package de.rub.nds.tlsattacker.core.protocol.handler;

import de.rub.nds.modifiablevariable.util.ArrayConverter;
import de.rub.nds.tlsattacker.core.certificate.CertificateKeyPair;
import de.rub.nds.tlsattacker.core.constants.CertificateType;
import de.rub.nds.tlsattacker.core.constants.HandshakeMessageType;
import de.rub.nds.tlsattacker.core.constants.NamedGroup;
import de.rub.nds.tlsattacker.core.crypto.ec.Point;
import de.rub.nds.tlsattacker.core.crypto.ec.PointFormatter;
import de.rub.nds.tlsattacker.core.exceptions.AdjustmentException;
import de.rub.nds.tlsattacker.core.protocol.handler.factory.HandlerFactory;
import de.rub.nds.tlsattacker.core.protocol.message.CertificateMessage;
import de.rub.nds.tlsattacker.core.protocol.message.cert.CertificateEntry;
import de.rub.nds.tlsattacker.core.protocol.message.cert.CertificatePair;
import de.rub.nds.tlsattacker.core.protocol.message.extension.ExtensionMessage;
import de.rub.nds.tlsattacker.core.protocol.message.extension.HRRKeyShareExtensionMessage;
import de.rub.nds.tlsattacker.core.protocol.parser.CertificateMessageParser;
import de.rub.nds.tlsattacker.core.protocol.preparator.CertificateMessagePreparator;
import de.rub.nds.tlsattacker.core.protocol.serializer.CertificateMessageSerializer;
import de.rub.nds.tlsattacker.core.state.TlsContext;
import de.rub.nds.tlsattacker.transport.ConnectionEndType;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.bouncycastle.asn1.ASN1InputStream;
import org.bouncycastle.asn1.DLSequence;
import org.bouncycastle.crypto.tls.Certificate;

/* loaded from: input_file:de/rub/nds/tlsattacker/core/protocol/handler/CertificateMessageHandler.class */
public class CertificateMessageHandler extends HandshakeMessageHandler<CertificateMessage> {
    private static final Logger LOGGER = LogManager.getLogger();

    public CertificateMessageHandler(TlsContext tlsContext) {
        super(tlsContext);
    }

    @Override // de.rub.nds.tlsattacker.core.protocol.handler.ProtocolMessageHandler, de.rub.nds.tlsattacker.core.protocol.handler.Handler
    public CertificateMessageParser getParser(byte[] bArr, int i) {
        return new CertificateMessageParser(i, bArr, this.tlsContext.getChooser().getSelectedProtocolVersion(), this.tlsContext.getConfig());
    }

    @Override // de.rub.nds.tlsattacker.core.protocol.handler.ProtocolMessageHandler, de.rub.nds.tlsattacker.core.protocol.handler.Handler
    public CertificateMessagePreparator getPreparator(CertificateMessage certificateMessage) {
        return new CertificateMessagePreparator(this.tlsContext.getChooser(), certificateMessage);
    }

    @Override // de.rub.nds.tlsattacker.core.protocol.handler.ProtocolMessageHandler, de.rub.nds.tlsattacker.core.protocol.handler.Handler
    public CertificateMessageSerializer getSerializer(CertificateMessage certificateMessage) {
        return new CertificateMessageSerializer(certificateMessage, this.tlsContext.getChooser().getSelectedProtocolVersion());
    }

    private CertificateType selectTypeInternally() {
        return this.tlsContext.getTalkingConnectionEndType() == ConnectionEndType.SERVER ? this.tlsContext.getChooser().getSelectedServerCertificateType() : this.tlsContext.getChooser().getSelectedClientCertificateType();
    }

