package net.corda.core.crypto;

import java.io.ByteArrayInputStream;
import java.io.FileReader;
import java.io.FileWriter;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.math.BigInteger;
import java.net.InetAddress;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.spec.ECGenParameterSpec;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import kotlin.Deprecated;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.TypeCastException;
import kotlin.Unit;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.Intrinsics;
import net.corda.core.Utils;
import org.apache.activemq.artemis.core.remoting.impl.netty.TransportConstants;
import org.apache.activemq.artemis.utils.DefaultSensitiveStringCodec;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1EncodableVector;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.SubjectKeyIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.bc.BcX509ExtensionUtils;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.bouncycastle.util.IPAddress;
import org.bouncycastle.util.io.pem.PemReader;
import org.jetbrains.annotations.NotNull;

/* compiled from: X509Utilities.kt */
@Metadata(mv = {1, 1, 5}, bv = {1, 0, 1}, k = 1, d1 = {"��®\u0001\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\u0015\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0006\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010 \n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\b\n\u0002\b\u000f\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0019\n��\n\u0002\u0010\u0011\n\u0002\b\u0003\bÆ\u0002\u0018��2\u00020\u0001:\u0001hB\u0007\b\u0002¢\u0006\u0002\u0010\u0002J.\u0010\u0019\u001a\u00020\u001a2\u0006\u0010\u001b\u001a\u00020\u001c2\u0006\u0010\u001d\u001a\u00020\u00042\u0006\u0010\u001e\u001a\u00020\u00042\u0006\u0010\u001f\u001a\u00020\u001c2\u0006\u0010 \u001a\u00020\u0004J(\u0010!\u001a\u00020\"2\u0006\u0010#\u001a\u00020\u00042\u0006\u0010$\u001a\u00020\u00042\u0006\u0010%\u001a\u00020\u00042\u0006\u0010&\u001a\u00020'H\u0007J\u0016\u0010!\u001a\u00020\"2\u0006\u0010(\u001a\u00020)2\u0006\u0010&\u001a\u00020'J\u0018\u0010*\u001a\u00020+2\u0006\u0010#\u001a\u00020\u00042\u0006\u0010,\u001a\u00020+H\u0007J\u0016\u0010*\u001a\u00020+2\u0006\u0010(\u001a\u00020)2\u0006\u0010,\u001a\u00020+J6\u0010-\u001a\u00020\u001a2\u0006\u0010\u001b\u001a\u00020\u001c2\u0006\u0010\u001d\u001a\u00020\u00042\u0006\u0010\u001e\u001a\u00020\u00042\u0006\u0010.\u001a\u00020\u001a2\u0006\u0010/\u001a\u00020\u00042\u0006\u0010#\u001a\u00020\u0004J6\u0010-\u001a\u00020\u001a2\u0006\u0010\u001b\u001a\u00020\u001c2\u0006\u0010\u001d\u001a\u00020\u00042\u0006\u0010\u001e\u001a\u00020\u00042\u0006\u0010.\u001a\u00020\u001a2\u0006\u0010/\u001a\u00020\u00042\u0006\u0010#\u001a\u00020)J\u0010\u00100\u001a\u00020+2\u0006\u0010#\u001a\u00020\u0004H\u0007J\u000e\u00100\u001a\u00020+2\u0006\u0010(\u001a\u00020)J:\u00101\u001a\u0002022\u0006\u0010(\u001a\u00020)2\u0006\u00103\u001a\u0002042\u0006\u0010,\u001a\u00020+2\f\u00105\u001a\b\u0012\u0004\u0012\u00020\u0004062\f\u00107\u001a\b\u0012\u0004\u0012\u00020\u000406J\u0010\u00108\u001a\u0002092\u0006\u0010:\u001a\u00020;H\u0002J\u0006\u0010<\u001a\u00020'J<\u0010=\u001a\u000e\u0012\u0004\u0012\u00020?\u0012\u0004\u0012\u00020?0>2\u0006\u0010@\u001a\u00020A2\u0006\u0010B\u001a\u00020A2\n\b\u0002\u0010C\u001a\u0004\u0018\u00010?2\n\b\u0002\u0010D\u001a\u0004\u0018\u00010?H\u0002J\u000e\u0010E\u001a\u00020)2\u0006\u0010#\u001a\u00020\u0004J\u001e\u0010F\u001a\u00020)2\u0006\u0010G\u001a\u00020\u00042\u0006\u0010$\u001a\u00020\u00042\u0006\u0010%\u001a\u00020\u0004J\u001e\u0010H\u001a\u00020+2\u0006\u0010I\u001a\u00020\u001a2\u0006\u0010\u001e\u001a\u00020\u00042\u0006\u0010J\u001a\u00020\u0004J\u001e\u0010K\u001a\u0002022\u0006\u0010\u001b\u001a\u00020\u001c2\u0006\u0010\u001d\u001a\u00020\u00042\u0006\u0010J\u001a\u00020\u0004J\u000e\u0010L\u001a\u0002022\u0006\u0010M\u001a\u00020\u001cJ&\u0010N\u001a\u00020'2\u0006\u0010\u001b\u001a\u00020\u001c2\u0006\u0010\u001d\u001a\u00020\u00042\u0006\u0010\u001e\u001a\u00020\u00042\u0006\u0010J\u001a\u00020\u0004J\u0018\u0010O\u001a\u00020\u001a2\u0006\u0010P\u001a\u00020Q2\u0006\u0010\u001d\u001a\u00020\u0004H\u0007J\u0018\u0010O\u001a\u00020\u001a2\u0006\u0010\u001b\u001a\u00020\u001c2\u0006\u0010\u001d\u001a\u00020\u0004H\u0007J4\u0010R\u001a\u00020'2\u0006\u0010\u001b\u001a\u00020\u001c2\u0006\u0010\u001d\u