package org.owasp.webgoat.plugin;

import com.sun.jna.platform.win32.WinError;
import java.text.NumberFormat;
import java.util.ArrayList;
import java.util.List;
import java.util.Locale;
import java.util.regex.Pattern;
import org.apache.ecs.Element;
import org.apache.ecs.ElementContainer;
import org.apache.ecs.html.BR;
import org.apache.ecs.html.Center;
import org.apache.ecs.html.H1;
import org.apache.ecs.html.HR;
import org.apache.ecs.html.Input;
import org.apache.ecs.html.TD;
import org.apache.ecs.html.TH;
import org.apache.ecs.html.TR;
import org.apache.ecs.html.Table;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.LessonAdapter;
import org.owasp.webgoat.session.ECSFactory;
import org.owasp.webgoat.session.ParameterNotFoundException;
import org.owasp.webgoat.session.WebSession;
import org.owasp.webgoat.util.HtmlEncoder;
import org.springframework.beans.factory.support.PropertiesBeanDefinitionReader;

/* loaded from: input_file:WebGoat.war:plugin_lessons/concurrency-cart-1.0.jar:org/owasp/webgoat/plugin/ConcurrencyCart.class */
public class ConcurrencyCart extends LessonAdapter {
    private float ratio = 0.0f;
    private int discount = 0;
    private static int total = 0;
    private static float runningTOTAL = 0.0f;
    private static int subTOTAL = 0;
    private static float calcTOTAL = 0.0f;
    private static int quantity1 = 0;
    private static int quantity2 = 0;
    private static int quantity3 = 0;
    private static int quantity4 = 0;
    private static final Integer DEFAULT_RANKING = new Integer(120);

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.session.Screen
    public Element createContent(WebSession webSession) {
        ElementContainer createShoppingPage;
        try {
            String stringParameter = webSession.getParser().getStringParameter(Input.SUBMIT);
            if ("Purchase".equalsIgnoreCase(stringParameter)) {
                updateQuantity(webSession);
                createShoppingPage = createPurchaseContent(webSession, quantity1, quantity2, quantity3, quantity4);
            } else if ("Confirm".equalsIgnoreCase(stringParameter)) {
                createShoppingPage = confirmation(webSession, quantity1, quantity2, quantity3, quantity4);
                if (calcTOTAL == 0.0f) {
                    this.discount = 0;
                } else {
                    this.ratio = runningTOTAL / calcTOTAL;
                }
                if (calcTOTAL > runningTOTAL) {
                    this.discount = (int) (100.0f * (1.0f - this.ratio));
                    webSession.setMessage("Thank you for shopping! You have (illegally!) received a " + this.discount + "% discount. Police are on the way to your IP address.");
                    makeSuccess(webSession);
                } else if (calcTOTAL < runningTOTAL) {
                    this.discount = (int) (100.0f * (this.ratio - 1.0f));
                    webSession.setMessage("You are on the right track, but you actually overpaid by " + this.discount + "%. Try again!");
                }
            } else {
                updateQuantity(webSession);
                createShoppingPage = createShoppingPage(webSession, quantity1, quantity2, quantity3, quantity4);
            }
        } catch (ParameterNotFoundException e) {
            createShoppingPage = createShoppingPage(webSession, quantity1, quantity2, quantity3, quantity4);
        }
        return createShoppingPage;
    }

    private void updateQuantity(WebSession webSession) {
        quantity1 = thinkPositive(webSession.getParser().getIntParameter("QTY1", 0));
        quantity2 = thinkPositive(webSession.getParser().getIntParameter("QTY2", 0));
        quantity3 = thinkPositive(webSession.getParser().getIntParameter("QTY3", 0));
        quantity4 = thinkPositive(webSession.getParser().getIntParameter("QTY4", 0));
    }

