package org.openziti.identity;

import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.net.URL;
import java.net.URLConnection;
import java.net.URLEncoder;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.security.spec.ECGenParameterSpec;
import java.util.Collection;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import kotlin.Metadata;
import kotlin.io.ByteStreamsKt;
import kotlin.jvm.JvmStatic;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;
import kotlinx.coroutines.BuildersKt;
import kotlinx.coroutines.Dispatchers;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemObjectGenerator;
import org.bouncycastle.util.io.pem.PemWriter;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.json.JSONArray;
import org.json.JSONObject;
import org.openziti.net.ZitiProtocol;
import org.openziti.util.CertsKt;
import org.openziti.util.Logged;
import org.openziti.util.PrivateKeySigner;
import org.openziti.util.ZitiLog;

/* compiled from: Enroller.kt */
@Metadata(mv = {1, 5, 1}, k = 1, xi = 48, d1 = {"��f\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n��\n\u0002\u0010\u001e\n\u0002\u0018\u0002\n\u0002\b\n\n\u0002\u0010\u0002\n��\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0003\n\u0002\b\u0003\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\t\u0018�� 02\u00020\u0001:\u000201B+\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\u0006\u0010\u0006\u001a\u00020\u0007\u0012\f\u0010\b\u001a\b\u0012\u0004\u0012\u00020\n0\t¢\u0006\u0002\u0010\u000bJ\u0011\u0010\u0014\u001a\u00020\u00152\u0006\u0010\u0016\u001a\u00020\u0007H\u0096\u0001J\u001b\u0010\u0014\u001a\u00020\u00152\u0010\u0010\u0016\u001a\f\u0012\u0004\u0012\u00020\u00070\u0017j\u0002`\u0018H\u0096\u0001J\u0011\u0010\u0019\u001a\u00020\u00152\u0006\u0010\u0016\u001a\u00020\u0007H\u0096\u0001J\u0019\u0010\u0019\u001a\u00020\u00152\u0006\u0010\u0016\u001a\u00020\u00072\u0006\u0010\u001a\u001a\u00020\u001bH\u0096\u0001J%\u0010\u0019\u001a\u00020\u00152\b\u0010\u001c\u001a\u0004\u0018\u00010\u001b2\u0010\u0010\u0016\u001a\f\u0012\u0004\u0012\u00020\u00070\u0017j\u0002`\u0018H\u0096\u0001J\u001b\u0010\u0019\u001a\u00020\u00152\u0010\u0010\u0016\u001a\f\u0012\u0004\u0012\u00020\u00070\u0017j\u0002`\u0018H\u0096\u0001J \u0010\u001d\u001a\u00020\u00072\b\u0010\u001e\u001a\u0004\u0018\u00010\u001f2\u0006\u0010 \u001a\u00020!2\u0006\u0010\"\u001a\u00020\u0007J(\u0010#\u001a\u00020$2\u0006\u0010%\u001a\u00020\u00072\u0006\u0010&\u001a\u00020'2\u0006\u0010 \u001a\u00020!2\u0006\u0010(\u001a\u00020)H\u0002J0\u0010*\u001a\u00020$2\u0006\u0010%\u001a\u00020\u00072\u0006\u0010&\u001a\u00020'2\u0006\u0010\u001e\u001a\u00020$2\u0006\u0010 \u001a\u00020!2\u0006\u0010(\u001a\u00020)H\u0002J\u0010\u0010+\u001a\u00020)2\b\u0010,\u001a\u0004\u0018\u00010\u001fJ\u0011\u0010-\u001a\u00020\u00152\u0006\u0010\u0016\u001a\u00020\u0007H\u0096\u0001J\u001b\u0010-\u001a\u00020\u00152\u0010\u0010\u0016\u001a\f\u0012\u0004\u0012\u00020\u00070\u0017j\u0002`\u0018H\u0096\u0001J\u0011\u0010\u001a\u001a\u00020\u00152\u0006\u0010\u0016\u001a\u00020\u0007H\u0096\u0001J\u001b\u0010\u001a\u001a\u00020\u00152\u0010\u0010\u0016\u001a\f\u0012\u0004\u0012\u00020\u00070\u0017j\u0002`\u0018H\u0096\u0001J\u0011\u0010.\u001a\u00020\u00152\u0006\u0010\u0016\u001a\u00020\u0007H\u0096\u0001J\u001b\u0010.\u001a\u00020\u00152\u0010\u0010\u0016\u001a\f\u0012\u0004\u0012\u00020\u00070\u0017j\u0002`\u0018H\u0096\u0001J\u0011\u0010/\u001a\u00020\u00152\u0006\u0010\u0016\u001a\u00020\u0007H\u0096\u0001J\u001b\u0010/\u001a\u00020\u00152\u0010\u0010\u0016\u001a\f\u0012\u0004\u0012\u00020\u00070\u0017j\u0002`\u0018H\u0096\u0001R\u0017\u0010\b\u001a\b\u0012\u0004\u0012\u00020\n0\t¢\u0006\b\n��\u001a\u0004\b\f\u0010\rR\u0011\u0010\u0002\u001a\u00020\u0003¢\u0006\b\n��\u001a\u0004\b\u000e\u0010\u000fR\u0011\u0010\u0004\u001a\u00020\u0005¢\u0006\b\n��\u001a\u0004\b\u0010\u0010\u0011R\u0011\u0010\u0006\u001a\u00020\u0007¢\u0006\b\n��\u001a\u0004\b\u0012\u0010\u0013¨\u00062"}, d2 = {"Lorg/openziti/identity/Enroller;", "Lorg/openziti/util/Logged;", "enrollmentURL", "Ljava/net/URL;", "method", "Lorg/openziti/identity/Enroller$Method;", "name", "", "caCerts", "", "Ljava/security/cert/X509Certificate;", "(Ljava/net/URL;Lorg/openziti/identity/Enroller$Method;Ljava/lang/String;Ljava/util/Collection;)V", "getCaCerts", "()Ljava/util/Collection;", "getEnrollmentURL", "()Ljava/net/URL;", "getMethod", "()Lorg/openziti/identity/Enroller$Method;", "getName", "()Ljava/lang/String;", "d", "", "msg", "Lkotlin/Function0;", "Lorg/openziti/util/LogMsg;", "e", "t", "", "ex", "enroll", "cert", "Ljava/security/KeyStore$Entry;", "keyStore", "Ljava/security/KeyStore;", "n", "enrollOtt", "Ljava/security/KeyStore$PrivateKeyEntry;", "alias", "conn", "Ljavax/net/ssl/HttpsURLConnection;", "ssl", "Ljavax/net/ssl/SSLContext;", "enrollOttca", "getSSLContext", "clientCert", "i", "v", "w", "Companion", "Method", "ziti"})
/* loaded from: input_file:org/openziti/identity/Enroller.class */
public final class Enroller implements Logged {

