package de.rub.nds.tlsscanner.serverscanner.report.after;

import de.rub.nds.tlsattacker.core.constants.CipherSuite;
import de.rub.nds.tlsattacker.core.constants.CompressionMethod;
import de.rub.nds.tlsattacker.core.constants.KeyExchangeAlgorithm;
import de.rub.nds.tlsattacker.core.constants.ProtocolVersion;
import de.rub.nds.tlsscanner.serverscanner.constants.CipherSuiteGrade;
import de.rub.nds.tlsscanner.serverscanner.probe.SessionTicketZeroKeyProbe;
import de.rub.nds.tlsscanner.serverscanner.probe.handshakeSimulation.ConnectionInsecure;
import de.rub.nds.tlsscanner.serverscanner.probe.handshakeSimulation.HandshakeFailureReasons;
import de.rub.nds.tlsscanner.serverscanner.probe.handshakeSimulation.SimulatedClientResult;
import de.rub.nds.tlsscanner.serverscanner.rating.TestResult;
import de.rub.nds.tlsscanner.serverscanner.report.AnalyzedProperty;
import de.rub.nds.tlsscanner.serverscanner.report.CiphersuiteRater;
import de.rub.nds.tlsscanner.serverscanner.report.SiteReport;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Objects;

/* loaded from: input_file:de/rub/nds/tlsscanner/serverscanner/report/after/HandshakeSimulationAfterProbe.class */
public class HandshakeSimulationAfterProbe extends AfterProbe {

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: de.rub.nds.tlsscanner.serverscanner.report.after.HandshakeSimulationAfterProbe$1, reason: invalid class name */
    /* loaded from: input_file:de/rub/nds/tlsscanner/serverscanner/report/after/HandshakeSimulationAfterProbe$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$de$rub$nds$tlsattacker$core$constants$KeyExchangeAlgorithm = new int[KeyExchangeAlgorithm.values().length];

        static {
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$KeyExchangeAlgorithm[KeyExchangeAlgorithm.DHE_DSS.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$KeyExchangeAlgorithm[KeyExchangeAlgorithm.DHE_RSA.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$KeyExchangeAlgorithm[KeyExchangeAlgorithm.ECDHE_ECDSA.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$KeyExchangeAlgorithm[KeyExchangeAlgorithm.ECDHE_RSA.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
        }
    }

    @Override // de.rub.nds.tlsscanner.serverscanner.report.after.AfterProbe
    public void analyze(SiteReport siteReport) {
        int i = 0;
        int i2 = 0;
        if (siteReport.getSimulatedClientList() != null) {
            for (SimulatedClientResult simulatedClientResult : siteReport.getSimulatedClientList()) {
                if (simulatedClientResult.getReceivedAlert().booleanValue()) {
                    checkWhyAlert(siteReport, simulatedClientResult);
                } else if (simulatedClientResult.getReceivedAllMandatoryMessages().booleanValue()) {
                    checkSelectedProtocolVersion(siteReport, simulatedClientResult);
                    checkIfHandshakeWouldBeSuccessful(simulatedClientResult);
                    if (simulatedClientResult.getFailReasons().isEmpty()) {
                        simulatedClientResult.setHandshakeSuccessful(true);
                    }
                } else {
                    checkWhyMandatoryMessagesMissing(simulatedClientResult);
                }
                if (Objects.equals(simulatedClientResult.getHandshakeSuccessful(), Boolean.TRUE)) {
                    i++;
                    checkIfConnectionIsInsecure(siteReport, simulatedClientResult);
                    if (simulatedClientResult.getInsecureReasons().isEmpty()) {
                        simulatedClientResult.setConnectionInsecure(false);
                        checkIfConnectionIsRfc7918Secure(simulatedClientResult);
                    } else {
                        simulatedClientResult.setConnectionInsecure(true);
                        i2++;
                    }
                } else {
                    simulatedClientResult.setHandshakeSuccessful(false);
                }
            }
            siteReport.setHandshakeSuccessfulCounter(Integer.valueOf(i));
            siteReport.setHandshakeFailedCounter(Integer.valueOf(siteReport.getSimulatedClientList().size() - i));
            siteReport.setConnectionInsecureCounter(Integer.valueOf(i2));
        }
    }

