package org.owasp.webgoat;

import java.io.IOException;
import java.io.PrintWriter;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Locale;
import java.util.TimeZone;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.owasp.webgoat.lessons.AbstractLesson;
import org.owasp.webgoat.lessons.WelcomeScreen;
import org.owasp.webgoat.lessons.admin.WelcomeAdminScreen;
import org.owasp.webgoat.session.Course;
import org.owasp.webgoat.session.ErrorScreen;
import org.owasp.webgoat.session.Screen;
import org.owasp.webgoat.session.UserTracker;
import org.owasp.webgoat.session.WebSession;
import org.owasp.webgoat.session.WebgoatContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/owasp/webgoat/HammerHead.class */
public class HammerHead extends HttpServlet {
    private static final String WELCOMED = "welcomed";
    private static final long serialVersionUID = 645640331343188020L;
    protected static SimpleDateFormat httpDateFormat;
    private static final int sessionTimeoutSeconds = 172800;
    public static String propertiesPath = null;
    final Logger logger = LoggerFactory.getLogger(HammerHead.class);
    private WebgoatContext webgoatContext = null;

    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        doPost(httpServletRequest, httpServletResponse);
    }

    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        Object obj = null;
        try {
            try {
                this.logger.debug("Entering doPost");
                this.logger.debug("request: " + httpServletRequest);
                this.logger.debug("principle: " + httpServletRequest.getUserPrincipal());
                WebSession updateSession = updateSession(httpServletRequest, httpServletResponse, getServletContext());
                if (httpServletResponse.isCommitted()) {
                    this.logger.debug("Response already committed, exiting");
                    try {
                        if (obj instanceof ErrorScreen) {
                            writeScreen(updateSession, null, httpServletResponse);
                        }
                    } catch (Throwable th) {
                        this.logger.error("Could not write error screen", th);
                    }
                    WebSession.returnConnection(updateSession);
                    this.logger.debug("Leaving doPost: ");
                    return;
                }
                if ("true".equals(httpServletRequest.getParameter("start")) || httpServletRequest.getQueryString() == null) {
                    this.logger.warn("Redirecting to first lesson");
                    httpServletResponse.sendRedirect("start.mvc" + updateSession.getCourse().getFirstLesson().getLink());
                    try {
                        if (obj instanceof ErrorScreen) {
                            writeScreen(updateSession, null, httpServletResponse);
                        }
                    } catch (Throwable th2) {
                        this.logger.error("Could not write error screen", th2);
                    }
                    WebSession.returnConnection(updateSession);
                    this.logger.debug("Leaving doPost: ");
                    return;
                }
                Screen makeScreen = makeScreen(updateSession);
                if (httpServletResponse.isCommitted()) {
                    try {
                        if (makeScreen instanceof ErrorScreen) {
                            writeScreen(updateSession, makeScreen, httpServletResponse);
                        }
                    } catch (Throwable th3) {
                        this.logger.error("Could not write error screen", th3);
                    }
                    WebSession.returnConnection(updateSession);
                    this.logger.debug("Leaving doPost: ");
                    return;
                }
                if (makeScreen instanceof AbstractLesson) {
                    AbstractLesson abstractLesson = (AbstractLesson) makeScreen;
                    if ("GET".equals(httpServletRequest.getMethod())) {
                        if (!(httpServletRequest.getRequestURI() + "?" + httpServletRequest.getQueryString()).endsWith(abstractLesson.getLink())) {
                            makeScreen.getLessonTracker(updateSession).incrementNumVisits();
                        }
                    } else if ("POST".equals(httpServletRequest.getMethod()) && updateSession.getPreviousScreen() == updateSession.getCurrentScreen()) {
                        makeScreen.getLessonTracker(updateSession).incrementNumVisits();
                    }
                }
                UserTracker.instance().update(updateSession, makeScreen);
                log(httpServletRequest, makeScreen.getClass().getName() + " | " + updateSession.getParser().toString());
                String header = httpServletRequest.getHeader("user-agent");
                httpServletRequest.setAttribute("client.browser", header != null ? header : "Not known!");
                String viewPage = getViewPage(updateSession);
                this.logger.debug("Forwarding to view: " + viewPage);
                this.logger.debug("Screen: " + makeScreen);
                httpServletRequest.getRequestDispatcher(viewPage).forward(httpServletRequest, httpServletResponse);
                try {
                    if (makeScreen instanceof ErrorScreen) {
                        writeScreen(updateSession, makeScreen, httpServletResponse);
                    }
                } catch (Throwable th4) {
                    this.logger.error("Could not write error screen", th4);
                }
                WebSession.returnConnection(updateSession);
                this.logger.debug("Leaving doPost: ");
            } catch (Throwable th5) {
                try {
                    if (obj instanceof ErrorScreen) {
                        writeScreen(null, null, httpServletResponse);
                    }
                } catch (Throwable th6) {
                    this.logger.error("Could not write error screen", th6);
                }
                WebSession.returnConnection(null);
                this.logger.debug("Leaving doPost: ");
                throw th5;
            }
        } catch (Throwable th7) {
            this.logger.error("Error handling request", th7);
            ErrorScreen errorScreen = new ErrorScreen((WebSession) null, th7);
            try {
                if (errorScreen instanceof ErrorScreen) {
                    writeScreen(null, errorScreen, httpServletResponse);
                }
            } catch (Throwable th8) {
                this.logger.error("Could not write error screen", th8);
            }
            WebSession.returnConnection(null);
            this.logger.debug("Leaving doPost: ");
        }
    }

