package org.owasp.webgoat.plugin;

import java.security.MessageDigest;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import javax.servlet.http.HttpServletResponse;
import org.apache.ecs.Element;
import org.apache.ecs.ElementContainer;
import org.apache.ecs.StringElement;
import org.apache.ecs.html.Form;
import org.apache.ecs.html.Input;
import org.apache.ecs.html.TD;
import org.apache.ecs.html.TR;
import org.apache.ecs.html.Table;
import org.openqa.selenium.remote.BrowserType;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.LessonAdapter;
import org.owasp.webgoat.session.WebSession;
import org.springframework.web.servlet.tags.form.AbstractHtmlElementTag;
import sun.misc.BASE64Encoder;

/* loaded from: input_file:WebGoat.war:plugin_lessons/http-only-1.0.jar:org/owasp/webgoat/plugin/HttpOnly.class */
public class HttpOnly extends LessonAdapter {
    private static final Integer DEFAULT_RANKING = new Integer(125);
    private static final String UNIQUE2U = "unique2u";
    private static final String HTTPONLY = "httponly";
    private static final String HTTPONLY_VALUE = "httponly_value";
    private static final String ACTION = "action";
    private static final String READ = "Read Cookie";
    private static final String WRITE = "Write Cookie";
    private static final String READ_RESULT = "read_result";
    private boolean httpOnly = false;
    private boolean readSuccess = false;
    private boolean writeSuccess = false;
    private String original = "undefined";

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson, org.owasp.webgoat.session.Screen
    public String getTitle() {
        return "HTTPOnly Test";
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Integer getDefaultRanking() {
        return DEFAULT_RANKING;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.session.Screen
    public Element createContent(WebSession webSession) {
        ElementContainer elementContainer = new ElementContainer();
        String parameter = webSession.getRequest().getParameter(HTTPONLY);
        String parameter2 = webSession.getRequest().getParameter("action");
        if (parameter != null) {
            this.httpOnly = Boolean.parseBoolean(parameter);
        }
        if (this.httpOnly) {
            setHttpOnly(webSession);
        } else {
            removeHttpOnly(webSession);
        }
        if (parameter2 != null) {
            if (parameter2.equals(READ)) {
                handleReadAction(webSession);
            } else if (parameter2.equals(WRITE)) {
                handleWriteAction(webSession);
            }
        }
        try {
            elementContainer.addElement(makeContent(webSession));
        } catch (Exception e) {
            webSession.setMessage("Error generating " + getClass().getName());
            e.printStackTrace();
        }
        return elementContainer;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Category getDefaultCategory() {
        return Category.XSS;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected List<String> getHints(WebSession webSession) {
        ArrayList arrayList = new ArrayList();
        arrayList.add("Read the directions and try out the buttons.");
        return arrayList;
    }

    private String createCustomCookieValue() {
        String str = null;
        BASE64Encoder bASE64Encoder = new BASE64Encoder();
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA");
            messageDigest.update(new Date().toString().getBytes());
            str = bASE64Encoder.encode(messageDigest.digest());
            this.original = str;
        } catch (Exception e) {
            e.printStackTrace();
        }
        return str;
    }

    private void setHttpOnly(WebSession webSession) {
        String createCustomCookieValue = createCustomCookieValue();
        HttpServletResponse response = webSession.getResponse();
        String cookie = webSession.getCookie(UNIQUE2U);
        if (cookie == null || cookie.equals("HACKED")) {
            response.setHeader("Set-Cookie", "unique2u=" + createCustomCookieValue + "; HttpOnly");
            this.original = createCustomCookieValue;
        } else {
            response.setHeader("Set-Cookie", "unique2u=" + cookie + "; HttpOnly");
            this.original = cookie;
        }
    }

