package net.corda.core.crypto;

import java.io.ByteArrayInputStream;
import java.io.FileReader;
import java.io.FileWriter;
import java.nio.file.Path;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalAmount;
import java.util.ArrayList;
import java.util.Date;
import java.util.Set;
import kotlin.Deprecated;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.TypeCastException;
import kotlin.Unit;
import kotlin.collections.ArraysKt;
import kotlin.collections.CollectionsKt;
import kotlin.collections.SetsKt;
import kotlin.jvm.JvmOverloads;
import kotlin.jvm.JvmStatic;
import kotlin.jvm.internal.Intrinsics;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralSubtree;
import org.bouncycastle.asn1.x509.NameConstraints;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.util.io.pem.PemReader;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* compiled from: X509Utilities.kt */
@Metadata(mv = {1, 1, 6}, bv = {1, 0, 1}, k = 1, d1 = {"��\u009c\u0001\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\t\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0011\n��\n\u0002\u0010\u000b\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u000e\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\b\u0002\bÆ\u0002\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002JR\u0010\u0017\u001a\u00020\u00182\u0006\u0010\u0019\u001a\u00020\u001a2\u0006\u0010\u001b\u001a\u00020\u00182\u0006\u0010\u001c\u001a\u00020\u001d2\u0006\u0010\u001e\u001a\u00020\u001f2\u0006\u0010 \u001a\u00020!2\u0014\b\u0002\u0010\"\u001a\u000e\u0012\u0004\u0012\u00020\u0015\u0012\u0004\u0012\u00020\u00150\u00142\n\b\u0002\u0010#\u001a\u0004\u0018\u00010$H\u0007J/\u0010%\u001a\u00020&2\u0006\u0010'\u001a\u00020\u00182\u0012\u0010(\u001a\n\u0012\u0006\b\u0001\u0012\u00020\u00180)\"\u00020\u00182\u0006\u0010*\u001a\u00020+¢\u0006\u0002\u0010,J \u0010-\u001a\u00020.2\u0006\u0010\u001e\u001a\u00020\u001f2\u0006\u0010/\u001a\u00020\u001d2\b\b\u0002\u00100\u001a\u00020\u000eJH\u00101\u001a\u0002022\u0006\u00103\u001a\u0002042\u0006\u00105\u001a\u0002042\u0006\u00106\u001a\u00020\u00042\u0006\u00107\u001a\u00020\u00042\u0006\u00108\u001a\u0002092\u0006\u0010:\u001a\u00020\u00042\u0006\u0010;\u001a\u00020\u001f2\b\b\u0002\u00100\u001a\u00020\u000eJ.\u0010<\u001a\u00020\u00182\u0006\u0010\u001e\u001a\u00020\u001f2\u0006\u0010/\u001a\u00020\u001d2\u0014\b\u0002\u0010\"\u001a\u000e\u0012\u0004\u0012\u00020\u0015\u0012\u0004\u0012\u00020\u00150\u0014H\u0007J.\u0010=\u001a\u000e\u0012\u0004\u0012\u00020>\u0012\u0004\u0012\u00020>0\u00142\u0006\u0010?\u001a\u00020\u00152\u0006\u0010@\u001a\u00020\u00152\n\b\u0002\u0010A\u001a\u0004\u0018\u00010\u0018J\u0010\u0010B\u001a\u00020\u001f2\u0006\u0010C\u001a\u00020\u0004H\u0007J,\u0010D\u001a\u00020\u001f2\u0006\u0010E\u001a\u00020\u00042\u0006\u0010F\u001a\u00020\u00042\u0006\u0010G\u001a\u00020\u00042\n\b\u0002\u0010H\u001a\u0004\u0018\u00010\u0004H\u0007J\u0010\u0010I\u001a\u00020\u00182\u0006\u0010J\u001a\u000204H\u0007J\u001a\u0010K\u001a\u00020>2\u0006\u0010L\u001a\u00020M2\b\u0010N\u001a\u0004\u0018\u00010>H\u0002J\u001a\u0010O\u001a\u00020>2\u0006\u0010L\u001a\u00020M2\b\u0010N\u001a