    private void checkWhyAlert(SiteReport siteReport, SimulatedClientResult simulatedClientResult) {
        if (isCiphersuiteMismatch(siteReport, simulatedClientResult)) {
            simulatedClientResult.addToFailReasons(HandshakeFailureReasons.CIPHERSUITE_MISMATCH);
        }
    }

    private boolean isCiphersuiteMismatch(SiteReport siteReport, SimulatedClientResult simulatedClientResult) {
        if (siteReport.getCipherSuites() == null) {
            return true;
        }
        for (CipherSuite cipherSuite : siteReport.getCipherSuites()) {
            Iterator<CipherSuite> it = simulatedClientResult.getClientSupportedCiphersuites().iterator();
            while (it.hasNext()) {
                if (cipherSuite.equals(it.next())) {
                    return false;
                }
            }
        }
        return true;
    }

    private void checkSelectedProtocolVersion(SiteReport siteReport, SimulatedClientResult simulatedClientResult) {
        if (siteReport.getVersions() == null || simulatedClientResult.getSupportedVersionList() == null) {
            return;
        }
        LinkedList linkedList = new LinkedList();
        Collections.sort(siteReport.getVersions());
        Collections.sort(simulatedClientResult.getSupportedVersionList());
        for (ProtocolVersion protocolVersion : siteReport.getVersions()) {
            if (simulatedClientResult.getSupportedVersionList().contains(protocolVersion)) {
                linkedList.add(protocolVersion);
            }
        }
        Collections.sort(linkedList);
        simulatedClientResult.setCommonProtocolVersions(linkedList);
        if (linkedList.isEmpty() || !linkedList.get(linkedList.size() - 1).equals(simulatedClientResult.getSelectedProtocolVersion())) {
            simulatedClientResult.setHighestPossibleProtocolVersionSeleceted(false);
        } else {
            simulatedClientResult.setHighestPossibleProtocolVersionSeleceted(true);
        }
    }

    private void checkIfHandshakeWouldBeSuccessful(SimulatedClientResult simulatedClientResult) {
        if (isProtocolMismatch(simulatedClientResult)) {
            simulatedClientResult.addToFailReasons(HandshakeFailureReasons.PROTOCOL_MISMATCH);
        }
        if (isCiphersuiteForbidden(simulatedClientResult)) {
            simulatedClientResult.addToFailReasons(HandshakeFailureReasons.CIPHERSUITE_FORBIDDEN);
        }
        if (isPublicKeyLengthRsaNotAccepted(simulatedClientResult)) {
            simulatedClientResult.addToFailReasons(HandshakeFailureReasons.RSA_CERTIFICATE_MODULUS_SIZE_NOT_ACCEPTED);
        }
        if (isPublicKeyLengthDhNotAccepted(simulatedClientResult)) {
            simulatedClientResult.addToFailReasons(HandshakeFailureReasons.DHE_MODULUS_SIZE_NOT_ACCEPTED);
        }
    }

    private boolean isProtocolMismatch(SimulatedClientResult simulatedClientResult) {
        return simulatedClientResult.getCommonProtocolVersions() != null && simulatedClientResult.getCommonProtocolVersions().isEmpty();
    }

    private boolean isCiphersuiteForbidden(SimulatedClientResult simulatedClientResult) {
        if (simulatedClientResult.getSelectedCiphersuite().isSupportedInProtocol(simulatedClientResult.getSelectedProtocolVersion())) {
            return false;
        }
        return simulatedClientResult.getVersionAcceptForbiddenCiphersuiteList() == null || !simulatedClientResult.getVersionAcceptForbiddenCiphersuiteList().contains(simulatedClientResult.getSelectedProtocolVersion());
    }

