package com.synology.sylib.syhttp.interceptors;

import android.text.TextUtils;
import com.squareup.okhttp.Connection;
import com.squareup.okhttp.Interceptor;
import com.squareup.okhttp.Request;
import com.squareup.okhttp.Response;
import com.synology.sylib.syhttp.exceptions.CertificateFingerprintException;
import com.synology.sylib.syhttp.util.CertificateUtil;
import com.synology.sylib.util.IOUtils;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.Locale;

/* loaded from: classes2.dex */
public class CertificateInterceptor implements Interceptor {
    private static final String TAG = CertificateInterceptor.class.getSimpleName();
    private boolean mVerifyFingerprint = true;

    private String byteArrayToHexString(byte[] bArr) {
        StringBuilder sb = new StringBuilder(bArr.length * 2);
        for (byte b : bArr) {
            int i = b & 255;
            if (sb.length() > 0) {
                sb.append(" ");
            }
            if (i < 16) {
                sb.append('0');
            }
            sb.append(Integer.toHexString(i).toUpperCase(Locale.ENGLISH));
        }
        return sb.toString();
    }

    private String toSHA1String(X509Certificate x509Certificate) throws IOException {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
            messageDigest.update(x509Certificate.getEncoded());
            return byteArrayToHexString(messageDigest.digest());
        } catch (NoSuchAlgorithmException e) {
            throw new IOException(e);
        } catch (CertificateEncodingException e2) {
            throw new IOException(e2);
        }
    }

    @Override // com.squareup.okhttp.Interceptor
    public Response intercept(Interceptor.Chain chain) throws IOException {
        Connection connection;
        Request request = chain.request();
        String header = request.header(RelayInterceptor.SYNO_REQUEST_HOST);
        if (TextUtils.isEmpty(header)) {
            header = request.url().getHost();
        }
        if (!TextUtils.isEmpty(header) && request.isHttps() && this.mVerifyFingerprint && (connection = chain.connection()) != null) {
            List<Certificate> peerCertificates = connection.getHandshake().peerCertificates();
            if (peerCertificates.size() > 0) {
                String fingerprint = CertificateUtil.getFingerprint(header);
                String sHA1String = toSHA1String((X509Certificate) peerCertificates.get(0));
                if (TextUtils.isEmpty(fingerprint)) {
                    CertificateUtil.putFingerprint(header, sHA1String);
                } else if (!TextUtils.equals(fingerprint, sHA1String)) {
                    IOUtils.closeSilently(connection.getSocket());
                    throw new CertificateFingerprintException(header, fingerprint, sHA1String);
                }
            }
        }
        return chain.proceed(request);
    }

    public boolean isVerifyFingerprint() {
        return this.mVerifyFingerprint;
    }

    public void setVerifyFingerprint(boolean z) {
        this.mVerifyFingerprint = z;
    }
}
