package de.rub.nds.tlsscanner.serverscanner.probe;

import de.rub.nds.asn1.encoder.Asn1Encoder;
import de.rub.nds.asn1.model.Asn1EncapsulatingOctetString;
import de.rub.nds.asn1.model.Asn1ObjectIdentifier;
import de.rub.nds.asn1.model.Asn1PrimitiveOctetString;
import de.rub.nds.asn1.model.Asn1Sequence;
import de.rub.nds.tlsattacker.core.certificate.ocsp.CertificateInformationExtractor;
import de.rub.nds.tlsattacker.core.certificate.ocsp.OCSPRequest;
import de.rub.nds.tlsattacker.core.certificate.ocsp.OCSPRequestMessage;
import de.rub.nds.tlsattacker.core.certificate.ocsp.OCSPResponseParser;
import de.rub.nds.tlsattacker.core.certificate.ocsp.OCSPResponseTypes;
import de.rub.nds.tlsattacker.core.config.Config;
import de.rub.nds.tlsattacker.core.constants.ExtensionType;
import de.rub.nds.tlsattacker.core.constants.HandshakeMessageType;
import de.rub.nds.tlsattacker.core.constants.NamedGroup;
import de.rub.nds.tlsattacker.core.constants.PskKeyExchangeMode;
import de.rub.nds.tlsattacker.core.protocol.message.CertificateStatusMessage;
import de.rub.nds.tlsattacker.core.protocol.message.cert.CertificateEntry;
import de.rub.nds.tlsattacker.core.protocol.message.extension.CertificateStatusRequestExtensionMessage;
import de.rub.nds.tlsattacker.core.state.State;
import de.rub.nds.tlsattacker.core.workflow.ParallelExecutor;
import de.rub.nds.tlsattacker.core.workflow.WorkflowTraceUtil;
import de.rub.nds.tlsattacker.core.workflow.factory.WorkflowTraceType;
import de.rub.nds.tlsscanner.core.constants.TlsProbeType;
import de.rub.nds.tlsscanner.serverscanner.probe.certificate.CertificateChain;
import de.rub.nds.tlsscanner.serverscanner.probe.result.OcspResult;
import de.rub.nds.tlsscanner.serverscanner.probe.result.ocsp.OcspCertificateResult;
import de.rub.nds.tlsscanner.serverscanner.report.ServerReport;
import de.rub.nds.tlsscanner.serverscanner.selector.ConfigSelector;
import java.math.BigInteger;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Random;
import org.bouncycastle.crypto.tls.Certificate;

/* loaded from: input_file:de/rub/nds/tlsscanner/serverscanner/probe/OcspProbe.class */
public class OcspProbe extends TlsServerProbe<ConfigSelector, ServerReport, OcspResult> {
    private List<CertificateChain> serverCertChains;
    private List<NamedGroup> tls13NamedGroups;
    public static final int NONCE_TEST_VALUE_1 = 42;
    public static final int NONCE_TEST_VALUE_2 = 1337;
    private static final long STAPLED_NONCE_RANDOM_SEED = 42;
    private static final int STAPLED_NONCE_RANDOM_BIT_LENGTH = 128;

    public OcspProbe(ConfigSelector configSelector, ParallelExecutor parallelExecutor) {
        super(parallelExecutor, TlsProbeType.OCSP, configSelector);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* renamed from: executeTest, reason: merged with bridge method [inline-methods] */
    public OcspResult m110executeTest() {
        LinkedList linkedList = new LinkedList();
        for (CertificateChain certificateChain : this.serverCertChains) {
            OcspCertificateResult ocspCertificateResult = new OcspCertificateResult(certificateChain);
            getMustStaple(certificateChain.getCertificate(), ocspCertificateResult);
            if (((ConfigSelector) this.configSelector).foundWorkingConfig()) {
                getStapledResponse(ocspCertificateResult);
            }
            performRequest(certificateChain.getCertificate(), ocspCertificateResult);
            linkedList.add(ocspCertificateResult);
        }
        return new OcspResult(linkedList, this.tls13NamedGroups.isEmpty() ? null : getCertificateStatusFromCertificateEntryExtension());
    }

