package de.rub.nds.tlsscanner.serverscanner.probe;

import de.rub.nds.tlsattacker.core.config.Config;
import de.rub.nds.tlsattacker.core.constants.AlgorithmResolver;
import de.rub.nds.tlsattacker.core.constants.CipherSuite;
import de.rub.nds.tlsattacker.core.constants.HandshakeMessageType;
import de.rub.nds.tlsattacker.core.constants.KeyExchangeAlgorithm;
import de.rub.nds.tlsattacker.core.constants.NamedGroup;
import de.rub.nds.tlsattacker.core.constants.ProtocolMessageType;
import de.rub.nds.tlsattacker.core.constants.ProtocolVersion;
import de.rub.nds.tlsattacker.core.constants.SignatureAndHashAlgorithm;
import de.rub.nds.tlsattacker.core.state.State;
import de.rub.nds.tlsattacker.core.workflow.ParallelExecutor;
import de.rub.nds.tlsattacker.core.workflow.WorkflowTraceUtil;
import de.rub.nds.tlsattacker.core.workflow.factory.WorkflowTraceType;
import de.rub.nds.tlsscanner.serverscanner.config.ScannerConfig;
import de.rub.nds.tlsscanner.serverscanner.constants.ProbeType;
import de.rub.nds.tlsscanner.serverscanner.rating.TestResult;
import de.rub.nds.tlsscanner.serverscanner.report.AnalyzedProperty;
import de.rub.nds.tlsscanner.serverscanner.report.SiteReport;
import de.rub.nds.tlsscanner.serverscanner.report.result.CiphersuiteProbeResult;
import de.rub.nds.tlsscanner.serverscanner.report.result.ProbeResult;
import de.rub.nds.tlsscanner.serverscanner.report.result.VersionSuiteListPair;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;

/* loaded from: input_file:de/rub/nds/tlsscanner/serverscanner/probe/CiphersuiteProbe.class */
public class CiphersuiteProbe extends TlsProbe {
    private final List<ProtocolVersion> protocolVersions;

    public CiphersuiteProbe(ScannerConfig scannerConfig, ParallelExecutor parallelExecutor) {
        super(parallelExecutor, ProbeType.CIPHERSUITE, scannerConfig);
        this.protocolVersions = new LinkedList();
    }

    @Override // de.rub.nds.tlsscanner.serverscanner.probe.TlsProbe
    public ProbeResult executeTest() {
        List<CipherSuite> supportedCipherSuitesWithIntolerance;
        try {
            LinkedList linkedList = new LinkedList();
            for (ProtocolVersion protocolVersion : this.protocolVersions) {
                LOGGER.debug("Testing:" + protocolVersion.name());
                if (protocolVersion.isTLS13()) {
                    linkedList.add(new VersionSuiteListPair(protocolVersion, getSupportedCiphersuites()));
                } else {
                    LinkedList linkedList2 = new LinkedList();
                    new LinkedList();
                    if (protocolVersion == ProtocolVersion.SSL3) {
                        linkedList2.addAll(CipherSuite.SSL3_SUPPORTED_CIPHERSUITES);
                        supportedCipherSuitesWithIntolerance = getSupportedCipherSuitesWithIntolerance(linkedList2, protocolVersion);
                    } else {
                        linkedList2.addAll(Arrays.asList(CipherSuite.values()));
                        linkedList2.remove(CipherSuite.TLS_FALLBACK_SCSV);
                        linkedList2.remove(CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV);
                        supportedCipherSuitesWithIntolerance = getSupportedCipherSuitesWithIntolerance(linkedList2, protocolVersion);
                        if (supportedCipherSuitesWithIntolerance.isEmpty()) {
                            supportedCipherSuitesWithIntolerance = getSupportedCipherSuitesWithIntolerance(protocolVersion);
                        }
                    }
                    if (supportedCipherSuitesWithIntolerance.size() > 0) {
                        linkedList.add(new VersionSuiteListPair(protocolVersion, supportedCipherSuitesWithIntolerance));
                    }
                }
            }
            return new CiphersuiteProbeResult(linkedList);
        } catch (Exception e) {
            LOGGER.error("Could not scan for " + getProbeName(), e);
            return new CiphersuiteProbeResult(null);
        }
    }