001a\u00020\u00042\u0006\u0010\u001e\u001a\u00020\u00042\u0006\u0010J\u001a\u00020\u00042\f\u0010S\u001a\b\u0012\u0004\u0012\u00020+0TJ\u0016\u0010U\u001a\u00020\u001a2\u0006\u0010\u001b\u001a\u00020\u001c2\u0006\u0010\u001d\u001a\u00020\u0004J\u0016\u0010V\u001a\u00020W2\u0006\u0010X\u001a\u0002022\u0006\u0010M\u001a\u00020\u001cJ\u001e\u0010Y\u001a\u00020W2\u0006\u0010I\u001a\u00020\u001a2\u0006\u0010\u001b\u001a\u00020\u001c2\u0006\u0010\u001d\u001a\u00020\u0004J\u0018\u0010Z\u001a\u0002022\u0006\u0010[\u001a\u00020\\2\u0006\u0010]\u001a\u00020^H\u0002J\u001a\u0010_\u001a\u00020W*\u00020\u001a2\u0006\u0010J\u001a\u00020\u00042\u0006\u0010`\u001a\u00020aJ5\u0010b\u001a\u00020W*\u00020\u001a2\u0006\u0010J\u001a\u00020\u00042\u0006\u0010:\u001a\u00020;2\u0006\u0010c\u001a\u00020d2\f\u0010e\u001a\b\u0012\u0004\u0012\u00020a0f¢\u0006\u0002\u0010gR\u0014\u0010\u0003\u001a\u00020\u0004X\u0086D¢\u0006\b\n��\u001a\u0004\b\u0005\u0010\u0006R\u0014\u0010\u0007\u001a\u00020\u0004X\u0086D¢\u0006\b\n��\u001a\u0004\b\b\u0010\u0006R\u0014\u0010\t\u001a\u00020\u0004X\u0086D¢\u0006\b\n��\u001a\u0004\b\n\u0010\u0006R\u0014\u0010\u000b\u001a\u00020\u0004X\u0086D¢\u0006\b\n��\u001a\u0004\b\f\u0010\u0006R\u0014\u0010\r\u001a\u00020\u0004X\u0086D¢\u0006\b\n��\u001a\u0004\b\u000e\u0010\u0006R\u0014\u0010\u000f\u001a\u00020\u0004X\u0086D¢\u0006\b\n��\u001a\u0004\b\u0010\u0010\u0006R\u0014\u0010\u0011\u001a\u00020\u0004X\u0086D¢\u0006\b\n��\u001a\u0004\b\u0012\u0010\u0006R\u0014\u0010\u0013\u001a\u00020\u0004X\u0086D¢\u0006\b\n��\u001a\u0004\b\u0014\u0010\u0006R\u0014\u0010\u0015\u001a\u00020\u0004X\u0086D¢\u0006\b\n��\u001a\u0004\b\u0016\u0010\u0006R\u0014\u0010\u0017\u001a\u00020\u0004X\u0086D¢\u0006\b\n��\u001a\u0004\b\u0018\u0010\u0006¨\u0006i"}, d2 = {"Lnet/corda/core/crypto/X509Utilities;", "", "()V", "CORDA_CLIENT_CA", "", "getCORDA_CLIENT_CA", "()Ljava/lang/String;", "CORDA_CLIENT_CA_PRIVATE_KEY", "getCORDA_CLIENT_CA_PRIVATE_KEY", "CORDA_INTERMEDIATE_CA", "getCORDA_INTERMEDIATE_CA", "CORDA_INTERMEDIATE_CA_PRIVATE_KEY", "getCORDA_INTERMEDIATE_CA_PRIVATE_KEY", "CORDA_ROOT_CA", "getCORDA_ROOT_CA", "CORDA_ROOT_CA_PRIVATE_KEY", "getCORDA_ROOT_CA_PRIVATE_KEY", "ECDSA_CURVE", "getECDSA_CURVE", "KEYSTORE_TYPE", "getKEYSTORE_TYPE", "KEY_GENERATION_ALGORITHM", "getKEY_GENERATION_ALGORITHM", "SIGNATURE_ALGORITHM", "getSIGNATURE_ALGORITHM", "createCAKeyStoreAndTrustStore", "Ljava/security/KeyStore;", "keyStoreFilePath", "Ljava/nio/file/Path;", "storePassword", "keyPassword", "trustStoreFilePath", TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME, "createCertificateSigningRequest", "Lorg/bouncycastle/pkcs/PKCS10CertificationRequest;", "commonName", "nearestCity", "email", "keyPair", "Ljava/security/KeyPair;", "subject", "Lorg/bouncycastle/asn1/x500/X500Name;", "createIntermediateCert", "Lnet/corda/core/crypto/X509Utilities$CACertAndKey;", "certificateAuthority", "createKeystoreForSSL", "caKeyStore", "caKeyPassword", "createSelfSignedCACert", "createServerCert", "Ljava/security/cert/X509Certificate;", "publicKey", "Ljava/security/PublicKey;", "subjectAlternativeNameDomains", "", "subjectAlternativeNameIps", "createSubjectKeyIdentifier", "Lorg/bouncycastle/asn1/x509/SubjectKeyIdentifier;", DefaultSensitiveStringCodec.BLOWFISH_KEY, "Ljava/security/Key;", "generateECDSAKeyPairForSSL", "getCertificateValidityWindow", "Lkotlin/Pair;", "Ljava/util/Date;", "daysBefore", "", "daysAfter", "parentNotBefore", "parentNotAfter", "getDevX509Name", "getX509Name", "myLegalName", "loadCertificateAndKey", "keyStore", "alias", "loadCertificateFromKeyStore", "loadCertificateFromPEMFile", "filename", "loadKeyPairFromKeyStore", "loadKeyStore", "input", "Ljava/io/InputStream;", "loadOrCreateKeyPairFromKeyStore", "keyGenerator", "Lkotlin/Function0;", "loadOrCreateKeyStore", "saveCertificateAsPEMFile", "", "x509Certificate", "saveKeyStore", "signCertificate", "certificateBuilder", "Lorg/bouncycastle/cert/X509v3CertificateBuilder;", "signedWithPrivateKey", "Ljava/security/PrivateKey;", "addOrReplaceCertificate", "cert", "Ljava/security/cert/Certificate;", "addOrReplaceKey", "password", "", "chain", "", "(Ljava/security/KeyStore;Ljava/lang/String;Ljava/security/Key;[C[Ljava/security/cert/Certificate;)V", "CACertAndKey", "core_main"})
/* loaded from: input_file:core-0.11.2.jar:net/corda/core/crypto/X509Utilities.class */
public final class X509Utilities {

