package org.hyperledger.fabric_ca.sdk;

import com.google.protobuf.InvalidProtocolBufferException;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.io.PrintWriter;
import java.io.StringReader;
import java.io.StringWriter;
import java.net.MalformedURLException;
import java.net.Socket;
import java.net.URISyntaxException;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.KeyFactory;
import java.security.KeyManagementException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Collection;
import java.util.Date;
import java.util.Iterator;
import java.util.Map;
import java.util.Properties;
import javax.json.Json;
import javax.json.JsonArray;
import javax.json.JsonObject;
import javax.json.JsonObjectBuilder;
import javax.json.JsonValue;
import javax.json.JsonWriter;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import javax.xml.bind.DatatypeConverter;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.HttpEntity;
import org.apache.http.HttpHost;
import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.ParseException;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.HttpDelete;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpPut;
import org.apache.http.client.protocol.HttpClientContext;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.socket.ConnectionSocketFactory;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.auth.BasicScheme;
import org.apache.http.impl.client.BasicAuthCache;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.protocol.HttpContext;
import org.apache.http.ssl.SSLContexts;
import org.apache.http.ssl.TrustStrategy;
import org.apache.http.util.EntityUtils;
import org.apache.milagro.amcl.FP256BN.BIG;
import org.apache.milagro.amcl.RAND;
import org.bouncycastle.asn1.ASN1OctetString;
import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.util.io.pem.PemReader;
import org.hyperledger.fabric.protos.common.Common;
import org.hyperledger.fabric.protos.idemix.Idemix;
import org.hyperledger.fabric.sdk.Endpoint;
import org.hyperledger.fabric.sdk.Enrollment;
import org.hyperledger.fabric.sdk.NetworkConfig;
import org.hyperledger.fabric.sdk.User;
import org.hyperledger.fabric.sdk.helper.Utils;
import org.hyperledger.fabric.sdk.idemix.IdemixCredRequest;
import org.hyperledger.fabric.sdk.idemix.IdemixCredential;
import org.hyperledger.fabric.sdk.idemix.IdemixIssuerPublicKey;
import org.hyperledger.fabric.sdk.idemix.IdemixUtils;
import org.hyperledger.fabric.sdk.identity.IdemixEnrollment;
import org.hyperledger.fabric.sdk.identity.X509Enrollment;
import org.hyperledger.fabric.sdk.security.CryptoPrimitives;
import org.hyperledger.fabric.sdk.security.CryptoSuite;
import org.hyperledger.fabric_ca.sdk.exception.AffiliationException;
import org.hyperledger.fabric_ca.sdk.exception.EnrollmentException;
import org.hyperledger.fabric_ca.sdk.exception.GenerateCRLException;
import org.hyperledger.fabric_ca.sdk.exception.HFCACertificateException;
import org.hyperledger.fabric_ca.sdk.exception.HTTPException;
import org.hyperledger.fabric_ca.sdk.exception.IdentityException;
import org.hyperledger.fabric_ca.sdk.exception.InfoException;
import org.hyperledger.fabric_ca.sdk.exception.InvalidArgumentException;
import org.hyperledger.fabric_ca.sdk.exception.RegistrationException;
import org.hyperledger.fabric_ca.sdk.exception.RevocationException;
import org.hyperledger.fabric_ca.sdk.helper.Config;
import org.hyperledger.fabric_ca.sdk.helper.Util;

/* loaded from: input_file:org/hyperledger/fabric_ca/sdk/HFCAClient.class */
public class HFCAClient {
    public static final String DEFAULT_PROFILE_NAME = "";
    public static final String HFCA_TYPE_PEER = "peer";
    public static final String HFCA_TYPE_ORDERER = "orderer";
    public static final String HFCA_TYPE_CLIENT = "client";
    public static final String HFCA_TYPE_USER = "user";
    public static final String HFCA_ATTRIBUTE_HFREGISTRARROLES = "hf.Registrar.Roles";
    public static final String HFCA_ATTRIBUTE_HFREGISTRARDELEGATEROLES = "hf.Registrar.DelegateRoles";
    public static final String HFCA_ATTRIBUTE_HFREGISTRARATTRIBUTES = "hf.Registrar.Attributes";
    public static final String HFCA_ATTRIBUTE_HFINTERMEDIATECA = "hf.IntermediateCA";
    public static final String HFCA_ATTRIBUTE_HFREVOKER = "hf.Revoker";
    public static final String HFCA_ATTRIBUTE_HFAFFILIATIONMGR = "hf.AffiliationMgr";
    public static final String HFCA_ATTRIBUTE_HFGENCRL = "hf.GenCRL";
    static final String FABRIC_CA_REQPROP = "caname";
    static final String HFCA_CONTEXT_ROOT = "/api/v1/";
    private static final String HFCA_ENROLL = "/api/v1/enroll";
    private static final String HFCA_REGISTER = "/api/v1/register";
    private static final String HFCA_REENROLL = "/api/v1/reenroll";
    private static final String HFCA_REVOKE = "/api/v1/revoke";
    private static final String HFCA_INFO = "/api/v1/cainfo";
    private static final String HFCA_GENCRL = "/api/v1/gencrl";
    private static final String HFCA_CERTIFICATE = "/api/v1/certificates";
    private static final String HFCA_IDEMIXCRED = "/api/v1/idemix/credential";
    private final String url;
    private final boolean isSSL;
    private final Properties properties;
    private Boolean newPayloadType;
    private final String caName;
    private CryptoSuite cryptoSuite;
    private int statusCode = Common.Status.BAD_REQUEST_VALUE;
    private Registry<ConnectionSocketFactory> registry = null;
    CryptoPrimitives cryptoPrimitives = null;
    private static final Config config = Config.getConfig();
    private static final int CONNECTION_REQUEST_TIMEOUT = config.getConnectionRequestTimeout();
    private static final int CONNECT_TIMEOUT = config.getConnectTimeout();
    private static final int SOCKET_TIMEOUT = config.getSocketTimeout();
    private static final Log logger = LogFactory.getLog(HFCAClient.class);

    /* loaded from: input_file:org/hyperledger/fabric_ca/sdk/HFCAClient$AllHostsSSLSocketFactory.class */
    private class AllHostsSSLSocketFactory extends SSLSocketFactory {
        final SSLContext sslContext;

        AllHostsSSLSocketFactory(KeyStore keyStore) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
            super(keyStore);
            this.sslContext = SSLContext.getInstance("TLS");
            this.sslContext.init(null, new TrustManager[]{new X509TrustManager() { // from class: org.hyperledger.fabric_ca.sdk.HFCAClient.AllHostsSSLSocketFactory.1
                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                }

                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    return null;
                }
            }}, null);
        }

        @Override // org.apache.http.conn.ssl.SSLSocketFactory, org.apache.http.conn.scheme.LayeredSocketFactory
        public Socket createSocket(Socket socket, String str, int i, boolean z) throws IOException {
            return this.sslContext.getSocketFactory().createSocket(socket, str, i, z);
        }

