package de.rub.nds.tlsscanner.serverscanner.probe;

import de.rub.nds.tlsattacker.attacks.padding.VectorResponse;
import de.rub.nds.tlsattacker.attacks.task.FingerPrintTask;
import de.rub.nds.tlsattacker.core.config.Config;
import de.rub.nds.tlsattacker.core.constants.CipherSuite;
import de.rub.nds.tlsattacker.core.constants.ProtocolVersion;
import de.rub.nds.tlsattacker.core.state.State;
import de.rub.nds.tlsattacker.core.workflow.ParallelExecutor;
import de.rub.nds.tlsattacker.core.workflow.WorkflowTrace;
import de.rub.nds.tlsattacker.core.workflow.task.TlsTask;
import de.rub.nds.tlsscanner.serverscanner.config.ScannerConfig;
import de.rub.nds.tlsscanner.serverscanner.constants.ProbeType;
import de.rub.nds.tlsscanner.serverscanner.leak.info.DirectRaccoonOracleTestInfo;
import de.rub.nds.tlsscanner.serverscanner.probe.directRaccoon.DirectRaccoonVector;
import de.rub.nds.tlsscanner.serverscanner.probe.directRaccoon.DirectRaccoonWorkflowType;
import de.rub.nds.tlsscanner.serverscanner.probe.directRaccoon.DirectRaccoontWorkflowGenerator;
import de.rub.nds.tlsscanner.serverscanner.rating.TestResult;
import de.rub.nds.tlsscanner.serverscanner.report.AnalyzedProperty;
import de.rub.nds.tlsscanner.serverscanner.report.SiteReport;
import de.rub.nds.tlsscanner.serverscanner.report.result.DirectRaccoonResult;
import de.rub.nds.tlsscanner.serverscanner.report.result.ProbeResult;
import de.rub.nds.tlsscanner.serverscanner.report.result.VersionSuiteListPair;
import de.rub.nds.tlsscanner.serverscanner.vectorStatistics.InformationLeakTest;
import java.math.BigInteger;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Objects;
import java.util.Random;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:de/rub/nds/tlsscanner/serverscanner/probe/DirectRaccoonProbe.class */
public class DirectRaccoonProbe extends TlsProbe {
    private static final Logger LOGGER = LogManager.getLogger();
    private final int iterationsPerHandshake = 3;
    private final int additionalIterationsPerHandshake = 97;
    private List<VersionSuiteListPair> serverSupportedSuites;

    public DirectRaccoonProbe(ScannerConfig scannerConfig, ParallelExecutor parallelExecutor) {
        super(parallelExecutor, ProbeType.DIRECT_RACCOON, scannerConfig);
        this.iterationsPerHandshake = 3;
        this.additionalIterationsPerHandshake = 97;
    }

    @Override // de.rub.nds.tlsscanner.serverscanner.probe.TlsProbe
    public ProbeResult executeTest() {
        try {
            LinkedList linkedList = new LinkedList();
            for (VersionSuiteListPair versionSuiteListPair : this.serverSupportedSuites) {
                if (versionSuiteListPair.getVersion() == ProtocolVersion.SSL3 || versionSuiteListPair.getVersion() == ProtocolVersion.TLS10 || versionSuiteListPair.getVersion() == ProtocolVersion.TLS11 || versionSuiteListPair.getVersion() == ProtocolVersion.TLS12) {
                    for (CipherSuite cipherSuite : versionSuiteListPair.getCiphersuiteList()) {
                        if (cipherSuite.usesDH() && CipherSuite.getImplemented().contains(cipherSuite)) {
                            linkedList.add(createDirectRaccoonInformationLeakTest(versionSuiteListPair.getVersion(), cipherSuite, DirectRaccoonWorkflowType.CKE_CCS_FIN));
                        }
                    }
                }
            }
            return new DirectRaccoonResult(linkedList);
        } catch (Exception e) {
            LOGGER.error("Could not scan for " + getProbeName(), e);
            return new DirectRaccoonResult(TestResult.ERROR_DURING_TEST);
        }
    }

    private InformationLeakTest<DirectRaccoonOracleTestInfo> createDirectRaccoonInformationLeakTest(ProtocolVersion protocolVersion, CipherSuite cipherSuite, DirectRaccoonWorkflowType directRaccoonWorkflowType) {
        InformationLeakTest<DirectRaccoonOracleTestInfo> informationLeakTest = new InformationLeakTest<>(new DirectRaccoonOracleTestInfo(cipherSuite, protocolVersion, directRaccoonWorkflowType), createVectorResponseList(protocolVersion, cipherSuite, directRaccoonWorkflowType, 3));
        if (informationLeakTest.isDistinctAnswers()) {
            LOGGER.debug("Found non identical answers, performing 3 additional tests");
            informationLeakTest.extendTestWithVectorResponses(createVectorResponseList(protocolVersion, cipherSuite, directRaccoonWorkflowType, 97));
        }
        return informationLeakTest;
    }

