package de.rub.nds.tlsscanner.serverscanner.probe;

import de.rub.nds.asn1.model.Asn1EncapsulatingOctetString;
import de.rub.nds.asn1.model.Asn1Field;
import de.rub.nds.asn1.model.Asn1PrimitiveOctetString;
import de.rub.nds.asn1.model.Asn1Sequence;
import de.rub.nds.scanner.core.constants.TestResults;
import de.rub.nds.tlsattacker.core.certificate.ocsp.CertificateInformationExtractor;
import de.rub.nds.tlsattacker.core.certificate.transparency.SignedCertificateTimestamp;
import de.rub.nds.tlsattacker.core.certificate.transparency.SignedCertificateTimestampList;
import de.rub.nds.tlsattacker.core.certificate.transparency.SignedCertificateTimestampListParser;
import de.rub.nds.tlsattacker.core.certificate.transparency.logs.CtLog;
import de.rub.nds.tlsattacker.core.certificate.transparency.logs.CtLogList;
import de.rub.nds.tlsattacker.core.certificate.transparency.logs.CtLogListLoader;
import de.rub.nds.tlsattacker.core.config.Config;
import de.rub.nds.tlsattacker.core.protocol.message.extension.SignedCertificateTimestampExtensionMessage;
import de.rub.nds.tlsattacker.core.state.State;
import de.rub.nds.tlsattacker.core.workflow.ParallelExecutor;
import de.rub.nds.tlsattacker.core.workflow.factory.WorkflowTraceType;
import de.rub.nds.tlsscanner.core.constants.TlsProbeType;
import de.rub.nds.tlsscanner.serverscanner.probe.result.CertificateTransparencyResult;
import de.rub.nds.tlsscanner.serverscanner.report.ServerReport;
import de.rub.nds.tlsscanner.serverscanner.selector.ConfigSelector;
import java.time.Duration;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.bouncycastle.crypto.tls.Certificate;

/* loaded from: input_file:de/rub/nds/tlsscanner/serverscanner/probe/CertificateTransparencyProbe.class */
public class CertificateTransparencyProbe extends TlsServerProbe<ConfigSelector, ServerReport, CertificateTransparencyResult> {
    private Certificate serverCertChain;
    private boolean supportsPrecertificateSCTs;
    private boolean supportsHandshakeSCTs;
    private boolean supportsOcspSCTs;
    private boolean meetsChromeCTPolicy;
    private SignedCertificateTimestampList precertificateSctList;
    private SignedCertificateTimestampList handshakeSctList;
    private SignedCertificateTimestampList ocspSctList;

    public CertificateTransparencyProbe(ConfigSelector configSelector, ParallelExecutor parallelExecutor) {
        super(parallelExecutor, TlsProbeType.CERTIFICATE_TRANSPARENCY, configSelector);
        this.meetsChromeCTPolicy = false;
    }

    /* renamed from: executeTest, reason: merged with bridge method [inline-methods] */
    public CertificateTransparencyResult m44executeTest() {
        getPrecertificateSCTs();
        getTlsHandshakeSCTs();
        evaluateChromeCtPolicy();
        return new CertificateTransparencyResult(this.supportsPrecertificateSCTs ? TestResults.TRUE : TestResults.FALSE, this.supportsHandshakeSCTs ? TestResults.TRUE : TestResults.FALSE, this.supportsOcspSCTs ? TestResults.TRUE : TestResults.FALSE, this.meetsChromeCTPolicy ? TestResults.TRUE : TestResults.FALSE, this.precertificateSctList, this.handshakeSctList, this.ocspSctList);
    }

