package de.rub.nds.tlsscanner.serverscanner.probe;

import de.rub.nds.modifiablevariable.util.Modifiable;
import de.rub.nds.scanner.core.constants.TestResult;
import de.rub.nds.scanner.core.constants.TestResults;
import de.rub.nds.tlsattacker.core.config.Config;
import de.rub.nds.tlsattacker.core.constants.CipherSuite;
import de.rub.nds.tlsattacker.core.constants.HandshakeMessageType;
import de.rub.nds.tlsattacker.core.protocol.ProtocolMessage;
import de.rub.nds.tlsattacker.core.protocol.message.ClientHelloMessage;
import de.rub.nds.tlsattacker.core.protocol.message.ServerHelloDoneMessage;
import de.rub.nds.tlsattacker.core.state.State;
import de.rub.nds.tlsattacker.core.workflow.ParallelExecutor;
import de.rub.nds.tlsattacker.core.workflow.WorkflowTrace;
import de.rub.nds.tlsattacker.core.workflow.WorkflowTraceUtil;
import de.rub.nds.tlsattacker.core.workflow.action.FlushSessionCacheAction;
import de.rub.nds.tlsattacker.core.workflow.action.ReceiveTillAction;
import de.rub.nds.tlsattacker.core.workflow.action.RenegotiationAction;
import de.rub.nds.tlsattacker.core.workflow.action.SendAction;
import de.rub.nds.tlsattacker.core.workflow.action.SendingAction;
import de.rub.nds.tlsattacker.core.workflow.factory.WorkflowConfigurationFactory;
import de.rub.nds.tlsattacker.core.workflow.factory.WorkflowTraceType;
import de.rub.nds.tlsscanner.core.constants.TlsAnalyzedProperty;
import de.rub.nds.tlsscanner.core.constants.TlsProbeType;
import de.rub.nds.tlsscanner.serverscanner.probe.result.RenegotiationResult;
import de.rub.nds.tlsscanner.serverscanner.report.ServerReport;
import de.rub.nds.tlsscanner.serverscanner.selector.ConfigSelector;
import java.util.ArrayList;
import java.util.Set;

/* loaded from: input_file:de/rub/nds/tlsscanner/serverscanner/probe/RenegotiationProbe.class */
public class RenegotiationProbe extends TlsServerProbe<ConfigSelector, ServerReport, RenegotiationResult> {
    private Set<CipherSuite> supportedSuites;
    private TestResult supportsDtlsCookieExchangeInRenegotiation;

    public RenegotiationProbe(ConfigSelector configSelector, ParallelExecutor parallelExecutor) {
        super(parallelExecutor, TlsProbeType.RENEGOTIATION, configSelector);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* renamed from: executeTest, reason: merged with bridge method [inline-methods] */
    public RenegotiationResult m120executeTest() {
        if (((ConfigSelector) this.configSelector).getScannerConfig().getDtlsDelegate().isDTLS()) {
            this.supportsDtlsCookieExchangeInRenegotiation = supportsDtlsCookieExchangeInRenegotiation();
        } else {
            this.supportsDtlsCookieExchangeInRenegotiation = TestResults.NOT_TESTED_YET;
        }
        return new RenegotiationResult(supportsSecureClientRenegotiationExtension(), supportsSecureClientRenegotiationCipherSuite(), supportsInsecureClientRenegotiation(), vulnerableToRenegotiationAttackExtension(false, true), vulnerableToRenegotiationAttackExtension(true, false), vulnerableToRenegotiationAttackCipherSuite(false, true), vulnerableToRenegotiationAttackCipherSuite(true, false), this.supportsDtlsCookieExchangeInRenegotiation);
    }

    private TestResult vulnerableToRenegotiationAttackExtension(boolean z, boolean z2) {
        Config baseConfig = getBaseConfig();
        baseConfig.setAddRenegotiationInfoExtension(Boolean.valueOf(z));
        WorkflowTrace createWorkflowTrace = new WorkflowConfigurationFactory(baseConfig).createWorkflowTrace(WorkflowTraceType.DYNAMIC_HANDSHAKE, baseConfig.getDefaultRunningMode());
        createWorkflowTrace.addTlsAction(new RenegotiationAction(true));
        createWorkflowTrace.addTlsAction(new FlushSessionCacheAction());
        baseConfig.setAddRenegotiationInfoExtension(Boolean.valueOf(z2));
        baseConfig.setDtlsCookieExchange(Boolean.valueOf(this.supportsDtlsCookieExchangeInRenegotiation == TestResults.TRUE));
        createWorkflowTrace.addTlsActions(new WorkflowConfigurationFactory(baseConfig).createWorkflowTrace(WorkflowTraceType.DYNAMIC_HANDSHAKE, baseConfig.getDefaultRunningMode()).getTlsActions());
        State state = new State(baseConfig, createWorkflowTrace);
        executeState(new State[]{state});
        return !WorkflowTraceUtil.didReceiveMessage(HandshakeMessageType.SERVER_HELLO, createWorkflowTrace) ? TestResults.COULD_NOT_TEST : state.getWorkflowTrace().executedAsPlanned() ? TestResults.TRUE : TestResults.FALSE;
    }