    private ElementContainer createPurchaseContent(WebSession webSession, int i, int i2, int i3, int i4) {
        ElementContainer elementContainer = new ElementContainer();
        runningTOTAL = 0.0f;
        Pattern compile = Pattern.compile("^[0-9]{3}$");
        try {
            String rawParameter = webSession.getParser().getRawParameter("PAC", "111");
            String encode = HtmlEncoder.encode(webSession.getParser().getRawParameter("CC", "5321 1337 8888 2007"));
            if (!compile.matcher(rawParameter).matches()) {
                webSession.setMessage("Error! You entered " + HtmlEncoder.encode(rawParameter) + " instead of your 3 digit code.  Please try again.");
            }
            elementContainer.addElement(new HR().setWidth("90%"));
            elementContainer.addElement(new Center().addElement(new H1().addElement("Place your order ")));
            Table align = new Table().setCellSpacing(0).setCellPadding(2).setBorder(1).setWidth("90%").setAlign("center");
            if (webSession.isColor()) {
                align.setBorder(1);
            }
            TR tr = new TR();
            tr.addElement(new TH().addElement("Shopping Cart Items").setWidth("80%"));
            tr.addElement(new TH().addElement("Price").setWidth("10%"));
            tr.addElement(new TH().addElement("Quantity").setWidth("3%"));
            tr.addElement(new TH().addElement("Subtotal").setWidth("7%"));
            align.addElement(tr);
            TR tr2 = new TR();
            tr2.addElement(new TD().addElement("Hitachi - 750GB External Hard Drive"));
            tr2.addElement(new TD().addElement("$169.00").setAlign("right"));
            tr2.addElement(new TD().addElement(String.valueOf(i)).setAlign("center"));
            total = i * 169;
            runningTOTAL += total;
            tr2.addElement(new TD().addElement(PropertiesBeanDefinitionReader.CONSTRUCTOR_ARG_PREFIX + formatInt(total) + ".00"));
            align.addElement(tr2);
            TR tr3 = new TR();
            tr3.addElement(new TD().addElement("Hewlett-Packard - All-in-One Laser Printer"));
            tr3.addElement(new TD().addElement("$299.00").setAlign("right"));
            tr3.addElement(new TD().addElement(String.valueOf(i2)).setAlign("center"));
            total = i2 * WinError.ERROR_PARTIAL_COPY;
            runningTOTAL += total;
            tr3.addElement(new TD().addElement(PropertiesBeanDefinitionReader.CONSTRUCTOR_ARG_PREFIX + formatInt(total) + ".00"));
            align.addElement(tr3);
            TR tr4 = new TR();
            tr4.addElement(new TD().addElement("Sony - Vaio with Intel Centrino"));
            tr4.addElement(new TD().addElement("$1799.00").setAlign("right"));
            tr4.addElement(new TD().addElement(String.valueOf(i3)).setAlign("center"));
            total = i3 * WinError.ERROR_INVALID_SEPARATOR_FILE;
            runningTOTAL += total;
            tr4.addElement(new TD().addElement(PropertiesBeanDefinitionReader.CONSTRUCTOR_ARG_PREFIX + formatInt(total) + ".00"));
            align.addElement(tr4);
            TR tr5 = new TR();
            tr5.addElement(new TD().addElement("Toshiba - XGA LCD Projector "));
            tr5.addElement(new TD().addElement("$649.00").setAlign("right"));
            tr5.addElement(new TD().addElement(String.valueOf(i4)).setAlign("center"));
            total = i4 * WinError.ERROR_MOUNT_POINT_NOT_RESOLVED;
            runningTOTAL += total;
            tr5.addElement(new TD().addElement(PropertiesBeanDefinitionReader.CONSTRUCTOR_ARG_PREFIX + formatInt(total) + ".00"));
            align.addElement(tr5);
            elementContainer.addElement(align);
            Table align2 = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0).setWidth("90%").setAlign("center");
            if (webSession.isColor()) {
                align2.setBorder(1);
            }
            elementContainer.addElement(new BR());
            calcTOTAL = runningTOTAL;
            TR tr6 = new TR();
            tr6.addElement(new TD().addElement("Total:"));
            tr6.addElement(new TD().addElement(PropertiesBeanDefinitionReader.CONSTRUCTOR_ARG_PREFIX + formatFloat(runningTOTAL)).setAlign("right"));
            align2.addElement(tr6);
            TR tr7 = new TR();
            tr7.addElement(new TD().addElement("&nbsp;").setColSpan(2));
            align2.addElement(tr7);
            TR tr8 = new TR();
            tr8.addElement(new TD().addElement("Enter your credit card number:"));
            tr8.addElement(new TD().addElement(new Input("TEXT", "CC", encode)).setAlign("right"));
            align2.addElement(tr8);
            TR tr9 = new TR();
            tr9.addElement(new TD().addElement("Enter your three digit access code:"));
            tr9.addElement(new TD().addElement(new Input("TEXT", "PAC", rawParameter)).setAlign("right"));
            align2.addElement(tr9);
            Element makeButton = ECSFactory.makeButton("Confirm");
            TR tr10 = new TR();
            tr10.addElement(new TD().addElement(makeButton).setColSpan(2).setAlign("right"));
            align2.addElement(tr10);
            Element makeButton2 = ECSFactory.makeButton("Cancel");
            TR tr11 = new TR();
            tr11.addElement(new TD().addElement(makeButton2).setColSpan(2).setAlign("right"));
            align2.addElement(tr11);
            elementContainer.addElement(align2);
            elementContainer.addElement(new BR());
        } catch (Exception e) {
            webSession.setMessage("Error generating " + getClass().getName());
            e.printStackTrace();
        }
        return elementContainer;
    }

