package de.rub.nds.tlsscanner.serverscanner.probe;

import de.rub.nds.tlsattacker.attacks.cca.CcaCertificateManager;
import de.rub.nds.tlsattacker.attacks.cca.CcaCertificateType;
import de.rub.nds.tlsattacker.attacks.cca.CcaWorkflowType;
import de.rub.nds.tlsattacker.attacks.cca.vector.CcaTaskVectorPair;
import de.rub.nds.tlsattacker.attacks.cca.vector.CcaVector;
import de.rub.nds.tlsattacker.attacks.task.CcaTask;
import de.rub.nds.tlsattacker.core.config.Config;
import de.rub.nds.tlsattacker.core.config.delegate.CcaDelegate;
import de.rub.nds.tlsattacker.core.constants.AlgorithmResolver;
import de.rub.nds.tlsattacker.core.constants.CipherSuite;
import de.rub.nds.tlsattacker.core.constants.HandshakeMessageType;
import de.rub.nds.tlsattacker.core.constants.ProtocolVersion;
import de.rub.nds.tlsattacker.core.workflow.ParallelExecutor;
import de.rub.nds.tlsattacker.core.workflow.WorkflowTraceUtil;
import de.rub.nds.tlsattacker.core.workflow.factory.WorkflowTraceType;
import de.rub.nds.tlsscanner.serverscanner.config.ScannerConfig;
import de.rub.nds.tlsscanner.serverscanner.constants.ProbeType;
import de.rub.nds.tlsscanner.serverscanner.constants.ScannerDetail;
import de.rub.nds.tlsscanner.serverscanner.rating.TestResult;
import de.rub.nds.tlsscanner.serverscanner.report.AnalyzedProperty;
import de.rub.nds.tlsscanner.serverscanner.report.SiteReport;
import de.rub.nds.tlsscanner.serverscanner.report.result.CcaResult;
import de.rub.nds.tlsscanner.serverscanner.report.result.ProbeResult;
import de.rub.nds.tlsscanner.serverscanner.report.result.VersionSuiteListPair;
import de.rub.nds.tlsscanner.serverscanner.report.result.cca.CcaTestResult;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;

/* loaded from: input_file:de/rub/nds/tlsscanner/serverscanner/probe/CcaProbe.class */
public class CcaProbe extends TlsProbe {
    private List<VersionSuiteListPair> versionSuiteListPairsList;
    private boolean increasingTimeout;
    private long additionalTimeout;
    private long additionalTcpTimeout;
    private int reexecutions;

    public CcaProbe(ScannerConfig scannerConfig, ParallelExecutor parallelExecutor) {
        super(parallelExecutor, ProbeType.CCA, scannerConfig);
        this.increasingTimeout = false;
        this.additionalTimeout = 10000L;
        this.additionalTcpTimeout = 1000L;
        this.reexecutions = 3;
        this.versionSuiteListPairsList = new LinkedList();
    }

    @Override // de.rub.nds.tlsscanner.serverscanner.probe.TlsProbe
    public ProbeResult executeTest() {
        boolean z;
        ParallelExecutor parallelExecutor = getParallelExecutor();
        CcaDelegate delegate = getScannerConfig().getDelegate(CcaDelegate.class);
        CcaCertificateManager ccaCertificateManager = new CcaCertificateManager(delegate);
        LinkedList linkedList = new LinkedList();
        linkedList.add(ProtocolVersion.TLS11);
        linkedList.add(ProtocolVersion.TLS10);
        linkedList.add(ProtocolVersion.TLS12);
        List<VersionSuiteListPair> versionSuitePairList = getVersionSuitePairList(linkedList);
        if (versionSuitePairList.isEmpty()) {
            LOGGER.warn("No common cipher suites found. Can't continue scan.");
            return new CcaResult(TestResult.COULD_NOT_TEST, null);
        }
        Boolean clientCertificateSupplied = delegate.clientCertificateSupplied();
        Boolean directoriesSupplied = delegate.directoriesSupplied();
        LinkedList linkedList2 = new LinkedList();
        LinkedList<CcaTaskVectorPair> linkedList3 = new LinkedList();
        for (CcaWorkflowType ccaWorkflowType : CcaWorkflowType.values()) {
            for (CcaCertificateType ccaCertificateType : CcaCertificateType.values()) {
                if ((!ccaCertificateType.getRequiresCertificate().booleanValue() || clientCertificateSupplied.booleanValue()) && ((!ccaCertificateType.getRequiresCaCertAndKeys().booleanValue() || directoriesSupplied.booleanValue()) && (ccaWorkflowType.getRequiresCertificate().booleanValue() || ccaCertificateType == CcaCertificateType.EMPTY))) {
                    for (VersionSuiteListPair versionSuiteListPair : versionSuitePairList) {
                        for (CipherSuite cipherSuite : versionSuiteListPair.getCiphersuiteList()) {
                            CcaVector ccaVector = new CcaVector(versionSuiteListPair.getVersion(), cipherSuite, ccaWorkflowType, ccaCertificateType);
                            Config generateConfig = generateConfig();
                            generateConfig.setDefaultClientSupportedCiphersuites(new CipherSuite[]{cipherSuite});
                            generateConfig.setHighestProtocolVersion(versionSuiteListPair.getVersion());
                            CcaTask ccaTask = new CcaTask(ccaVector, generateConfig, ccaCertificateManager, this.additionalTimeout, this.increasingTimeout, this.reexecutions, this.additionalTcpTimeout);
                            linkedList2.add(ccaTask);
                            linkedList3.add(new CcaTaskVectorPair(ccaTask, ccaVector));
                        }
                    }
                }
            }
        }
        LinkedList linkedList4 = new LinkedList();
        Boolean bool = false;
        parallelExecutor.bulkExecuteTasks(linkedList2);
        for (CcaTaskVectorPair ccaTaskVectorPair : linkedList3) {
            if (ccaTaskVectorPair.getCcaTask().isHasError()) {
                LOGGER.warn("Failed to scan " + ccaTaskVectorPair);
            } else {
                if (WorkflowTraceUtil.didReceiveMessage(HandshakeMessageType.FINISHED, ccaTaskVectorPair.getCcaTask().getState().getWorkflowTrace())) {
                    bool = true;
                    z = true;
                } else {
                    z = false;
                }
                linkedList4.add(new CcaTestResult(z, ccaTaskVectorPair.getVector().getCcaWorkflowType(), ccaTaskVectorPair.getVector().getCcaCertificateType(), ccaTaskVectorPair.getVector().getProtocolVersion(), ccaTaskVectorPair.getVector().getCipherSuite()));
            }
        }
        return new CcaResult(bool.booleanValue() ? TestResult.TRUE : TestResult.FALSE, linkedList4);
    }

