package net.corda.node.utilities.registration;

import java.io.Closeable;
import java.io.StringWriter;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.attribute.FileAttribute;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.time.Duration;
import java.util.stream.Stream;
import kotlin.AutoCloseableKt;
import kotlin.Metadata;
import kotlin.TypeCastException;
import kotlin.Unit;
import kotlin.collections.ArraysKt;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import net.corda.core.Utils;
import net.corda.core.crypto.X509Utilities;
import net.corda.node.services.config.NodeConfiguration;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.util.io.pem.PemObject;
import org.jetbrains.annotations.NotNull;

/* compiled from: NetworkRegistrationHelper.kt */
@Metadata(mv = {1, 1, 5}, bv = {1, 0, 1}, k = 1, d1 = {"��@\n\u0002\u0018\u0002\n\u0002\u0010��\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0006\n\u0002\u0010\u000e\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\u0002\n��\n\u0002\u0010\u0011\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0002\u0018�� \u001a2\u00020\u0001:\u0001\u001aB\u0015\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005¢\u0006\u0002\u0010\u0006J\u0006\u0010\u0010\u001a\u00020\u0011J\u001b\u0010\u0012\u001a\b\u0012\u0004\u0012\u00020\u00140\u00132\u0006\u0010\u0015\u001a\u00020\fH\u0002¢\u0006\u0002\u0010\u0016J\u0010\u0010\u0017\u001a\u00020\f2\u0006\u0010\u0018\u001a\u00020\u0019H\u0002R\u0011\u0010\u0004\u001a\u00020\u0005¢\u0006\b\n��\u001a\u0004\b\u0007\u0010\bR\u0011\u0010\u0002\u001a\u00020\u0003¢\u0006\b\n��\u001a\u0004\b\t\u0010\nR\u000e\u0010\u000b\u001a\u00020\fX\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\r\u001a\u00020\fX\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u000e\u001a\u00020\u000fX\u0082\u0004¢\u0006\u0002\n��¨\u0006\u001b"}, d2 = {"Lnet/corda/node/utilities/registration/NetworkRegistrationHelper;", "", "config", "Lnet/corda/node/services/config/NodeConfiguration;", "certService", "Lnet/corda/node/utilities/registration/NetworkRegistrationService;", "(Lnet/corda/node/services/config/NodeConfiguration;Lnet/corda/node/utilities/registration/NetworkRegistrationService;)V", "getCertService", "()Lnet/corda/node/utilities/registration/NetworkRegistrationService;", "getConfig", "()Lnet/corda/node/services/config/NodeConfiguration;", "keystorePassword", "", "privateKeyPassword", "requestIdStore", "Ljava/nio/file/Path;", "buildKeystore", "", "pollServerForCertificates", "", "Ljava/security/cert/Certificate;", "requestId", "(Ljava/lang/String;)[Ljava/security/cert/Certificate;", "submitOrResumeCertificateSigningRequest", "keyPair", "Ljava/security/KeyPair;", "Companion", "node_main"})
/* loaded from: input_file:net/corda/node/utilities/registration/NetworkRegistrationHelper.class */
public final class NetworkRegistrationHelper {
    private final Path requestIdStore;
    private final String keystorePassword;
    private final String privateKeyPassword;

    @NotNull
    private final NodeConfiguration config;

    @NotNull
    private final NetworkRegistrationService certService;
    public static final Companion Companion = new Companion(null);

    @NotNull
    private static final Duration pollInterval = Utils.getSeconds(10);

    @NotNull
    private static final String SELF_SIGNED_PRIVATE_KEY = SELF_SIGNED_PRIVATE_KEY;

    @NotNull
    private static final String SELF_SIGNED_PRIVATE_KEY = SELF_SIGNED_PRIVATE_KEY;

    /* compiled from: NetworkRegistrationHelper.kt */
    @Metadata(mv = {1, 1, 5}, bv = {1, 0, 1}, k = 1, d1 = {"��\u001c\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0003\b\u0086\u0003\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002R\u0014\u0010\u0003\u001a\u00020\u0004X\u0086D¢\u0006\b\n��\u001a\u0004\b\u0005\u0010\u0006R\u0011\u0010\u0007\u001a\u00020\b¢\u0006\b\n��\u001a\u0004\b\t\u0010\n¨\u0006\u000b"}, d2 = {"Lnet/corda/node/utilities/registration/NetworkRegistrationHelper$Companion;", "", "()V", "SELF_SIGNED_PRIVATE_KEY", "", "getSELF_SIGNED_PRIVATE_KEY", "()Ljava/lang/String;", "pollInterval", "Ljava/time/Duration;", "getPollInterval", "()Ljava/time/Duration;", "node_main"})
    /* loaded from: input_file:net/corda/node/utilities/registration/NetworkRegistrationHelper$Companion.class */
    public static final class Companion {
        @NotNull
        public final Duration getPollInterval() {
            return NetworkRegistrationHelper.pollInterval;
        }

