package de.rub.nds.tlsscanner.serverscanner.probe;

import de.rub.nds.tlsattacker.core.config.Config;
import de.rub.nds.tlsattacker.core.constants.AlgorithmResolver;
import de.rub.nds.tlsattacker.core.constants.CipherSuite;
import de.rub.nds.tlsattacker.core.constants.HandshakeMessageType;
import de.rub.nds.tlsattacker.core.constants.KeyExchangeAlgorithm;
import de.rub.nds.tlsattacker.core.constants.NamedGroup;
import de.rub.nds.tlsattacker.core.constants.ProtocolVersion;
import de.rub.nds.tlsattacker.core.constants.SignatureAndHashAlgorithm;
import de.rub.nds.tlsattacker.core.state.State;
import de.rub.nds.tlsattacker.core.workflow.ParallelExecutor;
import de.rub.nds.tlsattacker.core.workflow.WorkflowTraceUtil;
import de.rub.nds.tlsattacker.core.workflow.factory.WorkflowTraceType;
import de.rub.nds.tlsscanner.serverscanner.config.ScannerConfig;
import de.rub.nds.tlsscanner.serverscanner.constants.ProbeType;
import de.rub.nds.tlsscanner.serverscanner.probe.certificate.CertificateChain;
import de.rub.nds.tlsscanner.serverscanner.rating.TestResult;
import de.rub.nds.tlsscanner.serverscanner.report.AnalyzedProperty;
import de.rub.nds.tlsscanner.serverscanner.report.SiteReport;
import de.rub.nds.tlsscanner.serverscanner.report.result.CertificateResult;
import de.rub.nds.tlsscanner.serverscanner.report.result.ProbeResult;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;

/* loaded from: input_file:de/rub/nds/tlsscanner/serverscanner/probe/CertificateProbe.class */
public class CertificateProbe extends TlsProbe {
    private boolean scanForRsaCert;
    private boolean scanForDssCert;
    private boolean scanForEcdsaCert;
    private boolean scanForGostCert;
    private boolean scanForTls13;
    private List<NamedGroup> ecdsaPkGroupsStatic;
    private List<NamedGroup> ecdsaPkGroupsEphemeral;
    private List<NamedGroup> ecdsaPkGroupsTls13;
    private List<NamedGroup> ecdsaCertSigGroupsStatic;
    private List<NamedGroup> ecdsaCertSigGroupsEphemeral;
    private List<NamedGroup> ecdsaCertSigGroupsTls13;

    public CertificateProbe(ScannerConfig scannerConfig, ParallelExecutor parallelExecutor) {
        super(parallelExecutor, ProbeType.CERTIFICATE, scannerConfig);
        this.scanForRsaCert = true;
        this.scanForDssCert = true;
        this.scanForEcdsaCert = true;
        this.scanForGostCert = true;
        this.scanForTls13 = true;
    }

    @Override // de.rub.nds.tlsscanner.serverscanner.probe.TlsProbe
    public ProbeResult executeTest() {
        try {
            this.ecdsaPkGroupsStatic = new LinkedList();
            this.ecdsaPkGroupsEphemeral = new LinkedList();
            this.ecdsaPkGroupsTls13 = new LinkedList();
            this.ecdsaCertSigGroupsStatic = new LinkedList();
            this.ecdsaCertSigGroupsEphemeral = new LinkedList();
            this.ecdsaCertSigGroupsTls13 = new LinkedList();
            HashSet hashSet = new HashSet();
            if (this.scanForRsaCert) {
                hashSet.addAll(getRsaCerts());
            }
            if (this.scanForDssCert) {
                hashSet.addAll(getDssCerts());
            }
            if (this.scanForEcdsaCert) {
                hashSet.addAll(getEcdsaCerts());
            }
            if (this.scanForGostCert) {
                hashSet.addAll(getGostCert());
            }
            if (this.scanForTls13) {
                hashSet.addAll(getTls13Certs());
            }
            return hashSet.isEmpty() ? getCouldNotExecuteResult() : new CertificateResult(hashSet, this.ecdsaPkGroupsStatic, this.ecdsaPkGroupsEphemeral, this.ecdsaCertSigGroupsStatic, this.ecdsaCertSigGroupsEphemeral, this.ecdsaPkGroupsTls13, this.ecdsaCertSigGroupsTls13);
        } catch (Exception e) {
            LOGGER.error("Could not scan for " + getProbeName(), e);
            return getCouldNotExecuteResult();
        }
    }

