package org.owasp.webgoat.plugin;

import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.List;
import java.util.Properties;
import javax.mail.Authenticator;
import javax.mail.Message;
import javax.mail.MessagingException;
import javax.mail.PasswordAuthentication;
import javax.mail.Session;
import javax.mail.Transport;
import javax.mail.internet.InternetAddress;
import javax.mail.internet.MimeMessage;
import org.apache.ecs.Element;
import org.apache.ecs.ElementContainer;
import org.apache.ecs.StringElement;
import org.apache.ecs.html.B;
import org.apache.ecs.html.BR;
import org.apache.ecs.html.Center;
import org.apache.ecs.html.H1;
import org.apache.ecs.html.H3;
import org.apache.ecs.html.HR;
import org.apache.ecs.html.Input;
import org.apache.ecs.html.TD;
import org.apache.ecs.html.TH;
import org.apache.ecs.html.TR;
import org.apache.ecs.html.Table;
import org.apache.ecs.html.TextArea;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.LessonAdapter;
import org.owasp.webgoat.session.ECSFactory;
import org.owasp.webgoat.session.WebSession;

/* loaded from: input_file:WebGoat.war:plugin_lessons/unchecked-email-1.0.jar:org/owasp/webgoat/plugin/UncheckedEmail.class */
public class UncheckedEmail extends LessonAdapter {
    private final String YOUR_REAL_GMAIL_PASSWORD = "password";
    private final String YOUR_REAL_GMAIL_ID = "GMail id";
    private static final String MESSAGE = "msg";
    private static final String HIDDEN_TO = "to";
    private static final String SUBJECT = "subject";
    private static final String GMAIL_ID = "gId";
    private static final String GMAIL_PASS = "gPass";
    private static final String SMTP_HOST_NAME = "smtp.gmail.com";
    private static final String SMTP_PORT = "465";
    private static final String emailFromAddress = "webgoat@owasp.org";
    private static final String SSL_FACTORY = "javax.net.ssl.SSLSocketFactory";
    private static final Integer DEFAULT_RANKING = new Integer(55);

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.session.Screen
    public Element createContent(WebSession webSession) {
        ElementContainer elementContainer = new ElementContainer();
        try {
            String rawParameter = webSession.getParser().getRawParameter(HIDDEN_TO, "");
            String rawParameter2 = webSession.getParser().getRawParameter(GMAIL_ID, "");
            String rawParameter3 = webSession.getParser().getRawParameter(GMAIL_PASS, "");
            String rawParameter4 = webSession.getParser().getRawParameter(MESSAGE, "");
            String rawParameter5 = webSession.getParser().getRawParameter(SUBJECT, "");
            boolean z = ("GMail id".equals(rawParameter2) || "password".equals(rawParameter3)) ? false : true;
            elementContainer.addElement(new HR());
            createGoogleCredentials(webSession, elementContainer);
            elementContainer.addElement(new HR());
            elementContainer.addElement(new BR());
            createMailMessage(webSession, rawParameter5, rawParameter4, elementContainer);
            elementContainer.addElement(new HR());
            if (rawParameter.length() > 0) {
                if (z) {
                    formatMail(elementContainer, sendGoogleMail(rawParameter, rawParameter5, rawParameter4, emailFromAddress, rawParameter2, rawParameter3));
                } else {
                    sendSimulatedMail(elementContainer, rawParameter, rawParameter5, rawParameter4);
                }
            }
            if (rawParameter.length() > 0 && "webgoat.admin@owasp.org".equals(rawParameter) && rawParameter4.contains("<script")) {
                webSession.setMessage("The attack worked! Now try to attack another person than the admin.");
            }
            if (rawParameter.length() > 0 && !"webgoat.admin@owasp.org".equals(rawParameter) && rawParameter4.contains("<script")) {
                makeSuccess(webSession);
            }
        } catch (Exception e) {
            webSession.setMessage("Error generating " + getClass().getName());
            e.printStackTrace();
        }
        return elementContainer;
    }