        @Override // org.apache.http.conn.ssl.SSLSocketFactory, org.apache.http.conn.scheme.SocketFactory
        public Socket createSocket() throws IOException {
            return this.sslContext.getSocketFactory().createSocket();
        }
    }

    public String getCAName() {
        return this.caName;
    }

    public int getStatusCode() {
        return this.statusCode;
    }

    HFCAClient(String str, String str2, Properties properties) throws MalformedURLException {
        logger.debug(String.format("new HFCAClient %s", str2));
        this.url = str2;
        this.caName = str;
        URL url = new URL(str2);
        String protocol = url.getProtocol();
        if (!"http".equals(protocol) && !"https".equals(protocol)) {
            throw new IllegalArgumentException("HFCAClient only supports http or https not " + protocol);
        }
        if (Utils.isNullOrEmpty(url.getHost())) {
            throw new IllegalArgumentException("HFCAClient url needs host");
        }
        String path = url.getPath();
        if (!Utils.isNullOrEmpty(path)) {
            throw new IllegalArgumentException("HFCAClient url does not support path portion in url remove path: '" + path + "'.");
        }
        String query = url.getQuery();
        if (!Utils.isNullOrEmpty(query)) {
            throw new IllegalArgumentException("HFCAClient url does not support query portion in url remove query: '" + query + "'.");
        }
        this.isSSL = "https".equals(protocol);
        if (properties != null) {
            this.properties = (Properties) properties.clone();
        } else {
            this.properties = null;
        }
    }

    public static HFCAClient createNewInstance(String str, Properties properties) throws MalformedURLException {
        return new HFCAClient(null, str, properties);
    }

    public static HFCAClient createNewInstance(String str, String str2, Properties properties) throws MalformedURLException, InvalidArgumentException {
        if (str == null || str.isEmpty()) {
            throw new InvalidArgumentException("name must not be null or an empty string.");
        }
        return new HFCAClient(str, str2, properties);
    }

    public static HFCAClient createNewInstance(NetworkConfig.CAInfo cAInfo) throws MalformedURLException, InvalidArgumentException {
        try {
            return createNewInstance(cAInfo, CryptoSuite.Factory.getCryptoSuite());
        } catch (MalformedURLException e) {
            throw e;
        } catch (Exception e2) {
            throw new InvalidArgumentException(e2);
        }
    }

    public static HFCAClient createNewInstance(NetworkConfig.CAInfo cAInfo, CryptoSuite cryptoSuite) throws MalformedURLException, InvalidArgumentException {
        if (null == cAInfo) {
            throw new InvalidArgumentException("The caInfo parameter can not be null.");
        }
        if (null == cryptoSuite) {
            throw new InvalidArgumentException("The cryptoSuite parameter can not be null.");
        }
        HFCAClient hFCAClient = new HFCAClient(cAInfo.getCAName(), cAInfo.getUrl(), cAInfo.getProperties());
        hFCAClient.setCryptoSuite(cryptoSuite);
        return hFCAClient;
    }

    public void setCryptoSuite(CryptoSuite cryptoSuite) {
        this.cryptoSuite = cryptoSuite;
    }

    public CryptoSuite getCryptoSuite() {
        return this.cryptoSuite;
    }

    public String register(RegistrationRequest registrationRequest, User user) throws RegistrationException, InvalidArgumentException {
        if (this.cryptoSuite == null) {
            throw new InvalidArgumentException("Crypto primitives not set.");
        }
        if (Utils.isNullOrEmpty(registrationRequest.getEnrollmentID())) {
            throw new InvalidArgumentException("EntrollmentID cannot be null or empty");
        }
        if (user == null) {
            throw new InvalidArgumentException("Registrar should be a valid member");
        }
        logger.debug(String.format("register  url: %s, registrar: %s", this.url, user.getName()));
        setUpSSL();
        try {
            String string = httpPost(this.url + HFCA_REGISTER, registrationRequest.toJson(), user).getString("secret");
            if (string == null) {
                throw new Exception("secret was not found in response");
            }
            logger.debug(String.format("register  url: %s, registrar: %s done.", this.url, user));
            return string;
        } catch (Exception e) {
            RegistrationException registrationException = new RegistrationException(String.format("Error while registering the user %s url: %s  %s ", user, this.url, e.getMessage()), e);
            logger.error(user);
            throw registrationException;
        }
    }

    public Enrollment enroll(String str, String str2) throws EnrollmentException, InvalidArgumentException {
        return enroll(str, str2, new EnrollmentRequest());
    }

    public Enrollment enroll(String str, String str2, EnrollmentRequest enrollmentRequest) throws EnrollmentException, InvalidArgumentException {
        logger.debug(String.format("url:%s enroll user: %s", this.url, str));
        if (Utils.isNullOrEmpty(str)) {
            throw new InvalidArgumentException("enrollment user is not set");
        }
        if (Utils.isNullOrEmpty(str2)) {
            throw new InvalidArgumentException("enrollment secret is not set");
        }
        if (this.cryptoSuite == null) {
            throw new InvalidArgumentException("Crypto primitives not set.");
        }
        setUpSSL();
        try {
            String csr = enrollmentRequest.getCsr();
            KeyPair keyPair = enrollmentRequest.getKeyPair();
            if (null != csr && keyPair == null) {
                throw new InvalidArgumentException("If certificate signing request is supplied the key pair needs to be supplied too.");
            }
            if (keyPair == null) {
                logger.debug("[HFCAClient.enroll] Generating keys...");
                keyPair = this.cryptoSuite.keyGen();
                logger.debug("[HFCAClient.enroll] Generating keys...done!");
            }
            if (csr == null) {
                enrollmentRequest.setCSR(this.cryptoSuite.generateCertificationRequest(str, keyPair));
            }
            if (this.caName != null && !this.caName.isEmpty()) {
                enrollmentRequest.setCAName(this.caName);
            }
            String httpPost = httpPost(getURL(HFCA_ENROLL), enrollmentRequest.toJson(), new UsernamePasswordCredentials(str, str2));
            logger.debug("response:" + httpPost);
            JsonObject read = Json.createReader(new StringReader(httpPost)).read();
            boolean z = read.getBoolean("success");
            logger.debug(String.format("[HFCAClient] enroll success:[%s]", Boolean.valueOf(z)));
            if (!z) {
                throw new EnrollmentException(String.format("FabricCA failed enrollment for user %s response success is false.", str));
            }
            JsonObject jsonObject = read.getJsonObject("result");
            if (jsonObject == null) {
                throw new EnrollmentException(String.format("FabricCA failed enrollment for user %s - response did not contain a result", str));
            }
            String str3 = new String(Base64.getDecoder().decode(jsonObject.getString("Cert").getBytes(StandardCharsets.UTF_8)));
            logger.debug(String.format("[HFCAClient] enroll returned pem:[%s]", str3));
            JsonArray jsonArray = read.getJsonArray("messages");
            if (jsonArray != null && !jsonArray.isEmpty()) {
                JsonObject jsonObject2 = jsonArray.getJsonObject(0);
                logger.info(String.format("Enroll request response message [code %d]: %s", Integer.valueOf(jsonObject2.getInt("code")), jsonObject2.getString("message")));
            }
            logger.debug("Enrollment done.");
            return new X509Enrollment(keyPair, str3);
        } catch (EnrollmentException e) {
            logger.error(String.format("url:%s, user:%s  error:%s", this.url, str, e.getMessage()), e);
            throw e;
        } catch (Exception e2) {
            EnrollmentException enrollmentException = new EnrollmentException(String.format("Url:%s, Failed to enroll user %s ", this.url, str), e2);
            logger.error(e2.getMessage(), e2);
            throw enrollmentException;
        }
    }

