package org.owasp.webgoat.plugin;

import java.rmi.RemoteException;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.List;
import javax.xml.namespace.QName;
import javax.xml.rpc.ParameterMode;
import javax.xml.rpc.ServiceException;
import org.apache.axis.client.Call;
import org.apache.axis.client.Service;
import org.apache.axis.encoding.XMLType;
import org.apache.ecs.Element;
import org.apache.ecs.ElementContainer;
import org.apache.ecs.html.A;
import org.apache.ecs.html.BR;
import org.apache.ecs.html.Input;
import org.apache.ecs.html.Option;
import org.apache.ecs.html.P;
import org.apache.ecs.html.Select;
import org.apache.ecs.html.TD;
import org.apache.ecs.html.TR;
import org.apache.ecs.html.Table;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.LessonAdapter;
import org.owasp.webgoat.session.DatabaseUtilities;
import org.owasp.webgoat.session.ECSFactory;
import org.owasp.webgoat.session.WebSession;
import org.owasp.webgoat.session.WebgoatContext;

/* loaded from: input_file:WebGoat.war:plugin_lessons/wsdl-scanning-1.0.jar:org/owasp/webgoat/plugin/WSDLScanning.class */
public class WSDLScanning extends LessonAdapter {
    public static final String firstName = "getFirstName";
    public static final String lastName = "getLastName";
    public static final String loginCount = "getLoginCount";
    public static final String ccNumber = "getCreditCard";
    private static WebgoatContext webgoatContext;
    static boolean completed = false;
    static boolean beenRestartedYet = false;
    private static final Integer DEFAULT_RANKING = new Integer(120);

    @Override // org.owasp.webgoat.lessons.AbstractLesson
    public void setWebgoatContext(WebgoatContext webgoatContext2) {
        webgoatContext = webgoatContext2;
    }

    @Override // org.owasp.webgoat.lessons.AbstractLesson
    public WebgoatContext getWebgoatContext() {
        return webgoatContext;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Category getDefaultCategory() {
        return Category.WEB_SERVICES;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected List<String> getHints(WebSession webSession) {
        ArrayList arrayList = new ArrayList();
        arrayList.add("Try connecting to the WSDL with a browser or Web Service tool.");
        arrayList.add("Sometimes the WSDL will define methods that are not available through a web API. Try to find operations that are in the WSDL, but not part of this API");
        arrayList.add("The URL for the web service is: http://localhost/webgoat/services/WSDLScanning <br>The WSDL can usually be viewed by adding a ?WSDL on the end of the request.");
        arrayList.add("Look in the WSDL for the getCreditCard operation and insert the field in an intercepted request.");
        return arrayList;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Integer getDefaultRanking() {
        return DEFAULT_RANKING;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson, org.owasp.webgoat.session.Screen
    public String getTitle() {
        return "WSDL Scanning";
    }

    public Object accessWGService(WebSession webSession, String str, int i, String str2, String str3, Object obj) {
        try {
            QName qName = new QName("WebGoat", str);
            QName qName2 = new QName("WebGoat", str2);
            Call call = (Call) new Service().createCall();
            call.setOperationName(qName2);
            call.addParameter(str3, qName, ParameterMode.INOUT);
            call.setReturnType(XMLType.XSD_STRING);
            call.setUsername("guest");
            call.setPassword("guest");
            call.setTargetEndpointAddress("http://localhost:" + i + "/" + webSession.getRequest().getContextPath() + "/services/" + str);
            return call.invoke(new Object[]{obj});
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        } catch (RemoteException e2) {
            e2.printStackTrace();
            return null;
        } catch (ServiceException e3) {
            e3.printStackTrace();
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.session.Screen
    public Element createContent(WebSession webSession) {
        ElementContainer elementContainer = new ElementContainer();
        Table cellPadding = new Table().setCellSpacing(0).setCellPadding(2);
        if (webSession.isColor()) {
            cellPadding.setBorder(1);
        }
        TR tr = new TR();
        tr.addElement(new TD("Enter your account number: "));
        tr.addElement(new TD(new Input("TEXT", "id", "101")));
        cellPadding.addElement(tr);
        TR tr2 = new TR();
        tr2.addElement(new TD("Select the fields to return: "));
        tr2.addElement(new TD(new Select("field").setMultiple(true).addElement(new Option("getFirstName").addElement("First Name")).addElement(new Option("getLastName").addElement("Last Name")).addElement(new Option("getLoginCount").addElement("Login Count"))));
        cellPadding.addElement(tr2);
        TR tr3 = new TR();
        tr3.addElement(new TD(ECSFactory.makeButton("Submit")).setAlign("CENTER").setColSpan(2));
        cellPadding.addElement(tr3);
        elementContainer.addElement(cellPadding);
        try {
            String[] parameterValues = webSession.getParser().getParameterValues("field");
            int intParameter = webSession.getParser().getIntParameter("id");
            Table border = new Table().setCellSpacing(0).setCellPadding(2).setBorder(1);
            if (webSession.isColor()) {
                border.setBorder(1);
            }
            TR tr4 = new TR();
            TR tr5 = new TR();
            int serverPort = webSession.getRequest().getServerPort();
            for (int i = 0; i < parameterValues.length; i++) {
                tr4.addElement(new TD().addElement(parameterValues[i]));
                tr5.addElement(new TD().addElement((String) accessWGService(webSession, "WSDLScanning", serverPort, parameterValues[i], "acct_num", new Integer(intParameter))));
            }
            if (parameterValues.length == 0) {
                webSession.setMessage("Please select a value to return.");
            }
            border.addElement(tr4);
            border.addElement(tr5);
            elementContainer.addElement(new P().addElement(border));
        } catch (Exception e) {
        }
        try {
            Element a = new A("services/WSDLScanning?WSDL", "WebGoat WSDL File");
            elementContainer.addElement(new P().addElement("View the web services definition language (WSDL) to see the complete API:"));
            elementContainer.addElement(new BR());
            elementContainer.addElement(a);
            if (completed && !getLessonTracker(webSession).getCompleted() && !beenRestartedYet) {
                makeSuccess(webSession);
                beenRestartedYet = true;
            } else if (completed && !getLessonTracker(webSession).getCompleted() && beenRestartedYet) {
                completed = false;
                beenRestartedYet = false;
            }
        } catch (Exception e2) {
            webSession.setMessage("Error generating " + getClass().getName());
            e2.printStackTrace();
        }
        return elementContainer;
    }

    public String getResults(int i, String str) {
        ResultSet executeQuery;
        try {
            PreparedStatement prepareStatement = DatabaseUtilities.getConnection("guest", getWebgoatContext()).prepareStatement("SELECT * FROM user_data WHERE userid = ?");
            prepareStatement.setInt(1, i);
            try {
                executeQuery = prepareStatement.executeQuery();
            } catch (SQLException e) {
            }
            if (executeQuery == null || !executeQuery.next()) {
                return null;
            }
            return executeQuery.getString(str);
        } catch (Exception e2) {
            return null;
        }
    }

    public String getCreditCard(int i) {
        String results = getResults(i, WsSqlInjection.ccNumber);
        if (results == null) {
            return null;
        }
        completed = true;
        return results;
    }

    public String getFirstName(int i) {
        String results = getResults(i, "first_name");
        if (results != null) {
            return results;
        }
        return null;
    }

    public String getLastName(int i) {
        String results = getResults(i, "last_name");
        if (results != null) {
            return results;
        }
        return null;
    }

    public String getLoginCount(int i) {
        String results = getResults(i, "login_count");
        if (results != null) {
            return results;
        }
        return null;
    }
}
