package org.openziti.identity;

import java.io.ByteArrayInputStream;
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.ECGenParameterSpec;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.CompletionStage;
import java.util.concurrent.TimeUnit;
import java.util.function.Function;
import javax.net.ssl.SSLContext;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.collections.CollectionsKt;
import kotlin.io.CloseableKt;
import kotlin.jvm.JvmStatic;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.SourceDebugExtension;
import kotlinx.coroutines.BuildersKt;
import kotlinx.coroutines.Dispatchers;
import kotlinx.coroutines.ExecutorsKt;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.openziti.Enrollment;
import org.openziti.IdentityConfig;
import org.openziti.edge.ApiClient;
import org.openziti.edge.ApiException;
import org.openziti.edge.api.AuthenticationApi;
import org.openziti.edge.api.ControllersApi;
import org.openziti.edge.api.InformationalApi;
import org.openziti.edge.model.ApiAddress;
import org.openziti.edge.model.ApiErrorEnvelope;
import org.openziti.edge.model.ApiVersion;
import org.openziti.edge.model.ControllerDetail;
import org.openziti.edge.model.CurrentApiSessionDetailEnvelope;
import org.openziti.edge.model.EnrollmentCerts;
import org.openziti.edge.model.EnrollmentCertsEnvelope;
import org.openziti.edge.model.Jwk;
import org.openziti.edge.model.ListControllersEnvelope;
import org.openziti.edge.model.OtherPrime;
import org.openziti.util.CertsKt;
import org.openziti.util.KeyTrustManager;
import org.openziti.util.Logged;
import org.openziti.util.PrivateKeySigner;
import org.openziti.util.ZitiLog;