    private List<VectorResponse> createVectorResponseList(ProtocolVersion protocolVersion, CipherSuite cipherSuite, DirectRaccoonWorkflowType directRaccoonWorkflowType, int i) {
        BigInteger bigInteger = new BigInteger("" + new Random().nextInt());
        LinkedList linkedList = new LinkedList();
        for (int i2 = 0; i2 < i; i2++) {
            linkedList.add(true);
            linkedList.add(false);
        }
        Collections.shuffle(linkedList);
        return getVectorResponseList(protocolVersion, cipherSuite, directRaccoonWorkflowType, bigInteger, linkedList);
    }

    private List<VectorResponse> getVectorResponseList(ProtocolVersion protocolVersion, CipherSuite cipherSuite, DirectRaccoonWorkflowType directRaccoonWorkflowType, BigInteger bigInteger, List<Boolean> list) {
        LinkedList linkedList = new LinkedList();
        for (Boolean bool : list) {
            Config createConfig = getScannerConfig().createConfig();
            createConfig.setHighestProtocolVersion(protocolVersion);
            createConfig.setDefaultSelectedProtocolVersion(protocolVersion);
            createConfig.setDefaultClientSupportedCiphersuites(new CipherSuite[]{cipherSuite});
            createConfig.setDefaultSelectedCipherSuite(cipherSuite);
            createConfig.setAddECPointFormatExtension(false);
            createConfig.setAddEllipticCurveExtension(false);
            createConfig.setAddRenegotiationInfoExtension(true);
            createConfig.setAddServerNameIndicationExtension(true);
            createConfig.setAddSignatureAndHashAlgorithmsExtension(true);
            createConfig.setWorkflowExecutorShouldClose(false);
            createConfig.setStopActionsAfterFatal(false);
            createConfig.setStopReceivingAfterFatal(false);
            createConfig.setStopActionsAfterIOException(true);
            createConfig.setEarlyStop(true);
            createConfig.setQuickReceive(true);
            WorkflowTrace generateWorkflow = DirectRaccoontWorkflowGenerator.generateWorkflow(createConfig, directRaccoonWorkflowType, bigInteger, bool.booleanValue());
            generateWorkflow.setName("" + bool);
            FingerPrintTask fingerPrintTask = new FingerPrintTask(new State(createConfig, generateWorkflow), 1);
            bigInteger = bigInteger.add(new BigInteger("20000"));
            linkedList.add(fingerPrintTask);
        }
        getParallelExecutor().bulkExecuteTasks(linkedList);
        LinkedList linkedList2 = new LinkedList();
        Iterator it = linkedList.iterator();
        while (it.hasNext()) {
            FingerPrintTask fingerPrintTask2 = (FingerPrintTask) ((TlsTask) it.next());
            VectorResponse evaluateFingerPrintTask = evaluateFingerPrintTask(protocolVersion, cipherSuite, directRaccoonWorkflowType, Boolean.valueOf(Boolean.parseBoolean(fingerPrintTask2.getState().getWorkflowTrace().getName())).booleanValue(), fingerPrintTask2);
            if (evaluateFingerPrintTask != null) {
                linkedList2.add(evaluateFingerPrintTask);
            }
        }
        return linkedList2;
    }

    private VectorResponse evaluateFingerPrintTask(ProtocolVersion protocolVersion, CipherSuite cipherSuite, DirectRaccoonWorkflowType directRaccoonWorkflowType, boolean z, FingerPrintTask fingerPrintTask) {
        DirectRaccoonVector directRaccoonVector = new DirectRaccoonVector(directRaccoonWorkflowType, protocolVersion, cipherSuite, z);
        if (!fingerPrintTask.isHasError()) {
            return new VectorResponse(directRaccoonVector, fingerPrintTask.getFingerprint());
        }
        LOGGER.warn("Could not extract fingerprint for WorkflowType=" + this.type + ", version=" + protocolVersion + ", suite=" + cipherSuite + ", pmsWithNullByte=" + z + ";");
        return null;
    }

    @Override // de.rub.nds.tlsscanner.serverscanner.probe.TlsProbe
    public boolean canBeExecuted(SiteReport siteReport) {
        if ((Objects.equals(siteReport.getResult(AnalyzedProperty.SUPPORTS_SSL_3), TestResult.TRUE) || Objects.equals(siteReport.getResult(AnalyzedProperty.SUPPORTS_TLS_1_0), TestResult.TRUE) || Objects.equals(siteReport.getResult(AnalyzedProperty.SUPPORTS_TLS_1_1), TestResult.TRUE) || Objects.equals(siteReport.getResult(AnalyzedProperty.SUPPORTS_TLS_1_2), TestResult.TRUE)) && siteReport.getCipherSuites() != null) {
            return Objects.equals(siteReport.getResult(AnalyzedProperty.SUPPORTS_DH), TestResult.TRUE);
        }
        return false;
    }

    @Override // de.rub.nds.tlsscanner.serverscanner.probe.TlsProbe
    public void adjustConfig(SiteReport siteReport) {
        this.serverSupportedSuites = siteReport.getVersionSuitePairs();
    }

    @Override // de.rub.nds.tlsscanner.serverscanner.probe.TlsProbe
    public ProbeResult getCouldNotExecuteResult() {
        return new DirectRaccoonResult(TestResult.COULD_NOT_TEST);
    }
}
