package org.littleshoot.proxy.mitm;

import android.content.Context;
import com.huawei.welink.hotfix.common.PatchRedirect;
import com.huawei.welink.hotfix.common.RedirectParams;
import com.huawei.welink.hotfix.common.log.HotfixLogger;
import io.netty.handler.codec.http.HttpRequest;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSession;
import org.littleshoot.proxy.MitmManager;
import org.slf4j.c;
import org.slf4j.d;

/* loaded from: classes6.dex */
public class CertificateSniffingMitmManager implements MitmManager {
    public static PatchRedirect $PatchRedirect;
    private static final c LOG = d.a((Class<?>) CertificateSniffingMitmManager.class);
    private BouncyCastleSslEngineSource sslEngineSource;

    public CertificateSniffingMitmManager(Context context) {
        this(new Authority(context));
        PatchRedirect patchRedirect = $PatchRedirect;
        RedirectParams redirectParams = new RedirectParams("CertificateSniffingMitmManager(android.content.Context)", new Object[]{context}, this);
        if (patchRedirect == null || !patchRedirect.isSupport(redirectParams)) {
            return;
        }
        HotfixLogger.d("original class start invoke redirect accessDispatch method. methodId: CertificateSniffingMitmManager(android.content.Context)");
        patchRedirect.accessDispatch(redirectParams);
    }

    public CertificateSniffingMitmManager(Authority authority) {
        PatchRedirect patchRedirect = $PatchRedirect;
        RedirectParams redirectParams = new RedirectParams("CertificateSniffingMitmManager(org.littleshoot.proxy.mitm.Authority)", new Object[]{authority}, this);
        if (patchRedirect != null && patchRedirect.isSupport(redirectParams)) {
            HotfixLogger.d("original class start invoke redirect accessDispatch method. methodId: CertificateSniffingMitmManager(org.littleshoot.proxy.mitm.Authority)");
            patchRedirect.accessDispatch(redirectParams);
        } else {
            try {
                this.sslEngineSource = new BouncyCastleSslEngineSource(authority, false, true);
            } catch (Exception e2) {
                throw new RootCertificateException("Errors during assembling root CA.", e2);
            }
        }
    }

    private X509Certificate getCertificateFromSession(SSLSession sSLSession) {
        PatchRedirect patchRedirect = $PatchRedirect;
        RedirectParams redirectParams = new RedirectParams("getCertificateFromSession(javax.net.ssl.SSLSession)", new Object[]{sSLSession}, this);
        if (patchRedirect != null && patchRedirect.isSupport(redirectParams)) {
            HotfixLogger.d("original class start invoke redirect accessDispatch method. methodId: getCertificateFromSession(javax.net.ssl.SSLSession)");
            return (X509Certificate) patchRedirect.accessDispatch(redirectParams);
        }
        Certificate certificate = sSLSession.getPeerCertificates()[0];
        if (certificate instanceof X509Certificate) {
            return (X509Certificate) certificate;
        }
        throw new IllegalStateException("Required java.security.cert.X509Certificate, found: " + certificate);
    }

    private String getCommonName(X509Certificate x509Certificate) {
        PatchRedirect patchRedirect = $PatchRedirect;
        RedirectParams redirectParams = new RedirectParams("getCommonName(java.security.cert.X509Certificate)", new Object[]{x509Certificate}, this);
        if (patchRedirect != null && patchRedirect.isSupport(redirectParams)) {
            HotfixLogger.d("original class start invoke redirect accessDispatch method. methodId: getCommonName(java.security.cert.X509Certificate)");
            return (String) patchRedirect.accessDispatch(redirectParams);
        }
        LOG.debug("Subject DN principal name: {}", x509Certificate.getSubjectDN().getName());
        for (String str : x509Certificate.getSubjectDN().getName().split(",\\s*")) {
            if (str.startsWith("CN=")) {
                String substring = str.substring(3);
                LOG.debug("Common Name: {}", substring);
                return substring;
            }
        }
        throw new IllegalStateException("Missed CN in Subject DN: " + x509Certificate.getSubjectDN());
    }

    @Override // org.littleshoot.proxy.MitmManager
    public SSLEngine clientSslEngineFor(HttpRequest httpRequest, SSLSession sSLSession) {
        PatchRedirect patchRedirect = $PatchRedirect;
        RedirectParams redirectParams = new RedirectParams("clientSslEngineFor(io.netty.handler.codec.http.HttpRequest,javax.net.ssl.SSLSession)", new Object[]{httpRequest, sSLSession}, this);
        if (patchRedirect != null && patchRedirect.isSupport(redirectParams)) {
            HotfixLogger.d("original class start invoke redirect accessDispatch method. methodId: clientSslEngineFor(io.netty.handler.codec.http.HttpRequest,javax.net.ssl.SSLSession)");
            return (SSLEngine) patchRedirect.accessDispatch(redirectParams);
        }
        try {
            return this.sslEngineSource.createCertForHost(getCommonName(getCertificateFromSession(sSLSession)));
        } catch (Exception e2) {
            throw new FakeCertificateException("Creation dynamic certificate failed", e2);
        }
    }

    public BouncyCastleSslEngineSource getSslEngineSource() {
        PatchRedirect patchRedirect = $PatchRedirect;
        RedirectParams redirectParams = new RedirectParams("getSslEngineSource()", new Object[0], this);
        if (patchRedirect == null || !patchRedirect.isSupport(redirectParams)) {
            return this.sslEngineSource;
        }
        HotfixLogger.d("original class start invoke redirect accessDispatch method. methodId: getSslEngineSource()");
        return (BouncyCastleSslEngineSource) patchRedirect.accessDispatch(redirectParams);
    }

    @Override // org.littleshoot.proxy.MitmManager
    public SSLEngine serverSslEngine() {
        PatchRedirect patchRedirect = $PatchRedirect;
        RedirectParams redirectParams = new RedirectParams("serverSslEngine()", new Object[0], this);
        if (patchRedirect == null || !patchRedirect.isSupport(redirectParams)) {
            return this.sslEngineSource.newSslEngine();
        }
        HotfixLogger.d("original class start invoke redirect accessDispatch method. methodId: serverSslEngine()");
        return (SSLEngine) patchRedirect.accessDispatch(redirectParams);
    }

    @Override // org.littleshoot.proxy.MitmManager
    public SSLEngine serverSslEngine(String str, int i) {
        PatchRedirect patchRedirect = $PatchRedirect;
        RedirectParams redirectParams = new RedirectParams("serverSslEngine(java.lang.String,int)", new Object[]{str, new Integer(i)}, this);
        if (patchRedirect == null || !patchRedirect.isSupport(redirectParams)) {
            return this.sslEngineSource.newSslEngine(str, i);
        }
        HotfixLogger.d("original class start invoke redirect accessDispatch method. methodId: serverSslEngine(java.lang.String,int)");
        return (SSLEngine) patchRedirect.accessDispatch(redirectParams);
    }
}