        @NotNull
        public final String getSELF_SIGNED_PRIVATE_KEY() {
            return NetworkRegistrationHelper.SELF_SIGNED_PRIVATE_KEY;
        }

        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    public final void buildKeystore() {
        Utils.createDirectories(this.config.getCertificatesDirectory(), new FileAttribute[0]);
        KeyStore loadOrCreateKeyStore = X509Utilities.INSTANCE.loadOrCreateKeyStore(this.config.getKeyStoreFile(), this.keystorePassword);
        X509Utilities x509Utilities = X509Utilities.INSTANCE;
        X509Utilities x509Utilities2 = X509Utilities.INSTANCE;
        if (loadOrCreateKeyStore.containsAlias(x509Utilities.getCORDA_CLIENT_CA())) {
            System.out.println((Object) "Certificate already exists, Corda node will now terminate...");
            return;
        }
        if (!loadOrCreateKeyStore.containsAlias(Companion.getSELF_SIGNED_PRIVATE_KEY())) {
            X509Utilities.CACertAndKey createSelfSignedCACert = X509Utilities.INSTANCE.createSelfSignedCACert(this.config.getMyLegalName());
            X509Utilities x509Utilities3 = X509Utilities.INSTANCE;
            String self_signed_private_key = Companion.getSELF_SIGNED_PRIVATE_KEY();
            PrivateKey privateKey = createSelfSignedCACert.getKeyPair().getPrivate();
            Intrinsics.checkExpressionValueIsNotNull(privateKey, "selfSignCert.keyPair.private");
            PrivateKey privateKey2 = privateKey;
            String str = this.privateKeyPassword;
            if (str == null) {
                throw new TypeCastException("null cannot be cast to non-null type java.lang.String");
            }
            char[] charArray = str.toCharArray();
            Intrinsics.checkExpressionValueIsNotNull(charArray, "(this as java.lang.String).toCharArray()");
            x509Utilities3.addOrReplaceKey(loadOrCreateKeyStore, self_signed_private_key, privateKey2, charArray, new Certificate[]{createSelfSignedCACert.getCertificate()});
            X509Utilities.INSTANCE.saveKeyStore(loadOrCreateKeyStore, this.config.getKeyStoreFile(), this.keystorePassword);
        }
        KeyPair loadKeyPairFromKeyStore = X509Utilities.INSTANCE.loadKeyPairFromKeyStore(this.config.getKeyStoreFile(), this.keystorePassword, this.privateKeyPassword, Companion.getSELF_SIGNED_PRIVATE_KEY());
        try {
            Certificate[] pollServerForCertificates = pollServerForCertificates(submitOrResumeCertificateSigningRequest(loadKeyPairFromKeyStore));
            System.out.println((Object) "Certificate signing request approved, storing private key with the certificate chain.");
            X509Utilities x509Utilities4 = X509Utilities.INSTANCE;
            X509Utilities x509Utilities5 = X509Utilities.INSTANCE;
            X509Utilities x509Utilities6 = X509Utilities.INSTANCE;
            String corda_client_ca = x509Utilities5.getCORDA_CLIENT_CA();
            PrivateKey privateKey3 = loadKeyPairFromKeyStore.getPrivate();
            Intrinsics.checkExpressionValueIsNotNull(privateKey3, "keyPair.private");
            PrivateKey privateKey4 = privateKey3;
            String str2 = this.privateKeyPassword;
            if (str2 == null) {
                throw new TypeCastException("null cannot be cast to non-null type java.lang.String");
            }
            char[] charArray2 = str2.toCharArray();
            Intrinsics.checkExpressionValueIsNotNull(charArray2, "(this as java.lang.String).toCharArray()");
            x509Utilities4.addOrReplaceKey(loadOrCreateKeyStore, corda_client_ca, privateKey4, charArray2, pollServerForCertificates);
            loadOrCreateKeyStore.deleteEntry(Companion.getSELF_SIGNED_PRIVATE_KEY());
            X509Utilities.INSTANCE.saveKeyStore(loadOrCreateKeyStore, this.config.getKeyStoreFile(), this.keystorePassword);
            KeyStore loadOrCreateKeyStore2 = X509Utilities.INSTANCE.loadOrCreateKeyStore(this.config.getTrustStoreFile(), this.config.getTrustStorePassword());
            X509Utilities x509Utilities7 = X509Utilities.INSTANCE;
            X509Utilities x509Utilities8 = X509Utilities.INSTANCE;
            X509Utilities x509Utilities9 = X509Utilities.INSTANCE;
            x509Utilities7.addOrReplaceCertificate(loadOrCreateKeyStore2, x509Utilities8.getCORDA_ROOT_CA(), (Certificate) ArraysKt.last(pollServerForCertificates));
            X509Utilities.INSTANCE.saveKeyStore(loadOrCreateKeyStore2, this.config.getTrustStoreFile(), this.config.getTrustStorePassword());
            System.out.println((Object) ("Certificate and private key stored in " + this.config.getKeyStoreFile() + "."));
            Utils.deleteIfExists(this.requestIdStore);
        } catch (CertificateRequestException e) {
            System.err.println(e.getMessage());
            System.out.println((Object) "Please make sure the details in configuration file are correct and try again.");
            System.out.println((Object) "Corda node will now terminate.");
            Utils.deleteIfExists(this.requestIdStore);
            System.exit(1);
            throw new RuntimeException("System.exit returned normally, while it was supposed to halt JVM.");
        }
    }

