package de.rub.nds.tlsattacker.core.protocol.handler;

import de.rub.nds.modifiablevariable.util.ArrayConverter;
import de.rub.nds.tlsattacker.core.constants.AlgorithmResolver;
import de.rub.nds.tlsattacker.core.constants.DigestAlgorithm;
import de.rub.nds.tlsattacker.core.constants.ExtensionType;
import de.rub.nds.tlsattacker.core.constants.HKDFAlgorithm;
import de.rub.nds.tlsattacker.core.constants.Tls13KeySetType;
import de.rub.nds.tlsattacker.core.crypto.HKDFunction;
import de.rub.nds.tlsattacker.core.exceptions.AdjustmentException;
import de.rub.nds.tlsattacker.core.exceptions.CryptoException;
import de.rub.nds.tlsattacker.core.protocol.message.FinishedMessage;
import de.rub.nds.tlsattacker.core.protocol.parser.FinishedParser;
import de.rub.nds.tlsattacker.core.protocol.preparator.FinishedPreparator;
import de.rub.nds.tlsattacker.core.protocol.serializer.FinishedSerializer;
import de.rub.nds.tlsattacker.core.record.cipher.RecordCipherFactory;
import de.rub.nds.tlsattacker.core.record.cipher.cryptohelper.KeySet;
import de.rub.nds.tlsattacker.core.record.cipher.cryptohelper.KeySetGenerator;
import de.rub.nds.tlsattacker.core.state.TlsContext;
import de.rub.nds.tlsattacker.transport.ConnectionEndType;
import java.security.NoSuchAlgorithmException;
import javax.crypto.Mac;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:de/rub/nds/tlsattacker/core/protocol/handler/FinishedHandler.class */
public class FinishedHandler extends HandshakeMessageHandler<FinishedMessage> {
    private static final Logger LOGGER = LogManager.getLogger();

    public FinishedHandler(TlsContext tlsContext) {
        super(tlsContext);
    }

    @Override // de.rub.nds.tlsattacker.core.protocol.handler.ProtocolMessageHandler, de.rub.nds.tlsattacker.core.protocol.handler.Handler
    public FinishedParser getParser(byte[] bArr, int i) {
        return new FinishedParser(i, bArr, this.tlsContext.getChooser().getLastRecordVersion());
    }

    @Override // de.rub.nds.tlsattacker.core.protocol.handler.ProtocolMessageHandler, de.rub.nds.tlsattacker.core.protocol.handler.Handler
    public FinishedPreparator getPreparator(FinishedMessage finishedMessage) {
        return new FinishedPreparator(this.tlsContext.getChooser(), finishedMessage);
    }

    @Override // de.rub.nds.tlsattacker.core.protocol.handler.ProtocolMessageHandler, de.rub.nds.tlsattacker.core.protocol.handler.Handler
    public FinishedSerializer getSerializer(FinishedMessage finishedMessage) {
        return new FinishedSerializer(finishedMessage, this.tlsContext.getChooser().getSelectedProtocolVersion());
    }

    @Override // de.rub.nds.tlsattacker.core.protocol.handler.ProtocolMessageHandler
    public void adjustTLSContext(FinishedMessage finishedMessage) {
        if (this.tlsContext.getChooser().getSelectedProtocolVersion().isTLS13()) {
            if (this.tlsContext.getTalkingConnectionEndType() != this.tlsContext.getChooser().getConnectionEndType()) {
                if (this.tlsContext.getTalkingConnectionEndType() == ConnectionEndType.SERVER) {
                    adjustApplicationTrafficSecrets();
                    setServerRecordCipher(Tls13KeySetType.APPLICATION_TRAFFIC_SECRETS);
                } else {
                    setClientRecordCipher(Tls13KeySetType.APPLICATION_TRAFFIC_SECRETS);
                }
            } else if (this.tlsContext.getChooser().getConnectionEndType() == ConnectionEndType.CLIENT || !this.tlsContext.isExtensionNegotiated(ExtensionType.EARLY_DATA)) {
                setClientRecordCipher(Tls13KeySetType.HANDSHAKE_TRAFFIC_SECRETS);
            }
        }
        if (this.tlsContext.getTalkingConnectionEndType() == ConnectionEndType.CLIENT) {
            this.tlsContext.setLastClientVerifyData((byte[]) finishedMessage.getVerifyData().getValue());
        } else {
            this.tlsContext.setLastServerVerifyData((byte[]) finishedMessage.getVerifyData().getValue());
        }
        if (!this.tlsContext.getChooser().getSelectedProtocolVersion().isDTLS() || this.tlsContext.getTalkingConnectionEndType() == this.tlsContext.getChooser().getConnectionEndType()) {
            return;
        }
        this.tlsContext.setDtlsNextReceiveSequenceNumber(0);
    }

