package de.rub.nds.tlsscanner.serverscanner.probe;

import de.rub.nds.tlsattacker.core.config.Config;
import de.rub.nds.tlsattacker.core.constants.CipherSuite;
import de.rub.nds.tlsattacker.core.constants.EllipticCurveType;
import de.rub.nds.tlsattacker.core.constants.HandshakeMessageType;
import de.rub.nds.tlsattacker.core.constants.NamedGroup;
import de.rub.nds.tlsattacker.core.constants.ProtocolMessageType;
import de.rub.nds.tlsattacker.core.constants.ProtocolVersion;
import de.rub.nds.tlsattacker.core.constants.SignatureAndHashAlgorithm;
import de.rub.nds.tlsattacker.core.protocol.message.ECDHEServerKeyExchangeMessage;
import de.rub.nds.tlsattacker.core.state.State;
import de.rub.nds.tlsattacker.core.state.TlsContext;
import de.rub.nds.tlsattacker.core.workflow.ParallelExecutor;
import de.rub.nds.tlsattacker.core.workflow.WorkflowTraceUtil;
import de.rub.nds.tlsattacker.core.workflow.factory.WorkflowTraceType;
import de.rub.nds.tlsscanner.serverscanner.config.ScannerConfig;
import de.rub.nds.tlsscanner.serverscanner.constants.ProbeType;
import de.rub.nds.tlsscanner.serverscanner.probe.namedcurve.NamedCurveWitness;
import de.rub.nds.tlsscanner.serverscanner.rating.TestResult;
import de.rub.nds.tlsscanner.serverscanner.report.AnalyzedProperty;
import de.rub.nds.tlsscanner.serverscanner.report.SiteReport;
import de.rub.nds.tlsscanner.serverscanner.report.result.NamedGroupResult;
import de.rub.nds.tlsscanner.serverscanner.report.result.ProbeResult;
import de.rub.nds.tlsscanner.serverscanner.report.result.VersionSuiteListPair;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;

/* loaded from: input_file:de/rub/nds/tlsscanner/serverscanner/probe/NamedCurvesProbe.class */
public class NamedCurvesProbe extends TlsProbe {
    private boolean testUsingRsa;
    private boolean testUsingEcdsaStatic;
    private boolean testUsingEcdsaEphemeral;
    private boolean testUsingTls13;
    private List<NamedGroup> ecdsaPkGroupsEphemeral;
    private List<NamedGroup> ecdsaPkGroupsTls13;
    private List<NamedGroup> ecdsaCertSigGroupsStatic;
    private List<NamedGroup> ecdsaCertSigGroupsEphemeral;
    private List<NamedGroup> ecdsaCertSigGroupsTls13;
    private TestResult ignoresEcdsaGroupDisparity;

    public NamedCurvesProbe(ScannerConfig scannerConfig, ParallelExecutor parallelExecutor) {
        super(parallelExecutor, ProbeType.NAMED_GROUPS, scannerConfig);
        this.testUsingRsa = true;
        this.testUsingEcdsaStatic = true;
        this.testUsingEcdsaEphemeral = true;
        this.testUsingTls13 = true;
        this.ignoresEcdsaGroupDisparity = TestResult.FALSE;
    }

    @Override // de.rub.nds.tlsscanner.serverscanner.probe.TlsProbe
    public ProbeResult executeTest() {
        try {
            Map<NamedGroup, NamedCurveWitness> hashMap = new HashMap();
            Map<NamedGroup, NamedCurveWitness> hashMap2 = new HashMap();
            Map<NamedGroup, NamedCurveWitness> hashMap3 = new HashMap();
            Map<NamedGroup, NamedCurveWitness> hashMap4 = new HashMap();
            TestResult explicitCurveSupport = getExplicitCurveSupport(EllipticCurveType.EXPLICIT_PRIME);
            TestResult explicitCurveSupport2 = getExplicitCurveSupport(EllipticCurveType.EXPLICIT_CHAR2);
            if (this.testUsingRsa) {
                hashMap = getSupportedNamedGroupsRsa();
            }
            if (this.testUsingEcdsaStatic) {
                hashMap2 = getSupportedNamedGroupsEcdsa(getEcdsaStaticCipherSuites(), null, this.ecdsaCertSigGroupsStatic);
            }
            if (this.testUsingEcdsaEphemeral) {
                hashMap3 = getSupportedNamedGroupsEcdsa(getEcdsaEphemeralCipherSuites(), this.ecdsaPkGroupsEphemeral, this.ecdsaCertSigGroupsEphemeral);
            }
            if (this.testUsingTls13) {
                hashMap4 = getTls13SupportedGroups();
            }
            Map<NamedGroup, NamedCurveWitness> composeFullMap = composeFullMap(hashMap, hashMap2, hashMap3);
            return new NamedGroupResult(composeFullMap, hashMap4, explicitCurveSupport, explicitCurveSupport2, getGroupsDependOnCipherSuite(composeFullMap, hashMap, hashMap2, hashMap3), this.ignoresEcdsaGroupDisparity);
        } catch (Exception e) {
            LOGGER.error("Could not scan for " + getProbeName(), e);
            return getCouldNotExecuteResult();
        }
    }

