package de.rub.nds.tlsattacker.core.tokenbinding;

import de.rub.nds.modifiablevariable.util.ArrayConverter;
import de.rub.nds.modifiablevariable.util.BadRandom;
import de.rub.nds.tlsattacker.core.constants.ECPointFormat;
import de.rub.nds.tlsattacker.core.constants.EllipticCurveType;
import de.rub.nds.tlsattacker.core.constants.NamedGroup;
import de.rub.nds.tlsattacker.core.constants.ProtocolVersion;
import de.rub.nds.tlsattacker.core.constants.TokenBindingKeyParameters;
import de.rub.nds.tlsattacker.core.crypto.ECCUtilsBCWrapper;
import de.rub.nds.tlsattacker.core.crypto.ec.CurveFactory;
import de.rub.nds.tlsattacker.core.crypto.ec.EllipticCurve;
import de.rub.nds.tlsattacker.core.crypto.ec.PointFormatter;
import de.rub.nds.tlsattacker.core.exceptions.CryptoException;
import de.rub.nds.tlsattacker.core.exceptions.PreparationException;
import de.rub.nds.tlsattacker.core.exceptions.WorkflowExecutionException;
import de.rub.nds.tlsattacker.core.protocol.preparator.ProtocolMessagePreparator;
import de.rub.nds.tlsattacker.core.workflow.chooser.Chooser;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Random;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.bouncycastle.crypto.params.ECDomainParameters;
import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import org.bouncycastle.crypto.params.ParametersWithRandom;
import org.bouncycastle.crypto.signers.ECDSASigner;

/* loaded from: input_file:de/rub/nds/tlsattacker/core/tokenbinding/TokenBindingMessagePreparator.class */
public class TokenBindingMessagePreparator extends ProtocolMessagePreparator<TokenBindingMessage> {
    private static final Logger LOGGER = LogManager.getLogger();
    private final TokenBindingMessage message;

    public TokenBindingMessagePreparator(Chooser chooser, TokenBindingMessage tokenBindingMessage) {
        super(chooser, tokenBindingMessage);
        this.message = tokenBindingMessage;
    }

    /* JADX WARN: Type inference failed for: r1v80, types: [byte[], byte[][]] */
    @Override // de.rub.nds.tlsattacker.core.protocol.preparator.ProtocolMessagePreparator
    protected void prepareProtocolMessageContents() {
        this.message.setTokenbindingType(this.chooser.getConfig().getDefaultTokenBindingType().getTokenBindingTypeValue());
        this.message.setKeyParameter(this.chooser.getConfig().getDefaultTokenBindingKeyParameters().get(0).getValue());
        if (this.chooser.getConfig().getDefaultTokenBindingKeyParameters().get(0) == TokenBindingKeyParameters.ECDSAP256) {
            EllipticCurve curve = CurveFactory.getCurve(NamedGroup.SECP256R1);
            BigInteger defaultTokenBindingEcPrivateKey = this.chooser.getConfig().getDefaultTokenBindingEcPrivateKey();
            LOGGER.debug("Using private Key:" + defaultTokenBindingEcPrivateKey);
            this.message.setPoint(PointFormatter.toRawFormat(curve.mult(defaultTokenBindingEcPrivateKey, curve.getBasePoint())));
            this.message.setPointLength(((byte[]) this.message.getPoint().getValue()).length);
            ParametersWithRandom parametersWithRandom = new ParametersWithRandom(new ECPrivateKeyParameters(defaultTokenBindingEcPrivateKey, generateEcParameters()), new BadRandom(new Random(0L), new byte[0]));
            ECDSASigner eCDSASigner = new ECDSASigner();
            eCDSASigner.init(true, parametersWithRandom);
            try {
                MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
                messageDigest.update(generateToBeSigned());
                BigInteger[] generateSignature = eCDSASigner.generateSignature(messageDigest.digest());
                this.message.setSignature(ArrayConverter.concatenate((byte[][]) new byte[]{ArrayConverter.bigIntegerToByteArray(generateSignature[0]), ArrayConverter.bigIntegerToByteArray(generateSignature[1])}));
            } catch (NoSuchAlgorithmException e) {
                throw new WorkflowExecutionException("Could not create SHA-256 digest", e);
            }
        } else {
            this.message.setModulus(this.chooser.getConfig().getDefaultTokenBindingRsaModulus().toByteArray());
            this.message.setModulusLength(((byte[]) this.message.getModulus().getValue()).length);
            this.message.setPublicExponent(this.chooser.getConfig().getDefaultTokenBindingRsaPublicKey().toByteArray());
            this.message.setPublicExponentLength(((byte[]) this.message.getPublicExponent().getValue()).length);
        }
        this.message.setKeyLength(new TokenBindingMessageSerializer(this.message, this.chooser.getSelectedProtocolVersion()).serializeKey().length);
        this.message.setExtensionBytes(new byte[0]);
        this.message.setExtensionLength(((byte[]) this.message.getExtensionBytes().getValue()).length);
        this.message.setSignatureLength(((byte[]) this.message.getSignature().getValue()).length);
        this.message.setTokenbindingsLength(new TokenBindingMessageSerializer(this.message, ProtocolVersion.TLS12).serializeBinding().length);
    }

    /* JADX WARN: Type inference failed for: r2v3, types: [byte[], byte[][]] */
    private ECDomainParameters generateEcParameters() {
        try {
            return ECCUtilsBCWrapper.readECParameters(new NamedGroup[]{NamedGroup.SECP256R1}, new ECPointFormat[]{ECPointFormat.UNCOMPRESSED}, new ByteArrayInputStream(ArrayConverter.concatenate((byte[][]) new byte[]{new byte[]{EllipticCurveType.NAMED_CURVE.getValue()}, NamedGroup.SECP256R1.getValue()})));
        } catch (IOException e) {
            throw new PreparationException("Failed to generate EC domain parameters", e);
        }
    }

    private byte[] generateToBeSigned() {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byteArrayOutputStream.write(new byte[]{((Byte) this.message.getTokenbindingType().getValue()).byteValue()});
            byteArrayOutputStream.write(new byte[]{((Byte) this.message.getKeyParameter().getValue()).byteValue()});
            byteArrayOutputStream.write(TokenCalculator.calculateEKM(this.chooser, 32));
            return byteArrayOutputStream.toByteArray();
        } catch (CryptoException | IOException e) {
            throw new PreparationException("Could not generate data to be Signed!", e);
        }
    }
}
