package net.corda.node.services.identity;

import java.io.ByteArrayInputStream;
import java.io.Serializable;
import java.security.InvalidAlgorithmParameterException;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.NoSuchElementException;
import java.util.Set;
import javax.annotation.concurrent.ThreadSafe;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.Id;
import javax.persistence.Lob;
import javax.persistence.Table;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.collections.ArraysKt;
import kotlin.collections.CollectionsKt;
import kotlin.collections.SetsKt;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.functions.Function2;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.ranges.RangesKt;
import kotlin.sequences.SequencesKt;
import kotlin.text.StringsKt;
import net.corda.core.contracts.PartyAndReference;
import net.corda.core.crypto.CryptoUtils;
import net.corda.core.crypto.SecureHash;
import net.corda.core.identity.AbstractParty;
import net.corda.core.identity.AnonymousParty;
import net.corda.core.identity.CordaX500Name;
import net.corda.core.identity.Party;
import net.corda.core.identity.PartyAndCertificate;
import net.corda.core.internal.CertRole;
import net.corda.core.node.services.UnknownAnonymousPartyException;
import net.corda.core.serialization.SingletonSerializeAsToken;
import net.corda.core.utilities.KotlinUtilsKt;
import net.corda.node.services.api.IdentityServiceInternal;
import net.corda.node.services.identity.PersistentIdentityService;
import net.corda.node.utilities.AppendOnlyPersistentMap;
import net.corda.node.utilities.AppendOnlyPersistentMapBase;
import net.corda.nodeapi.internal.crypto.X509CertificateFactory;
import net.corda.nodeapi.internal.crypto.X509Utilities;
import net.corda.nodeapi.internal.crypto.X509UtilitiesKt;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.slf4j.Logger;