    @Override // de.rub.nds.tlsscanner.serverscanner.probe.TlsProbe
    public boolean canBeExecuted(SiteReport siteReport) {
        return siteReport.getResult(AnalyzedProperty.REQUIRES_CCA) == TestResult.TRUE && siteReport.getVersionSuitePairs() != null;
    }

    @Override // de.rub.nds.tlsscanner.serverscanner.probe.TlsProbe
    public void adjustConfig(SiteReport siteReport) {
        this.versionSuiteListPairsList.addAll(siteReport.getVersionSuitePairs());
    }

    @Override // de.rub.nds.tlsscanner.serverscanner.probe.TlsProbe
    public ProbeResult getCouldNotExecuteResult() {
        return new CcaResult(TestResult.COULD_NOT_TEST, null);
    }

    private Config generateConfig() {
        Config createConfig = getScannerConfig().createConfig();
        createConfig.setAutoSelectCertificate(false);
        createConfig.setAddServerNameIndicationExtension(true);
        createConfig.setDefaultSelectedProtocolVersion(ProtocolVersion.TLS10);
        createConfig.setWorkflowTraceType(WorkflowTraceType.DYNAMIC_HELLO);
        createConfig.setClientAuthentication(true);
        createConfig.setQuickReceive(true);
        createConfig.setEarlyStop(true);
        createConfig.setStopActionsAfterIOException(true);
        createConfig.setStopActionsAfterFatal(true);
        return createConfig;
    }

    private List<VersionSuiteListPair> getVersionSuitePairList(List<ProtocolVersion> list) {
        LinkedList linkedList = new LinkedList();
        for (VersionSuiteListPair versionSuiteListPair : this.versionSuiteListPairsList) {
            if (list.contains(versionSuiteListPair.getVersion())) {
                linkedList.add(versionSuiteListPair);
            }
        }
        List<CipherSuite> implemented = CipherSuite.getImplemented();
        List<VersionSuiteListPair> nonDetailedVersionSuitePairList = getNonDetailedVersionSuitePairList(linkedList, implemented);
        if (nonDetailedVersionSuitePairList.isEmpty()) {
            nonDetailedVersionSuitePairList = getDetailedVersionSuitePairList(linkedList, implemented);
        }
        return nonDetailedVersionSuitePairList;
    }

    private List<VersionSuiteListPair> getDetailedVersionSuitePairList(List<VersionSuiteListPair> list, List<CipherSuite> list2) {
        LinkedList linkedList = new LinkedList();
        for (VersionSuiteListPair versionSuiteListPair : list) {
            LinkedList linkedList2 = new LinkedList();
            for (CipherSuite cipherSuite : versionSuiteListPair.getCiphersuiteList()) {
                if (list2.contains(cipherSuite)) {
                    linkedList2.add(cipherSuite);
                }
            }
            if (!linkedList2.isEmpty()) {
                linkedList.add(new VersionSuiteListPair(versionSuiteListPair.getVersion(), linkedList2));
            }
        }
        return linkedList;
    }

    private List<VersionSuiteListPair> getNonDetailedVersionSuitePairList(List<VersionSuiteListPair> list, List<CipherSuite> list2) {
        LinkedList linkedList = new LinkedList();
        if (!getScannerConfig().getScanDetail().isGreaterEqualTo(ScannerDetail.DETAILED)) {
            for (VersionSuiteListPair versionSuiteListPair : list) {
                LinkedList linkedList2 = new LinkedList();
                Iterator<CipherSuite> it = versionSuiteListPair.getCiphersuiteList().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    CipherSuite next = it.next();
                    if (AlgorithmResolver.getKeyExchangeAlgorithm(next).isKeyExchangeDh() && list2.contains(next)) {
                        linkedList2.add(next);
                        break;
                    }
                }
                if (!linkedList2.isEmpty()) {
                    linkedList.add(new VersionSuiteListPair(versionSuiteListPair.getVersion(), linkedList2));
                }
            }
        }
        return linkedList;
    }
}