    @NotNull
    private final URL enrollmentURL;

    @NotNull
    private final Method method;

    @NotNull
    private final String name;

    @NotNull
    private final Collection<X509Certificate> caCerts;
    private final /* synthetic */ ZitiLog $$delegate_0;

    @NotNull
    public static final Companion Companion = new Companion(null);

    @NotNull
    private static final ECGenParameterSpec P256 = new ECGenParameterSpec("secp256r1");

    /* compiled from: Enroller.kt */
    @Metadata(mv = {1, 5, 1}, k = 1, xi = 48, d1 = {"��:\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\u0002\n��\n\u0002\u0010\u000e\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0003\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0005\b\u0086\u0003\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\u0011\u0010\u0007\u001a\u00020\b2\u0006\u0010\t\u001a\u00020\nH\u0096\u0001J\u001b\u0010\u0007\u001a\u00020\b2\u0010\u0010\t\u001a\f\u0012\u0004\u0012\u00020\n0\u000bj\u0002`\fH\u0096\u0001J\u0011\u0010\r\u001a\u00020\b2\u0006\u0010\t\u001a\u00020\nH\u0096\u0001J\u0019\u0010\r\u001a\u00020\b2\u0006\u0010\t\u001a\u00020\n2\u0006\u0010\u000e\u001a\u00020\u000fH\u0096\u0001J%\u0010\r\u001a\u00020\b2\b\u0010\u0010\u001a\u0004\u0018\u00010\u000f2\u0010\u0010\t\u001a\f\u0012\u0004\u0012\u00020\n0\u000bj\u0002`\fH\u0096\u0001J\u001b\u0010\r\u001a\u00020\b2\u0010\u0010\t\u001a\f\u0012\u0004\u0012\u00020\n0\u000bj\u0002`\fH\u0096\u0001J\u0010\u0010\u0011\u001a\u00020\u00122\u0006\u0010\u0013\u001a\u00020\nH\u0007J\u0011\u0010\u0014\u001a\u00020\b2\u0006\u0010\t\u001a\u00020\nH\u0096\u0001J\u001b\u0010\u0014\u001a\u00020\b2\u0010\u0010\t\u001a\f\u0012\u0004\u0012\u00020\n0\u000bj\u0002`\fH\u0096\u0001J\u0011\u0010\u000e\u001a\u00020\b2\u0006\u0010\t\u001a\u00020\nH\u0096\u0001J\u001b\u0010\u000e\u001a\u00020\b2\u0010\u0010\t\u001a\f\u0012\u0004\u0012\u00020\n0\u000bj\u0002`\fH\u0096\u0001J\u0011\u0010\u0015\u001a\u00020\b2\u0006\u0010\t\u001a\u00020\nH\u0096\u0001J\u001b\u0010\u0015\u001a\u00020\b2\u0010\u0010\t\u001a\f\u0012\u0004\u0012\u00020\n0\u000bj\u0002`\fH\u0096\u0001J\u0011\u0010\u0016\u001a\u00020\b2\u0006\u0010\t\u001a\u00020\nH\u0096\u0001J\u001b\u0010\u0016\u001a\u00020\b2\u0010\u0010\t\u001a\f\u0012\u0004\u0012\u00020\n0\u000bj\u0002`\fH\u0096\u0001R\u0011\u0010\u0003\u001a\u00020\u0004¢\u0006\b\n��\u001a\u0004\b\u0005\u0010\u0006¨\u0006\u0017"}, d2 = {"Lorg/openziti/identity/Enroller$Companion;", "Lorg/openziti/util/Logged;", "()V", "P256", "Ljava/security/spec/ECGenParameterSpec;", "getP256", "()Ljava/security/spec/ECGenParameterSpec;", "d", "", "msg", "", "Lkotlin/Function0;", "Lorg/openziti/util/LogMsg;", "e", "t", "", "ex", "fromJWT", "Lorg/openziti/identity/Enroller;", "jwt", "i", "v", "w", "ziti"})
    /* loaded from: input_file:org/openziti/identity/Enroller$Companion.class */
    public static final class Companion implements Logged {
        private final /* synthetic */ ZitiLog $$delegate_0;

        private Companion() {
            this.$$delegate_0 = new ZitiLog("ziti-enroller", null, 2, null);
        }

        @Override // org.openziti.util.Logged
        public void d(@NotNull String str) {
            Intrinsics.checkNotNullParameter(str, "msg");
            this.$$delegate_0.d(str);
        }

        @Override // org.openziti.util.Logged
        public void d(@NotNull Function0<String> function0) {
            Intrinsics.checkNotNullParameter(function0, "msg");
            this.$$delegate_0.d(function0);
        }

        @Override // org.openziti.util.Logged
        public void e(@Nullable Throwable th, @NotNull Function0<String> function0) {
            Intrinsics.checkNotNullParameter(function0, "msg");
            this.$$delegate_0.e(th, function0);
        }

        @Override // org.openziti.util.Logged
        public void e(@NotNull String str) {
            Intrinsics.checkNotNullParameter(str, "msg");
            this.$$delegate_0.e(str);
        }

        @Override // org.openziti.util.Logged
        public void e(@NotNull String str, @NotNull Throwable th) {
            Intrinsics.checkNotNullParameter(str, "msg");
            Intrinsics.checkNotNullParameter(th, "t");
            this.$$delegate_0.e(str, th);
        }

