package com.wechat.pay.contrib.apache.httpclient.cert;

import com.wechat.pay.contrib.apache.httpclient.Credentials;
import com.wechat.pay.contrib.apache.httpclient.Validator;
import com.wechat.pay.contrib.apache.httpclient.WechatPayHttpClientBuilder;
import com.wechat.pay.contrib.apache.httpclient.auth.Verifier;
import com.wechat.pay.contrib.apache.httpclient.auth.WechatPay2Validator;
import com.wechat.pay.contrib.apache.httpclient.exception.HttpCodeException;
import com.wechat.pay.contrib.apache.httpclient.exception.NotFoundException;
import com.wechat.pay.contrib.apache.httpclient.proxy.HttpProxyFactory;
import com.wechat.pay.contrib.apache.httpclient.util.CertSerializeUtil;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.time.Instant;
import java.util.Base64;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.Objects;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
import org.apache.http.HttpHost;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.entity.ContentType;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.util.EntityUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/wechat/pay/contrib/apache/httpclient/cert/CertificatesManager.class */
public class CertificatesManager {
    protected static final int UPDATE_INTERVAL_MINUTE = 1440;
    private static final String CERT_DOWNLOAD_PATH = "https://api.mch.weixin.qq.com/v3/certificates";
    private static final String SCHEDULE_UPDATE_CERT_THREAD_NAME = "scheduled_update_cert_thread";
    private HttpProxyFactory proxyFactory;
    private HttpHost proxy;
    private ScheduledExecutorService executor;
    private static final Logger log = LoggerFactory.getLogger(CertificatesManager.class);
    private static volatile CertificatesManager instance = null;
    private static final Validator emptyValidator = new Validator() { // from class: com.wechat.pay.contrib.apache.httpclient.cert.CertificatesManager.1
        @Override // com.wechat.pay.contrib.apache.httpclient.Validator
        public boolean validate(CloseableHttpResponse closeableHttpResponse) throws IOException {
            return true;
        }

        @Override // com.wechat.pay.contrib.apache.httpclient.Validator
        public String getSerialNumber() {
            return "";
        }
    };
    private ConcurrentHashMap<String, byte[]> apiV3Keys = new ConcurrentHashMap<>();
    private ConcurrentHashMap<String, ConcurrentHashMap<BigInteger, X509Certificate>> certificates = new ConcurrentHashMap<>();
    private ConcurrentHashMap<String, Credentials> credentialsMap = new ConcurrentHashMap<>();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/wechat/pay/contrib/apache/httpclient/cert/CertificatesManager$DefaultVerifier.class */
    public class DefaultVerifier implements Verifier {
        private String merchantId;

        private DefaultVerifier(String str) {
            this.merchantId = str;
        }

        @Override // com.wechat.pay.contrib.apache.httpclient.auth.Verifier
        public boolean verify(String str, byte[] bArr, String str2) {
            if (str.isEmpty() || bArr.length == 0 || str2.isEmpty()) {
                throw new IllegalArgumentException("serialNumber或message或signature为空");
            }
            X509Certificate x509Certificate = (X509Certificate) ((ConcurrentHashMap) CertificatesManager.this.certificates.get(this.merchantId)).get(new BigInteger(str, 16));
            if (x509Certificate == null) {
                CertificatesManager.log.error("商户证书为空，serialNumber:{}", str);
                return false;
            }
            try {
                Signature signature = Signature.getInstance("SHA256withRSA");
                signature.initVerify(x509Certificate);
                signature.update(bArr);
                return signature.verify(Base64.getDecoder().decode(str2));
            } catch (InvalidKeyException e) {
                throw new RuntimeException("无效的证书", e);
            } catch (NoSuchAlgorithmException e2) {
                throw new RuntimeException("当前Java环境不支持SHA256withRSA", e2);
            } catch (SignatureException e3) {
                throw new RuntimeException("签名验证过程发生了错误", e3);
            }
        }

        public X509Certificate getValidCertificate() {
            try {
                return CertificatesManager.this.getLatestCertificate(this.merchantId);
            } catch (NotFoundException e) {
                throw new NoSuchElementException("没有有效的微信支付平台证书");
            }
        }

        @Override // com.wechat.pay.contrib.apache.httpclient.auth.Verifier
        public PublicKey getValidPublicKey() {
            return getValidCertificate().getPublicKey();
        }

