package de.rub.nds.tlsscanner.serverscanner.probe;

import de.rub.nds.tlsattacker.core.config.Config;
import de.rub.nds.tlsattacker.core.constants.CipherSuite;
import de.rub.nds.tlsattacker.core.constants.HandshakeMessageType;
import de.rub.nds.tlsattacker.core.constants.NamedGroup;
import de.rub.nds.tlsattacker.core.constants.ProtocolVersion;
import de.rub.nds.tlsattacker.core.constants.SignatureAndHashAlgorithm;
import de.rub.nds.tlsattacker.core.protocol.message.ProtocolMessage;
import de.rub.nds.tlsattacker.core.protocol.message.SSL2ClientHelloMessage;
import de.rub.nds.tlsattacker.core.protocol.message.SSL2ServerHelloMessage;
import de.rub.nds.tlsattacker.core.record.layer.RecordLayerType;
import de.rub.nds.tlsattacker.core.state.State;
import de.rub.nds.tlsattacker.core.workflow.ParallelExecutor;
import de.rub.nds.tlsattacker.core.workflow.WorkflowTrace;
import de.rub.nds.tlsattacker.core.workflow.WorkflowTraceUtil;
import de.rub.nds.tlsattacker.core.workflow.action.ReceiveAction;
import de.rub.nds.tlsattacker.core.workflow.action.SendAction;
import de.rub.nds.tlsattacker.core.workflow.factory.WorkflowConfigurationFactory;
import de.rub.nds.tlsattacker.core.workflow.factory.WorkflowTraceType;
import de.rub.nds.tlsscanner.serverscanner.config.ScannerConfig;
import de.rub.nds.tlsscanner.serverscanner.constants.ProbeType;
import de.rub.nds.tlsscanner.serverscanner.report.SiteReport;
import de.rub.nds.tlsscanner.serverscanner.report.result.ProbeResult;
import de.rub.nds.tlsscanner.serverscanner.report.result.ProtocolVersionResult;
import java.util.Arrays;
import java.util.LinkedList;
import java.util.List;

/* loaded from: input_file:de/rub/nds/tlsscanner/serverscanner/probe/ProtocolVersionProbe.class */
public class ProtocolVersionProbe extends TlsProbe {
    private List<ProtocolVersion> toTestList;

    public ProtocolVersionProbe(ScannerConfig scannerConfig, ParallelExecutor parallelExecutor) {
        super(parallelExecutor, ProbeType.PROTOCOL_VERSION, scannerConfig);
        this.toTestList = new LinkedList();
        this.toTestList.add(ProtocolVersion.SSL2);
        this.toTestList.add(ProtocolVersion.SSL3);
        this.toTestList.add(ProtocolVersion.TLS10);
        this.toTestList.add(ProtocolVersion.TLS11);
        this.toTestList.add(ProtocolVersion.TLS12);
    }

    @Override // de.rub.nds.tlsscanner.serverscanner.probe.TlsProbe
    public ProbeResult executeTest() {
        try {
            LinkedList linkedList = new LinkedList();
            LinkedList linkedList2 = new LinkedList();
            for (ProtocolVersion protocolVersion : this.toTestList) {
                if (isProtocolVersionSupported(protocolVersion, false)) {
                    linkedList.add(protocolVersion);
                } else {
                    linkedList2.add(protocolVersion);
                }
            }
            if (linkedList.isEmpty()) {
                linkedList2 = new LinkedList();
                for (ProtocolVersion protocolVersion2 : this.toTestList) {
                    if (isProtocolVersionSupported(protocolVersion2, true)) {
                        linkedList.add(protocolVersion2);
                    } else {
                        linkedList2.add(protocolVersion2);
                    }
                }
            }
            if (isTls13Supported()) {
                linkedList.add(ProtocolVersion.TLS13);
            } else {
                linkedList2.add(ProtocolVersion.TLS13);
            }
            return new ProtocolVersionResult(linkedList, linkedList2);
        } catch (Exception e) {
            LOGGER.error("Could not scan for " + getProbeName(), e);
            return new ProtocolVersionResult(null, null);
        }
    }

