package org.owasp.webgoat.plugin;

import com.thoughtworks.selenium.SeleniumLogLevels;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.util.ArrayList;
import java.util.List;
import org.apache.ecs.Element;
import org.apache.ecs.ElementContainer;
import org.apache.ecs.StringElement;
import org.apache.ecs.html.A;
import org.apache.ecs.html.BR;
import org.apache.ecs.html.Div;
import org.apache.ecs.html.H1;
import org.apache.ecs.html.H2;
import org.apache.ecs.html.Input;
import org.apache.ecs.html.TD;
import org.apache.ecs.html.TR;
import org.apache.ecs.html.Table;
import org.apache.ecs.xhtml.style;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.LessonAdapter;
import org.owasp.webgoat.session.DatabaseUtilities;
import org.owasp.webgoat.session.WebSession;
import org.springframework.security.config.Elements;

/* loaded from: input_file:WebGoat.war:plugin_lessons/multi-level-login2-1.0.jar:org/owasp/webgoat/plugin/MultiLevelLogin2.class */
public class MultiLevelLogin2 extends LessonAdapter {
    private static final String USER = "user2";
    private static final String PASSWORD = "pass2";
    private static final String TAN = "tan2";
    private static final String HIDDEN_USER = "hidden_user";
    private static final String LOGGEDIN = "loggedin2";
    private static final String CORRECTTAN = "correctTan2";
    private static final String CURRENTTAN = "currentTan2";
    private static final String CURRENTTANPOS = "currentTanPos2";
    private static final String LOGGEDINUSER = "loggedInUser2";
    private static final Integer DEFAULT_RANKING = new Integer(110);

    private boolean loggedIn(WebSession webSession) {
        try {
            return webSession.get(LOGGEDIN).equals("true");
        } catch (Exception e) {
            return false;
        }
    }

    private boolean correctTan(WebSession webSession) {
        try {
            return webSession.get(CORRECTTAN).equals("true");
        } catch (Exception e) {
            return false;
        }
    }

    private String getCurrentTan(WebSession webSession) {
        try {
            return (String) webSession.get(CURRENTTAN);
        } catch (Exception e) {
            return "";
        }
    }

    private Integer getCurrentTanPosition(WebSession webSession) {
        try {
            return (Integer) webSession.get(CURRENTTANPOS);
        } catch (Exception e) {
            return 0;
        }
    }

    private String getLoggedInUser(WebSession webSession) {
        try {
            return (String) webSession.get(LOGGEDINUSER);
        } catch (Exception e) {
            return "";
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.session.Screen
    public Element createContent(WebSession webSession) {
        ElementContainer elementContainer = new ElementContainer();
        try {
            style styleVar = new style();
            styleVar.addElement("#lesson_wrapper {height: 435px;width: 500px;}#lesson_header {background-image: url(lessons/DBSQLInjection/images/lesson1_header.jpg);width: 490px;padding-right: 10px;padding-top: 60px;background-repeat: no-repeat;}.lesson_workspace {background-image: url(lessons/DBSQLInjection/images/lesson1_workspace.jpg);width: 489px;height: 325px;padding-left: 10px;padding-top: 10px;background-repeat: no-repeat;}     .lesson_text {height: 240px;width: 460px;padding-top: 5px;}         #lesson_buttons_bottom {height: 20px;width: 460px;}         #lesson_b_b_left {width: 300px;float: left;}            #lesson_b_b_right input {width: 100px;float: right;}            .lesson_title_box {height: 20px;width: 420px;padding-left: 30px;}           .lesson_workspace { }           .lesson_txt_10 {font-family: Arial, Helvetica, sans-serif;font-size: 10px;}         .lesson_text_db {color: #0066FF}            #lesson_login {background-image: url(lessons/DBSQLInjection/images/lesson1_loginWindow.jpg);height: 124px;width: 311px;background-repeat: no-repeat;padding-top: 30px;margin-left: 80px;margin-top: 50px;text-align: center;}           #lesson_login_txt {font-family: Arial, Helvetica, sans-serif;font-size: 12px;text-align: center;}           #lesson_search {background-image: url(lessons/DBSQLInjection/images/lesson1_SearchWindow.jpg);height: 124px;width: 311px;background-repeat: no-repeat;padding-top: 30px;margin-left: 80px;margin-top: 50px;text-align: center;}");
            elementContainer.addElement(styleVar);
            Div div = new Div();
            div.setID("lesson_wrapper");
            Div div2 = new Div();
            div2.setID("lesson_header");
            Div div3 = new Div();
            div3.setClass("lesson_workspace");
            div.addElement(div2);
            div.addElement(div3);
            elementContainer.addElement(div);
            div3.addElement(createWorkspaceContent(webSession));
        } catch (Exception e) {
            webSession.setMessage("Error generating " + getClass().getName());
            e.printStackTrace();
        }
        return elementContainer;
    }