/* compiled from: PersistentIdentityService.kt */
@ThreadSafe
@Metadata(mv = {1, 1, 8}, bv = {1, 0, 2}, k = 1, d1 = {"��\u008e\u0001\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u0011\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0010\u000e\n��\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0010\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n��\n\u0002\u0010\u001c\n\u0002\b\u0004\n\u0002\u0010\"\n\u0002\b\u0002\n\u0002\u0010\u000b\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0005\b\u0007\u0018�� :2\u00020\u00012\u00020\u0002:\u0003:;<B!\u0012\u0006\u0010\u0003\u001a\u00020\u0004\u0012\u0012\u0010\u0005\u001a\n\u0012\u0006\b\u0001\u0012\u00020\u00040\u0006\"\u00020\u0004¢\u0006\u0002\u0010\u0007J\u0018\u0010\u001b\u001a\u00020\u001c2\u0006\u0010\u001d\u001a\u00020\u001e2\u0006\u0010\u001f\u001a\u00020 H\u0017J\u0012\u0010!\u001a\u0004\u0018\u00010\u000f2\u0006\u0010\"\u001a\u00020\u0013H\u0002J\u0012\u0010#\u001a\u0004\u0018\u00010\u000f2\u0006\u0010$\u001a\u00020%H\u0016J\u000e\u0010&\u001a\b\u0012\u0004\u0012\u00020\u000f0'H\u0016J&\u0010(\u001a\u00020\u001c2\u000e\b\u0002\u0010)\u001a\b\u0012\u0004\u0012\u00020\u000f0'2\u000e\b\u0002\u0010*\u001a\b\u0012\u0004\u0012\u00020\u000f0'J\u001e\u0010+\u001a\b\u0012\u0004\u0012\u00020\u001e0,2\u0006\u0010-\u001a\u00020\u00112\u0006\u0010.\u001a\u00020/H\u0016J\u0012\u00100\u001a\u0004\u0018\u00010\u001e2\u0006\u00101\u001a\u00020%H\u0016J\u0010\u00102\u001a\u00020\u001e2\u0006\u0010\u001d\u001a\u000203H\u0016J\u0012\u00104\u001a\u0004\u0018\u00010\u000f2\u0006\u00105\u001a\u00020\u000fH\u0017J\u0012\u00106\u001a\u0004\u0018\u00010\u001e2\u0006\u00107\u001a\u000208H\u0016J\u0012\u00106\u001a\u0004\u0018\u00010\u001e2\u0006\u0010\u001d\u001a\u000203H\u0016J\u0012\u00109\u001a\u0004\u0018\u00010\u001e2\u0006\u0010\"\u001a\u00020\u0013H\u0016R\u0014\u0010\b\u001a\u00020\tX\u0096\u0004¢\u0006\b\n��\u001a\u0004\b\n\u0010\u000bR&\u0010\f\u001a\u001a\u0012\u0004\u0012\u00020\u000e\u0012\u0004\u0012\u00020\u000f\u0012\u0004\u0012\u00020\u0010\u0012\u0004\u0012\u00020\u00110\rX\u0082\u0004¢\u0006\u0002\n��R&\u0010\u0012\u001a\u001a\u0012\u0004\u0012\u00020\u0013\u0012\u0004\u0012\u00020\u000e\u0012\u0004\u0012\u00020\u0014\u0012\u0004\u0012\u00020\u00110\rX\u0082\u0004¢\u0006\u0002\n��R\u0014\u0010\u0015\u001a\u00020\u0016X\u0096\u0004¢\u0006\b\n��\u001a\u0004\b\u0017\u0010\u0018R\u0014\u0010\u0003\u001a\u00020\u0004X\u0096\u0004¢\u0006\b\n��\u001a\u0004\b\u0019\u0010\u001a¨\u0006="}, d2 = {"Lnet/corda/node/services/identity/PersistentIdentityService;", "Lnet/corda/core/serialization/SingletonSerializeAsToken;", "Lnet/corda/node/services/api/IdentityServiceInternal;", "trustRoot", "Ljava/security/cert/X509Certificate;", "caCertificates", "", "(Ljava/security/cert/X509Certificate;[Ljava/security/cert/X509Certificate;)V", "caCertStore", "Ljava/security/cert/CertStore;", "getCaCertStore", "()Ljava/security/cert/CertStore;", "keyToParties", "Lnet/corda/node/utilities/AppendOnlyPersistentMap;", "Lnet/corda/core/crypto/SecureHash;", "Lnet/corda/core/identity/PartyAndCertificate;", "Lnet/corda/node/services/identity/PersistentIdentityService$PersistentIdentity;", "", "principalToParties", "Lnet/corda/core/identity/CordaX500Name;", "Lnet/corda/node/services/identity/PersistentIdentityService$PersistentIdentityNames;", "trustAnchor", "Ljava/security/cert/TrustAnchor;", "getTrustAnchor", "()Ljava/security/cert/TrustAnchor;", "getTrustRoot", "()Ljava/security/cert/X509Certificate;", "assertOwnership", "", "party", "Lnet/corda/core/identity/Party;", "anonymousParty", "Lnet/corda/core/identity/AnonymousParty;", "certificateFromCordaX500Name", "name", "certificateFromKey", "owningKey", "Ljava/security/PublicKey;", "getAllIdentities", "", "loadIdentities", "identities", "confidentialIdentities", "partiesFromName", "", "query", "exactMatch", "", "partyFromKey", "key", "requireWellKnownPartyFromAnonymous", "Lnet/corda/core/identity/AbstractParty;", "verifyAndRegisterIdentity", "identity", "wellKnownPartyFromAnonymous", "partyRef", "Lnet/corda/core/contracts/PartyAndReference;", "wellKnownPartyFromX500Name", "Companion", "PersistentIdentity", "PersistentIdentityNames", "node"})
/* loaded from: input_file:net/corda/node/services/identity/PersistentIdentityService.class */
public final class PersistentIdentityService extends SingletonSerializeAsToken implements IdentityServiceInternal {

    @NotNull
    private final CertStore caCertStore;

    @NotNull
    private final TrustAnchor trustAnchor;
    private final AppendOnlyPersistentMap<SecureHash, PartyAndCertificate, PersistentIdentity, String> keyToParties;
    private final AppendOnlyPersistentMap<CordaX500Name, SecureHash, PersistentIdentityNames, String> principalToParties;