\u0004\u0018\u00010>H\u0002J\u0018\u0010P\u001a\u0002022\u0006\u0010Q\u001a\u00020\u00182\u0006\u0010J\u001a\u000204H\u0007J'\u0010R\u001a\u0002022\u0006\u0010'\u001a\u00020\u00182\u0012\u0010(\u001a\n\u0012\u0006\b\u0001\u0012\u00020S0)\"\u00020S¢\u0006\u0002\u0010TR\u0014\u0010\u0003\u001a\u00020\u0004X\u0086D¢\u0006\b\n��\u001a\u0004\b\u0005\u0010\u0006R\u0014\u0010\u0007\u001a\u00020\u0004X\u0086D¢\u0006\b\n��\u001a\u0004\b\b\u0010\u0006R\u0014\u0010\t\u001a\u00020\u0004X\u0086D¢\u0006\b\n��\u001a\u0004\b\n\u0010\u0006R\u0014\u0010\u000b\u001a\u00020\u0004X\u0086D¢\u0006\b\n��\u001a\u0004\b\f\u0010\u0006R\u0011\u0010\r\u001a\u00020\u000e¢\u0006\b\n��\u001a\u0004\b\u000f\u0010\u0010R\u0011\u0010\u0011\u001a\u00020\u000e¢\u0006\b\n��\u001a\u0004\b\u0012\u0010\u0010R*\u0010\u0013\u001a\u001e\u0012\f\u0012\n \u0016*\u0004\u0018\u00010\u00150\u0015\u0012\f\u0012\n \u0016*\u0004\u0018\u00010\u00150\u00150\u0014X\u0082\u0004¢\u0006\u0002\n��¨\u0006U"}, d2 = {"Lnet/corda/core/crypto/X509Utilities;", "", "()V", "CORDA_CLIENT_CA", "", "getCORDA_CLIENT_CA", "()Ljava/lang/String;", "CORDA_CLIENT_TLS", "getCORDA_CLIENT_TLS", "CORDA_INTERMEDIATE_CA", "getCORDA_INTERMEDIATE_CA", "CORDA_ROOT_CA", "getCORDA_ROOT_CA", "DEFAULT_IDENTITY_SIGNATURE_SCHEME", "Lnet/corda/core/crypto/SignatureScheme;", "getDEFAULT_IDENTITY_SIGNATURE_SCHEME", "()Lnet/corda/core/crypto/SignatureScheme;", "DEFAULT_TLS_SIGNATURE_SCHEME", "getDEFAULT_TLS_SIGNATURE_SCHEME", "DEFAULT_VALIDITY_WINDOW", "Lkotlin/Pair;", "Ljava/time/Duration;", "kotlin.jvm.PlatformType", "createCertificate", "Lorg/bouncycastle/cert/X509CertificateHolder;", "certificateType", "Lnet/corda/core/crypto/CertificateType;", "issuerCertificate", "issuerKeyPair", "Ljava/security/KeyPair;", "subject", "Lorg/bouncycastle/asn1/x500/X500Name;", "subjectPublicKey", "Ljava/security/PublicKey;", "validityWindow", "nameConstraints", "Lorg/bouncycastle/asn1/x509/NameConstraints;", "createCertificatePath", "Ljava/security/cert/CertPath;", "trustedRoot", "certificates", "", "revocationEnabled", "", "(Lorg/bouncycastle/cert/X509CertificateHolder;[Lorg/bouncycastle/cert/X509CertificateHolder;Z)Ljava/security/cert/CertPath;", "createCertificateSigningRequest", "Lorg/bouncycastle/pkcs/PKCS10CertificationRequest;", "keyPair", "signatureScheme", "createKeystoreForCordaNode", "", "sslKeyStorePath", "Ljava/nio/file/Path;", "clientCAKeystorePath", "storePassword", "keyPassword", "caKeyStore", "Ljava/security/KeyStore;", "caKeyPassword", "legalName", "createSelfSignedCACertificate", "getCertificateValidityWindow", "Ljava/util/Date;", "before", "after", "parent", "getDevX509Name", "commonName", "getX509Name", "myLegalName", "nearestCity", "email", "country", "loadCertificateFromPEMFile", "filename", "max", "first", "Ljava/time/Instant;", "second", "min", "saveCertificateAsPEMFile", "x509Certificate", "validateCertificateChain", "Ljava/security/cert/Certificate;", "(Lorg/bouncycastle/cert/X509CertificateHolder;[Ljava/security/cert/Certificate;)V", "core_main"})
/* loaded from: input_file:core-0.12.1.jar:net/corda/core/crypto/X509Utilities.class */
public final class X509Utilities {

