package de.rub.nds.tlsscanner.serverscanner.probe;

import de.rub.nds.tlsattacker.attacks.config.PaddingOracleCommandConfig;
import de.rub.nds.tlsattacker.attacks.constants.PaddingRecordGeneratorType;
import de.rub.nds.tlsattacker.attacks.constants.PaddingVectorGeneratorType;
import de.rub.nds.tlsattacker.attacks.impl.PaddingOracleAttacker;
import de.rub.nds.tlsattacker.core.config.delegate.ClientDelegate;
import de.rub.nds.tlsattacker.core.config.delegate.StarttlsDelegate;
import de.rub.nds.tlsattacker.core.constants.CipherSuite;
import de.rub.nds.tlsattacker.core.constants.ProtocolVersion;
import de.rub.nds.tlsattacker.core.workflow.ParallelExecutor;
import de.rub.nds.tlsscanner.serverscanner.config.ScannerConfig;
import de.rub.nds.tlsscanner.serverscanner.constants.ProbeType;
import de.rub.nds.tlsscanner.serverscanner.constants.ScannerDetail;
import de.rub.nds.tlsscanner.serverscanner.leak.info.PaddingOracleTestInfo;
import de.rub.nds.tlsscanner.serverscanner.rating.TestResult;
import de.rub.nds.tlsscanner.serverscanner.report.AnalyzedProperty;
import de.rub.nds.tlsscanner.serverscanner.report.SiteReport;
import de.rub.nds.tlsscanner.serverscanner.report.result.PaddingOracleResult;
import de.rub.nds.tlsscanner.serverscanner.report.result.ProbeResult;
import de.rub.nds.tlsscanner.serverscanner.report.result.VersionSuiteListPair;
import de.rub.nds.tlsscanner.serverscanner.vectorstatistics.InformationLeakTest;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Objects;

/* loaded from: input_file:de/rub/nds/tlsscanner/serverscanner/probe/PaddingOracleProbe.class */
public class PaddingOracleProbe extends TlsProbe {
    private List<VersionSuiteListPair> serverSupportedSuites;

    public PaddingOracleProbe(ScannerConfig scannerConfig, ParallelExecutor parallelExecutor) {
        super(parallelExecutor, ProbeType.PADDING_ORACLE, scannerConfig);
    }

    @Override // de.rub.nds.tlsscanner.serverscanner.probe.TlsProbe
    public ProbeResult executeTest() {
        try {
            List<PaddingVectorGeneratorType> createVectorTypeList = createVectorTypeList();
            LinkedList linkedList = new LinkedList();
            for (PaddingVectorGeneratorType paddingVectorGeneratorType : createVectorTypeList) {
                for (VersionSuiteListPair versionSuiteListPair : this.serverSupportedSuites) {
                    if (versionSuiteListPair.getVersion() == ProtocolVersion.TLS10 || versionSuiteListPair.getVersion() == ProtocolVersion.TLS11 || versionSuiteListPair.getVersion() == ProtocolVersion.TLS12) {
                        for (CipherSuite cipherSuite : versionSuiteListPair.getCipherSuiteList()) {
                            if (cipherSuite.isCBC() && CipherSuite.getImplemented().contains(cipherSuite)) {
                                PaddingOracleCommandConfig createPaddingOracleCommandConfig = createPaddingOracleCommandConfig(versionSuiteListPair.getVersion(), cipherSuite);
                                createPaddingOracleCommandConfig.setVectorGeneratorType(paddingVectorGeneratorType);
                                linkedList.add(getPaddingOracleInformationLeakTest(createPaddingOracleCommandConfig));
                            }
                        }
                    }
                }
            }
            if (isPotentiallyVulnerable(linkedList) || this.scannerConfig.getScanDetail().isGreaterEqualTo(ScannerDetail.NORMAL)) {
                LOGGER.debug("We found non-determinism during the padding oracle scan");
                LOGGER.debug("Starting non-determinism evaluation");
                for (InformationLeakTest<PaddingOracleTestInfo> informationLeakTest : linkedList) {
                    if (informationLeakTest.isDistinctAnswers() || this.scannerConfig.getScanDetail().isGreaterEqualTo(ScannerDetail.DETAILED)) {
                        LOGGER.debug("Found a candidate for the non-determinism eval:" + informationLeakTest.getTestInfo().getCipherSuite() + " - " + informationLeakTest.getTestInfo().getCipherSuite());
                        extendFingerPrint(informationLeakTest, 7);
                    }
                }
                LOGGER.debug("Finished non-determinism evaluation");
            }
            return new PaddingOracleResult(linkedList);
        } catch (Exception e) {
            LOGGER.error("Could not scan for " + getProbeName(), e);
            return new PaddingOracleResult(null);
        }
    }

    private List<PaddingVectorGeneratorType> createVectorTypeList() {
        LinkedList linkedList = new LinkedList();
        linkedList.add(PaddingVectorGeneratorType.CLASSIC_DYNAMIC);
        if (this.scannerConfig.getScanDetail() == ScannerDetail.ALL) {
            linkedList.add(PaddingVectorGeneratorType.FINISHED);
            linkedList.add(PaddingVectorGeneratorType.CLOSE_NOTIFY);
            linkedList.add(PaddingVectorGeneratorType.FINISHED_RESUMPTION);
        }
        return linkedList;
    }

