package com.qnapcomm.util;

import android.content.Context;
import android.util.Log;
import com.qnapcomm.cerificate.CertificateHelper;
import com.qnapcomm.cerificate.SslCertification;
import com.qnapcomm.debugtools.DebugLog;
import java.io.UnsupportedEncodingException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.DERTaggedObject;
import org.bouncycastle.asn1.DERUTF8String;

/* loaded from: classes.dex */
public class HttpRequestSSLUtil implements X509TrustManager {
    static final /* synthetic */ boolean $assertionsDisabled;
    public static final String DEFAULT_COMMANDSSL = "https://127.0.0.1/";
    public static final int DEFAULT_TIMEOUT = 6000;
    public static final int STATE_CONNECTION_TIMEOUT = 4;
    public static final int STATE_NETWORK_DISCONNECTED = 3;
    public static final int STATE_RESULT_ERROR = 2;
    public static final int STATE_RESULT_OK = 1;
    public static final int STATE_UNEXCEPTED_EXCEPTION = 8;
    public static final int STATE_VERIFY_CERTIFICATE_VALID = 1;
    public static final int STATE_VERIFY_FAIL = 3;
    public static final int STATE_VERIFY_NONE = 0;
    public static final int STATE_VERIFY_WHITE_LIST = 2;
    private HashMap<String, String> commonNameList;
    private Context context;
    private boolean keepCertificate;
    private String serverId;
    private TrustManager[] trustManager;
    private int verifyStatus;

    static {
        $assertionsDisabled = !HttpRequestSSLUtil.class.desiredAssertionStatus();
    }

    public HttpRequestSSLUtil(Context context) {
        this(context, "", false);
    }

    public HttpRequestSSLUtil(Context context, String str) {
        this(context, str, false);
    }

    public HttpRequestSSLUtil(Context context, String str, boolean z) {
        this.verifyStatus = 3;
        this.keepCertificate = false;
        this.serverId = "";
        this.commonNameList = new HashMap<>();
        if (context != null) {
            this.context = context;
        }
        this.keepCertificate = z;
        this.serverId = str;
    }

    private boolean checkChain(X509Certificate[] x509CertificateArr) {
        return CertificateHelper.getCertification(this.serverId) != null;
    }