    @Override // de.rub.nds.tlsscanner.serverscanner.probe.TlsProbe
    public boolean canBeExecuted(SiteReport siteReport) {
        return siteReport.isProbeAlreadyExecuted(ProbeType.CIPHER_SUITE) && siteReport.isProbeAlreadyExecuted(ProbeType.PROTOCOL_VERSION);
    }

    @Override // de.rub.nds.tlsscanner.serverscanner.probe.TlsProbe
    public void adjustConfig(SiteReport siteReport) {
        if (siteReport.getResult(AnalyzedProperty.SUPPORTS_RSA_CERT) == TestResult.FALSE) {
            this.scanForRsaCert = false;
        }
        if (siteReport.getResult(AnalyzedProperty.SUPPORTS_ECDSA) == TestResult.FALSE) {
            this.scanForEcdsaCert = false;
        }
        if (siteReport.getResult(AnalyzedProperty.SUPPORTS_DSS) == TestResult.FALSE) {
            this.scanForDssCert = false;
        }
        if (siteReport.getResult(AnalyzedProperty.SUPPORTS_GOST) == TestResult.FALSE) {
            this.scanForGostCert = false;
        }
        if (siteReport.getResult(AnalyzedProperty.SUPPORTS_TLS_1_3) == TestResult.FALSE) {
            this.scanForTls13 = false;
        }
    }

    @Override // de.rub.nds.tlsscanner.serverscanner.probe.TlsProbe
    public ProbeResult getCouldNotExecuteResult() {
        return new CertificateResult(null, null, null, null, null, null, null);
    }

    private List<CertificateChain> getRsaCerts() {
        LinkedList linkedList = new LinkedList();
        CertificateChain rsaCert = getRsaCert();
        if (rsaCert != null) {
            linkedList.add(rsaCert);
        }
        CertificateChain dhRsaCert = getDhRsaCert();
        if (dhRsaCert != null) {
            linkedList.add(dhRsaCert);
        }
        CertificateChain ecDheRsaCert = getEcDheRsaCert();
        if (ecDheRsaCert != null) {
            linkedList.add(ecDheRsaCert);
        }
        linkedList.addAll(getEcdhRsaCerts());
        return linkedList;
    }

    private CertificateChain getRsaCert() {
        Config basicConfig = getBasicConfig();
        LinkedList linkedList = new LinkedList();
        for (CipherSuite cipherSuite : CipherSuite.values()) {
            if (cipherSuite.isRealCipherSuite() && AlgorithmResolver.getKeyExchangeAlgorithm(cipherSuite) == KeyExchangeAlgorithm.RSA) {
                linkedList.add(cipherSuite);
            }
        }
        return performCertScan(basicConfig, linkedList);
    }

    private CertificateChain getDhRsaCert() {
        Config basicConfig = getBasicConfig();
        LinkedList linkedList = new LinkedList();
        for (CipherSuite cipherSuite : CipherSuite.values()) {
            if (cipherSuite.isRealCipherSuite() && AlgorithmResolver.getKeyExchangeAlgorithm(cipherSuite) == KeyExchangeAlgorithm.DH_RSA) {
                linkedList.add(cipherSuite);
            }
        }
        return performCertScan(basicConfig, linkedList);
    }