    private Element createWorkspaceContent(WebSession webSession) {
        String stringParameter = webSession.getParser().getStringParameter(USER, "");
        String stringParameter2 = webSession.getParser().getStringParameter(PASSWORD, "");
        String stringParameter3 = webSession.getParser().getStringParameter(TAN, "");
        String stringParameter4 = webSession.getParser().getStringParameter(HIDDEN_USER, "");
        ElementContainer elementContainer = new ElementContainer();
        if (loggedIn(webSession) && correctTan(stringParameter3, webSession)) {
            webSession.add(CORRECTTAN, "true");
        } else if (loggedIn(webSession) && !correctTan(stringParameter3, webSession)) {
            webSession.add(LOGGEDIN, "false");
        }
        if (correctLogin(stringParameter, stringParameter2, webSession)) {
            webSession.add(LOGGEDIN, "true");
            webSession.add(LOGGEDINUSER, stringParameter);
            webSession.add(CURRENTTANPOS, Integer.valueOf(getTanPosition(stringParameter, webSession)));
            webSession.add(CURRENTTAN, getTan(stringParameter, getCurrentTanPosition(webSession).intValue(), webSession));
        }
        if (!webSession.getParser().getStringParameter(WebSession.RESTART, "").equals("")) {
            resetTans(webSession);
        }
        if (webSession.getParser().getRawParameter(Elements.LOGOUT, "").equals("true")) {
            webSession.add(LOGGEDIN, "false");
            webSession.add(CORRECTTAN, "false");
        }
        if (loggedIn(webSession) && correctTan(webSession)) {
            webSession.add(LOGGEDIN, "false");
            webSession.add(CORRECTTAN, "false");
            createSuccessfulLoginContent(webSession, elementContainer, stringParameter4);
        } else if (!loggedIn(webSession)) {
            String str = "";
            if (!(stringParameter + stringParameter2).equals("")) {
                str = "Login failed! Make sure that user name and password is correct.";
            } else if (!stringParameter3.equals("")) {
                str = "Login failed. Tan is incorrect.";
            }
            createLogInContent(elementContainer, str);
        } else if (getCurrentTanPosition(webSession).intValue() > 5) {
            createNoTanLeftContent(elementContainer);
        } else {
            createAskForTanContent(webSession, elementContainer, getCurrentTanPosition(webSession).intValue(), stringParameter);
        }
        return elementContainer;
    }

    private void createLogInContent(ElementContainer elementContainer, String str) {
        Div div = new Div();
        div.setID("lesson_login");
        Table table = new Table();
        table.addAttribute("align='center'", 0);
        TR tr = new TR();
        TD td = new TD();
        TD td2 = new TD();
        td.addElement(new StringElement("Enter your name: "));
        td2.addElement(new Input("TEXT", USER));
        tr.addElement(td);
        tr.addElement(td2);
        TR tr2 = new TR();
        TD td3 = new TD();
        TD td4 = new TD();
        td3.addElement(new StringElement("Enter your password: "));
        td4.addElement(new Input(Input.PASSWORD, PASSWORD));
        tr2.addElement(td3);
        tr2.addElement(td4);
        TR tr3 = new TR();
        TD td5 = new TD();
        td5.setColSpan(2);
        td5.setAlign("center");
        td5.addElement(new Input(Input.SUBMIT, "Submit", "Submit"));
        tr3.addElement(td5);
        table.addElement(tr);
        table.addElement(tr2);
        table.addElement(tr3);
        div.addElement(table);
        elementContainer.addElement(div);
        H2 h2 = new H2(str);
        h2.addAttribute("align", "center");
        h2.addAttribute("class", SeleniumLogLevels.INFO);
        elementContainer.addElement(h2);
    }

