package de.rub.nds.tlsattacker.core.certificate;

import de.rub.nds.tlsattacker.core.constants.AlgorithmResolver;
import de.rub.nds.tlsattacker.core.constants.CertificateKeyType;
import de.rub.nds.tlsattacker.core.constants.HashAlgorithm;
import de.rub.nds.tlsattacker.core.constants.KeyExchangeAlgorithm;
import de.rub.nds.tlsattacker.core.constants.NamedGroup;
import de.rub.nds.tlsattacker.core.constants.RecordByteLength;
import de.rub.nds.tlsattacker.core.constants.SignatureAndHashAlgorithm;
import de.rub.nds.tlsattacker.core.workflow.chooser.Chooser;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.LinkedList;
import java.util.List;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:de/rub/nds/tlsattacker/core/certificate/CertificateByteChooser.class */
public class CertificateByteChooser {
    private static final Logger LOGGER = LogManager.getLogger();
    private static final String RESOURCE_PATH = "certs/";
    private static CertificateByteChooser instance;
    private final List<CertificateKeyPair> keyPairList = new LinkedList();

    /* renamed from: de.rub.nds.tlsattacker.core.certificate.CertificateByteChooser$1, reason: invalid class name */
    /* loaded from: input_file:de/rub/nds/tlsattacker/core/certificate/CertificateByteChooser$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$de$rub$nds$tlsattacker$core$constants$KeyExchangeAlgorithm = new int[KeyExchangeAlgorithm.values().length];

        static {
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$KeyExchangeAlgorithm[KeyExchangeAlgorithm.DH_RSA.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$KeyExchangeAlgorithm[KeyExchangeAlgorithm.DHE_RSA.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$KeyExchangeAlgorithm[KeyExchangeAlgorithm.ECDH_RSA.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$KeyExchangeAlgorithm[KeyExchangeAlgorithm.ECDHE_RSA.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$KeyExchangeAlgorithm[KeyExchangeAlgorithm.RSA.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$KeyExchangeAlgorithm[KeyExchangeAlgorithm.SRP_SHA_RSA.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$KeyExchangeAlgorithm[KeyExchangeAlgorithm.PSK_RSA.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$KeyExchangeAlgorithm[KeyExchangeAlgorithm.ECDHE_ECDSA.ordinal()] = 8;
            } catch (NoSuchFieldError e8) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$KeyExchangeAlgorithm[KeyExchangeAlgorithm.ECDH_ECDSA.ordinal()] = 9;
            } catch (NoSuchFieldError e9) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$KeyExchangeAlgorithm[KeyExchangeAlgorithm.ECMQV_ECDSA.ordinal()] = 10;
            } catch (NoSuchFieldError e10) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$KeyExchangeAlgorithm[KeyExchangeAlgorithm.CECPQ1_ECDSA.ordinal()] = 11;
            } catch (NoSuchFieldError e11) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$KeyExchangeAlgorithm[KeyExchangeAlgorithm.DHE_DSS.ordinal()] = 12;
            } catch (NoSuchFieldError e12) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$KeyExchangeAlgorithm[KeyExchangeAlgorithm.DH_DSS.ordinal()] = 13;
            } catch (NoSuchFieldError e13) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$KeyExchangeAlgorithm[KeyExchangeAlgorithm.SRP_SHA_DSS.ordinal()] = 14;
            } catch (NoSuchFieldError e14) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$KeyExchangeAlgorithm[KeyExchangeAlgorithm.VKO_GOST01.ordinal()] = 15;
            } catch (NoSuchFieldError e15) {
            }
            try {
                $SwitchMap$de$rub$nds$tlsattacker$core$constants$KeyExchangeAlgorithm[KeyExchangeAlgorithm.VKO_GOST12.ordinal()] = 16;
            } catch (NoSuchFieldError e16) {
            }
        }
    }

    public static synchronized CertificateByteChooser getInstance() {
        if (instance == null) {
            instance = new CertificateByteChooser();
        }
        return instance;
    }

