package io.sniffy.tls;

import io.sniffy.log.Polyglog;
import io.sniffy.log.PolyglogFactory;
import io.sniffy.util.JVMUtil;
import io.sniffy.util.ReflectionUtil;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.Security;
import java.util.Arrays;
import java.util.Iterator;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLContextSpi;
import javax.net.ssl.SSLSocketFactory;

/* loaded from: input_file:io/sniffy/tls/SniffySecurityUtil.class */
public class SniffySecurityUtil {
    private static final Polyglog LOG = PolyglogFactory.log(SniffySecurityUtil.class);
    public static final String SSLCONTEXT = "SSLContext";

    public static void wrapJsseProvidersWithSniffy() throws IllegalAccessException, NoSuchFieldException, ClassNotFoundException, NoSuchAlgorithmException {
        Provider.Service service;
        synchronized (Security.class) {
            Provider[] providers = Security.getProviders();
            LOG.info("Original security providers are " + Arrays.toString(providers));
            SniffySSLContextSpiProvider sniffySSLContextSpiProvider = null;
            int i = 0;
            for (int i2 = 0; i2 < providers.length; i2++) {
                Provider provider = providers[i2];
                if (!(provider instanceof SniffySSLContextSpiProvider)) {
                    boolean z = false;
                    boolean z2 = false;
                    Iterator<Provider.Service> it = provider.getServices().iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        Provider.Service next = it.next();
                        if (SSLCONTEXT.equals(next.getType())) {
                            z = true;
                            if ("Default".equalsIgnoreCase(next.getAlgorithm())) {
                                z2 = true;
                                break;
                            }
                        }
                    }
                    if (z) {
                        String name = provider.getName();
                        SniffySSLContextSpiProvider sniffySSLContextSpiProvider2 = new SniffySSLContextSpiProvider(provider, "Sniffy-" + name, 3.0d, "SniffySSLContextProvider");
                        LOG.info("Original provider " + name + " provides SSLContextSPI service - wrapped with " + sniffySSLContextSpiProvider2);
                        if (z2 && null == sniffySSLContextSpiProvider) {
                            sniffySSLContextSpiProvider = sniffySSLContextSpiProvider2;
                        }
                        Security.removeProvider(name);
                        Security.insertProviderAt(new SniffySSLContextSpiProvider(provider), i2 + i + 1);
                        Security.insertProviderAt(sniffySSLContextSpiProvider2, i2 + i + 1);
                        i++;
                    }
                }
            }
            if (null != sniffySSLContextSpiProvider && null != (service = sniffySSLContextSpiProvider.getService(SSLCONTEXT, "Default"))) {
                LOG.info("Identified default SSLContext service provider - " + sniffySSLContextSpiProvider + " with service " + service);
                SniffySSLContext sniffySSLContext = new SniffySSLContext((SSLContextSpi) service.newInstance(null), sniffySSLContextSpiProvider, "Default");
                LOG.info("Setting SSLContext.default to " + sniffySSLContext);
                SSLContext.setDefault(sniffySSLContext);
                if (JVMUtil.getVersion() >= 13) {
                    LOG.info("Java 13+ detected - attempt to update javax.net.ssl.SSLSocketFactory$DefaultFactoryHolder");
                    SSLSocketFactory sSLSocketFactory = (SSLSocketFactory) ReflectionUtil.getFirstField("javax.net.ssl.SSLSocketFactory$DefaultFactoryHolder", (Object) null, SSLSocketFactory.class);
                    if (null != sSLSocketFactory) {
                        SniffySSLSocketFactory sniffySSLSocketFactory = new SniffySSLSocketFactory(sSLSocketFactory);
                        LOG.info("Replacing " + sSLSocketFactory + " with " + sniffySSLSocketFactory);
                        ReflectionUtil.setFields("javax.net.ssl.SSLSocketFactory$DefaultFactoryHolder", (Object) null, SSLSocketFactory.class, sniffySSLSocketFactory);
                    }
                } else {
                    LOG.info("Java 12- detected - attempt to update singleton inside javax.net.ssl.SSLSocketFactory");
                    SSLSocketFactory sSLSocketFactory2 = (SSLSocketFactory) ReflectionUtil.getFirstField(SSLSocketFactory.class, (Object) null, SSLSocketFactory.class);
                    if (null != sSLSocketFactory2) {
                        SniffySSLSocketFactory sniffySSLSocketFactory2 = new SniffySSLSocketFactory(sSLSocketFactory2);
                        LOG.info("Replacing " + sSLSocketFactory2 + " with " + sniffySSLSocketFactory2);
                        ReflectionUtil.setFields(SSLSocketFactory.class, (Object) null, SSLSocketFactory.class, sniffySSLSocketFactory2);
                    }
                }
            }
        }
    }