    private void removeHttpOnly(WebSession webSession) {
        String createCustomCookieValue = createCustomCookieValue();
        HttpServletResponse response = webSession.getResponse();
        String cookie = webSession.getCookie(UNIQUE2U);
        if (cookie == null || cookie.equals("HACKED")) {
            response.setHeader("Set-Cookie", "unique2u=" + createCustomCookieValue + ";");
            this.original = createCustomCookieValue;
        } else {
            response.setHeader("Set-Cookie", "unique2u=" + cookie + ";");
            this.original = cookie;
        }
    }

    private ElementContainer makeContent(WebSession webSession) {
        Element addAttribute;
        Element addAttribute2;
        ElementContainer elementContainer = new ElementContainer();
        Element element = null;
        elementContainer.addElement(new StringElement(getJavaScript()));
        Form form = new Form();
        Table table = new Table();
        table.setWidth(500);
        TR tr = new TR();
        tr.addElement(new TD(new StringElement("Your browser appears to be: " + getBrowserType(webSession))));
        table.addElement(tr);
        table.addElement(new TR());
        TR tr2 = new TR();
        tr2.addElement(new TD(new StringElement("Do you wish to turn HTTPOnly on?")));
        tr2.addElement(new TD(new StringElement("Yes")));
        if (this.httpOnly) {
            addAttribute = new Input(Input.RADIO, HTTPONLY_VALUE, "True").addAttribute("Checked", "true");
        } else {
            addAttribute = new Input(Input.RADIO, HTTPONLY_VALUE, "True").addAttribute("onClick", "document.form.httponly.click();");
            element = new Input(Input.SUBMIT, HTTPONLY, "True").addAttribute("style", "visibility:hidden");
        }
        tr2.addElement(new TD(addAttribute));
        tr2.addElement(new TD(new StringElement("No")));
        if (this.httpOnly) {
            addAttribute2 = new Input(Input.RADIO, HTTPONLY_VALUE, "False").addAttribute("onClick", "document.form.httponly.click();");
            element = new Input(Input.SUBMIT, HTTPONLY, "False").addAttribute("style", "visibility:hidden");
        } else {
            addAttribute2 = new Input(Input.RADIO, HTTPONLY_VALUE, "False").addAttribute("Checked", "false");
        }
        tr2.addElement(new TD(addAttribute2));
        tr2.addElement(element);
        tr2.addElement(new Input(Input.HIDDEN, READ_RESULT, ""));
        table.addElement(tr2);
        form.addElement(table);
        Table table2 = new Table();
        TR tr3 = new TR();
        tr3.addElement(new TD(new Input(Input.SUBMIT, "action", READ).addAttribute(AbstractHtmlElementTag.ONCLICK_ATTRIBUTE, "myAlert();")));
        tr3.addElement(new TD(new Input(Input.SUBMIT, "action", WRITE).addAttribute(AbstractHtmlElementTag.ONCLICK_ATTRIBUTE, "modifyAlert();")));
        table2.addElement(tr3);
        form.addElement(table2);
        elementContainer.addElement(form);
        return elementContainer;
    }

    private void handleReadAction(WebSession webSession) {
        String parameter = webSession.getRequest().getParameter(READ_RESULT);
        if (!this.httpOnly) {
            if (parameter.indexOf(UNIQUE2U) != -1) {
                webSession.setMessage("Since HTTPOnly was not enabled, the 'unique2u' cookie was displayed in the alert dialog.");
                return;
            } else {
                webSession.setMessage("Since HTTPOnly was not enabled, the 'unique2u' cookie should have been displayed in the alert dialog, but was not for some reason. (This shouldn't happen)");
                return;
            }
        }
        if (parameter.indexOf(UNIQUE2U) != -1) {
            webSession.setMessage("FAILURE: Your browser did not enforce the HTTPOnly flag properly for the 'unique2u' cookie. It allowed direct client side read access to this cookie.");
            return;
        }
        webSession.setMessage("SUCCESS: Your browser enforced the HTTPOnly flag properly for the 'unique2u' cookie by preventing direct client side read access to this cookie.");
        if (!this.writeSuccess) {
            if (isCompleted(webSession)) {
                return;
            }
            webSession.setMessage("Now try to see if your browser protects write access to this cookie.");
            this.readSuccess = true;
            return;
        }
        if (isCompleted(webSession)) {
            return;
        }
        makeSuccess(webSession);
        this.readSuccess = false;
        this.writeSuccess = false;
    }