    private CertificateChain getEcDheRsaCert() {
        Config basicConfig = getBasicConfig();
        LinkedList linkedList = new LinkedList();
        for (CipherSuite cipherSuite : CipherSuite.values()) {
            if (cipherSuite.isRealCipherSuite() && (AlgorithmResolver.getKeyExchangeAlgorithm(cipherSuite) == KeyExchangeAlgorithm.DHE_RSA || AlgorithmResolver.getKeyExchangeAlgorithm(cipherSuite) == KeyExchangeAlgorithm.ECDHE_RSA)) {
                linkedList.add(cipherSuite);
            }
        }
        return performCertScan(basicConfig, linkedList);
    }

    private List<CertificateChain> getEcdhRsaCerts() {
        List<CertificateChain> linkedList = new LinkedList<>();
        Config basicConfig = getBasicConfig();
        LinkedList linkedList2 = new LinkedList();
        for (CipherSuite cipherSuite : CipherSuite.values()) {
            if (cipherSuite.isRealCipherSuite() && AlgorithmResolver.getKeyExchangeAlgorithm(cipherSuite) == KeyExchangeAlgorithm.ECDH_RSA) {
                linkedList2.add(cipherSuite);
            }
        }
        performEcCertScan(basicConfig, getAllCurves(), linkedList2, linkedList);
        return linkedList;
    }

    private List<CertificateChain> getEcdsaCerts() {
        LinkedList linkedList = new LinkedList();
        linkedList.addAll(getEcdhEcdsaCerts());
        linkedList.addAll(getEcdheEcdsaCerts());
        return linkedList;
    }

    private List<CertificateChain> getEcdhEcdsaCerts() {
        List<CertificateChain> linkedList = new LinkedList<>();
        Config basicConfig = getBasicConfig();
        LinkedList linkedList2 = new LinkedList();
        for (CipherSuite cipherSuite : CipherSuite.values()) {
            if (cipherSuite.isRealCipherSuite() && AlgorithmResolver.getKeyExchangeAlgorithm(cipherSuite) == KeyExchangeAlgorithm.ECDH_ECDSA) {
                linkedList2.add(cipherSuite);
            }
        }
        performEcCertScanEcdsa(basicConfig, getAllCurves(), linkedList2, linkedList, this.ecdsaPkGroupsStatic, this.ecdsaCertSigGroupsStatic);
        return linkedList;
    }

    private List<CertificateChain> getEcdheEcdsaCerts() {
        List<CertificateChain> linkedList = new LinkedList<>();
        Config basicConfig = getBasicConfig();
        LinkedList linkedList2 = new LinkedList();
        for (CipherSuite cipherSuite : CipherSuite.values()) {
            if (cipherSuite.isRealCipherSuite() && AlgorithmResolver.getKeyExchangeAlgorithm(cipherSuite) == KeyExchangeAlgorithm.ECDHE_ECDSA) {
                linkedList2.add(cipherSuite);
            }
        }
        performEcCertScanEcdsa(basicConfig, getAllCurves(), linkedList2, linkedList, this.ecdsaPkGroupsEphemeral, this.ecdsaCertSigGroupsEphemeral);
        return linkedList;
    }

    private List<CertificateChain> getDssCerts() {
        LinkedList linkedList = new LinkedList();
        CertificateChain dhDssCert = getDhDssCert();
        if (dhDssCert != null) {
            linkedList.add(dhDssCert);
        }
        CertificateChain dheDssCert = getDheDssCert();
        if (dheDssCert != null) {
            linkedList.add(dheDssCert);
        }
        return linkedList;
    }

    private CertificateChain getDhDssCert() {
        Config basicConfig = getBasicConfig();
        LinkedList linkedList = new LinkedList();
        for (CipherSuite cipherSuite : CipherSuite.values()) {
            if (cipherSuite.isDSS() && !cipherSuite.isEphemeral()) {
                linkedList.add(cipherSuite);
            }
        }
        return performCertScan(basicConfig, linkedList);
    }

    private CertificateChain getDheDssCert() {
        Config basicConfig = getBasicConfig();
        LinkedList linkedList = new LinkedList();
        for (CipherSuite cipherSuite : CipherSuite.values()) {
            if (cipherSuite.isDSS() && cipherSuite.isEphemeral()) {
                linkedList.add(cipherSuite);
            }
        }
        return performCertScan(basicConfig, linkedList);
    }

