package de.rub.nds.tlsscanner.serverscanner.probe.padding;

import de.rub.nds.tlsattacker.attacks.util.response.EqualityError;
import de.rub.nds.tlsattacker.attacks.util.response.FingerPrintChecker;
import de.rub.nds.tlsattacker.attacks.util.response.ResponseFingerprint;
import de.rub.nds.tlsattacker.core.constants.AlertDescription;
import de.rub.nds.tlsattacker.core.constants.AlertLevel;
import de.rub.nds.tlsattacker.core.constants.CipherSuite;
import de.rub.nds.tlsattacker.core.protocol.message.AlertMessage;
import de.rub.nds.tlsattacker.transport.socket.SocketState;
import de.rub.nds.tlsscanner.serverscanner.leak.info.PaddingOracleTestInfo;
import de.rub.nds.tlsscanner.serverscanner.vectorstatistics.InformationLeakTest;
import de.rub.nds.tlsscanner.serverscanner.vectorstatistics.VectorContainer;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Objects;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:de/rub/nds/tlsscanner/serverscanner/probe/padding/PaddingOracleAttributor.class */
public class PaddingOracleAttributor {
    private static final Logger LOGGER = LogManager.getLogger();
    private final List<KnownPaddingOracleVulnerability> knownVulnerabilityList = new LinkedList();

    public PaddingOracleAttributor() {
        this.knownVulnerabilityList.addAll(createCve20162107());
        this.knownVulnerabilityList.addAll(createCve20191559());
        this.knownVulnerabilityList.addAll(createCve20196485());
        this.knownVulnerabilityList.addAll(createCve20196593());
        this.knownVulnerabilityList.addAll(createUnpatchedOne());
        this.knownVulnerabilityList.addAll(createUnpatchedTwo());
        this.knownVulnerabilityList.addAll(createUnpatchedThree());
    }

    private List<KnownPaddingOracleVulnerability> createCve20196593() {
        LinkedList linkedList = new LinkedList();
        linkedList.add("BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)");
        LinkedList linkedList2 = new LinkedList();
        ResponseFingerprint responseFingerprint = new ResponseFingerprint(linkedList2, (List) null, SocketState.CLOSED);
        ResponseFingerprint responseFingerprint2 = new ResponseFingerprint(linkedList2, (List) null, SocketState.TIMEOUT);
        LinkedList linkedList3 = new LinkedList();
        linkedList3.add(new IdentifierResponse("BasicMac1", responseFingerprint));
        linkedList3.add(new IdentifierResponse("BasicMac2", responseFingerprint));
        linkedList3.add(new IdentifierResponse("BasicMac3", responseFingerprint));
        linkedList3.add(new IdentifierResponse("MissingMacByteFirst", responseFingerprint));
        linkedList3.add(new IdentifierResponse("MissingMacByteLast", responseFingerprint));
        linkedList3.add(new IdentifierResponse("PlainOnlyPadding", responseFingerprint));
        linkedList3.add(new IdentifierResponse("PlainTooMuchPadding", responseFingerprint));
        linkedList3.add(new IdentifierResponse("InvPadValMacStart0", responseFingerprint));
        linkedList3.add(new IdentifierResponse("InvPadValMacMid0", responseFingerprint));
        linkedList3.add(new IdentifierResponse("InvPadValMacEnd0", responseFingerprint));
        linkedList3.add(new IdentifierResponse("ValPadInvMacStart0", responseFingerprint));
        linkedList3.add(new IdentifierResponse("ValPadInvMacMid0", responseFingerprint));
        linkedList3.add(new IdentifierResponse("ValPadInvMacEnd0", responseFingerprint));
        linkedList3.add(new IdentifierResponse("InvPadInvMacStart0", responseFingerprint));
        linkedList3.add(new IdentifierResponse("InvPadInvMacMid0", responseFingerprint));
        linkedList3.add(new IdentifierResponse("InvPadInvMacEnd0", responseFingerprint));
        linkedList3.add(new IdentifierResponse("InvPadValMacStart", responseFingerprint));
        linkedList3.add(new IdentifierResponse("InvPadValMacMid", responseFingerprint));
        linkedList3.add(new IdentifierResponse("InvPadValMacEnd", responseFingerprint2));
        linkedList3.add(new IdentifierResponse("ValPadInvMacStart", responseFingerprint));
        linkedList3.add(new IdentifierResponse("ValPadInvMacMid", responseFingerprint));
        linkedList3.add(new IdentifierResponse("ValPadInvMacEnd", responseFingerprint));
        linkedList3.add(new IdentifierResponse("InvPadInvMacStart", responseFingerprint));
        linkedList3.add(new IdentifierResponse("InvPadInvMacMid", responseFingerprint));
        linkedList3.add(new IdentifierResponse("InvPadInvMacEnd", responseFingerprint2));
        LinkedList linkedList4 = new LinkedList();
        linkedList4.add(new KnownPaddingOracleVulnerability("CVE-2019-6593", "F5 BIG-IP CVE-2019-6593", "F5 BIG-IP virtual server CVE-2019-6593", PaddingOracleStrength.STRONG, true, new LinkedList(), new LinkedList(), "On BIG-IP 11.5.1-11.5.4, 11.6.1, and 12.1.0, a virtual server configured with a Client SSL \nprofile may be vulnerable to a chosen ciphertext attack against CBC ciphers. When exploited, this may \nresult in plaintext recovery of encrypted messages through a man-in-the-middle (MITM) attack, despite the\n attacker not having gained access to the server's private key itself. (CVE-2019-6593 also known as \nZombie POODLE and GOLDENDOODLE.)", linkedList, linkedList3, true));
        return linkedList4;
    }

    private List<KnownPaddingOracleVulnerability> createUnpatchedOne() {
        LinkedList linkedList = new LinkedList();
        linkedList.add(CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA);
        linkedList.add(CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA);
