package com.yeepay.yop.sdk.base.auth.credentials.provider.file;

import com.google.common.collect.Maps;
import com.google.common.collect.Queues;
import com.google.common.util.concurrent.ThreadFactoryBuilder;
import com.yeepay.yop.sdk.YopConstants;
import com.yeepay.yop.sdk.auth.credentials.YopPlatformCredentials;
import com.yeepay.yop.sdk.base.auth.credentials.provider.YopBasePlatformCredentialsProvider;
import com.yeepay.yop.sdk.base.cache.YopCertificateCache;
import com.yeepay.yop.sdk.base.security.cert.X509CertSupportFactory;
import com.yeepay.yop.sdk.base.security.cert.parser.YopCertParserFactory;
import com.yeepay.yop.sdk.config.enums.CertStoreType;
import com.yeepay.yop.sdk.config.provider.file.YopCertConfig;
import com.yeepay.yop.sdk.config.provider.file.YopCertStore;
import com.yeepay.yop.sdk.security.CertTypeEnum;
import com.yeepay.yop.sdk.security.cert.YopCertCategory;
import com.yeepay.yop.sdk.security.cert.YopPublicKey;
import com.yeepay.yop.sdk.utils.ClientUtils;
import com.yeepay.yop.sdk.utils.X509CertUtils;
import java.io.File;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.concurrent.ThreadPoolExecutor;
import java.util.concurrent.TimeUnit;
import org.apache.commons.collections4.MapUtils;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/yeepay/yop/sdk/base/auth/credentials/provider/file/YopFilePlatformCredentialsProvider.class */
public class YopFilePlatformCredentialsProvider extends YopBasePlatformCredentialsProvider {
    protected static final Logger LOGGER = LoggerFactory.getLogger(YopFilePlatformCredentialsProvider.class);
    protected static final ThreadPoolExecutor THREAD_POOL = new ThreadPoolExecutor(2, 20, 3, TimeUnit.MINUTES, Queues.newLinkedBlockingQueue(200), new ThreadFactoryBuilder().setNameFormat("yop-platform-cert-store-task-%d").setDaemon(true).build(), new ThreadPoolExecutor.CallerRunsPolicy());

    @Override // com.yeepay.yop.sdk.base.auth.credentials.provider.YopBasePlatformCredentialsProvider
    protected YopPlatformCredentials loadCredentialsFromStore(String str, String str2) {
        return loadCredentialsFromStore("", "", str, str2);
    }

    @Override // com.yeepay.yop.sdk.base.auth.credentials.provider.YopBasePlatformCredentialsProvider
    protected YopPlatformCredentials loadCredentialsFromStore(String str, String str2, String str3, String str4) {
        YopCertStore yopCertStore = ClientUtils.getCurrentSdkConfigProvider().getConfig(str, str2).getYopCertStore();
        Map<String, X509Certificate> loadAndVerify = loadAndVerify(str, str2, str3, yopCertStore, str4, false);
        if (MapUtils.isEmpty(loadAndVerify) || !loadAndVerify.containsKey(str4)) {
            loadAndVerify = loadAndVerify(str, str2, str3, YopConstants.DEFAULT_LOCAL_YOP_CERT_STORE, str4, true);
        }
        if (MapUtils.isNotEmpty(loadAndVerify) && loadAndVerify.containsKey(str4)) {
            return convertCredentials(str3, CertTypeEnum.SM2.name(), loadAndVerify.get(str4));
        }
        LOGGER.debug("no available platform cert from store, path:{}, serialNo:{}", yopCertStore.getPath(), str4);
        return null;
    }

    public YopPlatformCredentials storeCredentials(String str, String str2, X509Certificate x509Certificate) {
        return storeCredentials("", "", str, str2, x509Certificate);
    }

    @Override // com.yeepay.yop.sdk.base.auth.credentials.provider.YopBasePlatformCredentialsProvider
    public YopPlatformCredentials storeCredentials(String str, String str2, String str3, String str4, X509Certificate x509Certificate) {
        return doStore(str, str2, str3, str4, x509Certificate);
    }

