package com.yeepay.yop.sdk.base.cache;

import com.google.common.cache.CacheBuilder;
import com.google.common.cache.CacheLoader;
import com.google.common.cache.LoadingCache;
import com.google.common.collect.Lists;
import com.yeepay.yop.sdk.YopConstants;
import com.yeepay.yop.sdk.auth.credentials.YopCredentials;
import com.yeepay.yop.sdk.base.security.cert.parser.YopCertParserFactory;
import com.yeepay.yop.sdk.client.YopGlobalClient;
import com.yeepay.yop.sdk.config.enums.CertStoreType;
import com.yeepay.yop.sdk.config.provider.file.YopCertConfig;
import com.yeepay.yop.sdk.model.cert.YopPlatformCertQueryResult;
import com.yeepay.yop.sdk.model.cert.YopPlatformPlainCert;
import com.yeepay.yop.sdk.security.CertTypeEnum;
import com.yeepay.yop.sdk.security.cert.YopCertCategory;
import com.yeepay.yop.sdk.security.cert.YopPublicKey;
import com.yeepay.yop.sdk.service.common.YopClient;
import com.yeepay.yop.sdk.service.common.request.YopRequest;
import com.yeepay.yop.sdk.service.common.response.YopResponse;
import com.yeepay.yop.sdk.utils.EnvUtils;
import com.yeepay.yop.sdk.utils.JsonUtils;
import com.yeepay.yop.sdk.utils.X509CertUtils;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.TimeUnit;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/yeepay/yop/sdk/base/cache/YopCertificateCache.class */
public class YopCertificateCache {
    private static final String CERT_DOWNLOAD_API_URI = "/rest/v2.0/yop/platform/certs";
    private static final String CERT_DOWNLOAD_API_METHOD = "GET";
    private static final String CERT_DOWNLOAD_API_SECURITY = "YOP-SM2-SM3";
    private static final String CERT_DOWNLOAD_API_PARAM_SERIAL_NO = "serialNo";
    private static final String CERT_DOWNLOAD_API_PARAM_CERT_TYPE = "certType";
    private static YopClient YOP_CLIENT;
    private static X509Certificate CFCA_ROOT_CERT;
    private static X509Certificate YOP_INTER_CERT;
    private static X509Certificate YOP_PLATFORM_RSA_CERT;
    private static final String QA_RSA_CERT_SERIAL_NO = "4032156487";
    private static final String PRO_RSA_CERT_SERIAL_NO = "4397139598";
    private static final Logger LOGGER = LoggerFactory.getLogger(YopCertificateCache.class);
    private static final LoadingCache<String, List<X509Certificate>> PLATFORM_CERT_CACHE = initCache(24L, TimeUnit.HOURS);

    public static X509Certificate getCfcaRootCertFromLocal() {
        return CFCA_ROOT_CERT;
    }

    public static X509Certificate getYopInterCertFromLocal() {
        return YOP_INTER_CERT;
    }

    public static X509Certificate getYopPlatformRsaCertFromLocal() {
        return YOP_PLATFORM_RSA_CERT;
    }

    public static List<X509Certificate> loadPlatformSm2Certs(String str, String str2) {
        return loadPlatformSm2Certs(str, str2, null);
    }

    public static List<X509Certificate> loadPlatformSm2Certs(String str, String str2, String str3) {
        return loadPlatformSm2Certs(getCacheKey(str, str2, str3));
    }

    private static List<X509Certificate> loadPlatformSm2Certs(String str) {
        try {
            List<X509Certificate> list = (List) PLATFORM_CERT_CACHE.get(str);
            if (CollectionUtils.isNotEmpty(list)) {
                return list;
            }
            PLATFORM_CERT_CACHE.invalidate(str);
            return null;
        } catch (Exception e) {
            LOGGER.warn("UnexpectedException occurred when load platformCert for cacheKey:" + str, e);
            return null;
        }
    }

    public static List<X509Certificate> refreshPlatformSm2Certs(String str, String str2) {
        return refreshPlatformSm2Certs(str, str2, null);
    }