        @Override // com.wechat.pay.contrib.apache.httpclient.auth.Verifier
        public String getSerialNumber() {
            return getValidCertificate().getSerialNumber().toString(16).toUpperCase();
        }
    }

    private CertificatesManager() {
    }

    public static CertificatesManager getInstance() {
        if (instance == null) {
            synchronized (CertificatesManager.class) {
                if (instance == null) {
                    instance = new CertificatesManager();
                }
            }
        }
        return instance;
    }

    public synchronized void putMerchant(String str, Credentials credentials, byte[] bArr) throws IOException, GeneralSecurityException, HttpCodeException {
        if (str == null || str.isEmpty()) {
            throw new IllegalArgumentException("merchantId为空");
        }
        if (credentials == null) {
            throw new IllegalArgumentException("credentials为空");
        }
        if (bArr.length == 0) {
            throw new IllegalArgumentException("apiV3Key为空");
        }
        if (this.certificates.get(str) == null) {
            this.certificates.put(str, new ConcurrentHashMap<>());
        }
        initCertificates(str, credentials, bArr);
        this.credentialsMap.put(str, credentials);
        this.apiV3Keys.put(str, bArr);
        if (this.executor == null) {
            beginScheduleUpdate();
        }
    }

    public synchronized void setProxy(HttpHost httpHost) {
        this.proxy = httpHost;
    }

    public synchronized void setProxyFactory(HttpProxyFactory httpProxyFactory) {
        this.proxyFactory = httpProxyFactory;
    }

    public synchronized HttpHost resolveProxy() {
        return Objects.nonNull(this.proxyFactory) ? this.proxyFactory.buildHttpProxy() : this.proxy;
    }

    public void stop() {
        if (this.executor != null) {
            try {
                this.executor.shutdownNow();
            } catch (Exception e) {
                log.error("Executor shutdown now failed", e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public X509Certificate getLatestCertificate(String str) throws NotFoundException {
        if (str == null || str.isEmpty()) {
            throw new IllegalArgumentException("merchantId为空");
        }
        ConcurrentHashMap<BigInteger, X509Certificate> concurrentHashMap = this.certificates.get(str);
        if (concurrentHashMap == null || concurrentHashMap.isEmpty()) {
            throw new NotFoundException("没有最新的平台证书，merchantId:" + str);
        }
        X509Certificate x509Certificate = null;
        for (X509Certificate x509Certificate2 : concurrentHashMap.values()) {
            if (x509Certificate == null || x509Certificate2.getNotBefore().after(x509Certificate.getNotBefore())) {
                x509Certificate = x509Certificate2;
            }
        }
        try {
            x509Certificate.checkValidity();
            return x509Certificate;
        } catch (CertificateExpiredException | CertificateNotYetValidException e) {
            log.error("平台证书未生效或已过期，merchantId:{}", str);
            throw new NotFoundException("没有最新的平台证书，merchantId:" + str);
        }
    }

    public Verifier getVerifier(String str) throws NotFoundException {
        ConcurrentHashMap<BigInteger, X509Certificate> concurrentHashMap = this.certificates.get(str);
        byte[] bArr = this.apiV3Keys.get(str);
        Credentials credentials = this.credentialsMap.get(str);
        if (str == null || str.isEmpty()) {
            throw new IllegalArgumentException("merchantId为空");
        }
        if (concurrentHashMap == null || concurrentHashMap.size() == 0) {
            throw new NotFoundException("平台证书为空，merchantId:" + str);
        }
        if (bArr.length == 0) {
            throw new NotFoundException("apiV3Key为空，merchantId:" + str);
        }
        if (credentials == null) {
            throw new NotFoundException("credentials为空，merchantId:" + str);
        }
        return new DefaultVerifier(str);
    }

    private void beginScheduleUpdate() {
        this.executor = new SafeSingleScheduleExecutor();
        this.executor.scheduleAtFixedRate(() -> {
            try {
                Thread.currentThread().setName(SCHEDULE_UPDATE_CERT_THREAD_NAME);
                log.info("Begin update Certificates.Date:{}", Instant.now());
                updateCertificates();
                log.info("Finish update Certificates.Date:{}", Instant.now());
            } catch (Throwable th) {
                log.error("Update Certificates failed", th);
            }
        }, 0L, 1440L, TimeUnit.MINUTES);
    }

