package com.synology.assistant.data.remote;

import android.text.TextUtils;
import com.synology.assistant.util.StringUtil;
import com.synology.sylib.syhttp3.exceptions.CertificateFingerprintException;
import com.synology.sylib.syhttp3.util.CertificateUtil;
import com.synology.sylib.util.IOUtils;
import java.io.IOException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.List;
import okhttp3.Connection;
import okhttp3.Interceptor;
import okhttp3.Request;
import okhttp3.Response;

/* loaded from: classes.dex */
public class CertificateInterceptor implements Interceptor {
    private static final String TAG = "CertificateInterceptor";
    private boolean mVerifyFingerprint = true;

    @Override // okhttp3.Interceptor
    public Response intercept(Interceptor.Chain chain) throws IOException {
        Connection connection;
        Request request = chain.request();
        if (!this.mVerifyFingerprint || !request.isHttps()) {
            return chain.proceed(request);
        }
        String header = request.header(com.synology.sylib.syhttp3.interceptors.RelayInterceptor.SYNO_REQUEST_HOST);
        if (TextUtils.isEmpty(header)) {
            header = request.url().url().getHost();
        }
        if (!TextUtils.isEmpty(header) && (connection = chain.connection()) != null) {
            List<Certificate> peerCertificates = connection.handshake().peerCertificates();
            if (peerCertificates.size() > 0) {
                String fingerprint = CertificateUtil.getFingerprint(header);
                X509Certificate x509Certificate = (X509Certificate) peerCertificates.get(0);
                String certificateSHA1String = StringUtil.getCertificateSHA1String(x509Certificate);
                if (TextUtils.isEmpty(fingerprint)) {
                    CertificateUtil.putFingerprint(header, certificateSHA1String);
                } else if (!TextUtils.equals(fingerprint, certificateSHA1String)) {
                    if (!MyVerifyCertsManager.isLegalCertFingerPrint(header, x509Certificate)) {
                        IOUtils.closeSilently(connection.socket());
                        throw new CertificateFingerprintException(header, fingerprint, certificateSHA1String);
                    }
                    CertificateUtil.putFingerprint(header, certificateSHA1String);
                }
            }
        }
        return chain.proceed(request);
    }

    public boolean isVerifyFingerprint() {
        return this.mVerifyFingerprint;
    }

    public void setVerifyFingerprint(boolean z) {
        this.mVerifyFingerprint = z;
    }
}