    @NotNull
    private final X509Certificate trustRoot;
    public static final Companion Companion = new Companion(null);
    private static final Logger log = KotlinUtilsKt.contextLogger(Companion);

    /* compiled from: PersistentIdentityService.kt */
    @Metadata(mv = {1, 1, 8}, bv = {1, 0, 2}, k = 1, d1 = {"��B\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0010\u000e\n��\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\b\u0086\u0003\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\u001e\u0010\u0007\u001a\u001a\u0012\u0004\u0012\u00020\t\u0012\u0004\u0012\u00020\n\u0012\u0004\u0012\u00020\u000b\u0012\u0004\u0012\u00020\f0\bJ\u001e\u0010\r\u001a\u001a\u0012\u0004\u0012\u00020\u000e\u0012\u0004\u0012\u00020\t\u0012\u0004\u0012\u00020\u000f\u0012\u0004\u0012\u00020\f0\bJ\u0010\u0010\u0010\u001a\u00020\u00112\u0006\u0010\u0012\u001a\u00020\u0013H\u0002J\u0010\u0010\u0010\u001a\u00020\u00112\u0006\u0010\u0014\u001a\u00020\nH\u0002R\u0014\u0010\u0003\u001a\u00020\u0004X\u0082\u0004¢\u0006\b\n��\u001a\u0004\b\u0005\u0010\u0006¨\u0006\u0015"}, d2 = {"Lnet/corda/node/services/identity/PersistentIdentityService$Companion;", "", "()V", "log", "Lorg/slf4j/Logger;", "getLog", "()Lorg/slf4j/Logger;", "createPKMap", "Lnet/corda/node/utilities/AppendOnlyPersistentMap;", "Lnet/corda/core/crypto/SecureHash;", "Lnet/corda/core/identity/PartyAndCertificate;", "Lnet/corda/node/services/identity/PersistentIdentityService$PersistentIdentity;", "", "createX500Map", "Lnet/corda/core/identity/CordaX500Name;", "Lnet/corda/node/services/identity/PersistentIdentityService$PersistentIdentityNames;", "mapToKey", "Lnet/corda/core/crypto/SecureHash$SHA256;", "owningKey", "Ljava/security/PublicKey;", "party", "node"})
    /* loaded from: input_file:net/corda/node/services/identity/PersistentIdentityService$Companion.class */
    public static final class Companion {
        /* JADX INFO: Access modifiers changed from: private */
        public final Logger getLog() {
            return PersistentIdentityService.log;
        }

        @NotNull
        public final AppendOnlyPersistentMap<SecureHash, PartyAndCertificate, PersistentIdentity, String> createPKMap() {
            return new AppendOnlyPersistentMap<>(new Function1<SecureHash, String>() { // from class: net.corda.node.services.identity.PersistentIdentityService$Companion$createPKMap$1
                @NotNull
                public final String invoke(@NotNull SecureHash secureHash) {
                    Intrinsics.checkParameterIsNotNull(secureHash, "it");
                    return secureHash.toString();
                }
            }, new Function1<PersistentIdentity, Pair<? extends SecureHash.SHA256, ? extends PartyAndCertificate>>() { // from class: net.corda.node.services.identity.PersistentIdentityService$Companion$createPKMap$2
                @NotNull
                public final Pair<SecureHash.SHA256, PartyAndCertificate> invoke(@NotNull PersistentIdentityService.PersistentIdentity persistentIdentity) {
                    Intrinsics.checkParameterIsNotNull(persistentIdentity, "it");
                    SecureHash.SHA256 parse = SecureHash.Companion.parse(persistentIdentity.getPublicKeyHash());
                    CertPath generateCertPath = new X509CertificateFactory().getDelegate().generateCertPath(new ByteArrayInputStream(persistentIdentity.getIdentity()));
                    Intrinsics.checkExpressionValueIsNotNull(generateCertPath, "X509CertificateFactory()…t.identity.inputStream())");
                    return new Pair<>(parse, new PartyAndCertificate(generateCertPath));
                }
            }, new Function2<SecureHash, PartyAndCertificate, PersistentIdentity>() { // from class: net.corda.node.services.identity.PersistentIdentityService$Companion$createPKMap$3
                @NotNull
                public final PersistentIdentityService.PersistentIdentity invoke(@NotNull SecureHash secureHash, @NotNull PartyAndCertificate partyAndCertificate) {
                    Intrinsics.checkParameterIsNotNull(secureHash, "key");
                    Intrinsics.checkParameterIsNotNull(partyAndCertificate, "value");
                    String secureHash2 = secureHash.toString();
                    byte[] encoded = partyAndCertificate.getCertPath().getEncoded();
                    Intrinsics.checkExpressionValueIsNotNull(encoded, "value.certPath.encoded");
                    return new PersistentIdentityService.PersistentIdentity(secureHash2, encoded);
                }
            }, PersistentIdentity.class, 0L, 16, null);
        }

