX WARN: Multi-variable type inference failed */
    private final List<X509Certificate> pollServerForCertificates(String str) {
        Duration component1;
        List<X509Certificate> component2;
        try {
            this.logProgress.invoke("Start polling server for certificate signing approval.");
            Duration duration = (Duration) null;
            while (true) {
                try {
                    CertificateResponse retrieveCertificates = this.certService.retrieveCertificates(str);
                    component1 = retrieveCertificates.component1();
                    component2 = retrieveCertificates.component2();
                } catch (ServiceUnavailableException e) {
                    duration = (Duration) this.nextIdleDuration.invoke(duration);
                    if (duration == null) {
                        throw new NodeRegistrationException("Compatibility Zone registration service is currently unavailable, try again later!.", e);
                    }
                    Thread.sleep(duration.toMillis());
                }
                if (component2 != null) {
                    return component2;
                }
                Thread.sleep(component1.toMillis());
            }
        } catch (CertificateRequestException e2) {
            String message = e2.getMessage();
            if (message != null) {
                this.logError.invoke(message);
            }
            this.logError.invoke("Please make sure the details in configuration file are correct and try again.");
            this.logError.invoke("Corda node registration will now terminate.");
            PathUtilsKt.deleteIfExists(this.requestIdStore);
            throw ((Throwable) e2);
        }
    }

    private final String submitOrResumeCertificateSigningRequest(PublicKey publicKey, ContentSigner contentSigner) {
        try {
            if (PathUtilsKt.exists(this.requestIdStore, new LinkOption[0])) {
                Path path = this.requestIdStore;
                Charset charset = StandardCharsets.UTF_8;
                Intrinsics.checkExpressionValueIsNotNull(charset, "UTF_8");
                Stream<String> lines = Files.lines(path, charset);
                Throwable th = (Throwable) null;
                try {
                    try {
                        String str = lines.findFirst().get();
                        AutoCloseableKt.closeFinally(lines, th);
                        this.logProgress.invoke("Resuming from previous certificate signing request, request ID: " + str + '.');
                        Intrinsics.checkExpressionValueIsNotNull(str, "requestId");
                        return str;
                    } catch (Throwable th2) {
                        th = th2;
                        throw th2;
                    }
                } catch (Throwable th3) {
                    AutoCloseableKt.closeFinally(lines, th);
                    throw th3;
                }
            }
            PKCS10CertificationRequest createCertificateSigningRequest = X509Utilities.INSTANCE.createCertificateSigningRequest(this.myLegalName.getX500Principal(), this.emailAddress, publicKey, contentSigner, this.certRole);
            StringWriter stringWriter = new StringWriter();
            JcaPEMWriter jcaPEMWriter = (Closeable) new JcaPEMWriter(stringWriter);
            Throwable th4 = (Throwable) null;
            try {
                try {
                    jcaPEMWriter.writeObject(new PemObject("CERTIFICATE REQUEST", createCertificateSigningRequest.getEncoded()));
                    Unit unit = Unit.INSTANCE;
                    CloseableKt.closeFinally(jcaPEMWriter, th4);
                    this.logProgress.invoke("Certificate signing request with the following information will be submitted to the Corda certificate signing server.");
                    this.logProgress.invoke("Legal Name: " + this.myLegalName);
                    this.logProgress.invoke("Email: " + this.emailAddress);
                    this.logProgress.invoke("Public Key: " + publicKey);
                    this.logProgress.invoke(String.valueOf(stringWriter));
                    this.logProgress.invoke("Submitting certificate signing request to Corda certificate signing server.");
                    String submitRequest = this.certService.submitRequest(createCertificateSigningRequest);
                    PathUtilsKt.writeLines$default(this.requestIdStore, CollectionsKt.listOf(submitRequest), (Charset) null, new OpenOption[0], 2, (Object) null);
                    this.logProgress.invoke("Successfully submitted request to Corda certificate signing server, request ID: " + submitRequest + '.');
                    return submitRequest;
                } catch (Throwable th5) {
                    th4 = th5;
                    throw th5;
                }
            } catch (Throwable th6) {
                CloseableKt.closeFinally(jcaPEMWriter, th4);
                throw th6;
            }
        } catch (Exception e) {
            if (e instanceof ConnectException) {
            }
            throw new NodeRegistrationException(e.getMessage(), e);
        }
        if (!(e instanceof ConnectException) || (e instanceof ServiceUnavailableException) || (e instanceof IOException)) {
            throw new NodeRegistrationException(e.getMessage(), e);
        }
        throw e;
    }

    protected void onSuccess(@NotNull PublicKey publicKey, @NotNull ContentSigner contentSigner, @NotNull List<? extends X509Certificate> list, @Nullable X500Name x500Name) {
        Intrinsics.checkParameterIsNotNull(publicKey, "publicKey");
        Intrinsics.checkParameterIsNotNull(contentSigner, "contentSigner");
        Intrinsics.checkParameterIsNotNull(list, "certificates");
    }

    @Nullable
    protected X509Certificate validateAndGetTlsCrlIssuerCert() {
        return null;
    }

    protected boolean isTlsCrlIssuerCertRequired() {
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @NotNull
    public final Function1<String, Unit> getLogProgress() {
        return this.logProgress;
    }