    public HFCAInfo info() throws InfoException, InvalidArgumentException {
        try {
            String url = getURL(HFCA_INFO);
            logger.debug(String.format("info url:%s", url));
            if (this.cryptoSuite == null) {
                throw new InvalidArgumentException("Crypto primitives not set.");
            }
            setUpSSL();
            try {
                JsonObjectBuilder createObjectBuilder = Json.createObjectBuilder();
                if (this.caName != null) {
                    createObjectBuilder.add(FABRIC_CA_REQPROP, this.caName);
                }
                String httpPost = httpPost(url, createObjectBuilder.build().toString(), (UsernamePasswordCredentials) null);
                logger.debug("response:" + httpPost);
                JsonObject read = Json.createReader(new StringReader(httpPost)).read();
                boolean z = read.getBoolean("success");
                logger.debug(String.format("[HFCAClient] enroll success:[%s]", Boolean.valueOf(z)));
                if (!z) {
                    throw new EnrollmentException(String.format("FabricCA failed info %s", url));
                }
                JsonObject jsonObject = read.getJsonObject("result");
                if (jsonObject == null) {
                    throw new InfoException(String.format("FabricCA info error  - response did not contain a result url %s", url));
                }
                String string = jsonObject.getString("CAName");
                String string2 = jsonObject.getString("CAChain");
                String str = null;
                if (jsonObject.containsKey("Version")) {
                    str = jsonObject.getString("Version");
                }
                String str2 = null;
                if (jsonObject.containsKey("IssuerPublicKey")) {
                    str2 = jsonObject.getString("IssuerPublicKey");
                }
                String str3 = null;
                if (jsonObject.containsKey("IssuerRevocationPublicKey")) {
                    str3 = jsonObject.getString("IssuerRevocationPublicKey");
                }
                logger.info(String.format("CA Name: %s, Version: %s, issuerPublicKey: %s, issuerRevocationPublicKey: %s", string, string2, str2, str3));
                return new HFCAInfo(string, string2, str, str2, str3);
            } catch (Exception e) {
                InfoException infoException = new InfoException(String.format("Url:%s, Failed to get info", url), e);
                logger.error(e.getMessage(), e);
                throw infoException;
            }
        } catch (Exception e2) {
            throw new InvalidArgumentException(e2);
        }
    }

    public Enrollment reenroll(User user) throws EnrollmentException, InvalidArgumentException {
        return reenroll(user, new EnrollmentRequest());
    }

    public Enrollment reenroll(User user, EnrollmentRequest enrollmentRequest) throws EnrollmentException, InvalidArgumentException {
        if (this.cryptoSuite == null) {
            throw new InvalidArgumentException("Crypto primitives not set.");
        }
        if (user == null) {
            throw new InvalidArgumentException("reenrollment user is missing");
        }
        if (user.getEnrollment() == null) {
            throw new InvalidArgumentException("reenrollment user is not a valid user object");
        }
        logger.debug(String.format("re-enroll user: %s, url: %s", user.getName(), this.url));
        try {
            setUpSSL();
            KeyPair keyPair = new KeyPair(this.cryptoSuite.bytesToCertificate(user.getEnrollment().getCert().getBytes(StandardCharsets.UTF_8)).getPublicKey(), user.getEnrollment().getKey());
            enrollmentRequest.setCSR(this.cryptoSuite.generateCertificationRequest(user.getName(), keyPair));
            if (this.caName != null && !this.caName.isEmpty()) {
                enrollmentRequest.setCAName(this.caName);
            }
            String str = new String(Base64.getDecoder().decode(httpPost(this.url + HFCA_REENROLL, enrollmentRequest.toJson(), user).getString("Cert").getBytes(StandardCharsets.UTF_8)));
            logger.debug(String.format("[HFCAClient] re-enroll returned pem:[%s]", str));
            logger.debug(String.format("reenroll user %s done.", user.getName()));
            return new X509Enrollment(keyPair, str);
        } catch (EnrollmentException e) {
            logger.error(e.getMessage(), e);
            throw e;
        } catch (Exception e2) {
            EnrollmentException enrollmentException = new EnrollmentException(String.format("Failed to re-enroll user %s", user), e2);
            logger.error(e2.getMessage(), e2);
            throw enrollmentException;
        }
    }

    public void revoke(User user, Enrollment enrollment, String str) throws RevocationException, InvalidArgumentException {
        revokeInternal(user, enrollment, str, false);
    }

    public String revoke(User user, Enrollment enrollment, String str, boolean z) throws RevocationException, InvalidArgumentException {
        return revokeInternal(user, enrollment, str, z);
    }

    private String revokeInternal(User user, Enrollment enrollment, String str, boolean z) throws RevocationException, InvalidArgumentException {
        if (this.cryptoSuite == null) {
            throw new InvalidArgumentException("Crypto primitives not set.");
        }
        if (enrollment == null) {
            throw new InvalidArgumentException("revokee enrollment is not set");
        }
        if (user == null) {
            throw new InvalidArgumentException("revoker is not set");
        }
        logger.debug(String.format("revoke revoker: %s, reason: %s, url: %s", user.getName(), str, this.url));
        try {
            setUpSSL();
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance(Config.getConfig().getCertificateFormat()).generateCertificate(new BufferedInputStream(new ByteArrayInputStream(enrollment.getCert().getBytes())));
            JsonObject httpPost = httpPost(this.url + HFCA_REVOKE, new RevocationRequest(this.caName, null, DatatypeConverter.printHexBinary(x509Certificate.getSerialNumber().toByteArray()), DatatypeConverter.printHexBinary(AuthorityKeyIdentifier.getInstance(ASN1OctetString.getInstance(x509Certificate.getExtensionValue(Extension.authorityKeyIdentifier.getId())).getOctets()).getKeyIdentifier()), str, Boolean.valueOf(z)).toJson(), user);
            logger.debug("revoke done");
            if (!z) {
                return null;
            }
            if (httpPost.isEmpty()) {
                throw new RevocationException("Failed to return CRL, revoke response is empty");
            }
            if (httpPost.isNull("CRL")) {
                throw new RevocationException("Failed to return CRL");
            }
            return httpPost.getString("CRL");
        } catch (CertificateException e) {
            logger.error("Cannot validate certificate. Error is: " + e.getMessage());
            throw new RevocationException("Error while revoking cert. " + e.getMessage(), e);
        } catch (Exception e2) {
            logger.error(e2.getMessage(), e2);
            throw new RevocationException("Error while revoking the user. " + e2.getMessage(), e2);
        }
    }

