package de.rub.nds.tlsscanner.serverscanner.probe.cca;

import de.rub.nds.asn1.Asn1Encodable;
import de.rub.nds.asn1.encoder.Asn1EncoderForX509;
import de.rub.nds.asn1.model.Asn1Sequence;
import de.rub.nds.asn1.model.KeyInfo;
import de.rub.nds.asn1.util.AttributeParser;
import de.rub.nds.asn1tool.xmlparser.Asn1XmlContent;
import de.rub.nds.asn1tool.xmlparser.XmlParser;
import de.rub.nds.tlsattacker.core.certificate.PemUtil;
import de.rub.nds.tlsattacker.core.config.delegate.CcaDelegate;
import de.rub.nds.tlsattacker.core.constants.NamedGroup;
import de.rub.nds.tlsattacker.core.crypto.keys.CustomDHPrivateKey;
import de.rub.nds.tlsattacker.core.crypto.keys.CustomDSAPrivateKey;
import de.rub.nds.tlsattacker.core.crypto.keys.CustomDhPublicKey;
import de.rub.nds.tlsattacker.core.crypto.keys.CustomDsaPublicKey;
import de.rub.nds.tlsattacker.core.crypto.keys.CustomECPrivateKey;
import de.rub.nds.tlsattacker.core.crypto.keys.CustomEcPublicKey;
import de.rub.nds.tlsattacker.core.crypto.keys.CustomRSAPrivateKey;
import de.rub.nds.tlsattacker.core.crypto.keys.CustomRsaPublicKey;
import de.rub.nds.tlsscanner.serverscanner.probe.SessionTicketZeroKeyProbe;
import de.rub.nds.tlsscanner.serverscanner.probe.cca.constans.CcaCertificateKeyType;
import de.rub.nds.tlsscanner.serverscanner.probe.cca.constans.CcaCertificateType;
import de.rub.nds.x509attacker.filesystem.CertificateFileWriter;
import de.rub.nds.x509attacker.keyfilemanager.KeyFileManager;
import de.rub.nds.x509attacker.keyfilemanager.KeyFileManagerException;
import de.rub.nds.x509attacker.linker.Linker;
import de.rub.nds.x509attacker.registry.Registry;
import de.rub.nds.x509attacker.xmlsignatureengine.XmlSignatureEngine;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.ECPoint;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Scanner;
import javax.crypto.interfaces.DHPrivateKey;
import javax.crypto.interfaces.DHPublicKey;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:de/rub/nds/tlsscanner/serverscanner/probe/cca/CcaCertificateManager.class */
public class CcaCertificateManager {
    private static Logger LOGGER = LogManager.getLogger();
    private static CcaCertificateManager reference = null;
    private final Map<CcaCertificateType, CcaCertificateChain> certificateKeyMap = new HashMap();
    private CcaDelegate ccaDelegate = null;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: de.rub.nds.tlsscanner.serverscanner.probe.cca.CcaCertificateManager$1, reason: invalid class name */
    /* loaded from: input_file:de/rub/nds/tlsscanner/serverscanner/probe/cca/CcaCertificateManager$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$de$rub$nds$tlsscanner$serverscanner$probe$cca$constans$CcaCertificateKeyType = new int[CcaCertificateKeyType.values().length];

        static {
            try {
                $SwitchMap$de$rub$nds$tlsscanner$serverscanner$probe$cca$constans$CcaCertificateKeyType[CcaCertificateKeyType.RSA.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsscanner$serverscanner$probe$cca$constans$CcaCertificateKeyType[CcaCertificateKeyType.DH.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsscanner$serverscanner$probe$cca$constans$CcaCertificateKeyType[CcaCertificateKeyType.DSA.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsscanner$serverscanner$probe$cca$constans$CcaCertificateKeyType[CcaCertificateKeyType.ECDSA.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
        }
    }

