package com.synology.sylibx.sycertificatemanager.hostverifier;

import android.content.Context;
import android.util.Log;
import com.synology.sylibx.sycertificatemanager.CertificateItem;
import com.synology.sylibx.sycertificatemanager.CertificateStorageManager;
import com.synology.sylibx.sycertificatemanager.util.CertificateVerifierHelper;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import org.apache.http.conn.ssl.StrictHostnameVerifier;

/* loaded from: classes3.dex */
public class SynoHostnameVerifier implements HostnameVerifier {
    private final Context mContext;
    private SSLSession mSslSession;
    private final String mUserInputAddress;
    private final String TAG = SynoHostnameVerifier.class.getSimpleName();
    private final StrictHostnameVerifier mStrictHostnameVerifier = new StrictHostnameVerifier();

    public SynoHostnameVerifier(Context context, String str) {
        this.mContext = context.getApplicationContext();
        this.mUserInputAddress = str;
    }

    private boolean checkInvalidCertificateTrustedByUser(CertificateItem certificateItem) {
        return getCertificateStorageManager().containCertificate(certificateItem);
    }

    private CertificateStorageManager getCertificateStorageManager() {
        return CertificateStorageManager.getInstance(this.mContext);
    }

    private X509Certificate getX509Certificate() {
        SSLSession sSLSession = this.mSslSession;
        if (sSLSession == null) {
            return null;
        }
        try {
            Certificate[] peerCertificates = sSLSession.getPeerCertificates();
            if (peerCertificates == null || peerCertificates.length <= 0 || !(peerCertificates[0] instanceof X509Certificate)) {
                return null;
            }
            return (X509Certificate) peerCertificates[0];
        } catch (SSLPeerUnverifiedException e) {
            e.printStackTrace();
            return null;
        }
    }

    private void setIsLegalCertificate(boolean z) {
        CertificateStorageManager.setIsLegalCertificate(z);
        if (z) {
            return;
        }
        Log.e(this.TAG, "SynoHostnameVerifier verify fail");
    }

    private void setIsLegalOrTrustedCertificate(boolean z) {
        CertificateStorageManager.setIsLegalOrTrustedCertificate(z);
    }

    public void verify(String str) throws SSLException {
        X509Certificate x509Certificate = getX509Certificate();
        if (x509Certificate == null) {
            return;
        }
        CertificateItem build = new CertificateItem.Builder().parse(x509Certificate, this.mUserInputAddress).build();
        CertificateStorageManager.setCurrentCertificateItemIfNecessary(this.mUserInputAddress, build);
        boolean z = false;
        boolean z2 = true;
        try {
            this.mStrictHostnameVerifier.verify(str, x509Certificate);
            setIsLegalCertificate(true);
            setIsLegalOrTrustedCertificate(true);
        } catch (SSLException e) {
            try {
                if (!checkInvalidCertificateTrustedByUser(build)) {
                    if (!CertificateVerifierHelper.onHandleQuickConnectCertificateRelatedException(this.mContext, this.mUserInputAddress, x509Certificate)) {
                        try {
                            throw e;
                        } catch (Throwable th) {
                            th = th;
                            z2 = false;
                            setIsLegalCertificate(z);
                            setIsLegalOrTrustedCertificate(z2);
                            throw th;
                        }
                    }
                }
                setIsLegalCertificate(false);
                setIsLegalOrTrustedCertificate(true);
            } catch (Throwable th2) {
                th = th2;
            }
        } catch (Throwable th3) {
            th = th3;
            z = true;
            setIsLegalCertificate(z);
            setIsLegalOrTrustedCertificate(z2);
            throw th;
        }
    }

    @Override // javax.net.ssl.HostnameVerifier
    public boolean verify(String str, SSLSession sSLSession) {
        this.mSslSession = sSLSession;
        try {
            verify(str);
            return true;
        } catch (SSLException unused) {
            return false;
        }
    }
}