    public void revoke(User user, String str, String str2) throws RevocationException, InvalidArgumentException {
        revokeInternal(user, str, str2, false);
    }

    public String revoke(User user, String str, String str2, boolean z) throws RevocationException, InvalidArgumentException {
        return revokeInternal(user, str, str2, z);
    }

    private String revokeInternal(User user, String str, String str2, boolean z) throws RevocationException, InvalidArgumentException {
        if (this.cryptoSuite == null) {
            throw new InvalidArgumentException("Crypto primitives not set.");
        }
        logger.debug(String.format("revoke revoker: %s, revokee: %s, reason: %s", user, str, str2));
        if (Utils.isNullOrEmpty(str)) {
            throw new InvalidArgumentException("revokee user is not set");
        }
        if (user == null) {
            throw new InvalidArgumentException("revoker is not set");
        }
        try {
            setUpSSL();
            JsonObject httpPost = httpPost(this.url + HFCA_REVOKE, new RevocationRequest(this.caName, str, null, null, str2, Boolean.valueOf(z)).toJson(), user);
            logger.debug(String.format("revoke revokee: %s done.", str));
            if (!z) {
                return null;
            }
            if (httpPost.isEmpty()) {
                throw new RevocationException("Failed to return CRL, revoke response is empty");
            }
            if (httpPost.isNull("CRL")) {
                throw new RevocationException("Failed to return CRL");
            }
            return httpPost.getString("CRL");
        } catch (Exception e) {
            logger.error(e.getMessage(), e);
            throw new RevocationException("Error while revoking the user. " + e.getMessage(), e);
        }
    }

    public void revoke(User user, String str, String str2, String str3) throws RevocationException, InvalidArgumentException {
        revokeInternal(user, str, str2, str3, false);
    }

    public String revoke(User user, String str, String str2, String str3, boolean z) throws RevocationException, InvalidArgumentException {
        return revokeInternal(user, str, str2, str3, z);
    }

    private String revokeInternal(User user, String str, String str2, String str3, boolean z) throws RevocationException, InvalidArgumentException {
        if (this.cryptoSuite == null) {
            throw new InvalidArgumentException("Crypto primitives not set.");
        }
        if (Utils.isNullOrEmpty(str)) {
            throw new IllegalArgumentException("Serial number id required to revoke ceritificate");
        }
        if (Utils.isNullOrEmpty(str2)) {
            throw new IllegalArgumentException("AKI is required to revoke certificate");
        }
        if (user == null) {
            throw new InvalidArgumentException("revoker is not set");
        }
        logger.debug(String.format("revoke revoker: %s, reason: %s, url: %s", user.getName(), str3, this.url));
        try {
            setUpSSL();
            JsonObject httpPost = httpPost(this.url + HFCA_REVOKE, new RevocationRequest(this.caName, null, str, str2, str3, Boolean.valueOf(z)).toJson(), user);
            logger.debug("revoke done");
            if (!z) {
                return null;
            }
            if (httpPost.isEmpty()) {
                throw new RevocationException("Failed to return CRL, revoke response is empty");
            }
            if (httpPost.isNull("CRL")) {
                throw new RevocationException("Failed to return CRL");
            }
            return httpPost.getString("CRL");
        } catch (CertificateException e) {
            logger.error("Cannot validate certificate. Error is: " + e.getMessage());
            throw new RevocationException("Error while revoking cert. " + e.getMessage(), e);
        } catch (Exception e2) {
            logger.error(e2.getMessage(), e2);
            throw new RevocationException("Error while revoking the user. " + e2.getMessage(), e2);
        }
    }

    public String generateCRL(User user, Date date, Date date2, Date date3, Date date4) throws InvalidArgumentException, GenerateCRLException {
        if (this.cryptoSuite == null) {
            throw new InvalidArgumentException("Crypto primitives not set.");
        }
        if (user == null) {
            throw new InvalidArgumentException("registrar is not set");
        }
        try {
            setUpSSL();
            JsonObjectBuilder createObjectBuilder = Json.createObjectBuilder();
            if (date != null) {
                createObjectBuilder.add("revokedBefore", Util.dateToString(date));
            }
            if (date2 != null) {
                createObjectBuilder.add("revokedAfter", Util.dateToString(date2));
            }
            if (date3 != null) {
                createObjectBuilder.add("expireBefore", Util.dateToString(date3));
            }
            if (date4 != null) {
                createObjectBuilder.add("expireAfter", Util.dateToString(date4));
            }
            if (this.caName != null) {
                createObjectBuilder.add(FABRIC_CA_REQPROP, this.caName);
            }
            JsonObject build = createObjectBuilder.build();
            StringWriter stringWriter = new StringWriter();
            JsonWriter createWriter = Json.createWriter(new PrintWriter(stringWriter));
            createWriter.writeObject(build);
            createWriter.close();
            return httpPost(this.url + HFCA_GENCRL, stringWriter.toString(), user).getString("CRL");
        } catch (Exception e) {
            logger.error(e.getMessage(), e);
            throw new GenerateCRLException(e.getMessage(), e);
        }
    }

    public HFCAIdentity newHFCAIdentity(String str) throws InvalidArgumentException {
        return new HFCAIdentity(str, this);
    }

    public Collection<HFCAIdentity> getHFCAIdentities(User user) throws IdentityException, InvalidArgumentException {
        if (user == null) {
            throw new InvalidArgumentException("Registrar should be a valid member");
        }
        logger.debug(String.format("identity  url: %s, registrar: %s", this.url, user.getName()));
        try {
            JsonObject httpGet = httpGet("/api/v1/identities", user);
            ArrayList arrayList = new ArrayList();
            JsonArray jsonArray = httpGet.getJsonArray("identities");
            if (jsonArray != null && !jsonArray.isEmpty()) {
                for (int i = 0; i < jsonArray.size(); i++) {
                    arrayList.add(new HFCAIdentity(jsonArray.getJsonObject(i)));
                }
            }
            logger.debug(String.format("identity  url: %s, registrar: %s done.", this.url, user));
            return arrayList;
        } catch (HTTPException e) {
            String format = String.format("[HTTP Status Code: %d] - Error while getting all users from url '%s': %s", Integer.valueOf(e.getStatusCode()), this.url, e.getMessage());
            IdentityException identityException = new IdentityException(format, e);
            logger.error(format);
            throw identityException;
        } catch (Exception e2) {
            String format2 = String.format("Error while getting all users from url '%s': %s", this.url, e2.getMessage());
            IdentityException identityException2 = new IdentityException(format2, e2);
            logger.error(format2);
            throw identityException2;
        }
    }

