package org.littleshoot.proxy.mitm;

import com.google.common.cache.CacheBuilder;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.FileWriter;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.Writer;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.concurrent.Callable;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.TrustManager;
import net.lightbody.bmp.mitm.util.MitmConstants;
import org.littleshoot.proxy.q;

/* loaded from: classes.dex */
public class b implements q {

    /* renamed from: a, reason: collision with root package name */
    private static final org.slf4j.b f1656a = org.slf4j.c.a((Class<?>) b.class);
    private final a b;
    private final boolean c;
    private final boolean d;
    private SSLContext e;
    private Certificate f;
    private PrivateKey g;
    private com.google.common.cache.b<String, SSLContext> h;

    public b(a aVar, boolean z, boolean z2) {
        this(aVar, z, z2, a());
    }

    public b(a aVar, boolean z, boolean z2, com.google.common.cache.b<String, SSLContext> bVar) {
        this.b = aVar;
        this.c = z;
        this.d = z2;
        this.h = bVar;
        b();
        c();
    }

    private static com.google.common.cache.b<String, SSLContext> a() {
        return CacheBuilder.a().b(5L, TimeUnit.MINUTES).a(16).o();
    }

    private void a(File file, Object... objArr) {
        org.bouncycastle.openssl.a.c cVar;
        FileWriter fileWriter;
        try {
            fileWriter = new FileWriter(file);
            try {
                cVar = new org.bouncycastle.openssl.a.c(fileWriter);
                try {
                    for (Object obj : objArr) {
                        cVar.a(obj);
                        cVar.flush();
                    }
                    org.apache.commons.io.b.a((Writer) cVar);
                    org.apache.commons.io.b.a((Writer) fileWriter);
                } catch (Throwable th) {
                    th = th;
                    org.apache.commons.io.b.a((Writer) cVar);
                    org.apache.commons.io.b.a((Writer) fileWriter);
                    throw th;
                }
            } catch (Throwable th2) {
                th = th2;
                cVar = null;
            }
        } catch (Throwable th3) {
            th = th3;
            cVar = null;
            fileWriter = null;
        }
    }

    private void a(SSLEngine sSLEngine) {
        LinkedList linkedList = new LinkedList();
        for (String str : sSLEngine.getEnabledCipherSuites()) {
            if (str.equals("TLS_DHE_RSA_WITH_AES_128_CBC_SHA") || str.equals("TLS_DHE_RSA_WITH_AES_256_CBC_SHA")) {
                f1656a.b("Removed cipher {}", str);
            } else {
                linkedList.add(str);
            }
        }
        sSLEngine.setEnabledCipherSuites((String[]) linkedList.toArray(new String[linkedList.size()]));
        if (f1656a.b()) {
            if (sSLEngine.getUseClientMode()) {
                f1656a.a("Enabled server cipher suites:");
            } else {
                f1656a.b("Enabled client {}:{} cipher suites:", sSLEngine.getPeerHost(), Integer.valueOf(sSLEngine.getPeerPort()));
            }
            Iterator it = linkedList.iterator();
            while (it.hasNext()) {
                f1656a.a((String) it.next());
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public SSLContext b(String str, g gVar) {
        f fVar = new f();
        SSLContext a2 = c.a(c.a(c.a(str, gVar, this.b, this.f, this.g), this.b));
        f1656a.c("Impersonated {} in {}ms", str, fVar);
        return a2;
    }

    private void b() {
        if (this.b.a(".p12").exists() && this.b.a(".pem").exists()) {
            return;
        }
        f fVar = new f();
        KeyStore a2 = c.a(this.b, MitmConstants.DEFAULT_KEYSTORE_TYPE);
        f1656a.c("Created root certificate authority key store in {}ms", fVar);
        FileOutputStream fileOutputStream = null;
        try {
            FileOutputStream fileOutputStream2 = new FileOutputStream(this.b.a(".p12"));
            try {
                a2.store(fileOutputStream2, this.b.b());
                org.apache.commons.io.b.a((OutputStream) fileOutputStream2);
                a(this.b.a(".pem"), a2.getCertificate(this.b.a()));
            } catch (Throwable th) {
                th = th;
                fileOutputStream = fileOutputStream2;
                org.apache.commons.io.b.a((OutputStream) fileOutputStream);
                throw th;
            }
        } catch (Throwable th2) {
            th = th2;
        }
    }

    private boolean b(SSLEngine sSLEngine) {
        for (Method method : SSLParameters.class.getMethods()) {
            if ("setEndpointIdentificationAlgorithm".equals(method.getName())) {
                SSLParameters sSLParameters = new SSLParameters();
                try {
                    method.invoke(sSLParameters, "HTTPS");
                    sSLEngine.setSSLParameters(sSLParameters);
                    return true;
                } catch (IllegalAccessException | InvocationTargetException e) {
                    f1656a.a("SSLParameters#setEndpointIdentificationAlgorithm", e);
                    return false;
                }
            }
        }
        return false;
    }

    private void c() {
        KeyStore d = d();
        this.f = d.getCertificate(this.b.a());
        this.g = (PrivateKey) d.getKey(this.b.a(), this.b.b());
        this.e = c.a(this.d ? c.a(d, this.b) : new KeyManager[0], this.c ? io.netty.handler.ssl.util.b.f1222a.getTrustManagers() : new TrustManager[]{new e(d)});
        if (b(this.e.createSSLEngine())) {
            return;
        }
        f1656a.c("Host Name Verification is not supported, causes insecure HTTPS connection to upstream servers.");
    }

    private KeyStore d() {
        KeyStore keyStore = KeyStore.getInstance(MitmConstants.DEFAULT_KEYSTORE_TYPE);
        FileInputStream fileInputStream = null;
        try {
            FileInputStream fileInputStream2 = new FileInputStream(this.b.a(".p12"));
            try {
                keyStore.load(fileInputStream2, this.b.b());
                org.apache.commons.io.b.a((InputStream) fileInputStream2);
                return keyStore;
            } catch (Throwable th) {
                th = th;
                fileInputStream = fileInputStream2;
                org.apache.commons.io.b.a((InputStream) fileInputStream);
                throw th;
            }
        } catch (Throwable th2) {
            th = th2;
        }
    }

    public SSLEngine a(String str, int i) {
        SSLEngine createSSLEngine = this.e.createSSLEngine(str, i);
        createSSLEngine.setUseClientMode(true);
        if (!b(createSSLEngine)) {
            f1656a.a("Host Name Verification is not supported, causes insecure HTTPS connection");
        }
        a(createSSLEngine);
        return createSSLEngine;
    }

    public SSLEngine a(final String str, final g gVar) {
        if (str == null) {
            throw new IllegalArgumentException("Error, 'commonName' is not allowed to be null!");
        }
        if (gVar == null) {
            throw new IllegalArgumentException("Error, 'subjectAlternativeNames' is not allowed to be null!");
        }
        return (this.h == null ? b(str, gVar) : this.h.a((com.google.common.cache.b<String, SSLContext>) str, new Callable<SSLContext>() { // from class: org.littleshoot.proxy.mitm.b.1
            @Override // java.util.concurrent.Callable
            /* renamed from: a, reason: merged with bridge method [inline-methods] */
            public SSLContext call() {
                return b.this.b(str, gVar);
            }
        })).createSSLEngine();
    }

    @Override // org.littleshoot.proxy.q
    public SSLEngine newSslEngine() {
        SSLEngine createSSLEngine = this.e.createSSLEngine();
        a(createSSLEngine);
        return createSSLEngine;
    }
}
