package de.rub.nds.tlsscanner.serverscanner.probe.drown;

import de.rub.nds.modifiablevariable.util.Modifiable;
import de.rub.nds.tlsattacker.core.config.Config;
import de.rub.nds.tlsattacker.core.constants.HandshakeMessageType;
import de.rub.nds.tlsattacker.core.constants.RunningModeType;
import de.rub.nds.tlsattacker.core.constants.SSL2CipherSuite;
import de.rub.nds.tlsattacker.core.exceptions.ConfigurationException;
import de.rub.nds.tlsattacker.core.protocol.ProtocolMessage;
import de.rub.nds.tlsattacker.core.protocol.message.SSL2ClientMasterKeyMessage;
import de.rub.nds.tlsattacker.core.protocol.message.SSL2ServerVerifyMessage;
import de.rub.nds.tlsattacker.core.state.State;
import de.rub.nds.tlsattacker.core.workflow.ParallelExecutor;
import de.rub.nds.tlsattacker.core.workflow.WorkflowExecutorFactory;
import de.rub.nds.tlsattacker.core.workflow.WorkflowTrace;
import de.rub.nds.tlsattacker.core.workflow.WorkflowTraceUtil;
import de.rub.nds.tlsattacker.core.workflow.action.ReceiveAction;
import de.rub.nds.tlsattacker.core.workflow.action.SendAction;
import de.rub.nds.tlsattacker.core.workflow.factory.WorkflowConfigurationFactory;
import de.rub.nds.tlsattacker.core.workflow.factory.WorkflowTraceType;
import de.rub.nds.tlsscanner.serverscanner.probe.drown.constans.DrownOracleType;
import de.rub.nds.tlsscanner.serverscanner.probe.drown.constans.DrownVulnerabilityType;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.ObjectOutputStream;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:de/rub/nds/tlsscanner/serverscanner/probe/drown/SpecialDrownAttacker.class */
public class SpecialDrownAttacker extends BaseDrownAttacker {
    private static final Logger LOGGER = LogManager.getLogger();
    private DrownOracleType oracleType;
    private String checkDataFilePath;
    private boolean generateCheckData;
    private boolean analyzeCheckData;

    public SpecialDrownAttacker(Config config, ParallelExecutor parallelExecutor, DrownOracleType drownOracleType) {
        super(config, parallelExecutor);
        this.oracleType = drownOracleType;
    }

    public SpecialDrownAttacker(Config config, ParallelExecutor parallelExecutor, DrownOracleType drownOracleType, String str, boolean z, boolean z2) {
        super(config, parallelExecutor);
        this.oracleType = drownOracleType;
        this.checkDataFilePath = str;
        this.generateCheckData = z;
        this.analyzeCheckData = z2;
    }

    @Override // de.rub.nds.tlsscanner.serverscanner.probe.drown.BaseDrownAttacker
    public DrownVulnerabilityType getDrownVulnerabilityType() {
        DrownVulnerabilityType drownVulnerabilityType = DrownVulnerabilityType.UNKNOWN;
        if (this.oracleType == DrownOracleType.EXTRA_CLEAR) {
            return checkForExtraClearOracle(this.tlsConfig);
        }
        if (this.oracleType == DrownOracleType.LEAKY_EXPORT) {
            if (this.checkDataFilePath == null) {
                throw new ConfigurationException("Check data file is required");
            }
            if (!this.generateCheckData && !this.analyzeCheckData) {
                throw new ConfigurationException("Specify whether to generate or analyze check data");
            }
            if (this.generateCheckData) {
                drownVulnerabilityType = generateLeakyExportCheckData(this.tlsConfig, this.checkDataFilePath);
            }
            if (this.analyzeCheckData) {
                drownVulnerabilityType = checkForLeakyExport(this.tlsConfig, this.checkDataFilePath);
            }
        }
        return drownVulnerabilityType;
    }