    private List<String> getSubjectAlternativeNames(X509Certificate x509Certificate) {
        ArrayList arrayList = new ArrayList();
        try {
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            if (subjectAlternativeNames == null) {
                return Collections.emptyList();
            }
            for (List<?> list : subjectAlternativeNames) {
                Integer num = (Integer) list.get(0);
                if (num.intValue() == 0 || num.intValue() == 2) {
                    ASN1InputStream aSN1InputStream = null;
                    try {
                        if (list.toArray()[1] instanceof byte[]) {
                            aSN1InputStream = new ASN1InputStream((byte[]) list.toArray()[1]);
                        } else if (list.toArray()[1] instanceof String) {
                            arrayList.add((String) list.toArray()[1]);
                        }
                        if (aSN1InputStream != null) {
                            arrayList.add(((DERUTF8String) ((DERTaggedObject) ((DERTaggedObject) ((DERSequence) aSN1InputStream.readObject()).getObjectAt(1)).getObject()).getObject()).getString());
                        }
                    } catch (UnsupportedEncodingException e) {
                        Log.d("SSL", "Error decoding subjectAltName" + e.getLocalizedMessage());
                    } catch (Exception e2) {
                        Log.d("SSL", "Error decoding subjectAltName" + e2.getLocalizedMessage());
                    }
                } else {
                    Log.d("SSL", "SubjectAltName of invalid type found: " + x509Certificate);
                }
            }
            return arrayList;
        } catch (CertificateParsingException e3) {
            Log.d("SSL", "Error parsing SubjectAltName in certificate: " + x509Certificate + "\r\nerror:" + e3.getLocalizedMessage());
            return arrayList;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean isValidHostName(String str) {
        if (this.commonNameList == null || this.commonNameList.size() == 0 || str == null) {
            return false;
        }
        String lowerCase = str.toLowerCase();
        Iterator<String> it = this.commonNameList.keySet().iterator();
        while (it.hasNext()) {
            String str2 = this.commonNameList.get(it.next());
            if (str2.equalsIgnoreCase(lowerCase)) {
                return true;
            }
            if (str2.startsWith("*.") && lowerCase.endsWith(str2.substring(2).toLowerCase())) {
                return true;
            }
        }
        return false;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        DebugLog.log(" checkClientTrusted() called");
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        int indexOf;
        if (this.verifyStatus == 0) {
            return;
        }
        if (!$assertionsDisabled && x509CertificateArr == null) {
            throw new AssertionError();
        }
        if (x509CertificateArr == null) {
            this.verifyStatus = 3;
            throw new IllegalArgumentException("checkServerTrusted: X509Certificate array is null");
        }
        if (this.keepCertificate && this.serverId != null && !this.serverId.isEmpty()) {
            SslCertification sslCertification = new SslCertification();
            sslCertification.setServerUid(this.serverId);
            sslCertification.setIssuerDN(x509CertificateArr[0].getIssuerDN().toString());
            sslCertification.setNotAfter(x509CertificateArr[0].getNotAfter().toString());
            sslCertification.setNotBefore(x509CertificateArr[0].getNotBefore().toString());
            sslCertification.setPublicKey(x509CertificateArr[0].getPublicKey().toString());
            sslCertification.setSubjectDN(x509CertificateArr[0].getSubjectDN().toString());
            CertificateHelper.addCertification(this.serverId, sslCertification, this.context);
            this.verifyStatus = 2;
        }
        if (this.commonNameList != null) {
            this.commonNameList.clear();
        } else {
            this.commonNameList = new HashMap<>();
        }
        String principal = x509CertificateArr[0].getSubjectDN().toString();
        if (principal != null && !principal.isEmpty() && (indexOf = principal.indexOf("CN=")) >= 0) {
            String substring = principal.substring(indexOf + 3);
            int indexOf2 = substring.indexOf(",");
            String substring2 = indexOf2 >= 0 ? substring.substring(0, indexOf2) : substring;
            this.commonNameList.put(substring2, substring2);
        }
        List<String> subjectAlternativeNames = getSubjectAlternativeNames(x509CertificateArr[0]);
        if (subjectAlternativeNames != null && subjectAlternativeNames.size() > 0) {
            for (int i = 0; i < subjectAlternativeNames.size(); i++) {
                if (this.commonNameList.get(subjectAlternativeNames.get(i)) == null) {
                    this.commonNameList.put(subjectAlternativeNames.get(i), subjectAlternativeNames.get(i));
                }
            }
        }
        if (!$assertionsDisabled && x509CertificateArr.length <= 0) {
            throw new AssertionError();
        }
        if (x509CertificateArr.length <= 0) {
            this.verifyStatus = 3;
            throw new IllegalArgumentException("checkServerTrusted: X509Certificate is empty");
        }
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
            trustManagerFactory.init((KeyStore) null);
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                ((X509TrustManager) trustManager).checkServerTrusted(x509CertificateArr, str);
            }
            if (this.keepCertificate) {
                return;
            }
            if (checkChain(x509CertificateArr)) {
                this.verifyStatus = 2;
            } else {
                this.verifyStatus = 1;
            }
        } catch (CertificateException e) {
            if (!checkChain(x509CertificateArr)) {
                this.verifyStatus = 3;
                DebugLog.log(e);
                throw new CertificateException(e);
            }
            this.verifyStatus = 2;
        } catch (Exception e2) {
            this.verifyStatus = 3;
            DebugLog.log(e2);
            throw new CertificateException(e2);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        return null;
    }

    public void setConnectionInfo(HttpsURLConnection httpsURLConnection) {
        if (httpsURLConnection != null) {
            httpsURLConnection.setHostnameVerifier(new HostnameVerifier() { // from class: com.qnapcomm.util.HttpRequestSSLUtil.1
                @Override // javax.net.ssl.HostnameVerifier
                public boolean verify(String str, SSLSession sSLSession) {
                    if (HttpRequestSSLUtil.this.verifyStatus == 2 || HttpRequestSSLUtil.this.verifyStatus == 0) {
                        return true;
                    }
                    return HttpRequestSSLUtil.this.verifyStatus == 1 && HttpRequestSSLUtil.this.isValidHostName(str);
                }
            });
        }
        SSLContext sSLContext = null;
        if (this.trustManager == null) {
            this.trustManager = new TrustManager[]{this};
        }
        try {
            sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, this.trustManager, new SecureRandom());
        } catch (KeyManagementException e) {
            DebugLog.log(e);
        } catch (NoSuchAlgorithmException e2) {
            DebugLog.log(e2);
        }
        if (httpsURLConnection != null) {
            httpsURLConnection.setSSLSocketFactory(sSLContext.getSocketFactory());
        }
    }

    public void setVerifierState(int i) {
        this.verifyStatus = i;
    }
}