        @NotNull
        public final AppendOnlyPersistentMap<CordaX500Name, SecureHash, PersistentIdentityNames, String> createX500Map() {
            return new AppendOnlyPersistentMap<>(new Function1<CordaX500Name, String>() { // from class: net.corda.node.services.identity.PersistentIdentityService$Companion$createX500Map$1
                @NotNull
                public final String invoke(@NotNull CordaX500Name cordaX500Name) {
                    Intrinsics.checkParameterIsNotNull(cordaX500Name, "it");
                    return cordaX500Name.toString();
                }
            }, new Function1<PersistentIdentityNames, Pair<? extends CordaX500Name, ? extends SecureHash.SHA256>>() { // from class: net.corda.node.services.identity.PersistentIdentityService$Companion$createX500Map$2
                @NotNull
                public final Pair<CordaX500Name, SecureHash.SHA256> invoke(@NotNull PersistentIdentityService.PersistentIdentityNames persistentIdentityNames) {
                    Intrinsics.checkParameterIsNotNull(persistentIdentityNames, "it");
                    return new Pair<>(CordaX500Name.Companion.parse(persistentIdentityNames.getName()), SecureHash.Companion.parse(persistentIdentityNames.getPublicKeyHash()));
                }
            }, new Function2<CordaX500Name, SecureHash, PersistentIdentityNames>() { // from class: net.corda.node.services.identity.PersistentIdentityService$Companion$createX500Map$3
                @NotNull
                public final PersistentIdentityService.PersistentIdentityNames invoke(@NotNull CordaX500Name cordaX500Name, @NotNull SecureHash secureHash) {
                    Intrinsics.checkParameterIsNotNull(cordaX500Name, "key");
                    Intrinsics.checkParameterIsNotNull(secureHash, "value");
                    return new PersistentIdentityService.PersistentIdentityNames(cordaX500Name.toString(), secureHash.toString());
                }
            }, PersistentIdentityNames.class, 0L, 16, null);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final SecureHash.SHA256 mapToKey(PublicKey publicKey) {
            SecureHash.Companion companion = SecureHash.Companion;
            byte[] encoded = publicKey.getEncoded();
            Intrinsics.checkExpressionValueIsNotNull(encoded, "owningKey.encoded");
            return companion.sha256(encoded);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final SecureHash.SHA256 mapToKey(PartyAndCertificate partyAndCertificate) {
            return mapToKey(partyAndCertificate.getOwningKey());
        }