    private DrownVulnerabilityType checkForExtraClearOracle(Config config) {
        SSL2CipherSuite defaultSSL2CipherSuite = config.getDefaultSSL2CipherSuite();
        byte[] bArr = new byte[(defaultSSL2CipherSuite.getClearKeyByteNumber() + defaultSSL2CipherSuite.getSecretKeyByteNumber()) - 1];
        ProtocolMessage sSL2ClientMasterKeyMessage = new SSL2ClientMasterKeyMessage();
        sSL2ClientMasterKeyMessage.setClearKeyData(Modifiable.explicit(bArr));
        WorkflowTrace createWorkflowTrace = new WorkflowConfigurationFactory(config).createWorkflowTrace(WorkflowTraceType.SSL2_HELLO, RunningModeType.CLIENT);
        createWorkflowTrace.addTlsAction(new SendAction(new ProtocolMessage[]{sSL2ClientMasterKeyMessage}));
        createWorkflowTrace.addTlsAction(new ReceiveAction(new ProtocolMessage[]{new SSL2ServerVerifyMessage()}));
        State state = new State(config, createWorkflowTrace);
        WorkflowExecutorFactory.createWorkflowExecutor(config.getWorkflowExecutorType(), state).executeWorkflow();
        if (!WorkflowTraceUtil.didReceiveMessage(HandshakeMessageType.SSL2_SERVER_HELLO, createWorkflowTrace)) {
            return DrownVulnerabilityType.NONE;
        }
        SSL2ServerVerifyMessage firstReceivedMessage = WorkflowTraceUtil.getFirstReceivedMessage(HandshakeMessageType.SSL2_SERVER_VERIFY, createWorkflowTrace);
        return (firstReceivedMessage == null || !ServerVerifyChecker.check(firstReceivedMessage, state.getTlsContext(), true)) ? DrownVulnerabilityType.SSL2 : DrownVulnerabilityType.SPECIAL;
    }

    private DrownVulnerabilityType generateLeakyExportCheckData(Config config, String str) {
        int secretKeyByteNumber = config.getDefaultSSL2CipherSuite().getSecretKeyByteNumber() + 2;
        byte[] bArr = new byte[secretKeyByteNumber];
        for (int i = 0; i < secretKeyByteNumber; i++) {
            bArr[i] = -1;
        }
        ProtocolMessage sSL2ClientMasterKeyMessage = new SSL2ClientMasterKeyMessage();
        sSL2ClientMasterKeyMessage.prepareComputations();
        sSL2ClientMasterKeyMessage.getComputations().setPremasterSecret(Modifiable.explicit(bArr));
        WorkflowTrace createWorkflowTrace = new WorkflowConfigurationFactory(config).createWorkflowTrace(WorkflowTraceType.SSL2_HELLO, RunningModeType.CLIENT);
        createWorkflowTrace.addTlsAction(new SendAction(new ProtocolMessage[]{sSL2ClientMasterKeyMessage}));
        createWorkflowTrace.addTlsAction(new ReceiveAction(new ProtocolMessage[]{new SSL2ServerVerifyMessage()}));
        State state = new State(config, createWorkflowTrace);
        WorkflowExecutorFactory.createWorkflowExecutor(config.getWorkflowExecutorType(), state).executeWorkflow();
        if (!WorkflowTraceUtil.didReceiveMessage(HandshakeMessageType.SSL2_SERVER_HELLO, createWorkflowTrace)) {
            return DrownVulnerabilityType.NONE;
        }
        SSL2ServerVerifyMessage firstReceivedMessage = WorkflowTraceUtil.getFirstReceivedMessage(HandshakeMessageType.SSL2_SERVER_VERIFY, createWorkflowTrace);
        if (firstReceivedMessage != null) {
            LeakyExportCheckData leakyExportCheckData = new LeakyExportCheckData(state.getTlsContext(), sSL2ClientMasterKeyMessage, firstReceivedMessage);
            try {
                FileOutputStream fileOutputStream = new FileOutputStream(str);
                ObjectOutputStream objectOutputStream = new ObjectOutputStream(fileOutputStream);
                objectOutputStream.writeObject(leakyExportCheckData);
                objectOutputStream.close();
                fileOutputStream.close();
            } catch (IOException e) {
                throw new RuntimeException(e);
            }
        }
        return DrownVulnerabilityType.UNKNOWN;
    }

    /* JADX WARN: Code restructure failed: missing block: B:47:0x01a8, code lost:
    
        java.lang.Thread.sleep(60000);
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private de.rub.nds.tlsscanner.serverscanner.probe.drown.constans.DrownVulnerabilityType checkForLeakyExport(de.rub.nds.tlsattacker.core.config.Config r10, java.lang.String r11) {
        /*
            Method dump skipped, instructions count: 458
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: de.rub.nds.tlsscanner.serverscanner.probe.drown.SpecialDrownAttacker.checkForLeakyExport(de.rub.nds.tlsattacker.core.config.Config, java.lang.String):de.rub.nds.tlsscanner.serverscanner.probe.drown.constans.DrownVulnerabilityType");
    }
}
