package org.owasp.webgoat.plugin;

import com.gargoylesoftware.htmlunit.html.HtmlForm;
import com.thoughtworks.selenium.SeleniumLogLevels;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.util.ArrayList;
import java.util.List;
import java.util.Random;
import org.apache.ecs.Element;
import org.apache.ecs.ElementContainer;
import org.apache.ecs.StringElement;
import org.apache.ecs.html.A;
import org.apache.ecs.html.B;
import org.apache.ecs.html.Div;
import org.apache.ecs.html.Form;
import org.apache.ecs.html.H2;
import org.apache.ecs.html.Input;
import org.apache.ecs.html.TD;
import org.apache.ecs.html.TR;
import org.apache.ecs.html.Table;
import org.apache.ecs.html.TextArea;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.SequentialLessonAdapter;
import org.owasp.webgoat.plugin.GoatHillsFinancial.GoatHillsFinancial;
import org.owasp.webgoat.session.DatabaseUtilities;
import org.owasp.webgoat.session.WebSession;
import org.springframework.security.config.Elements;
import org.springframework.web.servlet.tags.form.InputTag;
import org.springframework.web.servlet.tags.form.TextareaTag;

/* loaded from: input_file:WebGoat.war:plugin_lessons/session-fixation-1.0.jar:org/owasp/webgoat/plugin/SessionFixation.class */
public class SessionFixation extends SequentialLessonAdapter {
    private static final String USER = "user3";
    private static final String PASSWORD = "pass3";
    private static final String LOGGEDIN = "loggedin3";
    private static final String LOGGEDINUSER = "loggedInUser3";
    private static final Random random = new Random(System.currentTimeMillis());
    private static final Integer DEFAULT_RANKING = new Integer(222);
    private final String mailTo = "jane.plane@owasp.org";
    private final String mailFrom = "admin@webgoatfinancial.com";
    private final String mailTitel = "Check your account";
    private final String MAILCONTENTNAME = "mailContent";
    private String sid = "";

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.session.Screen
    public Element createContent(WebSession webSession) {
        if (this.sid.equals("") && getLessonTracker(webSession).getStage() > 2) {
            getLessonTracker(webSession).setStage(1);
        }
        String stringParameter = webSession.getParser().getStringParameter("SID", "");
        if (!stringParameter.equals("")) {
            this.sid = stringParameter;
        }
        if (!webSession.getParser().getStringParameter(WebSession.RESTART, "").equals("")) {
            webSession.add(LOGGEDIN, "false");
            webSession.add("SID", "");
            this.sid = "";
        }
        if (getLessonTracker(webSession).getStage() == 3) {
            webSession.add("SID", stringParameter);
            if (stringParameter.equals("")) {
                String randomSIDGenerator = randomSIDGenerator();
                webSession.add("SID", randomSIDGenerator);
                this.sid = randomSIDGenerator;
            } else {
                webSession.add("SID", stringParameter);
            }
            String stringParameter2 = webSession.getParser().getStringParameter(USER, "");
            if (correctLogin(stringParameter2, webSession.getParser().getStringParameter(PASSWORD, ""), webSession)) {
                getLessonTracker(webSession).setStage(4);
                stringParameter = "";
                webSession.add(LOGGEDIN, "true");
                webSession.add(LOGGEDINUSER, stringParameter2);
                webSession.setMessage("You completed stage 3!");
            }
        }
        if (getLessonTracker(webSession).getStage() == 4 && stringParameter.equals("NOVALIDSESSION")) {
            getLessonTracker(webSession).setStage(5);
        }
        if (getLessonTracker(webSession).getStage() == 2 && !stringParameter.equals("")) {
            webSession.add("SID", stringParameter);
            getLessonTracker(webSession).setStage(3);
            webSession.setMessage("You completed stage 2!");
        }
        String rawParameter = webSession.getParser().getRawParameter("mailContent", "");
        if (!rawParameter.equals("")) {
            webSession.add("mailContent", rawParameter);
        }
        if ((rawParameter.contains("&SID=") || rawParameter.contains("?SID=")) && getLessonTracker(webSession).getStage() == 1) {
            getLessonTracker(webSession).setStage(2);
            webSession.setMessage("You completed stage 1!");
        }
        return super.createStagedContent(webSession);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.owasp.webgoat.lessons.SequentialLessonAdapter
    public ElementContainer doStage1(WebSession webSession) {
        ElementContainer elementContainer = new ElementContainer();
        elementContainer.addElement(createStage1Content(webSession));
        return elementContainer;
    }

