package net.corda.nodeapi.internal;

import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.security.auth.x500.X500Principal;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.collections.CollectionsKt;
import kotlin.collections.IntIterator;
import kotlin.jvm.internal.Intrinsics;
import kotlin.ranges.IntRange;
import net.corda.core.crypto.CompositeKey;
import net.corda.core.crypto.CryptoUtils;
import net.corda.core.identity.CordaX500Name;
import net.corda.core.identity.Party;
import net.corda.core.internal.PathUtilsKt;
import net.corda.nodeapi.internal.config.CertificateStore;
import net.corda.nodeapi.internal.config.FileBasedCertificateStoreSupplier;
import net.corda.nodeapi.internal.config.MutualSslConfiguration;
import net.corda.nodeapi.internal.config.SslConfiguration;
import net.corda.nodeapi.internal.crypto.CertificateType;
import net.corda.nodeapi.internal.crypto.X509KeyStore;
import net.corda.nodeapi.internal.crypto.X509Utilities;
import org.hibernate.event.internal.EntityCopyAllowedLoggedObserver;
import org.jetbrains.annotations.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* compiled from: DevIdentityGenerator.kt */
@Metadata(mv = {1, 1, 11}, bv = {1, 0, 2}, k = 1, d1 = {"��Z\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010 \n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\b\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0010\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n��\bÆ\u0002\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\u0018\u0010\u0006\u001a\u00020\u00072\u0006\u0010\b\u001a\u00020\t2\u0006\u0010\n\u001a\u00020\u000bH\u0002J&\u0010\f\u001a\u00020\r2\f\u0010\u000e\u001a\b\u0012\u0004\u0012\u00020\u00100\u000f2\u0006\u0010\u0011\u001a\u00020\u00122\b\b\u0002\u0010\u0013\u001a\u00020\u0014J\u001c\u0010\u0015\u001a\u00020\r2\f\u0010\u000e\u001a\b\u0012\u0004\u0012\u00020\u00100\u000f2\u0006\u0010\u0011\u001a\u00020\u0012J\u0010\u0010\u0016\u001a\u00020\u00172\u0006\u0010\u0018\u001a\u00020\u0010H\u0002J\u0016\u0010\u0019\u001a\u00020\r2\u0006\u0010\u0018\u001a\u00020\u00102\u0006\u0010\u001a\u001a\u00020\u0012J \u0010\u001b\u001a\u00020\u001c2\u0006\u0010\u001d\u001a\u00020\u00172\u0006\u0010\u001e\u001a\u00020\t2\u0006\u0010\u001f\u001a\u00020\u000bH\u0002J \u0010 \u001a\u00020\u001c2\u0006\u0010\u001d\u001a\u00020\u00172\u0006\u0010!\u001a\u00020\"2\u0006\u0010\u001f\u001a\u00020\u000bH\u0002R\u0016\u0010\u0003\u001a\n \u0005*\u0004\u0018\u00010\u00040\u0004X\u0082\u0004¢\u0006\u0002\n��¨\u0006#"}, d2 = {"Lnet/corda/nodeapi/internal/DevIdentityGenerator;", "", "()V", EntityCopyAllowedLoggedObserver.SHORT_NAME, "Lorg/slf4j/Logger;", "kotlin.jvm.PlatformType", "createCertificate", "Ljava/security/cert/X509Certificate;", "publicKey", "Ljava/security/PublicKey;", "principal", "Ljavax/security/auth/x500/X500Principal;", "generateDistributedNotaryCompositeIdentity", "Lnet/corda/core/identity/Party;", "dirs", "", "Ljava/nio/file/Path;", "notaryName", "Lnet/corda/core/identity/CordaX500Name;", "threshold", "", "generateDistributedNotarySingularIdentity", "getKeyStore", "Lnet/corda/nodeapi/internal/crypto/X509KeyStore;", "nodeDir", "installKeyStoreWithNodeIdentity", "legalName", "setCompositeKey", "", "keyStore", "compositeKey", "notaryPrincipal", "setPrivateKey", "keyPair", "Ljava/security/KeyPair;", "node-api"})
/* loaded from: input_file:corda-node-api-4.9.10.jar:net/corda/nodeapi/internal/DevIdentityGenerator.class */
public final class DevIdentityGenerator {
    private static final Logger log;
    public static final DevIdentityGenerator INSTANCE;