        @Override // org.openziti.util.Logged
        public void e(@NotNull Function0<String> function0) {
            Intrinsics.checkNotNullParameter(function0, "msg");
            this.$$delegate_0.e(function0);
        }

        @Override // org.openziti.util.Logged
        public void i(@NotNull String str) {
            Intrinsics.checkNotNullParameter(str, "msg");
            this.$$delegate_0.i(str);
        }

        @Override // org.openziti.util.Logged
        public void i(@NotNull Function0<String> function0) {
            Intrinsics.checkNotNullParameter(function0, "msg");
            this.$$delegate_0.i(function0);
        }

        @Override // org.openziti.util.Logged
        public void t(@NotNull String str) {
            Intrinsics.checkNotNullParameter(str, "msg");
            this.$$delegate_0.t(str);
        }

        @Override // org.openziti.util.Logged
        public void t(@NotNull Function0<String> function0) {
            Intrinsics.checkNotNullParameter(function0, "msg");
            this.$$delegate_0.t(function0);
        }

        @Override // org.openziti.util.Logged
        public void v(@NotNull String str) {
            Intrinsics.checkNotNullParameter(str, "msg");
            this.$$delegate_0.v(str);
        }

        @Override // org.openziti.util.Logged
        public void v(@NotNull Function0<String> function0) {
            Intrinsics.checkNotNullParameter(function0, "msg");
            this.$$delegate_0.v(function0);
        }

        @Override // org.openziti.util.Logged
        public void w(@NotNull String str) {
            Intrinsics.checkNotNullParameter(str, "msg");
            this.$$delegate_0.w(str);
        }

        @Override // org.openziti.util.Logged
        public void w(@NotNull Function0<String> function0) {
            Intrinsics.checkNotNullParameter(function0, "msg");
            this.$$delegate_0.w(function0);
        }

        @NotNull
        public final ECGenParameterSpec getP256() {
            return Enroller.P256;
        }

        @JvmStatic
        @NotNull
        public final Enroller fromJWT(@NotNull String str) {
            Intrinsics.checkNotNullParameter(str, "jwt");
            return (Enroller) BuildersKt.runBlocking(Dispatchers.getIO(), new Enroller$Companion$fromJWT$1(str, null));
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    /* compiled from: Enroller.kt */
    @Metadata(mv = {1, 5, 1}, k = 1, xi = 48, d1 = {"��\f\n\u0002\u0018\u0002\n\u0002\u0010\u0010\n\u0002\b\u0005\b\u0086\u0001\u0018��2\b\u0012\u0004\u0012\u00020��0\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002j\u0002\b\u0003j\u0002\b\u0004j\u0002\b\u0005¨\u0006\u0006"}, d2 = {"Lorg/openziti/identity/Enroller$Method;", "", "(Ljava/lang/String;I)V", "ott", "ottca", "ca", "ziti"})
    /* loaded from: input_file:org/openziti/identity/Enroller$Method.class */
    public enum Method {
        ott,
        ottca,
        ca
    }

    /* compiled from: Enroller.kt */
    @Metadata(mv = {1, 5, 1}, k = ZitiProtocol.Header.HelloListener, xi = 48)
    /* loaded from: input_file:org/openziti/identity/Enroller$WhenMappings.class */
    public /* synthetic */ class WhenMappings {
        public static final /* synthetic */ int[] $EnumSwitchMapping$0;

        static {
            int[] iArr = new int[Method.values().length];
            iArr[Method.ott.ordinal()] = 1;
            iArr[Method.ottca.ordinal()] = 2;
            $EnumSwitchMapping$0 = iArr;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public Enroller(@NotNull URL url, @NotNull Method method, @NotNull String str, @NotNull Collection<? extends X509Certificate> collection) {
        Intrinsics.checkNotNullParameter(url, "enrollmentURL");
        Intrinsics.checkNotNullParameter(method, "method");
        Intrinsics.checkNotNullParameter(str, "name");
        Intrinsics.checkNotNullParameter(collection, "caCerts");
        this.enrollmentURL = url;
        this.method = method;
        this.name = str;
        this.caCerts = collection;
        this.$$delegate_0 = new ZitiLog("ziti-enroler", null, 2, null);
    }