    public boolean isProtocolVersionSupported(ProtocolVersion protocolVersion, boolean z) {
        if (protocolVersion == ProtocolVersion.SSL2) {
            return isSSL2Supported();
        }
        Config createConfig = getScannerConfig().createConfig();
        LinkedList linkedList = new LinkedList();
        if (z) {
            linkedList.addAll(CipherSuite.getImplemented());
        } else {
            linkedList.addAll(Arrays.asList(CipherSuite.values()));
            linkedList.remove(CipherSuite.TLS_FALLBACK_SCSV);
            linkedList.remove(CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV);
        }
        createConfig.setDefaultSelectedProtocolVersion(protocolVersion);
        createConfig.setQuickReceive(true);
        createConfig.setDefaultClientSupportedCiphersuites(linkedList);
        createConfig.setHighestProtocolVersion(protocolVersion);
        createConfig.setEnforceSettings(false);
        createConfig.setEarlyStop(true);
        createConfig.setStopReceivingAfterFatal(true);
        createConfig.setStopActionsAfterFatal(true);
        createConfig.setStopActionsAfterIOException(true);
        createConfig.setWorkflowTraceType(WorkflowTraceType.SHORT_HELLO);
        createConfig.setAddServerNameIndicationExtension(true);
        createConfig.setAddECPointFormatExtension(true);
        createConfig.setAddEllipticCurveExtension(true);
        createConfig.setAddSignatureAndHashAlgorithmsExtension(true);
        createConfig.setDefaultClientNamedGroups(Arrays.asList(NamedGroup.values()));
        State state = new State(createConfig);
        executeState(state);
        if (!WorkflowTraceUtil.didReceiveMessage(HandshakeMessageType.SERVER_HELLO, state.getWorkflowTrace())) {
            LOGGER.debug("Did not receive ServerHello Message");
            LOGGER.debug(state.getWorkflowTrace().toString());
            return false;
        }
        LOGGER.debug("Received ServerHelloMessage");
        LOGGER.debug(state.getWorkflowTrace().toString());
        LOGGER.debug("Selected Version:" + state.getTlsContext().getSelectedProtocolVersion().name());
        return state.getTlsContext().getSelectedProtocolVersion() == protocolVersion;
    }

    private boolean isSSL2Supported() {
        Config createConfig = getScannerConfig().createConfig();
        createConfig.setHighestProtocolVersion(ProtocolVersion.SSL2);
        createConfig.setEnforceSettings(true);
        createConfig.setQuickReceive(true);
        createConfig.setEarlyStop(true);
        createConfig.setStopActionsAfterFatal(true);
        createConfig.setRecordLayerType(RecordLayerType.BLOB);
        WorkflowTrace createTlsEntryWorkflowtrace = new WorkflowConfigurationFactory(createConfig).createTlsEntryWorkflowtrace(createConfig.getDefaultClientConnection());
        createTlsEntryWorkflowtrace.addTlsAction(new SendAction(new ProtocolMessage[]{new SSL2ClientHelloMessage(createConfig)}));
        createTlsEntryWorkflowtrace.addTlsAction(new ReceiveAction(new ProtocolMessage[]{new SSL2ServerHelloMessage(createConfig)}));
        executeState(new State(createConfig, createTlsEntryWorkflowtrace));
        return createTlsEntryWorkflowtrace.executedAsPlanned();
    }

    @Override // de.rub.nds.tlsscanner.serverscanner.probe.TlsProbe
    public boolean canBeExecuted(SiteReport siteReport) {
        return true;
    }

    @Override // de.rub.nds.tlsscanner.serverscanner.probe.TlsProbe
    public void adjustConfig(SiteReport siteReport) {
    }

    @Override // de.rub.nds.tlsscanner.serverscanner.probe.TlsProbe
    public ProbeResult getCouldNotExecuteResult() {
        return new ProtocolVersionResult(null, null);
    }

    private boolean isTls13Supported() {
        Config createConfig = getScannerConfig().createConfig();
        createConfig.setQuickReceive(true);
        createConfig.setDefaultClientSupportedCiphersuites(CipherSuite.getImplemented());
        createConfig.setHighestProtocolVersion(ProtocolVersion.TLS13);
        createConfig.setSupportedVersions(new ProtocolVersion[]{ProtocolVersion.TLS13});
        createConfig.setEnforceSettings(false);
        createConfig.setEarlyStop(true);
        createConfig.setStopReceivingAfterFatal(true);
        createConfig.setStopActionsAfterFatal(true);
        createConfig.setWorkflowTraceType(WorkflowTraceType.HELLO);
        createConfig.setDefaultClientNamedGroups(NamedGroup.getImplemented());
        createConfig.setAddECPointFormatExtension(false);
        createConfig.setAddEllipticCurveExtension(true);
        createConfig.setAddSignatureAndHashAlgorithmsExtension(true);
        createConfig.setAddSupportedVersionsExtension(true);
        createConfig.setAddKeyShareExtension(true);
        createConfig.setDefaultClientKeyShareNamedGroups(new LinkedList());
        createConfig.setAddServerNameIndicationExtension(true);
        createConfig.setAddCertificateStatusRequestExtension(true);
        createConfig.setUseFreshRandom(true);
        createConfig.setDefaultClientSupportedSignatureAndHashAlgorithms(SignatureAndHashAlgorithm.getTls13SignatureAndHashAlgorithms());
        State state = new State(createConfig);
        executeState(state);
        if (!WorkflowTraceUtil.didReceiveMessage(HandshakeMessageType.SERVER_HELLO, state.getWorkflowTrace())) {
            LOGGER.debug("Did not receive ServerHello Message");
            LOGGER.debug(state.getWorkflowTrace().toString());
            return false;
        }
        LOGGER.debug("Received ServerHelloMessage");
        LOGGER.debug(state.getWorkflowTrace().toString());
        LOGGER.debug("Selected Version:" + state.getTlsContext().getSelectedProtocolVersion().name());
        return state.getTlsContext().getSelectedProtocolVersion() == ProtocolVersion.TLS13;
    }
}
