package de.rub.nds.tlsscanner.serverscanner.probe;

import de.rub.nds.scanner.core.constants.ScannerDetail;
import de.rub.nds.scanner.core.constants.TestResult;
import de.rub.nds.scanner.core.constants.TestResults;
import de.rub.nds.tlsattacker.core.config.Config;
import de.rub.nds.tlsattacker.core.constants.AlgorithmResolver;
import de.rub.nds.tlsattacker.core.constants.CertificateKeyType;
import de.rub.nds.tlsattacker.core.constants.CipherSuite;
import de.rub.nds.tlsattacker.core.constants.ECPointFormat;
import de.rub.nds.tlsattacker.core.constants.KeyExchangeAlgorithm;
import de.rub.nds.tlsattacker.core.constants.NamedGroup;
import de.rub.nds.tlsattacker.core.constants.ProtocolVersion;
import de.rub.nds.tlsattacker.core.constants.PskKeyExchangeMode;
import de.rub.nds.tlsattacker.core.crypto.ec.CurveFactory;
import de.rub.nds.tlsattacker.core.crypto.ec.EllipticCurveOverFp;
import de.rub.nds.tlsattacker.core.crypto.ec.Point;
import de.rub.nds.tlsattacker.core.state.State;
import de.rub.nds.tlsattacker.core.workflow.ParallelExecutor;
import de.rub.nds.tlsattacker.core.workflow.factory.WorkflowTraceType;
import de.rub.nds.tlsscanner.core.constants.TlsAnalyzedProperty;
import de.rub.nds.tlsscanner.core.constants.TlsProbeType;
import de.rub.nds.tlsscanner.core.probe.result.VersionSuiteListPair;
import de.rub.nds.tlsscanner.core.vector.statistics.DistributionTest;
import de.rub.nds.tlsscanner.serverscanner.leak.InvalidCurveTestInfo;
import de.rub.nds.tlsscanner.serverscanner.probe.invalidcurve.InvalidCurveAttacker;
import de.rub.nds.tlsscanner.serverscanner.probe.invalidcurve.InvalidCurveResponse;
import de.rub.nds.tlsscanner.serverscanner.probe.invalidcurve.constants.InvalidCurveScanType;
import de.rub.nds.tlsscanner.serverscanner.probe.invalidcurve.point.InvalidCurvePoint;
import de.rub.nds.tlsscanner.serverscanner.probe.invalidcurve.point.TwistedCurvePoint;
import de.rub.nds.tlsscanner.serverscanner.probe.invalidcurve.vector.InvalidCurveVector;
import de.rub.nds.tlsscanner.serverscanner.probe.namedgroup.NamedGroupWitness;
import de.rub.nds.tlsscanner.serverscanner.probe.result.InvalidCurveResult;
import de.rub.nds.tlsscanner.serverscanner.report.ServerReport;
import de.rub.nds.tlsscanner.serverscanner.selector.ConfigSelector;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;

/* loaded from: input_file:de/rub/nds/tlsscanner/serverscanner/probe/InvalidCurveProbe.class */
public class InvalidCurveProbe extends TlsServerProbe<ConfigSelector, ServerReport, InvalidCurveResult> {
    private static final int CURVE_TWIST_MAX_ORDER = 23;
    private final ScannerDetail scanDetail;
    private boolean supportsRenegotiation;
    private TestResult supportsSecureRenegotiation;
    private TestResult issuesTls13SessionTickets;
    private TestResult supportsTls13PskDhe;
    private List<ProtocolVersion> supportedProtocolVersions;
    private List<NamedGroup> supportedFpGroups;
    private List<NamedGroup> supportedTls13FpGroups;
    private HashMap<ProtocolVersion, List<CipherSuite>> supportedECDHCipherSuites;
    private List<ECPointFormat> fpPointFormatsToTest;
    private List<ECPointFormat> tls13FpPointFormatsToTest;
    private Map<NamedGroup, NamedGroupWitness> namedCurveWitnesses;
    private Map<NamedGroup, NamedGroupWitness> namedCurveWitnessesTls13;

    public InvalidCurveProbe(ConfigSelector configSelector, ParallelExecutor parallelExecutor) {
        super(parallelExecutor, TlsProbeType.INVALID_CURVE, configSelector);
        this.scanDetail = configSelector.getScannerConfig().getScanDetail();
    }

