package org.owasp.webgoat.session;

import java.io.IOException;
import java.io.PrintWriter;
import java.security.Principal;
import java.sql.Connection;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Vector;
import javax.servlet.ServletContext;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.helpers.DateLayout;
import org.apache.log4j.spi.LocationInfo;
import org.owasp.webgoat.lessons.AbstractLesson;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.RandomLessonAdapter;
import org.owasp.webgoat.lessons.SequentialLessonAdapter;
import org.owasp.webgoat.lessons.model.RequestParameter;
import org.owasp.webgoat.util.BeanProvider;
import org.owasp.webgoat.util.LabelManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.BeanFactory;

/* loaded from: input_file:WebGoat.war:WEB-INF/classes/org/owasp/webgoat/session/WebSession.class */
public class WebSession {
    public static final String ADMIN = "admin";
    public static final String WEBGOAT_USER = "ROLE_WEBGOAT_USER";
    public static final String WEBGOAT_ADMIN = "ROLE_WEBGOAT_ADMIN";
    public static final String CHALLENGE = "Challenge";
    public static final String COLOR = "color";
    public static final String COURSE = "course";
    public static final int ERROR = 0;
    public static final String STAGE = "stage";
    public static final String JSESSION_ID = "jsessionid";
    public static final String LOGOUT = "Logout";
    public static final String RESTART = "Restart";
    public static final String MENU = "menu";
    public static final String SCREEN = "Screen";
    public static final String SESSION = "websession";
    public static final String SHOWSOURCE = "ShowSource";
    public static final String SHOWSOLUTION = "ShowSolution";
    public static final String SHOWHINTS = "ShowHints";
    public static final String SHOW = "show";
    public static final String SHOW_NEXTHINT = "NextHint";
    public static final String SHOW_PREVIOUSHINT = "PreviousHint";
    public static final String SHOW_PARAMS = "Params";
    public static final String SHOW_COOKIES = "Cookies";
    public static final String SHOW_SOURCE = "Source";
    public static final String SHOW_SOLUTION = "Solution";
    public static final String DEBUG = "debug";
    public static final String LANGUAGE = "language";
    public static final int WELCOME = -1;
    private WebgoatContext webgoatContext;
    private ServletContext context;
    private ParameterParser myParser;
    private String servletName;
    private boolean showCookies;
    private boolean showParams;
    private boolean showRequest;
    private boolean showSource;
    private boolean showSolution;
    private int currentMenu;
    private String currentLanguage;
    private List<Cookie> cookiesOnLastRequest;
    private List<RequestParameter> parmsOnLastRequest;
    final Logger logger = LoggerFactory.getLogger((Class<?>) WebSession.class);
    private int currentScreen = -1;
    private int previousScreen = 0;
    private int hintNum = -1;
    private boolean isAdmin = false;
    private boolean isHackedAdmin = false;
    private boolean isAuthenticated = false;
    private boolean isColor = false;
    private boolean isDebug = false;
    private boolean hasHackedHackableAdmin = false;
    private StringBuffer message = new StringBuffer("");
    private HttpServletRequest request = null;
    private HttpServletResponse response = null;
    private HashMap<String, Object> session = new HashMap<>();
    private boolean completedHackableAdmin = false;
    private Map<AbstractLesson, LessonSession> lessonSessions = new Hashtable();
    private Course course = new Course();

    public WebSession(WebgoatContext webgoatContext, ServletContext servletContext) {
        this.context = null;
        this.showCookies = false;
        this.showParams = false;
        this.showRequest = false;
        this.showSource = false;
        this.showSolution = false;
        this.currentLanguage = null;
        this.webgoatContext = webgoatContext;
        this.showParams = webgoatContext.isShowParams();
        this.showCookies = webgoatContext.isShowCookies();
        this.showSource = webgoatContext.isShowSource();
        this.showSolution = webgoatContext.isShowSolution();
        this.showRequest = webgoatContext.isShowRequest();
        this.currentLanguage = webgoatContext.getDefaultLanguage();
        this.context = servletContext;
        this.course.loadCourses(webgoatContext, servletContext, "/");
    }

