package de.rub.nds.tlsscanner.serverscanner.selector;

import de.rub.nds.tlsattacker.core.config.Config;
import de.rub.nds.tlsattacker.core.config.delegate.Delegate;
import de.rub.nds.tlsattacker.core.connection.AliasedConnection;
import de.rub.nds.tlsattacker.core.constants.AlgorithmResolver;
import de.rub.nds.tlsattacker.core.constants.CipherSuite;
import de.rub.nds.tlsattacker.core.constants.HandshakeMessageType;
import de.rub.nds.tlsattacker.core.constants.RunningModeType;
import de.rub.nds.tlsattacker.core.exceptions.ConfigurationException;
import de.rub.nds.tlsattacker.core.record.Record;
import de.rub.nds.tlsattacker.core.state.State;
import de.rub.nds.tlsattacker.core.workflow.ParallelExecutor;
import de.rub.nds.tlsattacker.core.workflow.WorkflowTrace;
import de.rub.nds.tlsattacker.core.workflow.WorkflowTraceUtil;
import de.rub.nds.tlsattacker.core.workflow.factory.WorkflowConfigurationFactory;
import de.rub.nds.tlsattacker.core.workflow.factory.WorkflowTraceType;
import de.rub.nds.tlsscanner.serverscanner.config.ServerScannerConfig;
import de.rub.nds.tlsscanner.serverscanner.trust.TrustAnchorManager;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Objects;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.bouncycastle.util.IPAddress;

/* loaded from: input_file:de/rub/nds/tlsscanner/serverscanner/selector/ConfigSelector.class */
public class ConfigSelector {
    private final ServerScannerConfig scannerConfig;
    private final ParallelExecutor parallelExecutor;
    private Config workingConfig;
    private String configProfileIdentifier;
    private Config workingTl13Config;
    private String configProfileIdentifierTls13;
    public static final String PATH = "/configs/";
    public static final String SSL2_CONFIG = "ssl2Only.config";
    public static final String TLS13_CONFIG = "tls13rich.config";
    public static final String DEFAULT_CONFIG = "default.config";
    private static final int COOLDOWN_TIMEOUT_MULTIPLIER = 5;
    private static final Logger LOGGER = LogManager.getLogger();
    private boolean speaksProtocol = false;
    private boolean isHandshaking = false;

    public String getConfigProfileIdentifier() {
        return this.configProfileIdentifier;
    }

    public String getConfigProfileIdentifierTls13() {
        return this.configProfileIdentifierTls13;
    }

    public ConfigSelector(ServerScannerConfig serverScannerConfig, ParallelExecutor parallelExecutor) {
        this.scannerConfig = serverScannerConfig;
        this.parallelExecutor = parallelExecutor;
    }

    public boolean findWorkingConfigs() {
        findWorkingConfig();
        findWorkingTls13Config();
        return (this.workingConfig == null && this.workingTl13Config == null) ? false : true;
    }

    public boolean findWorkingConfig() {
        for (DefaultConfigProfile defaultConfigProfile : DefaultConfigProfile.getTls12ConfigProfiles()) {
            Config configForProfile = getConfigForProfile(DEFAULT_CONFIG, defaultConfigProfile);
            if (configWorks(configForProfile)) {
                reportLimitation(defaultConfigProfile, "TLS 1.2");
                this.configProfileIdentifier = defaultConfigProfile.getIdentifier();
                this.workingConfig = configForProfile.createCopy();
                this.isHandshaking = true;
                return true;
            }
        }
        return false;
    }

    public Config getConfigForProfile(String str, ConfigFilterProfile configFilterProfile) throws ConfigurationException {
        if (this.scannerConfig.isConfigSearchCooldown()) {
            pauseSearch();
        }
        Config createConfig = Config.createConfig(Config.class.getResourceAsStream("/configs/" + str));
        ConfigFilter.applyFilterProfile(createConfig, configFilterProfile.getConfigFilterTypes());
        prepareBaseConfig(createConfig);
        return createConfig;
    }

    public void reportLimitation(ConfigFilterProfile configFilterProfile, String str) {
        if (configFilterProfile.getConfigFilterTypes().length > 0) {
            LOGGER.warn("Unable to perform handshake with extensive Config for {}.\nScanning with reduced Config ({}), which may affect the extent of some probes.", str, configFilterProfile.getIdentifier());
        }
    }