    /* renamed from: executeTest, reason: merged with bridge method [inline-methods] */
    public InvalidCurveResult m100executeTest() {
        List<InvalidCurveVector> prepareVectors = prepareVectors();
        LinkedList linkedList = new LinkedList();
        for (InvalidCurveVector invalidCurveVector : prepareVectors) {
            if (benignHandshakeSuccessful(invalidCurveVector)) {
                InvalidCurveResponse executeSingleScan = executeSingleScan(invalidCurveVector, InvalidCurveScanType.REGULAR);
                if (executeSingleScan.getVectorResponses().size() > 0) {
                    DistributionTest distributionTest = new DistributionTest(new InvalidCurveTestInfo(invalidCurveVector), executeSingleScan.getVectorResponses(), getInfinityProbability(invalidCurveVector, InvalidCurveScanType.REGULAR));
                    if (distributionTest.isDistinctAnswers() && executeSingleScan.getShowsPointsAreNotValidated() != TestResults.TRUE) {
                        testForSidechannel(distributionTest, invalidCurveVector, executeSingleScan);
                    }
                }
                linkedList.add(executeSingleScan);
            }
        }
        return evaluateResponses(linkedList);
    }

    public boolean canBeExecuted(ServerReport serverReport) {
        if (serverReport.getResult(TlsAnalyzedProperty.SUPPORTS_CLIENT_SIDE_SECURE_RENEGOTIATION_EXTENSION) != TestResults.NOT_TESTED_YET && serverReport.getResult(TlsAnalyzedProperty.SUPPORTS_CLIENT_SIDE_INSECURE_RENEGOTIATION) != TestResults.NOT_TESTED_YET && serverReport.isProbeAlreadyExecuted(TlsProbeType.PROTOCOL_VERSION) && serverReport.isProbeAlreadyExecuted(TlsProbeType.CIPHER_SUITE) && serverReport.isProbeAlreadyExecuted(TlsProbeType.NAMED_GROUPS) && serverReport.isProbeAlreadyExecuted(TlsProbeType.RESUMPTION)) {
            return serverReport.getResult(TlsAnalyzedProperty.SUPPORTS_ECDHE) == TestResults.TRUE || serverReport.getResult(TlsAnalyzedProperty.SUPPORTS_STATIC_ECDH) == TestResults.TRUE || serverReport.getResult(TlsAnalyzedProperty.SUPPORTS_TLS_1_3) == TestResults.TRUE;
        }
        return false;
    }