    public static synchronized Connection getConnection(WebSession webSession) throws SQLException {
        return DatabaseUtilities.getConnection(webSession);
    }

    public static void returnConnection(WebSession webSession) {
        DatabaseUtilities.returnConnection(webSession.getUserName());
    }

    public void add(String str, Object obj) {
        this.session.put(str, obj);
    }

    public void clearMessage() {
        this.message.setLength(0);
    }

    public void eatCookies() {
        Cookie[] cookies = this.request.getCookies();
        for (int i = 0; i < cookies.length; i++) {
            if (!cookies[i].getName().startsWith("JS")) {
                cookies[i].setMaxAge(0);
                this.response.addCookie(cookies[i]);
            }
        }
    }

    public Object get(String str) {
        return this.session.get(str);
    }

    public ServletContext getContext() {
        return this.context;
    }

    public List<String> getRoles() {
        ArrayList arrayList = new ArrayList();
        arrayList.add("user");
        if (isAdmin()) {
            arrayList.add("admin");
        }
        return arrayList;
    }

    public void setAdmin(boolean z) {
        this.isAdmin = z;
    }

    public String getRole() {
        return isAdmin() ? "admin" : isHackedAdmin() ? AbstractLesson.HACKED_ADMIN_ROLE : isChallenge() ? AbstractLesson.CHALLENGE_ROLE : "user";
    }

    public Course getCourse() {
        return this.course;
    }

    public void setCourse(Course course) {
        this.course = course;
    }

    public int getCurrentScreen() {
        return this.currentScreen;
    }

    public void setCurrentScreen(int i) {
        this.currentScreen = i;
    }

    public String getRestartLink() {
        return getCurrentLesson().getLink() + BeanFactory.FACTORY_BEAN_PREFIX + RESTART + "=" + getCurrentScreen();
    }

    public String getCurrentLink() {
        String str;
        String str2 = "attack";
        Enumeration<String> parameterNames = this.request.getParameterNames();
        boolean z = true;
        while (parameterNames.hasMoreElements()) {
            String nextElement = parameterNames.nextElement();
            if (z) {
                z = false;
                str = str2 + LocationInfo.NA;
            } else {
                str = str2 + BeanFactory.FACTORY_BEAN_PREFIX;
            }
            str2 = str + nextElement + "=" + this.request.getParameter(nextElement);
        }
        return str2;
    }

    public AbstractLesson getCurrentLesson() {
        return getCourse().getLesson(this, getCurrentScreen(), getRoles());
    }

    public AbstractLesson getLesson(int i) {
        return getCourse().getLesson(this, i, getRoles());
    }

    public List<AbstractLesson> getLessons(Category category) {
        return getCourse().getLessons(this, category, getRoles());
    }

    private int getHintNum() {
        return this.hintNum;
    }

    public String getHint() {
        String str = null;
        if (getHintNum() > getCurrentLesson().getHintCount(this)) {
            this.hintNum = -1;
        }
        if (getHintNum() >= 0) {
            str = getCurrentLesson().getHint(this, getHintNum());
        }
        return str;
    }

    public List<Parameter> getParams() {
        Vector vector = null;
        if (showParams() && getParser() != null) {
            vector = new Vector();
            Enumeration parameterNames = getParser().getParameterNames();
            while (parameterNames != null && parameterNames.hasMoreElements()) {
                String str = (String) parameterNames.nextElement();
                String[] parameterValues = getParser().getParameterValues(str);
                for (int i = 0; parameterValues != null && i < parameterValues.length; i++) {
                    vector.add(new Parameter(str, parameterValues[i]));
                }
            }
            Collections.sort(vector);
        }
        return vector;
    }

    public List<Cookie> getCookies() {
        List<Cookie> list = null;
        if (showCookies()) {
            list = Arrays.asList(this.request.getCookies());
        }
        return list;
    }