    @NotNull
    public final Party installKeyStoreWithNodeIdentity(@NotNull Path nodeDir, @NotNull CordaX500Name legalName) {
        Intrinsics.checkParameterIsNotNull(nodeDir, "nodeDir");
        Intrinsics.checkParameterIsNotNull(legalName, "legalName");
        Path div = PathUtilsKt.div(nodeDir, "certificates");
        FileBasedCertificateStoreSupplier fileBasedCertificateStoreSupplier = new FileBasedCertificateStoreSupplier(PathUtilsKt.div(div, "nodekeystore.jks"), KeyStoreConfigHelpersKt.DEV_CA_KEY_STORE_PASS, KeyStoreConfigHelpersKt.DEV_CA_KEY_STORE_PASS);
        MutualSslConfiguration mutual$default = SslConfiguration.Companion.mutual$default(SslConfiguration.Companion, new FileBasedCertificateStoreSupplier(PathUtilsKt.div(div, "sslkeystore.jks"), KeyStoreConfigHelpersKt.DEV_CA_KEY_STORE_PASS, KeyStoreConfigHelpersKt.DEV_CA_KEY_STORE_PASS), new FileBasedCertificateStoreSupplier(PathUtilsKt.div(div, "truststore.jks"), KeyStoreConfigHelpersKt.DEV_CA_TRUST_STORE_PASS, KeyStoreConfigHelpersKt.DEV_CA_TRUST_STORE_PRIVATE_KEY_PASS), null, 4, null);
        PathUtilsKt.createDirectories(div, new FileAttribute[0]);
        CertificateStore certificateStore = fileBasedCertificateStoreSupplier.get(true);
        KeyStoreConfigHelpersKt.installDevNodeCaCertPath$default(certificateStore, legalName, null, null, null, 14, null);
        KeyStoreConfigHelpersKt.registerDevP2pCertificates$default(mutual$default.getKeyStore().get(true), legalName, null, null, null, 14, null);
        return KeyStoreConfigHelpersKt.storeLegalIdentity$default(certificateStore, X509Utilities.NODE_IDENTITY_KEY_ALIAS, null, 2, null).getParty();
    }

    @NotNull
    public final Party generateDistributedNotarySingularIdentity(@NotNull List<? extends Path> dirs, @NotNull CordaX500Name notaryName) {
        Intrinsics.checkParameterIsNotNull(dirs, "dirs");
        Intrinsics.checkParameterIsNotNull(notaryName, "notaryName");
        if (!(!dirs.isEmpty())) {
            throw new IllegalArgumentException("At least one directory to generate identity for must be specified".toString());
        }
        Logger log2 = log;
        Intrinsics.checkExpressionValueIsNotNull(log2, "log");
        if (log2.isTraceEnabled()) {
            log2.trace("Generating singular identity \"" + notaryName + "\" for nodes: " + CollectionsKt.joinToString$default(dirs, null, null, null, 0, null, null, 63, null));
        }
        KeyPair generateKeyPair = CryptoUtils.generateKeyPair();
        PublicKey notaryKey = generateKeyPair.getPublic();
        Iterator<T> it = dirs.iterator();
        while (it.hasNext()) {
            INSTANCE.setPrivateKey(INSTANCE.getKeyStore((Path) it.next()), generateKeyPair, notaryName.getX500Principal());
        }
        Intrinsics.checkExpressionValueIsNotNull(notaryKey, "notaryKey");
        return new Party(notaryName, notaryKey);
    }

