package org.littleshoot.proxy.mitm;

import io.netty.handler.codec.http.HttpRequest;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import org.littleshoot.proxy.MitmManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes10.dex */
public class CertificateSniffingMitmManager implements MitmManager {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) CertificateSniffingMitmManager.class);
    private BouncyCastleSslEngineSource sslEngineSource;

    public CertificateSniffingMitmManager() throws RootCertificateException {
        this(new Authority());
    }

    public CertificateSniffingMitmManager(Authority authority) throws RootCertificateException {
        try {
            this.sslEngineSource = new BouncyCastleSslEngineSource(authority, true, true);
        } catch (Exception e) {
            throw new RootCertificateException("Errors during assembling root CA.", e);
        }
    }

    private X509Certificate getCertificateFromSession(SSLSession sSLSession) throws SSLPeerUnverifiedException {
        Certificate certificate = sSLSession.getPeerCertificates()[0];
        if (certificate instanceof X509Certificate) {
            return (X509Certificate) certificate;
        }
        throw new IllegalStateException("Required java.security.cert.X509Certificate, found: " + certificate);
    }

    private String getCommonName(X509Certificate x509Certificate) {
        LOG.debug("Subject DN principal name: {}", x509Certificate.getSubjectDN().getName());
        for (String str : x509Certificate.getSubjectDN().getName().split(",\\s*")) {
            if (str.startsWith("CN=")) {
                String substring = str.substring(3);
                LOG.debug("Common Name: {}", substring);
                return substring;
            }
        }
        throw new IllegalStateException("Missed CN in Subject DN: " + x509Certificate.getSubjectDN());
    }

    @Override // org.littleshoot.proxy.MitmManager
    public SSLEngine clientSslEngineFor(HttpRequest httpRequest, SSLSession sSLSession) {
        try {
            X509Certificate certificateFromSession = getCertificateFromSession(sSLSession);
            String commonName = getCommonName(certificateFromSession);
            SubjectAlternativeNameHolder subjectAlternativeNameHolder = new SubjectAlternativeNameHolder();
            subjectAlternativeNameHolder.addAll(certificateFromSession.getSubjectAlternativeNames());
            LOG.debug("Subject Alternative Names: {}", subjectAlternativeNameHolder);
            return this.sslEngineSource.createCertForHost(commonName, subjectAlternativeNameHolder);
        } catch (Exception e) {
            throw new FakeCertificateException("Creation dynamic certificate failed", e);
        }
    }

    @Override // org.littleshoot.proxy.MitmManager
    public SSLEngine serverSslEngine() {
        return this.sslEngineSource.newSslEngine();
    }

    @Override // org.littleshoot.proxy.MitmManager
    public SSLEngine serverSslEngine(String str, int i) {
        return this.sslEngineSource.newSslEngine(str, i);
    }
}
