package net.corda.nodeapi.internal.crypto;

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.io.CloseableKt;
import kotlin.jvm.JvmName;
import kotlin.jvm.internal.Intrinsics;
import net.corda.core.crypto.Crypto;
import net.corda.core.internal.PathUtilsKt;
import net.corda.nodeapi.internal.protonwrapper.netty.AMQPClient;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* compiled from: KeyStoreUtilities.kt */
@Metadata(mv = {1, 1, 11}, bv = {1, 0, AMQPClient.NUM_CLIENT_THREADS}, k = AMQPClient.NUM_CLIENT_THREADS, d1 = {"��^\n��\n\u0002\u0010\u000e\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n��\n\u0002\u0010\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\u0019\n��\n\u0002\u0010\u0011\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\u001a\u0016\u0010\u0002\u001a\u00020\u00032\u0006\u0010\u0004\u001a\u00020\u00052\u0006\u0010\u0006\u001a\u00020\u0001\u001a\u0016\u0010\u0002\u001a\u00020\u00032\u0006\u0010\u0007\u001a\u00020\b2\u0006\u0010\u0006\u001a\u00020\u0001\u001a,\u0010\t\u001a\u00020\u00032\u0006\u0010\u0007\u001a\u00020\b2\u0006\u0010\u0006\u001a\u00020\u00012\b\b\u0002\u0010\n\u001a\u00020\u00012\n\b\u0002\u0010\u000b\u001a\u0004\u0018\u00010\f\u001a\u001a\u0010\r\u001a\u00020\u000e*\u00020\u00032\u0006\u0010\u000f\u001a\u00020\u00012\u0006\u0010\u0010\u001a\u00020\u0011\u001a7\u0010\u0012\u001a\u00020\u000e*\u00020\u00032\u0006\u0010\u000f\u001a\u00020\u00012\u0006\u0010\u0013\u001a\u00020\u00142\u0006\u0010\u0015\u001a\u00020\u00162\u000e\u0010\u0017\u001a\n\u0012\u0006\b\u0001\u0012\u00020\u00110\u0018¢\u0006\u0002\u0010\u0019\u001a\u001a\u0010\u001a\u001a\u00020\u001b*\u00020\u00032\u0006\u0010\u000f\u001a\u00020\u00012\u0006\u0010\u001c\u001a\u00020\u0001\u001a\u001a\u0010\u001d\u001a\u00020\u001e*\u00020\u00032\u0006\u0010\u000f\u001a\u00020\u00012\u0006\u0010\u001c\u001a\u00020\u0001\u001a\u0012\u0010\u001f\u001a\u00020 *\u00020\u00032\u0006\u0010\u000f\u001a\u00020\u0001\u001a\u001a\u0010!\u001a\u00020\u000e*\u00020\u00032\u0006\u0010\u0007\u001a\u00020\b2\u0006\u0010\u0006\u001a\u00020\u0001\"\u000e\u0010��\u001a\u00020\u0001X\u0086T¢\u0006\u0002\n��¨\u0006\""}, d2 = {"KEYSTORE_TYPE", "", "loadKeyStore", "Ljava/security/KeyStore;", "input", "Ljava/io/InputStream;", "storePassword", "keyStoreFilePath", "Ljava/nio/file/Path;", "loadOrCreateKeyStore", "keystoreType", "provider", "Ljava/security/Provider;", "addOrReplaceCertificate", "", "alias", "cert", "Ljava/security/cert/Certificate;", "addOrReplaceKey", "key", "Ljava/security/Key;", "password", "", "chain", "", "(Ljava/security/KeyStore;Ljava/lang/String;Ljava/security/Key;[C[Ljava/security/cert/Certificate;)V", "getCertificateAndKeyPair", "Lnet/corda/nodeapi/internal/crypto/CertificateAndKeyPair;", "keyPassword", "getSupportedKey", "Ljava/security/PrivateKey;", "getX509Certificate", "Ljava/security/cert/X509Certificate;", "save", "node-api"})
@JvmName(name = "KeyStoreUtilities")
/* loaded from: input_file:net/corda/nodeapi/internal/crypto/KeyStoreUtilities.class */
public final class KeyStoreUtilities {

    @NotNull
    public static final String KEYSTORE_TYPE = "JKS";