    private Map<NamedGroup, NamedCurveWitness> getSupportedNamedGroupsRsa() {
        Config basicConfig = getBasicConfig();
        basicConfig.setDefaultClientSupportedCipherSuites(getEcRsaCipherSuites());
        ArrayList arrayList = new ArrayList(Arrays.asList(NamedGroup.values()));
        HashMap hashMap = new HashMap();
        while (true) {
            TlsContext testCurves = testCurves(arrayList, basicConfig);
            if (testCurves != null) {
                NamedGroup selectedGroup = testCurves.getSelectedGroup();
                if (!arrayList.contains(selectedGroup)) {
                    LOGGER.debug("Server chose a Curve we did not offer!");
                    break;
                }
                hashMap.put(selectedGroup, new NamedCurveWitness(testCurves.getSelectedCipherSuite()));
                arrayList.remove(selectedGroup);
            }
            if (testCurves == null || arrayList.size() <= 0) {
                break;
            }
        }
        return hashMap;
    }

    private Map<NamedGroup, NamedCurveWitness> getSupportedNamedGroupsEcdsa(List<CipherSuite> list, List<NamedGroup> list2, List<NamedGroup> list3) {
        HashMap hashMap = new HashMap();
        Config basicConfig = getBasicConfig();
        basicConfig.setDefaultClientSupportedCipherSuites(list);
        ArrayList arrayList = new ArrayList(Arrays.asList(NamedGroup.values()));
        if (list2 != null) {
            placeRequiredGroupsLast(arrayList, list2);
        }
        if (list3 != null) {
            placeRequiredGroupsLast(arrayList, list3);
        }
        while (true) {
            TlsContext testCurves = testCurves(arrayList, basicConfig);
            if (testCurves != null) {
                NamedGroup selectedGroup = testCurves.getSelectedGroup();
                NamedGroup ecCertificateCurve = testCurves.getEcCertificateCurve();
                NamedGroup ecCertificateSignatureCurve = testCurves.getEcCertificateSignatureCurve();
                if (!arrayList.contains(ecCertificateCurve) && ecCertificateSignatureCurve != null) {
                    this.ignoresEcdsaGroupDisparity = TestResult.TRUE;
                    ecCertificateCurve = null;
                }
                if (!arrayList.contains(ecCertificateSignatureCurve) && ecCertificateSignatureCurve != null) {
                    this.ignoresEcdsaGroupDisparity = TestResult.TRUE;
                    ecCertificateSignatureCurve = null;
                }
                if (!arrayList.contains(selectedGroup)) {
                    LOGGER.debug("Server chose a Curve we did not offer!");
                    break;
                }
                if (list.get(0).isEphemeral()) {
                    hashMap.put(selectedGroup, new NamedCurveWitness(ecCertificateCurve, null, ecCertificateSignatureCurve, testCurves.getSelectedCipherSuite()));
                } else {
                    hashMap.put(selectedGroup, new NamedCurveWitness(null, ecCertificateSignatureCurve, null, testCurves.getSelectedCipherSuite()));
                }
                arrayList.remove(selectedGroup);
            }
            if (testCurves == null || arrayList.size() <= 0) {
                break;
            }
        }
        return hashMap;
    }

    private TlsContext testCurves(List<NamedGroup> list, Config config) {
        config.setDefaultClientNamedGroups(list);
        State state = new State(config);
        executeState(state);
        if (WorkflowTraceUtil.didReceiveMessage(HandshakeMessageType.SERVER_HELLO, state.getWorkflowTrace())) {
            return state.getTlsContext();
        }
        LOGGER.debug("Did not receive a ServerHello, something went wrong or the Server has some intolerance");
        return null;
    }

