package org.owasp.webgoat.plugin;

import com.google.common.net.HttpHeaders;
import java.util.ArrayList;
import java.util.List;
import javax.servlet.http.Cookie;
import org.apache.ecs.Element;
import org.apache.ecs.ElementContainer;
import org.apache.ecs.StringElement;
import org.apache.ecs.html.B;
import org.apache.ecs.html.H1;
import org.apache.ecs.html.Input;
import org.apache.ecs.html.P;
import org.apache.ecs.html.TD;
import org.apache.ecs.html.TH;
import org.apache.ecs.html.TR;
import org.apache.ecs.html.Table;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.LessonAdapter;
import org.owasp.webgoat.plugin.GoatHillsFinancial.GoatHillsFinancial;
import org.owasp.webgoat.session.ECSFactory;
import org.owasp.webgoat.session.WebSession;

/* loaded from: input_file:WebGoat.war:plugin_lessons/weak-authentication-cookie-1.0.jar:org/owasp/webgoat/plugin/WeakAuthenticationCookie.class */
public class WeakAuthenticationCookie extends LessonAdapter {
    protected static final String AUTHCOOKIE = "AuthCookie";
    protected static final String LOGOUT = "WACLogout";
    protected static final String PASSWORD = "Password";
    protected static final String USERNAME = "Username";
    private static final Integer DEFAULT_RANKING = new Integer(90);

    protected String checkCookie(WebSession webSession) throws Exception {
        String cookie = getCookie(webSession);
        if (cookie == null) {
            return null;
        }
        if (cookie.equals(encode("webgoat12345"))) {
            return "webgoat";
        }
        if (cookie.equals(encode("aspect12345"))) {
            return "aspect";
        }
        if (cookie.equals(encode("alice12345"))) {
            makeSuccess(webSession);
            return "alice";
        }
        webSession.setMessage(getLabelManager().get("InvalidCookie"));
        webSession.eatCookies();
        return null;
    }

    protected String checkParams(WebSession webSession) throws Exception {
        String stringParameter = webSession.getParser().getStringParameter(USERNAME, "");
        String stringParameter2 = webSession.getParser().getStringParameter("Password", "");
        if (stringParameter.length() <= 0 || stringParameter2.length() <= 0) {
            return null;
        }
        String str = "";
        if (stringParameter.equals("webgoat") && stringParameter2.equals("webgoat")) {
            str = encode("webgoat12345");
        } else if (stringParameter.equals("aspect") && stringParameter2.equals("aspect")) {
            str = encode("aspect12345");
        }
        if (str == "") {
            webSession.setMessage(getLabelManager().get("InvalidUsernameAndPassword"));
            return null;
        }
        Cookie cookie = new Cookie(AUTHCOOKIE, str);
        webSession.setMessage(getLabelManager().get("IdentityRemembered"));
        webSession.getResponse().addCookie(cookie);
        return stringParameter;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.session.Screen
    public Element createContent(WebSession webSession) {
        String checkCookie;
        if (webSession.getParser().getBooleanParameter(LOGOUT, false)) {
            webSession.setMessage(getLabelManager().get("PasswordForgotten"));
            webSession.eatCookies();
            return makeLogin(webSession);
        }
        try {
            checkCookie = checkCookie(webSession);
        } catch (Exception e) {
            webSession.setMessage(getLabelManager().get("ErrorGenerating") + getClass().getName());
            e.printStackTrace();
        }
        if (checkCookie != null && checkCookie.length() > 0) {
            return makeUser(webSession, checkCookie, "COOKIE");
        }
        String checkParams = checkParams(webSession);
        if (checkParams != null && checkParams.length() > 0) {
            return makeUser(webSession, checkParams, "PARAMETERS");
        }
        return makeLogin(webSession);
    }

    private String encode(String str) {
        StringBuffer stringBuffer = new StringBuffer();
        for (int i = 0; i < str.length(); i++) {
            stringBuffer.append(String.valueOf((char) (str.charAt(i) + 1)));
        }
        return stringBuffer.reverse().toString();
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Category getDefaultCategory() {
        return Category.SESSION_MANAGEMENT;
    }

    protected String getCookie(WebSession webSession) {
        Cookie[] cookies = webSession.getRequest().getCookies();
        for (int i = 0; i < cookies.length; i++) {
            if (cookies[i].getName().equalsIgnoreCase(AUTHCOOKIE)) {
                return cookies[i].getValue();
            }
        }
        return null;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected List<String> getHints(WebSession webSession) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(getLabelManager().get("WeakAuthenticationCookieHints1"));
        arrayList.add(getLabelManager().get("WeakAuthenticationCookieHints2"));
        arrayList.add(getLabelManager().get("WeakAuthenticationCookieHints3"));
        arrayList.add(getLabelManager().get("WeakAuthenticationCookieHints4"));
        return arrayList;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Integer getDefaultRanking() {
        return DEFAULT_RANKING;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson, org.owasp.webgoat.session.Screen
    public String getTitle() {
        return "Spoof an Authentication Cookie";
    }

    protected Element makeLogin(WebSession webSession) {
        ElementContainer elementContainer = new ElementContainer();
        elementContainer.addElement(new H1().addElement(getLabelManager().get("SignIn")));
        Table align = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0).setWidth("90%").setAlign("center");
        if (webSession.isColor()) {
            align.setBorder(1);
        }
        TR tr = new TR();
        tr.addElement(new TH().addElement(getLabelManager().get("WeakAuthenticationCookiePleaseSignIn")).setColSpan(2).setAlign("left"));
        align.addElement(tr);
        TR tr2 = new TR();
        tr2.addElement(new TD().addElement("*" + getLabelManager().get("RequiredFields")).setWidth("30%"));
        align.addElement(tr2);
        TR tr3 = new TR();
        tr3.addElement(new TD().addElement("&nbsp;").setColSpan(2));
        align.addElement(tr3);
        TR tr4 = new TR();
        TR tr5 = new TR();
        tr4.addElement(new TD(new B(new StringElement("*" + getLabelManager().get("UserName")))));
        tr5.addElement(new TD(new B(new StringElement("*" + getLabelManager().get("Password")))));
        Input input = new Input("TEXT", USERNAME, "");
        Input input2 = new Input(Input.PASSWORD, "Password", "");
        tr4.addElement(new TD(input));
        tr5.addElement(new TD(input2));
        align.addElement(tr4);
        align.addElement(tr5);
        align.addElement(new TR(new TD(ECSFactory.makeButton(getLabelManager().get(GoatHillsFinancial.LOGIN_ACTION)))));
        elementContainer.addElement(align);
        return elementContainer;
    }

    protected Element makeUser(WebSession webSession, String str, String str2) throws Exception {
        ElementContainer elementContainer = new ElementContainer();
        elementContainer.addElement(new P().addElement(getLabelManager().get("WelcomeUser") + str));
        elementContainer.addElement(new P().addElement(getLabelManager().get("YouHaveBeenAuthenticatedWith") + str2));
        elementContainer.addElement(new P().addElement(ECSFactory.makeLink(getLabelManager().get("Logout"), LOGOUT, true)));
        elementContainer.addElement(new P().addElement(ECSFactory.makeLink(getLabelManager().get(HttpHeaders.REFRESH), "", "")));
        return elementContainer;
    }
}
