package com.qnap.util;

import android.content.Context;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.qnap.cerificate.CertificateHelper;
import com.qnap.cerificate.SslCertification;
import com.qnap.debugtools.DebugLog;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: classes.dex */
public class HttpRequestSSLUtil implements X509TrustManager {
    static final /* synthetic */ boolean $assertionsDisabled;
    public static final String DEFAULT_COMMANDSSL = "https://127.0.0.1/";
    public static final int DEFAULT_TIMEOUT = 6000;
    public static final int STATE_CONNECTION_TIMEOUT = 4;
    public static final int STATE_NETWORK_DISCONNECTED = 3;
    public static final int STATE_RESULT_ERROR = 2;
    public static final int STATE_RESULT_OK = 1;
    public static final int STATE_UNEXCEPTED_EXCEPTION = 8;
    public static final int STATE_VERIFY_CERTIFICATE_VALID = 1;
    public static final int STATE_VERIFY_FAIL = 3;
    public static final int STATE_VERIFY_NONE = 0;
    public static final int STATE_VERIFY_WHITE_LIST = 2;
    private String commonName;
    private Context context;
    private boolean keepCertificate;
    private String serverId;
    private TrustManager[] trustManager;
    private int verifyStatus;

    static {
        $assertionsDisabled = !HttpRequestSSLUtil.class.desiredAssertionStatus();
    }

    public HttpRequestSSLUtil(Context context) {
        this(context, JsonProperty.USE_DEFAULT_NAME, false);
    }

    public HttpRequestSSLUtil(Context context, String str) {
        this(context, str, false);
    }

    public HttpRequestSSLUtil(Context context, String str, boolean z) {
        this.verifyStatus = 3;
        this.keepCertificate = false;
        this.commonName = JsonProperty.USE_DEFAULT_NAME;
        this.serverId = JsonProperty.USE_DEFAULT_NAME;
        if (context != null) {
            this.context = context;
        }
        this.keepCertificate = z;
        this.serverId = str;
    }

    private boolean checkChain(X509Certificate[] x509CertificateArr) {
        return CertificateHelper.getCertification(this.serverId) != null;
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        DebugLog.log(" checkClientTrusted() called");
    }

    @Override // javax.net.ssl.X509TrustManager
    public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        int indexOf;
        String substring;
        int indexOf2;
        DebugLog.log(" checkServerTrusted() called");
        if (this.verifyStatus == 0) {
            return;
        }
        if (!$assertionsDisabled && x509CertificateArr == null) {
            throw new AssertionError();
        }
        if (x509CertificateArr == null) {
            this.verifyStatus = 3;
            throw new IllegalArgumentException("checkServerTrusted: X509Certificate array is null");
        }
        if (this.keepCertificate) {
            SslCertification sslCertification = new SslCertification();
            sslCertification.setServerUid(this.serverId);
            sslCertification.setIssuerDN(x509CertificateArr[0].getIssuerDN().toString());
            sslCertification.setNotAfter(x509CertificateArr[0].getNotAfter().toString());
            sslCertification.setNotBefore(x509CertificateArr[0].getNotBefore().toString());
            sslCertification.setPublicKey(x509CertificateArr[0].getPublicKey().toString());
            sslCertification.setSubjectDN(x509CertificateArr[0].getSubjectDN().toString());
            CertificateHelper.addCertification(this.serverId, sslCertification, this.context);
            this.verifyStatus = 2;
        }
        String principal = x509CertificateArr[0].getSubjectDN().toString();
        if (principal != null && !principal.isEmpty() && (indexOf = principal.indexOf("CN=")) >= 0 && (indexOf2 = (substring = principal.substring(indexOf + 3)).indexOf(",")) >= 0) {
            this.commonName = substring.substring(0, indexOf2);
        }
        if (!$assertionsDisabled && x509CertificateArr.length <= 0) {
            throw new AssertionError();
        }
        if (x509CertificateArr.length <= 0) {
            this.verifyStatus = 3;
            throw new IllegalArgumentException("checkServerTrusted: X509Certificate is empty");
        }
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509");
            trustManagerFactory.init((KeyStore) null);
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                ((X509TrustManager) trustManager).checkServerTrusted(x509CertificateArr, str);
            }
            if (this.keepCertificate) {
                return;
            }
            this.verifyStatus = 1;
        } catch (CertificateException e) {
            if (!checkChain(x509CertificateArr)) {
                this.verifyStatus = 3;
                DebugLog.log(e);
                throw new CertificateException(e);
            }
            this.verifyStatus = 2;
        } catch (Exception e2) {
            this.verifyStatus = 3;
            DebugLog.log(e2);
            throw new CertificateException(e2);
        }
    }

    @Override // javax.net.ssl.X509TrustManager
    public X509Certificate[] getAcceptedIssuers() {
        DebugLog.log(" getAcceptedIssuers() called");
        return null;
    }

    public String getCommonName() {
        return this.commonName;
    }

    public void setConnectionInfo(HttpsURLConnection httpsURLConnection) {
        if (httpsURLConnection != null) {
            httpsURLConnection.setHostnameVerifier(new HostnameVerifier() { // from class: com.qnap.util.HttpRequestSSLUtil.1
                @Override // javax.net.ssl.HostnameVerifier
                public boolean verify(String str, SSLSession sSLSession) {
                    if (HttpRequestSSLUtil.this.verifyStatus == 2 || HttpRequestSSLUtil.this.verifyStatus == 0) {
                        return true;
                    }
                    if (HttpRequestSSLUtil.this.verifyStatus == 1) {
                        return (HttpRequestSSLUtil.this.commonName == null || HttpRequestSSLUtil.this.commonName.isEmpty() || !HttpRequestSSLUtil.this.commonName.equals(str)) ? false : true;
                    }
                    return false;
                }
            });
        }
        SSLContext sSLContext = null;
        if (this.trustManager == null) {
            this.trustManager = new TrustManager[]{this};
        }
        try {
            sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, this.trustManager, new SecureRandom());
        } catch (KeyManagementException e) {
            DebugLog.log(e);
        } catch (NoSuchAlgorithmException e2) {
            DebugLog.log(e2);
        }
        if (httpsURLConnection != null) {
            httpsURLConnection.setSSLSocketFactory(sSLContext.getSocketFactory());
        }
    }

    public void setVerifierState(int i) {
        this.verifyStatus = i;
    }
}