    @NotNull
    public final Party generateDistributedNotaryCompositeIdentity(@NotNull List<? extends Path> dirs, @NotNull CordaX500Name notaryName, int i) {
        Intrinsics.checkParameterIsNotNull(dirs, "dirs");
        Intrinsics.checkParameterIsNotNull(notaryName, "notaryName");
        if (!(!dirs.isEmpty())) {
            throw new IllegalArgumentException("At least one directory to generate identity for must be specified".toString());
        }
        Logger log2 = log;
        Intrinsics.checkExpressionValueIsNotNull(log2, "log");
        if (log2.isTraceEnabled()) {
            log2.trace("Generating composite identity \"" + notaryName + "\" for nodes: " + CollectionsKt.joinToString$default(dirs, null, null, null, 0, null, null, 63, null));
        }
        IntRange intRange = new IntRange(1, dirs.size());
        ArrayList arrayList = new ArrayList(CollectionsKt.collectionSizeOrDefault(intRange, 10));
        Iterator<Integer> it = intRange.iterator();
        while (it.hasNext()) {
            ((IntIterator) it).nextInt();
            arrayList.add(CryptoUtils.generateKeyPair());
        }
        ArrayList arrayList2 = arrayList;
        CompositeKey.Builder builder = new CompositeKey.Builder();
        ArrayList arrayList3 = arrayList2;
        ArrayList arrayList4 = new ArrayList(CollectionsKt.collectionSizeOrDefault(arrayList3, 10));
        Iterator it2 = arrayList3.iterator();
        while (it2.hasNext()) {
            arrayList4.add(((KeyPair) it2.next()).getPublic());
        }
        PublicKey build = builder.addKeys(arrayList4).build(Integer.valueOf(i));
        ArrayList arrayList5 = arrayList2;
        Iterator it3 = arrayList5.iterator();
        Iterator<T> it4 = dirs.iterator();
        ArrayList arrayList6 = new ArrayList(Math.min(CollectionsKt.collectionSizeOrDefault(arrayList5, 10), CollectionsKt.collectionSizeOrDefault(dirs, 10)));
        while (it3.hasNext() && it4.hasNext()) {
            Object next = it3.next();
            X509KeyStore keyStore = INSTANCE.getKeyStore((Path) it4.next());
            INSTANCE.setPrivateKey(keyStore, (KeyPair) next, notaryName.getX500Principal());
            INSTANCE.setCompositeKey(keyStore, build, notaryName.getX500Principal());
            arrayList6.add(Unit.INSTANCE);
        }
        return new Party(notaryName, build);
    }

    @NotNull
    public static /* bridge */ /* synthetic */ Party generateDistributedNotaryCompositeIdentity$default(DevIdentityGenerator devIdentityGenerator, List list, CordaX500Name cordaX500Name, int i, int i2, Object obj) {
        if ((i2 & 4) != 0) {
            i = 1;
        }
        return devIdentityGenerator.generateDistributedNotaryCompositeIdentity(list, cordaX500Name, i);
    }

    private final X509KeyStore getKeyStore(Path path) {
        return X509KeyStore.Companion.fromFile(PathUtilsKt.div(path, "certificates/distributedService.jks"), KeyStoreConfigHelpersKt.DEV_CA_KEY_STORE_PASS, true);
    }

    private final void setPrivateKey(X509KeyStore x509KeyStore, KeyPair keyPair, X500Principal x500Principal) {
        PublicKey publicKey = keyPair.getPublic();
        Intrinsics.checkExpressionValueIsNotNull(publicKey, "keyPair.public");
        X509Certificate createCertificate = createCertificate(publicKey, x500Principal);
        PrivateKey privateKey = keyPair.getPrivate();
        Intrinsics.checkExpressionValueIsNotNull(privateKey, "keyPair.private");
        x509KeyStore.setPrivateKey(X509Utilities.DISTRIBUTED_NOTARY_KEY_ALIAS, privateKey, CollectionsKt.listOf((Object[]) new X509Certificate[]{createCertificate, KeyStoreConfigHelpersKt.getDEV_INTERMEDIATE_CA().getCertificate(), KeyStoreConfigHelpersKt.getDEV_ROOT_CA().getCertificate()}), KeyStoreConfigHelpersKt.DEV_CA_KEY_STORE_PASS);
    }

    private final void setCompositeKey(X509KeyStore x509KeyStore, PublicKey publicKey, X500Principal x500Principal) {
        x509KeyStore.setCertificate(X509Utilities.DISTRIBUTED_NOTARY_COMPOSITE_KEY_ALIAS, createCertificate(publicKey, x500Principal));
    }

    private final X509Certificate createCertificate(PublicKey publicKey, X500Principal x500Principal) {
        return X509Utilities.createCertificate$default(CertificateType.SERVICE_IDENTITY, KeyStoreConfigHelpersKt.getDEV_INTERMEDIATE_CA().getCertificate(), KeyStoreConfigHelpersKt.getDEV_INTERMEDIATE_CA().getKeyPair(), x500Principal, publicKey, null, null, null, null, 480, null);
    }

    private DevIdentityGenerator() {
    }

    static {
        DevIdentityGenerator devIdentityGenerator = new DevIdentityGenerator();
        INSTANCE = devIdentityGenerator;
        log = LoggerFactory.getLogger(devIdentityGenerator.getClass());
    }
}