    @NotNull
    protected final Function1<String, Unit> getLogError() {
        return this.logError;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public NetworkRegistrationHelper(@NotNull NodeRegistrationConfiguration nodeRegistrationConfiguration, @NotNull NetworkRegistrationService networkRegistrationService, @NotNull Path path, @NotNull String str, @NotNull String str2, @NotNull CertRole certRole, @NotNull Function1<? super Duration, Duration> function1, @NotNull Function1<? super String, Unit> function12, @NotNull Function1<? super String, Unit> function13) {
        Intrinsics.checkParameterIsNotNull(nodeRegistrationConfiguration, "config");
        Intrinsics.checkParameterIsNotNull(networkRegistrationService, "certService");
        Intrinsics.checkParameterIsNotNull(path, "networkRootTrustStorePath");
        Intrinsics.checkParameterIsNotNull(str, "networkRootTrustStorePassword");
        Intrinsics.checkParameterIsNotNull(str2, "nodeCaKeyAlias");
        Intrinsics.checkParameterIsNotNull(certRole, "certRole");
        Intrinsics.checkParameterIsNotNull(function1, "nextIdleDuration");
        Intrinsics.checkParameterIsNotNull(function12, "logProgress");
        Intrinsics.checkParameterIsNotNull(function13, "logError");
        this.certService = networkRegistrationService;
        this.networkRootTrustStorePath = path;
        this.nodeCaKeyAlias = str2;
        this.certRole = certRole;
        this.nextIdleDuration = function1;
        this.logProgress = function12;
        this.logError = function13;
        this.certificatesDirectory = nodeRegistrationConfiguration.getCertificatesDirectory();
        this.myLegalName = nodeRegistrationConfiguration.getMyLegalName();
        this.emailAddress = nodeRegistrationConfiguration.getEmailAddress();
        this.cryptoService = nodeRegistrationConfiguration.getCryptoService();
        this.certificateStore = nodeRegistrationConfiguration.getCertificateStore();
        this.requestIdStore = PathUtilsKt.div(this.certificatesDirectory, "certificate-request-id.txt");
        if (!PathUtilsKt.exists(this.networkRootTrustStorePath, new LinkOption[0])) {
            throw new IllegalArgumentException((this.networkRootTrustStorePath + " does not exist. This file must contain the root CA cert of your compatibility zone. Please contact your CZ operator.").toString());
        }
        this.rootTrustStore = X509KeyStore.Companion.fromFile$default(X509KeyStore.Companion, this.networkRootTrustStorePath, str, false, 4, (Object) null);
        this.rootCert = this.rootTrustStore.getCertificate("cordarootca");
    }

    /* JADX WARN: Illegal instructions before constructor call */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public /* synthetic */ NetworkRegistrationHelper(net.corda.node.utilities.registration.NodeRegistrationConfiguration r12, net.corda.node.utilities.registration.NetworkRegistrationService r13, java.nio.file.Path r14, java.lang.String r15, java.lang.String r16, net.corda.core.internal.CertRole r17, kotlin.jvm.functions.Function1 r18, kotlin.jvm.functions.Function1 r19, kotlin.jvm.functions.Function1 r20, int r21, kotlin.jvm.internal.DefaultConstructorMarker r22) {
        /*
            r11 = this;
            r0 = r21
            r1 = 64
            r0 = r0 & r1
            if (r0 == 0) goto L21
            net.corda.node.utilities.registration.FixedPeriodLimitedRetrialStrategy r0 = new net.corda.node.utilities.registration.FixedPeriodLimitedRetrialStrategy
            r1 = r0
            r2 = 10
            r3 = 1
            java.time.Duration r3 = java.time.Duration.ofMinutes(r3)
            r4 = r3
            java.lang.String r5 = "Duration.ofMinutes(1)"
            kotlin.jvm.internal.Intrinsics.checkExpressionValueIsNotNull(r4, r5)
            r1.<init>(r2, r3)
            kotlin.jvm.functions.Function1 r0 = (kotlin.jvm.functions.Function1) r0
            r18 = r0
        L21:
            r0 = r21
            r1 = 128(0x80, float:1.8E-43)
            r0 = r0 & r1
            if (r0 == 0) goto L32
            net.corda.node.utilities.registration.NetworkRegistrationHelper$1 r0 = net.corda.node.utilities.registration.NetworkRegistrationHelper.AnonymousClass1.INSTANCE
            kotlin.jvm.functions.Function1 r0 = (kotlin.jvm.functions.Function1) r0
            r19 = r0
        L32:
            r0 = r21
            r1 = 256(0x100, float:3.59E-43)
            r0 = r0 & r1
            if (r0 == 0) goto L4a
            net.corda.node.utilities.registration.NetworkRegistrationHelper$2 r0 = new net.corda.node.utilities.registration.NetworkRegistrationHelper$2
            r1 = r0
            java.io.PrintStream r2 = java.lang.System.err
            r1.<init>(r2)
            kotlin.jvm.functions.Function1 r0 = (kotlin.jvm.functions.Function1) r0
            r20 = r0
        L4a:
            r0 = r11
            r1 = r12
            r2 = r13
            r3 = r14
            r4 = r15
            r5 = r16
            r6 = r17
            r7 = r18
            r8 = r19
            r9 = r20
            r0.<init>(r1, r2, r3, r4, r5, r6, r7, r8, r9)
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: net.corda.node.utilities.registration.NetworkRegistrationHelper.<init>(net.corda.node.utilities.registration.NodeRegistrationConfiguration, net.corda.node.utilities.registration.NetworkRegistrationService, java.nio.file.Path, java.lang.String, java.lang.String, net.corda.core.internal.CertRole, kotlin.jvm.functions.Function1, kotlin.jvm.functions.Function1, kotlin.jvm.functions.Function1, int, kotlin.jvm.internal.DefaultConstructorMarker):void");
    }
}