    @NotNull
    private static final String SIGNATURE_ALGORITHM = "SHA256withECDSA";

    @NotNull
    private static final String KEY_GENERATION_ALGORITHM = "ECDSA";

    @NotNull
    private static final String ECDSA_CURVE = "secp256r1";

    @NotNull
    private static final String KEYSTORE_TYPE = "JKS";

    @NotNull
    private static final String CORDA_ROOT_CA_PRIVATE_KEY = "cordarootcaprivatekey";

    @NotNull
    private static final String CORDA_ROOT_CA = "cordarootca";

    @NotNull
    private static final String CORDA_INTERMEDIATE_CA_PRIVATE_KEY = "cordaintermediatecaprivatekey";

    @NotNull
    private static final String CORDA_INTERMEDIATE_CA = "cordaintermediateca";

    @NotNull
    private static final String CORDA_CLIENT_CA_PRIVATE_KEY = "cordaclientcaprivatekey";

    @NotNull
    private static final String CORDA_CLIENT_CA = "cordaclientca";
    public static final X509Utilities INSTANCE = null;

    /* compiled from: X509Utilities.kt */
    @Metadata(mv = {1, 1, 5}, bv = {1, 0, 1}, k = 1, d1 = {"��,\n\u0002\u0018\u0002\n\u0002\u0010��\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\t\n\u0002\u0010\u000b\n\u0002\b\u0002\n\u0002\u0010\b\n��\n\u0002\u0010\u000e\n��\b\u0086\b\u0018��2\u00020\u0001B\u0015\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005¢\u0006\u0002\u0010\u0006J\t\u0010\u000b\u001a\u00020\u0003HÆ\u0003J\t\u0010\f\u001a\u00020\u0005HÆ\u0003J\u001d\u0010\r\u001a\u00020��2\b\b\u0002\u0010\u0002\u001a\u00020\u00032\b\b\u0002\u0010\u0004\u001a\u00020\u0005HÆ\u0001J\u0013\u0010\u000e\u001a\u00020\u000f2\b\u0010\u0010\u001a\u0004\u0018\u00010\u0001HÖ\u0003J\t\u0010\u0011\u001a\u00020\u0012HÖ\u0001J\t\u0010\u0013\u001a\u00020\u0014HÖ\u0001R\u0011\u0010\u0002\u001a\u00020\u0003¢\u0006\b\n��\u001a\u0004\b\u0007\u0010\bR\u0011\u0010\u0004\u001a\u00020\u0005¢\u0006\b\n��\u001a\u0004\b\t\u0010\n¨\u0006\u0015"}, d2 = {"Lnet/corda/core/crypto/X509Utilities$CACertAndKey;", "", "certificate", "Ljava/security/cert/X509Certificate;", "keyPair", "Ljava/security/KeyPair;", "(Ljava/security/cert/X509Certificate;Ljava/security/KeyPair;)V", "getCertificate", "()Ljava/security/cert/X509Certificate;", "getKeyPair", "()Ljava/security/KeyPair;", "component1", "component2", "copy", "equals", "", "other", "hashCode", "", "toString", "", "core_main"})
    /* loaded from: input_file:core-0.11.2.jar:net/corda/core/crypto/X509Utilities$CACertAndKey.class */
    public static final class CACertAndKey {

        @NotNull
        private final X509Certificate certificate;

        @NotNull
        private final KeyPair keyPair;

        @NotNull
        public final X509Certificate getCertificate() {
            return this.certificate;
        }

        @NotNull
        public final KeyPair getKeyPair() {
            return this.keyPair;
        }

        public CACertAndKey(@NotNull X509Certificate certificate, @NotNull KeyPair keyPair) {
            Intrinsics.checkParameterIsNotNull(certificate, "certificate");
            Intrinsics.checkParameterIsNotNull(keyPair, "keyPair");
            this.certificate = certificate;
            this.keyPair = keyPair;
        }

        @NotNull
        public final X509Certificate component1() {
            return this.certificate;
        }

        @NotNull
        public final KeyPair component2() {
            return this.keyPair;
        }

        @NotNull
        public final CACertAndKey copy(@NotNull X509Certificate certificate, @NotNull KeyPair keyPair) {
            Intrinsics.checkParameterIsNotNull(certificate, "certificate");
            Intrinsics.checkParameterIsNotNull(keyPair, "keyPair");
            return new CACertAndKey(certificate, keyPair);
        }

        @NotNull
        public static /* bridge */ /* synthetic */ CACertAndKey copy$default(CACertAndKey cACertAndKey, X509Certificate x509Certificate, KeyPair keyPair, int i, Object obj) {
            if ((i & 1) != 0) {
                x509Certificate = cACertAndKey.certificate;
            }
            if ((i & 2) != 0) {
                keyPair = cACertAndKey.keyPair;
            }
            return cACertAndKey.copy(x509Certificate, keyPair);
        }

        public String toString() {
            return "CACertAndKey(certificate=" + this.certificate + ", keyPair=" + this.keyPair + ")";
        }

        public int hashCode() {
            X509Certificate x509Certificate = this.certificate;
            int hashCode = (x509Certificate != null ? x509Certificate.hashCode() : 0) * 31;
            KeyPair keyPair = this.keyPair;
            return hashCode + (keyPair != null ? keyPair.hashCode() : 0);
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (!(obj instanceof CACertAndKey)) {
                return false;
            }
            CACertAndKey cACertAndKey = (CACertAndKey) obj;
            return Intrinsics.areEqual(this.certificate, cACertAndKey.certificate) && Intrinsics.areEqual(this.keyPair, cACertAndKey.keyPair);
        }
    }

    @NotNull
    public final String getSIGNATURE_ALGORITHM() {
        return SIGNATURE_ALGORITHM;
    }

    @NotNull
    public final String getKEY_GENERATION_ALGORITHM() {
        return KEY_GENERATION_ALGORITHM;
    }

    @NotNull
    public final String getECDSA_CURVE() {
        return ECDSA_CURVE;
    }

    @NotNull
    public final String getKEYSTORE_TYPE() {
        return KEYSTORE_TYPE;
    }

    @NotNull
    public final String getCORDA_ROOT_CA_PRIVATE_KEY() {
        return CORDA_ROOT_CA_PRIVATE_KEY;
    }

    @NotNull
    public final String getCORDA_ROOT_CA() {
        return CORDA_ROOT_CA;
    }

    @NotNull
    public final String getCORDA_INTERMEDIATE_CA_PRIVATE_KEY() {
        return CORDA_INTERMEDIATE_CA_PRIVATE_KEY;
    }

    @NotNull
    public final String getCORDA_INTERMEDIATE_CA() {
        return CORDA_INTERMEDIATE_CA;
    }

    @NotNull
    public final String getCORDA_CLIENT_CA_PRIVATE_KEY() {
        return CORDA_CLIENT_CA_PRIVATE_KEY;
    }

    @NotNull
    public final String getCORDA_CLIENT_CA() {
        return CORDA_CLIENT_CA;
    }

    private final Pair<Date, Date> getCertificateValidityWindow(int i, int i2, Date date, Date date2) {
        Instant truncatedTo = Instant.now().truncatedTo(ChronoUnit.DAYS);
        Date from = Date.from(truncatedTo.minus(i, (TemporalUnit) ChronoUnit.DAYS));
        if (date != null && date.after(from)) {
            from = date;
        }
        Date from2 = Date.from(truncatedTo.plus(i2, (TemporalUnit) ChronoUnit.DAYS));
        if (date2 != null && date2.after(from2)) {
            from2 = date2;
        }
        return new Pair<>(from, from2);
    }

    static /* bridge */ /* synthetic */ Pair getCertificateValidityWindow$default(X509Utilities x509Utilities, int i, int i2, Date date, Date date2, int i3, Object obj) {
        if ((i3 & 4) != 0) {
            date = (Date) null;
        }
        if ((i3 & 8) != 0) {
            date2 = (Date) null;
        }
        return x509Utilities.getCertificateValidityWindow(i, i2, date, date2);
    }

    private final SubjectKeyIdentifier createSubjectKeyIdentifier(Key key) {
        SubjectKeyIdentifier createSubjectKeyIdentifier = new BcX509ExtensionUtils().createSubjectKeyIdentifier(SubjectPublicKeyInfo.getInstance(key.getEncoded()));
        Intrinsics.checkExpressionValueIsNotNull(createSubjectKeyIdentifier, "BcX509ExtensionUtils().c…ubjectKeyIdentifier(info)");
        return createSubjectKeyIdentifier;
    }

    private final X509Certificate signCertificate(X509v3CertificateBuilder x509v3CertificateBuilder, PrivateKey privateKey) {
        X509Certificate certificate = new JcaX509CertificateConverter().setProvider(BouncyCastleProvider.PROVIDER_NAME).getCertificate(x509v3CertificateBuilder.build(new JcaContentSignerBuilder(SIGNATURE_ALGORITHM).setProvider(BouncyCastleProvider.PROVIDER_NAME).build(privateKey)));
        Intrinsics.checkExpressionValueIsNotNull(certificate, "JcaX509CertificateConver…ateBuilder.build(signer))");
        return certificate;
    }