    private void formatMail(ElementContainer elementContainer, Message message) {
        try {
            elementContainer.addElement(new Center().addElement(new B().addElement("You sent the following message to: " + Arrays.asList(message.getAllRecipients()))));
            elementContainer.addElement(new BR());
            elementContainer.addElement(new StringElement("<b>MAIL FROM:</b> " + Arrays.asList(message.getReplyTo())));
            elementContainer.addElement(new BR());
            elementContainer.addElement(new StringElement("<b>RCPT TO:</b> " + Arrays.asList(message.getAllRecipients())));
            elementContainer.addElement(new BR());
            elementContainer.addElement(new StringElement("<b>Message-ID:</b> " + Arrays.asList(message.getHeader("Message-ID"))));
            elementContainer.addElement(new BR());
            elementContainer.addElement(new StringElement("<b>Date:</b> " + message.getSentDate()));
            elementContainer.addElement(new BR());
            elementContainer.addElement(new StringElement("<b>Subject:</b> " + message.getSubject()));
            elementContainer.addElement(new BR());
            elementContainer.addElement(new StringElement("<b>Message:</b> "));
            elementContainer.addElement(new BR());
            elementContainer.addElement(new BR());
            elementContainer.addElement(new StringElement(message.getContent().toString()));
        } catch (Exception e) {
            elementContainer.addElement(new StringElement("Fatal error while sending message"));
            elementContainer.addElement(new BR());
            elementContainer.addElement(new StringElement(e.getMessage()));
        }
    }

    private void sendSimulatedMail(ElementContainer elementContainer, String str, String str2, String str3) {
        String format = new SimpleDateFormat("E, dd MMM yyyy HH:mm:ss Z").format((Object) new Date());
        elementContainer.addElement(new Center().addElement(new B().addElement("You sent the following message to: " + str)));
        elementContainer.addElement(new BR());
        elementContainer.addElement(new StringElement("<b>Return-Path:</b> &lt;webgoat@owasp.org&gt;"));
        elementContainer.addElement(new BR());
        elementContainer.addElement(new StringElement("<b>Delivered-To:</b> " + str));
        elementContainer.addElement(new BR());
        elementContainer.addElement(new StringElement("<b>Received:</b> (qmail 614458 invoked by uid 239); " + format));
        elementContainer.addElement(new BR());
        elementContainer.addElement(new StringElement("for &lt;" + str + "&gt;; " + format));
        elementContainer.addElement(new BR());
        elementContainer.addElement(new StringElement("<b>To:</b> " + str));
        elementContainer.addElement(new BR());
        elementContainer.addElement(new StringElement("<b>From:</b> Blame it on the Goat &lt;webgoat@owasp.org&gt;"));
        elementContainer.addElement(new BR());
        elementContainer.addElement(new StringElement("<b>Subject:</b> " + str2));
        elementContainer.addElement(new BR());
        elementContainer.addElement(new BR());
        elementContainer.addElement(new StringElement(str3));
    }

    private void createMailMessage(WebSession webSession, String str, String str2, ElementContainer elementContainer) {
        Table align = new Table().setCellSpacing(0).setCellPadding(1).setBorder(0).setWidth("90%").setAlign("center");
        if (webSession.isColor()) {
            align.setBorder(1);
        }
        TR tr = new TR();
        tr.addElement(new TH().addElement("Send OWASP your Comments<BR>").setAlign("left").setColSpan(3));
        align.addElement(tr);
        TR tr2 = new TR();
        tr2.addElement(new TD().addElement("&nbsp;").setColSpan(3));
        align.addElement(tr2);
        TR tr3 = new TR();
        tr3.addElement(new TH().addElement(new H1("Contact Us")).setAlign("left").setWidth("55%").setVAlign("BOTTOM").setColSpan(2));
        tr3.addElement(new TH().addElement(new H3("Contact Information:")).setAlign("left").setVAlign("BOTTOM"));
        align.addElement(tr3);
        TR tr4 = new TR();
        tr4.addElement(new TD().addElement("We value your comments.  To send OWASP your questions or comments regarding the WebGoat tool, please enter your comments below.  The information you provide will be handled according to our <U>Privacy Policy</U>.").setColSpan(2));
        tr4.addElement(new TD().addElement("<b>OWASP</B><BR>9175 Guilford Rd <BR> Suite 300 <BR>Columbia, MD.  21046").setVAlign("top"));
        align.addElement(tr4);
        TR tr5 = new TR();
        tr5.addElement(new TD().addElement("&nbsp;").setColSpan(3));
        align.addElement(tr5);
        TR tr6 = new TR();
        tr6.addElement(new TD().addElement("Subject:"));
        tr6.addElement(new TD().setAlign("LEFT").addElement(new Input("TEXT", SUBJECT, "Comment for WebGoat")));
        tr6.addElement(new TD().addElement("&nbsp;"));
        align.addElement(tr6);
        Input input = new Input(Input.HIDDEN, HIDDEN_TO, "webgoat.admin@owasp.org");
        TR tr7 = new TR();
        tr7.addElement(new TD().addElement("Questions or Comments:").setColSpan(2));
        tr7.addElement(new TD().setAlign("LEFT").addElement(input));
        align.addElement(tr7);
        TR tr8 = new TR();
        TextArea textArea = new TextArea(MESSAGE, 5, 40);
        textArea.addElement(new StringElement(convertMetachars(str2)));
        tr8.addElement(new TD().setAlign("LEFT").addElement(textArea).setColSpan(2));
        tr8.addElement(new TD().setAlign("LEFT").setVAlign("MIDDLE").addElement(ECSFactory.makeButton("Send!")));
        align.addElement(tr8);
        elementContainer.addElement(align);
    }