    private boolean isPublicKeyLengthRsaNotAccepted(SimulatedClientResult simulatedClientResult) {
        Integer serverPublicKeyParameter = simulatedClientResult.getServerPublicKeyParameter();
        if (!simulatedClientResult.getKeyExchangeAlgorithm().isKeyExchangeRsa() || simulatedClientResult.getSupportedRsaKeySizeList() == null) {
            return false;
        }
        List<Integer> supportedRsaKeySizeList = simulatedClientResult.getSupportedRsaKeySizeList();
        return serverPublicKeyParameter.intValue() < supportedRsaKeySizeList.get(0).intValue() || supportedRsaKeySizeList.get(supportedRsaKeySizeList.size() - 1).intValue() < serverPublicKeyParameter.intValue();
    }

    private boolean isPublicKeyLengthDhNotAccepted(SimulatedClientResult simulatedClientResult) {
        Integer serverPublicKeyParameter = simulatedClientResult.getServerPublicKeyParameter();
        if (!simulatedClientResult.getKeyExchangeAlgorithm().isKeyExchangeDh() || simulatedClientResult.getSupportedDheKeySizeList() == null) {
            return false;
        }
        List<Integer> supportedDheKeySizeList = simulatedClientResult.getSupportedDheKeySizeList();
        return serverPublicKeyParameter.intValue() < supportedDheKeySizeList.get(0).intValue() || supportedDheKeySizeList.get(supportedDheKeySizeList.size() - 1).intValue() < serverPublicKeyParameter.intValue();
    }

    private void checkWhyMandatoryMessagesMissing(SimulatedClientResult simulatedClientResult) {
        if (isParsingError(simulatedClientResult)) {
            simulatedClientResult.addToFailReasons(HandshakeFailureReasons.PARSING_ERROR);
        }
    }

    private boolean isParsingError(SimulatedClientResult simulatedClientResult) {
        return simulatedClientResult.getReceivedUnknown().booleanValue();
    }

    private void checkIfConnectionIsInsecure(SiteReport siteReport, SimulatedClientResult simulatedClientResult) {
        if (simulatedClientResult.getSelectedCiphersuite() != null && isCipherSuiteGradeLow(simulatedClientResult)) {
            simulatedClientResult.addToInsecureReasons(ConnectionInsecure.CIPHERSUITE_GRADE_LOW.getReason());
        }
        checkVulnerabilities(siteReport, simulatedClientResult);
        checkPublicKeySize(simulatedClientResult);
    }

    private boolean isCipherSuiteGradeLow(SimulatedClientResult simulatedClientResult) {
        return CiphersuiteRater.getGrade(simulatedClientResult.getSelectedCiphersuite()).equals(CipherSuiteGrade.LOW);
    }

    private void checkVulnerabilities(SiteReport siteReport, SimulatedClientResult simulatedClientResult) {
        CipherSuite selectedCiphersuite = simulatedClientResult.getSelectedCiphersuite();
        if (siteReport.getResult(AnalyzedProperty.VULNERABLE_TO_PADDING_ORACLE) != null && siteReport.getResult(AnalyzedProperty.VULNERABLE_TO_PADDING_ORACLE) == TestResult.TRUE && selectedCiphersuite.isCBC()) {
            simulatedClientResult.addToInsecureReasons(ConnectionInsecure.PADDING_ORACLE.getReason());
        }
        if (siteReport.getResult(AnalyzedProperty.VULNERABLE_TO_BLEICHENBACHER) != null && siteReport.getResult(AnalyzedProperty.VULNERABLE_TO_BLEICHENBACHER) == TestResult.TRUE && simulatedClientResult.getKeyExchangeAlgorithm().isKeyExchangeRsa()) {
            simulatedClientResult.addToInsecureReasons(ConnectionInsecure.BLEICHENBACHER.getReason());
        }
        if (simulatedClientResult.getSelectedCompressionMethod() != CompressionMethod.NULL) {
            simulatedClientResult.addToInsecureReasons(ConnectionInsecure.CRIME.getReason());
        }
        if (siteReport.getResult(AnalyzedProperty.VULNERABLE_TO_SWEET_32) == null || siteReport.getResult(AnalyzedProperty.VULNERABLE_TO_SWEET_32) != TestResult.TRUE) {
            return;
        }
        if (selectedCiphersuite.name().contains("3DES") || selectedCiphersuite.name().contains("IDEA") || selectedCiphersuite.name().contains("GOST")) {
            simulatedClientResult.addToInsecureReasons(ConnectionInsecure.SWEET32.getReason());
        }
    }