        linkedList.add(CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA);
        linkedList.add(CipherSuite.TLS_DHE_RSA_WITH_AES_256_CBC_SHA);
        linkedList.add(CipherSuite.TLS_DHE_DSS_WITH_AES_128_CBC_SHA);
        linkedList.add(CipherSuite.TLS_DHE_DSS_WITH_AES_256_CBC_SHA);
        linkedList.add(CipherSuite.TLS_DH_RSA_WITH_AES_128_CBC_SHA);
        linkedList.add(CipherSuite.TLS_DH_RSA_WITH_AES_256_CBC_SHA);
        linkedList.add(CipherSuite.TLS_DH_DSS_WITH_AES_128_CBC_SHA);
        linkedList.add(CipherSuite.TLS_DH_DSS_WITH_AES_256_CBC_SHA);
        linkedList.add(CipherSuite.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA);
        linkedList.add(CipherSuite.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA);
        linkedList.add(CipherSuite.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA);
        linkedList.add(CipherSuite.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA);
        linkedList.add(CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA);
        linkedList.add(CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA);
        linkedList.add(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA);
        linkedList.add(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA);
        LinkedList linkedList2 = new LinkedList();
        linkedList2.add(CipherSuite.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384);
        linkedList2.add(CipherSuite.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384);
        linkedList2.add(CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384);
        linkedList2.add(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384);
        LinkedList linkedList3 = new LinkedList();
        linkedList3.add("- To be announced -");
        linkedList3.add("- To be announced -");
        LinkedList linkedList4 = new LinkedList();
        AlertMessage alertMessage = new AlertMessage();
        alertMessage.setDescription(AlertDescription.INTERNAL_ERROR.getValue());
        alertMessage.setLevel(AlertLevel.FATAL.getValue());
        linkedList4.add(alertMessage);
        ResponseFingerprint responseFingerprint = new ResponseFingerprint(linkedList4, (List) null, SocketState.CLOSED);
        LinkedList linkedList5 = new LinkedList();
        AlertMessage alertMessage2 = new AlertMessage();
        alertMessage2.setDescription(AlertDescription.BAD_RECORD_MAC.getValue());
        alertMessage2.setLevel(AlertLevel.FATAL.getValue());
        linkedList5.add(alertMessage2);
        ResponseFingerprint responseFingerprint2 = new ResponseFingerprint(linkedList5, (List) null, SocketState.CLOSED);
        LinkedList linkedList6 = new LinkedList();
        linkedList6.add(new IdentifierResponse("BasicMac1", responseFingerprint));
        linkedList6.add(new IdentifierResponse("BasicMac2", responseFingerprint));
        linkedList6.add(new IdentifierResponse("BasicMac3", responseFingerprint));
        linkedList6.add(new IdentifierResponse("MissingMacByteFirst", responseFingerprint));
        linkedList6.add(new IdentifierResponse("MissingMacByteLast", responseFingerprint));
        linkedList6.add(new IdentifierResponse("PlainOnlyPadding", responseFingerprint2));
        linkedList6.add(new IdentifierResponse("PlainTooMuchPadding", responseFingerprint2));
        linkedList6.add(new IdentifierResponse("InvPadValMacStart0", responseFingerprint));
        linkedList6.add(new IdentifierResponse("InvPadValMacMid0", responseFingerprint));
        linkedList6.add(new IdentifierResponse("InvPadValMacEnd0", responseFingerprint));
        linkedList6.add(new IdentifierResponse("ValPadInvMacStart0", responseFingerprint));
        linkedList6.add(new IdentifierResponse("ValPadInvMacMid0", responseFingerprint));
        linkedList6.add(new IdentifierResponse("ValPadInvMacEnd0", responseFingerprint));
        linkedList6.add(new IdentifierResponse("InvPadInvMacStart0", responseFingerprint));
        linkedList6.add(new IdentifierResponse("InvPadInvMacMid0", responseFingerprint));
        linkedList6.add(new IdentifierResponse("InvPadInvMacEnd0", responseFingerprint));
        linkedList6.add(new IdentifierResponse("InvPadValMacStart", responseFingerprint));
        linkedList6.add(new IdentifierResponse("InvPadValMacMid", responseFingerprint));
        linkedList6.add(new IdentifierResponse("InvPadValMacEnd", responseFingerprint));
        linkedList6.add(new IdentifierResponse("ValPadInvMacStart", responseFingerprint));
        linkedList6.add(new IdentifierResponse("ValPadInvMacMid", responseFingerprint));
        linkedList6.add(new IdentifierResponse("ValPadInvMacEnd", responseFingerprint));
        linkedList6.add(new IdentifierResponse("InvPadInvMacStart", responseFingerprint));
        linkedList6.add(new IdentifierResponse("InvPadInvMacMid", responseFingerprint));
        linkedList6.add(new IdentifierResponse("InvPadInvMacEnd", responseFingerprint));
        LinkedList linkedList7 = new LinkedList();
        linkedList7.add(new KnownPaddingOracleVulnerability("- To be announced -", "- To be announced -", "- To be announced -", PaddingOracleStrength.STRONG, true, linkedList, linkedList2, "We know who is responsible for this behavior. This vulnerability is still in the process of being patched. \nWe will add information once it is patched.", linkedList3, linkedList6, false));
        return linkedList7;
    }

    private List<KnownPaddingOracleVulnerability> createUnpatchedTwo() {
        LinkedList linkedList = new LinkedList();
        linkedList.add("- To be announced -");