    private void createGoogleCredentials(WebSession webSession, ElementContainer elementContainer) {
        Table align = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0).setWidth("90%").setAlign("center");
        align.setStyle("border-width:3px; border-style: solid;");
        if (webSession.isColor()) {
            align.setBorder(1);
        }
        TR tr = new TR();
        tr.addElement(new TH().addElement("Google Mail Configuration (Optional)").setAlign("center").setColSpan(2));
        align.addElement(tr);
        TR tr2 = new TR();
        tr2.addElement(new TD().addElement("&nbsp;").setAlign("left").setColSpan(2));
        align.addElement(tr2);
        TR tr3 = new TR();
        tr3.addElement(new TD().addElement("These configurations will enable WebGoat to send email on your behalf using your gmail account.  Leave them as the default value to use WebGoat's simulated mail.").setAlign("left").setColSpan(2));
        align.addElement(tr3);
        TR tr4 = new TR();
        tr4.addElement(new TD().addElement("&nbsp;").setAlign("left").setColSpan(2));
        align.addElement(tr4);
        TR tr5 = new TR();
        tr5.addElement(new TD().addElement("GMail login id:"));
        tr5.addElement(new TD().addElement(new Input("TEXT", GMAIL_ID, "GMail id")));
        align.addElement(tr5);
        TR tr6 = new TR();
        tr6.addElement(new TD().addElement("GMail password:"));
        tr6.addElement(new TD().addElement(new Input(Input.PASSWORD, GMAIL_PASS, "password")));
        align.addElement(tr6);
        elementContainer.addElement(align);
    }

    private Message sendGoogleMail(String str, String str2, String str3, String str4, final String str5, final String str6) throws MessagingException {
        Properties properties = new Properties();
        properties.put("mail.smtp.host", SMTP_HOST_NAME);
        properties.put("mail.smtp.auth", "true");
        properties.put("mail.debug", "false");
        properties.put("mail.smtp.port", SMTP_PORT);
        properties.put("mail.smtp.socketFactory.port", SMTP_PORT);
        properties.put("mail.smtp.socketFactory.class", SSL_FACTORY);
        properties.put("mail.smtp.socketFactory.fallback", "false");
        Session defaultInstance = Session.getDefaultInstance(properties, new Authenticator() { // from class: org.owasp.webgoat.plugin.UncheckedEmail.1
            @Override // javax.mail.Authenticator
            protected PasswordAuthentication getPasswordAuthentication() {
                return new PasswordAuthentication(str5, str6);
            }
        });
        defaultInstance.setDebug(false);
        MimeMessage mimeMessage = new MimeMessage(defaultInstance);
        mimeMessage.setFrom(new InternetAddress(str4));
        mimeMessage.setRecipients(Message.RecipientType.TO, new InternetAddress[]{new InternetAddress(str)});
        mimeMessage.setSubject(str2);
        mimeMessage.setContent(str3, "text/plain");
        Transport.send(mimeMessage);
        return mimeMessage;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Category getDefaultCategory() {
        return Category.PARAMETER_TAMPERING;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected List<String> getHints(WebSession webSession) {
        ArrayList arrayList = new ArrayList();
        arrayList.add("Try sending an anonymous message to yourself.");
        arrayList.add("Try inserting some html or javascript code in the message field");
        arrayList.add("Look at the hidden fields in the HTML.");
        arrayList.add("Insert &lt;A href=\"http://code.google.com/p/webgoat/\"&gt;Click here for the WebGoat Project&lt;/A&gt in the message field");
        arrayList.add("Insert &lt;script&gt;alert(\"Bad Stuff\");&lt;/script&gt; in the message field");
        return arrayList;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    public String getInstructions(WebSession webSession) {
        return "This form is an example of a customer support page.  Using the form below try to:<br>1) Send a malicious script to the website admin.<br>2) Send a malicious script to a 'friend' from OWASP.<br>";
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Integer getDefaultRanking() {
        return DEFAULT_RANKING;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson, org.owasp.webgoat.session.Screen
    public String getTitle() {
        return "Exploit Unchecked Email";
    }
}