    private void checkPublicKeySize(SimulatedClientResult simulatedClientResult) {
        Integer serverPublicKeyParameter = simulatedClientResult.getServerPublicKeyParameter();
        Integer num = 1024;
        Integer num2 = 1024;
        Integer num3 = 160;
        if (simulatedClientResult.getKeyExchangeAlgorithm().isKeyExchangeRsa() && serverPublicKeyParameter.intValue() <= num.intValue()) {
            simulatedClientResult.addToInsecureReasons(ConnectionInsecure.PUBLIC_KEY_SIZE_TOO_SMALL.getReason() + " - rsa > " + num);
            return;
        }
        if (simulatedClientResult.getKeyExchangeAlgorithm().isKeyExchangeDh() && serverPublicKeyParameter.intValue() <= num2.intValue()) {
            simulatedClientResult.addToInsecureReasons(ConnectionInsecure.PUBLIC_KEY_SIZE_TOO_SMALL.getReason() + " - dh > " + num2);
        } else {
            if (!simulatedClientResult.getKeyExchangeAlgorithm().isKeyExchangeEcdh() || serverPublicKeyParameter.intValue() > num3.intValue()) {
                return;
            }
            simulatedClientResult.addToInsecureReasons(ConnectionInsecure.PUBLIC_KEY_SIZE_TOO_SMALL.getReason() + " - ecdh > " + num3);
        }
    }

    private void checkIfConnectionIsRfc7918Secure(SimulatedClientResult simulatedClientResult) {
        boolean z = false;
        CipherSuite selectedCiphersuite = simulatedClientResult.getSelectedCiphersuite();
        Integer serverPublicKeyParameter = simulatedClientResult.getServerPublicKeyParameter();
        if (selectedCiphersuite != null && serverPublicKeyParameter != null && isProtocolVersionWhitelisted(simulatedClientResult) && isSymmetricCipherRfc7918Whitelisted(selectedCiphersuite) && isKeyExchangeMethodWhitelisted(simulatedClientResult) && isKeyLengthWhitelisted(simulatedClientResult, serverPublicKeyParameter)) {
            z = true;
        }
        simulatedClientResult.setConnectionRfc7918Secure(Boolean.valueOf(z));
    }

    private boolean isProtocolVersionWhitelisted(SimulatedClientResult simulatedClientResult) {
        return (!Objects.equals(simulatedClientResult.getHighestPossibleProtocolVersionSeleceted(), Boolean.TRUE) || simulatedClientResult.getSelectedProtocolVersion() == ProtocolVersion.TLS10 || simulatedClientResult.getSelectedProtocolVersion() == ProtocolVersion.TLS11) ? false : true;
    }

    private boolean isSymmetricCipherRfc7918Whitelisted(CipherSuite cipherSuite) {
        return cipherSuite.isGCM() || cipherSuite.isChachaPoly();
    }

    private boolean isKeyExchangeMethodWhitelisted(SimulatedClientResult simulatedClientResult) {
        switch (AnonymousClass1.$SwitchMap$de$rub$nds$tlsattacker$core$constants$KeyExchangeAlgorithm[simulatedClientResult.getKeyExchangeAlgorithm().ordinal()]) {
            case 1:
            case SessionTicketZeroKeyProbe.SESSION_STATE_LENFIELD_LEN /* 2 */:
            case 3:
            case 4:
                return true;
            default:
                return false;
        }
    }

    private boolean isKeyLengthWhitelisted(SimulatedClientResult simulatedClientResult, Integer num) {
        if (simulatedClientResult.getKeyExchangeAlgorithm().isKeyExchangeEcdh() && simulatedClientResult.getSelectedCiphersuite().isEphemeral() && num.intValue() >= 3072) {
            return true;
        }
        return simulatedClientResult.getKeyExchangeAlgorithm().isKeyExchangeEcdh() && simulatedClientResult.getSelectedCiphersuite().isEphemeral() && num.intValue() >= 256;
    }
}
