package org.littleshoot.proxy.mitm;

import android.content.Context;
import com.huawei.welink.hotfix.common.PatchRedirect;
import com.huawei.welink.hotfix.common.RedirectProxy;
import io.netty.handler.codec.http.HttpRequest;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSession;
import org.littleshoot.proxy.MitmManager;
import org.slf4j.c;
import org.slf4j.d;

/* loaded from: classes7.dex */
public class CertificateSniffingMitmManager implements MitmManager {
    public static PatchRedirect $PatchRedirect;
    private static final c LOG = d.a((Class<?>) CertificateSniffingMitmManager.class);
    private BouncyCastleSslEngineSource sslEngineSource;

    public CertificateSniffingMitmManager(Context context) {
        this(new Authority(context));
        if (RedirectProxy.redirect("CertificateSniffingMitmManager(android.content.Context)", new Object[]{context}, this, $PatchRedirect).isSupport) {
        }
    }

    public CertificateSniffingMitmManager(Authority authority) {
        if (RedirectProxy.redirect("CertificateSniffingMitmManager(org.littleshoot.proxy.mitm.Authority)", new Object[]{authority}, this, $PatchRedirect).isSupport) {
            return;
        }
        try {
            this.sslEngineSource = new BouncyCastleSslEngineSource(authority, false, true);
        } catch (Exception e2) {
            throw new RootCertificateException("Errors during assembling root CA.", e2);
        }
    }

    private X509Certificate getCertificateFromSession(SSLSession sSLSession) {
        RedirectProxy.Result redirect = RedirectProxy.redirect("getCertificateFromSession(javax.net.ssl.SSLSession)", new Object[]{sSLSession}, this, $PatchRedirect);
        if (redirect.isSupport) {
            return (X509Certificate) redirect.result;
        }
        Certificate certificate = sSLSession.getPeerCertificates()[0];
        if (certificate instanceof X509Certificate) {
            return (X509Certificate) certificate;
        }
        throw new IllegalStateException("Required java.security.cert.X509Certificate, found: " + certificate);
    }

    private String getCommonName(X509Certificate x509Certificate) {
        RedirectProxy.Result redirect = RedirectProxy.redirect("getCommonName(java.security.cert.X509Certificate)", new Object[]{x509Certificate}, this, $PatchRedirect);
        if (redirect.isSupport) {
            return (String) redirect.result;
        }
        LOG.debug("Subject DN principal name: {}", x509Certificate.getSubjectDN().getName());
        for (String str : x509Certificate.getSubjectDN().getName().split(",\\s*")) {
            if (str.startsWith("CN=")) {
                String substring = str.substring(3);
                LOG.debug("Common Name: {}", substring);
                return substring;
            }
        }
        throw new IllegalStateException("Missed CN in Subject DN: " + x509Certificate.getSubjectDN());
    }

    @Override // org.littleshoot.proxy.MitmManager
    public SSLEngine clientSslEngineFor(HttpRequest httpRequest, SSLSession sSLSession) {
        RedirectProxy.Result redirect = RedirectProxy.redirect("clientSslEngineFor(io.netty.handler.codec.http.HttpRequest,javax.net.ssl.SSLSession)", new Object[]{httpRequest, sSLSession}, this, $PatchRedirect);
        if (redirect.isSupport) {
            return (SSLEngine) redirect.result;
        }
        try {
            return this.sslEngineSource.createCertForHost(getCommonName(getCertificateFromSession(sSLSession)));
        } catch (Exception e2) {
            throw new FakeCertificateException("Creation dynamic certificate failed", e2);
        }
    }

    public BouncyCastleSslEngineSource getSslEngineSource() {
        RedirectProxy.Result redirect = RedirectProxy.redirect("getSslEngineSource()", new Object[0], this, $PatchRedirect);
        return redirect.isSupport ? (BouncyCastleSslEngineSource) redirect.result : this.sslEngineSource;
    }

    @Override // org.littleshoot.proxy.MitmManager
    public SSLEngine serverSslEngine() {
        RedirectProxy.Result redirect = RedirectProxy.redirect("serverSslEngine()", new Object[0], this, $PatchRedirect);
        return redirect.isSupport ? (SSLEngine) redirect.result : this.sslEngineSource.newSslEngine();
    }

    @Override // org.littleshoot.proxy.MitmManager
    public SSLEngine serverSslEngine(String str, int i) {
        RedirectProxy.Result redirect = RedirectProxy.redirect("serverSslEngine(java.lang.String,int)", new Object[]{str, new Integer(i)}, this, $PatchRedirect);
        return redirect.isSupport ? (SSLEngine) redirect.result : this.sslEngineSource.newSslEngine(str, i);
    }
}