    @NotNull
    public final X500Name getDevX509Name(@NotNull String commonName) {
        Intrinsics.checkParameterIsNotNull(commonName, "commonName");
        X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
        x500NameBuilder.addRDN(BCStyle.CN, commonName);
        x500NameBuilder.addRDN(BCStyle.O, "R3");
        x500NameBuilder.addRDN(BCStyle.OU, "corda");
        x500NameBuilder.addRDN(BCStyle.L, "London");
        x500NameBuilder.addRDN(BCStyle.C, "UK");
        X500Name build = x500NameBuilder.build();
        Intrinsics.checkExpressionValueIsNotNull(build, "nameBuilder.build()");
        return build;
    }

    @NotNull
    public final X500Name getX509Name(@NotNull String myLegalName, @NotNull String nearestCity, @NotNull String email) {
        Intrinsics.checkParameterIsNotNull(myLegalName, "myLegalName");
        Intrinsics.checkParameterIsNotNull(nearestCity, "nearestCity");
        Intrinsics.checkParameterIsNotNull(email, "email");
        X500Name build = new X500NameBuilder(BCStyle.INSTANCE).addRDN(BCStyle.CN, myLegalName).addRDN(BCStyle.L, nearestCity).addRDN(BCStyle.E, email).build();
        Intrinsics.checkExpressionValueIsNotNull(build, "X500NameBuilder(BCStyle.…BCStyle.E, email).build()");
        return build;
    }

    @NotNull
    public final KeyStore loadOrCreateKeyStore(@NotNull Path keyStoreFilePath, @NotNull String storePassword) {
        Intrinsics.checkParameterIsNotNull(keyStoreFilePath, "keyStoreFilePath");
        Intrinsics.checkParameterIsNotNull(storePassword, "storePassword");
        if (storePassword == null) {
            throw new TypeCastException("null cannot be cast to non-null type java.lang.String");
        }
        char[] charArray = storePassword.toCharArray();
        Intrinsics.checkExpressionValueIsNotNull(charArray, "(this as java.lang.String).toCharArray()");
        KeyStore keyStore = KeyStore.getInstance(KEYSTORE_TYPE);
        if (Utils.exists(keyStoreFilePath, new LinkOption[0])) {
            OpenOption[] openOptionArr = new OpenOption[0];
            InputStream newInputStream = Files.newInputStream(keyStoreFilePath, (OpenOption[]) Arrays.copyOf(openOptionArr, openOptionArr.length));
            try {
                try {
                    keyStore.load(newInputStream, charArray);
                    Unit unit = Unit.INSTANCE;
                    if (0 == 0 && newInputStream != null) {
                        newInputStream.close();
                    }
                } catch (Throwable th) {
                    if (0 == 0 && newInputStream != null) {
                        newInputStream.close();
                    }
                    throw th;
                }
            } catch (Exception e) {
                if (newInputStream != null) {
                    try {
                        newInputStream.close();
                    } catch (Exception e2) {
                        throw e;
                    }
                }
                throw e;
            }
        } else {
            keyStore.load(null, charArray);
            boolean z = false;
            OpenOption[] openOptionArr2 = null;
            if ((3 & 1) != 0) {
                z = false;
            }
            if ((3 & 2) != 0) {
                openOptionArr2 = new OpenOption[0];
            }
            if (z) {
                Path parent = keyStoreFilePath.normalize().getParent();
                if (parent != null) {
                    Utils.createDirectories(parent, new FileAttribute[0]);
                }
            }
            OpenOption[] openOptionArr3 = openOptionArr2;
            OutputStream newOutputStream = Files.newOutputStream(keyStoreFilePath, (OpenOption[]) Arrays.copyOf(openOptionArr3, openOptionArr3.length));
            try {
                try {
                    keyStore.store(newOutputStream, charArray);
                    Unit unit2 = Unit.INSTANCE;
                    if (0 == 0 && newOutputStream != null) {
                        newOutputStream.close();
                    }
                } catch (Throwable th2) {
                    if (0 == 0 && newOutputStream != null) {
                        newOutputStream.close();
                    }
                    throw th2;
                }
            } catch (Exception e3) {
                if (newOutputStream != null) {
                    try {
                        newOutputStream.close();
                    } catch (Exception e4) {
                        throw e3;
                    }
                }
                throw e3;
            }
        }
        Intrinsics.checkExpressionValueIsNotNull(keyStore, "keyStore");
        return keyStore;
    }

    @NotNull
    public final KeyStore loadKeyStore(@NotNull Path keyStoreFilePath, @NotNull String storePassword) throws KeyStoreException, IOException {
        Intrinsics.checkParameterIsNotNull(keyStoreFilePath, "keyStoreFilePath");
        Intrinsics.checkParameterIsNotNull(storePassword, "storePassword");
        if (storePassword == null) {
            throw new TypeCastException("null cannot be cast to non-null type java.lang.String");
        }
        char[] charArray = storePassword.toCharArray();
        Intrinsics.checkExpressionValueIsNotNull(charArray, "(this as java.lang.String).toCharArray()");
        KeyStore keyStore = KeyStore.getInstance(KEYSTORE_TYPE);
        OpenOption[] openOptionArr = new OpenOption[0];
        InputStream newInputStream = Files.newInputStream(keyStoreFilePath, (OpenOption[]) Arrays.copyOf(openOptionArr, openOptionArr.length));
        try {
            try {
                keyStore.load(newInputStream, charArray);
                Unit unit = Unit.INSTANCE;
                if (0 == 0 && newInputStream != null) {
                    newInputStream.close();
                }
                Intrinsics.checkExpressionValueIsNotNull(keyStore, "keyStore");
                return keyStore;
            } catch (Exception e) {
                if (newInputStream != null) {
                    try {
                        newInputStream.close();
                    } catch (Exception e2) {
                        throw e;
                    }
                }
                throw e;
            }
        } catch (Throwable th) {
            if (0 == 0 && newInputStream != null) {
                newInputStream.close();
            }
            throw th;
        }
    }

    @NotNull
    public final KeyStore loadKeyStore(@NotNull InputStream input, @NotNull String storePassword) throws KeyStoreException, IOException {
        Intrinsics.checkParameterIsNotNull(input, "input");
        Intrinsics.checkParameterIsNotNull(storePassword, "storePassword");
        if (storePassword == null) {
            throw new TypeCastException("null cannot be cast to non-null type java.lang.String");
        }
        char[] charArray = storePassword.toCharArray();
        Intrinsics.checkExpressionValueIsNotNull(charArray, "(this as java.lang.String).toCharArray()");
        KeyStore keyStore = KeyStore.getInstance(KEYSTORE_TYPE);
        InputStream inputStream = input;
        boolean z = false;
        try {
            try {
                InputStream inputStream2 = inputStream;
                keyStore.load(input, charArray);
                Unit unit = Unit.INSTANCE;
                if (0 == 0 && inputStream != null) {
                    inputStream.close();
                }
                Intrinsics.checkExpressionValueIsNotNull(keyStore, "keyStore");
                return keyStore;
            } catch (Exception e) {
                z = true;
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (Exception e2) {
                        throw e;
                    }
                }
                throw e;
            }
        } catch (Throwable th) {
            if (!z && inputStream != null) {
                inputStream.close();
            }
            throw th;
        }
    }

