package com.synology.sylib.sycertificatemanager.helper;

import android.content.Context;
import com.synology.sylib.sycertificatemanager.exceptions.CertificateHostNotMatchException;
import com.synology.sylib.sycertificatemanager.exceptions.CertificateUntrustedException;
import com.synology.sylib.sycertificatemanager.hostverifier.SynoHostnameVerifier;
import com.synology.sylib.sycertificatemanager.trustmanager.SynoTrustManager;
import com.synology.sylib.sycertificatemanager.util.CertificateDataUtil;
import com.synology.sylib.syhttp3.relay.RelayManager;
import com.synology.sylib.syhttp3.relay.RelayRecord;
import com.synology.sylib.syhttp3.relay.RelayRecordKey;
import com.synology.sylib.syhttp3.relay.utils.RelayUtil;
import java.io.IOException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import javax.net.ssl.HttpsURLConnection;

/* loaded from: classes2.dex */
public class HttpsURLConnectionHelper {
    private static void updateDSExpectedFingerPrint(X509Certificate x509Certificate, String str, SynoHostnameVerifier synoHostnameVerifier, Context context, String str2) throws IOException {
        RelayRecordKey relayRecordKey = RelayRecordKey.getInstance(context, str2, true);
        if (RelayUtil.getRelayRecord(relayRecordKey) == null) {
            synoHostnameVerifier.handleCertificateHostNotMatch(x509Certificate);
            return;
        }
        RelayRecord updateRecordFingerPrint = RelayManager.getInstance().updateRecordFingerPrint(relayRecordKey);
        RelayUtil.setRelayRecord(updateRecordFingerPrint);
        List<String> dSExpectedFingerPrints = updateRecordFingerPrint.getDSExpectedFingerPrints();
        if (dSExpectedFingerPrints == null || dSExpectedFingerPrints.contains(str)) {
            return;
        }
        synoHostnameVerifier.handleCertificateHostNotMatch(x509Certificate);
    }

    private static void verify(SynoTrustManager synoTrustManager, SynoHostnameVerifier synoHostnameVerifier, List<Certificate> list, String str) throws IOException {
        synoTrustManager.verify(list);
        synoHostnameVerifier.verify(str, list);
    }

    public static void verifyCertificate(Context context, boolean z, String str, HttpsURLConnection httpsURLConnection, SynoTrustManager synoTrustManager) throws IOException {
        if (httpsURLConnection.getURL() == null || !(httpsURLConnection.getHostnameVerifier() instanceof SynoHostnameVerifier) || httpsURLConnection.getServerCertificates() == null) {
            return;
        }
        SynoHostnameVerifier synoHostnameVerifier = (SynoHostnameVerifier) httpsURLConnection.getHostnameVerifier();
        String host = httpsURLConnection.getURL().getHost();
        List asList = Arrays.asList(httpsURLConnection.getServerCertificates());
        if (!z) {
            verify(synoTrustManager, synoHostnameVerifier, asList, host);
            return;
        }
        try {
            verify(synoTrustManager, synoHostnameVerifier, asList, host);
        } catch (CertificateHostNotMatchException | CertificateUntrustedException e) {
            RelayRecord relayRecord = RelayUtil.getRelayRecord(RelayRecordKey.getInstance(context, str, true));
            if (relayRecord == null || relayRecord.getDSExpectedFingerPrints() == null || relayRecord.getDSExpectedFingerPrints().size() <= 0) {
                throw e;
            }
            verifyQuickConnectFingerPrint(asList, relayRecord.getDSExpectedFingerPrints(), synoHostnameVerifier, context, str);
        }
    }

    private static void verifyQuickConnectFingerPrint(List<Certificate> list, List<String> list2, SynoHostnameVerifier synoHostnameVerifier, Context context, String str) throws IOException {
        X509Certificate x509Certificate = (X509Certificate) list.get(0);
        String lowerCase = CertificateDataUtil.toSHA256String(x509Certificate).replaceAll("\\s", "").toLowerCase();
        if (list2.contains(lowerCase)) {
            return;
        }
        updateDSExpectedFingerPrint(x509Certificate, lowerCase, synoHostnameVerifier, context, str);
    }
}
