package net.lightbody.bmp.mitm.manager;

import com.google.common.base.Supplier;
import com.google.common.base.Suppliers;
import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import com.google.common.collect.ImmutableList;
import io.netty.buffer.ByteBufAllocator;
import io.netty.handler.codec.http.HttpRequest;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SupportedCipherSuiteFilter;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.concurrent.Callable;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSession;
import net.lightbody.bmp.mitm.CertificateAndKey;
import net.lightbody.bmp.mitm.CertificateAndKeySource;
import net.lightbody.bmp.mitm.CertificateInfo;
import net.lightbody.bmp.mitm.CertificateInfoGenerator;
import net.lightbody.bmp.mitm.HostnameCertificateInfoGenerator;
import net.lightbody.bmp.mitm.RootCertificateGenerator;
import net.lightbody.bmp.mitm.TrustSource;
import net.lightbody.bmp.mitm.exception.MitmException;
import net.lightbody.bmp.mitm.exception.SslContextInitializationException;
import net.lightbody.bmp.mitm.keys.ECKeyGenerator;
import net.lightbody.bmp.mitm.keys.KeyGenerator;
import net.lightbody.bmp.mitm.keys.RSAKeyGenerator;
import net.lightbody.bmp.mitm.stats.CertificateGenerationStatistics;
import net.lightbody.bmp.mitm.tools.DefaultSecurityProviderTool;
import net.lightbody.bmp.mitm.tools.SecurityProviderTool;
import net.lightbody.bmp.mitm.util.EncryptionUtil;
import net.lightbody.bmp.mitm.util.MitmConstants;
import net.lightbody.bmp.mitm.util.SslUtil;
import net.lightbody.bmp.util.HttpUtil;
import org.littleshoot.proxy.MitmManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/lightbody/bmp/mitm/manager/ImpersonatingMitmManager.class */
public class ImpersonatingMitmManager implements MitmManager {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) ImpersonatingMitmManager.class);
    private final List<String> serverCipherSuites;
    private final List<String> clientCipherSuites;
    private final Cache<String, SslContext> sslContextCache;
    private final KeyGenerator serverKeyGenerator;
    private final CertificateAndKeySource rootCertificateSource;
    private final String serverCertificateMessageDigest;
    private final TrustSource trustSource;
    private final CertificateInfoGenerator certificateInfoGenerator;
    private final SecurityProviderTool securityProviderTool;
    private final Supplier<SslContext> upstreamServerSslContext = Suppliers.memoize(new Supplier<SslContext>() { // from class: net.lightbody.bmp.mitm.manager.ImpersonatingMitmManager.1
        @Override // com.google.common.base.Supplier, java.util.function.Supplier
        public SslContext get() {
            return SslUtil.getUpstreamServerSslContext(ImpersonatingMitmManager.this.serverCipherSuites, ImpersonatingMitmManager.this.trustSource);
        }
    });
    private Supplier<CertificateAndKey> rootCertificate = Suppliers.memoize(new Supplier<CertificateAndKey>() { // from class: net.lightbody.bmp.mitm.manager.ImpersonatingMitmManager.2
        @Override // com.google.common.base.Supplier, java.util.function.Supplier
        public CertificateAndKey get() {
            return ImpersonatingMitmManager.this.rootCertificateSource.load();
        }
    });
    private final CertificateGenerationStatistics statistics = new CertificateGenerationStatistics();

    /* loaded from: input_file:net/lightbody/bmp/mitm/manager/ImpersonatingMitmManager$Builder.class */
    public static class Builder {
        private CertificateAndKeySource rootCertificateSource = RootCertificateGenerator.builder().build();
        private KeyGenerator serverKeyGenerator = new RSAKeyGenerator();
        private TrustSource trustSource = TrustSource.defaultTrustSource();
        private int cacheConcurrencyLevel = 8;
        private long cacheExpirationIntervalMs = TimeUnit.MILLISECONDS.convert(5, TimeUnit.MINUTES);
        private String serverMessageDigest = MitmConstants.DEFAULT_MESSAGE_DIGEST;
        private SecurityProviderTool securityProviderTool = new DefaultSecurityProviderTool();
        private CertificateInfoGenerator certificateInfoGenerator = new HostnameCertificateInfoGenerator();
        private Collection<String> serverCiphers;
        private Collection<String> clientCiphers;