    public final void saveKeyStore(@NotNull KeyStore keyStore, @NotNull Path keyStoreFilePath, @NotNull String storePassword) {
        Intrinsics.checkParameterIsNotNull(keyStore, "keyStore");
        Intrinsics.checkParameterIsNotNull(keyStoreFilePath, "keyStoreFilePath");
        Intrinsics.checkParameterIsNotNull(storePassword, "storePassword");
        if (storePassword == null) {
            throw new TypeCastException("null cannot be cast to non-null type java.lang.String");
        }
        char[] charArray = storePassword.toCharArray();
        Intrinsics.checkExpressionValueIsNotNull(charArray, "(this as java.lang.String).toCharArray()");
        boolean z = false;
        OpenOption[] openOptionArr = null;
        if ((3 & 1) != 0) {
            z = false;
        }
        if ((3 & 2) != 0) {
            openOptionArr = new OpenOption[0];
        }
        if (z) {
            Path parent = keyStoreFilePath.normalize().getParent();
            if (parent != null) {
                Utils.createDirectories(parent, new FileAttribute[0]);
            }
        }
        OpenOption[] openOptionArr2 = openOptionArr;
        OutputStream newOutputStream = Files.newOutputStream(keyStoreFilePath, (OpenOption[]) Arrays.copyOf(openOptionArr2, openOptionArr2.length));
        boolean z2 = false;
        try {
            try {
                keyStore.store(newOutputStream, charArray);
                Unit unit = Unit.INSTANCE;
                if (0 == 0 && newOutputStream != null) {
                    newOutputStream.close();
                }
            } catch (Exception e) {
                z2 = true;
                if (newOutputStream != null) {
                    try {
                        newOutputStream.close();
                    } catch (Exception e2) {
                        throw e;
                    }
                }
                throw e;
            }
        } catch (Throwable th) {
            if (!z2 && newOutputStream != null) {
                newOutputStream.close();
            }
            throw th;
        }
    }

    public final void addOrReplaceKey(@NotNull KeyStore receiver, @NotNull String alias, @NotNull Key key, @NotNull char[] password, @NotNull Certificate[] chain) {
        Intrinsics.checkParameterIsNotNull(receiver, "$receiver");
        Intrinsics.checkParameterIsNotNull(alias, "alias");
        Intrinsics.checkParameterIsNotNull(key, "key");
        Intrinsics.checkParameterIsNotNull(password, "password");
        Intrinsics.checkParameterIsNotNull(chain, "chain");
        try {
            receiver.deleteEntry(alias);
        } catch (KeyStoreException e) {
        }
        receiver.setKeyEntry(alias, key, password, chain);
    }

    public final void addOrReplaceCertificate(@NotNull KeyStore receiver, @NotNull String alias, @NotNull Certificate cert) {
        Intrinsics.checkParameterIsNotNull(receiver, "$receiver");
        Intrinsics.checkParameterIsNotNull(alias, "alias");
        Intrinsics.checkParameterIsNotNull(cert, "cert");
        try {
            receiver.deleteEntry(alias);
        } catch (KeyStoreException e) {
        }
        receiver.setCertificateEntry(alias, cert);
    }

    @NotNull
    public final KeyPair generateECDSAKeyPairForSSL() {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEY_GENERATION_ALGORITHM, BouncyCastleProvider.PROVIDER_NAME);
        keyPairGenerator.initialize(new ECGenParameterSpec(ECDSA_CURVE), CryptoUtils.newSecureRandom());
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        Intrinsics.checkExpressionValueIsNotNull(generateKeyPair, "keyGen.generateKeyPair()");
        return generateKeyPair;
    }

    @Deprecated(message = "Use [createCertificateSigningRequest(X500Name, KeyPair)] instead, specifying full legal name")
    @NotNull
    public final PKCS10CertificationRequest createCertificateSigningRequest(@NotNull String commonName, @NotNull String nearestCity, @NotNull String email, @NotNull KeyPair keyPair) {
        Intrinsics.checkParameterIsNotNull(commonName, "commonName");
        Intrinsics.checkParameterIsNotNull(nearestCity, "nearestCity");
        Intrinsics.checkParameterIsNotNull(email, "email");
        Intrinsics.checkParameterIsNotNull(keyPair, "keyPair");
        return createCertificateSigningRequest(getX509Name(commonName, nearestCity, email), keyPair);
    }

    @NotNull
    public final PKCS10CertificationRequest createCertificateSigningRequest(@NotNull X500Name subject, @NotNull KeyPair keyPair) {
        Intrinsics.checkParameterIsNotNull(subject, "subject");
        Intrinsics.checkParameterIsNotNull(keyPair, "keyPair");
        PKCS10CertificationRequest build = new JcaPKCS10CertificationRequestBuilder(subject, keyPair.getPublic()).build(new JcaContentSignerBuilder(SIGNATURE_ALGORITHM).setProvider(BouncyCastleProvider.PROVIDER_NAME).build(keyPair.getPrivate()));
        Intrinsics.checkExpressionValueIsNotNull(build, "JcaPKCS10CertificationRe…air.public).build(signer)");
        return build;
    }

    @Deprecated(message = "Use [createSelfSignedCACert(X500Name)] instead, specifying full legal name")
    @NotNull
    public final CACertAndKey createSelfSignedCACert(@NotNull String commonName) {
        Intrinsics.checkParameterIsNotNull(commonName, "commonName");
        return createSelfSignedCACert(getDevX509Name(commonName));
    }

    @NotNull
    public final CACertAndKey createSelfSignedCACert(@NotNull X500Name subject) {
        Intrinsics.checkParameterIsNotNull(subject, "subject");
        KeyPair generateECDSAKeyPairForSSL = generateECDSAKeyPairForSSL();
        BigInteger valueOf = BigInteger.valueOf(Utils.random63BitValue());
        PublicKey pubKey = generateECDSAKeyPairForSSL.getPublic();
        Pair certificateValidityWindow$default = getCertificateValidityWindow$default(this, 0, 3650, null, null, 12, null);
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(subject, valueOf, (Date) certificateValidityWindow$default.getFirst(), (Date) certificateValidityWindow$default.getSecond(), subject, pubKey);
        ASN1ObjectIdentifier aSN1ObjectIdentifier = Extension.subjectKeyIdentifier;
        Intrinsics.checkExpressionValueIsNotNull(pubKey, "pubKey");
        jcaX509v3CertificateBuilder.addExtension(aSN1ObjectIdentifier, false, (ASN1Encodable) createSubjectKeyIdentifier(pubKey));
        jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, (ASN1Encodable) new BasicConstraints(2));
        jcaX509v3CertificateBuilder.addExtension(Extension.keyUsage, false, (ASN1Encodable) new KeyUsage(182));
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(KeyPurposeId.id_kp_serverAuth);
        aSN1EncodableVector.add(KeyPurposeId.id_kp_clientAuth);
        aSN1EncodableVector.add(KeyPurposeId.anyExtendedKeyUsage);
        jcaX509v3CertificateBuilder.addExtension(Extension.extendedKeyUsage, false, (ASN1Encodable) new DERSequence(aSN1EncodableVector));
        PrivateKey privateKey = generateECDSAKeyPairForSSL.getPrivate();
        Intrinsics.checkExpressionValueIsNotNull(privateKey, "keyPair.private");
        X509Certificate signCertificate = signCertificate(jcaX509v3CertificateBuilder, privateKey);
        signCertificate.checkValidity(new Date());
        signCertificate.verify(pubKey);
        return new CACertAndKey(signCertificate, generateECDSAKeyPairForSSL);
    }

