package org.owasp.webgoat.plugin;

import java.io.IOException;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.nio.ByteBuffer;
import java.nio.CharBuffer;
import java.nio.charset.Charset;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.List;
import javax.crypto.Cipher;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;
import org.apache.ecs.Element;
import org.apache.ecs.ElementContainer;
import org.apache.ecs.html.B;
import org.apache.ecs.html.Div;
import org.apache.ecs.html.Input;
import org.apache.ecs.html.P;
import org.apache.ecs.html.TD;
import org.apache.ecs.html.TR;
import org.apache.ecs.html.Table;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.LessonAdapter;
import org.owasp.webgoat.session.ECSFactory;
import org.owasp.webgoat.session.WebSession;
import org.owasp.webgoat.util.HtmlEncoder;
import org.springframework.aop.framework.autoproxy.target.QuickTargetSourceCreator;
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;

/* loaded from: input_file:WebGoat.war:plugin_lessons/encoding-1.0.jar:org/owasp/webgoat/plugin/EncodingLesson.class */
public class EncodingLesson extends LessonAdapter {
    private static final String INPUT = "input";
    private static final String KEY = "key";
    private static BASE64Decoder decoder = new BASE64Decoder();
    private static BASE64Encoder encoder = new BASE64Encoder();
    private static byte[] salt = {0, 0, 0, 0, 0, 0, 0, 0};
    private static final Integer DEFAULT_RANKING = new Integer(15);

    public static String base64Decode(String str) throws IOException {
        return new String(decoder.decodeBuffer(str));
    }

    public static String base64Decode(char[] cArr) throws IOException {
        return base64Decode(new String(cArr));
    }

    public static String base64Encode(char[] cArr) {
        return base64Encode(new String(cArr));
    }

    public static String base64Encode(String str) {
        return encoder.encode(str.getBytes());
    }

    public static String base64Encode(byte[] bArr) {
        return encoder.encode(bArr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.session.Screen
    public Element createContent(WebSession webSession) {
        ElementContainer elementContainer = new ElementContainer();
        try {
            String rawParameter = webSession.getParser().getRawParameter("input", "");
            String stringParameter = webSession.getParser().getStringParameter("key", "");
            Table table = new Table();
            TR tr = new TR();
            tr.addElement(new TD("Enter a string: "));
            tr.addElement(new TD().addElement(new Input("TEXT", "input", rawParameter)));
            table.addElement(tr);
            TR tr2 = new TR();
            tr2.addElement(new TD("Enter a password (optional): "));
            tr2.addElement(new TD().addElement(new Input("TEXT", "key", stringParameter)));
            table.addElement(tr2);
            TR tr3 = new TR();
            tr3.addElement(new TD().setAlign("center").setColSpan(2).addElement(ECSFactory.makeButton("Go!")));
            table.addElement(tr3);
            elementContainer.addElement(table);
            elementContainer.addElement(new P());
            Table table2 = new Table();
            table2.setWidth("100%");
            table2.setBorder(0);
            table2.setCellSpacing(1);
            table2.setCellPadding(4);
            table2.addElement(makeTitleRow("Description", "Encoded", "Decoded"));
            table2.addElement(makeRow("Base64 encoding is a simple reversable encoding used to encode bytes into ASCII characters. Useful for making bytes into a printable string, but provides no security.", base64Encode(rawParameter), base64Decode(rawParameter)));
            table2.addElement(makeRow("Entity encoding uses special sequences like &amp;amp; for special characters. This prevents these characters from being interpreted by most interpreters.", HtmlEncoder.encode(rawParameter), HtmlEncoder.decode(rawParameter)));
            table2.addElement(makeRow("Password based encryption (PBE) is strong encryption with a text password. Cannot be decrypted without the password", encryptString(rawParameter, stringParameter), decryptString(rawParameter, stringParameter)));
            table2.addElement(makeRow("MD5 hash is a checksum that can be used to validate a string or byte array, but cannot be reversed to find the original string or bytes. For obscure cryptographic reasons, it is better to use SHA-256 if you have a choice.", hashMD5(rawParameter), "Cannot reverse a hash"));
            table2.addElement(makeRow("SHA-256 hash is a checksum that can be used to validate a string or byte array, but cannot be reversed to find the original string or bytes.", hashSHA(rawParameter), "N/A"));
            table2.addElement(makeRow("Unicode encoding is...", "Not Implemented", "Not Implemented"));
            table2.addElement(makeRow("URL encoding is...", urlEncode(rawParameter), urlDecode(rawParameter)));
            table2.addElement(makeRow("Hex encoding simply encodes bytes into %xx format.", hexEncode(rawParameter), hexDecode(rawParameter)));
            table2.addElement(makeRow("Rot13 encoding is a way to make text unreadable, but is easily reversed and provides no security.", rot13(rawParameter), rot13(rawParameter)));
            table2.addElement(makeRow("XOR with password encoding is a weak encryption scheme that mixes a password into data.", xorEncode(rawParameter, stringParameter), xorDecode(rawParameter, stringParameter)));
            table2.addElement(makeRow("Double unicode encoding is...", "Not Implemented", "Not Implemented"));
            table2.addElement(makeRow("Double URL encoding is...", urlEncode(urlEncode(rawParameter)), urlDecode(urlDecode(rawParameter))));
            elementContainer.addElement(table2);
        } catch (Exception e) {
            webSession.setMessage("Error generating " + getClass().getName());
            e.printStackTrace();
        }
        if (getLessonTracker(webSession).getNumVisits() > 3) {
            makeSuccess(webSession);
        }
        return elementContainer;
    }

