package org.owasp.webgoat.plugin;

import java.util.ArrayList;
import java.util.List;
import org.apache.ecs.Element;
import org.apache.ecs.ElementContainer;
import org.apache.ecs.StringElement;
import org.apache.ecs.html.BR;
import org.apache.ecs.html.H3;
import org.apache.ecs.html.Input;
import org.apache.ecs.html.Script;
import org.apache.ecs.html.TextArea;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.LessonAdapter;
import org.owasp.webgoat.session.WebSession;

/* loaded from: input_file:WebGoat.war:plugin_lessons/same-origin-policy-protection-1.0.jar:org/owasp/webgoat/plugin/SameOriginPolicyProtection.class */
public class SameOriginPolicyProtection extends LessonAdapter {
    private int triedBothURLs = 0;
    private static final Integer DEFAULT_RANKING = new Integer(876);

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.session.Screen
    public Element createContent(WebSession webSession) {
        ElementContainer elementContainer = new ElementContainer();
        try {
            elementContainer.addElement(new Script().setSrc(LessonUtil.buildJsPath(webSession, this, "sameOrigin.js")));
            Input input = new Input(Input.HIDDEN, "testedURL", "");
            input.setID("testedURL");
            elementContainer.addElement(input);
            elementContainer.addElement(new StringElement("Enter a URL: "));
            elementContainer.addElement(new BR());
            TextArea textArea = new TextArea();
            textArea.setID("requestedURL");
            textArea.setRows(1);
            textArea.setCols(60);
            textArea.setWrap("SOFT");
            elementContainer.addElement(textArea);
            Input input2 = new Input();
            input2.setType(Input.SUBMIT);
            input2.setValue("Go!");
            input2.setName(Input.SUBMIT);
            input2.setID(Input.SUBMIT);
            input2.setOnClick("submitXHR();");
            elementContainer.addElement(input2);
            elementContainer.addElement(new BR());
            elementContainer.addElement(new BR());
            H3 h3 = new H3("Response: ");
            h3.setID("responseTitle");
            elementContainer.addElement(h3);
            TextArea textArea2 = new TextArea();
            textArea2.setName("responseArea");
            textArea2.setID("responseArea");
            textArea2.setCols(60);
            textArea2.setRows(4);
            elementContainer.addElement(textArea2);
            elementContainer.addElement(new BR());
            String buildJspPath = LessonUtil.buildJspPath(webSession, this, "sameOrigin.jsp", true);
            elementContainer.addElement(new BR());
            elementContainer.addElement(new StringElement(String.format("Try both URLs: %s and %s ", buildJspPath, "http://www.google.com/search?q=aspect+security")));
            if (webSession.getParser().getStringParameter("testedURL", "").contains(buildJspPath)) {
                this.triedBothURLs++;
            }
            if (webSession.getParser().getStringParameter("testedURL", "").contains("http://www.google.com/search?q=aspect+security")) {
                this.triedBothURLs++;
            }
        } catch (Exception e) {
            webSession.setMessage("Error generating " + getClass().getName());
            e.printStackTrace();
        }
        if (this.triedBothURLs == 2) {
            makeSuccess(webSession);
        }
        return elementContainer;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    public List<String> getHints(WebSession webSession) {
        ArrayList arrayList = new ArrayList();
        arrayList.add("Enter a URL to see if it is allowed.");
        arrayList.add("Click both of the links below to complete the lesson");
        return arrayList;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Integer getDefaultRanking() {
        return DEFAULT_RANKING;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Category getDefaultCategory() {
        return Category.AJAX_SECURITY;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson, org.owasp.webgoat.session.Screen
    public String getTitle() {
        return "Same Origin Policy Protection";
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    public String getInstructions(WebSession webSession) {
        return "This exercise demonstrates the Same Origin Policy Protection.  XHR requests can only be passed back to  the originating server.  Attempts to pass data to a non-originating server  will fail.";
    }
}