    public static List<X509Certificate> refreshPlatformSm2Certs(String str, String str2, String str3) {
        String cacheKey = getCacheKey(str, str2, str3);
        try {
            PLATFORM_CERT_CACHE.refresh(cacheKey);
        } catch (Exception e) {
            LOGGER.warn("UnexpectedException occurred when refresh platformCert for cacheKey:" + cacheKey, e);
        }
        return loadPlatformSm2Certs(cacheKey);
    }

    public static List<X509Certificate> reloadPlatformSm2Certs(String str, String str2) {
        return reloadPlatformSm2Certs(str, str2, null);
    }

    public static List<X509Certificate> reloadPlatformSm2Certs(String str, String str2, String str3) {
        String cacheKey = getCacheKey(str, str2, str3);
        try {
            PLATFORM_CERT_CACHE.invalidate(cacheKey);
        } catch (Exception e) {
            LOGGER.warn("UnexpectedException occurred when invalidate platformCert for cacheKey:" + cacheKey, e);
        }
        return loadPlatformSm2Certs(cacheKey);
    }

    private static String getCacheKey(String str, String str2, String str3) {
        return StringUtils.joinWith(",", new Object[]{StringUtils.defaultIfBlank(str, "default"), StringUtils.defaultIfBlank(str2, ""), StringUtils.defaultIfBlank(str3, "")});
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static synchronized List<X509Certificate> doLoad(YopCredentials<?> yopCredentials, String str, String str2) {
        List<X509Certificate> emptyList = Collections.emptyList();
        try {
            YopRequest yopRequest = new YopRequest(CERT_DOWNLOAD_API_URI, CERT_DOWNLOAD_API_METHOD);
            yopRequest.getRequestConfig().setSkipVerifySign(true).setNeedEncrypt(false).setSecurityReq("YOP-SM2-SM3").setCredentials(yopCredentials);
            if (StringUtils.isNotBlank(str)) {
                yopRequest.addParameter(CERT_DOWNLOAD_API_PARAM_SERIAL_NO, str);
            }
            if (StringUtils.isNotBlank(str2)) {
                yopRequest.getRequestConfig().setServerRoot(str2);
            }
            yopRequest.addParameter(CERT_DOWNLOAD_API_PARAM_CERT_TYPE, CertTypeEnum.SM2.getValue());
            List<X509Certificate> checkCerts = checkCerts(parseYopResponse(YOP_CLIENT.request(yopRequest)));
            if (CollectionUtils.isNotEmpty(checkCerts)) {
                emptyList = checkCerts;
            }
        } catch (Exception e) {
            LOGGER.error("error when load sm2 cert from remote, ex:", e);
        }
        return emptyList;
    }

    private static List<YopPlatformPlainCert> parseYopResponse(YopResponse yopResponse) {
        try {
            YopPlatformCertQueryResult yopPlatformCertQueryResult = new YopPlatformCertQueryResult();
            JsonUtils.load(yopResponse.getStringResult(), yopPlatformCertQueryResult);
            return yopPlatformCertQueryResult.getData();
        } catch (Exception e) {
            LOGGER.error("error when load sm2 cert, ex:", e);
            return Collections.emptyList();
        }
    }

    private static List<X509Certificate> checkCerts(List<YopPlatformPlainCert> list) {
        if (!CollectionUtils.isNotEmpty(list)) {
            return Collections.emptyList();
        }
        ArrayList newArrayList = Lists.newArrayList();
        Iterator<YopPlatformPlainCert> it = list.iterator();
        while (it.hasNext()) {
            X509Certificate decodeCert = decodeCert(it.next());
            if (null != decodeCert) {
                decodeCert = verifyCert(decodeCert);
            }
            if (null != decodeCert) {
                newArrayList.add(decodeCert);
            }
        }
        return newArrayList;
    }

    private static X509Certificate decodeCert(YopPlatformPlainCert yopPlatformPlainCert) {
        try {
            return X509CertUtils.getX509Certificate(CertTypeEnum.SM2, yopPlatformPlainCert.getCert().getBytes("UTF-8"));
        } catch (Exception e) {
            LOGGER.warn("fail to decode platform cert:" + yopPlatformPlainCert + ", ex:", e);
            return null;
        }
    }

