package de.rub.nds.tlsattacker.core.protocol.handler;

import de.rub.nds.modifiablevariable.util.ArrayConverter;
import de.rub.nds.tlsattacker.core.constants.AlgorithmResolver;
import de.rub.nds.tlsattacker.core.constants.DigestAlgorithm;
import de.rub.nds.tlsattacker.core.constants.HKDFAlgorithm;
import de.rub.nds.tlsattacker.core.constants.Tls13KeySetType;
import de.rub.nds.tlsattacker.core.crypto.HKDFunction;
import de.rub.nds.tlsattacker.core.exceptions.CryptoException;
import de.rub.nds.tlsattacker.core.exceptions.WorkflowExecutionException;
import de.rub.nds.tlsattacker.core.protocol.message.NewSessionTicketMessage;
import de.rub.nds.tlsattacker.core.protocol.message.extension.psk.PskSet;
import de.rub.nds.tlsattacker.core.protocol.parser.NewSessionTicketParser;
import de.rub.nds.tlsattacker.core.protocol.preparator.NewSessionTicketPreparator;
import de.rub.nds.tlsattacker.core.protocol.serializer.NewSessionTicketSerializer;
import de.rub.nds.tlsattacker.core.state.TlsContext;
import de.rub.nds.tlsattacker.core.state.session.TicketSession;
import java.security.NoSuchAlgorithmException;
import java.time.LocalDateTime;
import java.time.format.DateTimeFormatter;
import java.util.LinkedList;
import java.util.List;
import javax.crypto.Mac;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:de/rub/nds/tlsattacker/core/protocol/handler/NewSessionTicketHandler.class */
public class NewSessionTicketHandler extends HandshakeMessageHandler<NewSessionTicketMessage> {
    private static final Logger LOGGER = LogManager.getLogger();

    public NewSessionTicketHandler(TlsContext tlsContext) {
        super(tlsContext);
    }

    @Override // de.rub.nds.tlsattacker.core.protocol.handler.HandshakeMessageHandler, de.rub.nds.tlsattacker.core.protocol.handler.TlsMessageHandler, de.rub.nds.tlsattacker.core.protocol.ProtocolMessageHandler, de.rub.nds.tlsattacker.core.protocol.Handler
    public NewSessionTicketParser getParser(byte[] bArr, int i) {
        return new NewSessionTicketParser(i, bArr, this.tlsContext.getChooser().getSelectedProtocolVersion(), this.tlsContext.getConfig());
    }

    @Override // de.rub.nds.tlsattacker.core.protocol.handler.HandshakeMessageHandler, de.rub.nds.tlsattacker.core.protocol.handler.TlsMessageHandler, de.rub.nds.tlsattacker.core.protocol.ProtocolMessageHandler, de.rub.nds.tlsattacker.core.protocol.Handler
    public NewSessionTicketPreparator getPreparator(NewSessionTicketMessage newSessionTicketMessage) {
        return new NewSessionTicketPreparator(this.tlsContext.getChooser(), newSessionTicketMessage);
    }

    @Override // de.rub.nds.tlsattacker.core.protocol.handler.HandshakeMessageHandler, de.rub.nds.tlsattacker.core.protocol.handler.TlsMessageHandler, de.rub.nds.tlsattacker.core.protocol.ProtocolMessageHandler, de.rub.nds.tlsattacker.core.protocol.Handler
    public NewSessionTicketSerializer getSerializer(NewSessionTicketMessage newSessionTicketMessage) {
        return new NewSessionTicketSerializer(newSessionTicketMessage, this.tlsContext.getChooser().getSelectedProtocolVersion());
    }