    private ElementContainer confirmation(WebSession webSession, int i, int i2, int i3, int i4) {
        ElementContainer elementContainer = new ElementContainer();
        calcTOTAL = 0.0f;
        try {
            elementContainer.addElement(new HR().setWidth("90%"));
            elementContainer.addElement(new Center().addElement(new H1().addElement("Thank you for your purchase!")));
            elementContainer.addElement(new Center().addElement(new H1().addElement("Confirmation number: CONC-88")));
            Table align = new Table().setCellSpacing(0).setCellPadding(2).setBorder(1).setWidth("90%").setAlign("center");
            if (webSession.isColor()) {
                align.setBorder(1);
            }
            TR tr = new TR();
            tr.addElement(new TH().addElement("Shopping Cart Items").setWidth("80%"));
            tr.addElement(new TH().addElement("Price").setWidth("10%"));
            tr.addElement(new TH().addElement("Quantity").setWidth("3%"));
            tr.addElement(new TH().addElement("Subtotal").setWidth("7%"));
            align.addElement(tr);
            TR tr2 = new TR();
            tr2.addElement(new TD().addElement("Hitachi - 750GB External Hard Drive"));
            tr2.addElement(new TD().addElement("$169.00").setAlign("right"));
            tr2.addElement(new TD().addElement(String.valueOf(i)).setAlign("center"));
            total = i * 169;
            calcTOTAL += total;
            tr2.addElement(new TD().addElement(PropertiesBeanDefinitionReader.CONSTRUCTOR_ARG_PREFIX + formatInt(total) + ".00"));
            align.addElement(tr2);
            TR tr3 = new TR();
            tr3.addElement(new TD().addElement("Hewlett-Packard - All-in-One Laser Printer"));
            tr3.addElement(new TD().addElement("$299.00").setAlign("right"));
            tr3.addElement(new TD().addElement(String.valueOf(i2)).setAlign("center"));
            total = i2 * WinError.ERROR_PARTIAL_COPY;
            calcTOTAL += total;
            tr3.addElement(new TD().addElement(PropertiesBeanDefinitionReader.CONSTRUCTOR_ARG_PREFIX + formatInt(total) + ".00"));
            align.addElement(tr3);
            TR tr4 = new TR();
            tr4.addElement(new TD().addElement("Sony - Vaio with Intel Centrino"));
            tr4.addElement(new TD().addElement("$1799.00").setAlign("right"));
            tr4.addElement(new TD().addElement(String.valueOf(i3)).setAlign("center"));
            total = i3 * WinError.ERROR_INVALID_SEPARATOR_FILE;
            calcTOTAL += total;
            tr4.addElement(new TD().addElement(PropertiesBeanDefinitionReader.CONSTRUCTOR_ARG_PREFIX + formatInt(total) + ".00"));
            align.addElement(tr4);
            TR tr5 = new TR();
            tr5.addElement(new TD().addElement("Toshiba - XGA LCD Projector "));
            tr5.addElement(new TD().addElement("$649.00").setAlign("right"));
            tr5.addElement(new TD().addElement(String.valueOf(i4)).setAlign("center"));
            total = i4 * WinError.ERROR_MOUNT_POINT_NOT_RESOLVED;
            calcTOTAL += total;
            tr5.addElement(new TD().addElement(PropertiesBeanDefinitionReader.CONSTRUCTOR_ARG_PREFIX + formatInt(total) + ".00"));
            align.addElement(tr5);
            elementContainer.addElement(align);
            Table align2 = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0).setWidth("90%").setAlign("center");
            if (webSession.isColor()) {
                align2.setBorder(1);
            }
            elementContainer.addElement(new BR());
            TR tr6 = new TR();
            tr6.addElement(new TD().addElement("Total Amount Charged to Your Credit Card:"));
            tr6.addElement(new TD().addElement(PropertiesBeanDefinitionReader.CONSTRUCTOR_ARG_PREFIX + formatFloat(runningTOTAL)).setAlign("right"));
            align2.addElement(tr6);
            TR tr7 = new TR();
            tr7.addElement(new TD().addElement("&nbsp;").setColSpan(2));
            align2.addElement(tr7);
            Element makeButton = ECSFactory.makeButton("Return to Store");
            TR tr8 = new TR();
            tr8.addElement(new TD().addElement(makeButton).setColSpan(2).setAlign("center"));
            align2.addElement(tr8);
            elementContainer.addElement(align2);
            elementContainer.addElement(new BR());
        } catch (Exception e) {
            webSession.setMessage("Error generating " + getClass().getName());
            e.printStackTrace();
        }
        return elementContainer;
    }