    public boolean findWorkingTls13Config() {
        for (DefaultConfigProfile defaultConfigProfile : DefaultConfigProfile.getTls13ConfigProfiles()) {
            Config configForProfile = getConfigForProfile(TLS13_CONFIG, defaultConfigProfile);
            if (configWorks(configForProfile)) {
                this.configProfileIdentifierTls13 = defaultConfigProfile.getIdentifier();
                reportLimitation(defaultConfigProfile, "TLS 1.3");
                this.workingTl13Config = configForProfile.createCopy();
                this.isHandshaking = true;
                return true;
            }
        }
        return false;
    }

    public void prepareBaseConfig(Config config) throws ConfigurationException {
        applyDelegates(config);
        applyPerformanceParamters(config);
        applyScannerConfigParameters(config);
        repairSni(config);
        repairConfig(config);
    }

    private void pauseSearch() {
        try {
            Thread.sleep(COOLDOWN_TIMEOUT_MULTIPLIER * this.scannerConfig.getTimeout());
        } catch (InterruptedException e) {
        }
    }

    private boolean configWorks(Config config) {
        WorkflowTrace createWorkflowTrace = new WorkflowConfigurationFactory(config).createWorkflowTrace(WorkflowTraceType.DYNAMIC_HELLO, RunningModeType.CLIENT);
        State state = new State(config, createWorkflowTrace);
        this.parallelExecutor.bulkExecuteStateTasks(new State[]{state});
        List receivedRecords = state.getWorkflowTrace().getFirstReceivingAction().getReceivedRecords();
        if ((receivedRecords != null && !receivedRecords.isEmpty() && (receivedRecords.get(0) instanceof Record)) || WorkflowTraceUtil.didReceiveMessage(HandshakeMessageType.HELLO_VERIFY_REQUEST, createWorkflowTrace) || WorkflowTraceUtil.didReceiveMessage(HandshakeMessageType.SERVER_HELLO, createWorkflowTrace) || WorkflowTraceUtil.didReceiveMessage(HandshakeMessageType.SERVER_HELLO_DONE, createWorkflowTrace)) {
            this.speaksProtocol = true;
        }
        return createWorkflowTrace.executedAsPlanned();
    }

    private void applyPerformanceParamters(Config config) {
        config.setQuickReceive(true);
        config.setEarlyStop(true);
        config.setStopReceivingAfterFatal(true);
        config.setStopActionsAfterFatal(true);
        config.setStopActionsAfterIOException(true);
        config.setStopTraceAfterUnexpected(true);
        config.setStopReceivingAfterWarning(false);
        config.setStopActionsAfterWarning(false);
        config.setEnforceSettings(false);
    }

    private void applyDelegates(Config config) throws ConfigurationException {
        Iterator it = this.scannerConfig.getDelegateList().iterator();
        while (it.hasNext()) {
            ((Delegate) it.next()).applyDelegate(config);
        }
    }

    private void applyScannerConfigParameters(Config config) {
        if (this.scannerConfig.getCustomCAPathList() != null) {
            TrustAnchorManager.getInstance().addCustomCA(this.scannerConfig.getCustomCAPathList());
        }
        int timeout = this.scannerConfig.getTimeout();
        config.getDefaultClientConnection().setTimeout(Integer.valueOf(timeout));
        if (timeout > AliasedConnection.DEFAULT_FIRST_TIMEOUT.intValue()) {
            config.getDefaultClientConnection().setFirstTimeout(Integer.valueOf(timeout));
        }
    }

    private void repairSni(Config config) {
        if (IPAddress.isValid(config.getDefaultClientConnection().getHostname()) && this.scannerConfig.getClientDelegate().getSniHostname() == null) {
            config.setAddServerNameIndicationExtension(false);
        } else {
            config.setAddServerNameIndicationExtension(true);
        }
    }

    public Config repairConfig(Config config) {
        restrictBasicFeatures(config);
        if (config.getHighestProtocolVersion().isTLS13()) {
            adjustKeyShareFields(config);
        } else {
            adjustEccExtensionsPreTls13(config);
        }
        setDefaultSelectedCipherSuites(config);
        applyDelegates(config);
        return config;
    }