    private void getMustStaple(Certificate certificate, OcspCertificateResult ocspCertificateResult) {
        try {
            ocspCertificateResult.setMustStaple(new CertificateInformationExtractor(certificate.getCertificateAt(0)).getMustStaple().booleanValue());
        } catch (Exception e) {
            if (e.getCause() instanceof InterruptedException) {
                LOGGER.error("Timeout on " + getProbeName());
            } else {
                LOGGER.warn("Couldn't determine OCSP must staple flag in certificate.");
            }
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void getStapledResponse(OcspCertificateResult ocspCertificateResult) {
        Config baseConfig = ((ConfigSelector) this.configSelector).getBaseConfig();
        baseConfig.setWorkflowTraceType(WorkflowTraceType.DYNAMIC_HELLO);
        baseConfig.setCertificateStatusRequestExtensionRequestExtension(prepareNonceExtension());
        baseConfig.setAddCertificateStatusRequestExtension(true);
        State state = new State(baseConfig);
        executeState(new State[]{state});
        CertificateStatusMessage certificateStatusMessage = null;
        if (new ArrayList(state.getTlsContext().getNegotiatedExtensionSet()).contains(ExtensionType.STATUS_REQUEST)) {
            ocspCertificateResult.setSupportsStapling(true);
            if (WorkflowTraceUtil.didReceiveMessage(HandshakeMessageType.CERTIFICATE_STATUS, state.getWorkflowTrace())) {
                certificateStatusMessage = (CertificateStatusMessage) WorkflowTraceUtil.getFirstReceivedMessage(HandshakeMessageType.CERTIFICATE_STATUS, state.getWorkflowTrace());
            }
        } else {
            ocspCertificateResult.setSupportsStapling(false);
        }
        if (certificateStatusMessage != null) {
            try {
                ocspCertificateResult.setStapledResponse(OCSPResponseParser.parseResponse((byte[]) certificateStatusMessage.getOcspResponseBytes().getValue()));
            } catch (Exception e) {
                if (e.getCause() instanceof InterruptedException) {
                    LOGGER.error("Timeout on " + getProbeName());
                } else {
                    LOGGER.warn("Tried parsing stapled OCSP message, but failed. Will be empty.");
                }
            }
        }
    }

    private void performRequest(Certificate certificate, OcspCertificateResult ocspCertificateResult) {
        try {
            URL url = new URL(new CertificateInformationExtractor(certificate.getCertificateAt(0)).getOcspServerUrl());
            ocspCertificateResult.setSupportsOcsp(true);
            OCSPRequest oCSPRequest = new OCSPRequest(certificate, url);
            OCSPRequestMessage createDefaultRequestMessage = oCSPRequest.createDefaultRequestMessage();
            createDefaultRequestMessage.setNonce(new BigInteger(String.valueOf(42)));
            createDefaultRequestMessage.addExtension(OCSPResponseTypes.NONCE.getOID());
            ocspCertificateResult.setFirstResponse(oCSPRequest.makeRequest(createDefaultRequestMessage));
            ocspCertificateResult.setHttpGetResponse(oCSPRequest.makeGetRequest(createDefaultRequestMessage));
            if (ocspCertificateResult.getFirstResponse() == null || ocspCertificateResult.getFirstResponse().getNonce() == null) {
                ocspCertificateResult.setSupportsNonce(false);
                return;
            }
            ocspCertificateResult.setSupportsNonce(true);
            OCSPRequestMessage createDefaultRequestMessage2 = oCSPRequest.createDefaultRequestMessage();
            createDefaultRequestMessage2.setNonce(new BigInteger(String.valueOf(NONCE_TEST_VALUE_2)));
            createDefaultRequestMessage2.addExtension(OCSPResponseTypes.NONCE.getOID());
            ocspCertificateResult.setSecondResponse(oCSPRequest.makeRequest(createDefaultRequestMessage2));
            LOGGER.debug(ocspCertificateResult.getSecondResponse().toString());
        } catch (MalformedURLException e) {
            LOGGER.debug("Failed to parse a valid OCSP url for OCSP request");
        }
    }

