package org.littleshoot.proxy.mitm;

import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import com.huawei.mobile.weaccess.certificate.WeaccessCertificateUtils;
import com.huawei.mobile.weaccess.sdk.Weaccess;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.concurrent.Callable;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.TrustManager;
import org.apache.commons.io.IOUtils;
import org.littleshoot.proxy.SslEngineSource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes4.dex */
public class BouncyCastleSslEngineSource implements SslEngineSource {
    private static final String CER_FILE_EXTENSION = ".cer";
    private static final String KEY_STORE_FILE_EXTENSION = ".p12";
    private static final String KEY_STORE_TYPE = "PKCS12";
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) BouncyCastleSslEngineSource.class);
    private final Authority authority;
    private Certificate caCert;
    private PrivateKey caPrivKey;
    private final boolean sendCerts;
    private Cache<String, SSLContext> serverSSLContexts;
    private SSLContext sslContext;
    private final boolean trustAllServers;
    private TrustManager trustManager;

    public BouncyCastleSslEngineSource(Authority authority, boolean z2, boolean z3) throws RootCertificateException, GeneralSecurityException, IOException {
        this(authority, z2, z3, initDefaultCertificateCache());
    }

    public BouncyCastleSslEngineSource(Authority authority, boolean z2, boolean z3, Cache<String, SSLContext> cache) throws GeneralSecurityException, RootCertificateException, IOException {
        this.authority = authority;
        this.trustAllServers = z2;
        this.sendCerts = z3;
        this.serverSSLContexts = cache;
        initializeSSLContext();
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Not initialized variable reg: 3, insn: 0x00b1: MOVE (r2 I:??[OBJECT, ARRAY]) = (r3 I:??[OBJECT, ARRAY]), block:B:33:0x00b1 */
    /* JADX WARN: Type inference failed for: r4v0, types: [java.lang.Exception] */
    /* JADX WARN: Type inference failed for: r4v1, types: [java.lang.Exception] */
    /* JADX WARN: Type inference failed for: r4v11, types: [java.lang.Exception] */
    /* JADX WARN: Type inference failed for: r4v14 */
    /* JADX WARN: Type inference failed for: r4v15 */
    /* JADX WARN: Type inference failed for: r4v2 */
    /* JADX WARN: Type inference failed for: r4v8, types: [java.io.InputStream] */
    public SSLContext createServerContext(String str) throws GeneralSecurityException, IOException {
        InputStream inputStream;
        InputStream inputStream2;
        FileInputStream fileInputStream;
        Exception e2;
        MillisecondsDuration millisecondsDuration = new MillisecondsDuration();
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        InputStream inputStream3 = null;
        try {
            try {
                inputStream = this.authority.getmContext().getAssets().open("weaccess/raw/weaccess_server.p12");
                try {
                    keyStore.load(inputStream, this.authority.codeByte());
                } catch (Exception e3) {
                    e = e3;
                    try {
                        String packageName = this.authority.getmContext().getPackageName();
                        LOG.error("createServerContext fail,packageName is " + packageName + " exception is " + e.getMessage());
                    } catch (Throwable th) {
                        th = th;
                        inputStream3 = e;
                    }
                    try {
                        fileInputStream = new FileInputStream(WeaccessCertificateUtils.getWeaccessServerp12Path());
                        try {
                            keyStore.load(fileInputStream, this.authority.codeByte());
                            e = fileInputStream;
                        } catch (Exception e4) {
                            e2 = e4;
                            LOG.error("Load local file:" + e2.getMessage());
                            e = fileInputStream;
                            IOUtils.closeQuietly((InputStream) e);
                            IOUtils.closeQuietly(inputStream);
                            SSLContext newServerContext = CertificateHelper.newServerContext(CertificateHelper.getKeyManagers(keyStore, this.authority));
                            LOG.info("Impersonated {} in {}ms", str, millisecondsDuration);
                            return newServerContext;
                        }
                    } catch (Exception e5) {
                        fileInputStream = null;
                        e2 = e5;
                    } catch (Throwable th2) {
                        th = th2;
                        IOUtils.closeQuietly(inputStream3);
                        throw th;
                    }
                    IOUtils.closeQuietly((InputStream) e);
                    IOUtils.closeQuietly(inputStream);
                    SSLContext newServerContext2 = CertificateHelper.newServerContext(CertificateHelper.getKeyManagers(keyStore, this.authority));
                    LOG.info("Impersonated {} in {}ms", str, millisecondsDuration);
                    return newServerContext2;
                }
            } catch (Throwable th3) {
                th = th3;
                inputStream3 = inputStream2;
                IOUtils.closeQuietly(inputStream3);
                throw th;
            }
        } catch (Exception e6) {
            e = e6;
            inputStream = null;
        } catch (Throwable th4) {
            th = th4;
            IOUtils.closeQuietly(inputStream3);
            throw th;
        }
        IOUtils.closeQuietly(inputStream);
        SSLContext newServerContext22 = CertificateHelper.newServerContext(CertificateHelper.getKeyManagers(keyStore, this.authority));
        LOG.info("Impersonated {} in {}ms", str, millisecondsDuration);
        return newServerContext22;
    }