/* compiled from: Enroller.kt */
@Metadata(mv = {2, 1, 0}, k = 1, xi = 48, d1 = {"��p\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n\u0002\b\u0005\n\u0002\u0010\u001e\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000b\n��\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010 \n��\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\u0002\n��\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0003\n\u0002\b\u0006\b��\u0018�� .2\u00020\u00012\u00020\u0002:\u0001.B\u000f\u0012\u0006\u0010\u0003\u001a\u00020\u0004¢\u0006\u0004\b\u0005\u0010\u0006J\b\u0010\u0014\u001a\u00020\u0015H\u0016J\b\u0010\u0016\u001a\u00020\u0017H\u0016J\b\u0010\u0018\u001a\u00020\u0019H\u0016J\u0018\u0010\u0018\u001a\u00020\u00192\u0006\u0010\u001a\u001a\u00020\f2\u0006\u0010\u001b\u001a\u00020\fH\u0016J:\u0010\u001c\u001a\b\u0012\u0004\u0012\u00020\f0\u001d2\u0006\u0010\u001e\u001a\u00020\f2\u0006\u0010\u001a\u001a\u00020\u001f2\f\u0010 \u001a\b\u0012\u0004\u0012\u00020\u00130\u00122\f\u0010!\u001a\b\u0012\u0004\u0012\u00020\u00130\u0012H\u0002J\u0011\u0010\"\u001a\u00020#2\u0006\u0010$\u001a\u00020\fH\u0096\u0001J\u001b\u0010\"\u001a\u00020#2\u0010\u0010$\u001a\f\u0012\u0004\u0012\u00020\f0%j\u0002`&H\u0096\u0001J\u0011\u0010'\u001a\u00020#2\u0006\u0010$\u001a\u00020\fH\u0096\u0001J\u0019\u0010'\u001a\u00020#2\u0006\u0010$\u001a\u00020\f2\u0006\u0010(\u001a\u00020)H\u0096\u0001J\u001b\u0010'\u001a\u00020#2\u0010\u0010$\u001a\f\u0012\u0004\u0012\u00020\f0%j\u0002`&H\u0096\u0001J%\u0010'\u001a\u00020#2\b\u0010*\u001a\u0004\u0018\u00010)2\u0010\u0010$\u001a\f\u0012\u0004\u0012\u00020\f0%j\u0002`&H\u0096\u0001J\u0011\u0010+\u001a\u00020#2\u0006\u0010$\u001a\u00020\fH\u0096\u0001J\u001b\u0010+\u001a\u00020#2\u0010\u0010$\u001a\f\u0012\u0004\u0012\u00020\f0%j\u0002`&H\u0096\u0001J\u0011\u0010(\u001a\u00020#2\u0006\u0010$\u001a\u00020\fH\u0096\u0001J\u001b\u0010(\u001a\u00020#2\u0010\u0010$\u001a\f\u0012\u0004\u0012\u00020\f0%j\u0002`&H\u0096\u0001J\u0011\u0010,\u001a\u00020#2\u0006\u0010$\u001a\u00020\fH\u0096\u0001J\u001b\u0010,\u001a\u00020#2\u0010\u0010$\u001a\f\u0012\u0004\u0012\u00020\f0%j\u0002`&H\u0096\u0001J\u0011\u0010-\u001a\u00020#2\u0006\u0010$\u001a\u00020\fH\u0096\u0001J\u001b\u0010-\u001a\u00020#2\u0010\u0010$\u001a\f\u0012\u0004\u0012\u00020\f0%j\u0002`&H\u0096\u0001R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0007\u001a\u00020\bX\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\t\u001a\u00020\nX\u0082\u0004¢\u0006\u0002\n��R\u0011\u0010\u000b\u001a\u00020\f¢\u0006\b\n��\u001a\u0004\b\r\u0010\u000eR\u0011\u0010\u000f\u001a\u00020\f¢\u0006\b\n��\u001a\u0004\b\u0010\u0010\u000eR\u0014\u0010\u0011\u001a\b\u0012\u0004\u0012\u00020\u00130\u0012X\u0082\u0004¢\u0006\u0002\n��¨\u0006/"}, d2 = {"Lorg/openziti/identity/Enroller;", "Lorg/openziti/Enrollment;", "Lorg/openziti/util/Logged;", "jwt", "Lorg/openziti/identity/ZitiJWT;", "<init>", "(Lorg/openziti/identity/ZitiJWT;)V", "http", "Ljava/net/http/HttpClient$Builder;", "api", "Lorg/openziti/edge/ApiClient;", "name", "", "getName", "()Ljava/lang/String;", "token", "getToken", "caCerts", "", "Ljava/security/cert/X509Certificate;", "getMethod", "Lorg/openziti/Enrollment$Method;", "requiresClientCert", "", "enroll", "Lorg/openziti/IdentityConfig;", "key", "cert", "listControllers", "", "ctrl", "Ljava/security/PrivateKey;", "certs", "ca", "d", "", "msg", "Lkotlin/Function0;", "Lorg/openziti/util/LogMsg;", Jwk.JSON_PROPERTY_E, OtherPrime.JSON_PROPERTY_T, "", "ex", "i", "v", "w", "Companion", "ziti"})
@SourceDebugExtension({"SMAP\nEnroller.kt\nKotlin\n*S Kotlin\n*F\n+ 1 Enroller.kt\norg/openziti/identity/Enroller\n+ 2 _Collections.kt\nkotlin/collections/CollectionsKt___CollectionsKt\n+ 3 fake.kt\nkotlin/jvm/internal/FakeKt\n*L\n1#1,210:1\n808#2,11:211\n1617#2,9:222\n1869#2:231\n1870#2:233\n1626#2:234\n774#2:235\n865#2,2:236\n1617#2,9:238\n1869#2:247\n1870#2:249\n1626#2:250\n1#3:232\n1#3:248\n*S KotlinDebug\n*F\n+ 1 Enroller.kt\norg/openziti/identity/Enroller\n*L\n76#1:211,11\n207#1:222,9\n207#1:231\n207#1:233\n207#1:234\n208#1:235\n208#1:236,2\n208#1:238,9\n208#1:247\n208#1:249\n208#1:250\n207#1:232\n208#1:248\n*E\n"})
/* loaded from: input_file:org/openziti/identity/Enroller.class */
public final class Enroller implements Enrollment, Logged {
    private final /* synthetic */ ZitiLog $$delegate_0;

    @NotNull
    private final ZitiJWT jwt;

    @NotNull
    private final HttpClient.Builder http;

    @NotNull
    private final ApiClient api;

    @NotNull
    private final String name;