    private TestResult vulnerableToRenegotiationAttackCipherSuite(boolean z, boolean z2) {
        Config baseConfig = getBaseConfig();
        baseConfig.setAddRenegotiationInfoExtension(Boolean.valueOf(z));
        WorkflowTrace createWorkflowTrace = new WorkflowConfigurationFactory(baseConfig).createWorkflowTrace(WorkflowTraceType.DYNAMIC_HANDSHAKE, baseConfig.getDefaultRunningMode());
        if (z) {
            addRenegotiationCipherSuiteToClientHello(baseConfig, createWorkflowTrace);
        }
        createWorkflowTrace.addTlsAction(new RenegotiationAction(true));
        createWorkflowTrace.addTlsAction(new FlushSessionCacheAction());
        baseConfig.setAddRenegotiationInfoExtension(Boolean.valueOf(z2));
        baseConfig.setDtlsCookieExchange(Boolean.valueOf(this.supportsDtlsCookieExchangeInRenegotiation == TestResults.TRUE));
        WorkflowTrace createWorkflowTrace2 = new WorkflowConfigurationFactory(baseConfig).createWorkflowTrace(WorkflowTraceType.DYNAMIC_HANDSHAKE, baseConfig.getDefaultRunningMode());
        if (z2) {
            addRenegotiationCipherSuiteToClientHello(baseConfig, createWorkflowTrace2);
        }
        createWorkflowTrace.addTlsActions(createWorkflowTrace2.getTlsActions());
        State state = new State(baseConfig, createWorkflowTrace);
        executeState(new State[]{state});
        return !WorkflowTraceUtil.didReceiveMessage(HandshakeMessageType.SERVER_HELLO, createWorkflowTrace) ? TestResults.COULD_NOT_TEST : state.getWorkflowTrace().executedAsPlanned() ? TestResults.TRUE : TestResults.FALSE;
    }

    private void addRenegotiationCipherSuiteToClientHello(Config config, WorkflowTrace workflowTrace) {
        for (SendingAction sendingAction : WorkflowTraceUtil.getSendingActionsForMessage(HandshakeMessageType.CLIENT_HELLO, workflowTrace)) {
            sendingAction.getSendMessages().clear();
            ClientHelloMessage clientHelloMessage = new ClientHelloMessage(config);
            clientHelloMessage.setCipherSuites(Modifiable.insert(CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV.getByteValue(), 0));
            sendingAction.getSendMessages().add(clientHelloMessage);
        }
    }

    private TestResult supportsSecureClientRenegotiationExtension() {
        Config baseConfig = getBaseConfig();
        baseConfig.setAddRenegotiationInfoExtension(true);
        State state = new State(baseConfig);
        if (baseConfig.getHighestProtocolVersion().isDTLS()) {
            state = new State(baseConfig, getDtlsRenegotiationTrace(baseConfig, this.supportsDtlsCookieExchangeInRenegotiation == TestResults.TRUE));
        }
        executeState(new State[]{state});
        return !WorkflowTraceUtil.didReceiveMessage(HandshakeMessageType.SERVER_HELLO, state.getWorkflowTrace()) ? TestResults.COULD_NOT_TEST : state.getWorkflowTrace().executedAsPlanned() ? TestResults.TRUE : TestResults.FALSE;
    }

    private TestResult supportsSecureClientRenegotiationCipherSuite() {
        Config baseConfig = getBaseConfig();
        baseConfig.setAddRenegotiationInfoExtension(false);
        baseConfig.getDefaultClientSupportedCipherSuites().add(CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV);
        State state = new State(baseConfig);
        if (baseConfig.getHighestProtocolVersion().isDTLS()) {
            state = new State(baseConfig, getDtlsRenegotiationTrace(baseConfig, this.supportsDtlsCookieExchangeInRenegotiation == TestResults.TRUE));
        }
        executeState(new State[]{state});
        return !WorkflowTraceUtil.didReceiveMessage(HandshakeMessageType.SERVER_HELLO, state.getWorkflowTrace()) ? TestResults.COULD_NOT_TEST : state.getWorkflowTrace().executedAsPlanned() ? TestResults.TRUE : TestResults.FALSE;
    }