    private List<CipherSuite> getSupportedCiphersuites() {
        LinkedList linkedList = new LinkedList();
        LinkedList linkedList2 = new LinkedList();
        for (CipherSuite cipherSuite : CipherSuite.values()) {
            if (cipherSuite.isTLS13()) {
                linkedList.add(cipherSuite);
            }
        }
        while (true) {
            CipherSuite selectedCiphersuite = getSelectedCiphersuite(linkedList);
            if (selectedCiphersuite != null) {
                if (!linkedList.contains(selectedCiphersuite)) {
                    LOGGER.warn("Server chose a CipherSuite we did not propose!");
                    break;
                }
                linkedList2.add(selectedCiphersuite);
                linkedList.remove(selectedCiphersuite);
            }
            if (selectedCiphersuite == null || linkedList.isEmpty()) {
                break;
            }
        }
        return linkedList2;
    }

    private CipherSuite getSelectedCiphersuite(List<CipherSuite> list) {
        Config createConfig = getScannerConfig().createConfig();
        createConfig.setQuickReceive(true);
        createConfig.setDefaultClientSupportedCiphersuites(list);
        createConfig.setHighestProtocolVersion(ProtocolVersion.TLS13);
        createConfig.setSupportedVersions(new ProtocolVersion[]{ProtocolVersion.TLS13});
        createConfig.setEnforceSettings(false);
        createConfig.setEarlyStop(true);
        createConfig.setStopReceivingAfterFatal(true);
        createConfig.setStopActionsAfterFatal(true);
        createConfig.setWorkflowTraceType(WorkflowTraceType.HELLO);
        createConfig.setDefaultClientNamedGroups(NamedGroup.getImplemented());
        createConfig.setAddECPointFormatExtension(false);
        createConfig.setAddEllipticCurveExtension(true);
        createConfig.setAddSignatureAndHashAlgorithmsExtension(true);
        createConfig.setAddSupportedVersionsExtension(true);
        createConfig.setDefaultClientKeyShareNamedGroups(new LinkedList());
        createConfig.setAddKeyShareExtension(true);
        createConfig.setAddServerNameIndicationExtension(true);
        createConfig.setAddCertificateStatusRequestExtension(true);
        createConfig.setUseFreshRandom(true);
        createConfig.setDefaultClientSupportedSignatureAndHashAlgorithms(SignatureAndHashAlgorithm.getTls13SignatureAndHashAlgorithms());
        State state = new State(createConfig);
        executeState(state);
        if (!WorkflowTraceUtil.didReceiveMessage(HandshakeMessageType.SERVER_HELLO, state.getWorkflowTrace()) && !WorkflowTraceUtil.didReceiveMessage(HandshakeMessageType.HELLO_RETRY_REQUEST, state.getWorkflowTrace())) {
            LOGGER.debug("Did not receive ServerHello Message");
            LOGGER.debug(state.getWorkflowTrace().toString());
            return null;
        }
        return state.getTlsContext().getSelectedCipherSuite();
    }

    public List<CipherSuite> getSupportedCipherSuitesWithIntolerance(ProtocolVersion protocolVersion) {
        return getSupportedCipherSuitesWithIntolerance(new ArrayList(CipherSuite.getImplemented()), protocolVersion);
    }