    @NotNull
    public final URL getEnrollmentURL() {
        return this.enrollmentURL;
    }

    @NotNull
    public final Method getMethod() {
        return this.method;
    }

    @NotNull
    public final String getName() {
        return this.name;
    }

    @NotNull
    public final Collection<X509Certificate> getCaCerts() {
        return this.caCerts;
    }

    @Override // org.openziti.util.Logged
    public void d(@NotNull String str) {
        Intrinsics.checkNotNullParameter(str, "msg");
        this.$$delegate_0.d(str);
    }

    @Override // org.openziti.util.Logged
    public void d(@NotNull Function0<String> function0) {
        Intrinsics.checkNotNullParameter(function0, "msg");
        this.$$delegate_0.d(function0);
    }

    @Override // org.openziti.util.Logged
    public void e(@Nullable Throwable th, @NotNull Function0<String> function0) {
        Intrinsics.checkNotNullParameter(function0, "msg");
        this.$$delegate_0.e(th, function0);
    }

    @Override // org.openziti.util.Logged
    public void e(@NotNull String str) {
        Intrinsics.checkNotNullParameter(str, "msg");
        this.$$delegate_0.e(str);
    }

    @Override // org.openziti.util.Logged
    public void e(@NotNull String str, @NotNull Throwable th) {
        Intrinsics.checkNotNullParameter(str, "msg");
        Intrinsics.checkNotNullParameter(th, "t");
        this.$$delegate_0.e(str, th);
    }

    @Override // org.openziti.util.Logged
    public void e(@NotNull Function0<String> function0) {
        Intrinsics.checkNotNullParameter(function0, "msg");
        this.$$delegate_0.e(function0);
    }

    @Override // org.openziti.util.Logged
    public void i(@NotNull String str) {
        Intrinsics.checkNotNullParameter(str, "msg");
        this.$$delegate_0.i(str);
    }

    @Override // org.openziti.util.Logged
    public void i(@NotNull Function0<String> function0) {
        Intrinsics.checkNotNullParameter(function0, "msg");
        this.$$delegate_0.i(function0);
    }

    @Override // org.openziti.util.Logged
    public void t(@NotNull String str) {
        Intrinsics.checkNotNullParameter(str, "msg");
        this.$$delegate_0.t(str);
    }

    @Override // org.openziti.util.Logged
    public void t(@NotNull Function0<String> function0) {
        Intrinsics.checkNotNullParameter(function0, "msg");
        this.$$delegate_0.t(function0);
    }

    @Override // org.openziti.util.Logged
    public void v(@NotNull String str) {
        Intrinsics.checkNotNullParameter(str, "msg");
        this.$$delegate_0.v(str);
    }

    @Override // org.openziti.util.Logged
    public void v(@NotNull Function0<String> function0) {
        Intrinsics.checkNotNullParameter(function0, "msg");
        this.$$delegate_0.v(function0);
    }

    @Override // org.openziti.util.Logged
    public void w(@NotNull String str) {
        Intrinsics.checkNotNullParameter(str, "msg");
        this.$$delegate_0.w(str);
    }

    @Override // org.openziti.util.Logged
    public void w(@NotNull Function0<String> function0) {
        Intrinsics.checkNotNullParameter(function0, "msg");
        this.$$delegate_0.w(function0);
    }