    public HFCAAffiliation newHFCAAffiliation(String str) throws InvalidArgumentException {
        return new HFCAAffiliation(str, this);
    }

    public HFCAAffiliation getHFCAAffiliations(User user) throws AffiliationException, InvalidArgumentException {
        if (this.cryptoSuite == null) {
            throw new InvalidArgumentException("Crypto primitives not set.");
        }
        if (user == null) {
            throw new InvalidArgumentException("Registrar should be a valid member");
        }
        logger.debug(String.format("affiliations  url: %s, registrar: %s", this.url, user.getName()));
        try {
            HFCAAffiliation hFCAAffiliation = new HFCAAffiliation(httpGet("/api/v1/affiliations", user));
            logger.debug(String.format("affiliations  url: %s, registrar: %s done.", this.url, user));
            return hFCAAffiliation;
        } catch (HTTPException e) {
            String format = String.format("[HTTP Status Code: %d] - Error while getting all affiliations from url '%s': %s", Integer.valueOf(e.getStatusCode()), this.url, e.getMessage());
            AffiliationException affiliationException = new AffiliationException(format, e);
            logger.error(format);
            throw affiliationException;
        } catch (Exception e2) {
            String format2 = String.format("Error while getting all affiliations from url '%s': %s", this.url, e2.getMessage());
            AffiliationException affiliationException2 = new AffiliationException(format2, e2);
            logger.error(format2);
            throw affiliationException2;
        }
    }

    public HFCACertificateRequest newHFCACertificateRequest() {
        return new HFCACertificateRequest();
    }

    public Enrollment idemixEnroll(Enrollment enrollment, String str) throws EnrollmentException, InvalidArgumentException {
        if (this.cryptoSuite == null) {
            throw new InvalidArgumentException("Crypto primitives not set");
        }
        if (enrollment == null) {
            throw new InvalidArgumentException("enrollment is missing");
        }
        if (Utils.isNullOrEmpty(str)) {
            throw new InvalidArgumentException("mspID cannot be null or empty");
        }
        if (enrollment instanceof IdemixEnrollment) {
            throw new InvalidArgumentException("enrollment type must be x509");
        }
        RAND rand = IdemixUtils.getRand();
        try {
            setUpSSL();
            IdemixEnrollmentRequest idemixEnrollmentRequest = new IdemixEnrollmentRequest();
            JsonObject httpPost = httpPost(this.url + HFCA_IDEMIXCRED, idemixEnrollmentRequest.toJson(), enrollment);
            if (httpPost == null) {
                throw new EnrollmentException("No response received for idemix enrollment request");
            }
            String string = httpPost.getString("Nonce");
            if (Utils.isNullOrEmpty(string)) {
                throw new InvalidArgumentException("fabric-ca-server did not return a nonce in the response from /api/v1/idemix/credential");
            }
            BIG fromBytes = BIG.fromBytes(Base64.getDecoder().decode(string.getBytes()));
            JsonObject jsonObject = httpPost.getJsonObject("CAInfo");
            if (jsonObject == null) {
                throw new Exception("fabric-ca-server did not return 'cainfo' in the response from /api/v1/idemix/credential");
            }
            IdemixIssuerPublicKey issuerPublicKey = getIssuerPublicKey(jsonObject.getString("IssuerPublicKey"));
            PublicKey revocationPublicKey = getRevocationPublicKey(jsonObject.getString("IssuerRevocationPublicKey"));
            BIG big = new BIG(IdemixUtils.randModOrder(rand));
            idemixEnrollmentRequest.setIdemixCredReq(new IdemixCredRequest(big, fromBytes, issuerPublicKey));
            JsonObject httpPost2 = httpPost(this.url + HFCA_IDEMIXCRED, idemixEnrollmentRequest.toJson(), enrollment);
            if (httpPost2 == null) {
                throw new EnrollmentException("No response received for idemix enrollment request");
            }
            String string2 = httpPost2.getString("Credential");
            if (Utils.isNullOrEmpty(string2)) {
                throw new InvalidArgumentException("fabric-ca-server did not return a 'credential' in the response from /api/v1/idemix/credential");
            }
            IdemixCredential idemixCredential = new IdemixCredential(Idemix.Credential.parseFrom(Base64.getDecoder().decode(string2.getBytes(StandardCharsets.UTF_8))));
            String string3 = httpPost2.getString("CRI");
            if (Utils.isNullOrEmpty(string3)) {
                throw new InvalidArgumentException("fabric-ca-server did not return a 'CRI' in the response from /api/v1/idemix/credential");
            }
            Idemix.CredentialRevocationInformation parseFrom = Idemix.CredentialRevocationInformation.parseFrom(Base64.getDecoder().decode(string3.getBytes(StandardCharsets.UTF_8)));
            JsonObject jsonObject2 = httpPost2.getJsonObject("Attrs");
            if (jsonObject2 == null) {
                throw new EnrollmentException("fabric-ca-server did not return 'attrs' in the response from /api/v1/idemix/credential");
            }
            String string4 = jsonObject2.getString("OU");
            if (Utils.isNullOrEmpty(string4)) {
                throw new InvalidArgumentException("fabric-ca-server did not return a 'ou' attribute in the response from /api/v1/idemix/credential");
            }
            return new IdemixEnrollment(issuerPublicKey, revocationPublicKey, str, big, idemixCredential, parseFrom, string4, jsonObject2.getInt("Role"));
        } catch (EnrollmentException e) {
            logger.error(e.getMessage(), e);
            throw e;
        } catch (Exception e2) {
            EnrollmentException enrollmentException = new EnrollmentException("Failed to get Idemix credential", e2);
            logger.error(e2.getMessage(), e2);
            throw enrollmentException;
        }
    }

    private IdemixIssuerPublicKey getIssuerPublicKey(String str) throws EnrollmentException, InvalidProtocolBufferException {
        if (Utils.isNullOrEmpty(str)) {
            throw new EnrollmentException("fabric-ca-server did not return 'issuerPublicKey' in the response from /api/v1/idemix/credential");
        }
        return new IdemixIssuerPublicKey(Idemix.IssuerPublicKey.parseFrom(Base64.getDecoder().decode(str.getBytes())));
    }

    private PublicKey getRevocationPublicKey(String str) throws EnrollmentException, IOException, NoSuchAlgorithmException, InvalidKeySpecException {
        if (Utils.isNullOrEmpty(str)) {
            throw new EnrollmentException("fabric-ca-server did not return 'issuerPublicKey' in the response from /api/v1/idemix/credential");
        }
        return KeyFactory.getInstance("EC").generatePublic(new X509EncodedKeySpec(convertPemToDer(new String(Base64.getDecoder().decode(str)))));
    }

