package org.owasp.webgoat.plugin;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.util.ArrayList;
import java.util.List;
import org.apache.ecs.Element;
import org.apache.ecs.ElementContainer;
import org.apache.ecs.StringElement;
import org.apache.ecs.html.A;
import org.apache.ecs.html.BR;
import org.apache.ecs.html.Div;
import org.apache.ecs.html.Input;
import org.apache.ecs.html.Option;
import org.apache.ecs.html.Select;
import org.apache.ecs.html.TD;
import org.apache.ecs.html.TR;
import org.apache.ecs.html.Table;
import org.apache.http.HttpVersion;
import org.jboss.netty.handler.codec.rtsp.RtspHeaders;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.SequentialLessonAdapter;
import org.owasp.webgoat.session.DatabaseUtilities;
import org.owasp.webgoat.session.WebSession;

/* loaded from: input_file:WebGoat.war:plugin_lessons/insecure-login-1.0.jar:org/owasp/webgoat/plugin/InsecureLogin.class */
public class InsecureLogin extends SequentialLessonAdapter {
    private static final String USER = "clear_user";
    private static final String PASSWORD = "clear_pass";
    private static final String ANSWER = "clear_answer";
    private static final String YESNO = "yesno";
    private static final String PROTOCOL = "protocol";
    private static final Integer DEFAULT_RANKING = new Integer(100);

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.session.Screen
    public Element createContent(WebSession webSession) {
        return super.createStagedContent(webSession);
    }

    @Override // org.owasp.webgoat.lessons.SequentialLessonAdapter
    protected Element doStage1(WebSession webSession) throws Exception {
        if (webSession.getParser().getStringParameter(ANSWER, "").equals("sniffy")) {
            webSession.setMessage("You completed Stage 1!");
            getLessonTracker(webSession).setStage(2);
        }
        return createMainContent(webSession);
    }

    @Override // org.owasp.webgoat.lessons.SequentialLessonAdapter
    protected Element doStage2(WebSession webSession) throws Exception {
        String stringParameter = webSession.getParser().getStringParameter(PROTOCOL, "");
        if (webSession.getParser().getStringParameter(YESNO, "").equals("No") && stringParameter.equals("TLS")) {
            makeSuccess(webSession);
        }
        return createMainContent(webSession);
    }

    protected Element createMainContent(WebSession webSession) {
        ElementContainer elementContainer = new ElementContainer();
        try {
            elementContainer.addElement("<link rel=\"stylesheet\" type=\"text/css\" href=\"" + LessonUtil.buildJspPath(webSession, this, "insecureLogin.css", true) + "\" />");
            Div div = new Div();
            div.setID("lesson_wrapper");
            Div div2 = new Div();
            div2.setID("lesson_header");
            Div div3 = new Div();
            div3.setClass("lesson_workspace");
            div.addElement(div2);
            div.addElement(div3);
            elementContainer.addElement(div);
            String stringParameter = webSession.getParser().getStringParameter(USER, "");
            String stringParameter2 = webSession.getParser().getStringParameter(PASSWORD, "");
            if ((stringParameter + stringParameter2).equals("") || !correctLogin(stringParameter, stringParameter2, webSession)) {
                div3.addElement(createLogInContent());
            } else {
                div3.addElement(createSuccessfulLoginContent(webSession, stringParameter));
            }
        } catch (Exception e) {
            webSession.setMessage("Error generating " + getClass().getName());
            e.printStackTrace();
        }
        return elementContainer;
    }