    @NotNull
    public final String enroll(@Nullable KeyStore.Entry entry, @NotNull KeyStore keyStore, @NotNull String str) {
        KeyStore.PrivateKeyEntry enrollOttca;
        Intrinsics.checkNotNullParameter(keyStore, "keyStore");
        Intrinsics.checkNotNullParameter(str, "n");
        URLConnection openConnection = this.enrollmentURL.openConnection();
        if (openConnection == null) {
            throw new NullPointerException("null cannot be cast to non-null type javax.net.ssl.HttpsURLConnection");
        }
        HttpsURLConnection httpsURLConnection = (HttpsURLConnection) openConnection;
        SSLContext sSLContext = getSSLContext(entry);
        switch (WhenMappings.$EnumSwitchMapping$0[this.method.ordinal()]) {
            case 1:
                enrollOttca = enrollOtt(str, httpsURLConnection, keyStore, sSLContext);
                break;
            case ZitiProtocol.Header.ResultSuccess /* 2 */:
                if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
                    throw new Exception("client certificate is required for ottca enrollment");
                }
                enrollOttca = enrollOttca(str, httpsURLConnection, (KeyStore.PrivateKeyEntry) entry, keyStore, sSLContext);
                break;
            default:
                throw new UnsupportedOperationException("method " + this.method + " is not supported");
        }
        KeyStore.PrivateKeyEntry privateKeyEntry = enrollOttca;
        String str2 = "ziti://" + ((Object) this.enrollmentURL.getHost()) + ':' + this.enrollmentURL.getPort() + '/' + ((Object) URLEncoder.encode(this.name, Charsets.UTF_8.name()));
        keyStore.setEntry(str2, privateKeyEntry, Intrinsics.areEqual(keyStore.getType(), "PKCS12") ? new KeyStore.PasswordProtection(new char[0]) : null);
        for (X509Certificate x509Certificate : this.caCerts) {
            keyStore.setCertificateEntry("ziti:" + this.name + '/' + x509Certificate.getSerialNumber(), x509Certificate);
        }
        return str2;
    }

    private final KeyStore.PrivateKeyEntry enrollOttca(String str, HttpsURLConnection httpsURLConnection, KeyStore.PrivateKeyEntry privateKeyEntry, KeyStore keyStore, SSLContext sSLContext) {
        httpsURLConnection.setDoInput(true);
        httpsURLConnection.setDoOutput(true);
        httpsURLConnection.setRequestProperty("Content-Type", "text/plain");
        httpsURLConnection.setRequestProperty("Content-Length", "0");
        httpsURLConnection.setSSLSocketFactory(sSLContext.getSocketFactory());
        httpsURLConnection.getOutputStream().write(new byte[0]);
        httpsURLConnection.getOutputStream().flush();
        if (httpsURLConnection.getResponseCode() < 400) {
            return privateKeyEntry;
        }
        InputStream errorStream = httpsURLConnection.getErrorStream();
        Intrinsics.checkNotNullExpressionValue(errorStream, "conn.errorStream");
        Object obj = new JSONObject(new String(ByteStreamsKt.readBytes(errorStream), Charsets.UTF_8)).get("errors");
        if (obj == null) {
            throw new NullPointerException("null cannot be cast to non-null type org.json.JSONArray");
        }
        Object obj2 = ((JSONArray) obj).get(0);
        if (obj2 == null) {
            throw new NullPointerException("null cannot be cast to non-null type org.json.JSONObject");
        }
        Object obj3 = ((JSONObject) obj2).get("msg");
        throw new IllegalArgumentException(obj3 == null ? null : obj3.toString());
    }

