package com.yeepay.yop.sdk.base.auth.credentials.provider;

import com.google.common.collect.Maps;
import com.google.common.collect.Queues;
import com.google.common.util.concurrent.ThreadFactoryBuilder;
import com.yeepay.yop.sdk.YopConstants;
import com.yeepay.yop.sdk.auth.credentials.PKICredentialsItem;
import com.yeepay.yop.sdk.auth.credentials.YopPlatformCredentials;
import com.yeepay.yop.sdk.auth.credentials.YopPlatformCredentialsHolder;
import com.yeepay.yop.sdk.auth.credentials.provider.YopPlatformCredentialsProvider;
import com.yeepay.yop.sdk.base.cache.YopCertificateCache;
import com.yeepay.yop.sdk.exception.YopClientException;
import com.yeepay.yop.sdk.security.CertTypeEnum;
import com.yeepay.yop.sdk.utils.X509CertUtils;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ThreadPoolExecutor;
import java.util.concurrent.TimeUnit;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/yeepay/yop/sdk/base/auth/credentials/provider/YopBasePlatformCredentialsProvider.class */
public abstract class YopBasePlatformCredentialsProvider implements YopPlatformCredentialsProvider {
    protected static final Logger LOGGER = LoggerFactory.getLogger(YopBasePlatformCredentialsProvider.class);
    protected static final ThreadPoolExecutor THREAD_POOL = new ThreadPoolExecutor(2, 20, 3, TimeUnit.MINUTES, Queues.newLinkedBlockingQueue(200), new ThreadFactoryBuilder().setNameFormat("yop-platform-cert-store-task-%d").build(), new ThreadPoolExecutor.CallerRunsPolicy());
    protected Map<String, YopPlatformCredentials> credentialsMap = Maps.newConcurrentMap();

    /* renamed from: com.yeepay.yop.sdk.base.auth.credentials.provider.YopBasePlatformCredentialsProvider$1, reason: invalid class name */
    /* loaded from: input_file:com/yeepay/yop/sdk/base/auth/credentials/provider/YopBasePlatformCredentialsProvider$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$yeepay$yop$sdk$security$CertTypeEnum = new int[CertTypeEnum.values().length];

        static {
            try {
                $SwitchMap$com$yeepay$yop$sdk$security$CertTypeEnum[CertTypeEnum.SM2.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$yeepay$yop$sdk$security$CertTypeEnum[CertTypeEnum.RSA2048.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    public YopPlatformCredentials getCredentials(String str, String str2) {
        if (StringUtils.isBlank(str2)) {
            throw new YopClientException("serialNo is required");
        }
        YopPlatformCredentials computeIfAbsent = this.credentialsMap.computeIfAbsent(str2, str3 -> {
            if (str2.equals(YopConstants.YOP_RSA_PLATFORM_CERT_DEFAULT_SERIAL_NO)) {
                return convertRsaCredentials(str, CertTypeEnum.RSA2048, loadLocalRsaCert(str, str2));
            }
            YopPlatformCredentials loadCredentialsFromStore = loadCredentialsFromStore(str, str2);
            if (null != loadCredentialsFromStore) {
                return loadCredentialsFromStore;
            }
            return storeCredentials(str, CertTypeEnum.SM2.name(), loadRemoteSm2Cert(str, str2));
        });
        if (null != computeIfAbsent) {
            String serialNo = computeIfAbsent.getSerialNo();
            this.credentialsMap.put(str2, computeIfAbsent);
            if (!StringUtils.equals(serialNo, str2)) {
                this.credentialsMap.put(serialNo, computeIfAbsent);
            }
        }
        return computeIfAbsent;
    }

    private YopPlatformCredentials convertRsaCredentials(String str, CertTypeEnum certTypeEnum, X509Certificate x509Certificate) {
        return new YopPlatformCredentialsHolder().withAppKey(str).withSerialNo(x509Certificate.getSerialNumber().toString()).withCredentials(new PKICredentialsItem(x509Certificate.getPublicKey(), certTypeEnum));
    }

    protected abstract YopPlatformCredentials loadCredentialsFromStore(String str, String str2);

    protected X509Certificate loadRemoteSm2Cert(String str, String str2) {
        List<X509Certificate> loadPlatformSm2Certs = YopCertificateCache.loadPlatformSm2Certs(str, str2);
        if (!CollectionUtils.isNotEmpty(loadPlatformSm2Certs)) {
            return null;
        }
        HashMap newHashMapWithExpectedSize = Maps.newHashMapWithExpectedSize(loadPlatformSm2Certs.size());
        loadPlatformSm2Certs.forEach(x509Certificate -> {
        });
        saveCertsIntoStoreAsync(str, CertTypeEnum.SM2.name(), loadPlatformSm2Certs);
        return (X509Certificate) newHashMapWithExpectedSize.get(str2);
    }

    protected void saveCertsIntoStoreAsync(String str, String str2, List<X509Certificate> list) {
        THREAD_POOL.submit(() -> {
            Iterator it = list.iterator();
            while (it.hasNext()) {
                try {
                    storeCredentials(str, str2, (X509Certificate) it.next());
                } catch (Exception e) {
                    LOGGER.warn("error when X509Certificate, ex:", e);
                }
            }
        });
    }

    protected X509Certificate loadLocalRsaCert(String str, String str2) {
        return YopCertificateCache.getYopPlatformRsaCertFromLocal();
    }

    public YopPlatformCredentials getLatestCredentials(String str, String str2) {
        X509Certificate x509Certificate;
        try {
            switch (AnonymousClass1.$SwitchMap$com$yeepay$yop$sdk$security$CertTypeEnum[CertTypeEnum.parse(str2).ordinal()]) {
                case 1:
                    try {
                        x509Certificate = YopCertificateCache.loadPlatformSm2Certs(str, "").get(0);
                        if (X509CertUtils.checkCertDate(x509Certificate)) {
                            x509Certificate = YopCertificateCache.refreshPlatformSm2Certs(str, "").get(0);
                        }
                    } catch (CertificateException e) {
                        LOGGER.warn("YopPlatformCredentials expired and need reload, appKey:" + str + ", credentialType:" + str2 + ", ex", e);
                        x509Certificate = YopCertificateCache.reloadPlatformSm2Certs(str, "").get(0);
                    }
                    YopPlatformCredentials storeCredentials = storeCredentials(str, CertTypeEnum.SM2.name(), x509Certificate);
                    this.credentialsMap.put(storeCredentials.getSerialNo(), storeCredentials);
                    return storeCredentials;
                case 2:
                    return getCredentials(str, YopConstants.YOP_RSA_PLATFORM_CERT_DEFAULT_SERIAL_NO);
                default:
                    return null;
            }
        } catch (Exception e2) {
            LOGGER.warn("no YopPlatformCredentials found for appKey:{}, credentialType:{}", str, str2);
            return null;
        }
        LOGGER.warn("no YopPlatformCredentials found for appKey:{}, credentialType:{}", str, str2);
        return null;
    }
}