    private static X509Certificate verifyCert(X509Certificate x509Certificate) {
        try {
            X509CertUtils.verifyCertificate(CertTypeEnum.SM2, YOP_INTER_CERT.getPublicKey(), x509Certificate);
            return x509Certificate;
        } catch (Exception e) {
            LOGGER.error("error to verify platform cert:" + x509Certificate + ", ex:", e);
            return null;
        }
    }

    private static X509Certificate getX509Cert(String str, CertTypeEnum certTypeEnum) {
        YopCertConfig yopCertConfig = new YopCertConfig();
        yopCertConfig.setCertType(certTypeEnum);
        yopCertConfig.setValue(str);
        yopCertConfig.setStoreType(CertStoreType.FILE_CER);
        return ((YopPublicKey) YopCertParserFactory.getCertParser(YopCertCategory.PUBLIC, certTypeEnum).parse(yopCertConfig)).getCert();
    }

    private static LoadingCache<String, List<X509Certificate>> initCache(Long l, TimeUnit timeUnit) {
        CacheBuilder newBuilder = CacheBuilder.newBuilder();
        if (l.longValue() > 0) {
            newBuilder.expireAfterWrite(l.longValue(), timeUnit);
        }
        return newBuilder.build(new CacheLoader<String, List<X509Certificate>>() { // from class: com.yeepay.yop.sdk.base.cache.YopCertificateCache.1
            public List<X509Certificate> load(String str) throws Exception {
                YopCertificateCache.LOGGER.debug("try to init platform cert for cacheKey:" + str);
                List<X509Certificate> emptyList = Collections.emptyList();
                try {
                    String[] splitPreserveAllTokens = StringUtils.splitPreserveAllTokens(str, ",");
                    emptyList = YopCertificateCache.doLoad(YopCredentialsCache.get(splitPreserveAllTokens[0]), splitPreserveAllTokens.length > 1 ? splitPreserveAllTokens[1] : null, splitPreserveAllTokens.length > 2 ? splitPreserveAllTokens[2] : null);
                } catch (Exception e) {
                    YopCertificateCache.LOGGER.warn("UnexpectedException occurred when init platformCert for cacheKey:" + str, e);
                }
                return emptyList;
            }
        });
    }

    static {
        String str = YopConstants.DEFAULT_CFCA_ROOT_FILE;
        String str2 = YopConstants.DEFAULT_YOP_INTER_FILE;
        String str3 = PRO_RSA_CERT_SERIAL_NO;
        if (!EnvUtils.isProd()) {
            String substringBefore = StringUtils.substringBefore(EnvUtils.currentEnv(), "_");
            str = substringBefore + "_" + YopConstants.DEFAULT_CFCA_ROOT_FILE;
            str2 = substringBefore + "_" + YopConstants.DEFAULT_YOP_INTER_FILE;
            str3 = QA_RSA_CERT_SERIAL_NO;
        }
        try {
            CFCA_ROOT_CERT = getX509Cert("config/certs/" + str, CertTypeEnum.SM2);
            X509CertUtils.verifyCertificate(CertTypeEnum.SM2, null, CFCA_ROOT_CERT);
            YOP_INTER_CERT = getX509Cert("config/certs/" + str2, CertTypeEnum.SM2);
            X509CertUtils.verifyCertificate(CertTypeEnum.SM2, CFCA_ROOT_CERT.getPublicKey(), YOP_INTER_CERT);
        } catch (Exception e) {
            LOGGER.error("error when load sm2 parent certs, if you dont use sm2 just ignore it, ex:", e);
        }
        try {
            YOP_PLATFORM_RSA_CERT = getX509Cert("config/certs/yop_platform_rsa_cert_" + str3 + YopConstants.YOP_PLATFORM_CERT_POSTFIX, CertTypeEnum.RSA2048);
        } catch (Exception e2) {
            LOGGER.warn("error when load yop rsa certs，if you dont use rsa just ignore it, ex:", e2);
        }
        YOP_CLIENT = YopGlobalClient.getClient();
    }
}
