package de.rub.nds.tlsscanner.serverscanner.probe.drown;

import de.rub.nds.modifiablevariable.util.ArrayConverter;
import de.rub.nds.tlsattacker.core.constants.HandshakeMessageType;
import de.rub.nds.tlsattacker.core.constants.SSL2CipherSuite;
import de.rub.nds.tlsattacker.core.protocol.message.SSL2ServerVerifyMessage;
import de.rub.nds.tlsattacker.core.state.TlsContext;
import de.rub.nds.tlsscanner.serverscanner.probe.SessionTicketZeroKeyProbe;
import java.nio.charset.Charset;
import java.util.Arrays;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.bouncycastle.crypto.BlockCipher;
import org.bouncycastle.crypto.digests.MD5Digest;
import org.bouncycastle.crypto.engines.DESEngine;
import org.bouncycastle.crypto.engines.DESedeEngine;
import org.bouncycastle.crypto.engines.RC2Engine;
import org.bouncycastle.crypto.engines.RC4Engine;
import org.bouncycastle.crypto.modes.CBCBlockCipher;
import org.bouncycastle.crypto.params.DESParameters;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.crypto.params.ParametersWithIV;

/* loaded from: input_file:de/rub/nds/tlsscanner/serverscanner/probe/drown/ServerVerifyChecker.class */
public class ServerVerifyChecker {
    private static final Logger LOGGER = LogManager.getLogger();

    /* renamed from: de.rub.nds.tlsscanner.serverscanner.probe.drown.ServerVerifyChecker$1, reason: invalid class name */
    /* loaded from: input_file:de/rub/nds/tlsscanner/serverscanner/probe/drown/ServerVerifyChecker$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$de$rub$nds$tlsattacker$core$constants$SSL2CipherSuite = new int[SSL2CipherSuite.values().length];

        static {
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$SSL2CipherSuite[SSL2CipherSuite.SSL_CK_RC4_128_WITH_MD5.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$SSL2CipherSuite[SSL2CipherSuite.SSL_CK_RC4_128_EXPORT40_WITH_MD5.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$SSL2CipherSuite[SSL2CipherSuite.SSL_CK_RC2_128_CBC_WITH_MD5.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$SSL2CipherSuite[SSL2CipherSuite.SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$SSL2CipherSuite[SSL2CipherSuite.SSL_CK_DES_64_CBC_WITH_MD5.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$SSL2CipherSuite[SSL2CipherSuite.SSL_CK_DES_192_EDE3_CBC_WITH_MD5.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
        }
    }

    public static boolean check(SSL2ServerVerifyMessage sSL2ServerVerifyMessage, TlsContext tlsContext, boolean z) {
        byte[] decryptCbcDesEde3;
        switch (AnonymousClass1.$SwitchMap$de$rub$nds$tlsattacker$core$constants$SSL2CipherSuite[tlsContext.getChooser().getSSL2CipherSuite().ordinal()]) {
            case 1:
            case SessionTicketZeroKeyProbe.SESSION_STATE_LEN_FIELD_LEN /* 2 */:
                decryptCbcDesEde3 = decryptRC4(sSL2ServerVerifyMessage, tlsContext);
                break;
            case 3:
            case 4:
                decryptCbcDesEde3 = decryptRC2(sSL2ServerVerifyMessage, tlsContext);
                break;
            case 5:
                decryptCbcDesEde3 = decryptCbcDes(sSL2ServerVerifyMessage, tlsContext);
                break;
            case 6:
                decryptCbcDesEde3 = decryptCbcDesEde3(sSL2ServerVerifyMessage, tlsContext);
                break;
            default:
                throw new UnsupportedOperationException("Check not implemented for the selected cipher suite");
        }
        return compareDecrypted(decryptCbcDesEde3, tlsContext.getClientRandom(), z);
    }

    public static boolean compareDecrypted(byte[] bArr, byte[] bArr2, boolean z) {
        if (bArr.length <= 17) {
            LOGGER.warn("Decrypted Server-Verify message is too short");
            return false;
        }
        if (bArr[16] == HandshakeMessageType.SSL2_SERVER_VERIFY.getValue()) {
            return Arrays.equals(Arrays.copyOfRange(bArr, 16 + 1, bArr.length), bArr2);
        }
        if (z) {
            return false;
        }
        LOGGER.warn("Wrong message type in decrypted Server-Verify message");
        return false;
    }

    private static byte[] decryptRC4(SSL2ServerVerifyMessage sSL2ServerVerifyMessage, TlsContext tlsContext) {
        return decryptRC4(makeKeyMaterial(tlsContext, "0"), (byte[]) sSL2ServerVerifyMessage.getEncryptedPart().getValue());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] decryptRC4(byte[] bArr, byte[] bArr2) {
        RC4Engine rC4Engine = new RC4Engine();
        rC4Engine.init(false, new KeyParameter(bArr));
        int length = bArr2.length;
        byte[] bArr3 = new byte[length];
        rC4Engine.processBytes(bArr2, 0, length, bArr3, 0);
        return bArr3;
    }