    public String getCookie(String str) {
        Cookie[] cookies = getRequest().getCookies();
        for (int i = 0; i < cookies.length; i++) {
            if (cookies[i].getName().equalsIgnoreCase(str)) {
                return cookies[i].getValue();
            }
        }
        return null;
    }

    public String getSource() {
        return "Sorry.  No Java Source viewing available.";
    }

    public String getSolution() {
        return "Sorry.  No solution is available.";
    }

    public String getInstructions() {
        return getCurrentLesson().getInstructions(this);
    }

    public String getMessage() {
        return this.message.toString();
    }

    public ParameterParser getParser() {
        return this.myParser;
    }

    public int getPreviousScreen() {
        return this.previousScreen;
    }

    public HttpServletRequest getRequest() {
        return this.request;
    }

    public void setRequest(HttpServletRequest httpServletRequest) {
        this.request = httpServletRequest;
    }

    public HttpServletResponse getResponse() {
        return this.response;
    }

    public String getServletName() {
        return this.servletName;
    }

    public String getWebResource(String str) {
        return this.context.getRealPath(str);
    }

    public boolean isAdmin() {
        return this.isAdmin;
    }

    public boolean isHackedAdmin() {
        return this.isHackedAdmin;
    }

    public boolean completedHackableAdmin() {
        return this.completedHackableAdmin;
    }

    public boolean isAuthenticated() {
        return this.isAuthenticated;
    }

    public boolean isAuthenticatedInLesson(AbstractLesson abstractLesson) {
        boolean z = false;
        LessonSession lessonSession = getLessonSession(abstractLesson);
        if (lessonSession != null) {
            z = lessonSession.isAuthenticated();
        }
        return z;
    }

    public boolean isAuthorizedInLesson(int i, String str) {
        return getCurrentLesson().isAuthorized(this, i, str);
    }

    public boolean isAuthorizedInLesson(String str, String str2) {
        return getCurrentLesson().isAuthorized(this, str, str2);
    }

    public int getUserIdInLesson() throws ParameterNotFoundException {
        return getCurrentLesson().getUserId(this);
    }

    public String getUserNameInLesson() throws ParameterNotFoundException {
        return getCurrentLesson().getUserName(this);
    }

    public void openLessonSession(AbstractLesson abstractLesson) {
        System.out.println("Opening new lesson session for lesson " + abstractLesson);
        this.lessonSessions.put(abstractLesson, new LessonSession());
    }

    public void closeLessonSession(AbstractLesson abstractLesson) {
        this.lessonSessions.remove(abstractLesson);
    }

    public LessonSession getLessonSession(AbstractLesson abstractLesson) {
        return this.lessonSessions.get(abstractLesson);
    }

    public boolean isChallenge() {
        if (getCurrentLesson() != null) {
            return Category.CHALLENGE.equals(getCurrentLesson().getCategory());
        }
        return false;
    }

    public boolean isColor() {
        return this.isColor;
    }

    public boolean isScreen(int i) {
        return getCurrentScreen() == i;
    }

    public boolean isUser() {
        return (this.isAdmin || isChallenge()) ? false : true;
    }

    public void setMessage(String str) {
        this.message.append("<BR> * " + str);
    }

    public void setLineBreak(String str) {
        this.message.append("<BR><BR>" + str);
    }

    public boolean showCookies() {
        return this.showCookies;
    }

    public boolean showParams() {
        return this.showParams;
    }

    public boolean showRequest() {
        return this.showRequest;
    }

    public boolean showSource() {
        return this.showSource;
    }

    public boolean showSolution() {
        return this.showSolution;
    }

    public String getUserName() {
        HttpServletRequest request = getRequest();
        if (request == null) {
            throw new RuntimeException("Could not find the ServletRequest in the web session");
        }
        Principal userPrincipal = request.getUserPrincipal();
        if (userPrincipal == null) {
            throw new RuntimeException("Could not find the Principal in the Servlet Request");
        }
        return userPrincipal.getName();
    }