    private void adjustApplicationTrafficSecrets() {
        HKDFAlgorithm hKDFAlgorithm = AlgorithmResolver.getHKDFAlgorithm(this.tlsContext.getChooser().getSelectedCipherSuite());
        DigestAlgorithm digestAlgorithm = AlgorithmResolver.getDigestAlgorithm(this.tlsContext.getChooser().getSelectedProtocolVersion(), this.tlsContext.getChooser().getSelectedCipherSuite());
        try {
            byte[] extract = HKDFunction.extract(hKDFAlgorithm, HKDFunction.deriveSecret(hKDFAlgorithm, digestAlgorithm.getJavaName(), this.tlsContext.getChooser().getHandshakeSecret(), HKDFunction.DERIVED, ArrayConverter.hexStringToByteArray("")), new byte[Mac.getInstance(hKDFAlgorithm.getMacAlgorithm().getJavaName()).getMacLength()]);
            byte[] deriveSecret = HKDFunction.deriveSecret(hKDFAlgorithm, digestAlgorithm.getJavaName(), extract, HKDFunction.CLIENT_APPLICATION_TRAFFIC_SECRET, this.tlsContext.getDigest().getRawBytes());
            this.tlsContext.setClientApplicationTrafficSecret(deriveSecret);
            LOGGER.debug("Set clientApplicationTrafficSecret in Context to " + ArrayConverter.bytesToHexString(deriveSecret));
            byte[] deriveSecret2 = HKDFunction.deriveSecret(hKDFAlgorithm, digestAlgorithm.getJavaName(), extract, HKDFunction.SERVER_APPLICATION_TRAFFIC_SECRET, this.tlsContext.getDigest().getRawBytes());
            this.tlsContext.setServerApplicationTrafficSecret(deriveSecret2);
            LOGGER.debug("Set serverApplicationTrafficSecret in Context to " + ArrayConverter.bytesToHexString(deriveSecret2));
            this.tlsContext.setMasterSecret(extract);
            LOGGER.debug("Set masterSecret in Context to " + ArrayConverter.bytesToHexString(extract));
        } catch (CryptoException | NoSuchAlgorithmException e) {
            throw new AdjustmentException(e);
        }
    }

    @Override // de.rub.nds.tlsattacker.core.protocol.handler.ProtocolMessageHandler
    public void adjustTlsContextAfterSerialize(FinishedMessage finishedMessage) {
        if (this.tlsContext.getChooser().getSelectedProtocolVersion().isTLS13()) {
            if (this.tlsContext.getChooser().getConnectionEndType() == ConnectionEndType.CLIENT) {
                setClientRecordCipher(Tls13KeySetType.APPLICATION_TRAFFIC_SECRETS);
            } else {
                adjustApplicationTrafficSecrets();
                setServerRecordCipher(Tls13KeySetType.APPLICATION_TRAFFIC_SECRETS);
            }
        }
        if (this.tlsContext.getChooser().getSelectedProtocolVersion().isDTLS()) {
            this.tlsContext.setDtlsNextSendSequenceNumber(0);
        }
    }

    private KeySet getKeySet(TlsContext tlsContext, Tls13KeySetType tls13KeySetType) {
        try {
            LOGGER.debug("Generating new KeySet");
            return KeySetGenerator.generateKeySet(tlsContext, tlsContext.getChooser().getSelectedProtocolVersion(), tls13KeySetType);
        } catch (CryptoException | NoSuchAlgorithmException e) {
            throw new UnsupportedOperationException("The specified Algorithm is not supported", e);
        }
    }

    private void setServerRecordCipher(Tls13KeySetType tls13KeySetType) {
        this.tlsContext.setActiveServerKeySetType(tls13KeySetType);
        LOGGER.debug("Setting cipher for server to use " + tls13KeySetType);
        this.tlsContext.getRecordLayer().setRecordCipher(RecordCipherFactory.getRecordCipher(this.tlsContext, getKeySet(this.tlsContext, this.tlsContext.getActiveServerKeySetType()), this.tlsContext.getChooser().getSelectedCipherSuite()));
        if (this.tlsContext.getChooser().getConnectionEndType() == ConnectionEndType.CLIENT) {
            this.tlsContext.setReadSequenceNumber(0L);
            this.tlsContext.getRecordLayer().updateDecryptionCipher();
        } else {
            this.tlsContext.setWriteSequenceNumber(0L);
            this.tlsContext.getRecordLayer().updateEncryptionCipher();
        }
    }

    private void setClientRecordCipher(Tls13KeySetType tls13KeySetType) {
        this.tlsContext.setActiveClientKeySetType(tls13KeySetType);
        LOGGER.debug("Setting cipher for client to use " + tls13KeySetType);
        this.tlsContext.getRecordLayer().setRecordCipher(RecordCipherFactory.getRecordCipher(this.tlsContext, getKeySet(this.tlsContext, this.tlsContext.getActiveClientKeySetType()), this.tlsContext.getChooser().getSelectedCipherSuite()));
        if (this.tlsContext.getChooser().getConnectionEndType() == ConnectionEndType.SERVER) {
            this.tlsContext.setReadSequenceNumber(0L);
            this.tlsContext.getRecordLayer().updateDecryptionCipher();
        } else {
            this.tlsContext.setWriteSequenceNumber(0L);
            this.tlsContext.getRecordLayer().updateEncryptionCipher();
        }
    }
}
