package de.rub.nds.tlsattacker.core.protocol.preparator;

import de.rub.nds.modifiablevariable.util.ArrayConverter;
import de.rub.nds.tlsattacker.core.constants.AlgorithmResolver;
import de.rub.nds.tlsattacker.core.constants.HKDFAlgorithm;
import de.rub.nds.tlsattacker.core.constants.PRFAlgorithm;
import de.rub.nds.tlsattacker.core.crypto.HKDFunction;
import de.rub.nds.tlsattacker.core.crypto.PseudoRandomFunction;
import de.rub.nds.tlsattacker.core.crypto.SSLUtils;
import de.rub.nds.tlsattacker.core.exceptions.CryptoException;
import de.rub.nds.tlsattacker.core.protocol.message.FinishedMessage;
import de.rub.nds.tlsattacker.core.workflow.chooser.Chooser;
import de.rub.nds.tlsattacker.transport.ConnectionEndType;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:de/rub/nds/tlsattacker/core/protocol/preparator/FinishedPreparator.class */
public class FinishedPreparator extends HandshakeMessagePreparator<FinishedMessage> {
    private static final Logger LOGGER = LogManager.getLogger();
    private byte[] verifyData;
    private final FinishedMessage msg;

    public FinishedPreparator(Chooser chooser, FinishedMessage finishedMessage) {
        super(chooser, finishedMessage);
        this.msg = finishedMessage;
    }

    @Override // de.rub.nds.tlsattacker.core.protocol.preparator.HandshakeMessagePreparator
    public void prepareHandshakeMessageContents() {
        LOGGER.debug("Preparing FinishedMessage");
        try {
            this.verifyData = computeVerifyData();
        } catch (CryptoException e) {
            LOGGER.warn("Could not compute VerifyData! Using empty verifyData.", e);
            this.verifyData = new byte[0];
        }
        prepareVerifyData(this.msg);
    }

    private byte[] computeVerifyData() throws CryptoException {
        if (this.chooser.getSelectedProtocolVersion().isTLS13()) {
            try {
                HKDFAlgorithm hKDFAlgorithm = AlgorithmResolver.getHKDFAlgorithm(this.chooser.getSelectedCipherSuite());
                Mac mac = Mac.getInstance(hKDFAlgorithm.getMacAlgorithm().getJavaName());
                LOGGER.debug("Connection End: " + this.chooser.getConnectionEndType());
                byte[] expandLabel = this.chooser.getConnectionEndType() == ConnectionEndType.SERVER ? HKDFunction.expandLabel(hKDFAlgorithm, this.chooser.getServerHandshakeTrafficSecret(), HKDFunction.FINISHED, new byte[0], mac.getMacLength()) : HKDFunction.expandLabel(hKDFAlgorithm, this.chooser.getClientHandshakeTrafficSecret(), HKDFunction.FINISHED, new byte[0], mac.getMacLength());
                LOGGER.debug("Finished key: " + ArrayConverter.bytesToHexString(expandLabel));
                mac.init(new SecretKeySpec(expandLabel, mac.getAlgorithm()));
                mac.update(this.chooser.getContext().getDigest().digest(this.chooser.getSelectedProtocolVersion(), this.chooser.getSelectedCipherSuite()));
                return mac.doFinal();
            } catch (InvalidKeyException | NoSuchAlgorithmException e) {
                throw new CryptoException(e);
            }
        }
        if (this.chooser.getSelectedProtocolVersion().isSSL()) {
            LOGGER.trace("Calculating VerifyData:");
            byte[] rawBytes = this.chooser.getContext().getDigest().getRawBytes();
            byte[] masterSecret = this.chooser.getMasterSecret();
            LOGGER.debug("Using MasterSecret:" + ArrayConverter.bytesToHexString(masterSecret));
            return SSLUtils.calculateFinishedData(rawBytes, masterSecret, this.chooser.getConnectionEndType());
        }
        LOGGER.debug("Calculating VerifyData:");
        PRFAlgorithm pRFAlgorithm = this.chooser.getPRFAlgorithm();
        LOGGER.debug("Using PRF:" + pRFAlgorithm.name());
        byte[] masterSecret2 = this.chooser.getMasterSecret();
        LOGGER.debug("Using MasterSecret:" + ArrayConverter.bytesToHexString(masterSecret2));
        byte[] digest = this.chooser.getContext().getDigest().digest(this.chooser.getSelectedProtocolVersion(), this.chooser.getSelectedCipherSuite());
        LOGGER.debug("Using HandshakeMessage Hash:" + ArrayConverter.bytesToHexString(digest));
        return PseudoRandomFunction.compute(pRFAlgorithm, masterSecret2, this.chooser.getConnectionEndType() == ConnectionEndType.SERVER ? PseudoRandomFunction.SERVER_FINISHED_LABEL : PseudoRandomFunction.CLIENT_FINISHED_LABEL, digest, 12);
    }

    private void prepareVerifyData(FinishedMessage finishedMessage) {
        finishedMessage.setVerifyData(this.verifyData);
        LOGGER.debug("VerifyData: " + ArrayConverter.bytesToHexString((byte[]) finishedMessage.getVerifyData().getValue()));
    }
}
