package com.yeepay.yop.sdk.base.auth.credentials.provider.file;

import com.google.common.collect.Maps;
import com.google.common.collect.Queues;
import com.google.common.util.concurrent.ThreadFactoryBuilder;
import com.yeepay.yop.sdk.YopConstants;
import com.yeepay.yop.sdk.auth.credentials.PKICredentialsItem;
import com.yeepay.yop.sdk.auth.credentials.YopPlatformCredentials;
import com.yeepay.yop.sdk.auth.credentials.YopPlatformCredentialsHolder;
import com.yeepay.yop.sdk.base.auth.credentials.provider.YopBasePlatformCredentialsProvider;
import com.yeepay.yop.sdk.base.cache.YopCertificateCache;
import com.yeepay.yop.sdk.base.config.provider.YopSdkConfigProviderRegistry;
import com.yeepay.yop.sdk.base.security.cert.X509CertSupportFactory;
import com.yeepay.yop.sdk.base.security.cert.parser.YopCertParserFactory;
import com.yeepay.yop.sdk.config.enums.CertStoreType;
import com.yeepay.yop.sdk.config.provider.file.YopCertConfig;
import com.yeepay.yop.sdk.config.provider.file.YopCertStore;
import com.yeepay.yop.sdk.security.CertTypeEnum;
import com.yeepay.yop.sdk.security.cert.YopCertCategory;
import com.yeepay.yop.sdk.security.cert.YopPublicKey;
import com.yeepay.yop.sdk.utils.X509CertUtils;
import java.io.File;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.ThreadPoolExecutor;
import java.util.concurrent.TimeUnit;
import org.apache.commons.collections4.MapUtils;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/yeepay/yop/sdk/base/auth/credentials/provider/file/YopFilePlatformCredentialsProvider.class */
public class YopFilePlatformCredentialsProvider extends YopBasePlatformCredentialsProvider {
    protected static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) YopFilePlatformCredentialsProvider.class);
    protected static final ThreadPoolExecutor THREAD_POOL = new ThreadPoolExecutor(2, 20, 3, TimeUnit.MINUTES, Queues.newLinkedBlockingQueue(200), new ThreadFactoryBuilder().setNameFormat("yop-platform-cert-store-task-%d").build(), new ThreadPoolExecutor.CallerRunsPolicy());

    @Override // com.yeepay.yop.sdk.base.auth.credentials.provider.YopBasePlatformCredentialsProvider
    protected YopPlatformCredentials loadCredentialsFromStore(String str, String str2) {
        YopCertStore yopCertStore = YopSdkConfigProviderRegistry.getProvider().getConfig().getYopCertStore();
        Map<String, X509Certificate> loadAndVerify = loadAndVerify(yopCertStore, str2, true);
        if (MapUtils.isEmpty(loadAndVerify) || !loadAndVerify.containsKey(str2)) {
            loadAndVerify = loadAndVerify(YopConstants.DEFAULT_LOCAL_YOP_CERT_STORE, str2, false);
        }
        if (MapUtils.isNotEmpty(loadAndVerify) && loadAndVerify.containsKey(str2)) {
            return convertCredentials(str, CertTypeEnum.SM2.name(), loadAndVerify.get(str2));
        }
        LOGGER.debug("no available platform cert from store, path:{}, serialNo:{}", yopCertStore.getPath(), str2);
        return null;
    }

    @Override // com.yeepay.yop.sdk.auth.credentials.provider.YopPlatformCredentialsProvider
    public YopPlatformCredentials storeCredentials(String str, String str2, X509Certificate x509Certificate) {
        return doStore(str, str2, x509Certificate, YopSdkConfigProviderRegistry.getProvider().getConfig().getYopCertStore());
    }