    private static byte[] decryptRC2(SSL2ServerVerifyMessage sSL2ServerVerifyMessage, TlsContext tlsContext) {
        return decryptRC2(makeKeyMaterial(tlsContext, "0"), (byte[]) sSL2ServerVerifyMessage.getEncryptedPart().getValue(), tlsContext.getSSL2Iv(), ((Integer) sSL2ServerVerifyMessage.getPaddingLength().getValue()).intValue());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] decryptRC2(byte[] bArr, byte[] bArr2, byte[] bArr3, int i) {
        CBCBlockCipher cBCBlockCipher = new CBCBlockCipher(new RC2Engine());
        cBCBlockCipher.init(false, new ParametersWithIV(new KeyParameter(bArr), bArr3));
        return processEncryptedBlocks(cBCBlockCipher, bArr2, i);
    }

    private static byte[] decryptCbcDes(SSL2ServerVerifyMessage sSL2ServerVerifyMessage, TlsContext tlsContext) {
        byte[] copyOfRange = Arrays.copyOfRange(makeKeyMaterial(tlsContext, "0"), 0, 8);
        DESParameters.setOddParity(copyOfRange);
        byte[] sSL2Iv = tlsContext.getSSL2Iv();
        CBCBlockCipher cBCBlockCipher = new CBCBlockCipher(new DESEngine());
        cBCBlockCipher.init(false, new ParametersWithIV(new DESParameters(copyOfRange), sSL2Iv));
        return processEncryptedBlocks(cBCBlockCipher, (byte[]) sSL2ServerVerifyMessage.getEncryptedPart().getValue(), ((Integer) sSL2ServerVerifyMessage.getPaddingLength().getValue()).intValue());
    }

    private static byte[] decryptCbcDesEde3(SSL2ServerVerifyMessage sSL2ServerVerifyMessage, TlsContext tlsContext) {
        byte[] bArr = new byte[24];
        byte[] makeKeyMaterial = makeKeyMaterial(tlsContext, "0");
        System.arraycopy(makeKeyMaterial, 0, bArr, 0, makeKeyMaterial.length);
        System.arraycopy(makeKeyMaterial(tlsContext, "1"), 0, bArr, makeKeyMaterial.length, 8);
        byte[] sSL2Iv = tlsContext.getSSL2Iv();
        CBCBlockCipher cBCBlockCipher = new CBCBlockCipher(new DESedeEngine());
        cBCBlockCipher.init(false, new ParametersWithIV(new KeyParameter(bArr), sSL2Iv));
        return processEncryptedBlocks(cBCBlockCipher, (byte[]) sSL2ServerVerifyMessage.getEncryptedPart().getValue(), ((Integer) sSL2ServerVerifyMessage.getPaddingLength().getValue()).intValue());
    }

    /* JADX WARN: Type inference failed for: r0v10, types: [byte[], byte[][]] */
    private static byte[] makeKeyMaterial(TlsContext tlsContext, String str) {
        SSL2CipherSuite sSL2CipherSuite = tlsContext.getChooser().getSSL2CipherSuite();
        byte[] clearKey = tlsContext.getClearKey();
        byte[] preMasterSecret = tlsContext.getPreMasterSecret();
        if (clearKey.length != sSL2CipherSuite.getClearKeyByteNumber()) {
            preMasterSecret = Arrays.copyOfRange(preMasterSecret, 0, preMasterSecret.length - (clearKey.length - sSL2CipherSuite.getClearKeyByteNumber()));
        }
        return makeKeyMaterial(ArrayConverter.concatenate((byte[][]) new byte[]{clearKey, preMasterSecret}), tlsContext.getClientRandom(), tlsContext.getServerRandom(), str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] makeKeyMaterial(byte[] bArr, byte[] bArr2, byte[] bArr3, String str) {
        MD5Digest mD5Digest = new MD5Digest();
        md5Update(mD5Digest, bArr);
        md5Update(mD5Digest, str.getBytes(Charset.forName("US-ASCII")));
        md5Update(mD5Digest, bArr2);
        md5Update(mD5Digest, bArr3);
        byte[] bArr4 = new byte[mD5Digest.getDigestSize()];
        mD5Digest.doFinal(bArr4, 0);
        return bArr4;
    }

    private static void md5Update(MD5Digest mD5Digest, byte[] bArr) {
        mD5Digest.update(bArr, 0, bArr.length);
    }

    private static byte[] processEncryptedBlocks(BlockCipher blockCipher, byte[] bArr, int i) {
        if (bArr.length % blockCipher.getBlockSize() != 0) {
            LOGGER.warn("Server-Verify payload has invalid length");
            return new byte[0];
        }
        byte[] bArr2 = new byte[bArr.length];
        int i2 = 0;
        while (true) {
            int i3 = i2;
            if (i3 >= bArr.length) {
                return Arrays.copyOfRange(bArr2, 0, bArr2.length - i);
            }
            i2 = i3 + blockCipher.processBlock(bArr, i3, bArr2, i3);
        }
    }
}