    @Deprecated(message = "Use [createIntermediateCert(X500Name, CACertAndKey)] instead, specifying full legal name")
    @NotNull
    public final CACertAndKey createIntermediateCert(@NotNull String commonName, @NotNull CACertAndKey certificateAuthority) {
        Intrinsics.checkParameterIsNotNull(commonName, "commonName");
        Intrinsics.checkParameterIsNotNull(certificateAuthority, "certificateAuthority");
        return createIntermediateCert(getDevX509Name(commonName), certificateAuthority);
    }

    @NotNull
    public final CACertAndKey createIntermediateCert(@NotNull X500Name subject, @NotNull CACertAndKey certificateAuthority) {
        Intrinsics.checkParameterIsNotNull(subject, "subject");
        Intrinsics.checkParameterIsNotNull(certificateAuthority, "certificateAuthority");
        KeyPair generateECDSAKeyPairForSSL = generateECDSAKeyPairForSSL();
        X500Name subject2 = new X509CertificateHolder(certificateAuthority.getCertificate().getEncoded()).getSubject();
        BigInteger valueOf = BigInteger.valueOf(Utils.random63BitValue());
        PublicKey pubKey = generateECDSAKeyPairForSSL.getPublic();
        Pair<Date, Date> certificateValidityWindow = getCertificateValidityWindow(0, 3650, certificateAuthority.getCertificate().getNotBefore(), certificateAuthority.getCertificate().getNotAfter());
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(subject2, valueOf, certificateValidityWindow.getFirst(), certificateValidityWindow.getSecond(), subject, pubKey);
        ASN1ObjectIdentifier aSN1ObjectIdentifier = Extension.subjectKeyIdentifier;
        Intrinsics.checkExpressionValueIsNotNull(pubKey, "pubKey");
        jcaX509v3CertificateBuilder.addExtension(aSN1ObjectIdentifier, false, (ASN1Encodable) createSubjectKeyIdentifier(pubKey));
        jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, true, (ASN1Encodable) new BasicConstraints(1));
        jcaX509v3CertificateBuilder.addExtension(Extension.keyUsage, false, (ASN1Encodable) new KeyUsage(182));
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(KeyPurposeId.id_kp_serverAuth);
        aSN1EncodableVector.add(KeyPurposeId.id_kp_clientAuth);
        aSN1EncodableVector.add(KeyPurposeId.anyExtendedKeyUsage);
        jcaX509v3CertificateBuilder.addExtension(Extension.extendedKeyUsage, false, (ASN1Encodable) new DERSequence(aSN1EncodableVector));
        PrivateKey privateKey = certificateAuthority.getKeyPair().getPrivate();
        Intrinsics.checkExpressionValueIsNotNull(privateKey, "certificateAuthority.keyPair.private");
        X509Certificate signCertificate = signCertificate(jcaX509v3CertificateBuilder, privateKey);
        signCertificate.checkValidity(new Date());
        signCertificate.verify(certificateAuthority.getKeyPair().getPublic());
        return new CACertAndKey(signCertificate, generateECDSAKeyPairForSSL);
    }

    @NotNull
    public final X509Certificate createServerCert(@NotNull X500Name subject, @NotNull PublicKey publicKey, @NotNull CACertAndKey certificateAuthority, @NotNull List<String> subjectAlternativeNameDomains, @NotNull List<String> subjectAlternativeNameIps) {
        Intrinsics.checkParameterIsNotNull(subject, "subject");
        Intrinsics.checkParameterIsNotNull(publicKey, "publicKey");
        Intrinsics.checkParameterIsNotNull(certificateAuthority, "certificateAuthority");
        Intrinsics.checkParameterIsNotNull(subjectAlternativeNameDomains, "subjectAlternativeNameDomains");
        Intrinsics.checkParameterIsNotNull(subjectAlternativeNameIps, "subjectAlternativeNameIps");
        X500Name subject2 = new X509CertificateHolder(certificateAuthority.getCertificate().getEncoded()).getSubject();
        BigInteger valueOf = BigInteger.valueOf(Utils.random63BitValue());
        Pair<Date, Date> certificateValidityWindow = getCertificateValidityWindow(0, 3650, certificateAuthority.getCertificate().getNotBefore(), certificateAuthority.getCertificate().getNotAfter());
        JcaX509v3CertificateBuilder jcaX509v3CertificateBuilder = new JcaX509v3CertificateBuilder(subject2, valueOf, certificateValidityWindow.getFirst(), certificateValidityWindow.getSecond(), subject, publicKey);
        jcaX509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, (ASN1Encodable) createSubjectKeyIdentifier(publicKey));
        jcaX509v3CertificateBuilder.addExtension(Extension.basicConstraints, false, (ASN1Encodable) new BasicConstraints(false));
        jcaX509v3CertificateBuilder.addExtension(Extension.keyUsage, false, (ASN1Encodable) new KeyUsage(128));
        ASN1EncodableVector aSN1EncodableVector = new ASN1EncodableVector();
        aSN1EncodableVector.add(KeyPurposeId.id_kp_serverAuth);
        aSN1EncodableVector.add(KeyPurposeId.id_kp_clientAuth);
        jcaX509v3CertificateBuilder.addExtension(Extension.extendedKeyUsage, false, (ASN1Encodable) new DERSequence(aSN1EncodableVector));
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = subjectAlternativeNameDomains.iterator();
        while (it.hasNext()) {
            arrayList.add(new GeneralName(2, it.next()));
        }
        for (String str : subjectAlternativeNameIps) {
            if (IPAddress.isValidIPv6WithNetmask(str) || IPAddress.isValidIPv6(str) || IPAddress.isValidIPv4WithNetmask(str) || IPAddress.isValidIPv4(str)) {
                arrayList.add(new GeneralName(7, str));
            }
        }
        ArrayList arrayList2 = arrayList;
        Object[] array = arrayList2.toArray(new ASN1Encodable[arrayList2.size()]);
        if (array == null) {
            throw new TypeCastException("null cannot be cast to non-null type kotlin.Array<T>");
        }
        jcaX509v3CertificateBuilder.addExtension(Extension.subjectAlternativeName, false, (ASN1Encodable) new DERSequence((ASN1Encodable[]) array));
        PrivateKey privateKey = certificateAuthority.getKeyPair().getPrivate();
        Intrinsics.checkExpressionValueIsNotNull(privateKey, "certificateAuthority.keyPair.private");
        X509Certificate signCertificate = signCertificate(jcaX509v3CertificateBuilder, privateKey);
        signCertificate.checkValidity(new Date());
        signCertificate.verify(certificateAuthority.getKeyPair().getPublic());
        return signCertificate;
    }

    public final void saveCertificateAsPEMFile(@NotNull X509Certificate x509Certificate, @NotNull Path filename) {
        Intrinsics.checkParameterIsNotNull(x509Certificate, "x509Certificate");
        Intrinsics.checkParameterIsNotNull(filename, "filename");
        FileWriter fileWriter = new FileWriter(filename.toFile());
        JcaPEMWriter jcaPEMWriter = (JcaPEMWriter) null;
        try {
            jcaPEMWriter = new JcaPEMWriter(fileWriter);
            jcaPEMWriter.writeObject(x509Certificate);
            jcaPEMWriter.close();
            fileWriter.close();
        } catch (Throwable th) {
            JcaPEMWriter jcaPEMWriter2 = jcaPEMWriter;
            if (jcaPEMWriter2 != null) {
                jcaPEMWriter2.close();
            }
            fileWriter.close();
            throw th;
        }
    }