    private void createAskForTanContent(WebSession webSession, ElementContainer elementContainer, int i, String str) {
        Div div = new Div();
        div.setID("lesson_login");
        Table table = new Table();
        table.addAttribute("align='center'", 0);
        TR tr = new TR();
        TD td = new TD();
        TD td2 = new TD();
        td.addElement(new StringElement("Enter TAN  #" + i + ": "));
        td2.addElement(new Input("TEXT", TAN));
        tr.addElement(td);
        tr.addElement(td2);
        TR tr2 = new TR();
        TD td3 = new TD();
        td3.setColSpan(2);
        td3.setAlign("center");
        td3.addElement(new Input(Input.SUBMIT, "Submit", "Submit"));
        tr2.addElement(td3);
        table.addElement(tr);
        table.addElement(tr2);
        elementContainer.addElement(new Input(Input.HIDDEN, HIDDEN_USER, str));
        div.addElement(table);
        elementContainer.addElement(div);
        elementContainer.addElement(createLogoutLink());
    }

    private void createNoTanLeftContent(ElementContainer elementContainer) {
        elementContainer.addElement(new BR());
        elementContainer.addElement(new BR());
        elementContainer.addElement(new BR());
        elementContainer.addElement(new BR());
        elementContainer.addElement(new H1("<center>No tan is left! Please contact the admin. </center>"));
        elementContainer.addElement(createLogoutLink());
    }

    private void createSuccessfulLoginContent(WebSession webSession, ElementContainer elementContainer, String str) {
        updateTan(str, webSession);
        Div div = new Div();
        div.setStyle("margin-top:50px;");
        div.addAttribute("align", "center");
        Table table = new Table();
        table.addAttribute("cellspacing", 10);
        table.addAttribute("cellpadding", 5);
        table.addAttribute("align", "center");
        TR tr = new TR();
        TR tr2 = new TR();
        TR tr3 = new TR();
        TR tr4 = new TR();
        tr.addElement(new TD("<b>Firstname:</b>"));
        tr.addElement(new TD(str));
        try {
            ResultSet user = getUser(str, webSession);
            if (user != null) {
                user.first();
                tr2.addElement(new TD("<b>Lastname:</b>"));
                tr2.addElement(new TD(user.getString("last_name")));
                tr3.addElement(new TD("<b>Credit Card Type:</b>"));
                tr3.addElement(new TD(user.getString("cc_type")));
                tr4.addElement(new TD("<b>Credit Card Number:</b>"));
                tr4.addElement(new TD(user.getString(WsSqlInjection.ccNumber)));
                if (!str.equals(getLoggedInUser(webSession))) {
                    makeSuccess(webSession);
                }
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
        table.addElement(tr);
        table.addElement(tr2);
        table.addElement(tr3);
        table.addElement(tr4);
        div.addElement(table);
        elementContainer.addElement(div);
        elementContainer.addElement(createLogoutLink());
    }

    private Element createLogoutLink() {
        A a = new A();
        a.addAttribute("href", getLink() + "&logout=true");
        a.addElement("Logout");
        Div div = new Div();
        div.addAttribute("align", "right");
        div.addElement(a);
        div.setStyle("margin-right:50px; mrgin-top:30px");
        return div;
    }