    public void adjustConfig(ServerReport serverReport) {
        this.supportsRenegotiation = serverReport.getResult(TlsAnalyzedProperty.SUPPORTS_CLIENT_SIDE_SECURE_RENEGOTIATION_EXTENSION) == TestResults.TRUE || serverReport.getResult(TlsAnalyzedProperty.SUPPORTS_CLIENT_SIDE_INSECURE_RENEGOTIATION) == TestResults.TRUE;
        this.supportsSecureRenegotiation = serverReport.getResult(TlsAnalyzedProperty.SUPPORTS_CLIENT_SIDE_SECURE_RENEGOTIATION_EXTENSION);
        this.issuesTls13SessionTickets = serverReport.getResult(TlsAnalyzedProperty.SUPPORTS_TLS13_SESSION_TICKETS);
        this.supportsTls13PskDhe = serverReport.getResult(TlsAnalyzedProperty.SUPPORTS_TLS13_PSK_DHE);
        this.supportedFpGroups = new LinkedList();
        if (serverReport.getSupportedNamedGroups() != null) {
            for (NamedGroup namedGroup : serverReport.getSupportedNamedGroups()) {
                if (NamedGroup.getImplemented().contains(namedGroup) && namedGroup.isCurve() && (CurveFactory.getCurve(namedGroup) instanceof EllipticCurveOverFp)) {
                    this.supportedFpGroups.add(namedGroup);
                }
            }
        } else {
            LOGGER.warn("Supported Named Groups list has not been initialized");
        }
        HashMap<ProtocolVersion, List<CipherSuite>> hashMap = new HashMap<>();
        if (serverReport.getVersionSuitePairs() != null) {
            for (VersionSuiteListPair versionSuiteListPair : serverReport.getVersionSuitePairs()) {
                if (!hashMap.containsKey(versionSuiteListPair.getVersion())) {
                    hashMap.put(versionSuiteListPair.getVersion(), new LinkedList());
                }
                for (CipherSuite cipherSuite : versionSuiteListPair.getCipherSuiteList()) {
                    if (cipherSuite.name().contains("TLS_ECDH")) {
                        hashMap.get(versionSuiteListPair.getVersion()).add(cipherSuite);
                    }
                }
            }
        } else {
            LOGGER.warn("Supported CipherSuites list has not been initialized");
        }
        LinkedList linkedList = new LinkedList();
        linkedList.add(ECPointFormat.UNCOMPRESSED);
        if (serverReport.getResult(TlsAnalyzedProperty.SUPPORTS_UNCOMPRESSED_POINT) != TestResults.TRUE) {
            LOGGER.warn("Server did not list uncompressed points as supported");
        }
        if (serverReport.getResult(TlsAnalyzedProperty.SUPPORTS_ANSIX962_COMPRESSED_PRIME) == TestResults.TRUE || this.scanDetail == ScannerDetail.ALL) {
            linkedList.add(ECPointFormat.ANSIX962_COMPRESSED_PRIME);
        }
        LinkedList linkedList2 = new LinkedList();
        if (serverReport.getResult(TlsAnalyzedProperty.SUPPORTS_TLS_1_0) == TestResults.TRUE) {
            linkedList2.add(ProtocolVersion.TLS10);
        }
        if (serverReport.getResult(TlsAnalyzedProperty.SUPPORTS_TLS_1_1) == TestResults.TRUE) {
            linkedList2.add(ProtocolVersion.TLS11);
        }
        if (serverReport.getResult(TlsAnalyzedProperty.SUPPORTS_TLS_1_2) == TestResults.TRUE) {
            linkedList2.add(ProtocolVersion.TLS12);
        }
        if (serverReport.getResult(TlsAnalyzedProperty.SUPPORTS_DTLS_1_0) == TestResults.TRUE) {
            linkedList2.add(ProtocolVersion.DTLS10);
        }
        if (serverReport.getResult(TlsAnalyzedProperty.SUPPORTS_DTLS_1_2) == TestResults.TRUE) {
            linkedList2.add(ProtocolVersion.DTLS12);
        }
        this.supportedTls13FpGroups = new LinkedList();
        if (serverReport.getResult(TlsAnalyzedProperty.SUPPORTS_TLS_1_3) == TestResults.TRUE) {
            linkedList2.add(ProtocolVersion.TLS13);
            for (NamedGroup namedGroup2 : serverReport.getSupportedTls13Groups()) {
                if (NamedGroup.getImplemented().contains(namedGroup2) && namedGroup2.isCurve() && (CurveFactory.getCurve(namedGroup2) instanceof EllipticCurveOverFp)) {
                    this.supportedTls13FpGroups.add(namedGroup2);
                }
            }
            LinkedList linkedList3 = new LinkedList();
            for (VersionSuiteListPair versionSuiteListPair2 : serverReport.getVersionSuitePairs()) {
                if (versionSuiteListPair2.getVersion().isTLS13()) {
                    for (CipherSuite cipherSuite2 : versionSuiteListPair2.getCipherSuiteList()) {
                        if (cipherSuite2.isImplemented()) {
                            linkedList3.add(cipherSuite2);
                        }
                    }
                }
            }
            LinkedList linkedList4 = new LinkedList();
            linkedList4.add(ECPointFormat.UNCOMPRESSED);
            if (serverReport.getResult(TlsAnalyzedProperty.SUPPORTS_TLS13_SECP_COMPRESSION) == TestResults.TRUE) {
                linkedList4.add(ECPointFormat.ANSIX962_COMPRESSED_PRIME);
            }
            hashMap.put(ProtocolVersion.TLS13, linkedList3);
            this.tls13FpPointFormatsToTest = linkedList4;
        }
        if (hashMap.keySet().size() > linkedList2.size()) {
            for (ProtocolVersion protocolVersion : hashMap.keySet()) {
                if (!linkedList2.contains(protocolVersion)) {
                    linkedList2.add(protocolVersion);
                }
            }
        }
        this.fpPointFormatsToTest = linkedList;
        this.supportedProtocolVersions = linkedList2;
        this.supportedECDHCipherSuites = hashMap;
        this.namedCurveWitnesses = serverReport.getSupportedNamedGroupsWitnesses();
        this.namedCurveWitnessesTls13 = serverReport.getSupportedNamedGroupsWitnessesTls13();
    }

    /* renamed from: getCouldNotExecuteResult, reason: merged with bridge method [inline-methods] */
    public InvalidCurveResult m99getCouldNotExecuteResult() {
        return new InvalidCurveResult(TestResults.COULD_NOT_TEST, TestResults.COULD_NOT_TEST, TestResults.COULD_NOT_TEST, null);
    }