    @NotNull
    private final String token;

    @NotNull
    private final Collection<X509Certificate> caCerts;

    @NotNull
    public static final Companion Companion = new Companion(null);

    @NotNull
    private static final ECGenParameterSpec P256 = new ECGenParameterSpec("secp256r1");

    /* compiled from: Enroller.kt */
    @Metadata(mv = {2, 1, 0}, k = 1, xi = 48, d1 = {"��J\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\u0002\n��\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0003\n\u0002\b\u0005\b\u0086\u0003\u0018��2\u00020\u0001B\t\b\u0002¢\u0006\u0004\b\u0002\u0010\u0003J\u0010\u0010\b\u001a\u00020\t2\u0006\u0010\n\u001a\u00020\u000bH\u0007J\u0010\u0010\f\u001a\n \u000e*\u0004\u0018\u00010\r0\rH\u0002J\u0018\u0010\u000f\u001a\u00020\u00102\u0006\u0010\u0011\u001a\u00020\u000b2\u0006\u0010\u0012\u001a\u00020\rH\u0002J\u0011\u0010\u0013\u001a\u00020\u00142\u0006\u0010\u0015\u001a\u00020\u000bH\u0096\u0001J\u001b\u0010\u0013\u001a\u00020\u00142\u0010\u0010\u0015\u001a\f\u0012\u0004\u0012\u00020\u000b0\u0016j\u0002`\u0017H\u0096\u0001J\u0011\u0010\u0018\u001a\u00020\u00142\u0006\u0010\u0015\u001a\u00020\u000bH\u0096\u0001J\u0019\u0010\u0018\u001a\u00020\u00142\u0006\u0010\u0015\u001a\u00020\u000b2\u0006\u0010\u0019\u001a\u00020\u001aH\u0096\u0001J\u001b\u0010\u0018\u001a\u00020\u00142\u0010\u0010\u0015\u001a\f\u0012\u0004\u0012\u00020\u000b0\u0016j\u0002`\u0017H\u0096\u0001J%\u0010\u0018\u001a\u00020\u00142\b\u0010\u001b\u001a\u0004\u0018\u00010\u001a2\u0010\u0010\u0015\u001a\f\u0012\u0004\u0012\u00020\u000b0\u0016j\u0002`\u0017H\u0096\u0001J\u0011\u0010\u001c\u001a\u00020\u00142\u0006\u0010\u0015\u001a\u00020\u000bH\u0096\u0001J\u001b\u0010\u001c\u001a\u00020\u00142\u0010\u0010\u0015\u001a\f\u0012\u0004\u0012\u00020\u000b0\u0016j\u0002`\u0017H\u0096\u0001J\u0011\u0010\u0019\u001a\u00020\u00142\u0006\u0010\u0015\u001a\u00020\u000bH\u0096\u0001J\u001b\u0010\u0019\u001a\u00020\u00142\u0010\u0010\u0015\u001a\f\u0012\u0004\u0012\u00020\u000b0\u0016j\u0002`\u0017H\u0096\u0001J\u0011\u0010\u001d\u001a\u00020\u00142\u0006\u0010\u0015\u001a\u00020\u000bH\u0096\u0001J\u001b\u0010\u001d\u001a\u00020\u00142\u0010\u0010\u0015\u001a\f\u0012\u0004\u0012\u00020\u000b0\u0016j\u0002`\u0017H\u0096\u0001J\u0011\u0010\u001e\u001a\u00020\u00142\u0006\u0010\u0015\u001a\u00020\u000bH\u0096\u0001J\u001b\u0010\u001e\u001a\u00020\u00142\u0010\u0010\u0015\u001a\f\u0012\u0004\u0012\u00020\u000b0\u0016j\u0002`\u0017H\u0096\u0001R\u0011\u0010\u0004\u001a\u00020\u0005¢\u0006\b\n��\u001a\u0004\b\u0006\u0010\u0007¨\u0006\u001f"}, d2 = {"Lorg/openziti/identity/Enroller$Companion;", "Lorg/openziti/util/Logged;", "<init>", "()V", "P256", "Ljava/security/spec/ECGenParameterSpec;", "getP256", "()Ljava/security/spec/ECGenParameterSpec;", "fromJWT", "Lorg/openziti/identity/Enroller;", "jwt", "", "generateKeyPair", "Ljava/security/KeyPair;", "kotlin.jvm.PlatformType", "createCsr", "Lorg/bouncycastle/pkcs/PKCS10CertificationRequest;", "name", "keyPair", "d", "", "msg", "Lkotlin/Function0;", "Lorg/openziti/util/LogMsg;", Jwk.JSON_PROPERTY_E, OtherPrime.JSON_PROPERTY_T, "", "ex", "i", "v", "w", "ziti"})
    /* loaded from: input_file:org/openziti/identity/Enroller$Companion.class */
    public static final class Companion implements Logged {
        private final /* synthetic */ ZitiLog $$delegate_0;

