package com.yeepay.yop.sdk.utils;

import com.google.common.collect.Sets;
import com.yeepay.yop.sdk.YopConstants;
import com.yeepay.yop.sdk.base.security.cert.X509CertSupportFactory;
import com.yeepay.yop.sdk.config.provider.file.YopCertStore;
import com.yeepay.yop.sdk.security.CertTypeEnum;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.LinkedHashSet;
import java.util.Set;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:com/yeepay/yop/sdk/utils/X509CertUtils.class */
public class X509CertUtils {
    public static void verifyCertificate(CertTypeEnum certTypeEnum, PublicKey publicKey, X509Certificate x509Certificate) throws NoSuchProviderException, CertificateException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        verifyCertificate("", "", certTypeEnum, publicKey, x509Certificate);
    }

    public static void verifyCertificate(String str, String str2, CertTypeEnum certTypeEnum, PublicKey publicKey, X509Certificate x509Certificate) throws NoSuchProviderException, CertificateException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        checkCertDate(str, str2, x509Certificate);
        if (null != publicKey) {
            X509CertSupportFactory.getSupport(certTypeEnum.getValue()).verifyCertificate(publicKey, x509Certificate);
        }
    }

    public static boolean checkCertDate(X509Certificate x509Certificate) throws CertificateExpiredException, CertificateNotYetValidException {
        return checkCertDate("", "", x509Certificate);
    }

    public static boolean checkCertDate(String str, String str2, X509Certificate x509Certificate) throws CertificateExpiredException, CertificateNotYetValidException {
        YopCertStore yopCertStore = ClientUtils.getCurrentSdkConfigProvider().getConfig(str, str2).getYopCertStore();
        long validAfterExpire = getValidAfterExpire(yopCertStore);
        long refreshBeforeExpire = getRefreshBeforeExpire(yopCertStore);
        Date date = new Date();
        if (date.getTime() - validAfterExpire > x509Certificate.getNotAfter().getTime()) {
            throw new CertificateExpiredException("certificate expired on " + x509Certificate.getNotAfter().getTime());
        }
        if (date.getTime() < x509Certificate.getNotBefore().getTime()) {
            throw new CertificateNotYetValidException("certificate not valid till " + x509Certificate.getNotBefore().getTime());
        }
        return date.getTime() + refreshBeforeExpire > x509Certificate.getNotAfter().getTime();
    }

    private static long getRefreshBeforeExpire(YopCertStore yopCertStore) {
        return (null == yopCertStore || null == yopCertStore.getRefreshBeforeExpirePeriod() || yopCertStore.getRefreshBeforeExpirePeriod().longValue() <= 0) ? YopConstants.DEFAULT_PERIOD_REFRESH_BEFORE_EXPIRE : yopCertStore.getRefreshBeforeExpirePeriod().longValue();
    }

    private static long getValidAfterExpire(YopCertStore yopCertStore) {
        return (null == yopCertStore || null == yopCertStore.getValidAfterExpirePeriod() || yopCertStore.getValidAfterExpirePeriod().longValue() <= 0) ? YopConstants.DEFAULT_PERIOD_VALID_AFTER_EXPIRE : yopCertStore.getValidAfterExpirePeriod().longValue();
    }

    public static X509Certificate getX509Certificate(CertTypeEnum certTypeEnum, byte[] bArr) throws CertificateException, NoSuchProviderException {
        return getX509Certificate(certTypeEnum, new ByteArrayInputStream(bArr));
    }

    public static X509Certificate getX509Certificate(CertTypeEnum certTypeEnum, InputStream inputStream) throws CertificateException, NoSuchProviderException {
        return X509CertSupportFactory.getSupport(certTypeEnum.getValue()).generate(inputStream);
    }

    public static String parseToHex(String str) {
        return (StringUtils.isEmpty(str) || 10 >= str.length()) ? str : Long.toHexString(Long.parseLong(str));
    }

    public static String parseToDecimal(String str) {
        return (StringUtils.isEmpty(str) || 10 != str.length()) ? str : Long.valueOf(str, 16).toString();
    }

    public static Set<String> getLocalCertDirs(String str, String str2, String str3, String str4) {
        LinkedHashSet newLinkedHashSet = Sets.newLinkedHashSet();
        newLinkedHashSet.add(getLocalCertDirByProviderAndEnv(str, str2, str3, str4));
        newLinkedHashSet.add(getLocalCertDirByProvider(str, str2));
        newLinkedHashSet.add(str);
        return newLinkedHashSet;
    }

    public static String getLocalCertDirByProviderAndEnv(String str, String str2, String str3, String str4) {
        if (EnvUtils.isOldSetting(str2, str3, str4)) {
            return str + "/" + YopConstants.PROVIDER_YEEPAY + "/" + YopConstants.ENV_QA;
        }
        String str5 = str;
        if (StringUtils.isNotBlank(str2)) {
            str5 = str5 + "/" + str2;
        }
        if (StringUtils.isNotBlank(str3)) {
            str5 = str5 + "/" + str3;
        }
        return str5;
    }

    public static String getLocalCertDirByProvider(String str, String str2) {
        String str3 = str;
        if (StringUtils.isNotBlank(str2)) {
            str3 = str3 + "/" + str2;
        }
        return str3;
    }
}
