package net.corda.node.internal.subcommands;

import java.io.Console;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.security.KeyPair;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.StringsKt;
import net.corda.core.internal.PathUtilsKt;
import net.corda.node.internal.Node;
import net.corda.node.internal.RunAfterNodeInitialisation;
import net.corda.node.services.config.NodeConfiguration;
import net.corda.node.services.config.NodeConfigurationImpl;
import net.corda.node.utilities.CertificatesUtilsKt;
import org.jetbrains.annotations.NotNull;

/* compiled from: GenerateRpcSslCertsCli.kt */
@Metadata(mv = {NodeConfigurationImpl.Defaults.lazyBridgeStart, NodeConfigurationImpl.Defaults.lazyBridgeStart, 11}, bv = {NodeConfigurationImpl.Defaults.lazyBridgeStart, 0, 2}, k = NodeConfigurationImpl.Defaults.lazyBridgeStart, d1 = {"��\u001e\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\u0018��2\u00020\u0001B\u0005¢\u0006\u0002\u0010\u0002J\u0010\u0010\u0003\u001a\u00020\u00042\u0006\u0010\u0005\u001a\u00020\u0006H\u0002J\u0010\u0010\u0007\u001a\u00020\u00042\u0006\u0010\b\u001a\u00020\tH\u0016¨\u0006\b"}, d2 = {"Lnet/corda/node/internal/subcommands/GenerateRpcSslCerts;", "Lnet/corda/node/internal/RunAfterNodeInitialisation;", "()V", "generateRpcSslCertificates", "", "conf", "Lnet/corda/node/services/config/NodeConfiguration;", "run", "node", "Lnet/corda/node/internal/Node;"})
/* loaded from: input_file:net/corda/node/internal/subcommands/GenerateRpcSslCerts.class */
public final class GenerateRpcSslCerts implements RunAfterNodeInitialisation {
    @Override // net.corda.node.internal.RunAfterNodeInitialisation
    public void run(@NotNull Node node) {
        Intrinsics.checkParameterIsNotNull(node, "node");
        generateRpcSslCertificates(node.getConfiguration());
    }

    private final void generateRpcSslCertificates(NodeConfiguration nodeConfiguration) {
        char[] readPassword;
        Pair<KeyPair, X509Certificate> createKeyPairAndSelfSignedTLSCertificate = CertificatesUtilsKt.createKeyPairAndSelfSignedTLSCertificate(nodeConfiguration.getMyLegalName().getX500Principal());
        KeyPair keyPair = (KeyPair) createKeyPairAndSelfSignedTLSCertificate.component1();
        X509Certificate x509Certificate = (X509Certificate) createKeyPairAndSelfSignedTLSCertificate.component2();
        Path div = PathUtilsKt.div(PathUtilsKt.div(nodeConfiguration.getBaseDirectory(), "certificates"), "rpcsslkeystore.jks");
        Path div2 = PathUtilsKt.div(PathUtilsKt.div(PathUtilsKt.div(nodeConfiguration.getBaseDirectory(), "certificates"), "export"), "rpcssltruststore.jks");
        if (PathUtilsKt.exists(div, new LinkOption[0]) || PathUtilsKt.exists(div2, new LinkOption[0])) {
            System.out.println((Object) "Found existing RPC SSL keystores. Command was already run. Exiting.");
            System.exit(0);
            throw new RuntimeException("System.exit returned normally, while it was supposed to halt JVM.");
        }
        Console console = System.console();
        if (console == null) {
            System.out.println((Object) "Not connected to console. Exiting.");
            System.exit(1);
            throw new RuntimeException("System.exit returned normally, while it was supposed to halt JVM.");
        }
        while (true) {
            readPassword = console.readPassword("Enter the RPC keystore password:", new Object[0]);
            Intrinsics.checkExpressionValueIsNotNull(readPassword, "keystorePassword1");
            if (!(readPassword.length == 0)) {
                char[] readPassword2 = console.readPassword("Re-enter the RPC keystore password:", new Object[0]);
                Intrinsics.checkExpressionValueIsNotNull(readPassword2, "keystorePassword2");
                if (Arrays.equals(readPassword, readPassword2)) {
                    break;
                } else {
                    System.out.println((Object) "The RPC keystore passwords don't match.");
                }
            } else {
                System.out.println((Object) "The RPC keystore password cannot be an empty String.");
            }
        }
        CertificatesUtilsKt.saveToKeyStore(div, keyPair, x509Certificate, new String(readPassword), "rpcssl");
        System.out.println((Object) ("The RPC keystore was saved to: " + div + " ."));
        while (true) {
            char[] readPassword3 = console.readPassword("Enter the RPC truststore password:", new Object[0]);
            Intrinsics.checkExpressionValueIsNotNull(readPassword3, "trustStorePassword1");
            if (readPassword3.length == 0) {
                System.out.println((Object) "The RPC truststore password cannot be an empty string.");
            } else {
                char[] readPassword4 = console.readPassword("Re-enter the RPC truststore password:", new Object[0]);
                Intrinsics.checkExpressionValueIsNotNull(readPassword4, "trustStorePassword2");
                if (Arrays.equals(readPassword3, readPassword4)) {
                    CertificatesUtilsKt.saveToTrustStore(div2, x509Certificate, new String(readPassword3), "rpcssl");
                    System.out.println((Object) ("The RPC truststore was saved to: " + div2 + '.'));
                    System.out.println((Object) "You need to distribute this file along with the password in a secure way to all RPC clients.");
                    System.out.println((Object) StringsKt.trimMargin$default("\n                            |\n                            |The SSL certificates for RPC were generated successfully.\n                            |\n                            |Add this snippet to the \"rpcSettings\" section of your node.conf:\n                            |       useSsl=true\n                            |       ssl {\n                            |           keyStorePath=${baseDirectory}/certificates/rpcsslkeystore.jks\n                            |           keyStorePassword=the_above_password\n                            |       }\n                            |", (String) null, 1, (Object) null));
                    return;
                }
                System.out.println((Object) "The RPC truststore passwords don't match.");
            }
        }
    }
}