    private byte[] convertPemToDer(String str) throws IOException {
        return new PemReader(new StringReader(str)).readPemObject().getContent();
    }

    public HFCACertificateResponse getHFCACertificates(User user, HFCACertificateRequest hFCACertificateRequest) throws HFCACertificateException {
        try {
            logger.debug(String.format("certificate url: %s, registrar: %s", HFCA_CERTIFICATE, user.getName()));
            JsonObject httpGet = httpGet(HFCA_CERTIFICATE, user, hFCACertificateRequest.getQueryParameters());
            int i = httpGet.getInt("statusCode");
            ArrayList arrayList = new ArrayList();
            if (i < 400) {
                JsonArray jsonArray = httpGet.getJsonArray("certs");
                if (jsonArray != null && !jsonArray.isEmpty()) {
                    for (int i2 = 0; i2 < jsonArray.size(); i2++) {
                        arrayList.add(new HFCAX509Certificate(jsonArray.getJsonObject(i2).getString("PEM")));
                    }
                }
                logger.debug(String.format("certificate url: %s, registrar: %s done.", HFCA_CERTIFICATE, user));
            }
            return new HFCACertificateResponse(i, arrayList);
        } catch (HTTPException e) {
            String format = String.format("[Code: %d] - Error while getting certificates from url '%s': %s", Integer.valueOf(e.getStatusCode()), HFCA_CERTIFICATE, e.getMessage());
            HFCACertificateException hFCACertificateException = new HFCACertificateException(format, e);
            logger.error(format);
            throw hFCACertificateException;
        } catch (Exception e2) {
            String format2 = String.format("Error while getting certificates from url '%s': %s", HFCA_CERTIFICATE, e2.getMessage());
            HFCACertificateException hFCACertificateException2 = new HFCACertificateException(format2, e2);
            logger.error(format2);
            throw hFCACertificateException2;
        }
    }

    String httpPost(String str, String str2, UsernamePasswordCredentials usernamePasswordCredentials) throws Exception {
        logger.debug(String.format("httpPost %s, body:%s", str, str2));
        HttpClientBuilder create = HttpClientBuilder.create();
        BasicCredentialsProvider basicCredentialsProvider = null;
        if (usernamePasswordCredentials != null) {
            basicCredentialsProvider = new BasicCredentialsProvider();
            basicCredentialsProvider.setCredentials(AuthScope.ANY, usernamePasswordCredentials);
            create.setDefaultCredentialsProvider(basicCredentialsProvider);
        }
        if (this.registry != null) {
            create.setConnectionManager(new PoolingHttpClientConnectionManager(this.registry));
        }
        CloseableHttpClient build = create.build();
        HttpPost httpPost = new HttpPost(str);
        httpPost.setConfig(getRequestConfig());
        BasicAuthCache basicAuthCache = new BasicAuthCache();
        HttpHost httpHost = new HttpHost(httpPost.getURI().getHost(), httpPost.getURI().getPort());
        if (usernamePasswordCredentials != null) {
            basicAuthCache.put(httpHost, new BasicScheme());
        }
        HttpContext create2 = HttpClientContext.create();
        if (null != basicCredentialsProvider) {
            create2.setCredentialsProvider(basicCredentialsProvider);
        }
        if (usernamePasswordCredentials != null) {
            create2.setAuthCache(basicAuthCache);
        }
        httpPost.setEntity(new StringEntity(str2));
        if (usernamePasswordCredentials != null) {
            httpPost.addHeader(new BasicScheme().authenticate(usernamePasswordCredentials, httpPost, create2));
        }
        HttpResponse execute = build.execute(httpPost, create2);
        int statusCode = execute.getStatusLine().getStatusCode();
        HttpEntity entity = execute.getEntity();
        logger.trace(String.format("httpPost %s  sending...", str));
        String entityUtils = entity != null ? EntityUtils.toString(entity) : null;
        logger.trace(String.format("httpPost %s  responseBody %s", str, entityUtils));
        if (statusCode < 400) {
            logger.debug(String.format("httpPost Status: %d returning: %s ", Integer.valueOf(statusCode), entityUtils));
            return entityUtils;
        }
        Exception exc = new Exception(String.format("POST request to %s  with request body: %s, failed with status code: %d. Response: %s", str, str2, Integer.valueOf(statusCode), entityUtils));
        logger.error(exc.getMessage());
        throw exc;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public JsonObject httpPost(String str, String str2, User user) throws Exception {
        return post(str, str2, getHTTPAuthCertificate(user.getEnrollment(), "POST", str, str2));
    }

    JsonObject httpPost(String str, String str2, Enrollment enrollment) throws Exception {
        return post(str, str2, getHTTPAuthCertificate(enrollment, "POST", str, str2));
    }

    JsonObject post(String str, String str2, String str3) throws Exception {
        String addCAToURL = addCAToURL(str);
        HttpPost httpPost = new HttpPost(addCAToURL);
        httpPost.setConfig(getRequestConfig());
        logger.debug(String.format("httpPost %s, body:%s, authHTTPCert: %s", addCAToURL, str2, str3));
        HttpClientBuilder create = HttpClientBuilder.create();
        if (this.registry != null) {
            create.setConnectionManager(new PoolingHttpClientConnectionManager(this.registry));
        }
        CloseableHttpClient build = create.build();
        HttpClientContext create2 = HttpClientContext.create();
        httpPost.setEntity(new StringEntity(str2));
        httpPost.addHeader("Authorization", str3);
        return getResult(build.execute(httpPost, create2), str2, "POST");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public JsonObject httpGet(String str, User user) throws Exception {
        return httpGet(str, user, null);
    }

