package cfca.sadk.tls.sun.security.ssl.manager;

import cfca.sadk.tls.sun.security.util.GMSSLConstants;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.Collections;
import java.util.Date;
import java.util.Map;

/* loaded from: input_file:cfca/sadk/tls/sun/security/ssl/manager/LRUTrustCerts.class */
class LRUTrustCerts {
    private final Map<String, X509Certificate[]> clientCacheMap;
    private final Map<String, X509Certificate[]> serverCacheMap;
    static final LRUTrustCerts INSTANCE = new LRUTrustCerts();
    private static final long DEVIATION_MS_TIME = 1000 * GMSSLConstants.certValidateDeviationSeconds;

    private LRUTrustCerts() {
        int i = GMSSLConstants.cacheSizeOfCerts;
        this.clientCacheMap = Collections.synchronizedMap(new LRULinkedHashMap(i));
        this.serverCacheMap = Collections.synchronizedMap(new LRULinkedHashMap(i));
    }

    public X509Certificate[] findTrustedChain(X509Certificate[] x509CertificateArr, boolean z) throws CertificateException {
        X509Certificate[] x509CertificateArr2 = null;
        if (x509CertificateArr != null && x509CertificateArr.length != 0) {
            String buildSNWithDN = buildSNWithDN(x509CertificateArr[0]);
            x509CertificateArr2 = z ? this.clientCacheMap.get(buildSNWithDN) : this.serverCacheMap.get(buildSNWithDN);
            if (x509CertificateArr2 != null) {
                checkCertDate(x509CertificateArr2[0]);
            }
        }
        return x509CertificateArr2;
    }

    public X509Certificate[] putTrustedChain(X509Certificate[] x509CertificateArr, boolean z) {
        X509Certificate[] x509CertificateArr2 = x509CertificateArr;
        if (x509CertificateArr != null && x509CertificateArr.length != 0) {
            String buildSNWithDN = buildSNWithDN(x509CertificateArr[0]);
            x509CertificateArr2 = z ? this.clientCacheMap.put(buildSNWithDN, x509CertificateArr) : this.serverCacheMap.put(buildSNWithDN, x509CertificateArr);
        }
        return x509CertificateArr2;
    }

    private String buildSNWithDN(X509Certificate x509Certificate) {
        return new StringBuilder(128).append(x509Certificate.getSerialNumber().toString(16)).append(x509Certificate.getSubjectX500Principal()).toString();
    }

    private static void checkCertDate(X509Certificate x509Certificate) throws CertificateException {
        Date date = new Date();
        Date notBefore = x509Certificate.getNotBefore();
        if (notBefore.after(date) && !check(date, notBefore)) {
            throw new CertificateNotYetValidException(new SimpleDateFormat("yyyy-MM-dd HH:mm:ssZ").format(notBefore));
        }
        Date notAfter = x509Certificate.getNotAfter();
        if (date.after(notAfter) && !check(date, notAfter)) {
            throw new CertificateExpiredException(new SimpleDateFormat("yyyy-MM-dd HH:mm:ssZ").format(notAfter));
        }
    }

    private static boolean check(Date date, Date date2) {
        return Math.abs(date.getTime() - date2.getTime()) < DEVIATION_MS_TIME;
    }
}
