package com.synology.sylibx.sycertificatemanager.trustmanager;

import android.content.Context;
import android.text.TextUtils;
import android.util.Log;
import com.synology.sylib.syhttp3.TrustManagerProvider;
import com.synology.sylibx.sycertificatemanager.CertificateItem;
import com.synology.sylibx.sycertificatemanager.CertificateStorageManager;
import com.synology.sylibx.sycertificatemanager.util.CertificateVerifierHelper;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes3.dex */
public class SynoTrustManager implements X509TrustManager {
    private static X509Certificate[] mServerChain;
    private static final X509TrustManager mX509TrustManager = TrustManagerProvider.getX509TrustManager();
    private final String TAG = "SynoTrustManager";
    private final Context mContext;
    private String mServerAuthType;
    private final String mUserInputAddress;

    public SynoTrustManager(Context context, String str) {
        this.mUserInputAddress = str;
        this.mContext = context.getApplicationContext();
    }

    private boolean checkInvalidCertificateTrustedByUser(CertificateItem certificateItem) {
        return getCertificateStorageManager().containCertificate(certificateItem);
    }

    private CertificateStorageManager getCertificateStorageManager() {
        return CertificateStorageManager.getInstance(this.mContext);
    }

    private void internalCheckServerTrust() throws CertificateException {
        X509TrustManager x509TrustManager = mX509TrustManager;
        if (x509TrustManager == null || mServerChain == null || TextUtils.isEmpty(this.mServerAuthType)) {
            return;
        }
        x509TrustManager.checkServerTrusted(mServerChain, this.mServerAuthType);
    }

    private void setIsLegalCertificateIfNecessary(boolean z) {
        if (z) {
            return;
        }
        CertificateStorageManager.setIsLegalCertificate(false);
        Log.e(this.TAG, "SynoTrustManager verify fail");
    }

    private void setIsLegalOrTrustedCertificateIfNecessary(boolean z) {
        if (z) {
            return;
        }
        CertificateStorageManager.setIsLegalOrTrustedCertificate(false);
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        X509TrustManager x509TrustManager = mX509TrustManager;
        if (x509TrustManager != null) {
            x509TrustManager.checkClientTrusted(x509CertificateArr, str);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        mServerChain = x509CertificateArr;
        this.mServerAuthType = str;
        verify();
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }

    public X509Certificate getX509Certificate() {
        X509Certificate[] x509CertificateArr = mServerChain;
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            return null;
        }
        return x509CertificateArr[0];
    }

    public void verify() throws CertificateException {
        X509Certificate x509Certificate = getX509Certificate();
        if (x509Certificate == null) {
            return;
        }
        CertificateItem build = new CertificateItem.Builder().parse(x509Certificate, this.mUserInputAddress).build();
        CertificateStorageManager.setCurrentCertificateItemIfNecessary(this.mUserInputAddress, build);
        boolean z = false;
        boolean z2 = true;
        try {
            internalCheckServerTrust();
            setIsLegalCertificateIfNecessary(true);
            setIsLegalOrTrustedCertificateIfNecessary(true);
        } catch (CertificateException e) {
            try {
                if (!checkInvalidCertificateTrustedByUser(build)) {
                    if (!CertificateVerifierHelper.onHandleQuickConnectCertificateRelatedException(this.mContext, this.mUserInputAddress, x509Certificate)) {
                        try {
                            throw e;
                        } catch (Throwable th) {
                            th = th;
                            z2 = false;
                            setIsLegalCertificateIfNecessary(z);
                            setIsLegalOrTrustedCertificateIfNecessary(z2);
                            throw th;
                        }
                    }
                }
                setIsLegalCertificateIfNecessary(false);
                setIsLegalOrTrustedCertificateIfNecessary(true);
            } catch (Throwable th2) {
                th = th2;
            }
        } catch (Throwable th3) {
            th = th3;
            z = true;
            setIsLegalCertificateIfNecessary(z);
            setIsLegalOrTrustedCertificateIfNecessary(z2);
            throw th;
        }
    }
}
