package de.rub.nds.tlsscanner.serverscanner.probe;

import de.rub.nds.tlsattacker.core.config.Config;
import de.rub.nds.tlsattacker.core.constants.AlgorithmResolver;
import de.rub.nds.tlsattacker.core.constants.CipherSuite;
import de.rub.nds.tlsattacker.core.constants.HandshakeMessageType;
import de.rub.nds.tlsattacker.core.constants.KeyExchangeAlgorithm;
import de.rub.nds.tlsattacker.core.constants.ProtocolMessageType;
import de.rub.nds.tlsattacker.core.state.State;
import de.rub.nds.tlsattacker.core.state.TlsContext;
import de.rub.nds.tlsattacker.core.workflow.ParallelExecutor;
import de.rub.nds.tlsattacker.core.workflow.WorkflowTrace;
import de.rub.nds.tlsattacker.core.workflow.WorkflowTraceUtil;
import de.rub.nds.tlsscanner.serverscanner.config.ScannerConfig;
import de.rub.nds.tlsscanner.serverscanner.constants.ProbeType;
import de.rub.nds.tlsscanner.serverscanner.constants.ScannerDetail;
import de.rub.nds.tlsscanner.serverscanner.probe.handshakeSimulation.ConfigFileList;
import de.rub.nds.tlsscanner.serverscanner.probe.handshakeSimulation.SimulatedClientResult;
import de.rub.nds.tlsscanner.serverscanner.probe.handshakeSimulation.SimulationRequest;
import de.rub.nds.tlsscanner.serverscanner.probe.handshakeSimulation.TlsClientConfig;
import de.rub.nds.tlsscanner.serverscanner.report.SiteReport;
import de.rub.nds.tlsscanner.serverscanner.report.result.HandshakeSimulationResult;
import de.rub.nds.tlsscanner.serverscanner.report.result.ProbeResult;
import java.security.cert.CertificateParsingException;
import java.security.interfaces.RSAPublicKey;
import java.util.Arrays;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import org.bouncycastle.crypto.tls.Certificate;
import org.bouncycastle.jce.provider.X509CertificateObject;

/* loaded from: input_file:de/rub/nds/tlsscanner/serverscanner/probe/HandshakeSimulationProbe.class */
public class HandshakeSimulationProbe extends TlsProbe {
    private static final String RESOURCE_FOLDER = "/extracted_client_configs";
    private final List<SimulationRequest> simmulationRequestList;

    /* renamed from: de.rub.nds.tlsscanner.serverscanner.probe.HandshakeSimulationProbe$1, reason: invalid class name */
    /* loaded from: input_file:de/rub/nds/tlsscanner/serverscanner/probe/HandshakeSimulationProbe$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$de$rub$nds$tlsattacker$core$constants$KeyExchangeAlgorithm = new int[KeyExchangeAlgorithm.values().length];

        static {
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$KeyExchangeAlgorithm[KeyExchangeAlgorithm.DHE_DSS.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$KeyExchangeAlgorithm[KeyExchangeAlgorithm.DHE_RSA.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$KeyExchangeAlgorithm[KeyExchangeAlgorithm.DH_ANON.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$KeyExchangeAlgorithm[KeyExchangeAlgorithm.ECDHE_ECDSA.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$KeyExchangeAlgorithm[KeyExchangeAlgorithm.ECDHE_RSA.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$KeyExchangeAlgorithm[KeyExchangeAlgorithm.ECDH_ANON.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
        }
    }

    public HandshakeSimulationProbe(ScannerConfig scannerConfig, ParallelExecutor parallelExecutor) {
        super(parallelExecutor, ProbeType.HANDSHAKE_SIMULATION, scannerConfig);
        this.simmulationRequestList = new LinkedList();
        for (String str : ConfigFileList.loadConfigFileList("/client_config_file_list.xml").getFiles()) {
            try {
                TlsClientConfig createTlsClientConfig = TlsClientConfig.createTlsClientConfig("/extracted_client_configs/" + str);
                if (getScannerConfig().getScanDetail().isGreaterEqualTo(ScannerDetail.DETAILED)) {
                    this.simmulationRequestList.add(new SimulationRequest(createTlsClientConfig));
                } else {
                    this.simmulationRequestList.add(new SimulationRequest(createTlsClientConfig));
                }
            } catch (Exception e) {
                LOGGER.error("Could not load " + str, e);
            }
        }
    }

