package net.corda.node.utilities;

import java.nio.file.Path;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.time.Duration;
import javax.security.auth.x500.X500Principal;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.jvm.internal.Intrinsics;
import net.corda.core.crypto.Crypto;
import net.corda.node.services.config.shell.ShellSafetyConfigKt;
import net.corda.nodeapi.internal.crypto.CertificateType;
import net.corda.nodeapi.internal.crypto.KeyStoreUtilities;
import net.corda.nodeapi.internal.crypto.X509Utilities;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.NameConstraints;
import org.jetbrains.annotations.NotNull;

/* compiled from: CertificatesUtils.kt */
@Metadata(mv = {1, 1, 11}, bv = {1, 0, 2}, k = 2, d1 = {"��.\n��\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0010\u000e\n\u0002\b\u0004\u001a\u001a\u0010��\u001a\u000e\u0012\u0004\u0012\u00020\u0002\u0012\u0004\u0012\u00020\u00030\u00012\u0006\u0010\u0004\u001a\u00020\u0005\u001a,\u0010\u0006\u001a\u00020\u00032\u0006\u0010\u0007\u001a\u00020\u00052\u0006\u0010\b\u001a\u00020\u00022\u0014\b\u0002\u0010\t\u001a\u000e\u0012\u0004\u0012\u00020\n\u0012\u0004\u0012\u00020\n0\u0001\u001a2\u0010\u000b\u001a\u00020\f2\u0006\u0010\r\u001a\u00020\f2\u0006\u0010\u000e\u001a\u00020\u00022\u0006\u0010\u000f\u001a\u00020\u00032\b\b\u0002\u0010\u0010\u001a\u00020\u00112\b\b\u0002\u0010\u0012\u001a\u00020\u0011\u001a*\u0010\u0013\u001a\u00020\f2\u0006\u0010\u0014\u001a\u00020\f2\u0006\u0010\u000f\u001a\u00020\u00032\b\b\u0002\u0010\u0010\u001a\u00020\u00112\b\b\u0002\u0010\u0012\u001a\u00020\u0011¨\u0006\u0015"}, d2 = {"createKeyPairAndSelfSignedTLSCertificate", "Lkotlin/Pair;", "Ljava/security/KeyPair;", "Ljava/security/cert/X509Certificate;", "x500Principal", "Ljavax/security/auth/x500/X500Principal;", "createSelfSignedTLSCertificate", "subject", "keyPair", "validityWindow", "Ljava/time/Duration;", "saveToKeyStore", "Ljava/nio/file/Path;", "keyStorePath", "rpcKeyPair", "selfSignCert", "password", ShellSafetyConfigKt.SAFE_INTERNAL_SHELL_PERMISSION, "alias", "saveToTrustStore", "trustStorePath", "node"})
/* loaded from: input_file:net/corda/node/utilities/CertificatesUtilsKt.class */
public final class CertificatesUtilsKt {
    @NotNull
    public static final Pair<KeyPair, X509Certificate> createKeyPairAndSelfSignedTLSCertificate(@NotNull X500Principal x500Principal) {
        Intrinsics.checkParameterIsNotNull(x500Principal, "x500Principal");
        KeyPair generateKeyPair = Crypto.generateKeyPair(X509Utilities.INSTANCE.getDEFAULT_TLS_SIGNATURE_SCHEME());
        return new Pair<>(generateKeyPair, createSelfSignedTLSCertificate$default(x500Principal, generateKeyPair, null, 4, null));
    }

    @NotNull
    public static final X509Certificate createSelfSignedTLSCertificate(@NotNull X500Principal x500Principal, @NotNull KeyPair keyPair, @NotNull Pair<Duration, Duration> pair) {
        Intrinsics.checkParameterIsNotNull(x500Principal, "subject");
        Intrinsics.checkParameterIsNotNull(keyPair, "keyPair");
        Intrinsics.checkParameterIsNotNull(pair, "validityWindow");
        Pair certificateValidityWindow$default = X509Utilities.getCertificateValidityWindow$default(X509Utilities.INSTANCE, (Duration) pair.getFirst(), (Duration) pair.getSecond(), (X509Certificate) null, 4, (Object) null);
        X509Utilities x509Utilities = X509Utilities.INSTANCE;
        CertificateType certificateType = CertificateType.TLS;
        PublicKey publicKey = keyPair.getPublic();
        Intrinsics.checkExpressionValueIsNotNull(publicKey, "keyPair.public");
        return X509Utilities.createCertificate$default(x509Utilities, certificateType, x500Principal, keyPair, x500Principal, publicKey, certificateValidityWindow$default, (NameConstraints) null, (String) null, (X500Name) null, 448, (Object) null);
    }