    private YopPlatformCredentials doStore(String str, String str2, String str3, String str4, X509Certificate x509Certificate) {
        YopCertStore yopCertStore = ClientUtils.getCurrentSdkConfigProvider().getConfig(str, str2).getYopCertStore();
        YopPlatformCredentials convertCredentials = convertCredentials(str3, str4, x509Certificate);
        if (null == yopCertStore || !BooleanUtils.isTrue(yopCertStore.getEnable())) {
            return convertCredentials;
        }
        THREAD_POOL.submit(() -> {
            try {
                File createStoreDirIfNecessary = createStoreDirIfNecessary(str, str2, str3, yopCertStore);
                if (null != createStoreDirIfNecessary) {
                    writeCertToFileStore(createStoreDirIfNecessary, x509Certificate);
                }
            } catch (Exception e) {
                LOGGER.warn("error when X509Certificate, ex:", e);
            }
        });
        return convertCredentials;
    }

    private void writeCertToFileStore(File file, X509Certificate x509Certificate) {
        try {
            File file2 = new File(file, YopConstants.YOP_SM_PLATFORM_CERT_PREFIX + X509CertUtils.parseToHex(x509Certificate.getSerialNumber().toString()) + YopConstants.YOP_PLATFORM_CERT_POSTFIX);
            if (!file2.exists()) {
                X509CertSupportFactory.getSupport(CertTypeEnum.SM2.name()).writeToFile(x509Certificate, file2);
            }
        } catch (Exception e) {
            LOGGER.error("error when write yop cert to file, ex:", e);
        }
    }

    private File createStoreDirIfNecessary(String str, String str2, String str3, YopCertStore yopCertStore) {
        try {
            File file = new File(X509CertUtils.getLocalCertDirByProviderAndEnv(yopCertStore.getPath(), str, str2, str3));
            if (file.exists() || file.mkdirs()) {
                return file;
            }
            LOGGER.warn("fail when create yop cert store dir, {}", yopCertStore);
            return null;
        } catch (Exception e) {
            LOGGER.error("error when create yop cert store dir, ex:", e);
            return null;
        }
    }

    private Map<String, X509Certificate> loadAndVerify(String str, String str2, String str3, YopCertStore yopCertStore, String str4, boolean z) {
        LOGGER.debug("begin load sm2 cert from local, provider:{}, env:{}, path:{}, serialNo:{}, isInner:{}", new Object[]{str, str2, yopCertStore.getPath(), str4, Boolean.valueOf(z)});
        if (StringUtils.isBlank(yopCertStore.getPath()) || !BooleanUtils.isTrue(yopCertStore.getEnable())) {
            return Collections.emptyMap();
        }
        Iterator<String> it = X509CertUtils.getLocalCertDirs(yopCertStore.getPath(), str, str2, str3).iterator();
        while (it.hasNext()) {
            Map<String, X509Certificate> doLoadAndVerify = doLoadAndVerify(str, str2, str3, it.next(), str4, z);
            if (MapUtils.isNotEmpty(doLoadAndVerify)) {
                return doLoadAndVerify;
            }
        }
        return Collections.emptyMap();
    }

    private Map<String, X509Certificate> doLoadAndVerify(String str, String str2, String str3, String str4, String str5, boolean z) {
        try {
            String str6 = str4 + "/" + YopConstants.YOP_SM_PLATFORM_CERT_PREFIX + str5 + YopConstants.YOP_PLATFORM_CERT_POSTFIX;
            if (!z && !new File(str6).exists()) {
                LOGGER.warn("wrong file path for sm2 cert, serialNo:{}, path:{}", str5, str6);
                return Collections.emptyMap();
            }
            HashMap newHashMap = Maps.newHashMap();
            YopCertConfig yopCertConfig = new YopCertConfig();
            yopCertConfig.setCertType(CertTypeEnum.SM2);
            yopCertConfig.setValue(str6);
            yopCertConfig.setStoreType(CertStoreType.FILE_CER);
            X509Certificate cert = ((YopPublicKey) YopCertParserFactory.getCertParser(YopCertCategory.PUBLIC, CertTypeEnum.SM2).parse(yopCertConfig)).getCert();
            String parseToHex = X509CertUtils.parseToHex(cert.getSerialNumber().toString());
            X509CertUtils.verifyCertificate(str, str2, CertTypeEnum.SM2, YopCertificateCache.getYopInterCertFromLocal(str, str2, str3).getPublicKey(), cert);
            if (!parseToHex.equals(str5)) {
                LOGGER.warn("wrong file name for sm2 cert, serialNo:{}, realSerialNo:{}", str5, parseToHex);
                newHashMap.put(str5, cert);
            }
            newHashMap.put(parseToHex, cert);
            return newHashMap;
        } catch (Exception e) {
            LOGGER.error("error when load sm2 cert from local file, configDir:" + str4 + ",serialNo:" + str5 + ", ex:", e);
            return Collections.emptyMap();
        }
    }
}