    @Override // de.rub.nds.tlsattacker.core.protocol.handler.ProtocolMessageHandler
    public void adjustTLSContext(CertificateMessage certificateMessage) {
        Certificate parseCertificate;
        switch (selectTypeInternally()) {
            case OPEN_PGP:
                throw new UnsupportedOperationException("We do not support OpenPGP keys");
            case RAW_PUBLIC_KEY:
                LOGGER.debug("Adjusting context for RAW PUBLIC KEY ceritifate message");
                try {
                    ASN1InputStream aSN1InputStream = new ASN1InputStream((byte[]) certificateMessage.getCertificatesListBytes().getValue());
                    DLSequence readObject = aSN1InputStream.readObject();
                    DLSequence objectAt = readObject.getObjectAt(0);
                    if (!objectAt.getObjectAt(0).getId().equals("1.2.840.10045.2.1")) {
                        throw new UnsupportedOperationException("We currently do only support EC raw public keys. Sorry...");
                    }
                    if (!objectAt.getObjectAt(1).getId().equals("1.2.840.10045.3.1.7")) {
                        throw new UnsupportedOperationException("We currently do only support secp256r1 public keys. Sorry...");
                    }
                    Point formatFromByteArray = PointFormatter.formatFromByteArray(NamedGroup.SECP256R1, readObject.getObjectAt(1).getBytes());
                    if (this.tlsContext.getTalkingConnectionEndType() == ConnectionEndType.SERVER) {
                        this.tlsContext.setServerEcPublicKey(formatFromByteArray);
                    } else {
                        this.tlsContext.setClientEcPublicKey(formatFromByteArray);
                    }
                    aSN1InputStream.close();
                    return;
                } catch (Exception e) {
                    LOGGER.warn("Could read RAW PublicKey. Not adjusting context", e);
                    return;
                }
            case X509:
                LOGGER.debug("Adjusting context for x509 ceritifate message");
                if (this.tlsContext.getChooser().getSelectedProtocolVersion().isTLS13()) {
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    int i = 0;
                    try {
                        for (CertificatePair certificatePair : certificateMessage.getCertificatesList()) {
                            byteArrayOutputStream.write(ArrayConverter.intToBytes(((Integer) certificatePair.getCertificateLength().getValue()).intValue(), 3));
                            byteArrayOutputStream.write((byte[]) certificatePair.getCertificate().getValue());
                            i += ((Integer) certificatePair.getCertificateLength().getValue()).intValue() + 3;
                        }
                        parseCertificate = parseCertificate(i, byteArrayOutputStream.toByteArray());
                    } catch (IOException e2) {
                        throw new AdjustmentException("Could not concatenate certificates bytes", e2);
                    }
                } else {
                    parseCertificate = parseCertificate(((Integer) certificateMessage.getCertificatesListLength().getValue()).intValue(), (byte[]) certificateMessage.getCertificatesListBytes().getValue());
                }
                if (this.tlsContext.getTalkingConnectionEndType() == ConnectionEndType.CLIENT) {
                    LOGGER.debug("Setting ClientCertificate in Context");
                    this.tlsContext.setClientCertificate(parseCertificate);
                } else {
                    LOGGER.debug("Setting ServerCertificate in Context");
                    this.tlsContext.setServerCertificate(parseCertificate);
                }
                if (certificateMessage.getCertificateKeyPair() != null) {
                    LOGGER.debug("Found a certificate key pair. Adjusting in context");
                    certificateMessage.getCertificateKeyPair().adjustInContext(this.tlsContext, this.tlsContext.getTalkingConnectionEndType());
                } else if (parseCertificate == null) {
                    LOGGER.debug("Ceritificate not parseable - no adjustments");
                } else if (parseCertificate.isEmpty()) {
                    LOGGER.debug("Certificate is empty - no adjustments");
                } else {
                    LOGGER.debug("No CertificatekeyPair found, creating new one");
                    certificateMessage.setCertificateKeyPair(new CertificateKeyPair(parseCertificate));
                    certificateMessage.getCertificateKeyPair().adjustInContext(this.tlsContext, this.tlsContext.getTalkingConnectionEndType());
                }
                if (this.tlsContext.getChooser().getSelectedProtocolVersion().isTLS13()) {
                    adjustExtensions(certificateMessage);
                    return;
                }
                return;
            default:
                throw new UnsupportedOperationException("Unsupported CertificateType!");
        }
    }

    /* JADX WARN: Type inference failed for: r2v6, types: [byte[], byte[][]] */
    private Certificate parseCertificate(int i, byte[] bArr) {
        try {
            return Certificate.parse(new ByteArrayInputStream(ArrayConverter.concatenate((byte[][]) new byte[]{ArrayConverter.intToBytes(i, 3), bArr})));
        } catch (Exception e) {
            LOGGER.warn("Could not parse Certificate bytes into Certificate object:" + ArrayConverter.bytesToHexString(bArr, false), e);
            LOGGER.debug(e);
            return null;
        }
    }

    private void adjustExtensions(CertificateMessage certificateMessage) {
        if (certificateMessage.getCertificatesListAsEntry() != null) {
            for (CertificateEntry certificateEntry : certificateMessage.getCertificatesListAsEntry()) {
                if (certificateEntry.getExtensions() != null) {
                    for (ExtensionMessage extensionMessage : certificateEntry.getExtensions()) {
                        HandshakeMessageType handshakeMessageType = HandshakeMessageType.CERTIFICATE;
                        if (extensionMessage instanceof HRRKeyShareExtensionMessage) {
                            handshakeMessageType = HandshakeMessageType.HELLO_RETRY_REQUEST;
                        }
                        HandlerFactory.getExtensionHandler(this.tlsContext, extensionMessage.getExtensionTypeConstant(), handshakeMessageType).adjustTLSContext(extensionMessage);
                    }
                }
            }
        }
    }
}
