package com.synology.sylib.syhttp3;

import android.util.Log;
import com.synology.sylib.syhttp3.util.StringUtil;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes2.dex */
public class VerifyCertsManager implements X509TrustManager {
    private static VerifyCertsManager sInstanceStrict;
    private static VerifyCertsManager sInstanceUnSafe;
    private String mCurrentHost;
    private boolean mIsLegalCertificate = true;
    private boolean mNeedToVerifyCertificate;
    private X509TrustManager mTrustManager;
    private static final String TAG = VerifyCertsManager.class.getSimpleName();
    private static HashSet<String> sLegalCertFingerPrintSet = new HashSet<>();

    private VerifyCertsManager(boolean z) {
        this.mTrustManager = null;
        this.mNeedToVerifyCertificate = z;
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            this.mTrustManager = (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
        } catch (KeyStoreException e) {
            String message = e.getMessage();
            String str = TAG;
            StringBuilder sb = new StringBuilder();
            sb.append("KeyStoreException: ");
            sb.append(message == null ? "" : message);
            Log.e(str, sb.toString());
        } catch (NoSuchAlgorithmException e2) {
            String message2 = e2.getMessage();
            String str2 = TAG;
            StringBuilder sb2 = new StringBuilder();
            sb2.append("NoSuchAlgorithmException: ");
            sb2.append(message2 == null ? "" : message2);
            Log.e(str2, sb2.toString());
        }
    }

    private static synchronized void addLegalCertFingerPrint(String str, X509Certificate x509Certificate) {
        synchronized (VerifyCertsManager.class) {
            String legalCertFingerprintKey = getLegalCertFingerprintKey(str, x509Certificate);
            if (legalCertFingerprintKey != null) {
                sLegalCertFingerPrintSet.add(legalCertFingerprintKey);
            }
        }
    }

    private synchronized String getCurrentHost() {
        return this.mCurrentHost;
    }

    public static VerifyCertsManager getInstance(boolean z) {
        return z ? getStrictInstance() : getUnSafeInstance();
    }

    private static String getLegalCertFingerprintKey(String str, X509Certificate x509Certificate) {
        try {
            return str + " - " + StringUtil.getCertificateSHA1String(x509Certificate);
        } catch (IOException unused) {
            return null;
        }
    }

    public static VerifyCertsManager getStrictInstance() {
        if (sInstanceStrict == null) {
            synchronized (VerifyCertsManager.class) {
                if (sInstanceStrict == null) {
                    sInstanceStrict = new VerifyCertsManager(true);
                }
            }
        }
        return sInstanceStrict;
    }

    public static VerifyCertsManager getUnSafeInstance() {
        if (sInstanceUnSafe == null) {
            synchronized (VerifyCertsManager.class) {
                if (sInstanceUnSafe == null) {
                    sInstanceUnSafe = new VerifyCertsManager(false);
                }
            }
        }
        return sInstanceUnSafe;
    }

    public static synchronized boolean isLegalCertFingerPrint(String str, X509Certificate x509Certificate) {
        boolean z;
        synchronized (VerifyCertsManager.class) {
            String legalCertFingerprintKey = getLegalCertFingerprintKey(str, x509Certificate);
            if (legalCertFingerprintKey != null) {
                z = sLegalCertFingerPrintSet.contains(legalCertFingerprintKey);
            }
        }
        return z;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        X509TrustManager x509TrustManager = this.mTrustManager;
        if (x509TrustManager != null) {
            try {
                x509TrustManager.checkClientTrusted(x509CertificateArr, str);
            } catch (CertificateException e) {
                if (this.mNeedToVerifyCertificate) {
                    throw e;
                }
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        X509TrustManager x509TrustManager = this.mTrustManager;
        if (x509TrustManager != null) {
            try {
                x509TrustManager.checkServerTrusted(x509CertificateArr, str);
                for (X509Certificate x509Certificate : x509CertificateArr) {
                    addLegalCertFingerPrint(getCurrentHost(), x509Certificate);
                }
            } catch (CertificateException e) {
                this.mIsLegalCertificate = false;
                if (this.mNeedToVerifyCertificate) {
                    throw e;
                }
            }
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        X509TrustManager x509TrustManager = this.mTrustManager;
        return x509TrustManager != null ? x509TrustManager.getAcceptedIssuers() : new X509Certificate[0];
    }

    public boolean isLegalCertificate() {
        return this.mIsLegalCertificate;
    }

    public synchronized void setCurrentHost(String str) {
        this.mCurrentHost = str;
    }

    public void setIsLegalCertificate(Boolean bool) {
        this.mIsLegalCertificate = bool.booleanValue();
    }
}