        private Companion() {
            this.$$delegate_0 = new ZitiLog("ziti-enroller", null, 2, null);
        }

        @NotNull
        public final ECGenParameterSpec getP256() {
            return Enroller.P256;
        }

        @JvmStatic
        @NotNull
        public final Enroller fromJWT(@NotNull String jwt) {
            Intrinsics.checkNotNullParameter(jwt, "jwt");
            return (Enroller) BuildersKt.runBlocking(Dispatchers.getIO(), new Enroller$Companion$fromJWT$1(jwt, null));
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final KeyPair generateKeyPair() {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
            keyPairGenerator.initialize(Enroller.Companion.getP256());
            return keyPairGenerator.generateKeyPair();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public final PKCS10CertificationRequest createCsr(String str, KeyPair keyPair) {
            JcaPKCS10CertificationRequestBuilder jcaPKCS10CertificationRequestBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Name("CN=" + str), keyPair.getPublic());
            PrivateKey privateKey = keyPair.getPrivate();
            Intrinsics.checkNotNullExpressionValue(privateKey, "getPrivate(...)");
            PKCS10CertificationRequest build = jcaPKCS10CertificationRequestBuilder.build(new PrivateKeySigner(privateKey, "SHA256withECDSA"));
            Intrinsics.checkNotNullExpressionValue(build, "build(...)");
            return build;
        }

        @Override // org.openziti.util.Logged
        public void e(@NotNull Function0<String> msg) {
            Intrinsics.checkNotNullParameter(msg, "msg");
            this.$$delegate_0.e(msg);
        }

        @Override // org.openziti.util.Logged
        public void e(@NotNull String msg) {
            Intrinsics.checkNotNullParameter(msg, "msg");
            this.$$delegate_0.e(msg);
        }

        @Override // org.openziti.util.Logged
        public void e(@NotNull String msg, @NotNull Throwable t) {
            Intrinsics.checkNotNullParameter(msg, "msg");
            Intrinsics.checkNotNullParameter(t, "t");
            this.$$delegate_0.e(msg, t);
        }

        @Override // org.openziti.util.Logged
        public void e(@Nullable Throwable th, @NotNull Function0<String> msg) {
            Intrinsics.checkNotNullParameter(msg, "msg");
            this.$$delegate_0.e(th, msg);
        }

        @Override // org.openziti.util.Logged
        public void w(@NotNull Function0<String> msg) {
            Intrinsics.checkNotNullParameter(msg, "msg");
            this.$$delegate_0.w(msg);
        }

        @Override // org.openziti.util.Logged
        public void w(@NotNull String msg) {
            Intrinsics.checkNotNullParameter(msg, "msg");
            this.$$delegate_0.w(msg);
        }

        @Override // org.openziti.util.Logged
        public void i(@NotNull Function0<String> msg) {
            Intrinsics.checkNotNullParameter(msg, "msg");
            this.$$delegate_0.i(msg);
        }

        @Override // org.openziti.util.Logged
        public void i(@NotNull String msg) {
            Intrinsics.checkNotNullParameter(msg, "msg");
            this.$$delegate_0.i(msg);
        }

        @Override // org.openziti.util.Logged
        public void d(@NotNull Function0<String> msg) {
            Intrinsics.checkNotNullParameter(msg, "msg");
            this.$$delegate_0.d(msg);
        }