    private List<InvalidCurveVector> prepareVectors() {
        List<NamedGroup> list;
        List<ECPointFormat> list2;
        LinkedList linkedList = new LinkedList();
        List<ProtocolVersion> pickProtocolVersions = pickProtocolVersions();
        for (ProtocolVersion protocolVersion : this.supportedProtocolVersions) {
            if (protocolVersion == ProtocolVersion.TLS13) {
                list = this.supportedTls13FpGroups;
                list2 = this.tls13FpPointFormatsToTest;
            } else {
                list = this.supportedFpGroups;
                list2 = this.fpPointFormatsToTest;
            }
            for (NamedGroup namedGroup : list) {
                for (ECPointFormat eCPointFormat : list2) {
                    if (this.supportedECDHCipherSuites.get(protocolVersion) == null) {
                        LOGGER.warn("Protocol Version " + protocolVersion + " had no entry in CipherSuite map - omitting from InvalidCurve scan");
                    } else if (this.scanDetail == ScannerDetail.ALL) {
                        for (CipherSuite cipherSuite : this.supportedECDHCipherSuites.get(protocolVersion)) {
                            if (legitInvalidCurveVector(namedGroup, eCPointFormat) && groupQualifiedForCipherSuite(namedGroup, cipherSuite)) {
                                linkedList.add(new InvalidCurveVector(protocolVersion, cipherSuite, namedGroup, eCPointFormat, false, false, getRequiredGroups(namedGroup, cipherSuite)));
                            }
                            if (legitTwistVector(namedGroup, eCPointFormat) && groupQualifiedForCipherSuite(namedGroup, cipherSuite)) {
                                linkedList.add(new InvalidCurveVector(protocolVersion, cipherSuite, namedGroup, eCPointFormat, true, false, getRequiredGroups(namedGroup, cipherSuite)));
                            }
                        }
                    } else {
                        HashMap<ProtocolVersion, List<CipherSuite>> filterCipherSuites = filterCipherSuites(namedGroup);
                        if (pickProtocolVersions.contains(protocolVersion) || this.scanDetail.isGreaterEqualTo(ScannerDetail.DETAILED)) {
                            for (CipherSuite cipherSuite2 : filterCipherSuites.get(protocolVersion)) {
                                if (legitInvalidCurveVector(namedGroup, eCPointFormat)) {
                                    linkedList.add(new InvalidCurveVector(protocolVersion, cipherSuite2, namedGroup, eCPointFormat, false, false, getRequiredGroups(namedGroup, cipherSuite2)));
                                }
                                if (legitTwistVector(namedGroup, eCPointFormat) && TwistedCurvePoint.isTwistVulnerable(namedGroup) && TwistedCurvePoint.smallOrder(namedGroup).getOrder().intValue() <= CURVE_TWIST_MAX_ORDER) {
                                    linkedList.add(new InvalidCurveVector(protocolVersion, cipherSuite2, namedGroup, eCPointFormat, true, false, getRequiredGroups(namedGroup, cipherSuite2)));
                                }
                            }
                        }
                    }
                }
            }
        }
        if (this.scanDetail.isGreaterEqualTo(ScannerDetail.DETAILED)) {
            ProtocolVersion pickRenegotiationVersion = pickRenegotiationVersion();
            int size = linkedList.size();
            if (this.scanDetail == ScannerDetail.ALL) {
                for (int i = 0; i < size; i++) {
                    InvalidCurveVector invalidCurveVector = (InvalidCurveVector) linkedList.get(i);
                    if ((invalidCurveVector.getProtocolVersion() == ProtocolVersion.TLS13 && this.issuesTls13SessionTickets == TestResults.TRUE && this.supportsTls13PskDhe == TestResults.TRUE) || this.supportsRenegotiation) {
                        linkedList.add(new InvalidCurveVector(invalidCurveVector.getProtocolVersion(), invalidCurveVector.getCipherSuite(), invalidCurveVector.getNamedGroup(), invalidCurveVector.getPointFormat(), invalidCurveVector.isTwistAttack(), true, invalidCurveVector.getEcdsaRequiredGroups()));
                    }
                }
            } else if (pickRenegotiationVersion != null) {
                for (int i2 = 0; i2 < size; i2++) {
                    InvalidCurveVector invalidCurveVector2 = (InvalidCurveVector) linkedList.get(i2);
                    if (invalidCurveVector2.getProtocolVersion() == pickRenegotiationVersion) {
                        linkedList.add(new InvalidCurveVector(invalidCurveVector2.getProtocolVersion(), invalidCurveVector2.getCipherSuite(), invalidCurveVector2.getNamedGroup(), invalidCurveVector2.getPointFormat(), invalidCurveVector2.isTwistAttack(), true, invalidCurveVector2.getEcdsaRequiredGroups()));
                    }
                }
            }
        }
        return linkedList;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private InvalidCurveResponse executeSingleScan(InvalidCurveVector invalidCurveVector, InvalidCurveScanType invalidCurveScanType) {
        TestResults testResults;
        LOGGER.debug("Executing Invalid Curve scan for " + invalidCurveVector.toString());
        try {
            InvalidCurveAttacker invalidCurveAttacker = new InvalidCurveAttacker(invalidCurveVector.getProtocolVersion().isTLS13() ? ((ConfigSelector) this.configSelector).getTls13BaseConfig() : ((ConfigSelector) this.configSelector).getBaseConfig(), getParallelExecutor(), invalidCurveVector, invalidCurveScanType, getInfinityProbability(invalidCurveVector, invalidCurveScanType));
            Boolean isVulnerable = invalidCurveAttacker.isVulnerable();
            TestResults testResults2 = TestResults.NOT_TESTED_YET;
            if (isVulnerable == null) {
                LOGGER.warn("Was unable to determine if points are validated for " + invalidCurveVector.toString());
                testResults = TestResults.ERROR_DURING_TEST;
            } else {
                testResults = isVulnerable.booleanValue() ? TestResults.TRUE : TestResults.FALSE;
            }
            return new InvalidCurveResponse(invalidCurveVector, invalidCurveAttacker.getResponsePairs(), testResults, invalidCurveAttacker.getReceivedEcPublicKeys(), invalidCurveAttacker.getFinishedKeys(), invalidCurveAttacker.isDirtyKeysWarning() ? TestResults.TRUE : TestResults.FALSE, invalidCurveScanType);
        } catch (Exception e) {
            if (e.getCause() instanceof InterruptedException) {
                LOGGER.error("Timeout on " + getProbeName());
                throw new RuntimeException(e);
            }
            LOGGER.warn("Was unable to get results for " + invalidCurveVector.toString() + " Message: " + e.getMessage());
            return new InvalidCurveResponse(invalidCurveVector, TestResults.ERROR_DURING_TEST);
        }
    }

