package net.corda.testing.node.internal.network;

import java.io.Closeable;
import java.math.BigInteger;
import java.net.InetSocketAddress;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import javax.security.auth.x500.X500Principal;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Response;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import net.corda.core.crypto.Crypto;
import net.corda.core.crypto.SignatureScheme;
import net.corda.core.internal.CertRole;
import net.corda.core.utilities.KotlinUtilsKt;
import net.corda.core.utilities.NetworkHostAndPort;
import net.corda.coretesting.internal.InternalTestConstantsKt;
import net.corda.nodeapi.internal.crypto.CertificateAndKeyPair;
import net.corda.nodeapi.internal.crypto.CertificateType;
import net.corda.nodeapi.internal.crypto.ContentSignerBuilder;
import net.corda.nodeapi.internal.crypto.X509Utilities;
import net.corda.nodeapi.internal.crypto.X509UtilitiesKt;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.CRLDistPoint;
import org.bouncycastle.asn1.x509.DistributionPoint;
import org.bouncycastle.asn1.x509.DistributionPointName;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.IssuingDistributionPoint;
import org.bouncycastle.asn1.x509.NameConstraints;
import org.bouncycastle.asn1.x509.ReasonFlags;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CRLConverter;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.cert.jcajce.JcaX509v2CRLBuilder;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.eclipse.jetty.server.Handler;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.handler.HandlerCollection;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.glassfish.jersey.server.ResourceConfig;
import org.glassfish.jersey.servlet.ServletContainer;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* compiled from: CrlServer.kt */
@Metadata(mv = {1, 1, 11}, bv = {1, 0, 2}, k = 1, d1 = {"��b\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0006\n\u0002\u0010!\n\u0002\u0018\u0002\n\u0002\b\u0007\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n\u0002\b\u0003\n\u0002\u0010\u000b\n��\n\u0002\u0010 \n��\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0004\u0018�� ,2\u00020\u0001:\u0002,-B\r\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0002\u0010\u0004J\b\u0010\u0017\u001a\u00020\u0018H\u0002J\b\u0010\u0019\u001a\u00020\u001aH\u0016J4\u0010\u001b\u001a\u00020\u001c2\u0006\u0010\u001d\u001a\u00020\u001e2\u0006\u0010\u001f\u001a\u00020\u00062\u0006\u0010 \u001a\u00020\u001e2\u0006\u0010!\u001a\u00020\"2\f\u0010#\u001a\b\u0012\u0004\u0012\u00020\u000e0$J&\u0010%\u001a\u00020&2\u0006\u0010'\u001a\u00020&2\n\b\u0002\u0010(\u001a\u0004\u0018\u00010\u001e2\n\b\u0002\u0010)\u001a\u0004\u0018\u00010*J\u0006\u0010+\u001a\u00020\u001aR\u000e\u0010\u0005\u001a\u00020\u0006X\u0082.¢\u0006\u0002\n��R\u0011\u0010\u0002\u001a\u00020\u00038F¢\u0006\u0006\u001a\u0004\b\u0007\u0010\bR\u0011\u0010\t\u001a\u00020\u00068F¢\u0006\u0006\u001a\u0004\b\n\u0010\u000bR\u0017\u0010\f\u001a\b\u0012\u0004\u0012\u00020\u000e0\r¢\u0006\b\n��\u001a\u0004\b\u000f\u0010\u0010R\u0017\u0010\u0011\u001a\b\u0012\u0004\u0012\u00020\u000e0\r¢\u0006\b\n��\u001a\u0004\b\u0012\u0010\u0010R\u0011\u0010\u0013\u001a\u00020\u0006¢\u0006\b\n��\u001a\u0004\b\u0014\u0010\u000bR\u000e\u0010\u0015\u001a\u00020\u0016X\u0082\u0004¢\u0006\u0002\n��¨\u0006."}, d2 = {"Lnet/corda/testing/node/internal/network/CrlServer;", "Ljava/io/Closeable;", "hostAndPort", "Lnet/corda/core/utilities/NetworkHostAndPort;", "(Lnet/corda/core/utilities/NetworkHostAndPort;)V", "_intermediateCa", "Lnet/corda/nodeapi/internal/crypto/CertificateAndKeyPair;", "getHostAndPort", "()Lnet/corda/core/utilities/NetworkHostAndPort;", "intermediateCa", "getIntermediateCa", "()Lnet/corda/nodeapi/internal/crypto/CertificateAndKeyPair;", "revokedIntermediateCerts", "", "Ljava/math/BigInteger;", "getRevokedIntermediateCerts", "()Ljava/util/List;", "revokedNodeCerts", "getRevokedNodeCerts", "rootCa", "getRootCa", "server", "Lorg/eclipse/jetty/server/Server;", "buildServletContextHandler", "Lorg/eclipse/jetty/servlet/ServletContextHandler;", "close", "", "createRevocationList", "Ljava/security/cert/X509CRL;", "signatureAlgorithm", "", "ca", "endpoint", "indirect", "", "serialNumbers", "", "replaceNodeCertDistPoint", "Ljava/security/cert/X509Certificate;", "nodeCaCert", "nodeCaCrlDistPoint", "crlIssuer", "Ljavax/security/auth/x500/X500Principal;", "start", "Companion", "CrlServlet", "node-driver"})
/* loaded from: input_file:net/corda/testing/node/internal/network/CrlServer.class */
public final class CrlServer implements Closeable {
    private final Server server;