        linkedList.add("- To be announced -");
        LinkedList linkedList2 = new LinkedList();
        AlertMessage alertMessage = new AlertMessage();
        alertMessage.setDescription(AlertDescription.BAD_RECORD_MAC.getValue());
        alertMessage.setLevel(AlertLevel.FATAL.getValue());
        linkedList2.add(alertMessage);
        AlertMessage alertMessage2 = new AlertMessage();
        alertMessage2.setDescription(AlertDescription.CLOSE_NOTIFY.getValue());
        alertMessage2.setLevel(AlertLevel.WARNING.getValue());
        linkedList2.add(alertMessage2);
        LinkedList linkedList3 = new LinkedList();
        AlertMessage alertMessage3 = new AlertMessage();
        alertMessage3.setDescription(AlertDescription.BAD_RECORD_MAC.getValue());
        alertMessage3.setLevel(AlertLevel.FATAL.getValue());
        linkedList3.add(alertMessage3);
        ResponseFingerprint responseFingerprint = new ResponseFingerprint(linkedList3, (List) null, SocketState.TIMEOUT);
        LinkedList linkedList4 = new LinkedList();
        linkedList4.add(new IdentifierResponse("BasicMac1", responseFingerprint));
        linkedList4.add(new IdentifierResponse("BasicMac2", responseFingerprint));
        linkedList4.add(new IdentifierResponse("BasicMac3", responseFingerprint));
        linkedList4.add(new IdentifierResponse("MissingMacByteFirst", responseFingerprint));
        linkedList4.add(new IdentifierResponse("MissingMacByteLast", responseFingerprint));
        linkedList4.add(new IdentifierResponse("PlainOnlyPadding", responseFingerprint));
        linkedList4.add(new IdentifierResponse("PlainTooMuchPadding", responseFingerprint));
        linkedList4.add(new IdentifierResponse("InvPadValMacStart0", responseFingerprint));
        linkedList4.add(new IdentifierResponse("InvPadValMacMid0", responseFingerprint));
        linkedList4.add(new IdentifierResponse("InvPadValMacEnd0", responseFingerprint));
        ResponseFingerprint responseFingerprint2 = new ResponseFingerprint(linkedList3, (List) null, SocketState.CLOSED);
        linkedList4.add(new IdentifierResponse("ValPadInvMacStart0", responseFingerprint2));
        linkedList4.add(new IdentifierResponse("ValPadInvMacMid0", responseFingerprint2));
        linkedList4.add(new IdentifierResponse("ValPadInvMacEnd0", responseFingerprint2));
        linkedList4.add(new IdentifierResponse("InvPadInvMacStart0", responseFingerprint));
        linkedList4.add(new IdentifierResponse("InvPadInvMacMid0", responseFingerprint));
        linkedList4.add(new IdentifierResponse("InvPadInvMacEnd0", responseFingerprint));
        linkedList4.add(new IdentifierResponse("InvPadValMacStart", responseFingerprint));
        linkedList4.add(new IdentifierResponse("InvPadValMacMid", responseFingerprint));
        linkedList4.add(new IdentifierResponse("InvPadValMacEnd", responseFingerprint));
        linkedList4.add(new IdentifierResponse("ValPadInvMacStart", responseFingerprint));
        linkedList4.add(new IdentifierResponse("ValPadInvMacMid", responseFingerprint));
        linkedList4.add(new IdentifierResponse("ValPadInvMacEnd", responseFingerprint));
        linkedList4.add(new IdentifierResponse("InvPadInvMacStart", responseFingerprint));
        linkedList4.add(new IdentifierResponse("InvPadInvMacMid", responseFingerprint));
        linkedList4.add(new IdentifierResponse("InvPadInvMacEnd", responseFingerprint));
        LinkedList linkedList5 = new LinkedList();
        linkedList5.add(new KnownPaddingOracleVulnerability("- To be announced -", "- To be announced -", "- To be announced -", PaddingOracleStrength.STRONG, true, new LinkedList(), new LinkedList(), "We know who is responsible for this behavior. This vulnerability is still in the process of being patched. \nWe will add information once it is patched.", linkedList, linkedList4, false));
        return linkedList5;
    }

    private List<KnownPaddingOracleVulnerability> createUnpatchedThree() {
        LinkedList linkedList = new LinkedList();
        linkedList.add("- To be announced -");
        linkedList.add("- To be announced -");
        LinkedList linkedList2 = new LinkedList();
        AlertMessage alertMessage = new AlertMessage();
        alertMessage.setDescription(AlertDescription.BAD_RECORD_MAC.getValue());
        alertMessage.setLevel(AlertLevel.FATAL.getValue());
        linkedList2.add(alertMessage);
        AlertMessage alertMessage2 = new AlertMessage();
        alertMessage2.setDescription(AlertDescription.CLOSE_NOTIFY.getValue());
        alertMessage2.setLevel(AlertLevel.WARNING.getValue());
        linkedList2.add(alertMessage2);
        ResponseFingerprint responseFingerprint = new ResponseFingerprint(linkedList2, (List) null, SocketState.CLOSED);
        LinkedList linkedList3 = new LinkedList();
        AlertMessage alertMessage3 = new AlertMessage();
        alertMessage3.setDescription(AlertDescription.DECODE_ERROR.getValue());
        alertMessage3.setLevel(AlertLevel.FATAL.getValue());
        linkedList3.add(alertMessage3);
        AlertMessage alertMessage4 = new AlertMessage();
        alertMessage4.setDescription(AlertDescription.CLOSE_NOTIFY.getValue());
        alertMessage4.setLevel(AlertLevel.WARNING.getValue());
        linkedList3.add(alertMessage4);
        ResponseFingerprint responseFingerprint2 = new ResponseFingerprint(linkedList3, (List) null, SocketState.CLOSED);
        LinkedList linkedList4 = new LinkedList();
        linkedList4.add(new IdentifierResponse("BasicMac1", responseFingerprint));