    @Override // org.owasp.webgoat.lessons.SequentialLessonAdapter
    protected Element doStage2(WebSession webSession) throws Exception {
        ElementContainer elementContainer = new ElementContainer();
        elementContainer.addElement(createStage2Content(webSession));
        return elementContainer;
    }

    private Element createStage2Content(WebSession webSession) {
        ElementContainer elementContainer = new ElementContainer();
        String str = (String) webSession.get("mailContent");
        if (str == null) {
            getLessonTracker(webSession).setStage(1);
            return createStage1Content(webSession);
        }
        elementContainer.addElement("<b>Mail From:</b> &nbsp;&nbsp;admin@webgoatfinancial.com<br><br>" + str);
        return elementContainer;
    }

    @Override // org.owasp.webgoat.lessons.SequentialLessonAdapter
    protected Element doStage3(WebSession webSession) throws Exception {
        return createStage3Content(webSession);
    }

    @Override // org.owasp.webgoat.lessons.SequentialLessonAdapter
    protected Element doStage4(WebSession webSession) throws Exception {
        return createStage4Content(webSession);
    }

    @Override // org.owasp.webgoat.lessons.SequentialLessonAdapter
    protected Element doStage5(WebSession webSession) throws Exception {
        return createStage5Content(webSession);
    }

    private Element createStage5Content(WebSession webSession) {
        return createMainLoginContent(webSession);
    }

    private Element createStage3Content(WebSession webSession) {
        return createMainLoginContent(webSession);
    }

    private Element createStage4Content(WebSession webSession) {
        ElementContainer elementContainer = new ElementContainer();
        elementContainer.addElement("<h2>Jane has logged into her account. Go and grab her session! Use Following link to reach the login screen of the bank:</h2><br><br><a href=" + super.getLink() + "&SID=NOVALIDSESSION><center> Goat Hills Financial </center></a><br><br><br><br>");
        return elementContainer;
    }

    private Element createStage1Content(WebSession webSession) {
        String str = "<b>Dear MS. Plane</b> <br><br>During the last week we had a few problems with our database. We have received many complaints regarding incorrect account details. Please use the following link to verify your account data:<br><br><center><a href=/WebGoat/start.mvc" + getLink() + "> Goat Hills Financial</a></center><br><br>We are sorry for the any inconvenience and thank you for your cooparation.<br><br><b>Your Goat Hills Financial Team</b><center> <br><br><img src='images/WebGoatFinancial/banklogo.jpg'></center>";
        ElementContainer elementContainer = new ElementContainer();
        Table table = new Table();
        TR tr = new TR();
        TD td = new TD();
        TD td2 = new TD();
        TR tr2 = new TR();
        TD td3 = new TD();
        TD td4 = new TD();
        TR tr3 = new TR();
        TD td5 = new TD();
        TD td6 = new TD();
        TR tr4 = new TR();
        TD td7 = new TD();
        td7.addAttribute("colspan", 2);
        TR tr5 = new TR();
        TD td8 = new TD();
        td8.addAttribute("colspan", 2);
        td8.addAttribute("align", "center");
        table.addElement(tr);
        table.addElement(tr2);
        table.addElement(tr3);
        table.addElement(tr4);
        table.addElement(tr5);
        tr.addElement(td);
        tr.addElement(td2);
        tr2.addElement(td3);
        tr2.addElement(td4);
        tr3.addElement(td5);
        tr3.addElement(td6);
        tr4.addElement(td7);
        tr5.addElement(td8);
        elementContainer.addElement(table);
        B b = new B();
        b.addElement("Mail To: ");
        td.addElement(b);
        td2.addElement("jane.plane@owasp.org");
        B b2 = new B();
        b2.addElement("Mail From: ");
        td3.addElement(b2);
        td4.addElement("admin@webgoatfinancial.com");
        B b3 = new B();
        b3.addElement("Title: ");
        td5.addElement(b3);
        Input input = new Input();
        input.setValue("Check your account");
        input.addAttribute(InputTag.SIZE_ATTRIBUTE, 30);
        td6.addElement(input);
        TextArea textArea = new TextArea();
        textArea.addAttribute(TextareaTag.COLS_ATTRIBUTE, 67);
        textArea.addAttribute(TextareaTag.ROWS_ATTRIBUTE, 8);
        textArea.addElement(str);
        textArea.setName("mailContent");
        td7.addElement(textArea);
        td8.addElement(new Input(Input.SUBMIT, "SendMail", "Send Mail"));
        return elementContainer;
    }

