package com.yeepay.yop.sdk.auth.credentials.provider;

import com.yeepay.yop.sdk.auth.credentials.YopPlatformCredentials;
import com.yeepay.yop.sdk.auth.credentials.YopPlatformCredentialsHolder;
import com.yeepay.yop.sdk.auth.credentials.provider.loader.YopPlatformCredentialsLoader;
import com.yeepay.yop.sdk.auth.credentials.provider.loader.YopRsaPlatformCredentialsLoader;
import com.yeepay.yop.sdk.auth.credentials.provider.loader.YopSm2PlatformCredentialsLoader;
import com.yeepay.yop.sdk.config.provider.YopSdkConfigProviderRegistry;
import com.yeepay.yop.sdk.config.provider.file.YopCertStore;
import com.yeepay.yop.sdk.exception.YopClientException;
import com.yeepay.yop.sdk.exception.YopServiceException;
import com.yeepay.yop.sdk.security.CertTypeEnum;
import com.yeepay.yop.sdk.utils.FileUtils;
import com.yeepay.yop.sdk.utils.Sm2CertUtils;
import java.io.File;
import java.io.FileInputStream;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import org.apache.commons.collections4.MapUtils;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/yeepay/yop/sdk/auth/credentials/provider/YopFilePlatformCredentialsProvider.class */
public class YopFilePlatformCredentialsProvider extends AbstractYopPlatformCredentialsProvider {
    protected static final Logger LOGGER = LoggerFactory.getLogger(YopFilePlatformCredentialsProvider.class);
    private YopPlatformCredentialsLoader rsaDelegate = new YopRsaPlatformCredentialsLoader();
    private YopPlatformCredentialsLoader sm2Delegate = new YopSm2PlatformCredentialsLoader();
    private Map<String, YopPlatformCredentials> credentialsMap = new ConcurrentHashMap();
    protected static X509Certificate cfcaRoot;
    protected static X509Certificate yopInter;

    public YopFilePlatformCredentialsProvider() {
        try {
            cfcaRoot = Sm2CertUtils.getX509Certificate(FileUtils.getResourceAsStream("config/certs/cfca_root.pem"));
            try {
                Sm2CertUtils.verifyCertificate(null, cfcaRoot);
                yopInter = Sm2CertUtils.getX509Certificate(FileUtils.getResourceAsStream("config/certs/yop_inter.pem"));
                try {
                    Sm2CertUtils.verifyCertificate(cfcaRoot.getPublicKey(), yopInter);
                } catch (Exception e) {
                    throw new YopClientException("invalid yop inter cert, detail:" + e.getMessage());
                }
            } catch (Exception e2) {
                throw new YopClientException("invalid cfca root cert, detail:" + e2.getMessage());
            }
        } catch (Exception e3) {
            LOGGER.error("error when load parent certs, ex:", e3);
        }
    }

    @Override // com.yeepay.yop.sdk.auth.credentials.provider.YopPlatformCredentialsProvider
    public YopPlatformCredentials getCredentials(String str, String str2) {
        if (StringUtils.isBlank(str2)) {
            throw new YopServiceException("serialNo is required");
        }
        YopPlatformCredentials yopPlatformCredentials = this.credentialsMap.get(str2);
        if (null == yopPlatformCredentials) {
            if (!str2.equals(YopPlatformCredentialsProvider.YOP_CERT_RSA_DEFAULT_SERIAL_NO)) {
                Map<String, YopPlatformCredentials> load = load(str, str2);
                if (MapUtils.isNotEmpty(load)) {
                    for (Map.Entry<String, YopPlatformCredentials> entry : load.entrySet()) {
                        this.credentialsMap.put(entry.getKey(), entry.getValue());
                    }
                }
                if (load.containsKey(str2)) {
                    return load.get(str2);
                }
            }
            Map<String, YopPlatformCredentials> load2 = this.rsaDelegate.load(str, str2);
            if (MapUtils.isNotEmpty(load2)) {
                for (Map.Entry<String, YopPlatformCredentials> entry2 : load2.entrySet()) {
                    this.credentialsMap.put(entry2.getKey(), entry2.getValue());
                }
            }
            if (load2.containsKey(str2)) {
                return load2.get(str2);
            }
        }
        return yopPlatformCredentials;
    }

    @Override // com.yeepay.yop.sdk.auth.credentials.provider.YopPlatformCredentialsProvider
    public Map<String, YopPlatformCredentials> reload(String str, String str2) {
        Map<String, YopPlatformCredentials> reload = this.sm2Delegate.reload(str, str2);
        if (MapUtils.isNotEmpty(reload)) {
            this.credentialsMap.putAll(reload);
        }
        Map<String, YopPlatformCredentials> reload2 = this.rsaDelegate.reload(str, str2);
        if (MapUtils.isNotEmpty(reload2)) {
            this.credentialsMap.putAll(reload2);
        }
        return Collections.unmodifiableMap(this.credentialsMap);
    }

    private Map<String, YopPlatformCredentials> load(String str, String str2) {
        YopCertStore yopCertStore = YopSdkConfigProviderRegistry.getProvider().getConfig().getYopCertStore();
        Map<String, X509Certificate> loadAndVerifyFromLocal = loadAndVerifyFromLocal(yopCertStore, str2);
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        if (MapUtils.isNotEmpty(loadAndVerifyFromLocal)) {
            for (Map.Entry<String, X509Certificate> entry : loadAndVerifyFromLocal.entrySet()) {
                linkedHashMap.put(entry.getKey(), new YopPlatformCredentialsHolder().withSerialNo(str2).withPublicKey(CertTypeEnum.SM2, entry.getValue().getPublicKey()));
            }
            if (linkedHashMap.containsKey(str2)) {
                return linkedHashMap;
            }
        }
        LOGGER.info("no available sm2 cert from local, path:{}, serialNo{}", yopCertStore.getPath(), str2);
        return this.sm2Delegate.load(str, str2);
    }

    private Map<String, X509Certificate> loadAndVerifyFromLocal(YopCertStore yopCertStore, String str) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        if (StringUtils.isNotBlank(yopCertStore.getPath()) && BooleanUtils.isTrue(yopCertStore.getEnable())) {
            File file = new File(yopCertStore.getPath(), "yop_cert_" + str + ".pem");
            if (file.exists()) {
                try {
                    X509Certificate x509Certificate = Sm2CertUtils.getX509Certificate(new FileInputStream(file));
                    Sm2CertUtils.verifyCertificate(yopInter.getPublicKey(), x509Certificate);
                    String bigInteger = x509Certificate.getSerialNumber().toString();
                    if (!bigInteger.equals(str)) {
                        LOGGER.warn("wrong file name for cert, path:{}, realSerialNo:{}", file.getName(), bigInteger);
                    }
                    linkedHashMap.put(bigInteger, x509Certificate);
                } catch (Exception e) {
                    LOGGER.error("error when load cert from local file:" + file.getName() + ", ex:", e);
                }
            } else {
                LOGGER.warn("invalid path when load cert from local file, path:{}", yopCertStore.getPath());
            }
        }
        return linkedHashMap;
    }
}