    @NotNull
    public static final KeyStore loadOrCreateKeyStore(@NotNull Path path, @NotNull String str, @NotNull String str2, @Nullable Provider provider) {
        OutputStream outputStream;
        Intrinsics.checkParameterIsNotNull(path, "keyStoreFilePath");
        Intrinsics.checkParameterIsNotNull(str, "storePassword");
        Intrinsics.checkParameterIsNotNull(str2, "keystoreType");
        char[] charArray = str.toCharArray();
        Intrinsics.checkExpressionValueIsNotNull(charArray, "(this as java.lang.String).toCharArray()");
        KeyStore keyStore = provider != null ? KeyStore.getInstance(str2, provider) : KeyStore.getInstance(str2);
        if (PathUtilsKt.exists(path, new LinkOption[0])) {
            OpenOption[] openOptionArr = new OpenOption[0];
            outputStream = PathUtilsKt.inputStream(path, (OpenOption[]) Arrays.copyOf(openOptionArr, openOptionArr.length));
            Throwable th = (Throwable) null;
            try {
                try {
                    keyStore.load(outputStream, charArray);
                    Unit unit = Unit.INSTANCE;
                    CloseableKt.closeFinally(outputStream, th);
                } finally {
                }
            } finally {
            }
        } else {
            keyStore.load(null, charArray);
            Path absolutePath = path.toAbsolutePath();
            Intrinsics.checkExpressionValueIsNotNull(absolutePath, "keyStoreFilePath.toAbsolutePath()");
            Path parent = absolutePath.getParent();
            if (parent != null) {
                Path safeSymbolicRead = PathUtilsKt.safeSymbolicRead(parent);
                if (safeSymbolicRead != null) {
                    PathUtilsKt.createDirectories(safeSymbolicRead, new FileAttribute[0]);
                }
            }
            OpenOption[] openOptionArr2 = new OpenOption[0];
            outputStream = PathUtilsKt.outputStream(path, (OpenOption[]) Arrays.copyOf(openOptionArr2, openOptionArr2.length));
            Throwable th2 = (Throwable) null;
            try {
                try {
                    keyStore.store(outputStream, charArray);
                    Unit unit2 = Unit.INSTANCE;
                    CloseableKt.closeFinally(outputStream, th2);
                } finally {
                }
            } finally {
            }
        }
        Intrinsics.checkExpressionValueIsNotNull(keyStore, "keyStore");
        return keyStore;
    }

    @NotNull
    public static /* bridge */ /* synthetic */ KeyStore loadOrCreateKeyStore$default(Path path, String str, String str2, Provider provider, int i, Object obj) {
        if ((i & 4) != 0) {
            str2 = KEYSTORE_TYPE;
        }
        if ((i & 8) != 0) {
            provider = (Provider) null;
        }
        return loadOrCreateKeyStore(path, str, str2, provider);
    }

    @NotNull
    public static final KeyStore loadKeyStore(@NotNull Path path, @NotNull String str) throws KeyStoreException, IOException {
        Intrinsics.checkParameterIsNotNull(path, "keyStoreFilePath");
        Intrinsics.checkParameterIsNotNull(str, "storePassword");
        OpenOption[] openOptionArr = new OpenOption[0];
        InputStream inputStream = PathUtilsKt.inputStream(path, (OpenOption[]) Arrays.copyOf(openOptionArr, openOptionArr.length));
        Throwable th = (Throwable) null;
        try {
            KeyStore loadKeyStore = loadKeyStore(inputStream, str);
            CloseableKt.closeFinally(inputStream, th);
            return loadKeyStore;
        } catch (Throwable th2) {
            CloseableKt.closeFinally(inputStream, th);
            throw th2;
        }
    }

    @NotNull
    public static final KeyStore loadKeyStore(@NotNull InputStream inputStream, @NotNull String str) throws KeyStoreException, IOException {
        Intrinsics.checkParameterIsNotNull(inputStream, "input");
        Intrinsics.checkParameterIsNotNull(str, "storePassword");
        char[] charArray = str.toCharArray();
        Intrinsics.checkExpressionValueIsNotNull(charArray, "(this as java.lang.String).toCharArray()");
        KeyStore keyStore = KeyStore.getInstance(KEYSTORE_TYPE);
        InputStream inputStream2 = inputStream;
        Throwable th = (Throwable) null;
        try {
            InputStream inputStream3 = inputStream2;
            keyStore.load(inputStream, charArray);
            Unit unit = Unit.INSTANCE;
            CloseableKt.closeFinally(inputStream2, th);
            Intrinsics.checkExpressionValueIsNotNull(keyStore, "keyStore");
            return keyStore;
        } catch (Throwable th2) {
            CloseableKt.closeFinally(inputStream2, th);
            throw th2;
        }
    }