    private void getPrecertificateSCTs() {
        this.supportsPrecertificateSCTs = false;
        Asn1Sequence precertificateSCTs = new CertificateInformationExtractor(this.serverCertChain.getCertificateAt(0)).getPrecertificateSCTs();
        if (precertificateSCTs != null) {
            this.supportsPrecertificateSCTs = true;
            byte[] bArr = null;
            Asn1PrimitiveOctetString asn1PrimitiveOctetString = (Asn1Field) ((Asn1EncapsulatingOctetString) precertificateSCTs.getChildren().get(1)).getChildren().get(0);
            if (asn1PrimitiveOctetString instanceof Asn1PrimitiveOctetString) {
                bArr = asn1PrimitiveOctetString.getValue();
            } else if (asn1PrimitiveOctetString instanceof Asn1EncapsulatingOctetString) {
                bArr = ((Asn1EncapsulatingOctetString) asn1PrimitiveOctetString).getContent().getOriginalValue();
            }
            this.precertificateSctList = new SignedCertificateTimestampListParser(0, bArr, this.serverCertChain, true).parse();
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void getTlsHandshakeSCTs() {
        this.supportsHandshakeSCTs = false;
        Config anyWorkingBaseConfig = ((ConfigSelector) this.configSelector).getAnyWorkingBaseConfig();
        anyWorkingBaseConfig.setWorkflowTraceType(WorkflowTraceType.DYNAMIC_HELLO);
        anyWorkingBaseConfig.setAddSignedCertificateTimestampExtension(true);
        State state = new State(anyWorkingBaseConfig);
        executeState(new State[]{state});
        SignedCertificateTimestampExtensionMessage negotiatedExtension = getNegotiatedExtension(state.getWorkflowTrace(), SignedCertificateTimestampExtensionMessage.class);
        if (negotiatedExtension != null) {
            this.handshakeSctList = new SignedCertificateTimestampListParser(0, negotiatedExtension.getSignedTimestamp().getOriginalValue(), this.serverCertChain, false).parse();
            this.supportsHandshakeSCTs = true;
        }
    }

    private void evaluateChromeCtPolicy() {
        boolean z;
        if (!this.supportsPrecertificateSCTs) {
            ArrayList arrayList = new ArrayList();
            if (this.supportsHandshakeSCTs) {
                arrayList.addAll(this.handshakeSctList.getCertificateTimestampList());
            }
            if (this.supportsOcspSCTs) {
                arrayList.addAll(this.ocspSctList.getCertificateTimestampList());
            }
            this.meetsChromeCTPolicy = hasGoogleAndNonGoogleScts(arrayList);
            return;
        }
        if (this.precertificateSctList != null) {
            Duration between = Duration.between(this.serverCertChain.getCertificateAt(0).getStartDate().getDate().toInstant(), this.serverCertChain.getCertificateAt(0).getEndDate().getDate().toInstant());
            if (between.minusDays(450L).isNegative()) {
                z = this.precertificateSctList.getCertificateTimestampList().size() >= 2;
            } else if (between.minusDays(810L).isNegative()) {
                z = this.precertificateSctList.getCertificateTimestampList().size() >= 3;
            } else if (between.minusDays(1170L).isNegative()) {
                z = this.precertificateSctList.getCertificateTimestampList().size() >= 4;
            } else {
                z = this.precertificateSctList.getCertificateTimestampList().size() >= 5;
            }
            this.meetsChromeCTPolicy = hasGoogleAndNonGoogleScts(this.precertificateSctList.getCertificateTimestampList()) && z;
        }
    }

    private boolean hasGoogleAndNonGoogleScts(List<SignedCertificateTimestamp> list) {
        CtLogList loadLogList = CtLogListLoader.loadLogList();
        boolean z = false;
        boolean z2 = false;
        Iterator<SignedCertificateTimestamp> it = list.iterator();
        while (it.hasNext()) {
            CtLog ctLog = loadLogList.getCtLog(it.next().getLogId());
            if (ctLog != null) {
                if ("Google".equals(ctLog.getOperator())) {
                    z = true;
                } else {
                    z2 = true;
                }
            }
        }
        return z && z2;
    }

    public boolean canBeExecuted(ServerReport serverReport) {
        return serverReport.isProbeAlreadyExecuted(TlsProbeType.CERTIFICATE) && serverReport.getCertificateChainList() != null && serverReport.isProbeAlreadyExecuted(TlsProbeType.OCSP);
    }

    /* renamed from: getCouldNotExecuteResult, reason: merged with bridge method [inline-methods] */
    public CertificateTransparencyResult m43getCouldNotExecuteResult() {
        return new CertificateTransparencyResult(TestResults.ERROR_DURING_TEST, TestResults.ERROR_DURING_TEST, TestResults.ERROR_DURING_TEST, TestResults.ERROR_DURING_TEST, new SignedCertificateTimestampList(), new SignedCertificateTimestampList(), new SignedCertificateTimestampList());
    }

    public void adjustConfig(ServerReport serverReport) {
        this.serverCertChain = serverReport.getCertificateChainList().get(0).getCertificate();
    }
}