    private String getViewPage(WebSession webSession) {
        return "/lesson_content.jsp";
    }

    protected static String formatHttpDate(Date date) {
        String format;
        synchronized (httpDateFormat) {
            format = httpDateFormat.format(date);
        }
        return format;
    }

    public String getServletInfo() {
        return "WebGoat is sponsored by Aspect Security.";
    }

    public void init() throws ServletException {
        this.logger.info("Initializing main webgoat servlet");
        httpDateFormat = new SimpleDateFormat("EEE, dd MMM yyyyy HH:mm:ss z", Locale.US);
        httpDateFormat.setTimeZone(TimeZone.getTimeZone("GMT"));
        propertiesPath = getServletContext().getRealPath("/WEB-INF/webgoat.properties");
        this.webgoatContext = new WebgoatContext(this);
    }

    public void log(HttpServletRequest httpServletRequest, String str) {
        String str2 = new Date() + " | " + httpServletRequest.getRemoteHost() + ":" + httpServletRequest.getRemoteAddr() + " | " + str;
        log(str2);
        this.logger.debug(str2);
    }

    protected Screen makeScreen(WebSession webSession) {
        Screen screen = null;
        int currentScreen = webSession.getCurrentScreen();
        Course course = webSession.getCourse();
        if (webSession.isUser() || webSession.isChallenge()) {
            if (currentScreen == -1) {
                screen = new WelcomeScreen(webSession);
            } else {
                AbstractLesson lesson = course.getLesson(webSession, currentScreen, AbstractLesson.USER_ROLE);
                if (lesson == null && webSession.isHackedAdmin()) {
                    lesson = course.getLesson(webSession, currentScreen, AbstractLesson.HACKED_ADMIN_ROLE);
                }
                if (lesson != null) {
                    screen = lesson;
                    webSession.setHasHackableAdmin(screen.getRole());
                    lesson.handleRequest(webSession);
                    webSession.setCurrentMenu(lesson.getCategory().getRanking());
                } else {
                    screen = new ErrorScreen(webSession, "Invalid screen requested.  Try: http://localhost/WebGoat/attack");
                }
            }
        } else if (webSession.isAdmin()) {
            if (currentScreen == -1) {
                screen = new WelcomeAdminScreen(webSession);
            } else {
                AbstractLesson lesson2 = course.getLesson(webSession, currentScreen, "admin");
                if (lesson2 == null) {
                    lesson2 = course.getLesson(webSession, currentScreen, AbstractLesson.HACKED_ADMIN_ROLE);
                }
                if (lesson2 == null) {
                    lesson2 = course.getLesson(webSession, currentScreen, AbstractLesson.USER_ROLE);
                }
                if (lesson2 != null) {
                    screen = lesson2;
                    webSession.setHasHackableAdmin(screen.getRole());
                    lesson2.handleRequest(webSession);
                    webSession.setCurrentMenu(lesson2.getCategory().getRanking());
                } else {
                    screen = new ErrorScreen(webSession, "Invalid screen requested.  Try Setting Admin to false or Try: http://localhost/WebGoat/attack");
                }
            }
        }
        return screen;
    }

    protected static void setCacheHeaders(HttpServletResponse httpServletResponse, int i) {
        if (i != 0) {
            httpServletResponse.setHeader("Expires", formatHttpDate(new Date(System.currentTimeMillis() + i)));
            return;
        }
        httpServletResponse.setHeader("Pragma", "no-cache");
        httpServletResponse.setHeader("Cache-Control", "no-cache");
        httpServletResponse.setHeader("Expires", formatHttpDate(new Date()));
    }

    protected WebSession updateSession(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ServletContext servletContext) throws IOException {
        WebSession webSession;
        HttpSession session = httpServletRequest.getSession(false);
        this.logger.debug("HH Entering Session_id: " + session.getId());
        Object attribute = session.getAttribute(WebSession.SESSION);
        if (attribute == null || !(attribute instanceof WebSession)) {
            this.logger.warn("HH Creating new WebSession");
            webSession = new WebSession(this.webgoatContext, servletContext);
            session.setAttribute(WebSession.SESSION, webSession);
            session.setMaxInactiveInterval(sessionTimeoutSeconds);
        } else {
            webSession = (WebSession) attribute;
            session.setAttribute(WebSession.COURSE, webSession.getCourse());
        }
        webSession.update(httpServletRequest, httpServletResponse, getServletName());
        webSession.updateLastAttackRequestInfo(httpServletRequest);
        this.logger.debug("HH Leaving Session_id: " + session.getId());
        return webSession;
    }

    protected void writeScreen(WebSession webSession, Screen screen, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setContentType("text/html");
        PrintWriter writer = httpServletResponse.getWriter();
        if (webSession == null) {
            screen = new ErrorScreen(webSession, "Page to display was null");
        }
        httpServletResponse.setContentLength(screen.getContentLength());
        httpServletResponse.setHeader("Content-Length", screen.getContentLength() + Catcher.EMPTY_STRING);
        screen.output(writer);
        writer.flush();
        writer.close();
    }
}