        @Override // org.openziti.util.Logged
        public void d(@NotNull String msg) {
            Intrinsics.checkNotNullParameter(msg, "msg");
            this.$$delegate_0.d(msg);
        }

        @Override // org.openziti.util.Logged
        public void v(@NotNull Function0<String> msg) {
            Intrinsics.checkNotNullParameter(msg, "msg");
            this.$$delegate_0.v(msg);
        }

        @Override // org.openziti.util.Logged
        public void v(@NotNull String msg) {
            Intrinsics.checkNotNullParameter(msg, "msg");
            this.$$delegate_0.v(msg);
        }

        @Override // org.openziti.util.Logged
        public void t(@NotNull Function0<String> msg) {
            Intrinsics.checkNotNullParameter(msg, "msg");
            this.$$delegate_0.t(msg);
        }

        @Override // org.openziti.util.Logged
        public void t(@NotNull String msg) {
            Intrinsics.checkNotNullParameter(msg, "msg");
            this.$$delegate_0.t(msg);
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    /* compiled from: Enroller.kt */
    @Metadata(mv = {2, 1, 0}, k = 3, xi = 48)
    /* loaded from: input_file:org/openziti/identity/Enroller$WhenMappings.class */
    public /* synthetic */ class WhenMappings {
        public static final /* synthetic */ int[] $EnumSwitchMapping$0;

        static {
            int[] iArr = new int[Enrollment.Method.values().length];
            try {
                iArr[Enrollment.Method.ca.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                iArr[Enrollment.Method.ottca.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            $EnumSwitchMapping$0 = iArr;
        }
    }

    public Enroller(@NotNull ZitiJWT jwt) {
        String str;
        Intrinsics.checkNotNullParameter(jwt, "jwt");
        this.$$delegate_0 = new ZitiLog("ziti-enroll", null, 2, null);
        this.jwt = jwt;
        HttpClient.Builder createDefaultHttpClientBuilder = ApiClient.createDefaultHttpClientBuilder();
        createDefaultHttpClientBuilder.executor(ExecutorsKt.asExecutor(Dispatchers.getIO()));
        SSLContext sSLContext = SSLContext.getInstance("TLSv1.2");
        sSLContext.init(null, new KeyTrustManager[]{new KeyTrustManager(this.jwt.getServerKey())}, new SecureRandom());
        createDefaultHttpClientBuilder.sslContext(sSLContext);
        Intrinsics.checkNotNullExpressionValue(createDefaultHttpClientBuilder, "apply(...)");
        this.http = createDefaultHttpClientBuilder;
        this.api = new ApiClient(this.http, ApiClient.createDefaultObjectMapper(), this.jwt.getController().toString());
        this.name = this.jwt.getName();
        this.token = this.jwt.getToken();
        byte[] decode = Base64.getMimeDecoder().decode((String) this.http.build().send(HttpRequest.newBuilder(this.jwt.getController().resolve("/.well-known/est/cacerts")).build(), HttpResponse.BodyHandlers.ofString()).body());
        Intrinsics.checkNotNullExpressionValue(decode, "decode(...)");
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(decode);
        try {
            Collection<? extends Certificate> generateCertificates = CertificateFactory.getInstance("X.509").generateCertificates(byteArrayInputStream);
            CloseableKt.closeFinally(byteArrayInputStream, null);
            Intrinsics.checkNotNullExpressionValue(generateCertificates, "use(...)");
            Collection<? extends Certificate> collection = generateCertificates;
            ArrayList arrayList = new ArrayList();
            for (Object obj : collection) {
                if (obj instanceof X509Certificate) {
                    arrayList.add(obj);
                }
            }
            this.caCerts = arrayList;
            Map<String, Map<String, ApiVersion>> apiVersions = new InformationalApi(this.api).listVersion().join().getData().getApiVersions();
            if (apiVersions != null) {
                Map<String, ApiVersion> map = apiVersions.get("edge");
                if (map != null) {
                    ApiVersion apiVersion = map.get("v1");
                    if (apiVersion != null) {
                        str = apiVersion.getPath();
                        String str2 = str;
                        ApiClient apiClient = this.api;
                        Intrinsics.checkNotNull(str2);
                        apiClient.setBasePath(str2);
                    }
                }
            }
            str = null;
            String str22 = str;
            ApiClient apiClient2 = this.api;
            Intrinsics.checkNotNull(str22);
            apiClient2.setBasePath(str22);
        } catch (Throwable th) {
            CloseableKt.closeFinally(byteArrayInputStream, null);
            throw th;
        }
    }

