package de.rub.nds.tlsscanner.serverscanner.probe;

import de.rub.nds.tlsattacker.core.config.Config;
import de.rub.nds.tlsattacker.core.constants.CipherSuite;
import de.rub.nds.tlsattacker.core.constants.ExtensionType;
import de.rub.nds.tlsattacker.core.constants.HandshakeMessageType;
import de.rub.nds.tlsattacker.core.constants.NamedGroup;
import de.rub.nds.tlsattacker.core.constants.ProtocolVersion;
import de.rub.nds.tlsattacker.core.constants.PskKeyExchangeMode;
import de.rub.nds.tlsattacker.core.constants.SignatureAndHashAlgorithm;
import de.rub.nds.tlsattacker.core.protocol.ProtocolMessage;
import de.rub.nds.tlsattacker.core.protocol.message.EncryptedExtensionsMessage;
import de.rub.nds.tlsattacker.core.protocol.message.NewSessionTicketMessage;
import de.rub.nds.tlsattacker.core.state.State;
import de.rub.nds.tlsattacker.core.workflow.ParallelExecutor;
import de.rub.nds.tlsattacker.core.workflow.WorkflowTraceUtil;
import de.rub.nds.tlsattacker.core.workflow.action.ReceiveAction;
import de.rub.nds.tlsattacker.core.workflow.factory.WorkflowTraceType;
import de.rub.nds.tlsscanner.serverscanner.config.ScannerConfig;
import de.rub.nds.tlsscanner.serverscanner.constants.ProbeType;
import de.rub.nds.tlsscanner.serverscanner.rating.TestResult;
import de.rub.nds.tlsscanner.serverscanner.report.SiteReport;
import de.rub.nds.tlsscanner.serverscanner.report.result.ProbeResult;
import de.rub.nds.tlsscanner.serverscanner.report.result.ResumptionResult;
import java.util.ArrayList;
import java.util.LinkedList;
import java.util.List;

/* loaded from: input_file:de/rub/nds/tlsscanner/serverscanner/probe/ResumptionProbe.class */
public class ResumptionProbe extends TlsProbe {
    private List<CipherSuite> supportedSuites;

    public ResumptionProbe(ScannerConfig scannerConfig, ParallelExecutor parallelExecutor) {
        super(parallelExecutor, ProbeType.RESUMPTION, scannerConfig);
    }

    @Override // de.rub.nds.tlsscanner.serverscanner.probe.TlsProbe
    public ProbeResult executeTest() {
        try {
            return new ResumptionResult(getSessionResumption(), getIssuesSessionTicket(), getSupportsTls13Psk(PskKeyExchangeMode.PSK_DHE_KE), getSupportsTls13Psk(PskKeyExchangeMode.PSK_KE), getSupports0rtt());
        } catch (Exception e) {
            LOGGER.error("Could not scan for " + getProbeName(), e);
            return new ResumptionResult(TestResult.ERROR_DURING_TEST, TestResult.ERROR_DURING_TEST, TestResult.ERROR_DURING_TEST, TestResult.ERROR_DURING_TEST, TestResult.ERROR_DURING_TEST);
        }
    }

    private TestResult getSessionResumption() {
        try {
            Config createConfig = getScannerConfig().createConfig();
            createConfig.setQuickReceive(true);
            LinkedList linkedList = new LinkedList();
            linkedList.addAll(this.supportedSuites);
            createConfig.setDefaultClientSupportedCipherSuites(new CipherSuite[]{(CipherSuite) linkedList.get(0)});
            createConfig.setDefaultSelectedCipherSuite((CipherSuite) createConfig.getDefaultClientSupportedCipherSuites().get(0));
            createConfig.setHighestProtocolVersion(ProtocolVersion.TLS12);
            createConfig.setEnforceSettings(false);
            createConfig.setEarlyStop(true);
            createConfig.setStopActionsAfterIOException(true);
            createConfig.setStopReceivingAfterFatal(true);
            createConfig.setStopActionsAfterFatal(true);
            createConfig.setWorkflowTraceType(WorkflowTraceType.FULL_RESUMPTION);
            createConfig.setAddECPointFormatExtension(true);
            createConfig.setAddEllipticCurveExtension(true);
            createConfig.setAddRenegotiationInfoExtension(true);
            createConfig.setAddSignatureAndHashAlgorithmsExtension(true);
            createConfig.setDefaultClientNamedGroups(NamedGroup.getImplemented());
            State state = new State(createConfig);
            executeState(state);
            return state.getWorkflowTrace().executedAsPlanned() ? TestResult.TRUE : TestResult.FALSE;
        } catch (Exception e) {
            LOGGER.error("Could not test for support for Tls13PskDhe");
            return TestResult.ERROR_DURING_TEST;
        }
    }

    private TestResult getSupportsTls13Psk(PskKeyExchangeMode pskKeyExchangeMode) {
        try {
            Config createConfig = createConfig();
            LinkedList linkedList = new LinkedList();
            linkedList.add(pskKeyExchangeMode);
            createConfig.setPSKKeyExchangeModes(linkedList);
            if (pskKeyExchangeMode == PskKeyExchangeMode.PSK_KE) {
                createConfig.setAddKeyShareExtension(false);
            }
            createConfig.setAddPSKKeyExchangeModesExtension(true);
            createConfig.setAddPreSharedKeyExtension(true);
            createConfig.setWorkflowTraceType(WorkflowTraceType.FULL_TLS13_PSK);
            State state = new State(createConfig);
            executeState(state);
            return state.getWorkflowTrace().getLastReceivingAction().executedAsPlanned() ? TestResult.TRUE : TestResult.FALSE;
        } catch (Exception e) {
            LOGGER.error("Could not test for support for Tls13Psk (" + pskKeyExchangeMode + ")");
            return TestResult.ERROR_DURING_TEST;
        }
    }