    @NotNull
    private static final SignatureScheme DEFAULT_IDENTITY_SIGNATURE_SCHEME = null;

    @NotNull
    private static final SignatureScheme DEFAULT_TLS_SIGNATURE_SCHEME = null;

    @NotNull
    private static final String CORDA_ROOT_CA = "cordarootca";

    @NotNull
    private static final String CORDA_INTERMEDIATE_CA = "cordaintermediateca";

    @NotNull
    private static final String CORDA_CLIENT_TLS = "cordaclienttls";

    @NotNull
    private static final String CORDA_CLIENT_CA = "cordaclientca";
    private static final Pair<Duration, Duration> DEFAULT_VALIDITY_WINDOW = null;
    public static final X509Utilities INSTANCE = null;

    @NotNull
    public final SignatureScheme getDEFAULT_IDENTITY_SIGNATURE_SCHEME() {
        return DEFAULT_IDENTITY_SIGNATURE_SCHEME;
    }

    @NotNull
    public final SignatureScheme getDEFAULT_TLS_SIGNATURE_SCHEME() {
        return DEFAULT_TLS_SIGNATURE_SCHEME;
    }

    @NotNull
    public final String getCORDA_ROOT_CA() {
        return CORDA_ROOT_CA;
    }

    @NotNull
    public final String getCORDA_INTERMEDIATE_CA() {
        return CORDA_INTERMEDIATE_CA;
    }

    @NotNull
    public final String getCORDA_CLIENT_TLS() {
        return CORDA_CLIENT_TLS;
    }

    @NotNull
    public final String getCORDA_CLIENT_CA() {
        return CORDA_CLIENT_CA;
    }

    private final Date max(Instant instant, Date date) {
        return (date == null || date.getTime() <= instant.toEpochMilli()) ? new Date(instant.toEpochMilli()) : date;
    }

    private final Date min(Instant instant, Date date) {
        return (date == null || date.getTime() >= instant.toEpochMilli()) ? new Date(instant.toEpochMilli()) : date;
    }

    @NotNull
    public final Pair<Date, Date> getCertificateValidityWindow(@NotNull Duration before, @NotNull Duration after, @Nullable X509CertificateHolder x509CertificateHolder) {
        Intrinsics.checkParameterIsNotNull(before, "before");
        Intrinsics.checkParameterIsNotNull(after, "after");
        Instant truncatedTo = Instant.now().truncatedTo(ChronoUnit.DAYS);
        Instant minus = truncatedTo.minus((TemporalAmount) before);
        Intrinsics.checkExpressionValueIsNotNull(minus, "startOfDayUTC - before");
        Date max = max(minus, x509CertificateHolder != null ? x509CertificateHolder.getNotBefore() : null);
        Instant plus = truncatedTo.plus((TemporalAmount) after);
        Intrinsics.checkExpressionValueIsNotNull(plus, "startOfDayUTC + after");
        return new Pair<>(max, min(plus, x509CertificateHolder != null ? x509CertificateHolder.getNotAfter() : null));
    }

    @NotNull
    public static /* bridge */ /* synthetic */ Pair getCertificateValidityWindow$default(X509Utilities x509Utilities, Duration duration, Duration duration2, X509CertificateHolder x509CertificateHolder, int i, Object obj) {
        if ((i & 4) != 0) {
            x509CertificateHolder = (X509CertificateHolder) null;
        }
        return x509Utilities.getCertificateValidityWindow(duration, duration2, x509CertificateHolder);
    }

    @Deprecated(message = "Full legal names should be specified in all configurations")
    @NotNull
    public final X500Name getDevX509Name(@NotNull String commonName) {
        Intrinsics.checkParameterIsNotNull(commonName, "commonName");
        X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
        x500NameBuilder.addRDN(BCStyle.CN, commonName);
        x500NameBuilder.addRDN(BCStyle.O, "R3");
        x500NameBuilder.addRDN(BCStyle.OU, "corda");
        x500NameBuilder.addRDN(BCStyle.L, "London");
        x500NameBuilder.addRDN(BCStyle.C, "UK");
        X500Name build = x500NameBuilder.build();
        Intrinsics.checkExpressionValueIsNotNull(build, "nameBuilder.build()");
        return build;
    }