    @NotNull
    private final List<BigInteger> revokedNodeCerts;

    @NotNull
    private final List<BigInteger> revokedIntermediateCerts;

    @NotNull
    private final CertificateAndKeyPair rootCa;
    private CertificateAndKeyPair _intermediateCa;
    private static final String SIGNATURE_ALGORITHM = "SHA256withECDSA";

    @NotNull
    public static final String NODE_CRL = "node.crl";

    @NotNull
    public static final String FORBIDDEN_CRL = "forbidden.crl";

    @NotNull
    public static final String INTERMEDIATE_CRL = "intermediate.crl";

    @NotNull
    public static final String EMPTY_CRL = "empty.crl";
    public static final Companion Companion = new Companion(null);

    /* compiled from: CrlServer.kt */
    @Metadata(mv = {1, 1, 11}, bv = {1, 0, 2}, k = 1, d1 = {"��(\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\u0005\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\b\u0086\u0003\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J(\u0010\t\u001a\u00020\n*\u00020\n2\u0006\u0010\u000b\u001a\u00020\f2\b\u0010\r\u001a\u0004\u0018\u00010\u00042\n\b\u0002\u0010\u000e\u001a\u0004\u0018\u00010\u000fR\u000e\u0010\u0003\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n��R\u000e\u0010\u0005\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n��R\u000e\u0010\u0006\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n��R\u000e\u0010\u0007\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n��R\u000e\u0010\b\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n��¨\u0006\u0010"}, d2 = {"Lnet/corda/testing/node/internal/network/CrlServer$Companion;", "", "()V", "EMPTY_CRL", "", "FORBIDDEN_CRL", "INTERMEDIATE_CRL", "NODE_CRL", "SIGNATURE_ALGORITHM", "withCrlDistPoint", "Ljava/security/cert/X509Certificate;", "issuerKeyPair", "Ljava/security/KeyPair;", "crlDistPoint", "crlIssuer", "Ljavax/security/auth/x500/X500Principal;", "node-driver"})
    /* loaded from: input_file:net/corda/testing/node/internal/network/CrlServer$Companion.class */
    public static final class Companion {
        @NotNull
        public final X509Certificate withCrlDistPoint(@NotNull X509Certificate x509Certificate, @NotNull KeyPair keyPair, @Nullable String str, @Nullable X500Principal x500Principal) {
            Intrinsics.checkParameterIsNotNull(x509Certificate, "$receiver");
            Intrinsics.checkParameterIsNotNull(keyPair, "issuerKeyPair");
            PrivateKey privateKey = keyPair.getPrivate();
            Intrinsics.checkExpressionValueIsNotNull(privateKey, "issuerKeyPair.private");
            SignatureScheme findSignatureScheme = Crypto.findSignatureScheme(privateKey);
            Provider findProvider = Crypto.findProvider(findSignatureScheme.getProviderName());
            ContentSignerBuilder contentSignerBuilder = ContentSignerBuilder.INSTANCE;
            PrivateKey privateKey2 = keyPair.getPrivate();
            Intrinsics.checkExpressionValueIsNotNull(privateKey2, "issuerKeyPair.private");
            ContentSigner build$default = ContentSignerBuilder.build$default(contentSignerBuilder, findSignatureScheme, privateKey2, findProvider, (SecureRandom) null, false, 24, (Object) null);
            X509Utilities x509Utilities = X509Utilities.INSTANCE;
            CertRole extract = CertRole.Companion.extract(x509Certificate);
            if (extract == null) {
                Intrinsics.throwNpe();
            }
            CertificateType certificateType = X509UtilitiesKt.getCertificateType(extract);
            X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
            Intrinsics.checkExpressionValueIsNotNull(issuerX500Principal, "issuerX500Principal");
            PublicKey publicKey = keyPair.getPublic();
            Intrinsics.checkExpressionValueIsNotNull(publicKey, "issuerKeyPair.public");
            X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
            Intrinsics.checkExpressionValueIsNotNull(subjectX500Principal, "subjectX500Principal");
            PublicKey publicKey2 = x509Certificate.getPublicKey();
            Intrinsics.checkExpressionValueIsNotNull(publicKey2, "publicKey");
            X509v3CertificateBuilder createPartialCertificate$default = X509Utilities.createPartialCertificate$default(x509Utilities, certificateType, issuerX500Principal, publicKey, subjectX500Principal, publicKey2, new Pair(new Date(System.currentTimeMillis() - KotlinUtilsKt.getMinutes(5).toMillis()), new Date(System.currentTimeMillis() + KotlinUtilsKt.getDays(10).toMillis())), (NameConstraints) null, (String) null, (X500Name) null, 384, (Object) null);
            if (str != null) {
                createPartialCertificate$default.addExtension(Extension.cRLDistributionPoints, false, new CRLDistPoint(new DistributionPoint[]{new DistributionPoint(new DistributionPointName(new GeneralNames(new GeneralName(6, str))), (ReasonFlags) null, x500Principal != null ? new GeneralNames(new GeneralName(X500Name.getInstance(x500Principal.getEncoded()))) : null)}));
            }
            X509CertificateHolder build = createPartialCertificate$default.build(build$default);
            Intrinsics.checkExpressionValueIsNotNull(build, "builder.build(issuerSigner)");
            return X509UtilitiesKt.toJca(build);
        }