    @NotNull
    public final String getName() {
        return this.name;
    }

    @NotNull
    public final String getToken() {
        return this.token;
    }

    @Override // org.openziti.Enrollment
    @NotNull
    public Enrollment.Method getMethod() {
        return this.jwt.getMethod();
    }

    @Override // org.openziti.Enrollment
    public boolean requiresClientCert() {
        switch (WhenMappings.$EnumSwitchMapping$0[this.jwt.getMethod().ordinal()]) {
            case 1:
            case 2:
                return true;
            default:
                return false;
        }
    }

    @Override // org.openziti.Enrollment
    @NotNull
    public IdentityConfig enroll() {
        if (!(!requiresClientCert())) {
            throw new IllegalArgumentException(("cannot be used with `" + this.jwt.getMethod() + "' enrollment method").toString());
        }
        KeyPair generateKeyPair = Companion.generateKeyPair();
        Companion companion = Companion;
        String str = this.token;
        Intrinsics.checkNotNull(generateKeyPair);
        HttpResponse send = this.http.build().send(HttpRequest.newBuilder(URI.create(this.api.getBaseUri() + "/enroll?method=" + this.jwt.getMethod() + "&token=" + this.token)).header("content-type", "application/x-pem-file").header("accept", "application/json").POST(HttpRequest.BodyPublishers.ofString(CertsKt.toPEM(companion.createCsr(str, generateKeyPair)))).build(), HttpResponse.BodyHandlers.ofString());
        String str2 = (String) send.body();
        if (send.statusCode() != 200) {
            throw new ApiException(send.statusCode(), ((ApiErrorEnvelope) this.api.getObjectMapper().readValue(str2, ApiErrorEnvelope.class)).getError().getMessage());
        }
        EnrollmentCerts data = ((EnrollmentCertsEnvelope) this.api.getObjectMapper().readValue(str2, EnrollmentCertsEnvelope.class)).getData();
        Intrinsics.checkNotNull(data);
        String cert = data.getCert();
        Intrinsics.checkNotNull(cert);
        String baseUri = this.api.getBaseUri();
        Intrinsics.checkNotNullExpressionValue(baseUri, "getBaseUri(...)");
        PrivateKey privateKey = generateKeyPair.getPrivate();
        Intrinsics.checkNotNullExpressionValue(privateKey, "getPrivate(...)");
        List<String> listControllers = listControllers(baseUri, privateKey, CertsKt.readCerts(cert), this.caCerts);
        String baseUri2 = this.api.getBaseUri();
        Intrinsics.checkNotNullExpressionValue(baseUri2, "getBaseUri(...)");
        PrivateKey privateKey2 = generateKeyPair.getPrivate();
        Intrinsics.checkNotNullExpressionValue(privateKey2, "getPrivate(...)");
        return new IdentityConfig(baseUri2, listControllers, new IdentityConfig.Id(CertsKt.toPEM(privateKey2), cert, CollectionsKt.joinToString$default(this.caCerts, "\n", null, null, 0, null, Enroller::enroll$lambda$5, 30, null)));
    }