    private List<CipherSuite> getEcCipherSuites() {
        LinkedList linkedList = new LinkedList();
        for (CipherSuite cipherSuite : CipherSuite.values()) {
            if (cipherSuite.name().contains("ECDH")) {
                linkedList.add(cipherSuite);
            }
        }
        return linkedList;
    }

    private List<CipherSuite> getEcRsaCipherSuites() {
        LinkedList linkedList = new LinkedList();
        for (CipherSuite cipherSuite : CipherSuite.values()) {
            if (cipherSuite.name().contains("ECDH") && cipherSuite.name().contains("RSA")) {
                linkedList.add(cipherSuite);
            }
        }
        return linkedList;
    }

    private List<CipherSuite> getEcdsaEphemeralCipherSuites() {
        LinkedList linkedList = new LinkedList();
        for (CipherSuite cipherSuite : CipherSuite.values()) {
            if (cipherSuite.name().contains("ECDHE_") && cipherSuite.name().contains("ECDSA")) {
                linkedList.add(cipherSuite);
            }
        }
        return linkedList;
    }

    private List<CipherSuite> getEcdsaStaticCipherSuites() {
        LinkedList linkedList = new LinkedList();
        for (CipherSuite cipherSuite : CipherSuite.values()) {
            if (cipherSuite.name().contains("ECDH_") && cipherSuite.name().contains("ECDSA")) {
                linkedList.add(cipherSuite);
            }
        }
        return linkedList;
    }

    @Override // de.rub.nds.tlsscanner.serverscanner.probe.TlsProbe
    public boolean canBeExecuted(SiteReport siteReport) {
        return (siteReport.getVersionSuitePairs() == null || siteReport.getVersionSuitePairs().isEmpty() || siteReport.getCertificateChainList() == null || !siteReport.isProbeAlreadyExecuted(ProbeType.PROTOCOL_VERSION)) ? false : true;
    }

    @Override // de.rub.nds.tlsscanner.serverscanner.probe.TlsProbe
    public void adjustConfig(SiteReport siteReport) {
        if (siteReport.getResult(AnalyzedProperty.SUPPORTS_RSA_CERT) == TestResult.FALSE) {
            this.testUsingRsa = false;
        }
        this.testUsingEcdsaEphemeral = false;
        this.testUsingEcdsaStatic = false;
        for (VersionSuiteListPair versionSuiteListPair : siteReport.getVersionSuitePairs()) {
            if (versionSuiteListPair.getVersion() != ProtocolVersion.TLS13) {
                for (CipherSuite cipherSuite : versionSuiteListPair.getCipherSuiteList()) {
                    if (cipherSuite.isECDSA() && cipherSuite.isEphemeral()) {
                        this.testUsingEcdsaEphemeral = true;
                    } else if (cipherSuite.isECDSA() && !cipherSuite.isEphemeral()) {
                        this.testUsingEcdsaStatic = true;
                    }
                }
            }
        }
        if (siteReport.getResult(AnalyzedProperty.SUPPORTS_TLS_1_3) != TestResult.TRUE) {
            this.testUsingTls13 = false;
        }
        this.ecdsaPkGroupsEphemeral = siteReport.getEcdsaPkGroupsEphemeral();
        this.ecdsaPkGroupsTls13 = siteReport.getEcdsaPkGroupsTls13();
        this.ecdsaCertSigGroupsStatic = siteReport.getEcdsaSigGroupsStatic();
        this.ecdsaCertSigGroupsEphemeral = siteReport.getEcdsaSigGroupsStatic();
        this.ecdsaCertSigGroupsTls13 = siteReport.getEcdsaSigGroupsTls13();
    }

    @Override // de.rub.nds.tlsscanner.serverscanner.probe.TlsProbe
    public ProbeResult getCouldNotExecuteResult() {
        return new NamedGroupResult(new HashMap(), new HashMap(), TestResult.COULD_NOT_TEST, TestResult.COULD_NOT_TEST, TestResult.COULD_NOT_TEST, TestResult.COULD_NOT_TEST);
    }