        @NotNull
        public static /* bridge */ /* synthetic */ X509Certificate withCrlDistPoint$default(Companion companion, X509Certificate x509Certificate, KeyPair keyPair, String str, X500Principal x500Principal, int i, Object obj) {
            if ((i & 4) != 0) {
                x500Principal = (X500Principal) null;
            }
            return companion.withCrlDistPoint(x509Certificate, keyPair, str, x500Principal);
        }

        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    /* compiled from: CrlServer.kt */
    @Path("crl")
    @Metadata(mv = {1, 1, 11}, bv = {1, 0, 2}, k = 1, d1 = {"��\u001a\n\u0002\u0018\u0002\n\u0002\u0010��\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0004\b\u0007\u0018��2\u00020\u0001B\r\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0002\u0010\u0004J\b\u0010\u0005\u001a\u00020\u0006H\u0007J\b\u0010\u0007\u001a\u00020\u0006H\u0007J\b\u0010\b\u001a\u00020\u0006H\u0007J\b\u0010\t\u001a\u00020\u0006H\u0007R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n��¨\u0006\n"}, d2 = {"Lnet/corda/testing/node/internal/network/CrlServer$CrlServlet;", "", "crlServer", "Lnet/corda/testing/node/internal/network/CrlServer;", "(Lnet/corda/testing/node/internal/network/CrlServer;)V", "getEmptyCRL", "Ljavax/ws/rs/core/Response;", "getIntermediateCRL", "getNodeCRL", "getNodeSlowCRL", "node-driver"})
    /* loaded from: input_file:net/corda/testing/node/internal/network/CrlServer$CrlServlet.class */
    public static final class CrlServlet {
        private final CrlServer crlServer;

        @GET
        @Path(CrlServer.NODE_CRL)
        @NotNull
        @Produces({"application/pkcs7-crl"})
        public final Response getNodeCRL() {
            Response build = Response.ok(this.crlServer.createRevocationList(CrlServer.SIGNATURE_ALGORITHM, this.crlServer.getIntermediateCa(), CrlServer.NODE_CRL, false, this.crlServer.getRevokedNodeCerts()).getEncoded()).build();
            Intrinsics.checkExpressionValueIsNotNull(build, "Response.ok(crlServer.cr…       ).encoded).build()");
            return build;
        }