        linkedList4.add(new IdentifierResponse("BasicMac2", responseFingerprint));
        linkedList4.add(new IdentifierResponse("BasicMac3", responseFingerprint));
        linkedList4.add(new IdentifierResponse("MissingMacByteFirst", responseFingerprint2));
        linkedList4.add(new IdentifierResponse("MissingMacByteLast", responseFingerprint2));
        linkedList4.add(new IdentifierResponse("PlainOnlyPadding", responseFingerprint2));
        linkedList4.add(new IdentifierResponse("PlainTooMuchPadding", responseFingerprint));
        linkedList4.add(new IdentifierResponse("InvPadValMacStart0", responseFingerprint));
        linkedList4.add(new IdentifierResponse("InvPadValMacMid0", responseFingerprint));
        linkedList4.add(new IdentifierResponse("InvPadValMacEnd0", responseFingerprint));
        linkedList4.add(new IdentifierResponse("ValPadInvMacStart0", responseFingerprint));
        linkedList4.add(new IdentifierResponse("ValPadInvMacMid0", responseFingerprint));
        linkedList4.add(new IdentifierResponse("ValPadInvMacEnd0", responseFingerprint));
        linkedList4.add(new IdentifierResponse("InvPadInvMacStart0", responseFingerprint));
        linkedList4.add(new IdentifierResponse("InvPadInvMacMid0", responseFingerprint));
        linkedList4.add(new IdentifierResponse("InvPadInvMacEnd0", responseFingerprint));
        linkedList4.add(new IdentifierResponse("InvPadValMacStart", responseFingerprint));
        linkedList4.add(new IdentifierResponse("InvPadValMacMid", responseFingerprint));
        linkedList4.add(new IdentifierResponse("InvPadValMacEnd", responseFingerprint));
        linkedList4.add(new IdentifierResponse("ValPadInvMacStart", responseFingerprint));
        linkedList4.add(new IdentifierResponse("ValPadInvMacMid", responseFingerprint));
        linkedList4.add(new IdentifierResponse("ValPadInvMacEnd", responseFingerprint));
        linkedList4.add(new IdentifierResponse("InvPadInvMacStart", responseFingerprint));
        linkedList4.add(new IdentifierResponse("InvPadInvMacMid", responseFingerprint));
        linkedList4.add(new IdentifierResponse("InvPadInvMacEnd", responseFingerprint));
        LinkedList linkedList5 = new LinkedList();
        linkedList5.add(new KnownPaddingOracleVulnerability("- To be announced -", "- To be announced -", "- To be announced -", PaddingOracleStrength.STRONG, false, new LinkedList(), new LinkedList(), "We know who is responsible for this behavior. This vulnerability is still in the process of being patched. \nWe will add information once it is patched.", linkedList, linkedList4, false));
        return linkedList5;
    }

    private List<KnownPaddingOracleVulnerability> createCve20196485() {
        LinkedList linkedList = new LinkedList();
        linkedList.add("Citrix ADC and NetScaler Gateway version 12.1 earlier than build 50.31");
        linkedList.add("Citrix ADC and NetScaler Gateway version 12.0 earlier than build 60.9");
        linkedList.add("Citrix ADC and NetScaler Gateway version 11.1 earlier than build 60.14");
        linkedList.add("Citrix ADC and NetScaler Gateway version 11.0 earlier than build 72.17");
        linkedList.add("Citrix ADC and NetScaler Gateway version 10.5 earlier than build 69.5");
        LinkedList linkedList2 = new LinkedList();
        AlertMessage alertMessage = new AlertMessage();
        alertMessage.setDescription(AlertDescription.BAD_RECORD_MAC.getValue());
        alertMessage.setLevel(AlertLevel.FATAL.getValue());
        linkedList2.add(alertMessage);
        LinkedList linkedList3 = new LinkedList();
        ResponseFingerprint responseFingerprint = new ResponseFingerprint(linkedList3, (List) null, SocketState.SOCKET_EXCEPTION);
        ResponseFingerprint responseFingerprint2 = new ResponseFingerprint(linkedList3, (List) null, SocketState.TIMEOUT);
        LinkedList linkedList4 = new LinkedList();
        linkedList4.add(new IdentifierResponse("BasicMac1", responseFingerprint));
        linkedList4.add(new IdentifierResponse("BasicMac2", responseFingerprint));
        linkedList4.add(new IdentifierResponse("BasicMac3", responseFingerprint));
        linkedList4.add(new IdentifierResponse("MissingMacByteFirst", responseFingerprint));
        linkedList4.add(new IdentifierResponse("MissingMacByteLast", responseFingerprint));
        linkedList4.add(new IdentifierResponse("PlainOnlyPadding", responseFingerprint));
        linkedList4.add(new IdentifierResponse("PlainTooMuchPadding", responseFingerprint));
        linkedList4.add(new IdentifierResponse("InvPadValMacStart0", responseFingerprint2));
        linkedList4.add(new IdentifierResponse("InvPadValMacMid0", responseFingerprint2));
        linkedList4.add(new IdentifierResponse("InvPadValMacEnd0", responseFingerprint));
        linkedList4.add(new IdentifierResponse("ValPadInvMacStart0", responseFingerprint));
        linkedList4.add(new IdentifierResponse("ValPadInvMacMid0", responseFingerprint));
        linkedList4.add(new IdentifierResponse("ValPadInvMacEnd0", responseFingerprint));
        linkedList4.add(new IdentifierResponse("InvPadInvMacStart0", responseFingerprint));
        linkedList4.add(new IdentifierResponse("InvPadInvMacMid0", responseFingerprint));
        linkedList4.add(new IdentifierResponse("InvPadInvMacEnd0", responseFingerprint));
        ResponseFingerprint responseFingerprint3 = new ResponseFingerprint(linkedList3, (List) null, SocketState.SOCKET_EXCEPTION);
        linkedList4.add(new IdentifierResponse("InvPadValMacStart", responseFingerprint3));
