package com.synology.sylibx.sycertificatemanager.util;

import android.content.Context;
import android.text.TextUtils;
import com.synology.sylib.data.SynoURL;
import com.synology.sylib.syhttp3.relay.RelayManager;
import com.synology.sylib.syhttp3.relay.RelayRecord;
import com.synology.sylib.syhttp3.relay.RelayRecordKey;
import com.synology.sylib.syhttp3.relay.utils.RelayUtil;
import com.synology.sylibx.sycertificatemanager.hostverifier.SynoHostnameVerifier;
import com.synology.sylibx.sycertificatemanager.trustmanager.SynoTrustManager;
import java.io.IOException;
import java.net.MalformedURLException;
import java.security.GeneralSecurityException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.List;
import javax.net.ssl.SSLException;

/* loaded from: classes2.dex */
public class CertificateVerifierHelper {
    private static String getQuickConnectId(String str) {
        try {
            String host = new SynoURL(str).getHost();
            return RelayUtil.isQuickConnectId(host) ? host : "";
        } catch (MalformedURLException e) {
            e.printStackTrace();
            return "";
        }
    }

    public static boolean onHandleQuickConnectCertificateRelatedException(Context context, String str, X509Certificate x509Certificate) {
        return onHandleQuickConnectCertificateRelatedException(context, !TextUtils.isEmpty(r2), getQuickConnectId(str), x509Certificate);
    }

    private static boolean onHandleQuickConnectCertificateRelatedException(Context context, boolean z, String str, X509Certificate x509Certificate) {
        RelayRecord relayRecord;
        if (z && (relayRecord = RelayUtil.getRelayRecord(RelayRecordKey.getInstance(context, str, true))) != null && relayRecord.getDSExpectedFingerPrints() != null && relayRecord.getDSExpectedFingerPrints().size() != 0) {
            try {
                return verifyQuickConnectFingerPrint(context, str, x509Certificate, relayRecord.getDSExpectedFingerPrints());
            } catch (IOException | GeneralSecurityException unused) {
            }
        }
        return false;
    }

    private static boolean updateDSExpectedFingerPrint(Context context, String str, String str2) throws IOException {
        RelayRecordKey relayRecordKey = RelayRecordKey.getInstance(context, str, true);
        if (RelayUtil.getRelayRecord(relayRecordKey) == null) {
            return false;
        }
        RelayRecord updateRecordFingerPrint = RelayManager.getInstance().updateRecordFingerPrint(relayRecordKey);
        RelayUtil.setRelayRecord(updateRecordFingerPrint);
        List<String> dSExpectedFingerPrints = updateRecordFingerPrint.getDSExpectedFingerPrints();
        return dSExpectedFingerPrints != null && dSExpectedFingerPrints.contains(str2);
    }

    public static void verifyCertificate(SynoTrustManager synoTrustManager, SynoHostnameVerifier synoHostnameVerifier, String str) throws SSLException, CertificateException {
        synoTrustManager.verify();
        synoHostnameVerifier.verify(str);
    }

    private static boolean verifyQuickConnectFingerPrint(Context context, String str, X509Certificate x509Certificate, List<String> list) throws GeneralSecurityException, IOException {
        if (x509Certificate == null) {
            return false;
        }
        String lowerCase = CertificateDataUtil.toSHA256String(x509Certificate).replaceAll("\\s", "").toLowerCase();
        if (list.contains(lowerCase)) {
            return true;
        }
        return updateDSExpectedFingerPrint(context, str, lowerCase);
    }
}