    @NotNull
    public final X509Certificate loadCertificateFromPEMFile(@NotNull Path filename) {
        Intrinsics.checkParameterIsNotNull(filename, "filename");
        X509Certificate nextCertificate = new CertificateStream(new ByteArrayInputStream(new PemReader(new FileReader(filename.toFile())).readPemObject().getContent())).nextCertificate();
        nextCertificate.checkValidity();
        return nextCertificate;
    }

    @NotNull
    public final KeyPair loadKeyPairFromKeyStore(@NotNull Path keyStoreFilePath, @NotNull String storePassword, @NotNull String keyPassword, @NotNull String alias) {
        Intrinsics.checkParameterIsNotNull(keyStoreFilePath, "keyStoreFilePath");
        Intrinsics.checkParameterIsNotNull(storePassword, "storePassword");
        Intrinsics.checkParameterIsNotNull(keyPassword, "keyPassword");
        Intrinsics.checkParameterIsNotNull(alias, "alias");
        KeyStore loadKeyStore = loadKeyStore(keyStoreFilePath, storePassword);
        if (keyPassword == null) {
            throw new TypeCastException("null cannot be cast to non-null type java.lang.String");
        }
        char[] charArray = keyPassword.toCharArray();
        Intrinsics.checkExpressionValueIsNotNull(charArray, "(this as java.lang.String).toCharArray()");
        Key key = loadKeyStore.getKey(alias, charArray);
        if (key == null) {
            throw new TypeCastException("null cannot be cast to non-null type java.security.PrivateKey");
        }
        PrivateKey privateKey = (PrivateKey) key;
        Certificate certificate = loadKeyStore.getCertificate(alias);
        if (certificate == null) {
            throw new TypeCastException("null cannot be cast to non-null type java.security.cert.X509Certificate");
        }
        return new KeyPair(((X509Certificate) certificate).getPublicKey(), privateKey);
    }

    @NotNull
    public final KeyPair loadOrCreateKeyPairFromKeyStore(@NotNull Path keyStoreFilePath, @NotNull String storePassword, @NotNull String keyPassword, @NotNull String alias, @NotNull Function0<CACertAndKey> keyGenerator) {
        Intrinsics.checkParameterIsNotNull(keyStoreFilePath, "keyStoreFilePath");
        Intrinsics.checkParameterIsNotNull(storePassword, "storePassword");
        Intrinsics.checkParameterIsNotNull(keyPassword, "keyPassword");
        Intrinsics.checkParameterIsNotNull(alias, "alias");
        Intrinsics.checkParameterIsNotNull(keyGenerator, "keyGenerator");
        KeyStore loadKeyStore = loadKeyStore(keyStoreFilePath, storePassword);
        if (!loadKeyStore.containsAlias(alias)) {
            CACertAndKey invoke = keyGenerator.invoke();
            PrivateKey privateKey = invoke.getKeyPair().getPrivate();
            Intrinsics.checkExpressionValueIsNotNull(privateKey, "selfSignCert.keyPair.private");
            PrivateKey privateKey2 = privateKey;
            if (keyPassword == null) {
                throw new TypeCastException("null cannot be cast to non-null type java.lang.String");
            }
            char[] charArray = keyPassword.toCharArray();
            Intrinsics.checkExpressionValueIsNotNull(charArray, "(this as java.lang.String).toCharArray()");
            addOrReplaceKey(loadKeyStore, alias, privateKey2, charArray, new Certificate[]{invoke.getCertificate()});
            saveKeyStore(loadKeyStore, keyStoreFilePath, storePassword);
        }
        Certificate certificate = loadKeyStore.getCertificate(alias);
        if (keyPassword == null) {
            throw new TypeCastException("null cannot be cast to non-null type java.lang.String");
        }
        char[] charArray2 = keyPassword.toCharArray();
        Intrinsics.checkExpressionValueIsNotNull(charArray2, "(this as java.lang.String).toCharArray()");
        Key key = loadKeyStore.getKey(alias, charArray2);
        PublicKey publicKey = certificate.getPublicKey();
        if (key == null) {
            throw new TypeCastException("null cannot be cast to non-null type java.security.PrivateKey");
        }
        return new KeyPair(publicKey, (PrivateKey) key);
    }

    @NotNull
    public final X509Certificate loadCertificateFromKeyStore(@NotNull Path keyStoreFilePath, @NotNull String storePassword, @NotNull String alias) {
        Intrinsics.checkParameterIsNotNull(keyStoreFilePath, "keyStoreFilePath");
        Intrinsics.checkParameterIsNotNull(storePassword, "storePassword");
        Intrinsics.checkParameterIsNotNull(alias, "alias");
        Certificate certificate = loadKeyStore(keyStoreFilePath, storePassword).getCertificate(alias);
        if (certificate == null) {
            throw new TypeCastException("null cannot be cast to non-null type java.security.cert.X509Certificate");
        }
        return (X509Certificate) certificate;
    }

    @NotNull
    public final KeyStore createCAKeyStoreAndTrustStore(@NotNull Path keyStoreFilePath, @NotNull String storePassword, @NotNull String keyPassword, @NotNull Path trustStoreFilePath, @NotNull String trustStorePassword) {
        Intrinsics.checkParameterIsNotNull(keyStoreFilePath, "keyStoreFilePath");
        Intrinsics.checkParameterIsNotNull(storePassword, "storePassword");
        Intrinsics.checkParameterIsNotNull(keyPassword, "keyPassword");
        Intrinsics.checkParameterIsNotNull(trustStoreFilePath, "trustStoreFilePath");
        Intrinsics.checkParameterIsNotNull(trustStorePassword, "trustStorePassword");
        CACertAndKey createSelfSignedCACert = createSelfSignedCACert(getDevX509Name("Corda Node Root CA"));
        CACertAndKey createIntermediateCert = createIntermediateCert(getDevX509Name("Corda Node Intermediate CA"), createSelfSignedCACert);
        if (keyPassword == null) {
            throw new TypeCastException("null cannot be cast to non-null type java.lang.String");
        }
        char[] charArray = keyPassword.toCharArray();
        Intrinsics.checkExpressionValueIsNotNull(charArray, "(this as java.lang.String).toCharArray()");
        KeyStore loadOrCreateKeyStore = loadOrCreateKeyStore(keyStoreFilePath, storePassword);
        String str = CORDA_ROOT_CA_PRIVATE_KEY;
        PrivateKey privateKey = createSelfSignedCACert.getKeyPair().getPrivate();
        Intrinsics.checkExpressionValueIsNotNull(privateKey, "rootCA.keyPair.private");
        addOrReplaceKey(loadOrCreateKeyStore, str, privateKey, charArray, new Certificate[]{createSelfSignedCACert.getCertificate()});
        String str2 = CORDA_INTERMEDIATE_CA_PRIVATE_KEY;
        PrivateKey privateKey2 = createIntermediateCert.getKeyPair().getPrivate();
        Intrinsics.checkExpressionValueIsNotNull(privateKey2, "intermediateCA.keyPair.private");
        addOrReplaceKey(loadOrCreateKeyStore, str2, privateKey2, charArray, new Certificate[]{createIntermediateCert.getCertificate(), createSelfSignedCACert.getCertificate()});
        saveKeyStore(loadOrCreateKeyStore, keyStoreFilePath, storePassword);
        KeyStore loadOrCreateKeyStore2 = loadOrCreateKeyStore(trustStoreFilePath, trustStorePassword);
        addOrReplaceCertificate(loadOrCreateKeyStore2, CORDA_ROOT_CA, createSelfSignedCACert.getCertificate());
        addOrReplaceCertificate(loadOrCreateKeyStore2, CORDA_INTERMEDIATE_CA, createIntermediateCert.getCertificate());
        saveKeyStore(loadOrCreateKeyStore2, trustStoreFilePath, trustStorePassword);
        return loadOrCreateKeyStore;
    }