    protected Element createMainLoginContent(WebSession webSession) {
        ElementContainer elementContainer = new ElementContainer();
        try {
            elementContainer.addElement("<link rel=\"stylesheet\" type=\"text/css\" href=\"" + LessonUtil.buildJspPath(webSession, this, getClass().getSimpleName() + ".css", true) + "\" />");
            Div div = new Div();
            div.setID("lesson_wrapper");
            Div div2 = new Div();
            div2.setID("lesson_header");
            Div div3 = new Div();
            div3.setClass("lesson_workspace");
            div.addElement(div2);
            div.addElement(div3);
            elementContainer.addElement(div);
            div3.addElement(createWorkspaceContent(webSession));
        } catch (Exception e) {
            webSession.setMessage("Error generating " + getClass().getName());
            e.printStackTrace();
        }
        return elementContainer;
    }

    private Element createWorkspaceContent(WebSession webSession) {
        ElementContainer elementContainer = new ElementContainer();
        String stringParameter = webSession.getParser().getStringParameter(USER, "");
        String stringParameter2 = webSession.getParser().getStringParameter(PASSWORD, "");
        try {
            if (webSession.getParser().getRawParameter(Elements.LOGOUT, "").equals("true")) {
                webSession.add(LOGGEDIN, "false");
                webSession.add("SID", "");
                this.sid = "";
            }
            if (correctLogin(stringParameter, stringParameter2, webSession)) {
                webSession.add(LOGGEDINUSER, stringParameter);
                webSession.add(LOGGEDIN, "true");
                createSuccessfulLoginContent(webSession, elementContainer);
            } else if (this.sid.equals(webSession.get("SID")) && webSession.get(LOGGEDIN).equals("true")) {
                makeSuccess(webSession);
                createSuccessfulLoginContent(webSession, elementContainer);
            } else if ((stringParameter + stringParameter2).equals("")) {
                createLogInContent(elementContainer, "");
            } else {
                createLogInContent(elementContainer, "Login Failed! Make sure user name and password is correct!");
            }
        } catch (Exception e) {
            if ((stringParameter + stringParameter2).equals("")) {
                createLogInContent(elementContainer, "");
            } else {
                createLogInContent(elementContainer, "Login Failed! Make sure user name and password is correct!");
            }
        }
        return elementContainer;
    }