    private TestResult getExplicitCurveSupport(EllipticCurveType ellipticCurveType) {
        Config basicConfig = getBasicConfig();
        if (ellipticCurveType == EllipticCurveType.EXPLICIT_PRIME) {
            basicConfig.setDefaultClientNamedGroups(new NamedGroup[]{NamedGroup.EXPLICIT_PRIME});
        } else {
            basicConfig.setDefaultClientNamedGroups(new NamedGroup[]{NamedGroup.EXPLICIT_CHAR2});
        }
        basicConfig.setDefaultClientSupportedCipherSuites(getEcCipherSuites());
        State state = new State(basicConfig);
        executeState(state);
        if (WorkflowTraceUtil.didReceiveMessage(ProtocolMessageType.UNKNOWN, state.getWorkflowTrace())) {
            return TestResult.UNCERTAIN;
        }
        if (WorkflowTraceUtil.didReceiveMessage(HandshakeMessageType.SERVER_KEY_EXCHANGE, state.getWorkflowTrace())) {
            ECDHEServerKeyExchangeMessage firstReceivedMessage = WorkflowTraceUtil.getFirstReceivedMessage(HandshakeMessageType.SERVER_KEY_EXCHANGE, state.getWorkflowTrace());
            if ((firstReceivedMessage instanceof ECDHEServerKeyExchangeMessage) && ((Byte) firstReceivedMessage.getGroupType().getValue()).byteValue() == ellipticCurveType.getValue()) {
                return TestResult.TRUE;
            }
        }
        return TestResult.FALSE;
    }

    private Config getBasicConfig() {
        Config createConfig = getScannerConfig().createConfig();
        createConfig.setQuickReceive(true);
        createConfig.setStopActionsAfterIOException(true);
        createConfig.setHighestProtocolVersion(ProtocolVersion.TLS12);
        createConfig.setEnforceSettings(false);
        createConfig.setEarlyStop(true);
        createConfig.setStopReceivingAfterFatal(true);
        createConfig.setStopActionsAfterFatal(true);
        createConfig.setWorkflowTraceType(WorkflowTraceType.HELLO);
        createConfig.setAddECPointFormatExtension(true);
        createConfig.setAddEllipticCurveExtension(true);
        createConfig.setAddRenegotiationInfoExtension(true);
        createConfig.setAddSignatureAndHashAlgorithmsExtension(true);
        return createConfig;
    }

    public void placeRequiredGroupsLast(List<NamedGroup> list, List<NamedGroup> list2) {
        int i = 0;
        while (i < list.size()) {
            if (list2.contains(list.get(i))) {
                list.remove(i);
                i--;
            }
            i++;
        }
        list.addAll(list2);
    }

    private Map<NamedGroup, NamedCurveWitness> getTls13SupportedGroups() {
        HashMap hashMap = new HashMap();
        List<NamedGroup> implemented = NamedGroup.getImplemented();
        LinkedList linkedList = new LinkedList();
        if (this.ecdsaPkGroupsTls13 != null) {
            placeRequiredGroupsLast(linkedList, this.ecdsaPkGroupsTls13);
        }
        if (this.ecdsaCertSigGroupsTls13 != null) {
            placeRequiredGroupsLast(linkedList, this.ecdsaCertSigGroupsTls13);
        }
        while (true) {
            TlsContext tls13SupportedGroup = getTls13SupportedGroup(implemented);
            if (tls13SupportedGroup != null) {
                NamedGroup selectedGroup = tls13SupportedGroup.getSelectedGroup();
                NamedGroup ecCertificateCurve = tls13SupportedGroup.getEcCertificateCurve();
                NamedGroup ecCertificateSignatureCurve = tls13SupportedGroup.getEcCertificateSignatureCurve();
                if (!implemented.contains(ecCertificateCurve) && ecCertificateCurve != null) {
                    this.ignoresEcdsaGroupDisparity = TestResult.TRUE;
                    ecCertificateCurve = null;
                }
                if (!implemented.contains(ecCertificateSignatureCurve) && ecCertificateSignatureCurve != null) {
                    this.ignoresEcdsaGroupDisparity = TestResult.TRUE;
                    ecCertificateSignatureCurve = null;
                }
                if (!implemented.contains(selectedGroup)) {
                    LOGGER.warn("Server chose a group we did not offer:" + selectedGroup);
                    break;
                }
                hashMap.put(selectedGroup, new NamedCurveWitness(ecCertificateCurve, null, ecCertificateSignatureCurve, tls13SupportedGroup.getSelectedCipherSuite()));
                implemented.remove(selectedGroup);
            }
            if (tls13SupportedGroup == null || implemented.isEmpty()) {
                break;
            }
        }
        return hashMap;
    }