    @NotNull
    public final CACertAndKey loadCertificateAndKey(@NotNull KeyStore keyStore, @NotNull String keyPassword, @NotNull String alias) {
        Intrinsics.checkParameterIsNotNull(keyStore, "keyStore");
        Intrinsics.checkParameterIsNotNull(keyPassword, "keyPassword");
        Intrinsics.checkParameterIsNotNull(alias, "alias");
        if (keyPassword == null) {
            throw new TypeCastException("null cannot be cast to non-null type java.lang.String");
        }
        char[] charArray = keyPassword.toCharArray();
        Intrinsics.checkExpressionValueIsNotNull(charArray, "(this as java.lang.String).toCharArray()");
        Key key = keyStore.getKey(alias, charArray);
        if (key == null) {
            throw new TypeCastException("null cannot be cast to non-null type java.security.PrivateKey");
        }
        PrivateKey privateKey = (PrivateKey) key;
        Certificate certificate = keyStore.getCertificate(alias);
        if (certificate == null) {
            throw new TypeCastException("null cannot be cast to non-null type java.security.cert.X509Certificate");
        }
        X509Certificate x509Certificate = (X509Certificate) certificate;
        return new CACertAndKey(x509Certificate, new KeyPair(x509Certificate.getPublicKey(), privateKey));
    }

    @NotNull
    public final KeyStore createKeystoreForSSL(@NotNull Path keyStoreFilePath, @NotNull String storePassword, @NotNull String keyPassword, @NotNull KeyStore caKeyStore, @NotNull String caKeyPassword, @NotNull String commonName) {
        Intrinsics.checkParameterIsNotNull(keyStoreFilePath, "keyStoreFilePath");
        Intrinsics.checkParameterIsNotNull(storePassword, "storePassword");
        Intrinsics.checkParameterIsNotNull(keyPassword, "keyPassword");
        Intrinsics.checkParameterIsNotNull(caKeyStore, "caKeyStore");
        Intrinsics.checkParameterIsNotNull(caKeyPassword, "caKeyPassword");
        Intrinsics.checkParameterIsNotNull(commonName, "commonName");
        return createKeystoreForSSL(keyStoreFilePath, storePassword, keyPassword, caKeyStore, caKeyPassword, getDevX509Name(commonName));
    }

    @NotNull
    public final KeyStore createKeystoreForSSL(@NotNull Path keyStoreFilePath, @NotNull String storePassword, @NotNull String keyPassword, @NotNull KeyStore caKeyStore, @NotNull String caKeyPassword, @NotNull X500Name commonName) {
        Intrinsics.checkParameterIsNotNull(keyStoreFilePath, "keyStoreFilePath");
        Intrinsics.checkParameterIsNotNull(storePassword, "storePassword");
        Intrinsics.checkParameterIsNotNull(keyPassword, "keyPassword");
        Intrinsics.checkParameterIsNotNull(caKeyStore, "caKeyStore");
        Intrinsics.checkParameterIsNotNull(caKeyPassword, "caKeyPassword");
        Intrinsics.checkParameterIsNotNull(commonName, "commonName");
        CACertAndKey loadCertificateAndKey = INSTANCE.loadCertificateAndKey(caKeyStore, caKeyPassword, CORDA_ROOT_CA_PRIVATE_KEY);
        CACertAndKey loadCertificateAndKey2 = INSTANCE.loadCertificateAndKey(caKeyStore, caKeyPassword, CORDA_INTERMEDIATE_CA_PRIVATE_KEY);
        KeyPair generateECDSAKeyPairForSSL = generateECDSAKeyPairForSSL();
        InetAddress localHost = InetAddress.getLocalHost();
        PublicKey publicKey = generateECDSAKeyPairForSSL.getPublic();
        Intrinsics.checkExpressionValueIsNotNull(publicKey, "serverKey.public");
        X509Certificate createServerCert = createServerCert(commonName, publicKey, loadCertificateAndKey2, CollectionsKt.listOf(localHost.getHostName()), CollectionsKt.listOf(localHost.getHostAddress()));
        if (keyPassword == null) {
            throw new TypeCastException("null cannot be cast to non-null type java.lang.String");
        }
        char[] charArray = keyPassword.toCharArray();
        Intrinsics.checkExpressionValueIsNotNull(charArray, "(this as java.lang.String).toCharArray()");
        KeyStore loadOrCreateKeyStore = loadOrCreateKeyStore(keyStoreFilePath, storePassword);
        String str = CORDA_CLIENT_CA_PRIVATE_KEY;
        PrivateKey privateKey = generateECDSAKeyPairForSSL.getPrivate();
        Intrinsics.checkExpressionValueIsNotNull(privateKey, "serverKey.private");
        addOrReplaceKey(loadOrCreateKeyStore, str, privateKey, charArray, new Certificate[]{createServerCert, loadCertificateAndKey2.getCertificate(), loadCertificateAndKey.getCertificate()});
        addOrReplaceCertificate(loadOrCreateKeyStore, CORDA_CLIENT_CA, createServerCert);
        saveKeyStore(loadOrCreateKeyStore, keyStoreFilePath, storePassword);
        return loadOrCreateKeyStore;
    }

    private X509Utilities() {
        INSTANCE = this;
        SIGNATURE_ALGORITHM = SIGNATURE_ALGORITHM;
        KEY_GENERATION_ALGORITHM = KEY_GENERATION_ALGORITHM;
        ECDSA_CURVE = ECDSA_CURVE;
        KEYSTORE_TYPE = "JKS";
        CORDA_ROOT_CA_PRIVATE_KEY = CORDA_ROOT_CA_PRIVATE_KEY;
        CORDA_ROOT_CA = CORDA_ROOT_CA;
        CORDA_INTERMEDIATE_CA_PRIVATE_KEY = CORDA_INTERMEDIATE_CA_PRIVATE_KEY;
        CORDA_INTERMEDIATE_CA = CORDA_INTERMEDIATE_CA;
        CORDA_CLIENT_CA_PRIVATE_KEY = CORDA_CLIENT_CA_PRIVATE_KEY;
        CORDA_CLIENT_CA = CORDA_CLIENT_CA;
        Security.addProvider(new BouncyCastleProvider());
    }

    static {
        new X509Utilities();
    }
}
