package com.yeepay.yop.sdk.auth.credentials.provider.loader;

import com.yeepay.yop.sdk.YopConstants;
import com.yeepay.yop.sdk.auth.credentials.YopPlatformCredentials;
import com.yeepay.yop.sdk.config.provider.YopSdkConfigProviderRegistry;
import com.yeepay.yop.sdk.config.provider.file.YopCertStore;
import com.yeepay.yop.sdk.exception.YopClientException;
import com.yeepay.yop.sdk.utils.CharacterConstants;
import com.yeepay.yop.sdk.utils.EnvUtils;
import com.yeepay.yop.sdk.utils.FileUtils;
import com.yeepay.yop.sdk.utils.Sm2CertUtils;
import java.io.IOException;
import java.io.InputStream;
import java.security.cert.X509Certificate;
import java.util.LinkedHashMap;
import java.util.Map;
import org.apache.commons.collections4.MapUtils;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/yeepay/yop/sdk/auth/credentials/provider/loader/YopSmPlatformCredentialsLocalLoader.class */
public class YopSmPlatformCredentialsLocalLoader implements YopPlatformCredentialsLoader {
    private static final Logger LOGGER = LoggerFactory.getLogger(YopSmPlatformCredentialsLocalLoader.class);
    protected X509Certificate cfcaRoot;
    protected X509Certificate yopInter;
    private String defaultCfcaRootFile;
    private String defaultYopInterFile;
    private YopCertStore defaultYopCertStore;
    private YopPlatformCredentialsLoader delegate = new YopSmPlatformCredentialsRemoteLoader();
    private String defaultCertPath = "config/certs";

    public YopSmPlatformCredentialsLocalLoader() {
        this.defaultCfcaRootFile = "cfca_root.pem";
        this.defaultYopInterFile = "yop_inter.pem";
        try {
            if (!EnvUtils.isProd()) {
                String substringBefore = StringUtils.substringBefore(EnvUtils.currentEnv(), CharacterConstants.UNDER_LINE);
                this.defaultCfcaRootFile = substringBefore + CharacterConstants.UNDER_LINE + this.defaultCfcaRootFile;
                this.defaultYopInterFile = substringBefore + CharacterConstants.UNDER_LINE + this.defaultYopInterFile;
            }
            this.defaultYopCertStore = new YopCertStore(this.defaultCertPath);
            this.cfcaRoot = Sm2CertUtils.getX509Certificate(FileUtils.getResourceAsStream(this.defaultCertPath + CharacterConstants.SLASH + this.defaultCfcaRootFile));
            try {
                Sm2CertUtils.verifyCertificate(null, this.cfcaRoot);
                this.yopInter = Sm2CertUtils.getX509Certificate(FileUtils.getResourceAsStream(this.defaultCertPath + CharacterConstants.SLASH + this.defaultYopInterFile));
                try {
                    Sm2CertUtils.verifyCertificate(this.cfcaRoot.getPublicKey(), this.yopInter);
                } catch (Exception e) {
                    throw new YopClientException("invalid yop inter cert, detail:" + e.getMessage());
                }
            } catch (Exception e2) {
                throw new YopClientException("invalid cfca root cert, detail:" + e2.getMessage());
            }
        } catch (Exception e3) {
            LOGGER.error("error when load parent certs, ex:", e3);
        }
    }

    @Override // com.yeepay.yop.sdk.auth.credentials.provider.loader.YopPlatformCredentialsLoader
    public Map<String, YopPlatformCredentials> load(String str, String str2) {
        YopCertStore yopCertStore = YopSdkConfigProviderRegistry.getProvider().getConfig().getYopCertStore();
        Map<String, X509Certificate> loadAndVerifyFromLocal = loadAndVerifyFromLocal(yopCertStore, str2);
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        if (MapUtils.isEmpty(loadAndVerifyFromLocal)) {
            loadAndVerifyFromLocal = loadAndVerifyFromLocal(this.defaultYopCertStore, str2);
        }
        if (MapUtils.isNotEmpty(loadAndVerifyFromLocal)) {
            loadAndVerifyFromLocal.forEach((str3, x509Certificate) -> {
            });
            if (linkedHashMap.containsKey(str2)) {
                return linkedHashMap;
            }
        }
        LOGGER.info("no available sm2 cert from local, path:{}, serialNo:{}", yopCertStore.getPath(), str2);
        return this.delegate.load(str, str2);
    }

    private Map<String, X509Certificate> loadAndVerifyFromLocal(YopCertStore yopCertStore, String str) {
        LOGGER.debug("load sm2 cert from local, path:{}, serialNo:{}", yopCertStore.getPath(), str);
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        if (StringUtils.isNotBlank(yopCertStore.getPath()) && BooleanUtils.isTrue(yopCertStore.getEnable())) {
            InputStream inputStream = null;
            try {
                try {
                    inputStream = FileUtils.getResourceAsStream(yopCertStore.getPath() + CharacterConstants.SLASH + YopConstants.YOP_SM_PLATFORM_CERT_PREFIX + str + YopConstants.YOP_PLATFORM_CERT_POSTFIX);
                    if (null != inputStream) {
                        X509Certificate x509Certificate = Sm2CertUtils.getX509Certificate(inputStream);
                        Sm2CertUtils.verifyCertificate(this.yopInter.getPublicKey(), x509Certificate);
                        String bigInteger = x509Certificate.getSerialNumber().toString();
                        if (!bigInteger.equals(str)) {
                            LOGGER.warn("wrong file name for cert, serialNo:{}, realSerialNo:{}", str, bigInteger);
                        }
                        linkedHashMap.put(bigInteger, x509Certificate);
                    }
                    if (null != inputStream) {
                        try {
                            inputStream.close();
                        } catch (IOException e) {
                            e.printStackTrace();
                        }
                    }
                } catch (Exception e2) {
                    LOGGER.error("error when load cert from local file, serialNo:" + str + ", ex:", e2);
                    if (null != inputStream) {
                        try {
                            inputStream.close();
                        } catch (IOException e3) {
                            e3.printStackTrace();
                        }
                    }
                }
            } catch (Throwable th) {
                if (null != inputStream) {
                    try {
                        inputStream.close();
                    } catch (IOException e4) {
                        e4.printStackTrace();
                    }
                }
                throw th;
            }
        }
        return linkedHashMap;
    }
}