    public CcaCertificateManager(CcaDelegate ccaDelegate) {
        init(ccaDelegate);
    }

    private static String extractXMLCertificateSubject(String str, String str2) {
        Registry.getInstance();
        try {
            byte[] encoded = ((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(CcaFileManager.getReference(str).getFileContent(str2)))).getSubjectX500Principal().getEncoded();
            StringBuilder sb = new StringBuilder();
            for (byte b : encoded) {
                sb.append(String.format("%02x", Byte.valueOf(b)));
            }
            return sb.toString();
        } catch (CertificateException e) {
            LOGGER.error("Error while either instantiating X.509 CertificateFactory or generating certificate from fileInputStream. " + e);
            return null;
        }
    }

    public void init(CcaDelegate ccaDelegate) {
        this.ccaDelegate = ccaDelegate;
        if (!ccaDelegate.directoriesSupplied().booleanValue() || !ccaDelegate.clientCertificateSupplied().booleanValue()) {
            LOGGER.debug("CcaDelegate does not contain enough information to evaluate all CcaCertificateTypes");
        }
        for (CcaCertificateType ccaCertificateType : CcaCertificateType.values()) {
            if (ccaCertificateType.getRequiresCaCertAndKeys().booleanValue() && ccaDelegate.directoriesSupplied().booleanValue()) {
                this.certificateKeyMap.put(ccaCertificateType, generateCertificateListFromXML(ccaCertificateType));
            } else if (ccaCertificateType.getRequiresCertificate().booleanValue() && ccaDelegate.clientCertificateSupplied().booleanValue()) {
                CcaCertificateChain ccaCertificateChain = new CcaCertificateChain();
                ccaCertificateChain.appendEncodedCertificate(ccaDelegate.getClientCertificate());
                this.certificateKeyMap.put(ccaCertificateType, ccaCertificateChain);
            } else {
                CcaCertificateChain ccaCertificateChain2 = new CcaCertificateChain();
                ccaCertificateChain2.appendEncodedCertificate(new byte[0]);
                this.certificateKeyMap.put(ccaCertificateType, ccaCertificateChain2);
            }
        }
    }

    public CcaCertificateChain getCertificateChain(CcaCertificateType ccaCertificateType) {
        if (this.certificateKeyMap.containsKey(ccaCertificateType)) {
            return this.certificateKeyMap.get(ccaCertificateType);
        }
        LOGGER.error("Entry for " + ccaCertificateType + " is not available in CcaCertificateManager!");
        return null;
    }

    private CcaCertificateChain generateCertificateListFromXML(CcaCertificateType ccaCertificateType) {
        String str = null;
        String str2 = null;
        String str3 = null;
        Boolean bool = false;
        String str4 = ccaCertificateType.toString().split("_")[0].toLowerCase() + ".pem";
        String str5 = this.ccaDelegate.getKeyDirectory() + "/";
        String str6 = this.ccaDelegate.getCertificateInputDirectory() + "/";
        String str7 = this.ccaDelegate.getCertificateOutputDirectory() + "/";
        KeyFileManager reference2 = KeyFileManager.getReference();
        try {
            reference2.init(str5);
        } catch (KeyFileManagerException e) {
            LOGGER.error("Failed to initialize KeyFileManager. " + e);
        }
        String extractXMLCertificateSubject = extractXMLCertificateSubject(str6, str4);
        String next = new Scanner(CcaCertificateManager.class.getResourceAsStream("/xmlcerts/" + ccaCertificateType.toString() + ".xml"), "UTF-8").useDelimiter("\\A").next();
        if (next == null) {
            return null;
        }
        XmlParser xmlParser = new XmlParser(replacePlaceholders(next, str4, extractXMLCertificateSubject));
        Asn1XmlContent asn1XmlContent = xmlParser.getAsn1XmlContent();
        Map identifierMap = xmlParser.getIdentifierMap();
        Linker linker = new Linker(identifierMap);
        new XmlSignatureEngine(linker, identifierMap).computeSignatures();
        List<Asn1Encodable> asn1Encodables = asn1XmlContent.getAsn1Encodables();
        CcaCertificateChain ccaCertificateChain = new CcaCertificateChain();
        for (int i = 0; i < asn1Encodables.size(); i++) {
            Asn1Sequence asn1Sequence = (Asn1Encodable) asn1Encodables.get(i);
            ccaCertificateChain.appendEncodedCertificate(Asn1EncoderForX509.encodeForCertificate(linker, asn1Sequence));
            if ((asn1Sequence instanceof Asn1Sequence) && !bool.booleanValue()) {
                str = ((KeyInfo) asn1Sequence.getChildren().get(0)).getKeyFileName();
                str2 = ((KeyInfo) asn1Sequence.getChildren().get(0)).getPubKeyFile();
                str3 = ((Asn1Encodable) asn1Sequence.getChildren().get(0)).getAttribute("keyType");
                bool = true;
            }
        }
        if (!setLeafCertificateKeys(ccaCertificateChain, str, str2, str3, reference2)) {
            return null;
        }
        saveCertificateChainToFile(str7, asn1Encodables, ccaCertificateChain);
        return ccaCertificateChain;
    }