        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    /* compiled from: PersistentIdentityService.kt */
    @Table(name = "node_identities")
    @Entity
    @Metadata(mv = {1, 1, 8}, bv = {1, 0, 2}, k = 1, d1 = {"��\u0018\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n��\n\u0002\u0010\u0012\n\u0002\b\n\b\u0017\u0018��2\u00020\u0001B\u0019\u0012\b\b\u0002\u0010\u0002\u001a\u00020\u0003\u0012\b\b\u0002\u0010\u0004\u001a\u00020\u0005¢\u0006\u0002\u0010\u0006R\u001e\u0010\u0004\u001a\u00020\u00058\u0016@\u0016X\u0097\u000e¢\u0006\u000e\n��\u001a\u0004\b\u0007\u0010\b\"\u0004\b\t\u0010\nR\u001e\u0010\u0002\u001a\u00020\u00038\u0016@\u0016X\u0097\u000e¢\u0006\u000e\n��\u001a\u0004\b\u000b\u0010\f\"\u0004\b\r\u0010\u000e¨\u0006\u000f"}, d2 = {"Lnet/corda/node/services/identity/PersistentIdentityService$PersistentIdentity;", "Ljava/io/Serializable;", "publicKeyHash", "", "identity", "", "(Ljava/lang/String;[B)V", "getIdentity", "()[B", "setIdentity", "([B)V", "getPublicKeyHash", "()Ljava/lang/String;", "setPublicKeyHash", "(Ljava/lang/String;)V", "node"})
    /* loaded from: input_file:net/corda/node/services/identity/PersistentIdentityService$PersistentIdentity.class */
    public static class PersistentIdentity implements Serializable {

        @Id
        @Column(name = "pk_hash", length = 130)
        @NotNull
        private String publicKeyHash;

        @Lob
        @Column(name = "identity_value")
        @NotNull
        private byte[] identity;

        @NotNull
        public String getPublicKeyHash() {
            return this.publicKeyHash;
        }

        public void setPublicKeyHash(@NotNull String str) {
            Intrinsics.checkParameterIsNotNull(str, "<set-?>");
            this.publicKeyHash = str;
        }

        @NotNull
        public byte[] getIdentity() {
            return this.identity;
        }

        public void setIdentity(@NotNull byte[] bArr) {
            Intrinsics.checkParameterIsNotNull(bArr, "<set-?>");
            this.identity = bArr;
        }

        public PersistentIdentity(@NotNull String str, @NotNull byte[] bArr) {
            Intrinsics.checkParameterIsNotNull(str, "publicKeyHash");
            Intrinsics.checkParameterIsNotNull(bArr, "identity");
            this.publicKeyHash = str;
            this.identity = bArr;
        }

        public /* synthetic */ PersistentIdentity(String str, byte[] bArr, int i, DefaultConstructorMarker defaultConstructorMarker) {
            this((i & 1) != 0 ? "" : str, (i & 2) != 0 ? new byte[0] : bArr);
        }

        public PersistentIdentity() {
            this(null, null, 3, null);
        }
    }

    /* compiled from: PersistentIdentityService.kt */
    @Table(name = "node_named_identities")
    @Entity
    @Metadata(mv = {1, 1, 8}, bv = {1, 0, 2}, k = 1, d1 = {"��\u0012\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n\u0002\b\t\b\u0017\u0018��2\u00020\u0001B\u0019\u0012\b\b\u0002\u0010\u0002\u001a\u00020\u0003\u0012\b\b\u0002\u0010\u0004\u001a\u00020\u0003¢\u0006\u0002\u0010\u0005R\u001e\u0010\u0002\u001a\u00020\u00038\u0016@\u0016X\u0097\u000e¢\u0006\u000e\n��\u001a\u0004\b\u0006\u0010\u0007\"\u0004\b\b\u0010\tR\u001e\u0010\u0004\u001a\u00020\u00038\u0016@\u0016X\u0097\u000e¢\u0006\u000e\n��\u001a\u0004\b\n\u0010\u0007\"\u0004\b\u000b\u0010\t¨\u0006\f"}, d2 = {"Lnet/corda/node/services/identity/PersistentIdentityService$PersistentIdentityNames;", "Ljava/io/Serializable;", "name", "", "publicKeyHash", "(Ljava/lang/String;Ljava/lang/String;)V", "getName", "()Ljava/lang/String;", "setName", "(Ljava/lang/String;)V", "getPublicKeyHash", "setPublicKeyHash", "node"})
    /* loaded from: input_file:net/corda/node/services/identity/PersistentIdentityService$PersistentIdentityNames.class */
    public static class PersistentIdentityNames implements Serializable {

