package de.rub.nds.tlsattacker.core.protocol.handler;

import com.google.common.collect.Sets;
import de.rub.nds.modifiablevariable.util.ArrayConverter;
import de.rub.nds.tlsattacker.core.constants.ClientCertificateType;
import de.rub.nds.tlsattacker.core.constants.ProtocolVersion;
import de.rub.nds.tlsattacker.core.constants.SignatureAndHashAlgorithm;
import de.rub.nds.tlsattacker.core.protocol.message.CertificateRequestMessage;
import de.rub.nds.tlsattacker.core.protocol.message.extension.SignatureAndHashAlgorithmsExtensionMessage;
import de.rub.nds.tlsattacker.core.protocol.parser.CertificateRequestParser;
import de.rub.nds.tlsattacker.core.protocol.preparator.CertificateRequestPreparator;
import de.rub.nds.tlsattacker.core.protocol.serializer.CertificateRequestSerializer;
import de.rub.nds.tlsattacker.core.state.TlsContext;
import java.util.Collections;
import java.util.LinkedList;
import java.util.List;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:de/rub/nds/tlsattacker/core/protocol/handler/CertificateRequestHandler.class */
public class CertificateRequestHandler extends HandshakeMessageHandler<CertificateRequestMessage> {
    private static final Logger LOGGER = LogManager.getLogger();

    public CertificateRequestHandler(TlsContext tlsContext) {
        super(tlsContext);
    }

    @Override // de.rub.nds.tlsattacker.core.protocol.handler.HandshakeMessageHandler, de.rub.nds.tlsattacker.core.protocol.handler.TlsMessageHandler, de.rub.nds.tlsattacker.core.protocol.ProtocolMessageHandler, de.rub.nds.tlsattacker.core.protocol.Handler
    public CertificateRequestParser getParser(byte[] bArr, int i) {
        return new CertificateRequestParser(i, bArr, this.tlsContext.getChooser().getLastRecordVersion(), this.tlsContext.getConfig());
    }

    @Override // de.rub.nds.tlsattacker.core.protocol.handler.HandshakeMessageHandler, de.rub.nds.tlsattacker.core.protocol.handler.TlsMessageHandler, de.rub.nds.tlsattacker.core.protocol.ProtocolMessageHandler, de.rub.nds.tlsattacker.core.protocol.Handler
    public CertificateRequestPreparator getPreparator(CertificateRequestMessage certificateRequestMessage) {
        return new CertificateRequestPreparator(this.tlsContext.getChooser(), certificateRequestMessage);
    }

    @Override // de.rub.nds.tlsattacker.core.protocol.handler.HandshakeMessageHandler, de.rub.nds.tlsattacker.core.protocol.handler.TlsMessageHandler, de.rub.nds.tlsattacker.core.protocol.ProtocolMessageHandler, de.rub.nds.tlsattacker.core.protocol.Handler
    public CertificateRequestSerializer getSerializer(CertificateRequestMessage certificateRequestMessage) {
        return new CertificateRequestSerializer(certificateRequestMessage, this.tlsContext.getChooser().getSelectedProtocolVersion());
    }

    @Override // de.rub.nds.tlsattacker.core.protocol.handler.TlsMessageHandler
    public void adjustTLSContext(CertificateRequestMessage certificateRequestMessage) {
        if (this.tlsContext.getChooser().getSelectedProtocolVersion().isTLS13()) {
            adjustCertificateRequestContext(certificateRequestMessage);
            adjustServerSupportedSignatureAndHashAlgorithms(certificateRequestMessage);
            return;
        }
        adjustClientCertificateTypes(certificateRequestMessage);
        adjustDistinguishedNames(certificateRequestMessage);
        if (this.tlsContext.getChooser().getSelectedProtocolVersion() == ProtocolVersion.TLS12 || this.tlsContext.getChooser().getSelectedProtocolVersion() == ProtocolVersion.DTLS12) {
            adjustServerSupportedSignatureAndHashAlgorithms(certificateRequestMessage);
        }
    }

