package com.synology.sylib.sycertificatemanager.util;

import android.content.Context;
import android.text.TextUtils;
import com.synology.sylib.data.SynoURL;
import com.synology.sylib.sycertificatemanager.exceptions.CertificateHostNotMatchException;
import com.synology.sylib.sycertificatemanager.exceptions.CertificateUntrustedException;
import com.synology.sylib.sycertificatemanager.hostverifier.SynoHostnameVerifier;
import com.synology.sylib.sycertificatemanager.trustmanager.SynoTrustManager;
import com.synology.sylib.syhttp3.relay.RelayManager;
import com.synology.sylib.syhttp3.relay.RelayRecord;
import com.synology.sylib.syhttp3.relay.RelayRecordKey;
import com.synology.sylib.syhttp3.relay.utils.RelayUtil;
import java.io.IOException;
import java.net.MalformedURLException;
import java.security.GeneralSecurityException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.List;

/* loaded from: classes2.dex */
public class CertificateVerifierHelper {
    private static SynoHostnameVerifier mSynoHostnameVerifier;
    private static SynoTrustManager mSynoTrustManager;

    private static String getQuickConnectId(String str) {
        try {
            String host = new SynoURL(str).getHost();
            return RelayUtil.isQuickConnectId(host) ? host : "";
        } catch (MalformedURLException e) {
            e.printStackTrace();
            return "";
        }
    }

    private static synchronized SynoHostnameVerifier getSynoHostnameVerifier(Context context, String str) {
        SynoHostnameVerifier synoHostnameVerifier;
        synchronized (CertificateVerifierHelper.class) {
            if (mSynoHostnameVerifier == null) {
                mSynoHostnameVerifier = new SynoHostnameVerifier(context, str);
            }
            synoHostnameVerifier = mSynoHostnameVerifier;
        }
        return synoHostnameVerifier;
    }

    private static synchronized SynoTrustManager getSynoTrustManager(Context context, String str) {
        SynoTrustManager synoTrustManager;
        synchronized (CertificateVerifierHelper.class) {
            if (mSynoTrustManager == null) {
                mSynoTrustManager = new SynoTrustManager(context, str);
            }
            synoTrustManager = mSynoTrustManager;
        }
        return synoTrustManager;
    }

    private static void updateDSExpectedFingerPrint(Context context, String str, SynoHostnameVerifier synoHostnameVerifier, X509Certificate x509Certificate, String str2) throws IOException {
        RelayRecordKey relayRecordKey = RelayRecordKey.getInstance(context, str, true);
        if (RelayUtil.getRelayRecord(relayRecordKey) == null) {
            synoHostnameVerifier.handleCertificateHostNotMatch(x509Certificate);
            return;
        }
        RelayRecord updateRecordFingerPrint = RelayManager.getInstance().updateRecordFingerPrint(relayRecordKey);
        RelayUtil.setRelayRecord(updateRecordFingerPrint);
        List<String> dSExpectedFingerPrints = updateRecordFingerPrint.getDSExpectedFingerPrints();
        if (dSExpectedFingerPrints == null || !dSExpectedFingerPrints.contains(str2)) {
            synoHostnameVerifier.handleCertificateHostNotMatch(x509Certificate);
        }
    }

    private static void verify(SynoHostnameVerifier synoHostnameVerifier, SynoTrustManager synoTrustManager, List<Certificate> list, String str) throws CertificateUntrustedException, CertificateHostNotMatchException {
        synoTrustManager.verify(list);
        synoHostnameVerifier.verify(str, list);
    }

    public static void verifyCertificate(Context context, SynoTrustManager synoTrustManager, SynoHostnameVerifier synoHostnameVerifier, boolean z, String str, String str2, List<Certificate> list) throws CertificateUntrustedException, CertificateHostNotMatchException {
        if (!z) {
            verify(synoHostnameVerifier, synoTrustManager, list, str2);
            return;
        }
        try {
            verify(synoHostnameVerifier, synoTrustManager, list, str2);
        } catch (CertificateHostNotMatchException | CertificateUntrustedException e) {
            RelayRecord relayRecord = RelayUtil.getRelayRecord(RelayRecordKey.getInstance(context, str, true));
            if (relayRecord == null || relayRecord.getDSExpectedFingerPrints() == null || relayRecord.getDSExpectedFingerPrints().size() <= 0) {
                throw e;
            }
            try {
                verifyQuickConnectFingerPrint(context, str, synoHostnameVerifier, list, relayRecord.getDSExpectedFingerPrints());
            } catch (IOException | GeneralSecurityException unused) {
                throw e;
            }
        }
    }

    public static void verifyCertificate(Context context, String str, String str2, SynoTrustManager synoTrustManager, SynoHostnameVerifier synoHostnameVerifier, List<Certificate> list) throws CertificateUntrustedException, CertificateHostNotMatchException {
        verifyCertificate(context, synoTrustManager, synoHostnameVerifier, !TextUtils.isEmpty(r4), getQuickConnectId(str), str2, list);
    }

    public static void verifyCertificate(Context context, String str, String str2, List<Certificate> list) throws CertificateUntrustedException, CertificateHostNotMatchException {
        verifyCertificate(context, str, str2, getSynoTrustManager(context, str), getSynoHostnameVerifier(context, str), list);
    }

    private static void verifyQuickConnectFingerPrint(Context context, String str, SynoHostnameVerifier synoHostnameVerifier, List<Certificate> list, List<String> list2) throws GeneralSecurityException, IOException {
        X509Certificate x509Certificate = (X509Certificate) list.get(0);
        String lowerCase = CertificateDataUtil.toSHA256String(x509Certificate).replaceAll("\\s", "").toLowerCase();
        if (list2.contains(lowerCase)) {
            return;
        }
        updateDSExpectedFingerPrint(context, str, synoHostnameVerifier, x509Certificate, lowerCase);
    }
}