        @GET
        @Path(CrlServer.FORBIDDEN_CRL)
        @NotNull
        @Produces({"application/pkcs7-crl"})
        public final Response getNodeSlowCRL() {
            Response build = Response.status(Response.Status.FORBIDDEN).build();
            Intrinsics.checkExpressionValueIsNotNull(build, "Response.status(Response.Status.FORBIDDEN).build()");
            return build;
        }

        @GET
        @Path(CrlServer.INTERMEDIATE_CRL)
        @NotNull
        @Produces({"application/pkcs7-crl"})
        public final Response getIntermediateCRL() {
            Response build = Response.ok(this.crlServer.createRevocationList(CrlServer.SIGNATURE_ALGORITHM, this.crlServer.getRootCa(), CrlServer.INTERMEDIATE_CRL, false, this.crlServer.getRevokedIntermediateCerts()).getEncoded()).build();
            Intrinsics.checkExpressionValueIsNotNull(build, "Response.ok(crlServer.cr…       ).encoded).build()");
            return build;
        }

        @GET
        @Path(CrlServer.EMPTY_CRL)
        @NotNull
        @Produces({"application/pkcs7-crl"})
        public final Response getEmptyCRL() {
            Response build = Response.ok(this.crlServer.createRevocationList(CrlServer.SIGNATURE_ALGORITHM, this.crlServer.getRootCa(), CrlServer.EMPTY_CRL, true, CollectionsKt.emptyList()).getEncoded()).build();
            Intrinsics.checkExpressionValueIsNotNull(build, "Response.ok(crlServer.cr…       ).encoded).build()");
            return build;
        }

        public CrlServlet(@NotNull CrlServer crlServer) {
            Intrinsics.checkParameterIsNotNull(crlServer, "crlServer");
            this.crlServer = crlServer;
        }
    }

    @NotNull
    public final List<BigInteger> getRevokedNodeCerts() {
        return this.revokedNodeCerts;
    }

    @NotNull
    public final List<BigInteger> getRevokedIntermediateCerts() {
        return this.revokedIntermediateCerts;
    }

    @NotNull
    public final CertificateAndKeyPair getRootCa() {
        return this.rootCa;
    }

    @NotNull
    public final CertificateAndKeyPair getIntermediateCa() {
        CertificateAndKeyPair certificateAndKeyPair = this._intermediateCa;
        if (certificateAndKeyPair == null) {
            Intrinsics.throwUninitializedPropertyAccessException("_intermediateCa");
        }
        return certificateAndKeyPair;
    }

    @NotNull
    public final NetworkHostAndPort getHostAndPort() {
        ServerConnector[] connectors = this.server.getConnectors();
        Intrinsics.checkExpressionValueIsNotNull(connectors, "server.connectors");
        ArrayList arrayList = new ArrayList();
        for (ServerConnector serverConnector : connectors) {
            if (!(serverConnector instanceof ServerConnector)) {
                serverConnector = null;
            }
            ServerConnector serverConnector2 = serverConnector;
            if (serverConnector2 != null) {
                arrayList.add(serverConnector2);
            }
        }
        ArrayList<ServerConnector> arrayList2 = arrayList;
        ArrayList arrayList3 = new ArrayList(CollectionsKt.collectionSizeOrDefault(arrayList2, 10));
        for (ServerConnector serverConnector3 : arrayList2) {
            String host = serverConnector3.getHost();
            Intrinsics.checkExpressionValueIsNotNull(host, "it.host");
            arrayList3.add(new NetworkHostAndPort(host, serverConnector3.getLocalPort()));
        }
        return (NetworkHostAndPort) CollectionsKt.first(arrayList3);
    }

    public final void start() {
        this.server.start();
        this._intermediateCa = new CertificateAndKeyPair(Companion.withCrlDistPoint$default(Companion, InternalTestConstantsKt.getDEV_INTERMEDIATE_CA().getCertificate(), this.rootCa.getKeyPair(), "http://" + getHostAndPort() + "/crl/intermediate.crl", null, 4, null), InternalTestConstantsKt.getDEV_INTERMEDIATE_CA().getKeyPair());
        System.out.println((Object) ("Network management web services started on " + getHostAndPort()));
    }

    @NotNull
    public final X509Certificate replaceNodeCertDistPoint(@NotNull X509Certificate x509Certificate, @Nullable String str, @Nullable X500Principal x500Principal) {
        Intrinsics.checkParameterIsNotNull(x509Certificate, "nodeCaCert");
        return Companion.withCrlDistPoint(x509Certificate, getIntermediateCa().getKeyPair(), str, x500Principal);
    }