    @Override // org.openziti.Enrollment
    @NotNull
    public IdentityConfig enroll(@NotNull String key, @NotNull String cert) {
        Intrinsics.checkNotNullParameter(key, "key");
        Intrinsics.checkNotNullParameter(cert, "cert");
        if (!requiresClientCert()) {
            throw new IllegalArgumentException(("cannot be used with `" + this.jwt.getMethod() + "' enrollment method").toString());
        }
        PrivateKey readKey = CertsKt.readKey(key);
        List<X509Certificate> readCerts = CertsKt.readCerts(cert);
        this.http.sslContext(UtilKt.makeSSLContext(readKey, readCerts, this.caCerts));
        HttpResponse send = this.http.build().send(HttpRequest.newBuilder(URI.create(this.api.getBaseUri() + "/enroll?method=" + this.jwt.getMethod() + "&token=" + this.token)).header("accept", "application/json").POST(HttpRequest.BodyPublishers.ofByteArray(new byte[0])).build(), HttpResponse.BodyHandlers.ofString());
        String str = (String) send.body();
        if (send.statusCode() != 200) {
            throw new ApiException(send.statusCode(), ((ApiErrorEnvelope) this.api.getObjectMapper().readValue(str, ApiErrorEnvelope.class)).getError().getMessage());
        }
        String baseUri = this.api.getBaseUri();
        Intrinsics.checkNotNullExpressionValue(baseUri, "getBaseUri(...)");
        List<String> listControllers = listControllers(baseUri, readKey, readCerts, this.caCerts);
        String baseUri2 = this.api.getBaseUri();
        Intrinsics.checkNotNullExpressionValue(baseUri2, "getBaseUri(...)");
        return new IdentityConfig(baseUri2, listControllers, new IdentityConfig.Id(key, cert, CollectionsKt.joinToString$default(this.caCerts, "\n", null, null, 0, null, Enroller::enroll$lambda$7, 30, null)));
    }

    private final List<String> listControllers(String str, PrivateKey privateKey, Collection<? extends X509Certificate> collection, Collection<? extends X509Certificate> collection2) {
        ApiClient apiClient = new ApiClient(ApiClient.createDefaultHttpClientBuilder().sslContext(UtilKt.makeSSLContext(privateKey, collection, collection2)), ApiClient.createDefaultObjectMapper(), str);
        CompletableFuture<CurrentApiSessionDetailEnvelope> authenticate = new AuthenticationApi(apiClient).authenticate("cert", null);
        Function1 function1 = (v1) -> {
            return listControllers$lambda$9(r1, v1);
        };
        CompletableFuture<U> thenApply = authenticate.thenApply((v1) -> {
            return listControllers$lambda$10(r1, v1);
        });
        Function1 function12 = (v1) -> {
            return listControllers$lambda$11(r1, v1);
        };
        ListControllersEnvelope listControllersEnvelope = (ListControllersEnvelope) thenApply.thenCompose((Function<? super U, ? extends CompletionStage<U>>) (v1) -> {
            return listControllers$lambda$12(r1, v1);
        }).get(3L, TimeUnit.SECONDS);
        if (listControllersEnvelope.getData().isEmpty()) {
            return CollectionsKt.listOf(str);
        }
        List<ControllerDetail> data = listControllersEnvelope.getData();
        Intrinsics.checkNotNullExpressionValue(data, "getData(...)");
        List<ControllerDetail> list = data;
        ArrayList arrayList = new ArrayList();
        Iterator<T> it = list.iterator();
        while (it.hasNext()) {
            Map<String, List<ApiAddress>> apiAddresses = ((ControllerDetail) it.next()).getApiAddresses();
            List<ApiAddress> list2 = apiAddresses != null ? apiAddresses.get("edge-client") : null;
            if (list2 != null) {
                arrayList.add(list2);
            }
        }
        List flatten = CollectionsKt.flatten(arrayList);
        ArrayList arrayList2 = new ArrayList();
        for (Object obj : flatten) {
            if (Intrinsics.areEqual(((ApiAddress) obj).getVersion(), "v1")) {
                arrayList2.add(obj);
            }
        }
        ArrayList arrayList3 = arrayList2;
        ArrayList arrayList4 = new ArrayList();
        Iterator it2 = arrayList3.iterator();
        while (it2.hasNext()) {
            String url = ((ApiAddress) it2.next()).getUrl();
            if (url != null) {
                arrayList4.add(url);
            }
        }
        return arrayList4;
    }

    @Override // org.openziti.util.Logged
    public void e(@NotNull Function0<String> msg) {
        Intrinsics.checkNotNullParameter(msg, "msg");
        this.$$delegate_0.e(msg);
    }

    @Override // org.openziti.util.Logged
    public void e(@NotNull String msg) {
        Intrinsics.checkNotNullParameter(msg, "msg");
        this.$$delegate_0.e(msg);
    }

