package com.yeepay.yop.sdk.http.analyzer;

import com.yeepay.yop.sdk.YopConstants;
import com.yeepay.yop.sdk.auth.SignOptions;
import com.yeepay.yop.sdk.auth.credentials.PKICredentialsItem;
import com.yeepay.yop.sdk.auth.credentials.YopPKICredentials;
import com.yeepay.yop.sdk.auth.credentials.YopPlatformCredentials;
import com.yeepay.yop.sdk.auth.credentials.provider.YopPlatformCredentialsProviderRegistry;
import com.yeepay.yop.sdk.exception.YopClientException;
import com.yeepay.yop.sdk.http.HttpResponseAnalyzer;
import com.yeepay.yop.sdk.http.HttpResponseHandleContext;
import com.yeepay.yop.sdk.model.BaseResponse;
import com.yeepay.yop.sdk.model.YopResponseMetadata;
import com.yeepay.yop.sdk.security.CertTypeEnum;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/yeepay/yop/sdk/http/analyzer/YopSignatureCheckAnalyzer.class */
public class YopSignatureCheckAnalyzer implements HttpResponseAnalyzer {
    private static final Logger LOGGER = LoggerFactory.getLogger(YopSignatureCheckAnalyzer.class);
    private static final YopSignatureCheckAnalyzer INSTANCE = new YopSignatureCheckAnalyzer();

    public static YopSignatureCheckAnalyzer getInstance() {
        return INSTANCE;
    }

    private YopSignatureCheckAnalyzer() {
    }

    @Override // com.yeepay.yop.sdk.http.HttpResponseAnalyzer
    public <T extends BaseResponse> boolean analysis(HttpResponseHandleContext httpResponseHandleContext, T t) throws Exception {
        YopResponseMetadata metadata = t.getMetadata();
        if (BooleanUtils.isTrue(httpResponseHandleContext.isSkipVerifySign()) || StringUtils.isBlank(metadata.getYopSign())) {
            return false;
        }
        PKICredentialsItem credentialItem = getCredentialItem(httpResponseHandleContext.getSignOptions(), httpResponseHandleContext.getAppKey(), metadata.getYopCertSerialNo());
        if (null == credentialItem) {
            throw new YopClientException("yop platform credentials not found");
        }
        httpResponseHandleContext.getSigner().checkSignature(httpResponseHandleContext.getResponse(), metadata.getYopSign(), new YopPKICredentials(httpResponseHandleContext.getAppKey(), credentialItem), httpResponseHandleContext.getSignOptions());
        return false;
    }

    private PKICredentialsItem getCredentialItem(SignOptions signOptions, String str, String str2) {
        CertTypeEnum certTypeEnum = YopConstants.SM2_PROTOCOL_PREFIX.equals(signOptions.getProtocolPrefix()) ? CertTypeEnum.SM2 : CertTypeEnum.RSA2048;
        if (certTypeEnum == CertTypeEnum.RSA2048) {
            if (StringUtils.isNotBlank(str2)) {
                LOGGER.warn("rsa signed request not need serialNo:{}.", str2);
            }
            str2 = YopConstants.YOP_RSA_PLATFORM_CERT_DEFAULT_SERIAL_NO;
        }
        YopPlatformCredentials yopPlatformCredentials = YopPlatformCredentialsProviderRegistry.getProvider().getYopPlatformCredentials(str, str2);
        if (null == yopPlatformCredentials || null == yopPlatformCredentials.getPublicKey(certTypeEnum)) {
            return null;
        }
        return new PKICredentialsItem(null, yopPlatformCredentials.getPublicKey(certTypeEnum), certTypeEnum);
    }
}