    @JvmStatic
    @JvmOverloads
    @NotNull
    public static final X500Name getX509Name(@NotNull String myLegalName, @NotNull String nearestCity, @NotNull String email, @Nullable String str) {
        Intrinsics.checkParameterIsNotNull(myLegalName, "myLegalName");
        Intrinsics.checkParameterIsNotNull(nearestCity, "nearestCity");
        Intrinsics.checkParameterIsNotNull(email, "email");
        X500NameBuilder x500NameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
        x500NameBuilder.addRDN(BCStyle.CN, myLegalName);
        x500NameBuilder.addRDN(BCStyle.L, nearestCity);
        if (str != null) {
            x500NameBuilder.addRDN(BCStyle.C, str);
        }
        x500NameBuilder.addRDN(BCStyle.E, email);
        X500Name build = x500NameBuilder.build();
        Intrinsics.checkExpressionValueIsNotNull(build, "builder.build()");
        Intrinsics.checkExpressionValueIsNotNull(build, "X500NameBuilder(BCStyle.…builder.build()\n        }");
        return build;
    }

    @JvmStatic
    @JvmOverloads
    @NotNull
    public static /* bridge */ /* synthetic */ X500Name getX509Name$default(String str, String str2, String str3, String str4, int i, Object obj) {
        if ((i & 8) != 0) {
            str4 = (String) null;
        }
        return getX509Name(str, str2, str3, str4);
    }

    @JvmStatic
    @JvmOverloads
    @NotNull
    public static final X500Name getX509Name(@NotNull String str, @NotNull String str2, @NotNull String str3) {
        return getX509Name$default(str, str2, str3, null, 8, null);
    }

    @JvmStatic
    @NotNull
    public static final X509CertificateHolder createSelfSignedCACertificate(@NotNull X500Name subject, @NotNull KeyPair keyPair, @NotNull Pair<Duration, Duration> validityWindow) {
        Intrinsics.checkParameterIsNotNull(subject, "subject");
        Intrinsics.checkParameterIsNotNull(keyPair, "keyPair");
        Intrinsics.checkParameterIsNotNull(validityWindow, "validityWindow");
        Pair certificateValidityWindow$default = getCertificateValidityWindow$default(INSTANCE, validityWindow.getFirst(), validityWindow.getSecond(), null, 4, null);
        Crypto crypto = Crypto.INSTANCE;
        CertificateType certificateType = CertificateType.ROOT_CA;
        PublicKey publicKey = keyPair.getPublic();
        Intrinsics.checkExpressionValueIsNotNull(publicKey, "keyPair.public");
        return Crypto.createCertificate$default(crypto, certificateType, subject, keyPair, subject, publicKey, certificateValidityWindow$default, (NameConstraints) null, 64, (Object) null);
    }

    @JvmStatic
    @NotNull
    public static /* bridge */ /* synthetic */ X509CertificateHolder createSelfSignedCACertificate$default(X500Name x500Name, KeyPair keyPair, Pair pair, int i, Object obj) {
        if ((i & 4) != 0) {
            pair = DEFAULT_VALIDITY_WINDOW;
        }
        return createSelfSignedCACertificate(x500Name, keyPair, pair);
    }

    @JvmStatic
    @NotNull
    public static final X509CertificateHolder createCertificate(@NotNull CertificateType certificateType, @NotNull X509CertificateHolder issuerCertificate, @NotNull KeyPair issuerKeyPair, @NotNull X500Name subject, @NotNull PublicKey subjectPublicKey, @NotNull Pair<Duration, Duration> validityWindow, @Nullable NameConstraints nameConstraints) {
        Intrinsics.checkParameterIsNotNull(certificateType, "certificateType");
        Intrinsics.checkParameterIsNotNull(issuerCertificate, "issuerCertificate");
        Intrinsics.checkParameterIsNotNull(issuerKeyPair, "issuerKeyPair");
        Intrinsics.checkParameterIsNotNull(subject, "subject");
        Intrinsics.checkParameterIsNotNull(subjectPublicKey, "subjectPublicKey");
        Intrinsics.checkParameterIsNotNull(validityWindow, "validityWindow");
        Pair<Date, Date> certificateValidityWindow = INSTANCE.getCertificateValidityWindow(validityWindow.getFirst(), validityWindow.getSecond(), issuerCertificate);
        Crypto crypto = Crypto.INSTANCE;
        X500Name subject2 = issuerCertificate.getSubject();
        Intrinsics.checkExpressionValueIsNotNull(subject2, "issuerCertificate.subject");
        return crypto.createCertificate(certificateType, subject2, issuerKeyPair, subject, subjectPublicKey, certificateValidityWindow, nameConstraints);
    }