        @Id
        @Column(name = "name", length = 128)
        @NotNull
        private String name;

        @Column(name = "pk_hash", length = 130)
        @NotNull
        private String publicKeyHash;

        @NotNull
        public String getName() {
            return this.name;
        }

        public void setName(@NotNull String str) {
            Intrinsics.checkParameterIsNotNull(str, "<set-?>");
            this.name = str;
        }

        @NotNull
        public String getPublicKeyHash() {
            return this.publicKeyHash;
        }

        public void setPublicKeyHash(@NotNull String str) {
            Intrinsics.checkParameterIsNotNull(str, "<set-?>");
            this.publicKeyHash = str;
        }

        public PersistentIdentityNames(@NotNull String str, @NotNull String str2) {
            Intrinsics.checkParameterIsNotNull(str, "name");
            Intrinsics.checkParameterIsNotNull(str2, "publicKeyHash");
            this.name = str;
            this.publicKeyHash = str2;
        }

        public /* synthetic */ PersistentIdentityNames(String str, String str2, int i, DefaultConstructorMarker defaultConstructorMarker) {
            this((i & 1) != 0 ? "" : str, (i & 2) != 0 ? "" : str2);
        }

        public PersistentIdentityNames() {
            this(null, null, 3, null);
        }
    }

    @NotNull
    public CertStore getCaCertStore() {
        return this.caCertStore;
    }

    @NotNull
    public TrustAnchor getTrustAnchor() {
        return this.trustAnchor;
    }

    public final void loadIdentities(@NotNull Iterable<PartyAndCertificate> iterable, @NotNull Iterable<PartyAndCertificate> iterable2) {
        Intrinsics.checkParameterIsNotNull(iterable, "identities");
        Intrinsics.checkParameterIsNotNull(iterable2, "confidentialIdentities");
        for (PartyAndCertificate partyAndCertificate : iterable) {
            SecureHash mapToKey = Companion.mapToKey(partyAndCertificate);
            this.keyToParties.addWithDuplicatesAllowed(mapToKey, partyAndCertificate, false);
            this.principalToParties.addWithDuplicatesAllowed(partyAndCertificate.getName(), mapToKey, false);
        }
        for (PartyAndCertificate partyAndCertificate2 : iterable2) {
            this.principalToParties.addWithDuplicatesAllowed(partyAndCertificate2.getName(), Companion.mapToKey(partyAndCertificate2), false);
        }
    }

    public static /* bridge */ /* synthetic */ void loadIdentities$default(PersistentIdentityService persistentIdentityService, Iterable iterable, Iterable iterable2, int i, Object obj) {
        if ((i & 1) != 0) {
            iterable = SetsKt.emptySet();
        }
        if ((i & 2) != 0) {
            iterable2 = SetsKt.emptySet();
        }
        persistentIdentityService.loadIdentities(iterable, iterable2);
    }