    private InvalidCurveResult evaluateResponses(List<InvalidCurveResponse> list) {
        TestResults testResults = TestResults.FALSE;
        TestResults testResults2 = TestResults.FALSE;
        TestResults testResults3 = TestResults.FALSE;
        evaluateKeyBehavior(list);
        for (InvalidCurveResponse invalidCurveResponse : list) {
            if (invalidCurveResponse.getShowsPointsAreNotValidated() != TestResults.TRUE || invalidCurveResponse.getChosenGroupReusesKey() != TestResults.TRUE) {
                invalidCurveResponse.setShowsVulnerability(TestResults.FALSE);
            } else if (invalidCurveResponse.getVector().isTwistAttack() && TwistedCurvePoint.isTwistVulnerable(invalidCurveResponse.getVector().getNamedGroup())) {
                invalidCurveResponse.setShowsVulnerability(TestResults.TRUE);
                testResults3 = TestResults.TRUE;
            } else if (!invalidCurveResponse.getVector().isTwistAttack()) {
                invalidCurveResponse.setShowsVulnerability(TestResults.TRUE);
                if (invalidCurveResponse.getVector().getCipherSuite().isEphemeral()) {
                    testResults2 = TestResults.TRUE;
                } else {
                    testResults = TestResults.TRUE;
                }
            }
        }
        return new InvalidCurveResult(testResults, testResults2, testResults3, list);
    }

    private void evaluateKeyBehavior(List<InvalidCurveResponse> list) {
        for (InvalidCurveResponse invalidCurveResponse : list) {
            if (invalidCurveResponse.getReceivedEcPublicKeys() == null || invalidCurveResponse.getReceivedEcPublicKeys().isEmpty()) {
                invalidCurveResponse.setChosenGroupReusesKey(TestResults.ERROR_DURING_TEST);
            } else {
                TestResults testResults = TestResults.FALSE;
                TestResults testResults2 = TestResults.FALSE;
                for (Point point : invalidCurveResponse.getReceivedEcPublicKeys()) {
                    for (Point point2 : invalidCurveResponse.getReceivedEcPublicKeys()) {
                        if (point != point2 && point.getFieldX().getData().compareTo(point2.getFieldX().getData()) == 0 && point.getFieldY().getData().compareTo(point2.getFieldY().getData()) == 0) {
                            testResults = TestResults.TRUE;
                        }
                    }
                }
                for (Point point3 : invalidCurveResponse.getReceivedFinishedEcKeys()) {
                    for (Point point4 : invalidCurveResponse.getReceivedEcPublicKeys()) {
                        if (point3 != point4 && point3.getFieldX().getData().compareTo(point4.getFieldX().getData()) == 0 && point3.getFieldY().getData().compareTo(point4.getFieldY().getData()) == 0) {
                            testResults2 = TestResults.TRUE;
                        }
                    }
                }
                invalidCurveResponse.setChosenGroupReusesKey(testResults);
                invalidCurveResponse.setFinishedHandshakeHadReusedKey(testResults2);
            }
        }
    }

    private boolean legitInvalidCurveVector(NamedGroup namedGroup, ECPointFormat eCPointFormat) {
        return (eCPointFormat != ECPointFormat.UNCOMPRESSED || namedGroup == NamedGroup.ECDH_X25519 || namedGroup == NamedGroup.ECDH_X448 || InvalidCurvePoint.smallOrder(namedGroup) == null) ? false : true;
    }