    @Override // de.rub.nds.tlsattacker.core.protocol.handler.TlsMessageHandler
    public void adjustTLSContext(NewSessionTicketMessage newSessionTicketMessage) {
        if (this.tlsContext.getChooser().getSelectedProtocolVersion().isTLS13()) {
            adjustPskSets(newSessionTicketMessage);
            return;
        }
        byte[] bArr = (byte[]) newSessionTicketMessage.getTicket().getIdentity().getValue();
        LOGGER.debug("Adding Session for Ticket resumption using dummy SessionID");
        this.tlsContext.addNewSession(new TicketSession(this.tlsContext.getChooser().getMasterSecret(), bArr));
    }

    private void adjustPskSets(NewSessionTicketMessage newSessionTicketMessage) {
        LOGGER.debug("Adjusting PSK-Sets");
        List<PskSet> pskSets = this.tlsContext.getPskSets();
        if (pskSets == null) {
            pskSets = new LinkedList();
        }
        PskSet pskSet = new PskSet();
        pskSet.setCipherSuite(this.tlsContext.getChooser().getSelectedCipherSuite());
        if (newSessionTicketMessage.getTicket().getTicketAgeAdd() != null) {
            pskSet.setTicketAgeAdd((byte[]) newSessionTicketMessage.getTicket().getTicketAgeAdd().getValue());
        } else {
            LOGGER.warn("No TicketAge specified in SessionTicket");
        }
        if (newSessionTicketMessage.getTicket().getIdentity() != null) {
            pskSet.setPreSharedKeyIdentity((byte[]) newSessionTicketMessage.getTicket().getIdentity().getValue());
        } else {
            LOGGER.warn("No Identity in ticket. Using new byte[0] instead");
            pskSet.setPreSharedKeyIdentity(new byte[0]);
        }
        pskSet.setTicketAge(getTicketAge());
        if (newSessionTicketMessage.getTicket().getTicketNonce() != null) {
            pskSet.setTicketNonce((byte[]) newSessionTicketMessage.getTicket().getTicketNonce().getValue());
        } else {
            LOGGER.warn("No nonce in ticket. Using new byte[0] instead");
            pskSet.setTicketNonce(new byte[0]);
        }
        if (this.tlsContext.getActiveClientKeySetType() == Tls13KeySetType.APPLICATION_TRAFFIC_SECRETS) {
            pskSet.setPreSharedKey(derivePsk(pskSet));
        }
        LOGGER.debug("Adding PSK Set");
        pskSets.add(pskSet);
        this.tlsContext.setPskSets(pskSets);
    }

    private String getTicketAge() {
        return LocalDateTime.now().format(DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss.SSS"));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] derivePsk(PskSet pskSet) {
        try {
            LOGGER.debug("Deriving PSK from current session");
            HKDFAlgorithm hKDFAlgorithm = AlgorithmResolver.getHKDFAlgorithm(this.tlsContext.getChooser().getSelectedCipherSuite());
            DigestAlgorithm digestAlgorithm = AlgorithmResolver.getDigestAlgorithm(this.tlsContext.getChooser().getSelectedProtocolVersion(), this.tlsContext.getChooser().getSelectedCipherSuite());
            int macLength = Mac.getInstance(hKDFAlgorithm.getMacAlgorithm().getJavaName()).getMacLength();
            byte[] deriveSecret = HKDFunction.deriveSecret(hKDFAlgorithm, digestAlgorithm.getJavaName(), this.tlsContext.getChooser().getMasterSecret(), HKDFunction.RESUMPTION_MASTER_SECRET, this.tlsContext.getDigest().getRawBytes());
            this.tlsContext.setResumptionMasterSecret(deriveSecret);
            LOGGER.debug("Derived ResumptionMasterSecret: " + ArrayConverter.bytesToHexString(deriveSecret));
            LOGGER.debug("Handshake Transcript Raw Bytes: " + ArrayConverter.bytesToHexString(this.tlsContext.getDigest().getRawBytes()));
            byte[] expandLabel = HKDFunction.expandLabel(hKDFAlgorithm, deriveSecret, HKDFunction.RESUMPTION, pskSet.getTicketNonce(), macLength);
            LOGGER.debug("New derived pre-shared-key: " + ArrayConverter.bytesToHexString(expandLabel));
            return expandLabel;
        } catch (CryptoException | NoSuchAlgorithmException e) {
            LOGGER.error("DigestAlgorithm for psk derivation unknown");
            throw new WorkflowExecutionException(e);
        }
    }
}