        linkedList4.add(new IdentifierResponse("InvPadValMacMid", responseFingerprint3));
        linkedList4.add(new IdentifierResponse("InvPadValMacEnd", responseFingerprint));
        linkedList4.add(new IdentifierResponse("ValPadInvMacStart", responseFingerprint));
        linkedList4.add(new IdentifierResponse("ValPadInvMacMid", responseFingerprint));
        linkedList4.add(new IdentifierResponse("ValPadInvMacEnd", responseFingerprint));
        linkedList4.add(new IdentifierResponse("InvPadInvMacStart", responseFingerprint));
        linkedList4.add(new IdentifierResponse("InvPadInvMacMid", responseFingerprint));
        linkedList4.add(new IdentifierResponse("InvPadInvMacEnd", responseFingerprint));
        LinkedList linkedList5 = new LinkedList();
        linkedList5.add(new KnownPaddingOracleVulnerability("CVE-2019-6485", "Citrix CVE-2019-6485", "Citrix NetScaler CVE-2019-6485", PaddingOracleStrength.POODLE, true, new LinkedList(), new LinkedList(), "A vulnerability has been identified in the Citrix Application Delivery Controller (ADC)\nformally known as NetScaler ADC and NetScaler Gateway platforms using hardware acceleration that \ncould allow an attacker to exploit the appliance to decrypt TLS traffic. This vulnerability does \nnot directly allow an attacker to obtain the TLS private key.\n \n More Details: https://support.citrix.com/article/CTX240139", linkedList, linkedList4, false));
        return linkedList5;
    }

    private List<KnownPaddingOracleVulnerability> createCve20191559() {
        LinkedList linkedList = new LinkedList();
        linkedList.add("Openssl < 1.0.2r");
        LinkedList linkedList2 = new LinkedList();
        AlertMessage alertMessage = new AlertMessage();
        alertMessage.setDescription(AlertDescription.BAD_RECORD_MAC.getValue());
        alertMessage.setLevel(AlertLevel.FATAL.getValue());
        linkedList2.add(alertMessage);
        AlertMessage alertMessage2 = new AlertMessage();
        alertMessage2.setDescription(AlertDescription.CLOSE_NOTIFY.getValue());
        alertMessage2.setLevel(AlertLevel.WARNING.getValue());
        linkedList2.add(alertMessage2);
        ResponseFingerprint responseFingerprint = new ResponseFingerprint(linkedList2, (List) null, SocketState.CLOSED);
        LinkedList linkedList3 = new LinkedList();
        AlertMessage alertMessage3 = new AlertMessage();
        alertMessage3.setDescription(AlertDescription.BAD_RECORD_MAC.getValue());
        alertMessage3.setLevel(AlertLevel.FATAL.getValue());
        linkedList3.add(alertMessage3);
        AlertMessage alertMessage4 = new AlertMessage();
        alertMessage4.setDescription(AlertDescription.CLOSE_NOTIFY.getValue());
        alertMessage4.setLevel(AlertLevel.WARNING.getValue());
        linkedList3.add(alertMessage4);
        ResponseFingerprint responseFingerprint2 = new ResponseFingerprint(linkedList3, (List) null, SocketState.TIMEOUT);
        LinkedList linkedList4 = new LinkedList();
        linkedList4.add(new IdentifierResponse("BasicMac1", responseFingerprint));
        linkedList4.add(new IdentifierResponse("BasicMac2", responseFingerprint));
        linkedList4.add(new IdentifierResponse("BasicMac3", responseFingerprint));
        linkedList4.add(new IdentifierResponse("MissingMacByteFirst", responseFingerprint));
        linkedList4.add(new IdentifierResponse("MissingMacByteLast", responseFingerprint));
        linkedList4.add(new IdentifierResponse("PlainOnlyPadding", responseFingerprint));
        linkedList4.add(new IdentifierResponse("PlainTooMuchPadding", responseFingerprint));
        linkedList4.add(new IdentifierResponse("InvPadValMacStart0", responseFingerprint));
        linkedList4.add(new IdentifierResponse("InvPadValMacMid0", responseFingerprint));
        linkedList4.add(new IdentifierResponse("InvPadValMacEnd0", responseFingerprint));
        linkedList4.add(new IdentifierResponse("ValPadInvMacStart0", responseFingerprint2));
        linkedList4.add(new IdentifierResponse("ValPadInvMacMid0", responseFingerprint2));
        linkedList4.add(new IdentifierResponse("ValPadInvMacEnd0", responseFingerprint2));
        linkedList4.add(new IdentifierResponse("InvPadInvMacStart0", responseFingerprint));
        linkedList4.add(new IdentifierResponse("InvPadInvMacMid0", responseFingerprint));
        linkedList4.add(new IdentifierResponse("InvPadInvMacEnd0", responseFingerprint));
        linkedList4.add(new IdentifierResponse("InvPadValMacStart", responseFingerprint));
        linkedList4.add(new IdentifierResponse("InvPadValMacMid", responseFingerprint));
        linkedList4.add(new IdentifierResponse("InvPadValMacEnd", responseFingerprint));
        linkedList4.add(new IdentifierResponse("ValPadInvMacStart", responseFingerprint));
        linkedList4.add(new IdentifierResponse("ValPadInvMacMid", responseFingerprint));
        linkedList4.add(new IdentifierResponse("ValPadInvMacEnd", responseFingerprint));
        linkedList4.add(new IdentifierResponse("InvPadInvMacStart", responseFingerprint));
        linkedList4.add(new IdentifierResponse("InvPadInvMacMid", responseFingerprint));
        linkedList4.add(new IdentifierResponse("InvPadInvMacEnd", responseFingerprint));
        LinkedList linkedList5 = new LinkedList();