    private String replacePlaceholders(String str, String str2, String str3) {
        return str.replace("<asn1RawBytes identifier=\"issuer\" type=\"RawBytes\" placeholder=\"replace_me\"><value>", "<asn1RawBytes identifier=\"issuer\" type=\"RawBytes\"><value>" + str3).replace("replace_me_im_a_dummy_key", str2);
    }

    /* JADX WARN: Type inference failed for: r0v2, types: [byte[], byte[][]] */
    private void saveCertificateChainToFile(String str, List<Asn1Encodable> list, CcaCertificateChain ccaCertificateChain) {
        ?? r0 = new byte[list.size()];
        for (int i = 0; i < ccaCertificateChain.getEncodedCertificates().size(); i++) {
            r0[i] = ccaCertificateChain.getEncodedCertificates().get(i);
        }
        try {
            writeCertificates(str, list, r0);
        } catch (IOException e) {
            LOGGER.error("Couldn't write certificates to output directory. " + e);
        }
    }

    public static void writeCertificates(String str, List<Asn1Encodable> list, byte[][] bArr) throws IOException {
        CertificateFileWriter certificateFileWriter = new CertificateFileWriter(str, "certificate_chain.pem");
        for (int i = 0; i < list.size(); i++) {
            Asn1Encodable asn1Encodable = list.get(i);
            if (asn1Encodable.getType().equalsIgnoreCase("Certificate")) {
                if (AttributeParser.parseBooleanAttributeOrDefault(asn1Encodable, "attachToCertificateList", false)) {
                    certificateFileWriter.writeCertificate(bArr[i]);
                }
                writeSingleCertificate(str, asn1Encodable, bArr[i]);
            }
        }
        certificateFileWriter.close();
    }

    private static void writeSingleCertificate(String str, Asn1Encodable asn1Encodable, byte[] bArr) throws IOException {
        CertificateFileWriter certificateFileWriter = new CertificateFileWriter(str, asn1Encodable.getIdentifier() + ".pem");
        certificateFileWriter.writeCertificate(bArr);
        certificateFileWriter.close();
    }