    public void update(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException {
        String str2 = null;
        clearMessage();
        this.request = httpServletRequest;
        this.response = httpServletResponse;
        this.servletName = str;
        if (this.myParser == null) {
            this.myParser = new ParameterParser(httpServletRequest);
        } else {
            this.myParser.update(httpServletRequest);
        }
        Locale locale = httpServletRequest.getLocale();
        if (locale != null) {
            ((LabelManager) BeanProvider.getBean("labelManager", LabelManager.class)).setLocale(locale);
        }
        if (getPreviousScreen() == -1 || (getRequest().getSession(false) != null && getCurrentScreen() == -1 && getPreviousScreen() == 0)) {
            this.currentScreen = this.course.getFirstLesson().getScreenId();
            this.hintNum = -1;
        }
        this.previousScreen = this.currentScreen;
        try {
            if (!httpServletRequest.getSession().isNew()) {
                this.currentScreen = this.myParser.getIntParameter(SCREEN, this.currentScreen);
            } else if (!this.myParser.getRawParameter(SCREEN, DateLayout.NULL_DATE_FORMAT).equals(DateLayout.NULL_DATE_FORMAT)) {
                setMessage("Session Timeout - Starting new Session.");
            }
        } catch (Exception e) {
        }
        if (getCurrentScreen() != getPreviousScreen()) {
            if (this.webgoatContext.isDebug()) {
                setMessage("Changed to a new screen, clearing cookies and hints");
            }
            eatCookies();
            this.hintNum = -1;
        } else if (this.myParser.getRawParameter(STAGE, null) != null) {
            AbstractLesson currentLesson = getCurrentLesson();
            if (currentLesson instanceof SequentialLessonAdapter) {
                SequentialLessonAdapter sequentialLessonAdapter = (SequentialLessonAdapter) currentLesson;
                int intParameter = this.myParser.getIntParameter(STAGE, sequentialLessonAdapter.getStage(this));
                if (intParameter > 0 && intParameter <= sequentialLessonAdapter.getStageCount()) {
                    sequentialLessonAdapter.setStage(this, intParameter);
                }
            } else if (currentLesson instanceof RandomLessonAdapter) {
                try {
                    RandomLessonAdapter randomLessonAdapter = (RandomLessonAdapter) currentLesson;
                    if (this.myParser.getRawParameter(STAGE).equals("null")) {
                        randomLessonAdapter.setStage(this, null);
                    } else {
                        int intParameter2 = this.myParser.getIntParameter(STAGE) - 1;
                        String[] stages = randomLessonAdapter.getStages();
                        if (stages == null) {
                            stages = new String[0];
                        }
                        if (intParameter2 >= 0 && intParameter2 < stages.length) {
                            randomLessonAdapter.setStage(this, stages[intParameter2]);
                        }
                    }
                } catch (ParameterNotFoundException e2) {
                }
            }
        } else {
            int intParameter3 = this.myParser.getIntParameter(RESTART, -1);
            if (intParameter3 != -1) {
                restartLesson(intParameter3);
            }
            String stringParameter = this.myParser.getStringParameter(SHOW, null);
            if (stringParameter != null) {
                if (stringParameter.equalsIgnoreCase(SHOW_PARAMS)) {
                    this.showParams = !this.showParams;
                } else if (stringParameter.equalsIgnoreCase(SHOW_COOKIES)) {
                    this.showCookies = !this.showCookies;
                } else if (stringParameter.equalsIgnoreCase(SHOW_SOURCE)) {
                    str2 = getSource();
                } else if (stringParameter.equalsIgnoreCase(SHOW_SOLUTION)) {
                    str2 = getSolution();
                } else if (stringParameter.equalsIgnoreCase(SHOW_NEXTHINT)) {
                    getNextHint();
                } else if (stringParameter.equalsIgnoreCase(SHOW_PREVIOUSHINT)) {
                    getPreviousHint();
                }
            }
        }
        this.isAdmin = httpServletRequest.isUserInRole(WEBGOAT_ADMIN);
        this.isHackedAdmin = this.myParser.getBooleanParameter("admin", this.isAdmin);
        if (this.isHackedAdmin) {
            System.out.println("Hacked admin");
            this.hasHackedHackableAdmin = true;
        }
        this.isColor = this.myParser.getBooleanParameter(COLOR, this.isColor);
        this.isDebug = this.myParser.getBooleanParameter("debug", this.isDebug);
        if (str2 != null) {
            httpServletResponse.setContentType("text/html");
            PrintWriter printWriter = new PrintWriter(httpServletResponse.getOutputStream());
            printWriter.print(str2);
            printWriter.flush();
            printWriter.close();
        }
    }