        linkedList5.add(new KnownPaddingOracleVulnerability("Openssl CVE-2019-1559", "Openssl CVE-2019-1559", "Openssl CVE-2019-1559", PaddingOracleStrength.STRONG, true, new LinkedList(), new LinkedList(), "If an application encounters a fatal protocol error and then calls\nSSL_shutdown() twice (once to send a close_notify, and once to receive one) then\nOpenSSL can respond differently to the calling application if a 0 byte record is\nreceived with invalid padding compared to if a 0 byte record is received with an\ninvalid MAC. If the application then behaves differently based on that in a way\nthat is detectable to the remote peer, then this amounts to a padding oracle\nthat could be used to decrypt data.\n\nIn order for this to be exploitable then \"non-stitched\" cipher suites must be in\nuse. Stitched cipher suites are optimised implementations of certain commonly\nused cipher suites. Also the application must call SSL_shutdown() twice even if a\nprotocol error has occurred (applications should not do this but some do\nanyway).\n\nThis issue does not impact OpenSSL 1.1.1 or 1.1.0.\n\nOpenSSL 1.0.2 users should upgrade to 1.0.2r.\n", linkedList, linkedList4, false));
        return linkedList5;
    }

    private List<KnownPaddingOracleVulnerability> createCve20162107() {
        LinkedList linkedList = new LinkedList();
        linkedList.add(CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA);
        linkedList.add(CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA256);
        linkedList.add(CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA);
        linkedList.add(CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA256);
        linkedList.add(CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA);
        linkedList.add(CipherSuite.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256);
        linkedList.add(CipherSuite.TLS_DHE_RSA_WITH_AES_256_CBC_SHA);
        linkedList.add(CipherSuite.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256);
        linkedList.add(CipherSuite.TLS_DHE_DSS_WITH_AES_128_CBC_SHA);
        linkedList.add(CipherSuite.TLS_DHE_DSS_WITH_AES_128_CBC_SHA256);
        linkedList.add(CipherSuite.TLS_DHE_DSS_WITH_AES_256_CBC_SHA);
        linkedList.add(CipherSuite.TLS_DHE_DSS_WITH_AES_256_CBC_SHA256);
        linkedList.add(CipherSuite.TLS_DH_RSA_WITH_AES_128_CBC_SHA);
        linkedList.add(CipherSuite.TLS_DH_RSA_WITH_AES_128_CBC_SHA256);
        linkedList.add(CipherSuite.TLS_DH_RSA_WITH_AES_256_CBC_SHA);
        linkedList.add(CipherSuite.TLS_DH_RSA_WITH_AES_256_CBC_SHA256);
        linkedList.add(CipherSuite.TLS_DH_DSS_WITH_AES_128_CBC_SHA);
        linkedList.add(CipherSuite.TLS_DH_DSS_WITH_AES_128_CBC_SHA256);
        linkedList.add(CipherSuite.TLS_DH_DSS_WITH_AES_256_CBC_SHA);
        linkedList.add(CipherSuite.TLS_DH_DSS_WITH_AES_256_CBC_SHA256);
        linkedList.add(CipherSuite.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA);
        linkedList.add(CipherSuite.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256);
        linkedList.add(CipherSuite.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA);
        linkedList.add(CipherSuite.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA);
        linkedList.add(CipherSuite.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256);
        linkedList.add(CipherSuite.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA);
        linkedList.add(CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA);
        linkedList.add(CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256);
        linkedList.add(CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA);
        linkedList.add(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA);
        linkedList.add(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256);
        linkedList.add(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA);
        LinkedList linkedList2 = new LinkedList();
        linkedList2.add(CipherSuite.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384);
        linkedList2.add(CipherSuite.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384);
        linkedList2.add(CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384);
        linkedList2.add(CipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384);
        for (CipherSuite cipherSuite : CipherSuite.values()) {
            if (!cipherSuite.name().contains("AES")) {
                linkedList2.add(cipherSuite);
            }
        }
        LinkedList linkedList3 = new LinkedList();
        linkedList3.add("Openssl < 1.0.1t (after Lucky13 patch)");
        linkedList3.add("Openssl < 1.0.2h (after Lucky13 patch)");
        LinkedList linkedList4 = new LinkedList();
        AlertMessage alertMessage = new AlertMessage();
        alertMessage.setDescription(AlertDescription.BAD_RECORD_MAC.getValue());
        alertMessage.setLevel(AlertLevel.FATAL.getValue());
        linkedList4.add(alertMessage);
        ResponseFingerprint responseFingerprint = new ResponseFingerprint(linkedList4, (List) null, SocketState.CLOSED);
        LinkedList linkedList5 = new LinkedList();
        AlertMessage alertMessage2 = new AlertMessage();
        alertMessage2.setDescription(AlertDescription.RECORD_OVERFLOW.getValue());
        alertMessage2.setLevel(AlertLevel.FATAL.getValue());
        linkedList5.add(alertMessage2);
        ResponseFingerprint responseFingerprint2 = new ResponseFingerprint(linkedList5, (List) null, SocketState.CLOSED);
        LinkedList linkedList6 = new LinkedList();
        linkedList6.add(new IdentifierResponse("BasicMac1", responseFingerprint));
        linkedList6.add(new IdentifierResponse("BasicMac2", responseFingerprint));
        linkedList6.add(new IdentifierResponse("BasicMac3", responseFingerprint));
        linkedList6.add(new IdentifierResponse("MissingMacByteFirst", responseFingerprint));
