package org.littleshoot.proxy.extras;

import com.google.common.io.ByteStreams;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.littleshoot.proxy.SslEngineSource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/littleshoot/proxy/extras/SelfSignedSslEngineSource.class */
public class SelfSignedSslEngineSource implements SslEngineSource {
    private static final Logger LOG = LoggerFactory.getLogger(SelfSignedSslEngineSource.class);
    private static final String PROTOCOL = "TLS";
    private final String alias;
    private final String password;
    private final String keyStoreFile;
    private final boolean trustAllServers;
    private final boolean sendCerts;
    private SSLContext sslContext;

    public SelfSignedSslEngineSource(String str, boolean z, boolean z2, String str2, String str3) {
        this.trustAllServers = z;
        this.sendCerts = z2;
        this.keyStoreFile = str;
        this.alias = str2;
        this.password = str3;
        initializeSSLContext();
    }

    public SelfSignedSslEngineSource(String str, boolean z, boolean z2) {
        this(str, z, z2, "littleproxy", "Be Your Own Lantern");
    }

    public SelfSignedSslEngineSource(String str) {
        this(str, false, true);
    }

    public SelfSignedSslEngineSource(boolean z) {
        this(z, true);
    }

    public SelfSignedSslEngineSource(boolean z, boolean z2) {
        this("littleproxy_keystore.jks", z, z2);
    }

    public SelfSignedSslEngineSource() {
        this(false);
    }

    @Override // org.littleshoot.proxy.SslEngineSource
    public SSLEngine newSslEngine() {
        return this.sslContext.createSSLEngine();
    }

    @Override // org.littleshoot.proxy.SslEngineSource
    public SSLEngine newSslEngine(String str, int i) {
        return this.sslContext.createSSLEngine(str, i);
    }

    public SSLContext getSslContext() {
        return this.sslContext;
    }

    private void initializeKeyStore(File file) {
        File absoluteFile = file.getAbsoluteFile();
        nativeCall("keytool", "-genkey", "-alias", this.alias, "-keysize", "4096", "-validity", "36500", "-keyalg", "RSA", "-dname", "CN=littleproxy", "-keypass", this.password, "-storepass", this.password, "-keystore", absoluteFile.getPath());
        nativeCall("keytool", "-exportcert", "-alias", this.alias, "-keystore", absoluteFile.getPath(), "-storepass", this.password, "-file", Paths.get(absoluteFile.getParent(), "littleproxy_cert").toString());
    }

    private void initializeSSLContext() {
        String property = Security.getProperty("ssl.KeyManagerFactory.algorithm");
        if (property == null) {
            property = "SunX509";
        }
        try {
            KeyStore loadKeyStore = loadKeyStore();
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(property);
            keyManagerFactory.init(loadKeyStore, this.password.toCharArray());
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(property);
            trustManagerFactory.init(loadKeyStore);
            TrustManager[] trustManagers = !this.trustAllServers ? trustManagerFactory.getTrustManagers() : new TrustManager[]{new X509TrustManager() { // from class: org.littleshoot.proxy.extras.SelfSignedSslEngineSource.1
                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
                }

                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    return null;
                }
            }};
            KeyManager[] keyManagers = this.sendCerts ? keyManagerFactory.getKeyManagers() : new KeyManager[0];
            this.sslContext = SSLContext.getInstance(PROTOCOL);
            this.sslContext.init(keyManagers, trustManagers, null);
        } catch (Exception e) {
            throw new Error("Failed to initialize the server-side SSLContext", e);
        }
    }

    private KeyStore loadKeyStore() throws IOException, GeneralSecurityException {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        URL resource = getClass().getResource(this.keyStoreFile);
        if (resource != null) {
            loadKeyStore(keyStore, resource);
        } else {
            File file = new File(this.keyStoreFile);
            if (!file.isFile()) {
                initializeKeyStore(file);
            }
            loadKeyStore(keyStore, file.toURI().toURL());
        }
        return keyStore;
    }

    private void loadKeyStore(KeyStore keyStore, URL url) throws IOException, GeneralSecurityException {
        InputStream openStream = url.openStream();
        try {
            keyStore.load(openStream, this.password.toCharArray());
            if (openStream != null) {
                openStream.close();
            }
        } catch (Throwable th) {
            if (openStream != null) {
                try {
                    openStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private String nativeCall(String... strArr) {
        LOG.info("Running '{}'", Arrays.asList(strArr));
        try {
            InputStream inputStream = new ProcessBuilder(strArr).start().getInputStream();
            try {
                byte[] byteArray = ByteStreams.toByteArray(inputStream);
                if (inputStream != null) {
                    inputStream.close();
                }
                String str = new String(byteArray);
                LOG.info("Completed native call: '{}'\nResponse: '{}'", Arrays.asList(strArr), str);
                return str;
            } finally {
            }
        } catch (IOException e) {
            LOG.error("Error running commands: {}", Arrays.asList(strArr), e);
            return "";
        }
    }
}