    private final Certificate[] pollServerForCertificates(String str) {
        System.out.println((Object) "Start polling server for certificate signing approval.");
        Certificate[] retrieveCertificates = this.certService.retrieveCertificates(str);
        while (true) {
            Certificate[] certificateArr = retrieveCertificates;
            if (certificateArr != null) {
                return certificateArr;
            }
            Thread.sleep(Companion.getPollInterval().toMillis());
            retrieveCertificates = this.certService.retrieveCertificates(str);
        }
    }

    private final String submitOrResumeCertificateSigningRequest(KeyPair keyPair) {
        if (Utils.exists(this.requestIdStore, new LinkOption[0])) {
            Path path = this.requestIdStore;
            Charset charset = null;
            if (true & true) {
                Charset charset2 = StandardCharsets.UTF_8;
                Intrinsics.checkExpressionValueIsNotNull(charset2, "UTF_8");
                charset = charset2;
            }
            Stream<String> lines = Files.lines(path, charset);
            Throwable th = (Throwable) null;
            try {
                String str = lines.findFirst().get();
                AutoCloseableKt.closeFinally(lines, th);
                String str2 = str;
                System.out.println((Object) ("Resuming from previous certificate signing request, request ID: " + str2 + "."));
                Intrinsics.checkExpressionValueIsNotNull(str2, "requestId");
                return str2;
            } catch (Throwable th2) {
                AutoCloseableKt.closeFinally(lines, th);
                throw th2;
            }
        }
        PKCS10CertificationRequest createCertificateSigningRequest = X509Utilities.INSTANCE.createCertificateSigningRequest(this.config.getMyLegalName(), this.config.getNearestCity(), this.config.getEmailAddress(), keyPair);
        StringWriter stringWriter = new StringWriter();
        JcaPEMWriter jcaPEMWriter = (Closeable) new JcaPEMWriter(stringWriter);
        boolean z = false;
        try {
            try {
                jcaPEMWriter.writeObject(new PemObject("CERTIFICATE REQUEST", createCertificateSigningRequest.getEncoded()));
                Unit unit = Unit.INSTANCE;
                if (0 == 0) {
                    jcaPEMWriter.close();
                }
                System.out.println((Object) "Certificate signing request with the following information will be submitted to the Corda certificate signing server.");
                System.out.println();
                System.out.println((Object) ("Legal Name: " + this.config.getMyLegalName()));
                System.out.println((Object) ("Nearest City: " + this.config.getNearestCity()));
                System.out.println((Object) ("Email: " + this.config.getEmailAddress()));
                System.out.println();
                System.out.println((Object) ("Public Key: " + keyPair.getPublic()));
                System.out.println();
                System.out.println((Object) String.valueOf(stringWriter));
                System.out.println((Object) "Submitting certificate signing request to Corda certificate signing server.");
                String submitRequest = this.certService.submitRequest(createCertificateSigningRequest);
                Utils.writeLines$default(this.requestIdStore, CollectionsKt.listOf(submitRequest), (Charset) null, new OpenOption[0], 2, (Object) null);
                System.out.println((Object) ("Successfully submitted request to Corda certificate signing server, request ID: " + submitRequest + "."));
                return submitRequest;
            } catch (Exception e) {
                z = true;
                try {
                    jcaPEMWriter.close();
                } catch (Exception e2) {
                }
                throw e;
            }
        } catch (Throwable th3) {
            if (!z) {
                jcaPEMWriter.close();
            }
            throw th3;
        }
    }

    @NotNull
    public final NodeConfiguration getConfig() {
        return this.config;
    }

    @NotNull
    public final NetworkRegistrationService getCertService() {
        return this.certService;
    }

    public NetworkRegistrationHelper(@NotNull NodeConfiguration nodeConfiguration, @NotNull NetworkRegistrationService networkRegistrationService) {
        Intrinsics.checkParameterIsNotNull(nodeConfiguration, "config");
        Intrinsics.checkParameterIsNotNull(networkRegistrationService, "certService");
        this.config = nodeConfiguration;
        this.certService = networkRegistrationService;
        this.requestIdStore = Utils.div(this.config.getCertificatesDirectory(), "certificate-request-id.txt");
        this.keystorePassword = this.config.getKeyStorePassword();
        this.privateKeyPassword = this.config.getKeyStorePassword();
    }
}