    public TlsContext getTls13SupportedGroup(List<NamedGroup> list) {
        Config createConfig = getScannerConfig().createConfig();
        createConfig.setQuickReceive(true);
        createConfig.setDefaultClientSupportedCipherSuites(CipherSuite.getImplementedTls13CipherSuites());
        createConfig.setHighestProtocolVersion(ProtocolVersion.TLS13);
        createConfig.setSupportedVersions(new ProtocolVersion[]{ProtocolVersion.TLS13});
        createConfig.setEnforceSettings(false);
        createConfig.setEarlyStop(true);
        createConfig.setStopReceivingAfterFatal(true);
        createConfig.setStopActionsAfterFatal(true);
        createConfig.setWorkflowTraceType(WorkflowTraceType.HELLO);
        createConfig.setDefaultClientNamedGroups(list);
        createConfig.setDefaultClientKeyShareNamedGroups(list);
        createConfig.setAddECPointFormatExtension(false);
        createConfig.setAddEllipticCurveExtension(true);
        createConfig.setAddSignatureAndHashAlgorithmsExtension(true);
        createConfig.setAddSupportedVersionsExtension(true);
        createConfig.setAddKeyShareExtension(true);
        createConfig.setAddCertificateStatusRequestExtension(true);
        createConfig.setUseFreshRandom(true);
        createConfig.setDefaultClientSupportedSignatureAndHashAlgorithms(SignatureAndHashAlgorithm.getTls13SignatureAndHashAlgorithms());
        State state = new State(createConfig);
        executeState(state);
        if (WorkflowTraceUtil.didReceiveMessage(HandshakeMessageType.SERVER_HELLO, state.getWorkflowTrace())) {
            return state.getTlsContext();
        }
        LOGGER.debug("Did not receive ServerHello Message");
        LOGGER.debug(state.getWorkflowTrace().toString());
        return null;
    }

    private Map<NamedGroup, NamedCurveWitness> composeFullMap(Map<NamedGroup, NamedCurveWitness> map, Map<NamedGroup, NamedCurveWitness> map2, Map<NamedGroup, NamedCurveWitness> map3) {
        LinkedList<NamedGroup> linkedList = new LinkedList();
        for (NamedGroup namedGroup : map.keySet()) {
            if (!linkedList.contains(namedGroup)) {
                linkedList.add(namedGroup);
            }
        }
        for (NamedGroup namedGroup2 : map2.keySet()) {
            if (!linkedList.contains(namedGroup2)) {
                linkedList.add(namedGroup2);
            }
        }
        for (NamedGroup namedGroup3 : map3.keySet()) {
            if (!linkedList.contains(namedGroup3)) {
                linkedList.add(namedGroup3);
            }
        }
        HashMap hashMap = new HashMap();
        for (NamedGroup namedGroup4 : linkedList) {
            NamedCurveWitness namedCurveWitness = new NamedCurveWitness();
            if (map.containsKey(namedGroup4)) {
                namedCurveWitness.getCipherSuites().addAll(map.get(namedGroup4).getCipherSuites());
            }
            if (map2.containsKey(namedGroup4)) {
                namedCurveWitness.getCipherSuites().addAll(map2.get(namedGroup4).getCipherSuites());
                namedCurveWitness.setEcdsaSigGroupStatic(map2.get(namedGroup4).getEcdsaSigGroupStatic());
            }
            if (map3.containsKey(namedGroup4)) {
                namedCurveWitness.getCipherSuites().addAll(map3.get(namedGroup4).getCipherSuites());
                namedCurveWitness.setEcdsaPkGroupEphemeral(map3.get(namedGroup4).getEcdsaPkGroupEphemeral());
                namedCurveWitness.setEcdsaSigGroupEphemeral(map3.get(namedGroup4).getEcdsaSigGroupEphemeral());
            }
            hashMap.put(namedGroup4, namedCurveWitness);
        }
        return hashMap;
    }

    private TestResult getGroupsDependOnCipherSuite(Map<NamedGroup, NamedCurveWitness> map, Map<NamedGroup, NamedCurveWitness> map2, Map<NamedGroup, NamedCurveWitness> map3, Map<NamedGroup, NamedCurveWitness> map4) {
        for (NamedGroup namedGroup : map.keySet()) {
            if ((this.testUsingRsa && !map2.containsKey(namedGroup)) || ((this.testUsingEcdsaStatic && !map3.containsKey(namedGroup)) || (this.testUsingEcdsaEphemeral && !map4.containsKey(namedGroup)))) {
                if (namedGroup.isCurve()) {
                    return TestResult.TRUE;
                }
            }
        }
        return TestResult.FALSE;
    }
}