    @Override // org.openziti.util.Logged
    public void e(@NotNull String msg, @NotNull Throwable t) {
        Intrinsics.checkNotNullParameter(msg, "msg");
        Intrinsics.checkNotNullParameter(t, "t");
        this.$$delegate_0.e(msg, t);
    }

    @Override // org.openziti.util.Logged
    public void e(@Nullable Throwable th, @NotNull Function0<String> msg) {
        Intrinsics.checkNotNullParameter(msg, "msg");
        this.$$delegate_0.e(th, msg);
    }

    @Override // org.openziti.util.Logged
    public void w(@NotNull Function0<String> msg) {
        Intrinsics.checkNotNullParameter(msg, "msg");
        this.$$delegate_0.w(msg);
    }

    @Override // org.openziti.util.Logged
    public void w(@NotNull String msg) {
        Intrinsics.checkNotNullParameter(msg, "msg");
        this.$$delegate_0.w(msg);
    }

    @Override // org.openziti.util.Logged
    public void i(@NotNull Function0<String> msg) {
        Intrinsics.checkNotNullParameter(msg, "msg");
        this.$$delegate_0.i(msg);
    }

    @Override // org.openziti.util.Logged
    public void i(@NotNull String msg) {
        Intrinsics.checkNotNullParameter(msg, "msg");
        this.$$delegate_0.i(msg);
    }

    @Override // org.openziti.util.Logged
    public void d(@NotNull Function0<String> msg) {
        Intrinsics.checkNotNullParameter(msg, "msg");
        this.$$delegate_0.d(msg);
    }

    @Override // org.openziti.util.Logged
    public void d(@NotNull String msg) {
        Intrinsics.checkNotNullParameter(msg, "msg");
        this.$$delegate_0.d(msg);
    }

    @Override // org.openziti.util.Logged
    public void v(@NotNull Function0<String> msg) {
        Intrinsics.checkNotNullParameter(msg, "msg");
        this.$$delegate_0.v(msg);
    }

    @Override // org.openziti.util.Logged
    public void v(@NotNull String msg) {
        Intrinsics.checkNotNullParameter(msg, "msg");
        this.$$delegate_0.v(msg);
    }

    @Override // org.openziti.util.Logged
    public void t(@NotNull Function0<String> msg) {
        Intrinsics.checkNotNullParameter(msg, "msg");
        this.$$delegate_0.t(msg);
    }

    @Override // org.openziti.util.Logged
    public void t(@NotNull String msg) {
        Intrinsics.checkNotNullParameter(msg, "msg");
        this.$$delegate_0.t(msg);
    }

    private static final CharSequence enroll$lambda$5(X509Certificate it) {
        Intrinsics.checkNotNullParameter(it, "it");
        return CertsKt.toPEM(it);
    }

    private static final CharSequence enroll$lambda$7(X509Certificate it) {
        Intrinsics.checkNotNullParameter(it, "it");
        return CertsKt.toPEM(it);
    }

    private static final void listControllers$lambda$9$lambda$8(CurrentApiSessionDetailEnvelope currentApiSessionDetailEnvelope, HttpRequest.Builder builder) {
        builder.header("zt-session", currentApiSessionDetailEnvelope.getData().getToken());
    }

    private static final Unit listControllers$lambda$9(ApiClient apiClient, CurrentApiSessionDetailEnvelope currentApiSessionDetailEnvelope) {
        apiClient.setRequestInterceptor((v1) -> {
            listControllers$lambda$9$lambda$8(r1, v1);
        });
        return Unit.INSTANCE;
    }

    private static final Unit listControllers$lambda$10(Function1 function1, Object obj) {
        return (Unit) function1.invoke(obj);
    }

    private static final CompletionStage listControllers$lambda$11(ApiClient apiClient, Unit unit) {
        return new ControllersApi(apiClient).listControllers(10, 0, null);
    }

    private static final CompletionStage listControllers$lambda$12(Function1 function1, Object obj) {
        return (CompletionStage) function1.invoke(obj);
    }

    @JvmStatic
    @NotNull
    public static final Enroller fromJWT(@NotNull String str) {
        return Companion.fromJWT(str);
    }
}
