package com.icbc.api.security;

import com.icbc.api.core.ApiError;
import com.icbc.api.core.ApiLogger;
import com.icbc.api.util.StringUtils;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FilenameFilter;
import java.io.IOException;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Map;

/* loaded from: input_file:com/icbc/api/security/CertUtil.class */
public class CertUtil {
    private static X509Certificate validateCert = null;
    private static Map<String, X509Certificate> certMap = new HashMap();
    private static String certDir = null;
    private static long lastLoadTime = 0;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/icbc/api/security/CertUtil$CerFilter.class */
    public static class CerFilter implements FilenameFilter {
        CerFilter() {
        }

        public boolean isCer(String str) {
            return str.toLowerCase().endsWith(".cer");
        }

        @Override // java.io.FilenameFilter
        public boolean accept(File file, String str) {
            return isCer(str);
        }
    }

    private static synchronized void initValidateCertFromDir() throws ApiError {
        if (StringUtils.isEmpty(certDir)) {
            return;
        }
        long currentTimeMillis = System.currentTimeMillis();
        if (currentTimeMillis - lastLoadTime < 1000) {
            ApiLogger.getLogger().info("距离上次重载时间过短，暂不加载");
            return;
        }
        ApiLogger.getLogger().info("开始加载验签证书");
        certMap.clear();
        FileInputStream fileInputStream = null;
        try {
            try {
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                for (File file : new File(certDir).listFiles(new CerFilter())) {
                    fileInputStream = new FileInputStream(file.getAbsolutePath());
                    validateCert = (X509Certificate) certificateFactory.generateCertificate(fileInputStream);
                    certMap.put(validateCert.getSerialNumber().toString(), validateCert);
                    ApiLogger.getLogger().info("[" + file.getAbsolutePath() + "][serialNumber=" + validateCert.getSerialNumber().toString() + "]");
                }
                lastLoadTime = currentTimeMillis;
                ApiLogger.getLogger().info("从目录中加载验证签名证书结束.");
            } catch (FileNotFoundException e) {
                ApiLogger.getLogger().error("验证签名证书加载失败,证书文件不存在", e);
                throw new ApiError("file_not_found", e);
            } catch (CertificateException e2) {
                ApiLogger.getLogger().error("验证签名证书加载失败", e2);
                throw new ApiError("invalid_certificate", e2);
            }
        } finally {
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (IOException e3) {
                    ApiLogger.getLogger().error(e3.toString());
                }
            }
        }
    }

    public static PublicKey getValidateKey(String str, String str2) throws ApiError {
        if (StringUtils.isEmpty(str2)) {
            throw new ApiError("invalid_cert_dir", "invalid_cert_dir");
        }
        if (certDir == null || !certDir.equals(str2.trim())) {
            certDir = str2.trim();
            initValidateCertFromDir();
        }
        if (certMap.containsKey(str)) {
            return certMap.get(str).getPublicKey();
        }
        ApiLogger.getLogger().info("未找到certId=[" + str + "]对应的证书文件，尝试重新加载");
        initValidateCertFromDir();
        if (certMap.containsKey(str)) {
            return certMap.get(str).getPublicKey();
        }
        ApiLogger.getLogger().error("没有certId=[" + str + "]对应的证书文件");
        throw new ApiError("cert_not_found", "没有certId=[" + str + "]对应的证书文件");
    }

    public static void main(String[] strArr) {
    }
}
