package com.synology.sylib.sycertificatemanager.trustmanager;

import android.content.Context;
import android.text.TextUtils;
import android.util.Log;
import com.synology.sylib.sycertificatemanager.CertificateItem;
import com.synology.sylib.sycertificatemanager.CertificateStorageManager;
import com.synology.sylib.sycertificatemanager.exceptions.CertificateUntrustedException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes2.dex */
public class SynoTrustManager implements X509TrustManager {
    private static final String TAG = SynoTrustManager.class.getSimpleName();
    private static X509TrustManager mTrustManager;
    private String mAuthType;
    private CertificateStorageManager mCertificateStorageManager;
    private String mUserInputAddress;

    static {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            mTrustManager = (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
        } catch (KeyStoreException e) {
            Log.e(TAG, "KeyStoreException: " + e.getMessage());
        } catch (NoSuchAlgorithmException e2) {
            Log.e(TAG, "NoSuchAlgorithmException: " + e2.getMessage());
        }
    }

    public SynoTrustManager(Context context, String str) {
        this.mCertificateStorageManager = CertificateStorageManager.getInstance(context);
        this.mUserInputAddress = str;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
        this.mAuthType = str;
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }

    public void verify(List<Certificate> list) throws CertificateUntrustedException {
        if (mTrustManager == null || TextUtils.isEmpty(this.mAuthType) || list.isEmpty() || !(list.get(0) instanceof X509Certificate)) {
            return;
        }
        ArrayList arrayList = new ArrayList();
        for (Certificate certificate : list) {
            if (certificate instanceof X509Certificate) {
                arrayList.add((X509Certificate) certificate);
            }
        }
        X509Certificate[] x509CertificateArr = (X509Certificate[]) arrayList.toArray(new X509Certificate[0]);
        CertificateItem build = new CertificateItem.Builder().parse(x509CertificateArr[0], this.mUserInputAddress).build();
        try {
            mTrustManager.checkServerTrusted(x509CertificateArr, this.mAuthType);
            mTrustManager.checkClientTrusted(x509CertificateArr, this.mAuthType);
        } catch (CertificateException unused) {
            CertificateStorageManager.setIsLegalCertificate(false);
            if (!this.mCertificateStorageManager.containCertificate(build)) {
                throw new CertificateUntrustedException(build);
            }
        }
    }
}