    @JvmStatic
    @NotNull
    public static /* bridge */ /* synthetic */ X509CertificateHolder createCertificate$default(CertificateType certificateType, X509CertificateHolder x509CertificateHolder, KeyPair keyPair, X500Name x500Name, PublicKey publicKey, Pair pair, NameConstraints nameConstraints, int i, Object obj) {
        if ((i & 32) != 0) {
            pair = DEFAULT_VALIDITY_WINDOW;
        }
        if ((i & 64) != 0) {
            nameConstraints = (NameConstraints) null;
        }
        return createCertificate(certificateType, x509CertificateHolder, keyPair, x500Name, publicKey, pair, nameConstraints);
    }

    @NotNull
    public final CertPath createCertificatePath(@NotNull X509CertificateHolder trustedRoot, @NotNull X509CertificateHolder[] certificates, boolean z) {
        Intrinsics.checkParameterIsNotNull(trustedRoot, "trustedRoot");
        Intrinsics.checkParameterIsNotNull(certificates, "certificates");
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
        Certificate generateCertificate = certificateFactory.generateCertificate(new ByteArrayInputStream(trustedRoot.getEncoded()));
        if (generateCertificate == null) {
            throw new TypeCastException("null cannot be cast to non-null type java.security.cert.X509Certificate");
        }
        new PKIXParameters((Set<TrustAnchor>) SetsKt.setOf(new TrustAnchor((X509Certificate) generateCertificate, null))).setRevocationEnabled(z);
        X509CertificateHolder[] x509CertificateHolderArr = certificates;
        ArrayList arrayList = new ArrayList(x509CertificateHolderArr.length);
        for (X509CertificateHolder x509CertificateHolder : x509CertificateHolderArr) {
            arrayList.add(certificateFactory.generateCertificate(new ByteArrayInputStream(x509CertificateHolder.getEncoded())));
        }
        CertPath generateCertPath = certificateFactory.generateCertPath(CollectionsKt.toList(arrayList));
        Intrinsics.checkExpressionValueIsNotNull(generateCertPath, "certFactory.generateCert…(it.encoded)) }.toList())");
        return generateCertPath;
    }

    public final void validateCertificateChain(@NotNull X509CertificateHolder trustedRoot, @NotNull Certificate... certificates) {
        Intrinsics.checkParameterIsNotNull(trustedRoot, "trustedRoot");
        Intrinsics.checkParameterIsNotNull(certificates, "certificates");
        if (!(!(certificates.length == 0))) {
            throw new IllegalArgumentException("Certificate path must contain at least one certificate".toString());
        }
        JcaX509CertificateConverter jcaX509CertificateConverter = new JcaX509CertificateConverter();
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
        PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) SetsKt.setOf(new TrustAnchor(jcaX509CertificateConverter.getCertificate(trustedRoot), null)));
        pKIXParameters.setRevocationEnabled(false);
        CertPathValidator.getInstance("PKIX").validate(certificateFactory.generateCertPath(ArraysKt.toList(certificates)), pKIXParameters);
    }