    @NotNull
    public static /* bridge */ /* synthetic */ X509Certificate replaceNodeCertDistPoint$default(CrlServer crlServer, X509Certificate x509Certificate, String str, X500Principal x500Principal, int i, Object obj) {
        if ((i & 2) != 0) {
            str = "http://" + crlServer.getHostAndPort() + "/crl/node.crl";
        }
        if ((i & 4) != 0) {
            x500Principal = (X500Principal) null;
        }
        return crlServer.replaceNodeCertDistPoint(x509Certificate, str, x500Principal);
    }

    @NotNull
    public final X509CRL createRevocationList(@NotNull String str, @NotNull CertificateAndKeyPair certificateAndKeyPair, @NotNull String str2, boolean z, @NotNull List<? extends BigInteger> list) {
        Intrinsics.checkParameterIsNotNull(str, "signatureAlgorithm");
        Intrinsics.checkParameterIsNotNull(certificateAndKeyPair, "ca");
        Intrinsics.checkParameterIsNotNull(str2, "endpoint");
        Intrinsics.checkParameterIsNotNull(list, "serialNumbers");
        System.out.println((Object) ("Generating CRL for " + str2));
        JcaX509v2CRLBuilder jcaX509v2CRLBuilder = new JcaX509v2CRLBuilder(certificateAndKeyPair.getCertificate().getSubjectX500Principal(), new Date(System.currentTimeMillis() - KotlinUtilsKt.getMinutes(1).toMillis()));
        jcaX509v2CRLBuilder.addExtension(Extension.authorityKeyIdentifier, false, new JcaX509ExtensionUtils().createAuthorityKeyIdentifier(certificateAndKeyPair.getCertificate()));
        jcaX509v2CRLBuilder.addExtension(Extension.issuingDistributionPoint, true, new IssuingDistributionPoint(new DistributionPointName(new GeneralNames(new GeneralName(6, "http://" + getHostAndPort() + "/crl/" + str2))), z, false));
        jcaX509v2CRLBuilder.setNextUpdate(new Date(System.currentTimeMillis() + KotlinUtilsKt.getSeconds(1).toMillis()));
        Iterator<T> it = list.iterator();
        while (it.hasNext()) {
            jcaX509v2CRLBuilder.addCRLEntry((BigInteger) it.next(), new Date(System.currentTimeMillis() - KotlinUtilsKt.getMinutes(10).toMillis()), 2);
        }
        X509CRL crl = new JcaX509CRLConverter().setProvider(Crypto.findProvider("BC")).getCRL(jcaX509v2CRLBuilder.build(new JcaContentSignerBuilder(str).setProvider(Crypto.findProvider("BC")).build(certificateAndKeyPair.getKeyPair().getPrivate())));
        Intrinsics.checkExpressionValueIsNotNull(crl, "JcaX509CRLConverter().se…RL(builder.build(signer))");
        return crl;
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() {
        System.out.println((Object) "Shutting down network management web services...");
        this.server.stop();
        this.server.join();
    }

    private final ServletContextHandler buildServletContextHandler() {
        ServletContextHandler servletContextHandler = new ServletContextHandler();
        servletContextHandler.setContextPath("/");
        ResourceConfig resourceConfig = new ResourceConfig();
        resourceConfig.register(new CrlServlet(this));
        ServletHolder servletHolder = new ServletHolder(new ServletContainer(resourceConfig));
        servletHolder.setInitOrder(0);
        servletContextHandler.addServlet(servletHolder, "/*");
        return servletContextHandler;
    }

    public CrlServer(@NotNull NetworkHostAndPort networkHostAndPort) {
        Intrinsics.checkParameterIsNotNull(networkHostAndPort, "hostAndPort");
        Server server = new Server(new InetSocketAddress(networkHostAndPort.getHost(), networkHostAndPort.getPort()));
        Handler handlerCollection = new HandlerCollection();
        handlerCollection.addHandler(buildServletContextHandler());
        server.setHandler(handlerCollection);
        this.server = server;
        this.revokedNodeCerts = new ArrayList();
        this.revokedIntermediateCerts = new ArrayList();
        this.rootCa = InternalTestConstantsKt.getDEV_ROOT_CA();
    }
}