        public Builder rootCertificateSource(CertificateAndKeySource certificateAndKeySource) {
            this.rootCertificateSource = certificateAndKeySource;
            return this;
        }

        public Builder serverMessageDigest(String str) {
            this.serverMessageDigest = str;
            return this;
        }

        public Builder trustAllServers(boolean z) {
            if (z) {
                this.trustSource = null;
            } else if (this.trustSource == null) {
                this.trustSource = TrustSource.defaultTrustSource();
            }
            return this;
        }

        public Builder trustSource(TrustSource trustSource) {
            this.trustSource = trustSource;
            return this;
        }

        public Builder serverKeyGenerator(KeyGenerator keyGenerator) {
            this.serverKeyGenerator = keyGenerator;
            return this;
        }

        public Builder cacheConcurrencyLevel(int i) {
            this.cacheConcurrencyLevel = i;
            return this;
        }

        public Builder cacheExpirationInterval(long j, TimeUnit timeUnit) {
            this.cacheExpirationIntervalMs = TimeUnit.MILLISECONDS.convert(j, timeUnit);
            return this;
        }

        public Builder certificateInfoGenerator(CertificateInfoGenerator certificateInfoGenerator) {
            this.certificateInfoGenerator = certificateInfoGenerator;
            return this;
        }

        public Builder serverCiphers(Collection<String> collection) {
            this.serverCiphers = collection;
            return this;
        }

        public Builder clientCiphers(Collection<String> collection) {
            this.clientCiphers = collection;
            return this;
        }

        public Builder certificateTool(SecurityProviderTool securityProviderTool) {
            this.securityProviderTool = securityProviderTool;
            return this;
        }

        public ImpersonatingMitmManager build() {
            if (this.clientCiphers == null) {
                this.clientCiphers = SslUtil.getDefaultCipherList();
            }
            if (this.serverCiphers == null) {
                this.serverCiphers = SslUtil.getDefaultCipherList();
            }
            return new ImpersonatingMitmManager(this.rootCertificateSource, this.serverKeyGenerator, this.serverMessageDigest, this.trustSource, this.cacheConcurrencyLevel, this.cacheExpirationIntervalMs, this.securityProviderTool, this.certificateInfoGenerator, this.serverCiphers, this.clientCiphers);
        }
    }

    public ImpersonatingMitmManager(CertificateAndKeySource certificateAndKeySource, KeyGenerator keyGenerator, String str, TrustSource trustSource, int i, long j, SecurityProviderTool securityProviderTool, CertificateInfoGenerator certificateInfoGenerator, Collection<String> collection, Collection<String> collection2) {
        if (certificateAndKeySource == null) {
            throw new IllegalArgumentException("CA root certificate source cannot be null");
        }
        if (keyGenerator == null) {
            throw new IllegalArgumentException("Server key generator cannot be null");
        }
        if (str == null) {
            throw new IllegalArgumentException("Server certificate message digest cannot be null");
        }
        if (securityProviderTool == null) {
            throw new IllegalArgumentException("The certificate tool implementation cannot be null");
        }
        if (certificateInfoGenerator == null) {
            throw new IllegalArgumentException("Certificate info generator cannot be null");
        }
        this.rootCertificateSource = certificateAndKeySource;
        this.trustSource = trustSource;
        this.serverCertificateMessageDigest = str;
        this.serverKeyGenerator = keyGenerator;
        this.sslContextCache = CacheBuilder.newBuilder().concurrencyLevel(i).expireAfterAccess(j, TimeUnit.MILLISECONDS).build();
        this.securityProviderTool = securityProviderTool;
        this.certificateInfoGenerator = certificateInfoGenerator;
        this.serverCipherSuites = ImmutableList.copyOf((Collection) collection);
        log.debug("Allowed ciphers for proxy connections to upstream servers (some ciphers may not be available): {}", collection);
        this.clientCipherSuites = ImmutableList.copyOf((Collection) collection2);
        log.debug("Allowed ciphers for client connections to proxy (some ciphers may not be available): {}", collection2);
    }

    @Override // org.littleshoot.proxy.MitmManager
    public SSLEngine serverSslEngine() {
        try {
            return this.upstreamServerSslContext.get().newEngine(ByteBufAllocator.DEFAULT);
        } catch (RuntimeException e) {
            throw new MitmException("Error creating SSLEngine for connection to upstream server", e);
        }
    }