    private ElementContainer createShoppingPage(WebSession webSession, int i, int i2, int i3, int i4) {
        ElementContainer elementContainer = new ElementContainer();
        subTOTAL = 0;
        try {
            elementContainer.addElement(new HR().setWidth("90%"));
            elementContainer.addElement(new Center().addElement(new H1().addElement("Shopping Cart ")));
            Table align = new Table().setCellSpacing(0).setCellPadding(2).setBorder(1).setWidth("90%").setAlign("center");
            if (webSession.isColor()) {
                align.setBorder(1);
            }
            TR tr = new TR();
            tr.addElement(new TH().addElement("Shopping Cart Items").setWidth("80%"));
            tr.addElement(new TH().addElement("Price").setWidth("10%"));
            tr.addElement(new TH().addElement("Quantity").setWidth("3%"));
            tr.addElement(new TH().addElement("Subtotal").setWidth("7%"));
            align.addElement(tr);
            TR tr2 = new TR();
            tr2.addElement(new TD().addElement("Hitachi - 750GB External Hard Drive"));
            tr2.addElement(new TD().addElement("$169.00").setAlign("right"));
            tr2.addElement(new TD().addElement(new Input("TEXT", "QTY1", String.valueOf(i))).setAlign("right"));
            total = i * 169;
            subTOTAL += total;
            tr2.addElement(new TD().addElement(PropertiesBeanDefinitionReader.CONSTRUCTOR_ARG_PREFIX + formatInt(total) + ".00"));
            align.addElement(tr2);
            TR tr3 = new TR();
            tr3.addElement(new TD().addElement("Hewlett-Packard - All-in-One Laser Printer"));
            tr3.addElement(new TD().addElement("$299.00").setAlign("right"));
            tr3.addElement(new TD().addElement(new Input("TEXT", "QTY2", String.valueOf(i2))).setAlign("right"));
            total = i2 * WinError.ERROR_PARTIAL_COPY;
            subTOTAL += total;
            tr3.addElement(new TD().addElement(PropertiesBeanDefinitionReader.CONSTRUCTOR_ARG_PREFIX + formatInt(total) + ".00"));
            align.addElement(tr3);
            TR tr4 = new TR();
            tr4.addElement(new TD().addElement("Sony - Vaio with Intel Centrino"));
            tr4.addElement(new TD().addElement("$1799.00").setAlign("right"));
            tr4.addElement(new TD().addElement(new Input("TEXT", "QTY3", String.valueOf(i3))).setAlign("right"));
            total = i3 * WinError.ERROR_INVALID_SEPARATOR_FILE;
            subTOTAL += total;
            tr4.addElement(new TD().addElement(PropertiesBeanDefinitionReader.CONSTRUCTOR_ARG_PREFIX + formatInt(total) + ".00"));
            align.addElement(tr4);
            TR tr5 = new TR();
            tr5.addElement(new TD().addElement("Toshiba - XGA LCD Projector "));
            tr5.addElement(new TD().addElement("$649.00").setAlign("right"));
            tr5.addElement(new TD().addElement(new Input("TEXT", "QTY4", String.valueOf(i4))).setAlign("right"));
            total = i4 * WinError.ERROR_MOUNT_POINT_NOT_RESOLVED;
            subTOTAL += total;
            tr5.addElement(new TD().addElement(PropertiesBeanDefinitionReader.CONSTRUCTOR_ARG_PREFIX + formatInt(total) + ".00"));
            align.addElement(tr5);
            elementContainer.addElement(align);
            Table align2 = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0).setWidth("90%").setAlign("center");
            if (webSession.isColor()) {
                align2.setBorder(1);
            }
            elementContainer.addElement(new BR());
            TR tr6 = new TR();
            tr6.addElement(new TD().addElement("Total: $" + formatInt(subTOTAL) + ".00").setAlign("left"));
            align2.addElement(tr6);
            Element makeButton = ECSFactory.makeButton("Update Cart");
            TR tr7 = new TR();
            tr7.addElement(new TD().addElement(makeButton).setColSpan(2).setAlign("right"));
            align2.addElement(tr7);
            TR tr8 = new TR();
            tr8.addElement(new TD().addElement("&nbsp;").setColSpan(2));
            align2.addElement(tr8);
            Element makeButton2 = ECSFactory.makeButton("Purchase");
            TR tr9 = new TR();
            tr9.addElement(new TD().addElement(makeButton2).setColSpan(2).setAlign("right"));
            align2.addElement(tr9);
            elementContainer.addElement(align2);
            elementContainer.addElement(new BR());
        } catch (Exception e) {
            webSession.setMessage("Error generating " + getClass().getName());
            e.printStackTrace();
        }
        return elementContainer;
    }