    private void filterWeakCipherSuites(SSLEngine sSLEngine) {
        LinkedList linkedList = new LinkedList();
        for (String str : sSLEngine.getEnabledCipherSuites()) {
            if (str.equals("TLS_DHE_RSA_WITH_AES_128_CBC_SHA") || str.equals("TLS_DHE_RSA_WITH_AES_256_CBC_SHA")) {
                LOG.debug("Removed cipher {}", str);
            } else {
                linkedList.add(str);
            }
        }
        sSLEngine.setEnabledCipherSuites((String[]) linkedList.toArray(new String[linkedList.size()]));
        Logger logger = LOG;
        if (logger.isDebugEnabled()) {
            if (sSLEngine.getUseClientMode()) {
                logger.debug("Enabled server cipher suites:");
            } else {
                logger.debug("Enabled client {}:{} cipher suites:", sSLEngine.getPeerHost(), Integer.valueOf(sSLEngine.getPeerPort()));
            }
            Iterator it = linkedList.iterator();
            while (it.hasNext()) {
                LOG.debug((String) it.next());
            }
        }
    }

    private static Cache<String, SSLContext> initDefaultCertificateCache() {
        return CacheBuilder.newBuilder().expireAfterAccess(5L, TimeUnit.MINUTES).concurrencyLevel(16).build();
    }

    private void initializeSSLContext() throws GeneralSecurityException, IOException {
        KeyStore loadKeyStore = loadKeyStore();
        this.caCert = loadKeyStore.getCertificate(this.authority.alias());
        this.caPrivKey = (PrivateKey) loadKeyStore.getKey(this.authority.alias(), this.authority.codeByte());
        TrustManager[] trustManagers = this.trustAllServers ? InsecureTrustManagerFactory.INSTANCE.getTrustManagers() : new TrustManager[]{new MergeTrustManager(loadKeyStore)};
        if (trustManagers.length > 0) {
            this.trustManager = trustManagers[0];
        }
        SSLContext newClientContext = CertificateHelper.newClientContext(this.sendCerts ? CertificateHelper.getKeyManagers(loadKeyStore, this.authority) : new KeyManager[0], trustManagers);
        this.sslContext = newClientContext;
        if (tryHostNameVerificationJava7(newClientContext.createSSLEngine())) {
            return;
        }
        LOG.warn("Host Name Verification is not supported, causes insecure HTTPS connection to upstream servers.");
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r3v0, types: [java.lang.Exception] */
    /* JADX WARN: Type inference failed for: r3v1, types: [java.lang.Exception] */
    /* JADX WARN: Type inference failed for: r3v11, types: [java.lang.Exception] */
    /* JADX WARN: Type inference failed for: r3v14 */
    /* JADX WARN: Type inference failed for: r3v15 */
    /* JADX WARN: Type inference failed for: r3v2 */
    /* JADX WARN: Type inference failed for: r3v8, types: [java.io.InputStream] */
    private synchronized KeyStore loadKeyStore() throws GeneralSecurityException, IOException {
        InputStream inputStream;
        FileInputStream fileInputStream;
        Exception e2;
        if (Weaccess.keyStore != null) {
            LOG.warn("keyStore is not null");
            return Weaccess.keyStore;
        }
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        InputStream inputStream2 = null;
        try {
            inputStream = this.authority.getmContext().getAssets().open("weaccess/raw/weaccessp12.p12");
            try {
                try {
                    keyStore.load(inputStream, this.authority.codeByte());
                    Weaccess.keyStore = keyStore;
                } catch (Exception e3) {
                    e = e3;
                    try {
                        String packageName = this.authority.getmContext().getPackageName();
                        LOG.error("Load loadKeyStore fail,packageName is " + packageName + " exception is " + e.getMessage());
                    } catch (Throwable th) {
                        th = th;
                        inputStream2 = e;
                    }
                    try {
                        fileInputStream = new FileInputStream(WeaccessCertificateUtils.getWeaccessp12Path());
                        try {
                            keyStore.load(fileInputStream, this.authority.codeByte());
                            Weaccess.keyStore = keyStore;
                            e = fileInputStream;
                        } catch (Exception e4) {
                            e2 = e4;
                            LOG.error("Load local file:" + e2.getMessage());
                            e = fileInputStream;
                            IOUtils.closeQuietly((InputStream) e);
                            IOUtils.closeQuietly(inputStream);
                            return keyStore;
                        }
                    } catch (Exception e5) {
                        fileInputStream = null;
                        e2 = e5;
                    } catch (Throwable th2) {
                        th = th2;
                        IOUtils.closeQuietly(inputStream2);
                        throw th;
                    }
                    IOUtils.closeQuietly((InputStream) e);
                    IOUtils.closeQuietly(inputStream);
                    return keyStore;
                }
            } catch (Throwable th3) {
                th = th3;
                inputStream2 = inputStream;
                IOUtils.closeQuietly(inputStream2);
                throw th;
            }
        } catch (Exception e6) {
            e = e6;
            inputStream = null;
        } catch (Throwable th4) {
            th = th4;
            IOUtils.closeQuietly(inputStream2);
            throw th;
        }
        IOUtils.closeQuietly(inputStream);
        return keyStore;
    }