    private List<CertificateChain> getGostCert() {
        LinkedList linkedList = new LinkedList();
        Config basicConfig = getBasicConfig();
        LinkedList linkedList2 = new LinkedList();
        for (CipherSuite cipherSuite : CipherSuite.values()) {
            if (cipherSuite.isGOST()) {
                linkedList2.add(cipherSuite);
            }
        }
        CertificateChain performCertScan = performCertScan(basicConfig, linkedList2);
        if (performCertScan != null) {
            linkedList.add(performCertScan);
        }
        return linkedList;
    }

    private List<CertificateChain> getTls13Certs() {
        LinkedList linkedList = new LinkedList();
        Config basicConfig = getBasicConfig();
        basicConfig.setHighestProtocolVersion(ProtocolVersion.TLS13);
        basicConfig.setSupportedVersions(new ProtocolVersion[]{ProtocolVersion.TLS13});
        basicConfig.setAddSupportedVersionsExtension(true);
        basicConfig.setAddKeyShareExtension(true);
        CertificateChain tls13CertRsaSigHash = getTls13CertRsaSigHash(basicConfig);
        if (tls13CertRsaSigHash != null) {
            linkedList.add(tls13CertRsaSigHash);
        }
        linkedList.addAll(getTls13CertsEcdsaSigHash(basicConfig));
        return linkedList;
    }

    private CertificateChain getTls13CertRsaSigHash(Config config) {
        config.setDefaultClientSupportedSignatureAndHashAlgorithms(getTls13RsaSigHash());
        config.setDefaultClientNamedGroups(getTls13Curves());
        config.setDefaultClientKeyShareNamedGroups(getTls13Curves());
        return performCertScan(config, CipherSuite.getImplementedTls13CipherSuites());
    }

    private List<CertificateChain> getTls13CertsEcdsaSigHash(Config config) {
        LinkedList linkedList = new LinkedList();
        config.setDefaultClientSupportedSignatureAndHashAlgorithms(getTls13EcdsaSigHash());
        performEcCertScanEcdsa(config, getTls13Curves(), CipherSuite.getImplementedTls13CipherSuites(), linkedList, this.ecdsaPkGroupsTls13, this.ecdsaCertSigGroupsTls13);
        return linkedList;
    }

    private Config getBasicConfig() {
        Config createConfig = getScannerConfig().createConfig();
        createConfig.setQuickReceive(true);
        createConfig.setEarlyStop(true);
        createConfig.setStopActionsAfterIOException(true);
        createConfig.setWorkflowTraceType(WorkflowTraceType.HELLO);
        createConfig.setAddSignatureAndHashAlgorithmsExtension(true);
        createConfig.setAddECPointFormatExtension(true);
        createConfig.setAddEllipticCurveExtension(true);
        createConfig.setDefaultClientNamedGroups(new ArrayList(Arrays.asList(NamedGroup.values())));
        createConfig.setDefaultClientSupportedSignatureAndHashAlgorithms(Arrays.asList(SignatureAndHashAlgorithm.values()));
        createConfig.setStopActionsAfterFatal(true);
        return createConfig;
    }

    private List<NamedGroup> getAllCurves() {
        LinkedList linkedList = new LinkedList();
        for (NamedGroup namedGroup : NamedGroup.values()) {
            if (namedGroup.isCurve()) {
                linkedList.add(namedGroup);
            }
        }
        return linkedList;
    }

    private List<NamedGroup> getTls13Curves() {
        LinkedList linkedList = new LinkedList();
        for (NamedGroup namedGroup : NamedGroup.values()) {
            if (namedGroup.isCurve() && namedGroup.isTls13()) {
                linkedList.add(namedGroup);
            }
        }
        return linkedList;
    }

