package de.rub.nds.tlsattacker.core.util;

import de.rub.nds.tlsattacker.core.config.Config;
import de.rub.nds.tlsattacker.core.exceptions.WorkflowExecutionException;
import de.rub.nds.tlsattacker.core.protocol.message.CertificateMessage;
import de.rub.nds.tlsattacker.core.protocol.message.ClientHelloMessage;
import de.rub.nds.tlsattacker.core.state.State;
import de.rub.nds.tlsattacker.core.workflow.WorkflowExecutorFactory;
import de.rub.nds.tlsattacker.core.workflow.WorkflowTrace;
import de.rub.nds.tlsattacker.core.workflow.action.ReceiveTillAction;
import de.rub.nds.tlsattacker.core.workflow.action.SendAction;
import de.rub.nds.tlsattacker.core.workflow.action.executor.WorkflowExecutorType;
import de.rub.nds.tlsattacker.core.workflow.factory.WorkflowConfigurationFactory;
import java.io.IOException;
import java.security.PublicKey;
import java.security.cert.CertificateParsingException;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.bouncycastle.crypto.tls.Certificate;
import org.bouncycastle.jce.provider.X509CertificateObject;

/* loaded from: input_file:de/rub/nds/tlsattacker/core/util/CertificateFetcher.class */
public class CertificateFetcher {
    private static final Logger LOGGER = LogManager.getLogger();

    public static PublicKey fetchServerPublicKey(Config config) {
        try {
            Certificate fetchServerCertificate = fetchServerCertificate(config);
            if (fetchServerCertificate == null || fetchServerCertificate.getLength() <= 0) {
                return null;
            }
            return new X509CertificateObject(fetchServerCertificate.getCertificateAt(0)).getPublicKey();
        } catch (CertificateParsingException e) {
            throw new WorkflowExecutionException("Could not get public key from server certificate", e);
        }
    }

    public static Certificate fetchServerCertificate(Config config) {
        WorkflowTrace createTlsEntryWorkflowtrace = new WorkflowConfigurationFactory(config).createTlsEntryWorkflowtrace(config.getDefaultClientConnection());
        createTlsEntryWorkflowtrace.addTlsAction(new SendAction(new ClientHelloMessage(config)));
        createTlsEntryWorkflowtrace.addTlsAction(new ReceiveTillAction(new CertificateMessage(config)));
        State state = new State(config, createTlsEntryWorkflowtrace);
        try {
            WorkflowExecutorFactory.createWorkflowExecutor(WorkflowExecutorType.DEFAULT, state).executeWorkflow();
            if (!state.getTlsContext().getTransportHandler().isClosed()) {
                state.getTlsContext().getTransportHandler().closeConnection();
            }
        } catch (WorkflowExecutionException | IOException e) {
            LOGGER.warn("Could not fetch ServerCertificate");
            LOGGER.debug(e);
        }
        return state.getTlsContext().getServerCertificate();
    }

    private CertificateFetcher() {
    }
}