    String formatInt(int i) {
        return NumberFormat.getIntegerInstance(Locale.US).format(i);
    }

    String formatFloat(float f) {
        NumberFormat numberInstance = NumberFormat.getNumberInstance(Locale.US);
        numberInstance.setMinimumFractionDigits(2);
        numberInstance.setMaximumFractionDigits(2);
        return numberInstance.format(f);
    }

    int thinkPositive(int i) {
        if (i < 0) {
            return 0;
        }
        return i;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Category getDefaultCategory() {
        return Category.CONCURRENCY;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected List<String> getHints(WebSession webSession) {
        ArrayList arrayList = new ArrayList();
        arrayList.add("Can you purchase the merchandise in your shopping cart for a lower price?");
        arrayList.add("Try using a new browser window to get a lower price.");
        arrayList.add("In window A, purchase a low cost item. In window B, update the card with a high cost item.");
        arrayList.add("In window A, commit after updating cart in window B.");
        return arrayList;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    public String getInstructions(WebSession webSession) {
        return "For this exercise, your mission is to exploit the concurrency issue which will allow you to purchase merchandise for a lower price.";
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Integer getDefaultRanking() {
        return DEFAULT_RANKING;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson, org.owasp.webgoat.session.Screen
    public String getTitle() {
        return "Shopping Cart Concurrency Flaw";
    }
}