    private PaddingOracleCommandConfig createPaddingOracleCommandConfig(ProtocolVersion protocolVersion, CipherSuite cipherSuite) {
        PaddingRecordGeneratorType paddingRecordGeneratorType;
        PaddingOracleCommandConfig paddingOracleCommandConfig = new PaddingOracleCommandConfig(getScannerConfig().getGeneralDelegate());
        ClientDelegate delegate = paddingOracleCommandConfig.getDelegate(ClientDelegate.class);
        delegate.setHost(getScannerConfig().getClientDelegate().getHost());
        delegate.setSniHostname(getScannerConfig().getClientDelegate().getSniHostname());
        paddingOracleCommandConfig.getDelegate(StarttlsDelegate.class).setStarttlsType(this.scannerConfig.getStarttlsDelegate().getStarttlsType());
        paddingOracleCommandConfig.setNumberOfIterations(2);
        if (this.scannerConfig.getScanDetail().isGreaterEqualTo(ScannerDetail.NORMAL)) {
            paddingRecordGeneratorType = PaddingRecordGeneratorType.SHORT;
            paddingOracleCommandConfig.setNumberOfIterations(3);
        } else {
            paddingRecordGeneratorType = PaddingRecordGeneratorType.VERY_SHORT;
            paddingOracleCommandConfig.setNumberOfIterations(1);
        }
        paddingOracleCommandConfig.setRecordGeneratorType(paddingRecordGeneratorType);
        paddingOracleCommandConfig.getCipherSuiteDelegate().setCipherSuites(new CipherSuite[]{cipherSuite});
        paddingOracleCommandConfig.getProtocolVersionDelegate().setProtocolVersion(protocolVersion);
        return paddingOracleCommandConfig;
    }

    private InformationLeakTest<PaddingOracleTestInfo> getPaddingOracleInformationLeakTest(PaddingOracleCommandConfig paddingOracleCommandConfig) {
        PaddingOracleAttacker paddingOracleAttacker = new PaddingOracleAttacker(paddingOracleCommandConfig, this.scannerConfig.createConfig(), getParallelExecutor());
        if (this.scannerConfig.getScanDetail().isGreaterEqualTo(ScannerDetail.DETAILED)) {
            paddingOracleAttacker.setAdditionalTimeout(1000L);
            paddingOracleAttacker.setIncreasingTimeout(true);
        } else {
            paddingOracleAttacker.setAdditionalTimeout(50L);
        }
        try {
            paddingOracleAttacker.isVulnerable();
        } catch (Exception e) {
            LOGGER.error("Encountered an exception while testing for PaddingOracles", e);
        }
        return new InformationLeakTest<>(new PaddingOracleTestInfo(paddingOracleCommandConfig.getProtocolVersionDelegate().getProtocolVersion(), (CipherSuite) paddingOracleCommandConfig.getCipherSuiteDelegate().getCipherSuites().get(0), paddingOracleCommandConfig.getVectorGeneratorType(), paddingOracleCommandConfig.getRecordGeneratorType()), paddingOracleAttacker.getResponseMapList());
    }

    @Override // de.rub.nds.tlsscanner.serverscanner.probe.TlsProbe
    public boolean canBeExecuted(SiteReport siteReport) {
        if (siteReport.isProbeAlreadyExecuted(ProbeType.CIPHER_SUITE) && siteReport.isProbeAlreadyExecuted(ProbeType.PROTOCOL_VERSION)) {
            return Objects.equals(siteReport.getResult(AnalyzedProperty.SUPPORTS_BLOCK_CIPHERS), TestResult.TRUE);
        }
        return false;
    }

    @Override // de.rub.nds.tlsscanner.serverscanner.probe.TlsProbe
    public void adjustConfig(SiteReport siteReport) {
        this.serverSupportedSuites = siteReport.getVersionSuitePairs();
    }

    @Override // de.rub.nds.tlsscanner.serverscanner.probe.TlsProbe
    public ProbeResult getCouldNotExecuteResult() {
        return new PaddingOracleResult(null);
    }

    private void extendFingerPrint(InformationLeakTest<PaddingOracleTestInfo> informationLeakTest, int i) {
        PaddingOracleCommandConfig createPaddingOracleCommandConfig = createPaddingOracleCommandConfig(informationLeakTest.getTestInfo().getVersion(), informationLeakTest.getTestInfo().getCipherSuite());
        createPaddingOracleCommandConfig.setRecordGeneratorType(informationLeakTest.getTestInfo().getRecordGeneratorType());
        createPaddingOracleCommandConfig.setVectorGeneratorType(informationLeakTest.getTestInfo().getVectorGeneratorType());
        createPaddingOracleCommandConfig.setNumberOfIterations(i);
        informationLeakTest.extendTestWithVectorContainers(getPaddingOracleInformationLeakTest(createPaddingOracleCommandConfig).getVectorContainerList());
    }

    private boolean isPotentiallyVulnerable(List<InformationLeakTest<PaddingOracleTestInfo>> list) {
        Iterator<InformationLeakTest<PaddingOracleTestInfo>> it = list.iterator();
        while (it.hasNext()) {
            if (it.next().isDistinctAnswers()) {
                return true;
            }
        }
        return false;
    }
}
