package com.wechat.pay.contrib.apache.httpclient.auth;

import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.wechat.pay.contrib.apache.httpclient.Credentials;
import com.wechat.pay.contrib.apache.httpclient.WechatPayHttpClientBuilder;
import com.wechat.pay.contrib.apache.httpclient.util.AesUtil;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.time.Instant;
import java.util.ArrayList;
import java.util.List;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.locks.ReentrantLock;
import org.apache.batik.util.XMLConstants;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.entity.ContentType;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.util.EntityUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Deprecated
/* loaded from: input_file:BOOT-INF/lib/wechatpay-apache-httpclient-0.4.9.jar:com/wechat/pay/contrib/apache/httpclient/auth/AutoUpdateCertificatesVerifier.class */
public class AutoUpdateCertificatesVerifier implements Verifier {
    protected static final Logger log = LoggerFactory.getLogger((Class<?>) AutoUpdateCertificatesVerifier.class);
    private static final String CERT_DOWNLOAD_PATH = "https://api.mch.weixin.qq.com/v3/certificates";
    protected final long minutesInterval;
    protected final Credentials credentials;
    protected final byte[] apiV3Key;
    protected final ReentrantLock lock;
    protected volatile Instant lastUpdateTime;
    protected CertificatesVerifier verifier;

    public AutoUpdateCertificatesVerifier(Credentials credentials, byte[] bArr) {
        this(credentials, bArr, TimeUnit.HOURS.toMinutes(1L));
    }

    public AutoUpdateCertificatesVerifier(Credentials credentials, byte[] bArr, long j) {
        this.lock = new ReentrantLock();
        this.credentials = credentials;
        this.apiV3Key = bArr;
        this.minutesInterval = j;
        try {
            autoUpdateCert();
            this.lastUpdateTime = Instant.now();
        } catch (IOException | GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // com.wechat.pay.contrib.apache.httpclient.auth.Verifier
    public boolean verify(String str, byte[] bArr, String str2) {
        if (this.lastUpdateTime == null || Duration.between(this.lastUpdateTime, Instant.now()).toMinutes() >= this.minutesInterval) {
            try {
                if (this.lock.tryLock()) {
                    try {
                        autoUpdateCert();
                        this.lastUpdateTime = Instant.now();
                        this.lock.unlock();
                    } catch (IOException | GeneralSecurityException e) {
                        log.warn("Auto update cert failed: ", e);
                        this.lock.unlock();
                    }
                }
            } catch (Throwable th) {
                this.lock.unlock();
                throw th;
            }
        }
        return this.verifier.verify(str, bArr, str2);
    }

    @Override // com.wechat.pay.contrib.apache.httpclient.auth.Verifier
    public X509Certificate getValidCertificate() {
        return this.verifier.getValidCertificate();
    }

    /* JADX WARN: Failed to calculate best type for var: r10v0 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Failed to calculate best type for var: r9v0 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException
     */
    /* JADX WARN: Not initialized variable reg: 10, insn: 0x0130: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r10 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:70:0x0130 */
    /* JADX WARN: Not initialized variable reg: 9, insn: 0x012b: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r9 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:68:0x012b */
    /* JADX WARN: Type inference failed for: r10v0, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r9v0, types: [org.apache.http.client.methods.CloseableHttpResponse] */
    protected void autoUpdateCert() throws IOException, GeneralSecurityException {
        ?? r9;
        ?? r10;
        CloseableHttpClient build = WechatPayHttpClientBuilder.create().withCredentials(this.credentials).withValidator(this.verifier == null ? closeableHttpResponse -> {
            return true;
        } : new WechatPay2Validator(this.verifier)).build();
        Throwable th = null;
        try {
            try {
                HttpGet httpGet = new HttpGet(CERT_DOWNLOAD_PATH);
                httpGet.addHeader("Accept", ContentType.APPLICATION_JSON.toString());
                CloseableHttpResponse execute = build.execute((HttpUriRequest) httpGet);
                Throwable th2 = null;
                int statusCode = execute.getStatusLine().getStatusCode();
                String entityUtils = EntityUtils.toString(execute.getEntity());
                if (statusCode == 200) {
                    List<X509Certificate> deserializeToCerts = deserializeToCerts(this.apiV3Key, entityUtils);
                    if (deserializeToCerts.isEmpty()) {
                        log.warn("Cert list is empty");
                        if (execute != null) {
                            if (0 != 0) {
                                try {
                                    execute.close();
                                } catch (Throwable th3) {
                                    th2.addSuppressed(th3);
                                }
                            } else {
                                execute.close();
                            }
                        }
                        if (build != null) {
                            if (0 == 0) {
                                build.close();
                                return;
                            }
                            try {
                                build.close();
                                return;
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                                return;
                            }
                        }
                        return;
                    }
                    this.verifier = new CertificatesVerifier(deserializeToCerts);
                } else {
                    log.warn("Auto update cert failed, statusCode = {}, body = {}", Integer.valueOf(statusCode), entityUtils);
                }
                if (execute != null) {
                    if (0 != 0) {
                        try {
                            execute.close();
                        } catch (Throwable th5) {
                            th2.addSuppressed(th5);
                        }
                    } else {
                        execute.close();
                    }
                }
                if (build != null) {
                    if (0 == 0) {
                        build.close();
                        return;
                    }
                    try {
                        build.close();
                    } catch (Throwable th6) {
                        th.addSuppressed(th6);
                    }
                }
            } catch (Throwable th7) {
                if (r9 != 0) {
                    if (r10 != 0) {
                        try {
                            r9.close();
                        } catch (Throwable th8) {
                            r10.addSuppressed(th8);
                        }
                    } else {
                        r9.close();
                    }
                }
                throw th7;
            }
        } catch (Throwable th9) {
            if (build != null) {
                if (0 != 0) {
                    try {
                        build.close();
                    } catch (Throwable th10) {
                        th.addSuppressed(th10);
                    }
                } else {
                    build.close();
                }
            }
            throw th9;
        }
    }

    protected List<X509Certificate> deserializeToCerts(byte[] bArr, String str) throws GeneralSecurityException, IOException {
        AesUtil aesUtil = new AesUtil(bArr);
        JsonNode jsonNode = new ObjectMapper().readTree(str).get("data");
        ArrayList arrayList = new ArrayList();
        if (jsonNode != null) {
            int size = jsonNode.size();
            for (int i = 0; i < size; i++) {
                JsonNode jsonNode2 = jsonNode.get(i).get("encrypt_certificate");
                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(aesUtil.decryptToString(jsonNode2.get("associated_data").toString().replace(XMLConstants.XML_DOUBLE_QUOTE, "").getBytes(StandardCharsets.UTF_8), jsonNode2.get("nonce").toString().replace(XMLConstants.XML_DOUBLE_QUOTE, "").getBytes(StandardCharsets.UTF_8), jsonNode2.get("ciphertext").toString().replace(XMLConstants.XML_DOUBLE_QUOTE, "")).getBytes(StandardCharsets.UTF_8)));
                try {
                    x509Certificate.checkValidity();
                    arrayList.add(x509Certificate);
                } catch (CertificateExpiredException | CertificateNotYetValidException e) {
                }
            }
        }
        return arrayList;
    }
}