    private boolean setLeafCertificateKeys(CcaCertificateChain ccaCertificateChain, String str, String str2, String str3, KeyFileManager keyFileManager) {
        CustomRSAPrivateKey customECPrivateKey;
        CustomRsaPublicKey customEcPublicKey;
        try {
            switch (AnonymousClass1.$SwitchMap$de$rub$nds$tlsscanner$serverscanner$probe$cca$constans$CcaCertificateKeyType[CcaCertificateKeyType.fromJavaName(str3.toLowerCase()).ordinal()]) {
                case 1:
                    PrivateKey readPrivateKey = PemUtil.readPrivateKey(new ByteArrayInputStream(keyFileManager.getKeyFileContent(str)));
                    BigInteger modulus = ((RSAPrivateKey) readPrivateKey).getModulus();
                    customECPrivateKey = new CustomRSAPrivateKey(modulus, ((RSAPrivateKey) readPrivateKey).getPrivateExponent());
                    customEcPublicKey = new CustomRsaPublicKey(((RSAPublicKey) PemUtil.readPublicKey(new ByteArrayInputStream(keyFileManager.getKeyFileContent(str2)))).getPublicExponent(), modulus);
                    break;
                case SessionTicketZeroKeyProbe.SESSION_STATE_LEN_FIELD_LEN /* 2 */:
                    PrivateKey readPrivateKey2 = PemUtil.readPrivateKey(new ByteArrayInputStream(keyFileManager.getKeyFileContent(str)));
                    BigInteger y = ((DHPublicKey) PemUtil.readPublicKey(new ByteArrayInputStream(keyFileManager.getKeyFileContent(str2)))).getY();
                    BigInteger x = ((DHPrivateKey) readPrivateKey2).getX();
                    BigInteger p = ((DHPrivateKey) readPrivateKey2).getParams().getP();
                    BigInteger g = ((DHPrivateKey) readPrivateKey2).getParams().getG();
                    customECPrivateKey = new CustomDHPrivateKey(x, p, g);
                    customEcPublicKey = new CustomDhPublicKey(p, g, y);
                    break;
                case 3:
                    byte[] keyFileContent = keyFileManager.getKeyFileContent(str);
                    PrivateKey readPrivateKey3 = PemUtil.readPrivateKey(new ByteArrayInputStream(keyFileContent));
                    BigInteger y2 = ((DSAPublicKey) PemUtil.readPublicKey(new ByteArrayInputStream(keyFileContent))).getY();
                    BigInteger x2 = ((DSAPrivateKey) readPrivateKey3).getX();
                    BigInteger p2 = ((DSAPrivateKey) readPrivateKey3).getParams().getP();
                    BigInteger q = ((DSAPrivateKey) readPrivateKey3).getParams().getQ();
                    BigInteger g2 = ((DSAPrivateKey) readPrivateKey3).getParams().getG();
                    customECPrivateKey = new CustomDSAPrivateKey(x2, p2, q, g2);
                    customEcPublicKey = new CustomDsaPublicKey(p2, q, g2, y2);
                    break;
                case 4:
                    PrivateKey readPrivateKey4 = PemUtil.readPrivateKey(new ByteArrayInputStream(keyFileManager.getKeyFileContent(str)));
                    ECPoint w = ((ECPublicKey) PemUtil.readPublicKey(new ByteArrayInputStream(keyFileManager.getKeyFileContent(str2)))).getW();
                    BigInteger s = ((ECPrivateKey) readPrivateKey4).getS();
                    NamedGroup namedGroup = NamedGroup.getNamedGroup((ECPrivateKey) readPrivateKey4);
                    customECPrivateKey = new CustomECPrivateKey(s, namedGroup);
                    customEcPublicKey = new CustomEcPublicKey(w.getAffineX(), w.getAffineY(), namedGroup);
                    break;
                default:
                    LOGGER.error("Unknown or unsupported value for keyType attribute of keyInfo in XMLCertificate.");
                    return false;
            }
            ccaCertificateChain.setLeafCertificatePrivateKey(customECPrivateKey);
            ccaCertificateChain.setLeafCertificatePublicKey(customEcPublicKey);
            return true;
        } catch (IOException e) {
            LOGGER.error("IOException occurred while preparing PrivateKey. " + e);
            return false;
        } catch (KeyFileManagerException e2) {
            LOGGER.error("Couldn't read key from KeyFileManager. " + e2);
            return false;
        }
    }
}