    private void adjustServerSupportedSignatureAndHashAlgorithms(CertificateRequestMessage certificateRequestMessage) {
        List<SignatureAndHashAlgorithm> convertSignatureAndHashAlgorithms;
        if (this.tlsContext.getChooser().getSelectedProtocolVersion().isTLS13()) {
            SignatureAndHashAlgorithmsExtensionMessage signatureAndHashAlgorithmsExtensionMessage = (SignatureAndHashAlgorithmsExtensionMessage) certificateRequestMessage.getExtension(SignatureAndHashAlgorithmsExtensionMessage.class);
            convertSignatureAndHashAlgorithms = signatureAndHashAlgorithmsExtensionMessage != null ? convertSignatureAndHashAlgorithms((byte[]) signatureAndHashAlgorithmsExtensionMessage.getSignatureAndHashAlgorithms().getValue()) : certificateRequestMessage.getSignatureHashAlgorithms() != null ? convertSignatureAndHashAlgorithms((byte[]) certificateRequestMessage.getSignatureHashAlgorithms().getValue()) : new LinkedList();
        } else {
            convertSignatureAndHashAlgorithms = certificateRequestMessage.getSignatureHashAlgorithms() != null ? convertSignatureAndHashAlgorithms((byte[]) certificateRequestMessage.getSignatureHashAlgorithms().getValue()) : new LinkedList();
        }
        this.tlsContext.setServerSupportedSignatureAndHashAlgorithms(convertSignatureAndHashAlgorithms);
        LOGGER.debug("Set ServerSupportedSignatureAndHashAlgorithms to " + convertSignatureAndHashAlgorithms.toString());
    }

    private void adjustDistinguishedNames(CertificateRequestMessage certificateRequestMessage) {
        if (certificateRequestMessage.getDistinguishedNames() == null || certificateRequestMessage.getDistinguishedNames().getValue() == null) {
            LOGGER.debug("Not adjusting DistinguishedNames");
            return;
        }
        byte[] bArr = (byte[]) certificateRequestMessage.getDistinguishedNames().getValue();
        this.tlsContext.setDistinguishedNames(bArr);
        LOGGER.debug("Set DistinguishedNames in Context to " + ArrayConverter.bytesToHexString(bArr, false));
    }

    private void adjustClientCertificateTypes(CertificateRequestMessage certificateRequestMessage) {
        List<ClientCertificateType> convertClientCertificateTypes = convertClientCertificateTypes((byte[]) certificateRequestMessage.getClientCertificateTypes().getValue());
        this.tlsContext.setClientCertificateTypes(convertClientCertificateTypes);
        LOGGER.debug("Set ClientCertificateType in Context to " + convertClientCertificateTypes.toString());
    }

    private List<ClientCertificateType> convertClientCertificateTypes(byte[] bArr) {
        LinkedList linkedList = new LinkedList();
        for (byte b : bArr) {
            ClientCertificateType clientCertificateType = ClientCertificateType.getClientCertificateType(b);
            if (clientCertificateType == null) {
                LOGGER.warn("Cannot convert:" + ((int) b) + " to a ClientCertificateType");
            } else {
                linkedList.add(clientCertificateType);
            }
        }
        return linkedList;
    }

    private List<SignatureAndHashAlgorithm> convertSignatureAndHashAlgorithms(byte[] bArr) {
        if (bArr.length % 2 != 0) {
            LOGGER.warn("Cannot convert:" + ArrayConverter.bytesToHexString(bArr, false) + " to a List<SignatureAndHashAlgorithm>");
            return new LinkedList();
        }
        LinkedList linkedList = new LinkedList();
        for (int i = 0; i < bArr.length; i += 2) {
            linkedList.add(SignatureAndHashAlgorithm.getSignatureAndHashAlgorithm(new byte[]{bArr[i], bArr[i + 1]}));
        }
        return linkedList;
    }

    private void adjustSelectedSignatureAndHashAlgorithm() {
        if (Collections.disjoint(this.tlsContext.getChooser().getClientSupportedSignatureAndHashAlgorithms(), this.tlsContext.getChooser().getServerSupportedSignatureAndHashAlgorithms())) {
            LOGGER.warn("Client and Server have no signature and hash algorithm in common");
            return;
        }
        SignatureAndHashAlgorithm signatureAndHashAlgorithm = (SignatureAndHashAlgorithm) Sets.intersection(Sets.newHashSet(this.tlsContext.getChooser().getClientSupportedSignatureAndHashAlgorithms()), Sets.newHashSet(this.tlsContext.getChooser().getServerSupportedSignatureAndHashAlgorithms())).toArray()[0];
        this.tlsContext.setSelectedSignatureAndHashAlgorithm(signatureAndHashAlgorithm);
        LOGGER.debug("Adjusting selected signature and hash algorithm to: " + signatureAndHashAlgorithm.name());
    }

    private void adjustCertificateRequestContext(CertificateRequestMessage certificateRequestMessage) {
        this.tlsContext.setCertificateRequestContext((byte[]) certificateRequestMessage.getCertificateRequestContext().getValue());
    }
}
