package de.rub.nds.tlsattacker.core.protocol.preparator;

import de.rub.nds.modifiablevariable.util.ArrayConverter;
import de.rub.nds.tlsattacker.core.certificate.CertificateByteChooser;
import de.rub.nds.tlsattacker.core.certificate.CertificateKeyPair;
import de.rub.nds.tlsattacker.core.exceptions.PreparationException;
import de.rub.nds.tlsattacker.core.protocol.message.CertificateMessage;
import de.rub.nds.tlsattacker.core.protocol.message.cert.CertificatePair;
import de.rub.nds.tlsattacker.core.protocol.preparator.cert.CertificatePairPreparator;
import de.rub.nds.tlsattacker.core.protocol.serializer.cert.CertificatePairSerializer;
import de.rub.nds.tlsattacker.core.workflow.chooser.Chooser;
import de.rub.nds.tlsattacker.transport.ConnectionEndType;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.util.LinkedList;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.bouncycastle.asn1.x509.Certificate;

/* loaded from: input_file:de/rub/nds/tlsattacker/core/protocol/preparator/CertificateMessagePreparator.class */
public class CertificateMessagePreparator extends HandshakeMessagePreparator<CertificateMessage> {
    private static final Logger LOGGER = LogManager.getLogger();
    private final CertificateMessage msg;

    public CertificateMessagePreparator(Chooser chooser, CertificateMessage certificateMessage) {
        super(chooser, certificateMessage);
        this.msg = certificateMessage;
    }

    @Override // de.rub.nds.tlsattacker.core.protocol.preparator.HandshakeMessagePreparator
    public void prepareHandshakeMessageContents() {
        LOGGER.debug("Preparing CertificateMessage");
        if (this.chooser.getSelectedProtocolVersion().isTLS13()) {
            prepareRequestContext(this.msg);
            prepareRequestContextLength(this.msg);
        }
        prepareCertificateListBytes(this.msg);
    }

    private void prepareCertificateListBytes(CertificateMessage certificateMessage) {
        if (certificateMessage.getCertificatesList() == null) {
            CertificateKeyPair chooseCertificateKeyPair = this.chooser.getConfig().isAutoSelectCertificate() ? CertificateByteChooser.getInstance().chooseCertificateKeyPair(this.chooser) : this.chooser.getConfig().getDefaultExplicitCertificateKeyPair();
            certificateMessage.setCertificateKeyPair(chooseCertificateKeyPair);
            byte[] certificateBytes = chooseCertificateKeyPair.getCertificateBytes();
            if (certificateBytes.length < 3 || !chooseCertificateKeyPair.isCertificateParseable()) {
                certificateMessage.setCertificatesListBytes(certificateBytes);
                certificateMessage.setCertificatesListLength(((byte[]) certificateMessage.getCertificatesListBytes().getValue()).length);
            } else {
                LinkedList linkedList = new LinkedList();
                try {
                    for (Certificate certificate : org.bouncycastle.crypto.tls.Certificate.parse(new ByteArrayInputStream(certificateBytes)).getCertificateList()) {
                        linkedList.add(new CertificatePair(certificate.getEncoded()));
                    }
                    certificateMessage.setCertificatesList(linkedList);
                    prepareFromPairList(certificateMessage);
                } catch (IOException e) {
                    throw new PreparationException("Could not parse a parseable certificate, this should never happen", e);
                }
            }
        } else {
            prepareFromPairList(certificateMessage);
        }
        LOGGER.debug("CertificatesListBytes: " + ArrayConverter.bytesToHexString((byte[]) certificateMessage.getCertificatesListBytes().getValue()));
    }

    private void prepareFromPairList(CertificateMessage certificateMessage) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        for (CertificatePair certificatePair : certificateMessage.getCertificatesList()) {
            new CertificatePairPreparator(this.chooser, certificatePair).prepare();
            try {
                byteArrayOutputStream.write(new CertificatePairSerializer(certificatePair, this.chooser.getSelectedProtocolVersion()).serialize());
            } catch (IOException e) {
                throw new PreparationException("Could not write byte[] from CertificatePair", e);
            }
        }
        certificateMessage.setCertificatesListBytes(byteArrayOutputStream.toByteArray());
        certificateMessage.setCertificatesListLength(((byte[]) certificateMessage.getCertificatesListBytes().getValue()).length);
    }

    private void prepareRequestContext(CertificateMessage certificateMessage) {
        if (this.chooser.getConnectionEndType() == ConnectionEndType.CLIENT) {
            certificateMessage.setRequestContext(this.chooser.getCertificateRequestContext());
        } else {
            certificateMessage.setRequestContext(new byte[0]);
        }
        LOGGER.debug("RequestContext: " + ArrayConverter.bytesToHexString((byte[]) certificateMessage.getRequestContext().getValue()));
    }

    private void prepareRequestContextLength(CertificateMessage certificateMessage) {
        certificateMessage.setRequestContextLength(((byte[]) certificateMessage.getRequestContext().getValue()).length);
        LOGGER.debug("RequestContextLength: " + certificateMessage.getRequestContextLength().getValue());
        certificateMessage.setCertificatesListBytes(CertificateByteChooser.getInstance().chooseCertificateKeyPair(this.chooser).getCertificateBytes());
        certificateMessage.setCertificatesListLength(((byte[]) certificateMessage.getCertificatesListBytes().getValue()).length);
    }
}