    private boolean legitTwistVector(NamedGroup namedGroup, ECPointFormat eCPointFormat) {
        if (TwistedCurvePoint.smallOrder(namedGroup) == null) {
            return false;
        }
        if (eCPointFormat == ECPointFormat.ANSIX962_COMPRESSED_PRIME) {
            return (namedGroup == NamedGroup.ECDH_X25519 || namedGroup == NamedGroup.ECDH_X448) ? false : true;
        }
        return true;
    }

    private ProtocolVersion pickRenegotiationVersion() {
        if (this.supportedProtocolVersions.contains(ProtocolVersion.TLS12) && this.supportsRenegotiation) {
            return ProtocolVersion.TLS12;
        }
        if (this.supportedProtocolVersions.contains(ProtocolVersion.TLS11) && this.supportsRenegotiation) {
            return ProtocolVersion.TLS11;
        }
        if (this.supportedProtocolVersions.contains(ProtocolVersion.TLS10) && this.supportsRenegotiation) {
            return ProtocolVersion.TLS10;
        }
        if (this.supportedProtocolVersions.contains(ProtocolVersion.TLS13) && this.issuesTls13SessionTickets == TestResults.TRUE && this.supportsTls13PskDhe == TestResults.TRUE) {
            return ProtocolVersion.TLS13;
        }
        if (this.supportedProtocolVersions.contains(ProtocolVersion.DTLS12) && this.supportsRenegotiation) {
            return ProtocolVersion.DTLS12;
        }
        if (this.supportedProtocolVersions.contains(ProtocolVersion.DTLS10) && this.supportsRenegotiation) {
            return ProtocolVersion.DTLS10;
        }
        LOGGER.info("Could not find a suitable version for Invalid Curve renegotiation scans");
        return null;
    }

    private List<ProtocolVersion> pickProtocolVersions() {
        LinkedList linkedList = new LinkedList();
        if (this.supportedProtocolVersions.contains(ProtocolVersion.TLS12)) {
            linkedList.add(ProtocolVersion.TLS12);
        } else if (this.supportedProtocolVersions.contains(ProtocolVersion.TLS11)) {
            linkedList.add(ProtocolVersion.TLS11);
        } else if (this.supportedProtocolVersions.contains(ProtocolVersion.TLS10)) {
            linkedList.add(ProtocolVersion.TLS10);
        }
        if (this.supportedProtocolVersions.contains(ProtocolVersion.TLS13)) {
            linkedList.add(ProtocolVersion.TLS13);
        }
        if (this.supportedProtocolVersions.contains(ProtocolVersion.DTLS12)) {
            linkedList.add(ProtocolVersion.DTLS12);
        } else if (this.supportedProtocolVersions.contains(ProtocolVersion.DTLS10)) {
            linkedList.add(ProtocolVersion.DTLS10);
        }
        return linkedList;
    }

    private HashMap<ProtocolVersion, List<CipherSuite>> filterCipherSuites(NamedGroup namedGroup) {
        HashMap<ProtocolVersion, List<CipherSuite>> hashMap = new HashMap<>();
        for (ProtocolVersion protocolVersion : this.supportedProtocolVersions) {
            LinkedList linkedList = new LinkedList();
            boolean z = false;
            boolean z2 = false;
            boolean z3 = false;
            boolean z4 = false;
            boolean z5 = false;
            boolean z6 = false;
            boolean z7 = false;
            boolean z8 = false;
            boolean z9 = false;
            boolean z10 = false;
            boolean z11 = false;
            if (this.supportedECDHCipherSuites.get(protocolVersion) != null) {
                for (CipherSuite cipherSuite : this.supportedECDHCipherSuites.get(protocolVersion)) {
                    boolean z12 = false;
                    if (groupQualifiedForCipherSuite(namedGroup, cipherSuite)) {
                        if (!cipherSuite.isEphemeral() && !z) {
                            z12 = true;
                            z = true;
                        }
                        if (cipherSuite.isEphemeral() && !z2) {
                            z12 = true;
                            z2 = true;
                        }
                        if (this.scanDetail.isGreaterEqualTo(ScannerDetail.DETAILED)) {
                            if (cipherSuite.isGCM() && !z3) {
                                z12 = true;
                                z3 = true;
                            } else if (cipherSuite.isCBC() && !z4) {
                                z12 = true;
                                z4 = true;
                            }
                            if (cipherSuite.isSHA() && !z5) {
                                z12 = true;
                                z5 = true;
                            } else if (cipherSuite.isSHA256() && !z6) {
                                z12 = true;
                                z6 = true;
                            } else if (cipherSuite.isSHA384() && !z7) {
                                z12 = true;
                                z7 = true;
                            } else if (cipherSuite.isSHA512() && !z8) {
                                z12 = true;
                                z8 = true;
                            }
                            if (cipherSuite.isECDSA() && !z9) {
                                z12 = true;
                                z9 = true;
                            } else if (cipherSuite.name().contains("RSA") && !z10) {
                                z12 = true;
                                z10 = true;
                            }
                            if (cipherSuite.isWeak() && !z11) {
                                z12 = true;
                                z11 = true;
                            }
                        }
                        if (z12) {
                            linkedList.add(cipherSuite);
                        }
                    }
                }
            }
            hashMap.put(protocolVersion, linkedList);
        }
        return hashMap;
    }