    @NotNull
    public static /* bridge */ /* synthetic */ X509Certificate createSelfSignedTLSCertificate$default(X500Principal x500Principal, KeyPair keyPair, Pair pair, int i, Object obj) {
        if ((i & 4) != 0) {
            pair = X509Utilities.INSTANCE.getDEFAULT_VALIDITY_WINDOW();
        }
        return createSelfSignedTLSCertificate(x500Principal, keyPair, pair);
    }

    @NotNull
    public static final Path saveToKeyStore(@NotNull Path path, @NotNull KeyPair keyPair, @NotNull X509Certificate x509Certificate, @NotNull String str, @NotNull String str2) {
        Intrinsics.checkParameterIsNotNull(path, "keyStorePath");
        Intrinsics.checkParameterIsNotNull(keyPair, "rpcKeyPair");
        Intrinsics.checkParameterIsNotNull(x509Certificate, "selfSignCert");
        Intrinsics.checkParameterIsNotNull(str, "password");
        Intrinsics.checkParameterIsNotNull(str2, "alias");
        KeyStore loadOrCreateKeyStore$default = KeyStoreUtilities.loadOrCreateKeyStore$default(path, str, (String) null, (Provider) null, 12, (Object) null);
        PrivateKey privateKey = keyPair.getPrivate();
        Intrinsics.checkExpressionValueIsNotNull(privateKey, "rpcKeyPair.private");
        char[] charArray = str.toCharArray();
        Intrinsics.checkExpressionValueIsNotNull(charArray, "(this as java.lang.String).toCharArray()");
        KeyStoreUtilities.addOrReplaceKey(loadOrCreateKeyStore$default, str2, privateKey, charArray, new X509Certificate[]{x509Certificate});
        KeyStoreUtilities.save(loadOrCreateKeyStore$default, path, str);
        return path;
    }

    @NotNull
    public static /* bridge */ /* synthetic */ Path saveToKeyStore$default(Path path, KeyPair keyPair, X509Certificate x509Certificate, String str, String str2, int i, Object obj) {
        if ((i & 8) != 0) {
            str = "password";
        }
        if ((i & 16) != 0) {
            str2 = "Key";
        }
        return saveToKeyStore(path, keyPair, x509Certificate, str, str2);
    }

    @NotNull
    public static final Path saveToTrustStore(@NotNull Path path, @NotNull X509Certificate x509Certificate, @NotNull String str, @NotNull String str2) {
        Intrinsics.checkParameterIsNotNull(path, "trustStorePath");
        Intrinsics.checkParameterIsNotNull(x509Certificate, "selfSignCert");
        Intrinsics.checkParameterIsNotNull(str, "password");
        Intrinsics.checkParameterIsNotNull(str2, "alias");
        KeyStore loadOrCreateKeyStore$default = KeyStoreUtilities.loadOrCreateKeyStore$default(path, str, (String) null, (Provider) null, 12, (Object) null);
        KeyStoreUtilities.addOrReplaceCertificate(loadOrCreateKeyStore$default, str2, x509Certificate);
        KeyStoreUtilities.save(loadOrCreateKeyStore$default, path, str);
        return path;
    }

    @NotNull
    public static /* bridge */ /* synthetic */ Path saveToTrustStore$default(Path path, X509Certificate x509Certificate, String str, String str2, int i, Object obj) {
        if ((i & 4) != 0) {
            str = "password";
        }
        if ((i & 8) != 0) {
            str2 = "Key";
        }
        return saveToTrustStore(path, x509Certificate, str, str2);
    }
}