    private void updateTan(String str, WebSession webSession) {
        int tanPosition = getTanPosition(str, webSession);
        Connection connection = null;
        try {
            try {
                connection = DatabaseUtilities.getConnection(webSession);
                PreparedStatement prepareStatement = connection.prepareStatement("UPDATE user_data_tan SET login_count = ? WHERE first_name = ?", 1004, 1007);
                prepareStatement.setInt(1, tanPosition);
                prepareStatement.setString(2, str);
                prepareStatement.execute();
                if (connection != null) {
                    try {
                        connection.close();
                    } catch (Exception e) {
                        e.printStackTrace();
                    }
                }
            } catch (Exception e2) {
                e2.printStackTrace();
                if (connection != null) {
                    try {
                        connection.close();
                    } catch (Exception e3) {
                        e3.printStackTrace();
                    }
                }
            }
        } catch (Throwable th) {
            if (connection != null) {
                try {
                    connection.close();
                } catch (Exception e4) {
                    e4.printStackTrace();
                    throw th;
                }
            }
            throw th;
        }
    }

    private ResultSet getUser(String str, WebSession webSession) {
        Connection connection = null;
        try {
            try {
                connection = DatabaseUtilities.getConnection(webSession);
                PreparedStatement prepareStatement = connection.prepareStatement("SELECT * FROM user_data_tan WHERE first_name = ? ", 1004, 1007);
                prepareStatement.setString(1, str);
                ResultSet executeQuery = prepareStatement.executeQuery();
                if (connection != null) {
                    try {
                        connection.close();
                    } catch (Exception e) {
                        e.printStackTrace();
                    }
                }
                return executeQuery;
            } catch (Exception e2) {
                e2.printStackTrace();
                if (connection != null) {
                    try {
                        connection.close();
                    } catch (Exception e3) {
                        e3.printStackTrace();
                        return null;
                    }
                }
                return null;
            }
        } catch (Throwable th) {
            if (connection != null) {
                try {
                    connection.close();
                } catch (Exception e4) {
                    e4.printStackTrace();
                    throw th;
                }
            }
            throw th;
        }
    }

    private void resetTans(WebSession webSession) {
        Connection connection = null;
        try {
            try {
                connection = DatabaseUtilities.getConnection(webSession);
                connection.prepareStatement("UPDATE user_data_tan SET login_count = 0 WHERE login_count > 0", 1004, 1007).execute();
                if (connection != null) {
                    try {
                        connection.close();
                    } catch (Exception e) {
                        e.printStackTrace();
                    }
                }
            } catch (Throwable th) {
                if (connection != null) {
                    try {
                        connection.close();
                    } catch (Exception e2) {
                        e2.printStackTrace();
                        throw th;
                    }
                }
                throw th;
            }
        } catch (Exception e3) {
            e3.printStackTrace();
            if (connection != null) {
                try {
                    connection.close();
                } catch (Exception e4) {
                    e4.printStackTrace();
                }
            }
        }
    }

    private int getTanPosition(String str, WebSession webSession) {
        int i = 0;
        Connection connection = null;
        try {
            try {
                connection = DatabaseUtilities.getConnection(webSession);
                PreparedStatement prepareStatement = connection.prepareStatement("SELECT login_count FROM user_data_tan WHERE first_name = ?", 1004, 1007);
                prepareStatement.setString(1, str);
                ResultSet executeQuery = prepareStatement.executeQuery();
                if (executeQuery != null && executeQuery.first()) {
                    i = executeQuery.getInt(executeQuery.getRow()) + 1;
                    if (i > 5) {
                        i = 0;
                    }
                }
                if (connection != null) {
                    try {
                        connection.close();
                    } catch (Exception e) {
                        e.printStackTrace();
                    }
                }
            } catch (Throwable th) {
                if (connection != null) {
                    try {
                        connection.close();
                    } catch (Exception e2) {
                        e2.printStackTrace();
                        throw th;
                    }
                }
                throw th;
            }
        } catch (Exception e3) {
            e3.printStackTrace();
            if (connection != null) {
                try {
                    connection.close();
                } catch (Exception e4) {
                    e4.printStackTrace();
                }
            }
        }
        return i;
    }