    public List<CipherSuite> getSupportedCipherSuitesWithIntolerance(List<CipherSuite> list, ProtocolVersion protocolVersion) {
        boolean z;
        LinkedList linkedList = new LinkedList(list);
        LinkedList linkedList2 = new LinkedList();
        do {
            Config createConfig = getScannerConfig().createConfig();
            createConfig.setDefaultClientSupportedCiphersuites(linkedList);
            createConfig.setDefaultSelectedProtocolVersion(protocolVersion);
            createConfig.setHighestProtocolVersion(protocolVersion);
            createConfig.setEnforceSettings(true);
            createConfig.setAddServerNameIndicationExtension(true);
            boolean z2 = false;
            Iterator it = createConfig.getDefaultClientSupportedCiphersuites().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                KeyExchangeAlgorithm keyExchangeAlgorithm = AlgorithmResolver.getKeyExchangeAlgorithm((CipherSuite) it.next());
                if (keyExchangeAlgorithm != null && keyExchangeAlgorithm.name().toUpperCase().contains("EC")) {
                    z2 = true;
                    break;
                }
            }
            createConfig.setAddEllipticCurveExtension(Boolean.valueOf(z2));
            createConfig.setAddECPointFormatExtension(Boolean.valueOf(z2));
            createConfig.setAddSignatureAndHashAlgorithmsExtension(true);
            createConfig.setAddRenegotiationInfoExtension(true);
            createConfig.setWorkflowTraceType(WorkflowTraceType.SHORT_HELLO);
            createConfig.setQuickReceive(true);
            createConfig.setEarlyStop(true);
            createConfig.setStopActionsAfterIOException(true);
            createConfig.setStopActionsAfterFatal(true);
            LinkedList linkedList3 = new LinkedList();
            linkedList3.addAll(Arrays.asList(NamedGroup.values()));
            createConfig.setDefaultClientNamedGroups(linkedList3);
            State state = new State(createConfig);
            executeState(state);
            if (!WorkflowTraceUtil.didReceiveMessage(HandshakeMessageType.SERVER_HELLO, state.getWorkflowTrace())) {
                z = false;
                LOGGER.debug("Server did not send ServerHello");
                LOGGER.debug(state.getWorkflowTrace().toString());
                if (state.getTlsContext().isReceivedFatalAlert()) {
                    LOGGER.debug("Received Fatal Alert");
                    LOGGER.debug("Type:" + WorkflowTraceUtil.getFirstReceivedMessage(ProtocolMessageType.ALERT, state.getWorkflowTrace()).toString());
                }
            } else {
                if (state.getTlsContext().getSelectedProtocolVersion() != protocolVersion) {
                    LOGGER.debug("Server does not support " + protocolVersion);
                    return new LinkedList();
                }
                LOGGER.debug("Server chose " + state.getTlsContext().getSelectedCipherSuite().name());
                if (linkedList.contains(state.getTlsContext().getSelectedCipherSuite())) {
                    z = true;
                    linkedList2.add(state.getTlsContext().getSelectedCipherSuite());
                    linkedList.remove(state.getTlsContext().getSelectedCipherSuite());
                } else {
                    z = false;
                    LOGGER.warn("Server chose not proposed Ciphersuite");
                }
            }
        } while (z);
        return linkedList2;
    }

    @Override // de.rub.nds.tlsscanner.serverscanner.probe.TlsProbe
    public boolean canBeExecuted(SiteReport siteReport) {
        return siteReport.isProbeAlreadyExecuted(ProbeType.PROTOCOL_VERSION);
    }

    @Override // de.rub.nds.tlsscanner.serverscanner.probe.TlsProbe
    public void adjustConfig(SiteReport siteReport) {
        if (siteReport.getResult(AnalyzedProperty.SUPPORTS_SSL_3) == TestResult.TRUE) {
            this.protocolVersions.add(ProtocolVersion.SSL3);
        }
        if (siteReport.getResult(AnalyzedProperty.SUPPORTS_TLS_1_0) == TestResult.TRUE) {
            this.protocolVersions.add(ProtocolVersion.TLS10);
        }
        if (siteReport.getResult(AnalyzedProperty.SUPPORTS_TLS_1_1) == TestResult.TRUE) {
            this.protocolVersions.add(ProtocolVersion.TLS11);
        }
        if (siteReport.getResult(AnalyzedProperty.SUPPORTS_TLS_1_2) == TestResult.TRUE) {
            this.protocolVersions.add(ProtocolVersion.TLS12);
        }
        if (siteReport.getResult(AnalyzedProperty.SUPPORTS_TLS_1_3) == TestResult.TRUE) {
            this.protocolVersions.add(ProtocolVersion.TLS13);
        }
    }

    @Override // de.rub.nds.tlsscanner.serverscanner.probe.TlsProbe
    public ProbeResult getCouldNotExecuteResult() {
        return new CiphersuiteProbeResult(null);
    }
}