    private CertificateChain performCertScan(Config config, List<CipherSuite> list) {
        config.setDefaultClientSupportedCipherSuites(list);
        State state = new State(config);
        executeState(state);
        if (WorkflowTraceUtil.didReceiveMessage(HandshakeMessageType.CERTIFICATE, state.getWorkflowTrace()) && list.contains(state.getTlsContext().getSelectedCipherSuite()) && state.getTlsContext().getServerCertificate() != null) {
            return new CertificateChain(state.getTlsContext().getServerCertificate(), config.getDefaultClientConnection().getHostname());
        }
        return null;
    }

    private void performEcCertScan(Config config, List<NamedGroup> list, List<CipherSuite> list2, List<CertificateChain> list3) {
        config.setDefaultClientSupportedCipherSuites(list2);
        config.setDefaultClientNamedGroups(list);
        do {
            State state = new State(config);
            executeState(state);
            if (WorkflowTraceUtil.didReceiveMessage(HandshakeMessageType.CERTIFICATE, state.getWorkflowTrace()) && list2.contains(state.getTlsContext().getSelectedCipherSuite()) && state.getTlsContext().getServerCertificate() != null && state.getTlsContext().getEcCertificateCurve() != null && list.contains(state.getTlsContext().getEcCertificateCurve())) {
                list.remove(state.getTlsContext().getEcCertificateCurve());
                list3.add(new CertificateChain(state.getTlsContext().getServerCertificate(), config.getDefaultClientConnection().getHostname()));
            } else {
                list2.clear();
                list.clear();
            }
            if (list.size() <= 0) {
                return;
            }
        } while (list2.size() > 0);
    }

    private void performEcCertScanEcdsa(Config config, List<NamedGroup> list, List<CipherSuite> list2, List<CertificateChain> list3, List<NamedGroup> list4, List<NamedGroup> list5) {
        config.setDefaultClientSupportedCipherSuites(list2);
        config.setDefaultClientNamedGroups(list);
        config.setDefaultClientKeyShareNamedGroups(list);
        do {
            State state = new State(config);
            executeState(state);
            if (WorkflowTraceUtil.didReceiveMessage(HandshakeMessageType.CERTIFICATE, state.getWorkflowTrace()) && list2.contains(state.getTlsContext().getSelectedCipherSuite()) && state.getTlsContext().getServerCertificate() != null && state.getTlsContext().getEcCertificateCurve() != null && list.contains(state.getTlsContext().getEcCertificateCurve())) {
                list.remove(state.getTlsContext().getEcCertificateCurve());
                list3.add(new CertificateChain(state.getTlsContext().getServerCertificate(), config.getDefaultClientConnection().getHostname()));
                list4.add(state.getTlsContext().getEcCertificateCurve());
                if (state.getTlsContext().getEcCertificateSignatureCurve() != null && !list5.contains(state.getTlsContext().getEcCertificateSignatureCurve())) {
                    list5.add(state.getTlsContext().getEcCertificateSignatureCurve());
                }
            } else {
                list2.clear();
                list.clear();
            }
            if (list.size() <= 0) {
                return;
            }
        } while (list2.size() > 0);
    }

    private List<SignatureAndHashAlgorithm> getTls13RsaSigHash() {
        LinkedList linkedList = new LinkedList();
        for (SignatureAndHashAlgorithm signatureAndHashAlgorithm : SignatureAndHashAlgorithm.getImplementedTls13SignatureAndHashAlgorithms()) {
            if (signatureAndHashAlgorithm.name().contains("RSA")) {
                linkedList.add(signatureAndHashAlgorithm);
            }
        }
        return linkedList;
    }

    private List<SignatureAndHashAlgorithm> getTls13EcdsaSigHash() {
        LinkedList linkedList = new LinkedList();
        for (SignatureAndHashAlgorithm signatureAndHashAlgorithm : SignatureAndHashAlgorithm.getImplementedTls13SignatureAndHashAlgorithms()) {
            if (signatureAndHashAlgorithm.name().contains("ECDSA")) {
                linkedList.add(signatureAndHashAlgorithm);
            }
        }
        return linkedList;
    }
}