    JsonObject httpGet(String str, User user, Map<String, String> map) throws Exception {
        String url = getURL(str, map);
        String hTTPAuthCertificate = getHTTPAuthCertificate(user.getEnrollment(), "GET", url, DEFAULT_PROFILE_NAME);
        HttpGet httpGet = new HttpGet(url);
        httpGet.setConfig(getRequestConfig());
        logger.debug(String.format("httpGet %s, authHTTPCert: %s", str, hTTPAuthCertificate));
        HttpClientBuilder create = HttpClientBuilder.create();
        if (this.registry != null) {
            create.setConnectionManager(new PoolingHttpClientConnectionManager(this.registry));
        }
        CloseableHttpClient build = create.build();
        HttpClientContext create2 = HttpClientContext.create();
        httpGet.addHeader("Authorization", hTTPAuthCertificate);
        return getResult(build.execute(httpGet, create2), DEFAULT_PROFILE_NAME, "GET");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public JsonObject httpPut(String str, String str2, User user) throws Exception {
        String hTTPAuthCertificate = getHTTPAuthCertificate(user.getEnrollment(), "PUT", str, str2);
        HttpPut httpPut = new HttpPut(addCAToURL(str));
        httpPut.setConfig(getRequestConfig());
        logger.debug(String.format("httpPutt %s, body:%s, authHTTPCert: %s", str, str2, hTTPAuthCertificate));
        HttpClientBuilder create = HttpClientBuilder.create();
        if (this.registry != null) {
            create.setConnectionManager(new PoolingHttpClientConnectionManager(this.registry));
        }
        CloseableHttpClient build = create.build();
        HttpClientContext create2 = HttpClientContext.create();
        httpPut.setEntity(new StringEntity(str2));
        httpPut.addHeader("Authorization", hTTPAuthCertificate);
        return getResult(build.execute(httpPut, create2), str2, "PUT");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public JsonObject httpDelete(String str, User user) throws Exception {
        String hTTPAuthCertificate = getHTTPAuthCertificate(user.getEnrollment(), "DELETE", str, DEFAULT_PROFILE_NAME);
        HttpDelete httpDelete = new HttpDelete(addCAToURL(str));
        httpDelete.setConfig(getRequestConfig());
        logger.debug(String.format("httpPut %s, authHTTPCert: %s", str, hTTPAuthCertificate));
        HttpClientBuilder create = HttpClientBuilder.create();
        if (this.registry != null) {
            create.setConnectionManager(new PoolingHttpClientConnectionManager(this.registry));
        }
        CloseableHttpClient build = create.build();
        HttpClientContext create2 = HttpClientContext.create();
        httpDelete.addHeader("Authorization", hTTPAuthCertificate);
        return getResult(build.execute(httpDelete, create2), DEFAULT_PROFILE_NAME, "DELETE");
    }

    JsonObject getResult(HttpResponse httpResponse, String str, String str2) throws HTTPException, ParseException, IOException {
        int statusCode = httpResponse.getStatusLine().getStatusCode();
        HttpEntity entity = httpResponse.getEntity();
        logger.trace(String.format("response status %d, HttpEntity %s ", Integer.valueOf(statusCode), DEFAULT_PROFILE_NAME + entity));
        String entityUtils = entity != null ? EntityUtils.toString(entity) : null;
        logger.trace(String.format("responseBody: %s ", entityUtils));
        if (statusCode >= this.statusCode) {
            HTTPException hTTPException = new HTTPException(String.format("%s request to %s failed request body %s. Response: %s", str2, this.url, str, entityUtils), statusCode);
            logger.error(hTTPException.getMessage());
            throw hTTPException;
        }
        if (entityUtils == null) {
            HTTPException hTTPException2 = new HTTPException(String.format("%s request to %s failed request body %s with null response body returned.", str2, this.url, str), statusCode);
            logger.error(hTTPException2.getMessage());
            throw hTTPException2;
        }
        logger.debug("Status: " + statusCode);
        JsonObject read = Json.createReader(new StringReader(entityUtils)).read();
        JsonObjectBuilder createObjectBuilder = Json.createObjectBuilder();
        createObjectBuilder.add("statusCode", statusCode);
        JsonArray jsonArray = read.getJsonArray("errors");
        if (statusCode < this.statusCode && statusCode >= 400) {
            if (jsonArray != null && !jsonArray.isEmpty()) {
                JsonObject jsonObject = jsonArray.getJsonObject(0);
                logger.error(String.format("[HTTP Status Code: %d] - %s request to %s failed request body %s error message: [Error Code %d] - %s", Integer.valueOf(statusCode), str2, this.url, str, Integer.valueOf(jsonObject.getInt("code")), jsonObject.getString("message")));
            }
            return createObjectBuilder.build();
        }
        if (jsonArray != null && !jsonArray.isEmpty()) {
            JsonObject jsonObject2 = jsonArray.getJsonObject(0);
            throw new HTTPException(String.format("%s request to %s failed request body %s error message: [Error Code %d] - %s", str2, this.url, str, Integer.valueOf(jsonObject2.getInt("code")), jsonObject2.getString("message")), statusCode);
        }
        if (!read.getBoolean("success")) {
            HTTPException hTTPException3 = new HTTPException(String.format("%s request to %s failed request body %s Body of response did not contain success", str2, this.url, str), statusCode);
            logger.error(hTTPException3.getMessage());
            throw hTTPException3;
        }
        JsonObject jsonObject3 = read.getJsonObject("result");
        if (jsonObject3 == null) {
            HTTPException hTTPException4 = new HTTPException(String.format("%s request to %s failed request body %s Body of response did not contain result", str2, this.url, str), statusCode);
            logger.error(hTTPException4.getMessage());
            throw hTTPException4;
        }
        JsonArray jsonArray2 = read.getJsonArray("messages");
        if (jsonArray2 != null && !jsonArray2.isEmpty()) {
            JsonObject jsonObject4 = jsonArray2.getJsonObject(0);
            logger.info(String.format("%s request to %s failed request body %s response message: [Error Code %d] - %s", str2, this.url, str, Integer.valueOf(jsonObject4.getInt("code")), jsonObject4.getString("message")));
        }
        for (Map.Entry entry : jsonObject3.entrySet()) {
            createObjectBuilder.add((String) entry.getKey(), (JsonValue) entry.getValue());
        }
        createObjectBuilder.add("statusCode", statusCode);
        JsonObject build = createObjectBuilder.build();
        logger.debug(String.format("%s %s, body:%s result: %s", str2, this.url, str, DEFAULT_PROFILE_NAME + build));
        return build;
    }

    String getHTTPAuthCertificate(Enrollment enrollment, String str, String str2, String str3) throws Exception {
        Base64.Encoder encoder = Base64.getEncoder();
        String encodeToString = encoder.encodeToString(enrollment.getCert().getBytes(StandardCharsets.UTF_8));
        String encodeToString2 = encoder.encodeToString(str3.getBytes(StandardCharsets.UTF_8));
        if (this.newPayloadType == null) {
            this.newPayloadType = true;
            String version = info().getVersion();
            logger.info(String.format("CA Version: %s", version));
            if (Utils.isNullOrEmpty(version)) {
                this.newPayloadType = false;
            }
            String str4 = version + ".";
            if (str4.startsWith("1.1.") || str4.startsWith("1.2.") || str4.startsWith("1.3.")) {
                this.newPayloadType = false;
            }
        }
        return encodeToString + "." + encoder.encodeToString(this.cryptoSuite.sign(enrollment.getKey(), (this.newPayloadType.booleanValue() ? str + "." + encoder.encodeToString(new URL(addCAToURL(str2)).getFile().getBytes(StandardCharsets.UTF_8)) + "." + encodeToString2 + "." + encodeToString : encodeToString2 + "." + encodeToString).getBytes(StandardCharsets.UTF_8)));
    }