    private byte[] prepareNonceExtension() {
        Asn1Sequence asn1Sequence = new Asn1Sequence();
        Asn1ObjectIdentifier asn1ObjectIdentifier = new Asn1ObjectIdentifier();
        asn1ObjectIdentifier.setValue(OCSPResponseTypes.NONCE.getOID());
        Asn1Sequence asn1Sequence2 = new Asn1Sequence();
        asn1Sequence.addChild(asn1ObjectIdentifier);
        Asn1EncapsulatingOctetString asn1EncapsulatingOctetString = new Asn1EncapsulatingOctetString();
        Asn1PrimitiveOctetString asn1PrimitiveOctetString = new Asn1PrimitiveOctetString();
        asn1PrimitiveOctetString.setValue(new BigInteger(STAPLED_NONCE_RANDOM_BIT_LENGTH, new Random(STAPLED_NONCE_RANDOM_SEED)).toByteArray());
        asn1EncapsulatingOctetString.addChild(asn1PrimitiveOctetString);
        asn1Sequence.addChild(asn1EncapsulatingOctetString);
        asn1Sequence2.addChild(asn1Sequence);
        LinkedList linkedList = new LinkedList();
        linkedList.add(asn1Sequence2);
        return new Asn1Encoder(linkedList).encode();
    }

    public boolean canBeExecuted(ServerReport serverReport) {
        return (serverReport.getCertificateChainList() == null || serverReport.getCertificateChainList().isEmpty() || !serverReport.isProbeAlreadyExecuted(TlsProbeType.NAMED_GROUPS)) ? false : true;
    }

    public void adjustConfig(ServerReport serverReport) {
        this.serverCertChains = new LinkedList();
        Iterator<CertificateChain> it = serverReport.getCertificateChainList().iterator();
        while (it.hasNext()) {
            this.serverCertChains.add(it.next());
        }
        this.tls13NamedGroups = serverReport.getSupportedTls13Groups();
    }

    /* JADX WARN: Multi-variable type inference failed */
    private List<CertificateStatusRequestExtensionMessage> getCertificateStatusFromCertificateEntryExtension() {
        LinkedList linkedList = new LinkedList();
        Config tls13BaseConfig = ((ConfigSelector) this.configSelector).getTls13BaseConfig();
        tls13BaseConfig.setWorkflowTraceType(WorkflowTraceType.DYNAMIC_HELLO);
        LinkedList linkedList2 = new LinkedList();
        linkedList2.add(PskKeyExchangeMode.PSK_DHE_KE);
        linkedList2.add(PskKeyExchangeMode.PSK_KE);
        tls13BaseConfig.setPSKKeyExchangeModes(linkedList2);
        tls13BaseConfig.setAddPSKKeyExchangeModesExtension(true);
        State state = new State(tls13BaseConfig);
        executeState(new State[]{state});
        if (WorkflowTraceUtil.didReceiveMessage(HandshakeMessageType.CERTIFICATE, state.getWorkflowTrace())) {
            Iterator it = WorkflowTraceUtil.getFirstReceivedMessage(HandshakeMessageType.CERTIFICATE, state.getWorkflowTrace()).getCertificatesListAsEntry().iterator();
            while (it.hasNext()) {
                for (CertificateStatusRequestExtensionMessage certificateStatusRequestExtensionMessage : ((CertificateEntry) it.next()).getExtensions()) {
                    if (certificateStatusRequestExtensionMessage instanceof CertificateStatusRequestExtensionMessage) {
                        linkedList.add(certificateStatusRequestExtensionMessage);
                    }
                }
            }
        }
        return linkedList;
    }

    /* renamed from: getCouldNotExecuteResult, reason: merged with bridge method [inline-methods] */
    public OcspResult m109getCouldNotExecuteResult() {
        return new OcspResult(null, null);
    }
}