    public static synchronized String decryptString(String str, String str2) {
        try {
            PBEParameterSpec pBEParameterSpec = new PBEParameterSpec(salt, 20);
            SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("PBEWithMD5AndDES");
            Cipher cipher = Cipher.getInstance("PBEWithMD5AndDES/CBC/PKCS5Padding");
            cipher.init(2, secretKeyFactory.generateSecret(new PBEKeySpec(str2.toCharArray())), pBEParameterSpec);
            return new String(cipher.doFinal(decoder.decodeBuffer(str)), "UTF-8");
        } catch (Exception e) {
            return "This is not an encrypted string";
        }
    }

    public static synchronized String encryptString(String str, String str2) throws SecurityException {
        try {
            PBEParameterSpec pBEParameterSpec = new PBEParameterSpec(salt, 20);
            SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("PBEWithMD5AndDES");
            Cipher cipher = Cipher.getInstance("PBEWithMD5AndDES/CBC/PKCS5Padding");
            cipher.init(1, secretKeyFactory.generateSecret(new PBEKeySpec(str2.toCharArray())), pBEParameterSpec);
            return encoder.encode(cipher.doFinal(str.getBytes("UTF-8")));
        } catch (Exception e) {
            return "Encryption error";
        }
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Category getDefaultCategory() {
        return Category.INSECURE_STORAGE;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    public List<String> getHints(WebSession webSession) {
        ArrayList arrayList = new ArrayList();
        arrayList.add("Enter a string and press 'go'");
        arrayList.add("Enter 'abc' and notice the rot13 encoding is 'nop' ( increase each letter by 13 characters ).");
        arrayList.add("Enter 'a c' and notice the url encoding is 'a+c' ( ' ' is converted to '+' ).");
        return arrayList;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    public String getInstructions(WebSession webSession) {
        return "This lesson will familiarize the user with different encoding schemes.  ";
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Integer getDefaultRanking() {
        return DEFAULT_RANKING;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson, org.owasp.webgoat.session.Screen
    public String getTitle() {
        return "Encoding Basics";
    }

    public static String hashMD5(String str) {
        byte[] bytes = str.getBytes();
        MessageDigest messageDigest = null;
        try {
            messageDigest = MessageDigest.getInstance(MessageDigestAlgorithms.MD5);
            messageDigest.update(bytes);
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        }
        return base64Encode(messageDigest.digest());
    }

    public static String hashSHA(String str) {
        byte[] bytes = str.getBytes();
        MessageDigest messageDigest = null;
        try {
            messageDigest = MessageDigest.getInstance(MessageDigestAlgorithms.SHA_256);
            messageDigest.update(bytes);
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        }
        return base64Encode(messageDigest.digest());
    }

    public static String hexDecode(String str) {
        try {
            if (str.length() % 3 != 0) {
                return "String not comprised of Hex digit pairs.";
            }
            char[] cArr = new char[str.length()];
            char[] cArr2 = new char[str.length() / 3];
            str.getChars(0, str.length(), cArr, 0);
            for (int i = 1; i < str.length(); i += 3) {
                cArr2[i / 3] = (char) Integer.parseInt(new String(cArr, i, 2), 16);
            }
            return new String(cArr2);
        } catch (NumberFormatException e) {
            return "String not comprised of Hex digits";
        }
    }

    public static String hexEncode(String str) {
        char[] cArr = new char[str.length()];
        str.getChars(0, str.length(), cArr, 0);
        StringBuffer stringBuffer = new StringBuffer();
        for (int i = 0; i < str.length(); i++) {
            stringBuffer.append(QuickTargetSourceCreator.PREFIX_THREAD_LOCAL);
            stringBuffer.append(Integer.toHexString(cArr[i]));
        }
        return stringBuffer.toString().toUpperCase();
    }