    @Nullable
    public PartyAndCertificate verifyAndRegisterIdentity(@NotNull PartyAndCertificate partyAndCertificate) throws CertificateExpiredException, CertificateNotYetValidException, InvalidAlgorithmParameterException {
        Intrinsics.checkParameterIsNotNull(partyAndCertificate, "identity");
        List x509Certificates = X509UtilitiesKt.getX509Certificates(partyAndCertificate.getCertPath());
        try {
            partyAndCertificate.verify(getTrustAnchor());
            Object obj = null;
            boolean z = false;
            for (Object obj2 : x509Certificates) {
                CertRole extract = CertRole.Companion.extract((X509Certificate) obj2);
                if (extract != null ? extract.isWellKnown() : false) {
                    if (z) {
                        throw new IllegalArgumentException("Collection contains more than one matching element.");
                    }
                    obj = obj2;
                    z = true;
                }
            }
            if (!z) {
                throw new NoSuchElementException("Collection contains no element matching the predicate.");
            }
            X509Certificate x509Certificate = (X509Certificate) obj;
            if (!Intrinsics.areEqual(x509Certificate, partyAndCertificate.getCertificate())) {
                verifyAndRegisterIdentity(new PartyAndCertificate(X509Utilities.INSTANCE.buildCertPath(CollectionsKt.slice(x509Certificates, RangesKt.until(x509Certificates.lastIndexOf(x509Certificate), x509Certificates.size())))));
            }
            Logger log2 = Companion.getLog();
            if (log2.isDebugEnabled()) {
                log2.debug("Registering identity " + partyAndCertificate);
            }
            SecureHash mapToKey = Companion.mapToKey(partyAndCertificate);
            AppendOnlyPersistentMapBase.addWithDuplicatesAllowed$default(this.keyToParties, mapToKey, partyAndCertificate, false, 4, null);
            this.principalToParties.addWithDuplicatesAllowed(partyAndCertificate.getName(), mapToKey, false);
            Companion companion = Companion;
            PublicKey publicKey = ((X509Certificate) x509Certificates.get(1)).getPublicKey();
            Intrinsics.checkExpressionValueIsNotNull(publicKey, "identityCertChain[1].publicKey");
            return this.keyToParties.get(companion.mapToKey(publicKey));
        } catch (CertPathValidatorException e) {
            Companion.getLog().warn(e.getLocalizedMessage());
            Companion.getLog().warn("Path = ");
            Iterator it = CollectionsKt.reversed(x509Certificates).iterator();
            while (it.hasNext()) {
                Companion.getLog().warn(((X509Certificate) it.next()).getSubjectX500Principal().toString());
            }
            throw e;
        }
    }

    @Nullable
    public PartyAndCertificate certificateFromKey(@NotNull PublicKey publicKey) {
        Intrinsics.checkParameterIsNotNull(publicKey, "owningKey");
        return this.keyToParties.get(Companion.mapToKey(publicKey));
    }

    private final PartyAndCertificate certificateFromCordaX500Name(CordaX500Name cordaX500Name) {
        SecureHash secureHash = this.principalToParties.get(cordaX500Name);
        if (secureHash != null) {
            return this.keyToParties.get(secureHash);
        }
        return null;
    }

    @NotNull
    public Iterable<PartyAndCertificate> getAllIdentities() {
        return SequencesKt.asIterable(SequencesKt.map(this.keyToParties.allPersisted(), new Function1<Pair<? extends SecureHash, ? extends PartyAndCertificate>, PartyAndCertificate>() { // from class: net.corda.node.services.identity.PersistentIdentityService$getAllIdentities$1
            @NotNull
            public final PartyAndCertificate invoke(@NotNull Pair<? extends SecureHash, PartyAndCertificate> pair) {
                Intrinsics.checkParameterIsNotNull(pair, "it");
                return (PartyAndCertificate) pair.getSecond();
            }
        }));
    }

    @Nullable
    public Party partyFromKey(@NotNull PublicKey publicKey) {
        Intrinsics.checkParameterIsNotNull(publicKey, "key");
        PartyAndCertificate certificateFromKey = certificateFromKey(publicKey);
        if (certificateFromKey != null) {
            return certificateFromKey.getParty();
        }
        return null;
    }

    @Nullable
    public Party wellKnownPartyFromX500Name(@NotNull CordaX500Name cordaX500Name) {
        Intrinsics.checkParameterIsNotNull(cordaX500Name, "name");
        PartyAndCertificate certificateFromCordaX500Name = certificateFromCordaX500Name(cordaX500Name);
        if (certificateFromCordaX500Name != null) {
            return certificateFromCordaX500Name.getParty();
        }
        return null;
    }

    @Nullable
    public Party wellKnownPartyFromAnonymous(@NotNull AbstractParty abstractParty) {
        Intrinsics.checkParameterIsNotNull(abstractParty, "party");
        Party partyFromKey = partyFromKey(abstractParty.getOwningKey());
        if (partyFromKey != null) {
            return wellKnownPartyFromX500Name(partyFromKey.getName());
        }
        return null;
    }

    @Nullable
    public Party wellKnownPartyFromAnonymous(@NotNull PartyAndReference partyAndReference) {
        Intrinsics.checkParameterIsNotNull(partyAndReference, "partyRef");
        return wellKnownPartyFromAnonymous(partyAndReference.getParty());
    }