    private boolean correctLogin(String str, String str2, WebSession webSession) {
        Connection connection = null;
        try {
            try {
                connection = DatabaseUtilities.getConnection(webSession);
                PreparedStatement prepareStatement = connection.prepareStatement("SELECT * FROM user_data_tan WHERE first_name = ? AND password = ?", 1004, 1007);
                prepareStatement.setString(1, str);
                prepareStatement.setString(2, str2);
                ResultSet executeQuery = prepareStatement.executeQuery();
                if (executeQuery != null) {
                    if (executeQuery.first()) {
                        if (connection != null) {
                            try {
                                connection.close();
                            } catch (Exception e) {
                                e.printStackTrace();
                            }
                        }
                        return true;
                    }
                }
                if (connection != null) {
                    try {
                        connection.close();
                    } catch (Exception e2) {
                        e2.printStackTrace();
                        return false;
                    }
                }
                return false;
            } catch (Exception e3) {
                e3.printStackTrace();
                if (connection != null) {
                    try {
                        connection.close();
                    } catch (Exception e4) {
                        e4.printStackTrace();
                        return false;
                    }
                }
                return false;
            }
        } catch (Throwable th) {
            if (connection != null) {
                try {
                    connection.close();
                } catch (Exception e5) {
                    e5.printStackTrace();
                    throw th;
                }
            }
            throw th;
        }
    }

    private void createLogInContent(ElementContainer elementContainer, String str) {
        Div div = new Div();
        div.setID("lesson_login");
        Table table = new Table();
        table.addAttribute("align='center'", 0);
        TR tr = new TR();
        TD td = new TD();
        TD td2 = new TD();
        td.addElement(new StringElement("Enter your name: "));
        td2.addElement(new Input("TEXT", USER));
        tr.addElement(td);
        tr.addElement(td2);
        TR tr2 = new TR();
        TD td3 = new TD();
        TD td4 = new TD();
        td3.addElement(new StringElement("Enter your password: "));
        td4.addElement(new Input(Input.PASSWORD, PASSWORD));
        tr2.addElement(td3);
        tr2.addElement(td4);
        TR tr3 = new TR();
        TD td5 = new TD();
        td5.setColSpan(2);
        td5.setAlign("center");
        td5.addElement(new Input(Input.SUBMIT, "Submit", GoatHillsFinancial.LOGIN_ACTION));
        tr3.addElement(td5);
        table.addElement(tr);
        table.addElement(tr2);
        table.addElement(tr3);
        div.addElement(table);
        elementContainer.addElement(div);
        H2 h2 = new H2(str);
        h2.addAttribute("align", "center");
        h2.addAttribute("class", SeleniumLogLevels.INFO);
        elementContainer.addElement(h2);
    }

    private void createSuccessfulLoginContent(WebSession webSession, ElementContainer elementContainer) {
        Div div = new Div();
        div.setStyle("margin-top:50px;");
        div.addAttribute("align", "center");
        Table table = new Table();
        table.addAttribute("cellspacing", 10);
        table.addAttribute("cellpadding", 5);
        table.addAttribute("align", "center");
        TR tr = new TR();
        TR tr2 = new TR();
        TR tr3 = new TR();
        TR tr4 = new TR();
        tr.addElement(new TD("<b>Firstname:</b>"));
        tr.addElement(new TD(getLoggedInUser(webSession)));
        try {
            ResultSet user = getUser(getLoggedInUser(webSession), webSession);
            user.first();
            tr2.addElement(new TD("<b>Lastname:</b>"));
            tr2.addElement(new TD(user.getString("last_name")));
            tr3.addElement(new TD("<b>Credit Card Type:</b>"));
            tr3.addElement(new TD(user.getString("cc_type")));
            tr4.addElement(new TD("<b>Credit Card Number:</b>"));
            tr4.addElement(new TD(user.getString(WsSqlInjection.ccNumber)));
        } catch (Exception e) {
            e.printStackTrace();
        }
        table.addElement(tr);
        table.addElement(tr2);
        table.addElement(tr3);
        table.addElement(tr4);
        div.addElement(table);
        elementContainer.addElement(div);
        elementContainer.addElement(createLogoutLink());
    }

    private Element createLogoutLink() {
        A a = new A();
        a.addAttribute("href", getLink() + "&logout=true");
        a.addElement("Logout");
        Div div = new Div();
        div.addAttribute("align", "right");
        div.addElement(a);
        div.setStyle("margin-right:50px; mrgin-top:30px");
        return div;
    }