    @Override // de.rub.nds.tlsscanner.serverscanner.probe.TlsProbe
    public ProbeResult executeTest() {
        try {
            LinkedList linkedList = new LinkedList();
            LinkedList<SimulatedClientResult> linkedList2 = new LinkedList();
            Iterator<SimulationRequest> it = this.simmulationRequestList.iterator();
            while (it.hasNext()) {
                linkedList.add(it.next().getExecutableState(this.scannerConfig));
            }
            executeState(linkedList);
            for (SimulatedClientResult simulatedClientResult : linkedList2) {
            }
            return new HandshakeSimulationResult(linkedList2);
        } catch (Exception e) {
            LOGGER.error("Could not scan for " + getProbeName(), e);
            return new HandshakeSimulationResult(null);
        }
    }

    private void evaluateClientConfig(SimulatedClientResult simulatedClientResult, State state) {
        Config config = state.getConfig();
        config.setStopActionsAfterIOException(true);
        simulatedClientResult.setHighestClientProtocolVersion(config.getHighestProtocolVersion());
        simulatedClientResult.setClientSupportedCiphersuites(config.getDefaultClientSupportedCiphersuites());
        if (config.isAddAlpnExtension().booleanValue()) {
            simulatedClientResult.setAlpnAnnouncedProtocols(Arrays.toString(config.getAlpnAnnouncedProtocols()));
        } else {
            simulatedClientResult.setAlpnAnnouncedProtocols("-");
        }
        simulatedClientResult.setSupportedVersionList(simulatedClientResult.getTlsClientConfig().getSupportedVersionList());
        simulatedClientResult.setVersionAcceptForbiddenCiphersuiteList(simulatedClientResult.getTlsClientConfig().getVersionAcceptForbiddenCiphersuiteList());
        simulatedClientResult.setSupportedRsaKeySizeList(simulatedClientResult.getTlsClientConfig().getSupportedRsaKeySizeList());
        simulatedClientResult.setSupportedDheKeySizeList(simulatedClientResult.getTlsClientConfig().getSupportedDheKeySizeList());
    }

    private void evaluateReceivedMessages(SimulatedClientResult simulatedClientResult, State state) {
        WorkflowTrace workflowTrace = state.getWorkflowTrace();
        simulatedClientResult.setReceivedServerHello(Boolean.valueOf(WorkflowTraceUtil.didReceiveMessage(HandshakeMessageType.SERVER_HELLO, workflowTrace)));
        simulatedClientResult.setReceivedCertificate(Boolean.valueOf(WorkflowTraceUtil.didReceiveMessage(HandshakeMessageType.CERTIFICATE, workflowTrace)));
        simulatedClientResult.setReceivedServerKeyExchange(Boolean.valueOf(WorkflowTraceUtil.didReceiveMessage(HandshakeMessageType.SERVER_KEY_EXCHANGE, workflowTrace)));
        simulatedClientResult.setReceivedCertificateRequest(Boolean.valueOf(WorkflowTraceUtil.didReceiveMessage(HandshakeMessageType.CERTIFICATE_REQUEST, workflowTrace)));
        simulatedClientResult.setReceivedServerHelloDone(Boolean.valueOf(WorkflowTraceUtil.didReceiveMessage(HandshakeMessageType.SERVER_HELLO_DONE, workflowTrace)));
        simulatedClientResult.setReceivedAlert(Boolean.valueOf(WorkflowTraceUtil.didReceiveMessage(ProtocolMessageType.ALERT, workflowTrace)));
        simulatedClientResult.setReceivedUnknown(Boolean.valueOf(WorkflowTraceUtil.didReceiveMessage(HandshakeMessageType.UNKNOWN, workflowTrace)));
        if (simulatedClientResult.getReceivedAlert().booleanValue()) {
            return;
        }
        boolean z = true;
        if (!simulatedClientResult.getReceivedServerHello().booleanValue()) {
            z = false;
        }
        if (!simulatedClientResult.getReceivedCertificate().booleanValue()) {
            z = false;
        }
        if (simulatedClientResult.getKeyExchangeAlgorithm() != null) {
            switch (AnonymousClass1.$SwitchMap$de$rub$nds$tlsattacker$core$constants$KeyExchangeAlgorithm[simulatedClientResult.getKeyExchangeAlgorithm().ordinal()]) {
                case 1:
                case SessionTicketZeroKeyProbe.SESSION_STATE_LENFIELD_LEN /* 2 */:
                case 3:
                case 4:
                case 5:
                case 6:
                    if (!simulatedClientResult.getReceivedServerKeyExchange().booleanValue()) {
                        z = false;
                        break;
                    }
                    break;
            }
        }
        if (!simulatedClientResult.getReceivedServerHelloDone().booleanValue()) {
            z = false;
        }
        simulatedClientResult.setReceivedAllMandatoryMessages(Boolean.valueOf(z));
        if (z) {
            TlsContext tlsContext = state.getTlsContext();
            evaluateServerHello(tlsContext, simulatedClientResult);
            evaluateCertificate(tlsContext, simulatedClientResult);
            if (simulatedClientResult.getReceivedServerKeyExchange().booleanValue()) {
                evaluateServerKeyExchange(tlsContext, simulatedClientResult);
            }
        }
    }