    @NotNull
    public Party requireWellKnownPartyFromAnonymous(@NotNull AbstractParty abstractParty) {
        Intrinsics.checkParameterIsNotNull(abstractParty, "party");
        Party wellKnownPartyFromAnonymous = wellKnownPartyFromAnonymous(abstractParty);
        if (wellKnownPartyFromAnonymous != null) {
            return wellKnownPartyFromAnonymous;
        }
        throw new IllegalStateException("Could not deanonymise party " + CryptoUtils.toStringShort(abstractParty.getOwningKey()));
    }

    @NotNull
    public Set<Party> partiesFromName(@NotNull String str, boolean z) {
        Intrinsics.checkParameterIsNotNull(str, "query");
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        Iterator it = this.principalToParties.allPersisted().iterator();
        while (it.hasNext()) {
            Pair pair = (Pair) it.next();
            CordaX500Name cordaX500Name = (CordaX500Name) pair.component1();
            PartyAndCertificate partyAndCertificate = this.keyToParties.get((SecureHash) pair.component2());
            if (partyAndCertificate == null) {
                Intrinsics.throwNpe();
            }
            Party party = partyAndCertificate.getParty();
            for (String str2 : CollectionsKt.listOfNotNull(new String[]{cordaX500Name.getCommonName(), cordaX500Name.getOrganisationUnit(), cordaX500Name.getOrganisation(), cordaX500Name.getLocality(), cordaX500Name.getState(), cordaX500Name.getCountry()})) {
                if (z && Intrinsics.areEqual(str2, str)) {
                    linkedHashSet.add(party);
                } else if (!z && StringsKt.contains(str2, str, true)) {
                    linkedHashSet.add(party);
                }
            }
        }
        return linkedHashSet;
    }

    public void assertOwnership(@NotNull Party party, @NotNull AnonymousParty anonymousParty) throws UnknownAnonymousPartyException {
        Intrinsics.checkParameterIsNotNull(party, "party");
        Intrinsics.checkParameterIsNotNull(anonymousParty, "anonymousParty");
        PartyAndCertificate certificateFromKey = certificateFromKey(anonymousParty.getOwningKey());
        if (certificateFromKey == null) {
            throw new UnknownAnonymousPartyException("Unknown " + anonymousParty);
        }
        if (!Intrinsics.areEqual(certificateFromKey.getCertPath().getCertificates().get(1).getPublicKey(), party.getOwningKey())) {
            throw new IllegalArgumentException(("Issuing certificate's public key must match the party key " + CryptoUtils.toStringShort(party.getOwningKey()) + '.').toString());
        }
    }

    @NotNull
    public X509Certificate getTrustRoot() {
        return this.trustRoot;
    }

    public PersistentIdentityService(@NotNull X509Certificate x509Certificate, @NotNull X509Certificate... x509CertificateArr) {
        Intrinsics.checkParameterIsNotNull(x509Certificate, "trustRoot");
        Intrinsics.checkParameterIsNotNull(x509CertificateArr, "caCertificates");
        this.trustRoot = x509Certificate;
        this.trustAnchor = new TrustAnchor(getTrustRoot(), null);
        this.keyToParties = Companion.createPKMap();
        this.principalToParties = Companion.createX500Map();
        CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(SetsKt.plus(ArraysKt.toSet(x509CertificateArr), getTrustRoot())));
        Intrinsics.checkExpressionValueIsNotNull(certStore, "CertStore.getInstance(\"C…(caCertificatesWithRoot))");
        this.caCertStore = certStore;
    }

    @Override // net.corda.node.services.api.IdentityServiceInternal
    public void justVerifyAndRegisterIdentity(@NotNull PartyAndCertificate partyAndCertificate) {
        Intrinsics.checkParameterIsNotNull(partyAndCertificate, "identity");
        IdentityServiceInternal.DefaultImpls.justVerifyAndRegisterIdentity(this, partyAndCertificate);
    }
}