    private boolean groupQualifiedForCipherSuite(NamedGroup namedGroup, CipherSuite cipherSuite) {
        if (cipherSuite.isTLS13()) {
            return true;
        }
        if (!this.namedCurveWitnesses.containsKey(namedGroup)) {
            return false;
        }
        if (AlgorithmResolver.getCertificateKeyType(cipherSuite) == CertificateKeyType.RSA && !this.namedCurveWitnesses.get(namedGroup).isFoundUsingRsaCipher()) {
            return false;
        }
        if (AlgorithmResolver.getKeyExchangeAlgorithm(cipherSuite) != KeyExchangeAlgorithm.ECDHE_ECDSA || this.namedCurveWitnesses.get(namedGroup).isFoundUsingEcdsaEphemeralCipher()) {
            return AlgorithmResolver.getKeyExchangeAlgorithm(cipherSuite) != KeyExchangeAlgorithm.ECDH_ECDSA || this.namedCurveWitnesses.get(namedGroup).isFoundUsingEcdsaStaticCipher();
        }
        return false;
    }

    private List<NamedGroup> getRequiredGroups(NamedGroup namedGroup, CipherSuite cipherSuite) {
        HashSet hashSet = new HashSet();
        if (cipherSuite.isTLS13()) {
            if (this.namedCurveWitnessesTls13.get(namedGroup).getEcdsaPkGroupEphemeral() != null && this.namedCurveWitnessesTls13.get(namedGroup).getEcdsaPkGroupEphemeral() != namedGroup) {
                hashSet.add(this.namedCurveWitnessesTls13.get(namedGroup).getEcdsaPkGroupEphemeral());
            }
            if (this.namedCurveWitnessesTls13.get(namedGroup).getEcdsaSigGroupEphemeral() != null && this.namedCurveWitnessesTls13.get(namedGroup).getEcdsaSigGroupEphemeral() != namedGroup) {
                hashSet.add(this.namedCurveWitnessesTls13.get(namedGroup).getEcdsaSigGroupEphemeral());
            }
        } else if (AlgorithmResolver.getKeyExchangeAlgorithm(cipherSuite) == KeyExchangeAlgorithm.ECDHE_ECDSA) {
            if (this.namedCurveWitnesses.get(namedGroup).getEcdsaPkGroupEphemeral() != null && this.namedCurveWitnesses.get(namedGroup).getEcdsaPkGroupEphemeral() != namedGroup) {
                hashSet.add(this.namedCurveWitnesses.get(namedGroup).getEcdsaPkGroupEphemeral());
            }
            if (this.namedCurveWitnesses.get(namedGroup).getEcdsaSigGroupEphemeral() != null && this.namedCurveWitnesses.get(namedGroup).getEcdsaSigGroupEphemeral() != namedGroup) {
                hashSet.add(this.namedCurveWitnesses.get(namedGroup).getEcdsaSigGroupEphemeral());
            }
        } else if (AlgorithmResolver.getKeyExchangeAlgorithm(cipherSuite) == KeyExchangeAlgorithm.ECDH_ECDSA && this.namedCurveWitnesses.get(namedGroup).getEcdsaSigGroupStatic() != null && this.namedCurveWitnesses.get(namedGroup).getEcdsaSigGroupStatic() != namedGroup) {
            hashSet.add(this.namedCurveWitnesses.get(namedGroup).getEcdsaSigGroupStatic());
        }
        return new LinkedList(hashSet);
    }