    private void handleWriteAction(WebSession webSession) {
        String cookie = webSession.getCookie(UNIQUE2U);
        if (!this.httpOnly) {
            if (this.original.equals(cookie)) {
                webSession.setMessage("Since HTTPOnly was not enabled, the browser should have allowed the 'unique2u' cookie to be modified on the client side, but it was not for some reason. (This shouldn't happen)");
                return;
            } else {
                webSession.setMessage("Since HTTPOnly was not enabled, the browser allowed the 'unique2u' cookie to be modified on the client side.");
                return;
            }
        }
        if (!this.original.equals(cookie)) {
            webSession.setMessage("FAILURE: Your browser did not enforce the write protection property of the HTTPOnly flag for the 'unique2u' cookie.");
            webSession.setMessage("The unique2u cookie was successfully modified to " + cookie + " on the client side.");
            return;
        }
        webSession.setMessage("SUCCESS: Your browser enforced the write protection property of the HTTPOnly flag for the 'unique2u' cookie by preventing client side modification.");
        if (!this.readSuccess) {
            if (isCompleted(webSession)) {
                return;
            }
            webSession.setMessage("Now try to see if your browser protects read access to this cookie.");
            this.writeSuccess = true;
            return;
        }
        if (isCompleted(webSession)) {
            return;
        }
        makeSuccess(webSession);
        this.readSuccess = false;
        this.writeSuccess = false;
    }

    private String getJavaScript() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("<script language=\"javascript\">\n");
        stringBuffer.append("function myAlert() {\n");
        stringBuffer.append("alert(document.cookie);\n");
        stringBuffer.append("document.form.read_result.value=document.cookie;\n");
        stringBuffer.append("return true;\n");
        stringBuffer.append("}\n");
        stringBuffer.append("function modifyAlert() {\n");
        stringBuffer.append("document.cookie='unique2u=HACKED;';\n");
        stringBuffer.append("alert(document.cookie);\n");
        stringBuffer.append("return true;\n");
        stringBuffer.append("}\n");
        stringBuffer.append("</script>\n");
        return stringBuffer.toString();
    }

    private String getBrowserType(WebSession webSession) {
        String str = "unknown";
        String lowerCase = webSession.getHeader("user-agent").toLowerCase();
        if (lowerCase != null) {
            if (lowerCase.indexOf(BrowserType.FIREFOX) != -1) {
                String substring = lowerCase.substring(lowerCase.indexOf(BrowserType.FIREFOX));
                str = substring.substring(0, getOffset(substring));
            } else if (lowerCase.indexOf("msie 6") != -1) {
                str = "Internet Explorer 6";
            } else if (lowerCase.indexOf("msie 7") != -1) {
                str = "Internet Explorer 7";
            } else if (lowerCase.indexOf("msie") != -1) {
                str = "Internet Explorer";
            } else if (lowerCase.indexOf(BrowserType.OPERA) != -1) {
                str = "Opera";
            } else if (lowerCase.indexOf(BrowserType.SAFARI) != -1) {
                str = "Safari";
            } else if (lowerCase.indexOf("netscape") != -1) {
                String substring2 = lowerCase.substring(lowerCase.indexOf("netscape"));
                str = substring2.substring(0, getOffset(substring2));
            } else if (lowerCase.indexOf(BrowserType.KONQUEROR) != -1) {
                str = "Konqueror";
            } else if (lowerCase.indexOf("mozilla") != -1) {
                str = "Mozilla";
            }
        }
        return str;
    }

    private int getOffset(String str) {
        int length = str.length();
        for (int i = 0; i < str.length(); i++) {
            if (str.charAt(i) < '!' || str.charAt(i) > '~') {
                length = i;
                break;
            }
        }
        return length;
    }
}