    private void evaluateServerHello(TlsContext tlsContext, SimulatedClientResult simulatedClientResult) {
        simulatedClientResult.setSelectedProtocolVersion(tlsContext.getSelectedProtocolVersion());
        CipherSuite selectedCipherSuite = tlsContext.getSelectedCipherSuite();
        simulatedClientResult.setSelectedCiphersuite(selectedCipherSuite);
        if (selectedCipherSuite.isEphemeral()) {
            simulatedClientResult.setForwardSecrecy(true);
        } else {
            simulatedClientResult.setForwardSecrecy(false);
        }
        simulatedClientResult.setKeyExchangeAlgorithm(AlgorithmResolver.getKeyExchangeAlgorithm(selectedCipherSuite));
        simulatedClientResult.setSelectedCompressionMethod(tlsContext.getSelectedCompressionMethod());
        if (tlsContext.getNegotiatedExtensionSet() != null) {
            if (tlsContext.getNegotiatedExtensionSet().isEmpty()) {
                simulatedClientResult.setNegotiatedExtensions("-");
            } else {
                simulatedClientResult.setNegotiatedExtensions(tlsContext.getNegotiatedExtensionSet().toString());
            }
        }
    }

    private void evaluateCertificate(TlsContext tlsContext, SimulatedClientResult simulatedClientResult) {
        if (simulatedClientResult.getKeyExchangeAlgorithm().isKeyExchangeRsa()) {
            simulatedClientResult.setServerPublicKeyParameter(getRsaPublicKeyFromCert(tlsContext.getServerCertificate()));
        }
    }

    private void evaluateServerKeyExchange(TlsContext tlsContext, SimulatedClientResult simulatedClientResult) {
        if (simulatedClientResult.getKeyExchangeAlgorithm().isKeyExchangeDh() && tlsContext.getServerDhPublicKey() != null) {
            simulatedClientResult.setServerPublicKeyParameter(Integer.valueOf(tlsContext.getServerDhModulus().bitLength()));
            return;
        }
        if (simulatedClientResult.getKeyExchangeAlgorithm().isKeyExchangeEcdh()) {
            if (tlsContext.getSelectedGroup() != null) {
                simulatedClientResult.setSelectedNamedGroup(tlsContext.getSelectedGroup().name());
                if (tlsContext.getSelectedGroup().getCoordinateSizeInBit() != null) {
                    simulatedClientResult.setServerPublicKeyParameter(tlsContext.getSelectedGroup().getCoordinateSizeInBit());
                }
            }
            if (simulatedClientResult.getServerPublicKeyParameter() != null || tlsContext.getServerEcPublicKey() == null) {
                return;
            }
            simulatedClientResult.setServerPublicKeyParameter(Integer.valueOf(tlsContext.getServerEcPublicKey().getX().getData().bitLength() * 8));
        }
    }

    private Integer getRsaPublicKeyFromCert(Certificate certificate) {
        if (certificate != null) {
            try {
                for (org.bouncycastle.asn1.x509.Certificate certificate2 : certificate.getCertificateList()) {
                    X509CertificateObject x509CertificateObject = new X509CertificateObject(certificate2);
                    if (x509CertificateObject.getPublicKey() != null) {
                        return Integer.valueOf(((RSAPublicKey) x509CertificateObject.getPublicKey()).getModulus().bitLength());
                    }
                }
            } catch (CertificateParsingException e) {
                LOGGER.warn("Could not parse public key from certificate", e);
                return null;
            }
        }
        return null;
    }

    @Override // de.rub.nds.tlsscanner.serverscanner.probe.TlsProbe
    public boolean canBeExecuted(SiteReport siteReport) {
        return true;
    }

    @Override // de.rub.nds.tlsscanner.serverscanner.probe.TlsProbe
    public void adjustConfig(SiteReport siteReport) {
    }

    @Override // de.rub.nds.tlsscanner.serverscanner.probe.TlsProbe
    public ProbeResult getCouldNotExecuteResult() {
        return new HandshakeSimulationResult(null);
    }
}