    private TestResult supportsInsecureClientRenegotiation() {
        Config baseConfig = getBaseConfig();
        baseConfig.setAddRenegotiationInfoExtension(false);
        State state = new State(baseConfig);
        if (baseConfig.getHighestProtocolVersion().isDTLS()) {
            state = new State(baseConfig, getDtlsRenegotiationTrace(baseConfig, this.supportsDtlsCookieExchangeInRenegotiation == TestResults.TRUE));
        }
        executeState(new State[]{state});
        return !WorkflowTraceUtil.didReceiveMessage(HandshakeMessageType.SERVER_HELLO, state.getWorkflowTrace()) ? TestResults.COULD_NOT_TEST : state.getWorkflowTrace().executedAsPlanned() ? TestResults.TRUE : TestResults.FALSE;
    }

    private WorkflowTrace getDtlsRenegotiationTrace(Config config, boolean z) {
        WorkflowTrace createWorkflowTrace = new WorkflowConfigurationFactory(config).createWorkflowTrace(WorkflowTraceType.DYNAMIC_HANDSHAKE, config.getDefaultRunningMode());
        createWorkflowTrace.addTlsAction(new RenegotiationAction());
        createWorkflowTrace.addTlsAction(new FlushSessionCacheAction());
        config.setDtlsCookieExchange(Boolean.valueOf(z));
        createWorkflowTrace.addTlsActions(new WorkflowConfigurationFactory(config).createWorkflowTrace(WorkflowTraceType.DYNAMIC_HANDSHAKE, config.getDefaultRunningMode()).getTlsActions());
        return createWorkflowTrace;
    }

    private TestResult supportsDtlsCookieExchangeInRenegotiation() {
        Config baseConfig = getBaseConfig();
        baseConfig.setAddRenegotiationInfoExtension(true);
        WorkflowTrace createWorkflowTrace = new WorkflowConfigurationFactory(baseConfig).createWorkflowTrace(WorkflowTraceType.DYNAMIC_HANDSHAKE, baseConfig.getDefaultRunningMode());
        createWorkflowTrace.addTlsAction(new RenegotiationAction());
        createWorkflowTrace.addTlsAction(new FlushSessionCacheAction());
        createWorkflowTrace.addTlsAction(new SendAction(new ProtocolMessage[]{new ClientHelloMessage(baseConfig)}));
        createWorkflowTrace.addTlsAction(new ReceiveTillAction(new ServerHelloDoneMessage()));
        State state = new State(baseConfig, createWorkflowTrace);
        executeState(new State[]{state});
        return !WorkflowTraceUtil.didReceiveMessage(HandshakeMessageType.SERVER_HELLO, state.getWorkflowTrace()) ? TestResults.COULD_NOT_TEST : state.getWorkflowTrace().executedAsPlanned() ? TestResults.FALSE : TestResults.TRUE;
    }

    public boolean canBeExecuted(ServerReport serverReport) {
        return (serverReport.getCipherSuites() == null || serverReport.getCipherSuites().isEmpty() || supportsOnlyTls13(serverReport)) ? false : true;
    }

    public void adjustConfig(ServerReport serverReport) {
        this.supportedSuites = serverReport.getCipherSuites();
        this.supportedSuites.remove(CipherSuite.TLS_FALLBACK_SCSV);
        this.supportedSuites.remove(CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV);
    }

    /* renamed from: getCouldNotExecuteResult, reason: merged with bridge method [inline-methods] */
    public RenegotiationResult m119getCouldNotExecuteResult() {
        return new RenegotiationResult(TestResults.COULD_NOT_TEST, TestResults.COULD_NOT_TEST, TestResults.COULD_NOT_TEST, TestResults.COULD_NOT_TEST, TestResults.COULD_NOT_TEST, TestResults.COULD_NOT_TEST, TestResults.COULD_NOT_TEST, TestResults.COULD_NOT_TEST);
    }

    private boolean supportsOnlyTls13(ServerReport serverReport) {
        return (serverReport.getResult(TlsAnalyzedProperty.SUPPORTS_TLS_1_0) == TestResults.TRUE || serverReport.getResult(TlsAnalyzedProperty.SUPPORTS_TLS_1_1) == TestResults.TRUE || serverReport.getResult(TlsAnalyzedProperty.SUPPORTS_TLS_1_2) == TestResults.TRUE || serverReport.getResult(TlsAnalyzedProperty.SUPPORTS_DTLS_1_0) == TestResults.TRUE || serverReport.getResult(TlsAnalyzedProperty.SUPPORTS_DTLS_1_2) == TestResults.TRUE) ? false : true;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private Config getBaseConfig() {
        Config baseConfig = ((ConfigSelector) this.configSelector).getBaseConfig();
        baseConfig.setDefaultClientSupportedCipherSuites(new ArrayList(this.supportedSuites));
        baseConfig.setWorkflowTraceType(WorkflowTraceType.DYNAMIC_CLIENT_RENEGOTIATION_WITHOUT_RESUMPTION);
        ((ConfigSelector) this.configSelector).repairConfig(baseConfig);
        return baseConfig;
    }
}