    /* JADX WARN: Multi-variable type inference failed */
    private boolean benignHandshakeSuccessful(InvalidCurveVector invalidCurveVector) {
        Config baseConfig;
        if (invalidCurveVector.getProtocolVersion().isTLS13()) {
            baseConfig = ((ConfigSelector) this.configSelector).getTls13BaseConfig();
            LinkedList linkedList = new LinkedList();
            linkedList.add(invalidCurveVector.getNamedGroup());
            baseConfig.setDefaultClientKeyShareNamedGroups(linkedList);
            baseConfig.setAddPSKKeyExchangeModesExtension(true);
            LinkedList linkedList2 = new LinkedList();
            linkedList2.add(PskKeyExchangeMode.PSK_DHE_KE);
            baseConfig.setPSKKeyExchangeModes(linkedList2);
        } else {
            baseConfig = ((ConfigSelector) this.configSelector).getBaseConfig();
        }
        baseConfig.setHighestProtocolVersion(invalidCurveVector.getProtocolVersion());
        baseConfig.setDefaultClientSupportedCipherSuites(new CipherSuite[]{invalidCurveVector.getCipherSuite()});
        baseConfig.setDefaultClientNamedGroups(new NamedGroup[]{invalidCurveVector.getNamedGroup()});
        if (!invalidCurveVector.getEcdsaRequiredGroups().isEmpty()) {
            baseConfig.getDefaultClientNamedGroups().addAll(invalidCurveVector.getEcdsaRequiredGroups());
        }
        baseConfig.setAddRenegotiationInfoExtension(Boolean.valueOf(this.supportsSecureRenegotiation == TestResults.FALSE && this.supportsRenegotiation));
        baseConfig.setWorkflowTraceType(WorkflowTraceType.DYNAMIC_HANDSHAKE);
        State state = new State(baseConfig);
        executeState(new State[]{state});
        if (!state.getWorkflowTrace().executedAsPlanned()) {
            LOGGER.warn("Benign handshake failed for " + invalidCurveVector.toString() + " - omitting from Invalid Curve");
            return false;
        }
        if (state.getTlsContext().getSelectedGroup() == invalidCurveVector.getNamedGroup()) {
            return true;
        }
        LOGGER.warn("Benign handshake used wrong group (" + state.getTlsContext().getSelectedGroup() + ") for " + invalidCurveVector.toString() + " - omitting from Invalid Curve");
        return false;
    }

    private double getInfinityProbability(InvalidCurveVector invalidCurveVector, InvalidCurveScanType invalidCurveScanType) {
        return 1.0d / (invalidCurveScanType == InvalidCurveScanType.REDUNDANT ? invalidCurveVector.isTwistAttack() ? TwistedCurvePoint.alternativeOrder(invalidCurveVector.getNamedGroup()).getOrder().doubleValue() : InvalidCurvePoint.alternativeOrder(invalidCurveVector.getNamedGroup()).getOrder().doubleValue() : invalidCurveScanType == InvalidCurveScanType.LARGE_GROUP ? invalidCurveVector.isTwistAttack() ? TwistedCurvePoint.largeOrder(invalidCurveVector.getNamedGroup()).getOrder().doubleValue() : InvalidCurvePoint.largeOrder(invalidCurveVector.getNamedGroup()).getOrder().doubleValue() : invalidCurveVector.isTwistAttack() ? TwistedCurvePoint.smallOrder(invalidCurveVector.getNamedGroup()).getOrder().doubleValue() : InvalidCurvePoint.smallOrder(invalidCurveVector.getNamedGroup()).getOrder().doubleValue());
    }

    private void testForSidechannel(DistributionTest distributionTest, InvalidCurveVector invalidCurveVector, InvalidCurveResponse invalidCurveResponse) {
        invalidCurveResponse.setHadDistinctFps(TestResults.TRUE);
        InvalidCurveResponse executeSingleScan = executeSingleScan(invalidCurveVector, InvalidCurveScanType.LARGE_GROUP);
        if (executeSingleScan.getVectorResponses().isEmpty() || new DistributionTest(new InvalidCurveTestInfo(invalidCurveVector), executeSingleScan.getVectorResponses(), getInfinityProbability(invalidCurveVector, InvalidCurveScanType.LARGE_GROUP)).isDistinctAnswers()) {
            return;
        }
        InvalidCurveResponse executeSingleScan2 = executeSingleScan(invalidCurveVector, InvalidCurveScanType.EXTENDED);
        distributionTest.extendTestWithVectorResponses(executeSingleScan2.getVectorResponses());
        invalidCurveResponse.mergeResponse(executeSingleScan2);
        if (distributionTest.isSignificantDistinctAnswers() || invalidCurveResponse.getVectorResponses().size() < invalidCurveResponse.getFingerprintSecretPairs().size() / 2) {
            return;
        }
        if (this.scanDetail != ScannerDetail.ALL) {
            invalidCurveResponse.setSideChannelSuspected(TestResults.TRUE);
            return;
        }
        InvalidCurveResponse executeSingleScan3 = executeSingleScan(invalidCurveVector, InvalidCurveScanType.REDUNDANT);
        if (executeSingleScan3.getVectorResponses().isEmpty()) {
            return;
        }
        DistributionTest distributionTest2 = new DistributionTest(new InvalidCurveTestInfo(invalidCurveVector), executeSingleScan3.getVectorResponses(), getInfinityProbability(invalidCurveVector, InvalidCurveScanType.REDUNDANT));
        if (distributionTest2.isDistinctAnswers() && distributionTest2.isSignificantDistinctAnswers()) {
            invalidCurveResponse.setSideChannelSuspected(TestResults.TRUE);
        }
    }
}