    private String getTan(String str, int i, WebSession webSession) {
        Connection connection = null;
        try {
            try {
                connection = DatabaseUtilities.getConnection(webSession);
                PreparedStatement prepareStatement = connection.prepareStatement("SELECT tan.tanValue FROM user_data_tan, tan WHERE user_data_tan.first_name = ? AND user_data_tan.userid = tan.userid AND tan.tanNr = ?", 1004, 1007);
                prepareStatement.setString(1, str);
                prepareStatement.setInt(2, i);
                ResultSet executeQuery = prepareStatement.executeQuery();
                if (executeQuery == null || !executeQuery.first()) {
                    if (connection != null) {
                        try {
                            connection.close();
                        } catch (Exception e) {
                            e.printStackTrace();
                            return "";
                        }
                    }
                    return "";
                }
                String string = executeQuery.getString("tanValue");
                if (connection != null) {
                    try {
                        connection.close();
                    } catch (Exception e2) {
                        e2.printStackTrace();
                    }
                }
                return string;
            } catch (Throwable th) {
                if (connection != null) {
                    try {
                        connection.close();
                    } catch (Exception e3) {
                        e3.printStackTrace();
                        throw th;
                    }
                }
                throw th;
            }
        } catch (Exception e4) {
            e4.printStackTrace();
            if (connection != null) {
                try {
                    connection.close();
                } catch (Exception e5) {
                    e5.printStackTrace();
                    return "";
                }
            }
            return "";
        }
    }

    private boolean correctTan(String str, WebSession webSession) {
        if (getCurrentTan(webSession).equals("")) {
            return false;
        }
        return str.equals(getCurrentTan(webSession));
    }

    private boolean correctLogin(String str, String str2, WebSession webSession) {
        Connection connection = null;
        try {
            try {
                connection = DatabaseUtilities.getConnection(webSession);
                PreparedStatement prepareStatement = connection.prepareStatement("SELECT * FROM user_data_tan WHERE first_name = ? AND password = ?", 1004, 1007);
                prepareStatement.setString(1, str);
                prepareStatement.setString(2, str2);
                ResultSet executeQuery = prepareStatement.executeQuery();
                if (executeQuery != null) {
                    if (executeQuery.first()) {
                        if (connection != null) {
                            try {
                                connection.close();
                            } catch (Exception e) {
                                e.printStackTrace();
                            }
                        }
                        return true;
                    }
                }
                if (connection != null) {
                    try {
                        connection.close();
                    } catch (Exception e2) {
                        e2.printStackTrace();
                        return false;
                    }
                }
                return false;
            } catch (Exception e3) {
                e3.printStackTrace();
                if (connection != null) {
                    try {
                        connection.close();
                    } catch (Exception e4) {
                        e4.printStackTrace();
                        return false;
                    }
                }
                return false;
            }
        } catch (Throwable th) {
            if (connection != null) {
                try {
                    connection.close();
                } catch (Exception e5) {
                    e5.printStackTrace();
                    throw th;
                }
            }
            throw th;
        }
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Category getDefaultCategory() {
        return Category.AUTHENTICATION;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    public List<String> getHints(WebSession webSession) {
        ArrayList arrayList = new ArrayList();
        arrayList.add("How does the server know which User has to be logged in");
        arrayList.add("Maybe taking a look at the source code helps");
        arrayList.add("Watch out for hidden fields");
        arrayList.add("Manipulate the hidden field 'hidden_user'");
        return arrayList;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    public String getInstructions(WebSession webSession) {
        return "You are an attacker called Joe. You have a valid account by webgoat financial. Your goal is to log in as Jane. Your username is <b>Joe</b> and your password is <b>banana</b>. This are your TANS: <br>Tan #1 = 15161<br>Tan #2 = 4894<br>Tan #3 = 18794<br>Tan #4 = 1564<br>Tan #5 = 45751<br>";
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Integer getDefaultRanking() {
        return DEFAULT_RANKING;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson, org.owasp.webgoat.session.Screen
    public String getTitle() {
        return "Multi Level Login 2";
    }
}
