package org.owasp.webgoat.plugin.GoatHillsFinancial;

import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import org.owasp.webgoat.session.ParameterNotFoundException;
import org.owasp.webgoat.session.UnauthenticatedException;
import org.owasp.webgoat.session.UnauthorizedException;
import org.owasp.webgoat.session.ValidationException;
import org.owasp.webgoat.session.WebSession;
import org.springframework.aop.framework.autoproxy.target.QuickTargetSourceCreator;

/* loaded from: input_file:WebGoat.war:plugin_lessons/goat-hills-financial-1.0.jar:org/owasp/webgoat/plugin/GoatHillsFinancial/FindProfile.class */
public class FindProfile extends DefaultLessonAction {
    private LessonAction chainedAction;

    public FindProfile(GoatHillsFinancial goatHillsFinancial, String str, String str2, LessonAction lessonAction) {
        super(goatHillsFinancial, str, str2);
        this.chainedAction = lessonAction;
    }

    @Override // org.owasp.webgoat.plugin.GoatHillsFinancial.DefaultLessonAction, org.owasp.webgoat.plugin.GoatHillsFinancial.LessonAction
    public void handleRequest(WebSession webSession) throws ParameterNotFoundException, UnauthenticatedException, UnauthorizedException, ValidationException {
        if (!isAuthenticated(webSession)) {
            throw new UnauthenticatedException();
        }
        findEmployeeProfile(webSession, getIntSessionAttribute(webSession, getLessonName() + "." + GoatHillsFinancial.USER_ID), webSession.getParser().getRawParameter(GoatHillsFinancial.SEARCHNAME));
        if (foundEmployee(webSession)) {
            try {
                this.chainedAction.handleRequest(webSession);
            } catch (UnauthenticatedException e) {
                e.printStackTrace();
            } catch (UnauthorizedException e2) {
                e2.printStackTrace();
            }
        }
    }

    @Override // org.owasp.webgoat.plugin.GoatHillsFinancial.DefaultLessonAction, org.owasp.webgoat.plugin.GoatHillsFinancial.LessonAction
    public String getNextPage(WebSession webSession) {
        String str = GoatHillsFinancial.SEARCHSTAFF_ACTION;
        if (foundEmployee(webSession)) {
            str = GoatHillsFinancial.VIEWPROFILE_ACTION;
        }
        return str;
    }

    private boolean foundEmployee(WebSession webSession) {
        boolean z = false;
        try {
            getIntRequestAttribute(webSession, getLessonName() + "." + GoatHillsFinancial.EMPLOYEE_ID);
            z = true;
        } catch (ParameterNotFoundException e) {
        }
        return z;
    }

    public Employee findEmployeeProfile(WebSession webSession, int i, String str) throws UnauthorizedException {
        Employee employee = null;
        removeSessionAttribute(webSession, getLessonName() + "." + GoatHillsFinancial.EMPLOYEE_ID);
        try {
            try {
                PreparedStatement prepareStatement = WebSession.getConnection(webSession).prepareStatement("SELECT * FROM employee WHERE first_name LIKE ? OR last_name LIKE ?", 1004, 1007);
                prepareStatement.setString(1, QuickTargetSourceCreator.PREFIX_THREAD_LOCAL + str + QuickTargetSourceCreator.PREFIX_THREAD_LOCAL);
                prepareStatement.setString(2, QuickTargetSourceCreator.PREFIX_THREAD_LOCAL + str + QuickTargetSourceCreator.PREFIX_THREAD_LOCAL);
                ResultSet executeQuery = prepareStatement.executeQuery();
                if (executeQuery.next()) {
                    int i2 = executeQuery.getInt("userid");
                    employee = new Employee(i2, executeQuery.getString("first_name"), executeQuery.getString("last_name"), executeQuery.getString(GoatHillsFinancial.SSN), executeQuery.getString("title"), executeQuery.getString("phone"), executeQuery.getString(GoatHillsFinancial.ADDRESS1), executeQuery.getString(GoatHillsFinancial.ADDRESS2), executeQuery.getInt("manager"), executeQuery.getString("start_date"), executeQuery.getInt(GoatHillsFinancial.SALARY), executeQuery.getString(GoatHillsFinancial.CCN), executeQuery.getInt("ccn_limit"), executeQuery.getString("disciplined_date"), executeQuery.getString("disciplined_notes"), executeQuery.getString("personal_description"));
                    setRequestAttribute(webSession, getLessonName() + "." + GoatHillsFinancial.EMPLOYEE_ID, Integer.toString(i2));
                }
            } catch (SQLException e) {
                webSession.setMessage("Error finding employee profile");
                e.printStackTrace();
            }
        } catch (Exception e2) {
            webSession.setMessage("Error finding employee profile");
            e2.printStackTrace();
        }
        return employee;
    }
}