    public static void main(String[] strArr) {
        try {
            String str = strArr[0];
            String str2 = strArr[1];
            System.out.println("Working with: " + str);
            System.out.print("Base64 encoding: ");
            System.out.println(base64Encode(str) + " : " + base64Decode(str));
            System.out.print("Entity encoding: ");
            System.out.println(HtmlEncoder.encode(str) + " : " + HtmlEncoder.decode(str));
            System.out.print("Password based encryption (PBE): ");
            System.out.println(encryptString(str, str2) + " : " + decryptString(str, str2));
            System.out.print("MD5 hash: ");
            System.out.println(hashMD5(str) + " : Cannot reverse a hash");
            System.out.print("SHA-256 hash: ");
            System.out.println(hashSHA(str) + " : Cannot reverse a hash");
            System.out.print("Unicode encoding: ");
            System.out.println("Not Implemented : Not Implemented");
            System.out.print("URL encoding: ");
            System.out.println(urlEncode(str) + " : " + urlDecode(str));
            System.out.print("Hex encoding: ");
            System.out.println(hexEncode(str) + " : " + hexDecode(str));
            System.out.print("Rot13 encoding: ");
            System.out.println(rot13(str) + " : " + rot13(str));
            System.out.print("XOR with password: ");
            System.out.println(xorEncode(str, str2) + " : " + xorDecode(str, str2));
            System.out.print("Double unicode encoding is...");
            System.out.println("Not Implemented : Not Implemented");
            System.out.print("Double URL encoding: ");
            System.out.println(urlEncode(urlEncode(str)) + " : " + urlDecode(urlDecode(str)));
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    private TR makeRow(String str, String str2, String str3) {
        TD bgColor = new TD().addElement(str).setBgColor("#bbbbbb");
        TD bgColor2 = new TD().addElement(new Div().addElement(str2).setStyle("overflow:auto; height:60px; width:100px;")).setBgColor("#dddddd");
        TD bgColor3 = new TD().addElement(new Div().addElement(str3).setStyle("overflow:auto; height:60px; width:100px;")).setBgColor("#dddddd");
        TR tr = new TR();
        tr.addElement(bgColor);
        tr.addElement(bgColor2);
        tr.addElement(bgColor3);
        return tr;
    }

    private TR makeTitleRow(String str, String str2, String str3) {
        TD addElement = new TD().addElement(new B().addElement(str));
        TD addElement2 = new TD().addElement(new B().addElement(str2));
        TD addElement3 = new TD().addElement(new B().addElement(str3));
        addElement.setAlign("center");
        addElement2.setAlign("center");
        addElement3.setAlign("center");
        TR tr = new TR();
        tr.addElement(addElement);
        tr.addElement(addElement2);
        tr.addElement(addElement3);
        return tr;
    }

    public static synchronized String rot13(String str) {
        StringBuffer stringBuffer = new StringBuffer();
        if (str != null) {
            for (int i = 0; i < str.length(); i++) {
                char charAt = str.charAt(i);
                if ((charAt >= 'A') & (charAt <= 'Z')) {
                    charAt = (char) (charAt + '\r');
                    if (charAt > 'Z') {
                        charAt = (char) (charAt - 26);
                    }
                }
                if ((charAt >= 'a') & (charAt <= 'z')) {
                    charAt = (char) (charAt + '\r');
                    if (charAt > 'z') {
                        charAt = (char) (charAt - 26);
                    }
                }
                stringBuffer.append(charAt);
            }
        }
        return stringBuffer.toString();
    }

    public static String unicodeDecode(String str) {
        try {
            ByteBuffer allocate = ByteBuffer.allocate(str.length());
            allocate.put(str.getBytes());
            return Charset.forName("ISO-8859-1").newDecoder().decode(allocate).toString();
        } catch (Exception e) {
            return "Encoding problem";
        }
    }

    public static String unicodeEncode(String str) {
        try {
            return new String(Charset.forName("ISO-8859-1").newEncoder().encode(CharBuffer.wrap(str)).array());
        } catch (Exception e) {
            return "Encoding problem";
        }
    }

    public static String urlDecode(String str) {
        try {
            return URLDecoder.decode(str, "UTF-8");
        } catch (Exception e) {
            return "Decoding error";
        }
    }

    public static String urlEncode(String str) {
        try {
            return URLEncoder.encode(str, "UTF-8");
        } catch (Exception e) {
            return "Encoding error";
        }
    }

    public static synchronized char[] xor(String str, String str2) {
        if (str2 == null || str2.trim().length() == 0) {
            str2 = "Goober";
        }
        char[] charArray = str2.toCharArray();
        int length = charArray.length;
        char[] cArr = null;
        if (str != null) {
            char[] charArray2 = str.toCharArray();
            cArr = new char[charArray2.length];
            for (int i = 0; i < charArray2.length; i++) {
                cArr[i] = (char) (charArray2[i] ^ charArray[i % length]);
            }
        }
        return cArr;
    }

    public static synchronized String xorDecode(String str, String str2) {
        try {
            return new String(xor(base64Decode(str), str2));
        } catch (Exception e) {
            return "String not XOR encoded.";
        }
    }

    public static synchronized String xorEncode(String str, String str2) {
        return base64Encode(xor(str, str2));
    }
}
