package net.lightbody.bmp.mitm.util;

import com.google.common.base.Supplier;
import com.google.common.base.Suppliers;
import com.google.common.io.CharStreams;
import io.netty.handler.ssl.OpenSsl;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.SupportedCipherSuiteFilter;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import net.lightbody.bmp.mitm.TrustSource;
import net.lightbody.bmp.mitm.exception.SslContextInitializationException;
import net.lightbody.bmp.mitm.trustmanager.InsecureTrustManagerFactory;
import org.apache.logging.log4j.core.net.ssl.SslConfigurationDefaults;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/lightbody/bmp/mitm/util/SslUtil.class */
public class SslUtil {
    private static final String DEFAULT_CIPHERS_LIST_RESOURCE = "/default-ciphers.txt";
    private static final Logger log = LoggerFactory.getLogger((Class<?>) SslUtil.class);
    private static final Supplier<List<String>> defaultCipherList = Suppliers.memoize(new Supplier<List<String>>() { // from class: net.lightbody.bmp.mitm.util.SslUtil.1
        @Override // com.google.common.base.Supplier, java.util.function.Supplier
        public List<String> get() {
            List<String> enabledJdkCipherSuites;
            if (OpenSsl.isAvailable()) {
                enabledJdkCipherSuites = SslUtil.getBuiltInCipherList();
            } else {
                enabledJdkCipherSuites = SslUtil.getEnabledJdkCipherSuites();
                if (enabledJdkCipherSuites.isEmpty()) {
                    enabledJdkCipherSuites = SslUtil.getBuiltInCipherList();
                }
            }
            return enabledJdkCipherSuites;
        }
    });

    public static SslContext getUpstreamServerSslContext(Collection<String> collection, TrustSource trustSource) {
        SslContextBuilder forClient = SslContextBuilder.forClient();
        if (trustSource == null) {
            log.warn("Disabling upstream server certificate verification. This will allow attackers to intercept communications with upstream servers.");
            forClient.trustManager(InsecureTrustManagerFactory.INSTANCE);
        } else {
            forClient.trustManager(trustSource.getTrustedCAs());
        }
        forClient.ciphers(collection, SupportedCipherSuiteFilter.INSTANCE);
        try {
            return forClient.build();
        } catch (SSLException e) {
            throw new SslContextInitializationException("Error creating new SSL context for connection to upstream server", e);
        }
    }

    public static X509Certificate getServerCertificate(SSLSession sSLSession) {
        Certificate[] certificateArr;
        Certificate certificate;
        try {
            certificateArr = sSLSession.getPeerCertificates();
        } catch (SSLPeerUnverifiedException unused) {
            certificateArr = null;
        }
        if (certificateArr == null || certificateArr.length <= 0 || (certificate = certificateArr[0]) == null || !(certificate instanceof X509Certificate)) {
            return null;
        }
        return (X509Certificate) certificateArr[0];
    }

    public static List<String> getEnabledJdkCipherSuites() {
        try {
            SSLContext sSLContext = SSLContext.getInstance(SslConfigurationDefaults.PROTOCOL);
            sSLContext.init(null, null, null);
            return Arrays.asList(sSLContext.getServerSocketFactory().getDefaultCipherSuites());
        } catch (Throwable th) {
            log.info("Unable to load default JDK server cipher list from SSLContext");
            log.debug("An error occurred while initializing an SSLContext or ServerSocketFactory", th);
            return Collections.emptyList();
        }
    }

    public static List<String> getDefaultCipherList() {
        return defaultCipherList.get();
    }

    public static List<String> getBuiltInCipherList() {
        Throwable th = null;
        try {
            try {
                InputStream resourceAsStream = SslUtil.class.getResourceAsStream(DEFAULT_CIPHERS_LIST_RESOURCE);
                try {
                    if (resourceAsStream == null) {
                        List<String> emptyList = Collections.emptyList();
                        if (resourceAsStream != null) {
                            resourceAsStream.close();
                        }
                        return emptyList;
                    }
                    List<String> readLines = CharStreams.readLines(new InputStreamReader(resourceAsStream, StandardCharsets.UTF_8));
                    if (resourceAsStream != null) {
                        resourceAsStream.close();
                    }
                    return readLines;
                } catch (Throwable th2) {
                    if (resourceAsStream != null) {
                        resourceAsStream.close();
                    }
                    throw th2;
                }
            } catch (Throwable th3) {
                if (0 == 0) {
                    th = th3;
                } else if (null != th3) {
                    th.addSuppressed(th3);
                }
                throw th;
            }
        } catch (IOException unused) {
            return Collections.emptyList();
        }
    }
}