    public void adjustEccExtensionsPreTls13(Config config) {
        boolean anyMatch = config.getDefaultClientSupportedCipherSuites().stream().filter((v0) -> {
            return v0.isRealCipherSuite();
        }).filter(Predicate.not((v0) -> {
            return v0.isTLS13();
        })).anyMatch(cipherSuite -> {
            return AlgorithmResolver.getKeyExchangeAlgorithm(cipherSuite).isEC();
        });
        config.setAddEllipticCurveExtension(Boolean.valueOf(anyMatch));
        config.setAddECPointFormatExtension(Boolean.valueOf(anyMatch));
    }

    public void adjustKeyShareFields(Config config) {
        config.setAddEllipticCurveExtension(true);
        config.setAddECPointFormatExtension(false);
        if (config.getDefaultClientKeyShareNamedGroups().isEmpty()) {
            config.setDefaultClientKeyShareNamedGroups(new LinkedList(config.getDefaultClientNamedGroups()));
            return;
        }
        Stream stream = config.getDefaultClientKeyShareNamedGroups().stream();
        List defaultClientNamedGroups = config.getDefaultClientNamedGroups();
        Objects.requireNonNull(defaultClientNamedGroups);
        config.setDefaultClientKeyShareNamedGroups((List) stream.filter((v1) -> {
            return r2.contains(v1);
        }).collect(Collectors.toList()));
    }

    public void setDefaultSelectedCipherSuites(Config config) {
        config.setDefaultSelectedCipherSuite((CipherSuite) config.getDefaultClientSupportedCipherSuites().stream().filter((v0) -> {
            return v0.isRealCipherSuite();
        }).findFirst().orElse(config.getDefaultSelectedCipherSuite()));
    }

    public void restrictBasicFeatures(Config config) {
        Config config2 = config.getHighestProtocolVersion().isTLS13() ? this.workingTl13Config : this.workingConfig;
        if (config2 != null) {
            Stream stream = config.getDefaultClientSupportedCipherSuites().stream();
            List defaultClientSupportedCipherSuites = config2.getDefaultClientSupportedCipherSuites();
            Objects.requireNonNull(defaultClientSupportedCipherSuites);
            config.setDefaultClientSupportedCipherSuites((List) stream.filter((v1) -> {
                return r2.contains(v1);
            }).collect(Collectors.toList()));
            Stream stream2 = config.getDefaultClientNamedGroups().stream();
            List defaultClientNamedGroups = config2.getDefaultClientNamedGroups();
            Objects.requireNonNull(defaultClientNamedGroups);
            config.setDefaultClientNamedGroups((List) stream2.filter((v1) -> {
                return r2.contains(v1);
            }).collect(Collectors.toList()));
            Stream stream3 = config.getDefaultClientSupportedSignatureAndHashAlgorithms().stream();
            List defaultClientSupportedSignatureAndHashAlgorithms = config2.getDefaultClientSupportedSignatureAndHashAlgorithms();
            Objects.requireNonNull(defaultClientSupportedSignatureAndHashAlgorithms);
            config.setDefaultClientSupportedSignatureAndHashAlgorithms((List) stream3.filter((v1) -> {
                return r2.contains(v1);
            }).collect(Collectors.toList()));
        }
    }

    public Config getBaseConfig() {
        return this.workingConfig.createCopy();
    }

    public Config getSSL2BaseConfig() {
        Config createConfig = Config.createConfig(Config.class.getResourceAsStream("/configs/ssl2Only.config"));
        prepareBaseConfig(createConfig);
        return createConfig;
    }

    public Config getTls13BaseConfig() {
        return this.workingTl13Config == null ? Config.createConfig(Config.class.getResourceAsStream("/configs/tls13rich.config")) : this.workingTl13Config.createCopy();
    }

    public boolean isIsHandshaking() {
        return this.isHandshaking;
    }

    public boolean isSpeaksProtocol() {
        return this.speaksProtocol;
    }

    public ServerScannerConfig getScannerConfig() {
        return this.scannerConfig;
    }

    public boolean foundWorkingConfig() {
        return this.workingConfig != null;
    }

    public boolean foundWorkingTls13Config() {
        return this.workingTl13Config != null;
    }

    public Config getAnyWorkingBaseConfig() {
        if (this.workingConfig != null) {
            return getBaseConfig();
        }
        if (this.workingTl13Config != null) {
            return getTls13BaseConfig();
        }
        throw new RuntimeException("No working Config found for tested host");
    }
}
