package com.wechat.pay.java.core.certificate;

import com.wechat.pay.java.core.certificate.model.Data;
import com.wechat.pay.java.core.certificate.model.DownloadCertificateResponse;
import com.wechat.pay.java.core.certificate.model.EncryptCertificate;
import com.wechat.pay.java.core.cipher.AeadCipher;
import com.wechat.pay.java.core.http.Constant;
import com.wechat.pay.java.core.http.HttpClient;
import com.wechat.pay.java.core.http.HttpMethod;
import com.wechat.pay.java.core.http.HttpRequest;
import com.wechat.pay.java.core.http.HttpResponse;
import com.wechat.pay.java.core.http.MediaType;
import com.wechat.pay.java.core.util.PemUtil;
import java.nio.charset.StandardCharsets;
import java.security.cert.X509Certificate;
import java.util.Base64;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;

/* loaded from: input_file:com/wechat/pay/java/core/certificate/CertificateDownloader.class */
public final class CertificateDownloader {
    private final CertificateHandler certificateHandler;
    private final AeadCipher aeadCipher;
    private final HttpClient httpClient;
    private final String downloadUrl;

    /* loaded from: input_file:com/wechat/pay/java/core/certificate/CertificateDownloader$Builder.class */
    public static class Builder {
        private String downloadUrl;
        private HttpClient httpClient;
        private AeadCipher aeadCipher;
        private CertificateHandler certificateHandler;

        public Builder downloadUrl(String str) {
            this.downloadUrl = str;
            return this;
        }

        public Builder httpClient(HttpClient httpClient) {
            this.httpClient = httpClient;
            return this;
        }

        public Builder aeadCipher(AeadCipher aeadCipher) {
            this.aeadCipher = aeadCipher;
            return this;
        }

        public Builder certificateHandler(CertificateHandler certificateHandler) {
            this.certificateHandler = certificateHandler;
            return this;
        }

        public CertificateDownloader build() {
            Objects.requireNonNull(this.downloadUrl);
            Objects.requireNonNull(this.httpClient);
            Objects.requireNonNull(this.aeadCipher);
            Objects.requireNonNull(this.certificateHandler);
            return new CertificateDownloader(this);
        }
    }

    public CertificateDownloader(Builder builder) {
        this.downloadUrl = builder.downloadUrl;
        this.httpClient = builder.httpClient;
        this.aeadCipher = builder.aeadCipher;
        this.certificateHandler = builder.certificateHandler;
    }

    public Map<String, X509Certificate> download() {
        Map<String, X509Certificate> decryptCertificate = decryptCertificate(this.httpClient.execute(new HttpRequest.Builder().httpMethod(HttpMethod.GET).url(this.downloadUrl).addHeader(Constant.ACCEPT, " */*").addHeader(Constant.CONTENT_TYPE, MediaType.APPLICATION_JSON.getValue()).build(), DownloadCertificateResponse.class));
        validateCertificate(decryptCertificate);
        return decryptCertificate;
    }

    private void validateCertificate(Map<String, X509Certificate> map) {
        map.forEach((str, x509Certificate) -> {
            this.certificateHandler.validateCertPath(x509Certificate);
        });
    }

    private Map<String, X509Certificate> decryptCertificate(HttpResponse<DownloadCertificateResponse> httpResponse) {
        List<Data> data = httpResponse.getServiceResponse().getData();
        HashMap hashMap = new HashMap();
        Iterator<Data> it = data.iterator();
        while (it.hasNext()) {
            EncryptCertificate encryptCertificate = it.next().getEncryptCertificate();
            X509Certificate generateCertificate = this.certificateHandler.generateCertificate(this.aeadCipher.decrypt(encryptCertificate.getAssociatedData().getBytes(StandardCharsets.UTF_8), encryptCertificate.getNonce().getBytes(StandardCharsets.UTF_8), Base64.getDecoder().decode(encryptCertificate.getCiphertext())));
            hashMap.put(PemUtil.getSerialNumber(generateCertificate), generateCertificate);
        }
        return hashMap;
    }
}
