package com.synology.sylib.sycertificatemanager.interceptor;

import android.content.Context;
import com.synology.sylib.sycertificatemanager.CertificateStorageManager;
import com.synology.sylib.sycertificatemanager.hostverifier.SynoHostnameVerifier;
import com.synology.sylib.sycertificatemanager.trustmanager.SynoTrustManager;
import com.synology.sylib.sycertificatemanager.util.CertificateVerifierHelper;
import com.synology.sylib.syhttp3.SyHttpClient;
import java.io.IOException;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.List;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import okhttp3.Handshake;
import okhttp3.Interceptor;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.Response;

/* loaded from: classes2.dex */
public class SynoCertificateInterceptor implements Interceptor {
    private Context mContext;
    private SynoHostnameVerifier mHostnameVerifier;
    private SynoTrustManager mTrustManager;
    private boolean mUpdateCurrentX509Certificate = true;
    private String mUserInputAddress;

    public SynoCertificateInterceptor(SyHttpClient syHttpClient, Context context, String str) {
        this.mContext = context.getApplicationContext();
        this.mUserInputAddress = str;
        SynoHostnameVerifier synoHostnameVerifier = new SynoHostnameVerifier(this.mContext, this.mUserInputAddress);
        this.mHostnameVerifier = synoHostnameVerifier;
        syHttpClient.setHostnameVerifier(synoHostnameVerifier);
        setSSlSocketFactory(syHttpClient);
    }

    public SynoCertificateInterceptor(OkHttpClient.Builder builder, Context context, String str) {
        this.mContext = context.getApplicationContext();
        this.mUserInputAddress = str;
        SynoHostnameVerifier synoHostnameVerifier = new SynoHostnameVerifier(this.mContext, this.mUserInputAddress);
        this.mHostnameVerifier = synoHostnameVerifier;
        builder.hostnameVerifier(synoHostnameVerifier);
        setSSlSocketFactory(builder);
    }

    private SSLSocketFactory getSocketFactory() {
        this.mTrustManager = new SynoTrustManager(this.mContext, this.mUserInputAddress);
        try {
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(null, new TrustManager[]{this.mTrustManager}, new SecureRandom());
            return sSLContext.getSocketFactory();
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    private void setCurrentX509Certificate(List<Certificate> list) {
        if (list.size() < 1) {
            return;
        }
        CertificateStorageManager.setCurrentUsedX509Certificate((X509Certificate) list.get(0));
    }

    private void setSSlSocketFactory(SyHttpClient syHttpClient) {
        SSLSocketFactory socketFactory = getSocketFactory();
        if (socketFactory != null) {
            X509TrustManager x509TrustManager = SynoTrustManager.getX509TrustManager();
            if (x509TrustManager != null) {
                syHttpClient.setSslSocketFactory(socketFactory, x509TrustManager);
            } else {
                syHttpClient.setSslSocketFactory(socketFactory);
            }
        }
    }

    private void setSSlSocketFactory(OkHttpClient.Builder builder) {
        SSLSocketFactory socketFactory = getSocketFactory();
        if (socketFactory != null) {
            X509TrustManager x509TrustManager = SynoTrustManager.getX509TrustManager();
            if (x509TrustManager != null) {
                builder.sslSocketFactory(socketFactory, x509TrustManager);
            } else {
                builder.sslSocketFactory(socketFactory);
            }
        }
    }

    @Override // okhttp3.Interceptor
    public Response intercept(Interceptor.Chain chain) throws IOException {
        Request request = chain.request();
        boolean z = this.mUpdateCurrentX509Certificate;
        boolean isHttps = request.url().isHttps();
        String host = request.url().host();
        Response proceed = chain.proceed(request);
        Handshake handshake = proceed.handshake();
        if (isHttps && handshake != null) {
            List<Certificate> peerCertificates = handshake.peerCertificates();
            if (peerCertificates.size() == 0) {
                return proceed;
            }
            if (z) {
                setCurrentX509Certificate(peerCertificates);
            }
            CertificateVerifierHelper.verifyCertificate(this.mContext, this.mUserInputAddress, host, this.mTrustManager, this.mHostnameVerifier, peerCertificates);
        }
        return proceed;
    }

    public void setUpdateCurrentX509Certificate(boolean z) {
        this.mUpdateCurrentX509Certificate = z;
    }
}