    /* JADX WARN: Failed to calculate best type for var: r13v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r13v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Failed to calculate best type for var: r14v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r14v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.RegisterArg.getSVar()" because the return value of "jadx.core.dex.nodes.InsnNode.getResult()" is null
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.collectRelatedVars(AbstractTypeConstraint.java:31)
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.<init>(AbstractTypeConstraint.java:19)
    	at jadx.core.dex.visitors.typeinference.TypeSearch$1.<init>(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeMoveConstraint(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeConstraint(TypeSearch.java:361)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.collectConstraints(TypeSearch.java:341)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:60)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Not initialized variable reg: 13, insn: 0x015f: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r13 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:72:0x015f */
    /* JADX WARN: Not initialized variable reg: 14, insn: 0x0164: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r14 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:74:0x0164 */
    /* JADX WARN: Type inference failed for: r13v0, types: [org.apache.http.client.methods.CloseableHttpResponse] */
    /* JADX WARN: Type inference failed for: r14v0, types: [java.lang.Throwable] */
    private synchronized void downloadAndUpdateCert(String str, Verifier verifier, Credentials credentials, byte[] bArr) throws HttpCodeException, IOException, GeneralSecurityException {
        ?? r13;
        ?? r14;
        this.proxy = resolveProxy();
        CloseableHttpClient build = WechatPayHttpClientBuilder.create().withCredentials(credentials).withValidator(verifier == null ? emptyValidator : new WechatPay2Validator(verifier)).withProxy(this.proxy).build();
        Throwable th = null;
        try {
            try {
                HttpGet httpGet = new HttpGet(CERT_DOWNLOAD_PATH);
                httpGet.addHeader("Accept", ContentType.APPLICATION_JSON.toString());
                CloseableHttpResponse execute = build.execute(httpGet);
                Throwable th2 = null;
                int statusCode = execute.getStatusLine().getStatusCode();
                String entityUtils = EntityUtils.toString(execute.getEntity());
                if (statusCode != 200) {
                    log.error("Auto update cert failed, statusCode = {}, body = {}", Integer.valueOf(statusCode), entityUtils);
                    throw new HttpCodeException("下载平台证书返回状态码异常，状态码为:" + statusCode);
                }
                Map<BigInteger, X509Certificate> deserializeToCerts = CertSerializeUtil.deserializeToCerts(bArr, entityUtils);
                if (deserializeToCerts.isEmpty()) {
                    log.warn("Cert list is empty");
                    if (execute != null) {
                        if (0 != 0) {
                            try {
                                execute.close();
                            } catch (Throwable th3) {
                                th2.addSuppressed(th3);
                            }
                        } else {
                            execute.close();
                        }
                    }
                    if (build != null) {
                        if (0 == 0) {
                            build.close();
                            return;
                        }
                        try {
                            build.close();
                            return;
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                            return;
                        }
                    }
                    return;
                }
                ConcurrentHashMap<BigInteger, X509Certificate> concurrentHashMap = this.certificates.get(str);
                concurrentHashMap.clear();
                concurrentHashMap.putAll(deserializeToCerts);
                if (execute != null) {
                    if (0 != 0) {
                        try {
                            execute.close();
                        } catch (Throwable th5) {
                            th2.addSuppressed(th5);
                        }
                    } else {
                        execute.close();
                    }
                }
                if (build != null) {
                    if (0 == 0) {
                        build.close();
                        return;
                    }
                    try {
                        build.close();
                    } catch (Throwable th6) {
                        th.addSuppressed(th6);
                    }
                }
            } catch (Throwable th7) {
                if (r13 != 0) {
                    if (r14 != 0) {
                        try {
                            r13.close();
                        } catch (Throwable th8) {
                            r14.addSuppressed(th8);
                        }
                    } else {
                        r13.close();
                    }
                }
                throw th7;
            }
        } catch (Throwable th9) {
            if (build != null) {
                if (0 != 0) {
                    try {
                        build.close();
                    } catch (Throwable th10) {
                        th.addSuppressed(th10);
                    }
                } else {
                    build.close();
                }
            }
            throw th9;
        }
    }

    private void initCertificates(String str, Credentials credentials, byte[] bArr) throws HttpCodeException, IOException, GeneralSecurityException {
        downloadAndUpdateCert(str, null, credentials, bArr);
    }

    private void updateCertificates() {
        for (Map.Entry<String, Credentials> entry : this.credentialsMap.entrySet()) {
            String key = entry.getKey();
            try {
                downloadAndUpdateCert(key, new DefaultVerifier(key), entry.getValue(), this.apiV3Keys.get(key));
            } catch (Exception e) {
                log.error("downloadAndUpdateCert Failed.merchantId:{}, e:{}", key, e);
            }
        }
    }
}