    @Override // org.littleshoot.proxy.MitmManager
    public SSLEngine serverSslEngine(String str, int i) {
        try {
            SSLEngine newEngine = this.upstreamServerSslContext.get().newEngine(ByteBufAllocator.DEFAULT, str, i);
            SSLParameters sSLParameters = new SSLParameters();
            sSLParameters.setEndpointIdentificationAlgorithm("HTTPS");
            newEngine.setSSLParameters(sSLParameters);
            return newEngine;
        } catch (RuntimeException e) {
            throw new MitmException("Error creating SSLEngine for connection to upstream server: " + str + ":" + i, e);
        }
    }

    @Override // org.littleshoot.proxy.MitmManager
    public SSLEngine clientSslEngineFor(HttpRequest httpRequest, SSLSession sSLSession) {
        String hostFromRequest = HttpUtil.getHostFromRequest(httpRequest);
        try {
            return getHostnameImpersonatingSslContext(hostFromRequest, sSLSession).newEngine(ByteBufAllocator.DEFAULT);
        } catch (RuntimeException e) {
            throw new MitmException("Error creating SSLEngine for connection to client to impersonate upstream host: " + hostFromRequest, e);
        }
    }

    private SslContext getHostnameImpersonatingSslContext(final String str, final SSLSession sSLSession) {
        try {
            return this.sslContextCache.get(str, new Callable<SslContext>() { // from class: net.lightbody.bmp.mitm.manager.ImpersonatingMitmManager.3
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.util.concurrent.Callable
                public SslContext call() throws Exception {
                    return ImpersonatingMitmManager.this.createImpersonatingSslContext(sSLSession, str);
                }
            });
        } catch (ExecutionException e) {
            throw new SslContextInitializationException("An error occurred while impersonating the remote host: " + str, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public SslContext createImpersonatingSslContext(SSLSession sSLSession, String str) {
        return createImpersonatingSslContext(this.certificateInfoGenerator.generate(Collections.singletonList(str), SslUtil.getServerCertificate(sSLSession)));
    }

    private SslContext createImpersonatingSslContext(CertificateInfo certificateInfo) {
        long currentTimeMillis = System.currentTimeMillis();
        KeyPair generate = this.serverKeyGenerator.generate();
        X509Certificate certificate = this.rootCertificate.get().getCertificate();
        PrivateKey privateKey = this.rootCertificate.get().getPrivateKey();
        if (certificate == null || privateKey == null) {
            throw new IllegalStateException("A CA root certificate and private key are required to sign a server certificate. Root certificate was: " + certificate + ". Private key was: " + privateKey);
        }
        if (EncryptionUtil.isEcKey(generate.getPrivate()) && EncryptionUtil.isRsaKey(privateKey)) {
            log.warn("CA private key is an RSA key and impersonated server private key is an Elliptic Curve key. JDK bug 8136442 may prevent the proxy server from creating connections to clients due to 'no cipher suites in common'.");
        }
        CertificateAndKey createServerCertificate = this.securityProviderTool.createServerCertificate(certificateInfo, certificate, privateKey, generate, this.serverCertificateMessageDigest);
        try {
            SslContext build = SslContextBuilder.forServer(createServerCertificate.getPrivateKey(), createServerCertificate.getCertificate(), certificate).ciphers(this.clientCipherSuites, SupportedCipherSuiteFilter.INSTANCE).build();
            long currentTimeMillis2 = System.currentTimeMillis();
            this.statistics.certificateCreated(currentTimeMillis, currentTimeMillis2);
            log.debug("Impersonated certificate for {} in {}ms", certificateInfo.getCommonName(), Long.valueOf(currentTimeMillis2 - currentTimeMillis));
            return build;
        } catch (SSLException e) {
            throw new MitmException("Error creating SslContext for connection to client using impersonated certificate and private key", e);
        }
    }

    public CertificateGenerationStatistics getStatistics() {
        return this.statistics;
    }

    public static Builder builder() {
        return new Builder();
    }

    public static Builder builderWithECC() {
        return new Builder().serverKeyGenerator(new ECKeyGenerator()).rootCertificateSource(RootCertificateGenerator.builder().keyGenerator(new ECKeyGenerator()).build());
    }
}