    private YopPlatformCredentials doStore(String str, String str2, X509Certificate x509Certificate, YopCertStore yopCertStore) {
        YopPlatformCredentials convertCredentials = convertCredentials(str, str2, x509Certificate);
        if (null == yopCertStore || !BooleanUtils.isTrue(yopCertStore.getEnable())) {
            return convertCredentials;
        }
        THREAD_POOL.submit(() -> {
            try {
                File createStoreDirIfNecessary = createStoreDirIfNecessary(yopCertStore);
                if (null != createStoreDirIfNecessary) {
                    writeCertToFileStore(createStoreDirIfNecessary, x509Certificate);
                }
            } catch (Exception e) {
                LOGGER.warn("error when X509Certificate, ex:", (Throwable) e);
            }
        });
        return convertCredentials;
    }

    private void writeCertToFileStore(File file, X509Certificate x509Certificate) {
        try {
            X509CertSupportFactory.getSupport(CertTypeEnum.SM2.name()).writeToFile(x509Certificate, new File(file, YopConstants.YOP_SM_PLATFORM_CERT_PREFIX + X509CertUtils.parseToHex(x509Certificate.getSerialNumber().toString()) + YopConstants.YOP_PLATFORM_CERT_POSTFIX));
        } catch (Exception e) {
            LOGGER.error("error when write yop cert to file, ex:", (Throwable) e);
        }
    }

    private File createStoreDirIfNecessary(YopCertStore yopCertStore) {
        try {
            File file = new File(yopCertStore.getPath());
            if (file.exists() || file.mkdirs()) {
                return file;
            }
            LOGGER.warn("fail when create yop cert store dir, {}", yopCertStore);
            return null;
        } catch (Exception e) {
            LOGGER.error("error when create yop cert store dir, ex:", (Throwable) e);
            return null;
        }
    }

    private Map<String, X509Certificate> loadAndVerify(YopCertStore yopCertStore, String str, boolean z) {
        LOGGER.debug("begin load sm2 cert from local, path:{}, serialNo:{}", yopCertStore.getPath(), str);
        HashMap newHashMap = Maps.newHashMap();
        if (StringUtils.isNotBlank(yopCertStore.getPath()) && BooleanUtils.isTrue(yopCertStore.getEnable())) {
            try {
                String str2 = yopCertStore.getPath() + "/" + YopConstants.YOP_SM_PLATFORM_CERT_PREFIX + str + YopConstants.YOP_PLATFORM_CERT_POSTFIX;
                if (z && !new File(str2).exists()) {
                    LOGGER.warn("wrong file path for sm2 cert, serialNo:{}, path:{}", str, str2);
                    return newHashMap;
                }
                YopCertConfig yopCertConfig = new YopCertConfig();
                yopCertConfig.setCertType(CertTypeEnum.SM2);
                yopCertConfig.setValue(str2);
                yopCertConfig.setStoreType(CertStoreType.FILE_CER);
                X509Certificate cert = ((YopPublicKey) YopCertParserFactory.getCertParser(YopCertCategory.PUBLIC, CertTypeEnum.SM2).parse(yopCertConfig)).getCert();
                String parseToHex = X509CertUtils.parseToHex(cert.getSerialNumber().toString());
                X509CertUtils.verifyCertificate(CertTypeEnum.SM2, YopCertificateCache.getYopInterCertFromLocal().getPublicKey(), cert);
                if (!parseToHex.equals(str)) {
                    LOGGER.warn("wrong file name for sm2 cert, serialNo:{}, realSerialNo:{}", str, parseToHex);
                    newHashMap.put(str, cert);
                }
                newHashMap.put(parseToHex, cert);
            } catch (Exception e) {
                LOGGER.error("error when load sm2 cert from local file, serialNo:" + str + ", ex:", (Throwable) e);
            }
        }
        return newHashMap;
    }

    protected YopPlatformCredentials convertCredentials(String str, String str2, X509Certificate x509Certificate) {
        if (null == x509Certificate) {
            return null;
        }
        return new YopPlatformCredentialsHolder().withCredentials(new PKICredentialsItem(x509Certificate.getPublicKey(), CertTypeEnum.parse(str2))).withSerialNo(X509CertUtils.parseToHex(x509Certificate.getSerialNumber().toString())).withAppKey(str);
    }
}