    private final KeyStore.PrivateKeyEntry enrollOtt(String str, HttpsURLConnection httpsURLConnection, KeyStore keyStore, SSLContext sSLContext) {
        X509Certificate[] x509CertificateArr;
        X500Name x500Name = new X500Name(Intrinsics.stringPlus("CN=", this.name));
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
        keyPairGenerator.initialize(P256);
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        JcaPKCS10CertificationRequestBuilder jcaPKCS10CertificationRequestBuilder = new JcaPKCS10CertificationRequestBuilder(x500Name, generateKeyPair.getPublic());
        PrivateKey privateKey = generateKeyPair.getPrivate();
        Intrinsics.checkNotNullExpressionValue(privateKey, "kp.private");
        PemObjectGenerator pemObject = new PemObject("CERTIFICATE REQUEST", jcaPKCS10CertificationRequestBuilder.build(new PrivateKeySigner(privateKey, "SHA256withECDSA")).getEncoded());
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        PemWriter pemWriter = new PemWriter(new OutputStreamWriter(byteArrayOutputStream));
        pemWriter.writeObject(pemObject);
        pemWriter.flush();
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        httpsURLConnection.setSSLSocketFactory(sSLContext.getSocketFactory());
        httpsURLConnection.setDoInput(true);
        httpsURLConnection.setDoOutput(true);
        httpsURLConnection.setRequestProperty("Accept", "application/json");
        httpsURLConnection.setRequestProperty("Content-Type", "text/plain");
        httpsURLConnection.setRequestProperty("Content-Length", String.valueOf(byteArray.length));
        httpsURLConnection.getOutputStream().write(byteArray);
        httpsURLConnection.getOutputStream().flush();
        if (httpsURLConnection.getResponseCode() >= 400) {
            InputStream errorStream = httpsURLConnection.getErrorStream();
            Intrinsics.checkNotNullExpressionValue(errorStream, "conn.errorStream");
            Object obj = new JSONObject(new String(ByteStreamsKt.readBytes(errorStream), Charsets.UTF_8)).getJSONObject("error").get("message");
            throw new IllegalArgumentException(obj == null ? null : obj.toString());
        }
        String headerField = httpsURLConnection.getHeaderField("Content-Type");
        Intrinsics.checkNotNullExpressionValue(headerField, "conn.getHeaderField(\"Content-Type\")");
        String lowerCase = headerField.toLowerCase();
        Intrinsics.checkNotNullExpressionValue(lowerCase, "(this as java.lang.String).toLowerCase()");
        if (Intrinsics.areEqual(lowerCase, "application/x-pem-file")) {
            InputStream inputStream = httpsURLConnection.getInputStream();
            Intrinsics.checkNotNullExpressionValue(inputStream, "conn.inputStream");
            Object[] array = CertsKt.readCerts(new InputStreamReader(inputStream, Charsets.UTF_8)).toArray(new X509Certificate[0]);
            if (array == null) {
                throw new NullPointerException("null cannot be cast to non-null type kotlin.Array<T>");
            }
            x509CertificateArr = (X509Certificate[]) array;
        } else {
            if (!Intrinsics.areEqual(lowerCase, "application/json")) {
                throw new IllegalStateException(Intrinsics.stringPlus("Invalid content-type: ", lowerCase).toString());
            }
            InputStream inputStream2 = httpsURLConnection.getInputStream();
            Intrinsics.checkNotNullExpressionValue(inputStream2, "conn.inputStream");
            String string = new JSONObject(new String(ByteStreamsKt.readBytes(inputStream2), Charsets.UTF_8)).getJSONObject("data").getString("cert");
            Intrinsics.checkNotNullExpressionValue(string, "data.getString(\"cert\")");
            Object[] array2 = CertsKt.readCerts(string).toArray(new X509Certificate[0]);
            if (array2 == null) {
                throw new NullPointerException("null cannot be cast to non-null type kotlin.Array<T>");
            }
            x509CertificateArr = (X509Certificate[]) array2;
        }
        return new KeyStore.PrivateKeyEntry(generateKeyPair.getPrivate(), x509CertificateArr);
    }

    @NotNull
    public final SSLContext getSSLContext(@Nullable KeyStore.Entry entry) {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null);
        if (entry != null) {
            keyStore.setEntry("client-cert", entry, null);
        }
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, new char[0]);
        TrustManager[] trustManagerArr = null;
        if (!this.caCerts.isEmpty()) {
            for (X509Certificate x509Certificate : this.caCerts) {
                keyStore.setCertificateEntry(Intrinsics.stringPlus("ca-", x509Certificate.getSerialNumber()), x509Certificate);
            }
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            trustManagerArr = trustManagerFactory.getTrustManagers();
        }
        SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
        sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerArr, new SecureRandom());
        Intrinsics.checkNotNullExpressionValue(sSLContext, "sc");
        return sSLContext;
    }

    @JvmStatic
    @NotNull
    public static final Enroller fromJWT(@NotNull String str) {
        return Companion.fromJWT(str);
    }
}