    public static void uninstall() throws NoSuchAlgorithmException, NoSuchFieldException, IllegalAccessException, ClassNotFoundException {
        Provider.Service service;
        LOG.info("Uninstalling Sniffy JSSE providers and wrappers");
        synchronized (Security.class) {
            Provider[] providers = Security.getProviders();
            LOG.info("Wrapped security providers are " + Arrays.toString(providers));
            int i = 1;
            for (Provider provider : providers) {
                if (!(provider instanceof SniffySSLContextSpiProvider)) {
                    i++;
                } else if (provider.getName().startsWith("Sniffy-")) {
                    Security.removeProvider(provider.getName());
                } else {
                    Security.removeProvider(provider.getName());
                    Provider originalProvider = ((SniffySSLContextSpiProvider) provider).getOriginalProvider();
                    Security.insertProviderAt(originalProvider, i);
                    LOG.info("Unwrapped provider " + provider.getName() + "; replaced " + provider + " with " + originalProvider);
                    i++;
                }
            }
            Provider provider2 = null;
            for (Provider provider3 : Security.getProviders()) {
                Iterator<Provider.Service> it = provider3.getServices().iterator();
                while (true) {
                    if (it.hasNext()) {
                        Provider.Service next = it.next();
                        if (SSLCONTEXT.equals(next.getType()) && "Default".equalsIgnoreCase(next.getAlgorithm())) {
                            provider2 = provider3;
                            break;
                        }
                    }
                }
            }
            if (null != provider2 && null != (service = provider2.getService(SSLCONTEXT, "Default"))) {
                LOG.info("Identified default SSLContext service provider - " + provider2 + " with service " + service);
                SniffySSLContext sniffySSLContext = new SniffySSLContext((SSLContextSpi) service.newInstance(null), provider2, "Default");
                LOG.info("Setting SSLContext.default to " + sniffySSLContext);
                SSLContext.setDefault(sniffySSLContext);
                if (JVMUtil.getVersion() >= 13) {
                    LOG.info("Java 13+ detected - attempt to update javax.net.ssl.SSLSocketFactory$DefaultFactoryHolder");
                    SSLSocketFactory sSLSocketFactory = (SSLSocketFactory) ReflectionUtil.getFirstField("javax.net.ssl.SSLSocketFactory$DefaultFactoryHolder", (Object) null, SSLSocketFactory.class);
                    if (sSLSocketFactory instanceof SniffySSLSocketFactory) {
                        SSLSocketFactory delegate = ((SniffySSLSocketFactory) sSLSocketFactory).getDelegate();
                        LOG.info("Replacing " + sSLSocketFactory + " with " + delegate);
                        ReflectionUtil.setFields("javax.net.ssl.SSLSocketFactory$DefaultFactoryHolder", (Object) null, SSLSocketFactory.class, delegate);
                    } else if (null == sSLSocketFactory) {
                        LOG.info("Removing javax.net.ssl.SSLSocketFactory$DefaultFactoryHolder");
                        ReflectionUtil.setFields("javax.net.ssl.SSLSocketFactory$DefaultFactoryHolder", (Object) null, SSLSocketFactory.class, (Object) null);
                    }
                } else {
                    LOG.info("Java 12- detected - attempt to update singleton inside javax.net.ssl.SSLSocketFactory");
                    SSLSocketFactory sSLSocketFactory2 = (SSLSocketFactory) ReflectionUtil.getFirstField(SSLSocketFactory.class, (Object) null, SSLSocketFactory.class);
                    if (sSLSocketFactory2 instanceof SniffySSLSocketFactory) {
                        SSLSocketFactory delegate2 = ((SniffySSLSocketFactory) sSLSocketFactory2).getDelegate();
                        LOG.info("Replacing " + sSLSocketFactory2 + " with " + delegate2);
                        ReflectionUtil.setFields(SSLSocketFactory.class, (Object) null, SSLSocketFactory.class, delegate2);
                    } else if (null == sSLSocketFactory2) {
                        LOG.info("Removing javax.net.ssl.SSLSocketFactory static fields of type SSLSocketFactory");
                        ReflectionUtil.setFields(SSLSocketFactory.class, (Object) null, SSLSocketFactory.class, (Object) null);
                        LOG.info("Setting javax.net.ssl.SSLSocketFactory static fields of type boolean to false");
                        ReflectionUtil.setFirstField(SSLSocketFactory.class, (Object) null, Boolean.TYPE, false);
                    }
                }
            }
        }
    }
}