        linkedList6.add(new IdentifierResponse("MissingMacByteLast", responseFingerprint));
        linkedList6.add(new IdentifierResponse("PlainOnlyPadding", responseFingerprint2));
        linkedList6.add(new IdentifierResponse("PlainTooMuchPadding", responseFingerprint2));
        linkedList6.add(new IdentifierResponse("InvPadValMacStart0", responseFingerprint));
        linkedList6.add(new IdentifierResponse("InvPadValMacMid0", responseFingerprint));
        linkedList6.add(new IdentifierResponse("InvPadValMacEnd0", responseFingerprint));
        linkedList6.add(new IdentifierResponse("ValPadInvMacStart0", responseFingerprint));
        linkedList6.add(new IdentifierResponse("ValPadInvMacMid0", responseFingerprint));
        linkedList6.add(new IdentifierResponse("ValPadInvMacEnd0", responseFingerprint));
        linkedList6.add(new IdentifierResponse("InvPadInvMacStart0", responseFingerprint));
        linkedList6.add(new IdentifierResponse("InvPadInvMacMid0", responseFingerprint));
        linkedList6.add(new IdentifierResponse("InvPadInvMacEnd0", responseFingerprint));
        linkedList6.add(new IdentifierResponse("InvPadValMacStart", responseFingerprint));
        linkedList6.add(new IdentifierResponse("InvPadValMacMid", responseFingerprint));
        linkedList6.add(new IdentifierResponse("InvPadValMacEnd", responseFingerprint));
        linkedList6.add(new IdentifierResponse("ValPadInvMacStart", responseFingerprint));
        linkedList6.add(new IdentifierResponse("ValPadInvMacMid", responseFingerprint));
        linkedList6.add(new IdentifierResponse("ValPadInvMacEnd", responseFingerprint));
        linkedList6.add(new IdentifierResponse("InvPadInvMacStart", responseFingerprint));
        linkedList6.add(new IdentifierResponse("InvPadInvMacMid", responseFingerprint));
        linkedList6.add(new IdentifierResponse("InvPadInvMacEnd", responseFingerprint));
        LinkedList linkedList7 = new LinkedList();
        AlertMessage alertMessage3 = new AlertMessage();
        alertMessage3.setDescription(AlertDescription.BAD_RECORD_MAC.getValue());
        alertMessage3.setLevel(AlertLevel.FATAL.getValue());
        linkedList7.add(alertMessage3);
        AlertMessage alertMessage4 = new AlertMessage();
        alertMessage4.setDescription(AlertDescription.CLOSE_NOTIFY.getValue());
        alertMessage4.setLevel(AlertLevel.WARNING.getValue());
        linkedList7.add(alertMessage4);
        ResponseFingerprint responseFingerprint3 = new ResponseFingerprint(linkedList7, (List) null, SocketState.CLOSED);
        LinkedList linkedList8 = new LinkedList();
        AlertMessage alertMessage5 = new AlertMessage();
        alertMessage5.setDescription(AlertDescription.RECORD_OVERFLOW.getValue());
        alertMessage5.setLevel(AlertLevel.FATAL.getValue());
        linkedList8.add(alertMessage5);
        AlertMessage alertMessage6 = new AlertMessage();
        alertMessage6.setDescription(AlertDescription.CLOSE_NOTIFY.getValue());
        alertMessage6.setLevel(AlertLevel.WARNING.getValue());
        linkedList8.add(alertMessage6);
        ResponseFingerprint responseFingerprint4 = new ResponseFingerprint(linkedList8, (List) null, SocketState.CLOSED);
        LinkedList linkedList9 = new LinkedList();
        linkedList9.add(new IdentifierResponse("BasicMac1", responseFingerprint3));
        linkedList9.add(new IdentifierResponse("BasicMac2", responseFingerprint3));
        linkedList9.add(new IdentifierResponse("BasicMac3", responseFingerprint3));
        linkedList9.add(new IdentifierResponse("MissingMacByteFirst", responseFingerprint3));
        linkedList9.add(new IdentifierResponse("MissingMacByteLast", responseFingerprint3));
        linkedList9.add(new IdentifierResponse("PlainOnlyPadding", responseFingerprint4));
        linkedList9.add(new IdentifierResponse("PlainTooMuchPadding", responseFingerprint4));
        linkedList9.add(new IdentifierResponse("InvPadValMacStart0", responseFingerprint3));
        linkedList9.add(new IdentifierResponse("InvPadValMacMid0", responseFingerprint3));
        linkedList9.add(new IdentifierResponse("InvPadValMacEnd0", responseFingerprint3));
        linkedList9.add(new IdentifierResponse("ValPadInvMacStart0", responseFingerprint3));
        linkedList9.add(new IdentifierResponse("ValPadInvMacMid0", responseFingerprint3));
        linkedList9.add(new IdentifierResponse("ValPadInvMacEnd0", responseFingerprint3));
        linkedList9.add(new IdentifierResponse("InvPadInvMacStart0", responseFingerprint3));
        linkedList9.add(new IdentifierResponse("InvPadInvMacMid0", responseFingerprint3));
        linkedList9.add(new IdentifierResponse("InvPadInvMacEnd0", responseFingerprint3));
        linkedList9.add(new IdentifierResponse("InvPadValMacStart", responseFingerprint3));
        linkedList9.add(new IdentifierResponse("InvPadValMacMid", responseFingerprint3));
        linkedList9.add(new IdentifierResponse("InvPadValMacEnd", responseFingerprint3));
        linkedList9.add(new IdentifierResponse("ValPadInvMacStart", responseFingerprint3));
        linkedList9.add(new IdentifierResponse("ValPadInvMacMid", responseFingerprint3));
        linkedList9.add(new IdentifierResponse("ValPadInvMacEnd", responseFingerprint3));
        linkedList9.add(new IdentifierResponse("InvPadInvMacStart", responseFingerprint3));
        linkedList9.add(new IdentifierResponse("InvPadInvMacMid", responseFingerprint3));
        linkedList9.add(new IdentifierResponse("InvPadInvMacEnd", responseFingerprint3));