    @JvmStatic
    public static final void saveCertificateAsPEMFile(@NotNull X509CertificateHolder x509Certificate, @NotNull Path filename) {
        Intrinsics.checkParameterIsNotNull(x509Certificate, "x509Certificate");
        Intrinsics.checkParameterIsNotNull(filename, "filename");
        FileWriter fileWriter = new FileWriter(filename.toFile());
        try {
            try {
                JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(fileWriter);
                boolean z = false;
                try {
                    try {
                        jcaPEMWriter.writeObject(x509Certificate);
                        Unit unit = Unit.INSTANCE;
                        if (0 == 0) {
                            jcaPEMWriter.close();
                        }
                        Unit unit2 = Unit.INSTANCE;
                        if (0 == 0) {
                            fileWriter.close();
                        }
                    } catch (Exception e) {
                        z = true;
                        try {
                            jcaPEMWriter.close();
                        } catch (Exception e2) {
                        }
                        throw e;
                    }
                } catch (Throwable th) {
                    if (!z) {
                        jcaPEMWriter.close();
                    }
                    throw th;
                }
            } catch (Exception e3) {
                try {
                    fileWriter.close();
                } catch (Exception e4) {
                }
                throw e3;
            }
        } catch (Throwable th2) {
            if (0 == 0) {
                fileWriter.close();
            }
            throw th2;
        }
    }

    @JvmStatic
    @NotNull
    public static final X509CertificateHolder loadCertificateFromPEMFile(@NotNull Path filename) {
        Intrinsics.checkParameterIsNotNull(filename, "filename");
        X509CertificateHolder x509CertificateHolder = new X509CertificateHolder(new PemReader(new FileReader(filename.toFile())).readPemObject().getContent());
        x509CertificateHolder.isValidOn(new Date());
        return x509CertificateHolder;
    }

    public final void createKeystoreForCordaNode(@NotNull Path sslKeyStorePath, @NotNull Path clientCAKeystorePath, @NotNull String storePassword, @NotNull String keyPassword, @NotNull KeyStore caKeyStore, @NotNull String caKeyPassword, @NotNull X500Name legalName, @NotNull SignatureScheme signatureScheme) {
        Intrinsics.checkParameterIsNotNull(sslKeyStorePath, "sslKeyStorePath");
        Intrinsics.checkParameterIsNotNull(clientCAKeystorePath, "clientCAKeystorePath");
        Intrinsics.checkParameterIsNotNull(storePassword, "storePassword");
        Intrinsics.checkParameterIsNotNull(keyPassword, "keyPassword");
        Intrinsics.checkParameterIsNotNull(caKeyStore, "caKeyStore");
        Intrinsics.checkParameterIsNotNull(caKeyPassword, "caKeyPassword");
        Intrinsics.checkParameterIsNotNull(legalName, "legalName");
        Intrinsics.checkParameterIsNotNull(signatureScheme, "signatureScheme");
        X509CertificateHolder x509Certificate = KeyStoreUtilitiesKt.getX509Certificate(caKeyStore, CORDA_ROOT_CA);
        CertificateAndKeyPair certificateAndKeyPair = KeyStoreUtilitiesKt.getCertificateAndKeyPair(caKeyStore, CORDA_INTERMEDIATE_CA, caKeyPassword);
        X509CertificateHolder component1 = certificateAndKeyPair.component1();
        KeyPair component2 = certificateAndKeyPair.component2();
        Crypto crypto = Crypto.INSTANCE;
        Crypto crypto2 = Crypto.INSTANCE;
        KeyPair generateKeyPair = crypto.generateKeyPair(signatureScheme);
        NameConstraints nameConstraints = new NameConstraints(new GeneralSubtree[]{new GeneralSubtree(new GeneralName(4, legalName))}, new GeneralSubtree[0]);
        CertificateType certificateType = CertificateType.INTERMEDIATE_CA;
        PublicKey publicKey = generateKeyPair.getPublic();
        Intrinsics.checkExpressionValueIsNotNull(publicKey, "clientKey.public");
        X509CertificateHolder createCertificate$default = createCertificate$default(certificateType, component1, component2, legalName, publicKey, null, nameConstraints, 32, null);
        Crypto crypto3 = Crypto.INSTANCE;
        Crypto crypto4 = Crypto.INSTANCE;
        KeyPair generateKeyPair2 = crypto3.generateKeyPair(signatureScheme);
        CertificateType certificateType2 = CertificateType.TLS;
        PublicKey publicKey2 = generateKeyPair2.getPublic();
        Intrinsics.checkExpressionValueIsNotNull(publicKey2, "tlsKey.public");
        X509CertificateHolder createCertificate$default2 = createCertificate$default(certificateType2, createCertificate$default, generateKeyPair, legalName, publicKey2, null, null, 96, null);
        char[] charArray = keyPassword.toCharArray();
        Intrinsics.checkExpressionValueIsNotNull(charArray, "(this as java.lang.String).toCharArray()");
        KeyStore loadOrCreateKeyStore = KeyStoreUtilities.INSTANCE.loadOrCreateKeyStore(clientCAKeystorePath, storePassword);
        String str = CORDA_CLIENT_CA;
        PrivateKey privateKey = generateKeyPair.getPrivate();
        Intrinsics.checkExpressionValueIsNotNull(privateKey, "clientKey.private");
        KeyStoreUtilitiesKt.addOrReplaceKey(loadOrCreateKeyStore, str, privateKey, charArray, new org.bouncycastle.cert.path.CertPath(new X509CertificateHolder[]{createCertificate$default, component1, x509Certificate}));
        KeyStoreUtilitiesKt.save(loadOrCreateKeyStore, clientCAKeystorePath, storePassword);
        KeyStore loadOrCreateKeyStore2 = KeyStoreUtilities.INSTANCE.loadOrCreateKeyStore(sslKeyStorePath, storePassword);
        String str2 = CORDA_CLIENT_TLS;
        PrivateKey privateKey2 = generateKeyPair2.getPrivate();
        Intrinsics.checkExpressionValueIsNotNull(privateKey2, "tlsKey.private");
        KeyStoreUtilitiesKt.addOrReplaceKey(loadOrCreateKeyStore2, str2, privateKey2, charArray, new org.bouncycastle.cert.path.CertPath(new X509CertificateHolder[]{createCertificate$default2, createCertificate$default, component1, x509Certificate}));
        KeyStoreUtilitiesKt.save(loadOrCreateKeyStore2, sslKeyStorePath, storePassword);
    }