    private boolean tryHostNameVerificationJava7(SSLEngine sSLEngine) {
        for (Method method : SSLParameters.class.getMethods()) {
            if ("setEndpointIdentificationAlgorithm".equals(method.getName())) {
                SSLParameters sSLParameters = new SSLParameters();
                try {
                    method.invoke(sSLParameters, "HTTPS");
                    sSLEngine.setSSLParameters(sSLParameters);
                    return true;
                } catch (IllegalAccessException e2) {
                    LOG.debug("SSLParameters#setEndpointIdentificationAlgorithm", (Throwable) e2);
                    return false;
                } catch (InvocationTargetException e3) {
                    LOG.debug("SSLParameters#setEndpointIdentificationAlgorithm", (Throwable) e3);
                    return false;
                }
            }
        }
        return false;
    }

    public SSLEngine createCertForHost(final String str) throws GeneralSecurityException, IOException, ExecutionException {
        if (str == null) {
            throw new IllegalArgumentException("Error, 'commonName' is not allowed to be null!");
        }
        Cache<String, SSLContext> cache = this.serverSSLContexts;
        return (cache == null ? createServerContext(str) : cache.get(str, new Callable<SSLContext>() { // from class: org.littleshoot.proxy.mitm.BouncyCastleSslEngineSource.1
            @Override // java.util.concurrent.Callable
            public SSLContext call() throws Exception {
                return BouncyCastleSslEngineSource.this.createServerContext(str);
            }
        })).createSSLEngine();
    }

    public Certificate getCaCert() {
        return this.caCert;
    }

    public SSLContext getSslContext() {
        return this.sslContext;
    }

    public TrustManager getTrustManager() {
        return this.trustManager;
    }

    @Override // org.littleshoot.proxy.SslEngineSource
    public SSLEngine newSslEngine() {
        SSLEngine createSSLEngine = this.sslContext.createSSLEngine();
        filterWeakCipherSuites(createSSLEngine);
        return createSSLEngine;
    }

    @Override // org.littleshoot.proxy.SslEngineSource
    public SSLEngine newSslEngine(String str, int i2) {
        SSLEngine createSSLEngine = this.sslContext.createSSLEngine(str, i2);
        createSSLEngine.setUseClientMode(true);
        if (!tryHostNameVerificationJava7(createSSLEngine)) {
            LOG.debug("Host Name Verification is not supported, causes insecure HTTPS connection");
        }
        filterWeakCipherSuites(createSSLEngine);
        return createSSLEngine;
    }
}