    public void updateLastAttackRequestInfo(HttpServletRequest httpServletRequest) {
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies == null) {
            this.cookiesOnLastRequest = new ArrayList();
        } else {
            this.cookiesOnLastRequest = Arrays.asList(cookies);
        }
        Map<String, String[]> parameterMap = httpServletRequest.getParameterMap();
        this.logger.info("PARM MAP: " + parameterMap);
        if (parameterMap == null) {
            this.parmsOnLastRequest = new ArrayList();
            return;
        }
        this.parmsOnLastRequest = new ArrayList();
        for (String str : parameterMap.keySet()) {
            String[] strArr = parameterMap.get(str);
            String str2 = "";
            StringBuffer stringBuffer = new StringBuffer();
            if (strArr != null && strArr.length > 0) {
                for (String str3 : strArr) {
                    stringBuffer.append(str2).append(str3);
                    str2 = ",";
                }
            }
            this.parmsOnLastRequest.add(new RequestParameter(str, stringBuffer.toString()));
        }
    }

    public void restartLesson(int i) {
        AbstractLesson lesson = getLesson(i);
        System.out.println("Restarting lesson: " + lesson);
        lesson.restartLesson();
        lesson.getLessonTracker(this).setCompleted(false);
        if (lesson instanceof SequentialLessonAdapter) {
            ((SequentialLessonAdapter) lesson).getLessonTracker(this).setStage(1);
        } else if (lesson instanceof RandomLessonAdapter) {
            RandomLessonAdapter randomLessonAdapter = (RandomLessonAdapter) lesson;
            randomLessonAdapter.setStage(this, randomLessonAdapter.getStages()[0]);
        }
    }

    public void setHasHackableAdmin(String str) {
        this.hasHackedHackableAdmin = AbstractLesson.HACKED_ADMIN_ROLE.equals(str) & this.hasHackedHackableAdmin;
        if (this.hasHackedHackableAdmin) {
            this.completedHackableAdmin = true;
        }
    }

    public boolean isDebug() {
        return this.isDebug;
    }

    public String getHeader(String str) {
        return getRequest().getHeader(str);
    }

    public String getNextHint() {
        String str = null;
        if (this.hintNum < getCurrentLesson().getHintCount(this) - 1) {
            this.hintNum++;
            getCurrentLesson().getLessonTracker(this).setMaxHintLevel(getHintNum() + 1);
            str = getCurrentLesson().getHint(this, getHintNum());
        }
        return str;
    }

    public String getPreviousHint() {
        String str = null;
        if (this.hintNum > 0) {
            this.hintNum--;
            getCurrentLesson().getLessonTracker(this).setMaxHintLevel(getHintNum() + 1);
            str = getCurrentLesson().getHint(this, getHintNum());
        }
        return str;
    }

    public void setCurrentMenu(Integer num) {
        this.currentMenu = num.intValue();
    }

    public int getCurrentMenu() {
        return this.currentMenu;
    }

    public WebgoatContext getWebgoatContext() {
        return this.webgoatContext;
    }

    public String getCurrrentLanguage() {
        return this.currentLanguage;
    }

    public List<Cookie> getCookiesOnLastRequest() {
        return this.cookiesOnLastRequest;
    }

    public List<RequestParameter> getParmsOnLastRequest() {
        return this.parmsOnLastRequest;
    }
}