    private CertificateByteChooser() {
        loadKeys();
    }

    private List<String> getResourceFiles() throws IOException {
        ArrayList arrayList = new ArrayList();
        arrayList.add("ec_sect163r1_rsa_cert.pem");
        arrayList.add("ec_secp224k1_ecdsa_cert.pem");
        arrayList.add("ec_sect571k1_ecdsa_cert.pem");
        arrayList.add("ec_secp160r2_rsa_cert.pem");
        arrayList.add("ec_sect409k1_rsa_cert.pem");
        arrayList.add("ec_sect193r2_ecdsa_cert.pem");
        arrayList.add("dh_dsa_cert.pem");
        arrayList.add("ec_sect163r2_rsa_cert.pem");
        arrayList.add("ec_secp224r1_ecdsa_cert.pem");
        arrayList.add("ec_sect571r1_ecdsa_cert.pem");
        arrayList.add("ec_secp192k1_rsa_cert.pem");
        arrayList.add("ec_sect409r1_rsa_cert.pem");
        arrayList.add("ec_sect233k1_ecdsa_cert.pem");
        arrayList.add("dh_rsa_cert.pem");
        arrayList.add("ec_sect193r1_rsa_cert.pem");
        arrayList.add("ec_secp256k1_ecdsa_cert.pem");
        arrayList.add("rsa1024_rsa_cert.pem");
        arrayList.add("ec_secp224k1_rsa_cert.pem");
        arrayList.add("ec_sect571k1_rsa_cert.pem");
        arrayList.add("ec_sect233r1_ecdsa_cert.pem");
        arrayList.add("dsa1024_rsa_cert.pem");
        arrayList.add("ec_sect193r2_rsa_cert.pem");
        arrayList.add("ec_secp384r1_ecdsa_cert.pem");
        arrayList.add("rsa2048_rsa_cert.pem");
        arrayList.add("ec_secp224r1_rsa_cert.pem");
        arrayList.add("ec_sect571r1_rsa_cert.pem");
        arrayList.add("ec_sect239k1_ecdsa_cert.pem");
        arrayList.add("dsa2048_rsa_cert.pem");
        arrayList.add("ec_sect233k1_rsa_cert.pem");
        arrayList.add("ec_secp521r1_ecdsa_cert.pem");
        arrayList.add("rsa4096_rsa_cert.pem");
        arrayList.add("ec_secp256k1_rsa_cert.pem");
        arrayList.add("ec_secp160k1_ecdsa_cert.pem");
        arrayList.add("ec_sect283k1_ecdsa_cert.pem");
        arrayList.add("dsa3072_rsa_cert.pem");
        arrayList.add("ec_sect233r1_rsa_cert.pem");
        arrayList.add("ec_sect163k1_ecdsa_cert.pem");
        arrayList.add("rsa512_rsa_cert.pem");
        arrayList.add("ec_secp384r1_rsa_cert.pem");
        arrayList.add("ec_secp160r1_ecdsa_cert.pem");
        arrayList.add("ec_sect283r1_ecdsa_cert.pem");
        arrayList.add("dsa512_rsa_cert.pem");
        arrayList.add("ec_sect239k1_rsa_cert.pem");
        arrayList.add("ec_sect163r1_ecdsa_cert.pem");
        arrayList.add("ec_secp521r1_rsa_cert.pem");
        arrayList.add("ec_secp160r2_ecdsa_cert.pem");
        arrayList.add("ec_sect409k1_ecdsa_cert.pem");
        arrayList.add("ec_secp160k1_rsa_cert.pem");
        arrayList.add("ec_sect283k1_rsa_cert.pem");
        arrayList.add("ec_sect163r2_ecdsa_cert.pem");
        arrayList.add("ec_sect163k1_rsa_cert.pem");
        arrayList.add("ec_secp192k1_ecdsa_cert.pem");
        arrayList.add("ec_sect409r1_ecdsa_cert.pem");
        arrayList.add("ec_secp160r1_rsa_cert.pem");
        arrayList.add("ec_sect283r1_rsa_cert.pem");
        arrayList.add("ec_sect193r1_ecdsa_cert.pem");
        arrayList.add("ec_secp256r1_ecdsa_cert.pem");
        arrayList.add("ec_secp256r1_rsa_cert.pem");
        arrayList.add("gost01_A_cert.pem");
        arrayList.add("gost01_B_cert.pem");
        arrayList.add("gost01_C_cert.pem");
        arrayList.add("gost01_XA_cert.pem");
        arrayList.add("gost01_XB_cert.pem");
        arrayList.add("gost12_256_A_cert.pem");
        arrayList.add("gost12_256_B_cert.pem");
        arrayList.add("gost12_256_C_cert.pem");
        arrayList.add("gost12_512_A_cert.pem");
        arrayList.add("gost12_512_B_cert.pem");
        arrayList.add("gost12_256_XA_cert.pem");
        arrayList.add("gost12_256_XB_cert.pem");
        return arrayList;
    }

    private void loadKeys() {
        try {
            for (String str : getResourceFiles()) {
                if (str.endsWith("cert.pem")) {
                    try {
                        this.keyPairList.add(new CertificateKeyPair(PemUtil.readCertificate(getClass().getClassLoader().getResourceAsStream(RESOURCE_PATH + str)), PemUtil.readPrivateKey(getClass().getClassLoader().getResourceAsStream(RESOURCE_PATH + str.replace("cert.pem", "key.pem")))));
                    } catch (Exception e) {
                        LOGGER.warn("Could not load: " + str, e);
                    }
                }
            }
        } catch (IOException e2) {
            throw new RuntimeException("Could not load ResourcePath: certs/", e2);
        }
    }

    public List<CertificateKeyPair> getCertificateKeyPairList() {
        return Collections.unmodifiableList(this.keyPairList);
    }