    private ResultSet getUser(String str, WebSession webSession) {
        Connection connection = null;
        try {
            try {
                connection = DatabaseUtilities.getConnection(webSession);
                PreparedStatement prepareStatement = connection.prepareStatement("SELECT * FROM user_data_tan WHERE first_name = ? ", 1004, 1007);
                prepareStatement.setString(1, str);
                ResultSet executeQuery = prepareStatement.executeQuery();
                if (connection != null) {
                    try {
                        connection.close();
                    } catch (Exception e) {
                        e.printStackTrace();
                    }
                }
                return executeQuery;
            } catch (Exception e2) {
                e2.printStackTrace();
                if (connection != null) {
                    try {
                        connection.close();
                    } catch (Exception e3) {
                        e3.printStackTrace();
                        return null;
                    }
                }
                return null;
            }
        } catch (Throwable th) {
            if (connection != null) {
                try {
                    connection.close();
                } catch (Exception e4) {
                    e4.printStackTrace();
                    throw th;
                }
            }
            throw th;
        }
    }

    private String getLoggedInUser(WebSession webSession) {
        try {
            return (String) webSession.get(LOGGEDINUSER);
        } catch (Exception e) {
            return "";
        }
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Category getDefaultCategory() {
        return Category.SESSION_MANAGEMENT;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    public List<String> getHints(WebSession webSession) {
        ArrayList arrayList = new ArrayList();
        arrayList.add("Stage 1: Where is the link in the mail?");
        arrayList.add("Stage 1: Add a SID to the link");
        arrayList.add("Stage 1: A SID could looke something like this: SID=Whatever");
        arrayList.add("Stage 1: Alter the link in the mail to: href=" + getLink() + "&SID=Whatever");
        arrayList.add("Stage 2: Click on the link!");
        arrayList.add("Stage 3: Log in as Jane with user name jane and password tarzan.");
        arrayList.add("Stage 4: Click on the link provided");
        arrayList.add("Stage 4: What is your actual SID?");
        arrayList.add("Stage 4: Change the SID (NOVALIDSESSION) to the choosen one in the mail");
        return arrayList;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    public String getInstructions(WebSession webSession) {
        int stage = getLessonTracker(webSession).getStage();
        if (stage > 4) {
            stage = 4;
        }
        String str = "STAGE " + stage + ": ";
        if (stage == 1) {
            str = str + "You are Hacker Joe and you want to steal the session from Jane. Send a prepared email to the victim which looks like an official email from the bank.  A template message is prepared below, you will need to add a Session ID (SID) in the link inside the email. Alter the link to include a SID.<br><br><b>You are: Hacker Joe</b>";
        } else if (stage == 2) {
            str = str + "Now you are the victim Jane who received the email below. If you point on the link with your mouse you will see that there is a SID included. Click on it to see what happens.<br><br><b>You are: Victim Jane</b> ";
        } else if (stage == 3) {
            str = str + "The bank has asked you to verfy your data. Log in to see if your details are correct. Your user name is <b>Jane</b> and your password is <b>tarzan</b>. <br><br><b>You are: Victim Jane</b> ";
        } else if (stage == 4) {
            str = str + "It is time to steal the session now. Use following link to reach Goat Hills Financial.<br><br><b>You are: Hacker Joe</b> ";
        }
        return str;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Integer getDefaultRanking() {
        return DEFAULT_RANKING;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson, org.owasp.webgoat.session.Screen
    public String getTitle() {
        return "Session Fixation";
    }

    @Override // org.owasp.webgoat.lessons.AbstractLesson
    public void handleRequest(WebSession webSession) {
        Form form = new Form();
        form.addElement(createContent(webSession));
        form.setAction(getFormAction());
        form.setMethod("POST");
        form.setName(HtmlForm.TAG_NAME);
        form.setEncType("");
        setContent(form);
    }

    @Override // org.owasp.webgoat.lessons.AbstractLesson
    public String getLink() {
        return this.sid.equals("") ? super.getLink() : super.getLink() + "&SID=" + this.sid;
    }

    private String randomSIDGenerator() {
        return String.valueOf(Math.abs(random.nextInt() % 100000));
    }
}