        LinkedList linkedList10 = new LinkedList();
        linkedList10.add(new KnownPaddingOracleVulnerability("CVE-2016-2107", "UnluckyHMAC", "UnluckyHMAC (CVE-2016-2107)", PaddingOracleStrength.WEAK, false, linkedList, linkedList2, "A MITM attacker can use a padding oracle attack to decrypt traffic\nwhen the connection uses an AES CBC cipher and the server support\nAES-NI.\n\nThis issue was introduced as part of the fix for Lucky 13 padding\nattack (CVE-2013-0169). The padding check was rewritten to be in\nconstant time by making sure that always the same bytes are read and\ncompared against either the MAC or padding bytes. But it no longer\nchecked that there was enough data to have both the MAC and padding\nbytes.\n\nOpenSSL 1.0.2 users should upgrade to 1.0.2h\nOpenSSL 1.0.1 users should upgrade to 1.0.1t\n\nThis issue was reported to OpenSSL on 13th of April 2016 by Juraj\nSomorovsky using TLS-Attacker. The fix was developed by Kurt Roeckx\nof the OpenSSL development team.", linkedList3, linkedList6, false));
        linkedList10.add(new KnownPaddingOracleVulnerability("CVE-2016-2107", "UnluckyHMAC", "UnluckyHMAC (CVE-2016-2107)", PaddingOracleStrength.WEAK, false, linkedList, linkedList2, "A MITM attacker can use a padding oracle attack to decrypt traffic\nwhen the connection uses an AES CBC cipher and the server support\nAES-NI.\n\nThis issue was introduced as part of the fix for Lucky 13 padding\nattack (CVE-2013-0169). The padding check was rewritten to be in\nconstant time by making sure that always the same bytes are read and\ncompared against either the MAC or padding bytes. But it no longer\nchecked that there was enough data to have both the MAC and padding\nbytes.\n\nOpenSSL 1.0.2 users should upgrade to 1.0.2h\nOpenSSL 1.0.1 users should upgrade to 1.0.1t\n\nThis issue was reported to OpenSSL on 13th of April 2016 by Juraj\nSomorovsky using TLS-Attacker. The fix was developed by Kurt Roeckx\nof the OpenSSL development team.", linkedList3, linkedList9, false));
        return linkedList10;
    }

    public KnownPaddingOracleVulnerability getKnownVulnerability(List<InformationLeakTest<PaddingOracleTestInfo>> list) {
        LOGGER.trace("Trying to attribute PaddingOracle to a Known Vulnerability");
        for (KnownPaddingOracleVulnerability knownPaddingOracleVulnerability : this.knownVulnerabilityList) {
            if (!checkCipherSuitesPlausible(knownPaddingOracleVulnerability, list)) {
                LOGGER.trace("Cipher suites are not plausible for " + knownPaddingOracleVulnerability.getCve());
            } else {
                if (checkTestVectorResponseListPlausible(knownPaddingOracleVulnerability, list)) {
                    LOGGER.trace("Vulnerability identified as " + knownPaddingOracleVulnerability.getCve());
                    return knownPaddingOracleVulnerability;
                }
                LOGGER.trace("Responses are not plausible for " + knownPaddingOracleVulnerability.getCve());
            }
        }
        LOGGER.trace("Vulnerability not found in Database");
        return null;
    }

    private boolean checkCipherSuitesPlausible(KnownPaddingOracleVulnerability knownPaddingOracleVulnerability, List<InformationLeakTest<PaddingOracleTestInfo>> list) {
        for (CipherSuite cipherSuite : knownPaddingOracleVulnerability.getKnownAffectedCipherSuites()) {
            for (InformationLeakTest<PaddingOracleTestInfo> informationLeakTest : list) {
                if (informationLeakTest.getTestInfo().getCipherSuite() == cipherSuite && !Objects.equals(Boolean.valueOf(informationLeakTest.isSignificantDistinctAnswers()), Boolean.TRUE)) {
                    return false;
                }
            }
        }
        for (CipherSuite cipherSuite2 : knownPaddingOracleVulnerability.getKnownNotAffectedCipherSuites()) {
            for (InformationLeakTest<PaddingOracleTestInfo> informationLeakTest2 : list) {
                if (informationLeakTest2.getTestInfo().getCipherSuite() == cipherSuite2 && Objects.equals(Boolean.valueOf(informationLeakTest2.isSignificantDistinctAnswers()), Boolean.TRUE)) {
                    return false;
                }
            }
        }
        return true;
    }

    private boolean checkTestVectorResponseListPlausible(KnownPaddingOracleVulnerability knownPaddingOracleVulnerability, List<InformationLeakTest<PaddingOracleTestInfo>> list) {
        List<VectorContainer> list2 = null;
        for (InformationLeakTest<PaddingOracleTestInfo> informationLeakTest : list) {
            if (informationLeakTest.isSignificantDistinctAnswers() == Boolean.TRUE.booleanValue()) {
                list2 = informationLeakTest.getVectorContainerList();
            }
        }
        if (list2 == null) {
            return false;
        }
        for (VectorContainer vectorContainer : list2) {
            boolean z = false;
            Iterator<IdentifierResponse> it = knownPaddingOracleVulnerability.getResponseIdentification().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                IdentifierResponse next = it.next();
                if (next.getIdentifier().equals(vectorContainer.getVector().getIdentifier())) {
                    z = true;
                    if (FingerPrintChecker.checkEquality(next.getFingerprint(), vectorContainer.getResponseFingerprintList().get(0)) != EqualityError.NONE) {
                        return false;
                    }
                }
            }
            if (!z) {
                return false;
            }
        }
        return true;
    }
}