    private void setUpSSL() throws InvalidArgumentException {
        String property;
        BufferedInputStream bufferedInputStream;
        Throwable th;
        Throwable th2;
        if (this.cryptoPrimitives == null) {
            try {
                this.cryptoPrimitives = new CryptoPrimitives();
                this.cryptoPrimitives.init();
            } catch (Exception e) {
                throw new InvalidArgumentException(e);
            }
        }
        if (this.isSSL && null == this.registry) {
            if (!this.properties.containsKey(Endpoint.PROPERTY_PEM_BYTES) && !this.properties.containsKey(Endpoint.PROPERTY_PEM_FILE)) {
                logger.warn("SSL with no CA certficates in either pemBytes or pemFile");
            }
            try {
                if (this.properties.containsKey(Endpoint.PROPERTY_PEM_BYTES)) {
                    bufferedInputStream = new BufferedInputStream(new ByteArrayInputStream((byte[]) this.properties.get(Endpoint.PROPERTY_PEM_BYTES)));
                    th = null;
                    try {
                        try {
                            this.cryptoPrimitives.addCACertificatesToTrustStore(bufferedInputStream);
                            if (bufferedInputStream != null) {
                                if (0 != 0) {
                                    try {
                                        bufferedInputStream.close();
                                    } catch (Throwable th3) {
                                        th.addSuppressed(th3);
                                    }
                                } else {
                                    bufferedInputStream.close();
                                }
                            }
                        } catch (Throwable th4) {
                            th = th4;
                            throw th4;
                        }
                    } finally {
                        if (bufferedInputStream != null) {
                            if (th2 != null) {
                                try {
                                    bufferedInputStream.close();
                                } catch (Throwable th5) {
                                    th.addSuppressed(th5);
                                }
                            }
                        }
                    }
                }
                if (this.properties.containsKey(Endpoint.PROPERTY_PEM_FILE) && (property = this.properties.getProperty(Endpoint.PROPERTY_PEM_FILE)) != null) {
                    for (String str : property.split("[ \t]*,[ \t]*")) {
                        if (null != str && !str.isEmpty()) {
                            try {
                                bufferedInputStream = new BufferedInputStream(new ByteArrayInputStream(Files.readAllBytes(Paths.get(str, new String[0]))));
                                Throwable th6 = null;
                                try {
                                    try {
                                        this.cryptoPrimitives.addCACertificatesToTrustStore(bufferedInputStream);
                                        if (bufferedInputStream != null) {
                                            if (0 != 0) {
                                                try {
                                                    bufferedInputStream.close();
                                                } catch (Throwable th7) {
                                                    th6.addSuppressed(th7);
                                                }
                                            } else {
                                                bufferedInputStream.close();
                                            }
                                        }
                                    } catch (Throwable th8) {
                                        th6 = th8;
                                        throw th8;
                                    }
                                } finally {
                                    if (bufferedInputStream != null) {
                                        if (th2 != null) {
                                            try {
                                                bufferedInputStream.close();
                                            } catch (Throwable th9) {
                                                th.addSuppressed(th9);
                                            }
                                        }
                                    }
                                }
                            } catch (IOException e2) {
                                throw new InvalidArgumentException(String.format("Unable to add CA certificate, can't open certificate file %s", new File(str).getAbsolutePath()));
                            }
                        }
                    }
                }
                String property2 = this.properties.getProperty(NetworkConfig.CLIENT_KEY_FILE);
                String property3 = this.properties.getProperty(NetworkConfig.CLIENT_CERT_FILE);
                byte[] bArr = (byte[]) this.properties.get(NetworkConfig.CLIENT_KEY_BYTES);
                if (property2 != null && bArr != null) {
                    logger.warn("SSL CA client key is specified as bytes and as a file path. Using client key specified as bytes.");
                }
                if (property2 != null && bArr == null) {
                    bArr = Files.readAllBytes(Paths.get(property2, new String[0]));
                }
                byte[] bArr2 = (byte[]) this.properties.get(NetworkConfig.CLIENT_CERT_BYTES);
                if (property3 != null && bArr2 != null) {
                    logger.warn("SSL CA client cert is specified as bytes and as a file path. Using client cert specified as bytes.");
                }
                if (property3 != null && bArr2 == null) {
                    bArr2 = Files.readAllBytes(Paths.get(property3, new String[0]));
                }
                if (bArr != null && bArr2 != null) {
                    this.cryptoPrimitives.addClientCACertificateToTrustStore(bArr, bArr2, null);
                }
                SSLContext build = SSLContexts.custom().loadKeyMaterial(this.cryptoPrimitives.getTrustStore(), new char[0]).loadTrustMaterial(this.cryptoPrimitives.getTrustStore(), (TrustStrategy) null).build();
                this.registry = RegistryBuilder.create().register("https", (this.properties == null || !Boolean.parseBoolean(this.properties.getProperty("allowAllHostNames"))) ? new SSLConnectionSocketFactory(build) : new SSLConnectionSocketFactory(build, (str2, sSLSession) -> {
                    return true;
                })).register("http", new PlainConnectionSocketFactory()).build();
            } catch (Exception e3) {
                logger.error(e3);
                throw new InvalidArgumentException(e3);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getURL(String str) throws URISyntaxException, MalformedURLException, InvalidArgumentException {
        return getURL(str, null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getURL(String str, Map<String, String> map) throws URISyntaxException, MalformedURLException, InvalidArgumentException {
        setUpSSL();
        URIBuilder uRIBuilder = new URIBuilder(addCAToURL(this.url + str));
        if (map != null) {
            for (Map.Entry<String, String> entry : map.entrySet()) {
                if (!Utils.isNullOrEmpty(entry.getValue())) {
                    uRIBuilder.addParameter(entry.getKey(), entry.getValue());
                }
            }
        }
        return uRIBuilder.build().toURL().toString();
    }

    String addCAToURL(String str) throws URISyntaxException, MalformedURLException {
        URIBuilder uRIBuilder = new URIBuilder(str);
        if (this.caName != null) {
            boolean z = false;
            Iterator it = uRIBuilder.getQueryParams().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if ("ca".equals(((NameValuePair) it.next()).getName())) {
                    z = true;
                    break;
                }
            }
            if (!z) {
                uRIBuilder.addParameter("ca", this.caName);
            }
        }
        return uRIBuilder.build().toURL().toString();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String toJson(JsonObject jsonObject) {
        StringWriter stringWriter = new StringWriter();
        JsonWriter createWriter = Json.createWriter(new PrintWriter(stringWriter));
        createWriter.writeObject(jsonObject);
        createWriter.close();
        return stringWriter.toString();
    }

    private RequestConfig getRequestConfig() {
        RequestConfig.Builder custom = RequestConfig.custom();
        custom.setConnectionRequestTimeout(CONNECTION_REQUEST_TIMEOUT);
        custom.setConnectTimeout(CONNECT_TIMEOUT);
        custom.setSocketTimeout(SOCKET_TIMEOUT);
        return custom.build();
    }
}