    public static final void addOrReplaceKey(@NotNull KeyStore keyStore, @NotNull String str, @NotNull Key key, @NotNull char[] cArr, @NotNull Certificate[] certificateArr) {
        Intrinsics.checkParameterIsNotNull(keyStore, "$receiver");
        Intrinsics.checkParameterIsNotNull(str, "alias");
        Intrinsics.checkParameterIsNotNull(key, "key");
        Intrinsics.checkParameterIsNotNull(cArr, "password");
        Intrinsics.checkParameterIsNotNull(certificateArr, "chain");
        if (keyStore.containsAlias(str)) {
            keyStore.deleteEntry(str);
        }
        keyStore.setKeyEntry(str, key, cArr, certificateArr);
    }

    public static final void addOrReplaceCertificate(@NotNull KeyStore keyStore, @NotNull String str, @NotNull Certificate certificate) {
        Intrinsics.checkParameterIsNotNull(keyStore, "$receiver");
        Intrinsics.checkParameterIsNotNull(str, "alias");
        Intrinsics.checkParameterIsNotNull(certificate, "cert");
        if (keyStore.containsAlias(str)) {
            keyStore.deleteEntry(str);
        }
        keyStore.setCertificateEntry(str, certificate);
    }

    public static final void save(@NotNull KeyStore keyStore, @NotNull Path path, @NotNull String str) {
        Intrinsics.checkParameterIsNotNull(keyStore, "$receiver");
        Intrinsics.checkParameterIsNotNull(path, "keyStoreFilePath");
        Intrinsics.checkParameterIsNotNull(str, "storePassword");
        OpenOption[] openOptionArr = new OpenOption[0];
        OutputStream outputStream = PathUtilsKt.outputStream(path, (OpenOption[]) Arrays.copyOf(openOptionArr, openOptionArr.length));
        Throwable th = (Throwable) null;
        try {
            try {
                OutputStream outputStream2 = outputStream;
                char[] charArray = str.toCharArray();
                Intrinsics.checkExpressionValueIsNotNull(charArray, "(this as java.lang.String).toCharArray()");
                keyStore.store(outputStream2, charArray);
                Unit unit = Unit.INSTANCE;
                CloseableKt.closeFinally(outputStream, th);
            } finally {
            }
        } catch (Throwable th2) {
            CloseableKt.closeFinally(outputStream, th);
            throw th2;
        }
    }

    @NotNull
    public static final CertificateAndKeyPair getCertificateAndKeyPair(@NotNull KeyStore keyStore, @NotNull String str, @NotNull String str2) {
        Intrinsics.checkParameterIsNotNull(keyStore, "$receiver");
        Intrinsics.checkParameterIsNotNull(str, "alias");
        Intrinsics.checkParameterIsNotNull(str2, "keyPassword");
        X509Certificate x509Certificate = getX509Certificate(keyStore, str);
        PublicKey publicKey = x509Certificate.getPublicKey();
        Intrinsics.checkExpressionValueIsNotNull(publicKey, "certificate.publicKey");
        return new CertificateAndKeyPair(x509Certificate, new KeyPair(Crypto.toSupportedPublicKey(publicKey), getSupportedKey(keyStore, str, str2)));
    }

    @NotNull
    public static final X509Certificate getX509Certificate(@NotNull KeyStore keyStore, @NotNull String str) {
        Intrinsics.checkParameterIsNotNull(keyStore, "$receiver");
        Intrinsics.checkParameterIsNotNull(str, "alias");
        Certificate certificate = keyStore.getCertificate(str);
        if (certificate == null) {
            throw new IllegalArgumentException("No certificate under alias \"" + str + "\".");
        }
        Certificate certificate2 = certificate;
        if (!(certificate2 instanceof X509Certificate)) {
            certificate2 = null;
        }
        X509Certificate x509Certificate = (X509Certificate) certificate2;
        if (x509Certificate != null) {
            return x509Certificate;
        }
        throw new IllegalStateException("Certificate under alias \"" + str + "\" is not an X.509 certificate: " + certificate);
    }

    @NotNull
    public static final PrivateKey getSupportedKey(@NotNull KeyStore keyStore, @NotNull String str, @NotNull String str2) {
        Intrinsics.checkParameterIsNotNull(keyStore, "$receiver");
        Intrinsics.checkParameterIsNotNull(str, "alias");
        Intrinsics.checkParameterIsNotNull(str2, "keyPassword");
        char[] charArray = str2.toCharArray();
        Intrinsics.checkExpressionValueIsNotNull(charArray, "(this as java.lang.String).toCharArray()");
        Key key = keyStore.getKey(str, charArray);
        if (key == null) {
            throw new IllegalArgumentException(("Key for alias: '" + str + "' cannot be found").toString());
        }
        return Crypto.toSupportedPrivateKey((PrivateKey) key);
    }
}
