package shadow.com.wechat.pay.java.core.certificate;

import java.nio.charset.StandardCharsets;
import java.security.cert.X509Certificate;
import java.util.Base64;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import shadow.com.wechat.pay.java.core.certificate.model.Data;
import shadow.com.wechat.pay.java.core.certificate.model.DownloadCertificateResponse;
import shadow.com.wechat.pay.java.core.certificate.model.EncryptCertificate;
import shadow.com.wechat.pay.java.core.cipher.AeadCipher;
import shadow.com.wechat.pay.java.core.http.Constant;
import shadow.com.wechat.pay.java.core.http.HttpClient;
import shadow.com.wechat.pay.java.core.http.HttpMethod;
import shadow.com.wechat.pay.java.core.http.HttpRequest;
import shadow.com.wechat.pay.java.core.http.HttpResponse;
import shadow.com.wechat.pay.java.core.http.MediaType;
import shadow.com.wechat.pay.java.core.util.PemUtil;
import shadow.org.slf4j.Logger;
import shadow.org.slf4j.LoggerFactory;

/* loaded from: input_file:shadow/com/wechat/pay/java/core/certificate/AbstractAutoCertificateProvider.class */
public abstract class AbstractAutoCertificateProvider implements CertificateProvider {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) AbstractAutoCertificateProvider.class);
    protected static final int UPDATE_INTERVAL_MINUTE = 60;
    protected final SafeSingleScheduleExecutor executor;
    protected String merchantId;
    protected CertificateHandler certificateHandler;
    protected AeadCipher aeadCipher;
    protected HttpClient httpClient;
    private final HttpRequest httpRequest;
    private int updateCount;
    private int succeedCount;
    private final Map<String, Map<String, X509Certificate>> certificateMap;

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractAutoCertificateProvider(String str, CertificateHandler certificateHandler, AeadCipher aeadCipher, HttpClient httpClient, String str2, Map<String, Map<String, X509Certificate>> map) {
        this(str, certificateHandler, aeadCipher, httpClient, str2, map, 3600);
    }

    protected AbstractAutoCertificateProvider(String str, CertificateHandler certificateHandler, AeadCipher aeadCipher, HttpClient httpClient, String str2, Map<String, Map<String, X509Certificate>> map, int i) {
        this.executor = SafeSingleScheduleExecutor.getInstance();
        this.merchantId = str2;
        synchronized (AbstractAutoCertificateProvider.class) {
            if (map.containsKey(str2)) {
                throw new IllegalStateException("The corresponding provider for the merchant already exists.");
            }
            map.put(str2, new HashMap());
        }
        this.certificateHandler = certificateHandler;
        this.aeadCipher = aeadCipher;
        this.httpClient = httpClient;
        this.certificateMap = map;
        this.httpRequest = new HttpRequest.Builder().httpMethod(HttpMethod.GET).url(str).addHeader(Constant.ACCEPT, " */*").addHeader(Constant.CONTENT_TYPE, MediaType.APPLICATION_JSON.getValue()).build();
        downloadAndUpdate(map);
        this.executor.scheduleAtFixedRate(() -> {
            log.info("Begin update Certificates.merchantId:{},total updates:{}", str2, Integer.valueOf(this.updateCount));
            try {
                this.updateCount++;
                downloadAndUpdate(map);
                this.succeedCount++;
            } catch (Exception e) {
                log.error("Download and update WechatPay certificates failed.", (Throwable) e);
            }
            log.info("Finish update Certificates.merchantId:{},total updates:{}, succeed updates:{}", str2, Integer.valueOf(this.updateCount), Integer.valueOf(this.succeedCount));
        }, i, i, TimeUnit.SECONDS);
    }

    protected void downloadAndUpdate(Map<String, Map<String, X509Certificate>> map) {
        Map<String, X509Certificate> decryptCertificate = decryptCertificate(downloadCertificate(this.httpClient));
        validateCertificate(decryptCertificate);
        map.put(this.merchantId, decryptCertificate);
    }

    protected HttpResponse<DownloadCertificateResponse> downloadCertificate(HttpClient httpClient) {
        return httpClient.execute(this.httpRequest, DownloadCertificateResponse.class);
    }

    protected void validateCertificate(Map<String, X509Certificate> map) {
        map.forEach((str, x509Certificate) -> {
            this.certificateHandler.validateCertPath(x509Certificate);
        });
    }

    protected Map<String, X509Certificate> decryptCertificate(HttpResponse<DownloadCertificateResponse> httpResponse) {
        List<Data> data = httpResponse.getServiceResponse().getData();
        HashMap hashMap = new HashMap();
        Iterator<Data> it = data.iterator();
        while (it.hasNext()) {
            EncryptCertificate encryptCertificate = it.next().getEncryptCertificate();
            X509Certificate generateCertificate = this.certificateHandler.generateCertificate(this.aeadCipher.decrypt(encryptCertificate.getAssociatedData().getBytes(StandardCharsets.UTF_8), encryptCertificate.getNonce().getBytes(StandardCharsets.UTF_8), Base64.getDecoder().decode(encryptCertificate.getCiphertext())));
            hashMap.put(PemUtil.getSerialNumber(generateCertificate), generateCertificate);
        }
        return hashMap;
    }

    public X509Certificate getAvailableCertificate(Map<String, X509Certificate> map) {
        X509Certificate x509Certificate = null;
        for (X509Certificate x509Certificate2 : map.values()) {
            if (x509Certificate == null || x509Certificate2.getNotAfter().after(x509Certificate.getNotAfter())) {
                x509Certificate = x509Certificate2;
            }
        }
        return x509Certificate;
    }

    @Override // shadow.com.wechat.pay.java.core.certificate.CertificateProvider
    public X509Certificate getCertificate(String str) {
        return this.certificateMap.get(this.merchantId).get(str);
    }

    @Override // shadow.com.wechat.pay.java.core.certificate.CertificateProvider
    public X509Certificate getAvailableCertificate() {
        return getAvailableCertificate(this.certificateMap.get(this.merchantId));
    }
}