    public static /* bridge */ /* synthetic */ void createKeystoreForCordaNode$default(X509Utilities x509Utilities, Path path, Path path2, String str, String str2, KeyStore keyStore, String str3, X500Name x500Name, SignatureScheme signatureScheme, int i, Object obj) {
        if ((i & 128) != 0) {
            signatureScheme = DEFAULT_TLS_SIGNATURE_SCHEME;
        }
        x509Utilities.createKeystoreForCordaNode(path, path2, str, str2, keyStore, str3, x500Name, signatureScheme);
    }

    @NotNull
    public final PKCS10CertificationRequest createCertificateSigningRequest(@NotNull X500Name subject, @NotNull KeyPair keyPair, @NotNull SignatureScheme signatureScheme) {
        Intrinsics.checkParameterIsNotNull(subject, "subject");
        Intrinsics.checkParameterIsNotNull(keyPair, "keyPair");
        Intrinsics.checkParameterIsNotNull(signatureScheme, "signatureScheme");
        return Crypto.INSTANCE.createCertificateSigningRequest(subject, keyPair, signatureScheme);
    }

    @NotNull
    public static /* bridge */ /* synthetic */ PKCS10CertificationRequest createCertificateSigningRequest$default(X509Utilities x509Utilities, X500Name x500Name, KeyPair keyPair, SignatureScheme signatureScheme, int i, Object obj) {
        if ((i & 4) != 0) {
            signatureScheme = DEFAULT_TLS_SIGNATURE_SCHEME;
        }
        return x509Utilities.createCertificateSigningRequest(x500Name, keyPair, signatureScheme);
    }

    private X509Utilities() {
        INSTANCE = this;
        DEFAULT_IDENTITY_SIGNATURE_SCHEME = Crypto.INSTANCE.getEDDSA_ED25519_SHA512();
        DEFAULT_TLS_SIGNATURE_SCHEME = Crypto.INSTANCE.getECDSA_SECP256R1_SHA256();
        CORDA_ROOT_CA = CORDA_ROOT_CA;
        CORDA_INTERMEDIATE_CA = CORDA_INTERMEDIATE_CA;
        CORDA_CLIENT_TLS = CORDA_CLIENT_TLS;
        CORDA_CLIENT_CA = CORDA_CLIENT_CA;
        DEFAULT_VALIDITY_WINDOW = new Pair<>(Duration.ofMillis(0L), Duration.ofDays(3650L));
    }

    static {
        new X509Utilities();
    }
}