    private TestResult getSupports0rtt() {
        try {
            Config createConfig = createConfig();
            createConfig.setAddPSKKeyExchangeModesExtension(true);
            createConfig.setAddPreSharedKeyExtension(true);
            createConfig.setAddEarlyDataExtension(true);
            createConfig.setWorkflowTraceType(WorkflowTraceType.FULL_ZERO_RTT);
            State state = new State(createConfig);
            executeState(state);
            EncryptedExtensionsMessage lastReceivedMessage = state.getWorkflowTrace().getLastReceivedMessage(EncryptedExtensionsMessage.class);
            return (lastReceivedMessage == null || !lastReceivedMessage.containsExtension(ExtensionType.EARLY_DATA)) ? TestResult.FALSE : TestResult.TRUE;
        } catch (Exception e) {
            LOGGER.error("Could not test for support for Tls13PskDhe");
            return TestResult.ERROR_DURING_TEST;
        }
    }

    private Config createConfig() {
        Config createConfig = getScannerConfig().createConfig();
        LinkedList linkedList = new LinkedList();
        for (NamedGroup namedGroup : NamedGroup.getImplemented()) {
            if (namedGroup.isTls13()) {
                linkedList.add(namedGroup);
            }
        }
        createConfig.setQuickReceive(true);
        createConfig.setDefaultClientSupportedCipherSuites(CipherSuite.getTls13CipherSuites());
        createConfig.setHighestProtocolVersion(ProtocolVersion.TLS13);
        createConfig.setSupportedVersions(new ProtocolVersion[]{ProtocolVersion.TLS13});
        createConfig.setEnforceSettings(false);
        createConfig.setEarlyStop(true);
        createConfig.setStopReceivingAfterFatal(true);
        createConfig.setStopActionsAfterFatal(true);
        createConfig.setWorkflowTraceType(WorkflowTraceType.HANDSHAKE);
        createConfig.setDefaultClientNamedGroups(NamedGroup.getImplemented());
        createConfig.setAddECPointFormatExtension(false);
        createConfig.setAddEllipticCurveExtension(true);
        createConfig.setAddSignatureAndHashAlgorithmsExtension(true);
        createConfig.setAddSupportedVersionsExtension(true);
        createConfig.setAddKeyShareExtension(true);
        createConfig.setDefaultClientKeyShareNamedGroups(linkedList);
        createConfig.setAddCertificateStatusRequestExtension(true);
        createConfig.setUseFreshRandom(true);
        createConfig.setDefaultClientSupportedSignatureAndHashAlgorithms(SignatureAndHashAlgorithm.getImplementedTls13SignatureAndHashAlgorithms());
        createConfig.setTls13BackwardsCompatibilityMode(Boolean.TRUE);
        return createConfig;
    }

    private TestResult getIssuesSessionTicket() {
        try {
            Config createConfig = createConfig();
            LinkedList linkedList = new LinkedList();
            linkedList.add(PskKeyExchangeMode.PSK_DHE_KE);
            linkedList.add(PskKeyExchangeMode.PSK_KE);
            createConfig.setPSKKeyExchangeModes(linkedList);
            createConfig.setAddPSKKeyExchangeModesExtension(true);
            State state = new State(createConfig);
            state.getWorkflowTrace().addTlsAction(new ReceiveAction(createConfig.getDefaultClientConnection().getAlias(), new ProtocolMessage[]{new NewSessionTicketMessage(false)}));
            executeState(state);
            return WorkflowTraceUtil.didReceiveMessage(HandshakeMessageType.NEW_SESSION_TICKET, state.getWorkflowTrace()) ? TestResult.TRUE : TestResult.FALSE;
        } catch (Exception e) {
            LOGGER.error("Could not test for support for Tls13SessionTickets");
            return TestResult.ERROR_DURING_TEST;
        }
    }

    @Override // de.rub.nds.tlsscanner.serverscanner.probe.TlsProbe
    public boolean canBeExecuted(SiteReport siteReport) {
        return siteReport.getCipherSuites() != null && siteReport.getCipherSuites().size() > 0;
    }

    @Override // de.rub.nds.tlsscanner.serverscanner.probe.TlsProbe
    public void adjustConfig(SiteReport siteReport) {
        if (siteReport.getCipherSuites() == null || siteReport.getCipherSuites().isEmpty()) {
            this.supportedSuites = CipherSuite.getImplemented();
        } else {
            this.supportedSuites = new ArrayList(siteReport.getCipherSuites());
        }
    }

    @Override // de.rub.nds.tlsscanner.serverscanner.probe.TlsProbe
    public ProbeResult getCouldNotExecuteResult() {
        return new ResumptionResult(TestResult.COULD_NOT_TEST, TestResult.COULD_NOT_TEST, TestResult.COULD_NOT_TEST, TestResult.COULD_NOT_TEST, TestResult.COULD_NOT_TEST);
    }
}