    public CertificateKeyPair chooseCertificateKeyPair(Chooser chooser) {
        CertificateKeyType certificateKeyType;
        if (!chooser.getConfig().isAutoSelectCertificate().booleanValue()) {
            return chooser.getConfig().getDefaultExplicitCertificateKeyPair();
        }
        NamedGroup selectedNamedGroup = chooser.getSelectedNamedGroup();
        CertificateKeyType preferredCertificateSignatureType = chooser.getConfig().getPreferredCertificateSignatureType();
        KeyExchangeAlgorithm keyExchangeAlgorithm = AlgorithmResolver.getKeyExchangeAlgorithm(chooser.getSelectedCipherSuite());
        if (chooser.getSelectedProtocolVersion().isTLS13() || keyExchangeAlgorithm == null) {
            certificateKeyType = preferredCertificateSignatureType;
        } else {
            switch (AnonymousClass1.$SwitchMap$de$rub$nds$tlsattacker$core$constants$KeyExchangeAlgorithm[keyExchangeAlgorithm.ordinal()]) {
                case 1:
                case 2:
                case 3:
                case 4:
                case EXPORT_SYMMETRIC_KEY_SIZE_BYTES:
                case RecordByteLength.DTLS_SEQUENCE_NUMBER /* 6 */:
                case 7:
                    if (preferredCertificateSignatureType != CertificateKeyType.RSA) {
                        LOGGER.warn("PreferredSignatureType does not match Cipher suite - ignoring preference");
                    }
                    preferredCertificateSignatureType = CertificateKeyType.RSA;
                    break;
                case 8:
                case 9:
                case 10:
                case 11:
                    if (preferredCertificateSignatureType != CertificateKeyType.ECDSA) {
                        LOGGER.warn("PreferredSignatureType does not match Cipher suite - ignoring preference");
                    }
                    preferredCertificateSignatureType = CertificateKeyType.ECDSA;
                    break;
                case 12:
                case 13:
                case 14:
                    if (preferredCertificateSignatureType != CertificateKeyType.DSS) {
                        LOGGER.warn("PreferredSignatureType does not match Cipher suite - ignoring preference");
                    }
                    preferredCertificateSignatureType = CertificateKeyType.DSS;
                    break;
                case 15:
                    if (preferredCertificateSignatureType != CertificateKeyType.GOST01) {
                        LOGGER.warn("PreferredSignatureType does not match Cipher suite - ignoring preference");
                    }
                    preferredCertificateSignatureType = CertificateKeyType.GOST01;
                    break;
                case 16:
                    if (preferredCertificateSignatureType != CertificateKeyType.GOST01) {
                        LOGGER.warn("PreferredSignatureType does not match Cipher suite - ignoring preference");
                    }
                    preferredCertificateSignatureType = CertificateKeyType.GOST12;
                    break;
                default:
                    LOGGER.warn("CipherSuite does not specify a certificate kex. Using  RSA.");
                    KeyExchangeAlgorithm keyExchangeAlgorithm2 = KeyExchangeAlgorithm.RSA;
                    break;
            }
            certificateKeyType = AlgorithmResolver.getCertificateKeyType(chooser.getSelectedCipherSuite());
        }
        CertificateKeyPair certificateKeyPair = null;
        for (CertificateKeyPair certificateKeyPair2 : this.keyPairList) {
            if (certificateKeyPair2.isUsable(certificateKeyType, preferredCertificateSignatureType)) {
                certificateKeyPair = certificateKeyPair2;
                if (certificateKeyType == CertificateKeyType.ECDSA || certificateKeyType == CertificateKeyType.ECDH) {
                    if (certificateKeyPair2.getSignatureGroup() == null && selectedNamedGroup == certificateKeyPair2.getSignatureGroup()) {
                        return certificateKeyPair2;
                    }
                    if (selectedNamedGroup == certificateKeyPair2.getPublicKeyGroup() && certificateKeyPair2.getSignatureGroup() == certificateKeyPair2.getSignatureGroup()) {
                    }
                }
                SignatureAndHashAlgorithm forCertificateKeyPair = SignatureAndHashAlgorithm.forCertificateKeyPair(certificateKeyPair2, chooser);
                if (certificateKeyType != CertificateKeyType.RSA || !forCertificateKeyPair.getSignatureAlgorithm().toString().startsWith("RSA_PSS") || forCertificateKeyPair.getHashAlgorithm() != HashAlgorithm.SHA512 || certificateKeyPair2.getPublicKey().keySize() >= 2048) {
                    if (certificateKeyType != CertificateKeyType.RSA || certificateKeyPair2.getPublicKey().keySize() == chooser.getConfig().getPrefferedCertRsaKeySize()) {
                        if (certificateKeyType != CertificateKeyType.DSS || certificateKeyPair2.getPublicKey().keySize() == chooser.getConfig().getPrefferedCertDssKeySize()) {
                            return certificateKeyPair2;
                        }
                    }
                }
            }
        }
        if (certificateKeyPair != null) {
            LOGGER.warn("Could not find a fitting Certificate - ignoring preferences...");
            return certificateKeyPair;
        }
        LOGGER.warn("Could not find a matching CertificateKeyPair - returning first in List");
        if (this.keyPairList.isEmpty()) {
            throw new RuntimeException("Key Pair list is empty!");
        }
        return this.keyPairList.get(0);
    }
}