    private Element createLogInContent() {
        ElementContainer elementContainer = new ElementContainer();
        Div div = new Div();
        div.setID("lesson_login");
        div.addElement(new BR());
        div.addElement(new BR());
        Table table = new Table();
        table.addAttribute("align='center'", 0);
        TR tr = new TR();
        TD td = new TD();
        TD td2 = new TD();
        td.addElement(new StringElement("Enter your name: "));
        td2.addElement(new Input("TEXT", USER).setValue("Jack").setReadOnly(true));
        tr.addElement(td);
        tr.addElement(td2);
        TR tr2 = new TR();
        TD td3 = new TD();
        TD td4 = new TD();
        td3.addElement(new StringElement("Enter your password: "));
        td4.addElement(new Input(Input.PASSWORD, PASSWORD).setValue("sniffy").setReadOnly(true));
        tr2.addElement(td3);
        tr2.addElement(td4);
        TR tr3 = new TR();
        TD td5 = new TD();
        td5.setColSpan(2);
        td5.setAlign("center");
        td5.addElement(new Input(Input.SUBMIT, "Submit", "Submit"));
        tr3.addElement(td5);
        table.addElement(tr);
        table.addElement(tr2);
        table.addElement(tr3);
        div.addElement(table);
        elementContainer.addElement(div);
        return elementContainer;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Category getDefaultCategory() {
        return Category.INSECURE_COMMUNICATION;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    public List<String> getHints(WebSession webSession) {
        ArrayList arrayList = new ArrayList();
        arrayList.add("Stage 1: Use a sniffer to record the traffic");
        arrayList.add("Stage 1: What Protocol does the request use?");
        arrayList.add("Stage 1: What kind of request is started when you click on the button?");
        arrayList.add("Stage 1: Take a closer look at the HTTP Post request in your sniffer");
        arrayList.add("Stage 1: The password field has the name clear_pass");
        return arrayList;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Integer getDefaultRanking() {
        return DEFAULT_RANKING;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson, org.owasp.webgoat.session.Screen
    public String getTitle() {
        return "Insecure Login";
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    public String getInstructions(WebSession webSession) {
        int stage = getLessonTracker(webSession).getStage();
        String str = "<b>For this lesson you need to have a server client setup. Please refer to theTomcat Configuration in the Introduction section.</b><br><br> Stage" + stage + ": ";
        if (stage == 1) {
            str = str + "In this stage you have to sniff the password. And answer the question after the login.";
        }
        if (stage == 2) {
            str = str + "Now you have to change to a secure connection. The URL should start with https:// If your browser is complaining about the certificate just ignore it. Sniff again the traffic and answer the questions";
        }
        return str;
    }

    private boolean correctLogin(String str, String str2, WebSession webSession) {
        Connection connection = null;
        try {
            try {
                connection = DatabaseUtilities.getConnection(webSession);
                PreparedStatement prepareStatement = connection.prepareStatement("SELECT * FROM user_data_tan WHERE first_name = ? AND password = ?", 1004, 1007);
                prepareStatement.setString(1, str);
                prepareStatement.setString(2, str2);
                ResultSet executeQuery = prepareStatement.executeQuery();
                if (executeQuery != null) {
                    if (executeQuery.first()) {
                        if (connection != null) {
                            try {
                                connection.close();
                            } catch (Exception e) {
                                e.printStackTrace();
                            }
                        }
                        return true;
                    }
                }
                if (connection != null) {
                    try {
                        connection.close();
                    } catch (Exception e2) {
                        e2.printStackTrace();
                        return false;
                    }
                }
                return false;
            } catch (Exception e3) {
                e3.printStackTrace();
                if (connection != null) {
                    try {
                        connection.close();
                    } catch (Exception e4) {
                        e4.printStackTrace();
                        return false;
                    }
                }
                return false;
            }
        } catch (Throwable th) {
            if (connection != null) {
                try {
                    connection.close();
                } catch (Exception e5) {
                    e5.printStackTrace();
                    throw th;
                }
            }
            throw th;
        }
    }

    private Element createSuccessfulLoginContent(WebSession webSession, String str) {
        ElementContainer elementContainer = new ElementContainer();
        Div div = new Div();
        div.setStyle("margin-top:50px;");
        div.addAttribute("align", "center");
        Table table = new Table();
        table.addAttribute("cellspacing", 10);
        table.addAttribute("cellpadding", 5);
        table.addAttribute("align", "center");
        TR tr = new TR();
        TR tr2 = new TR();
        TR tr3 = new TR();
        TR tr4 = new TR();
        tr.addElement(new TD("<b>Firstname:</b>"));
        tr.addElement(new TD(str));
        try {
            ResultSet user = getUser(str, webSession);
            user.first();
            tr2.addElement(new TD("<b>Lastname:</b>"));
            tr2.addElement(new TD(user.getString("last_name")));
            tr3.addElement(new TD("<b>Credit Card Type:</b>"));
            tr3.addElement(new TD(user.getString("cc_type")));
            tr4.addElement(new TD("<b>Credit Card Number:</b>"));
            tr4.addElement(new TD(user.getString(WsSqlInjection.ccNumber)));
        } catch (Exception e) {
            e.printStackTrace();
        }
        table.addElement(tr);
        table.addElement(tr2);
        table.addElement(tr3);
        table.addElement(tr4);
        div.addElement(table);
        elementContainer.addElement(div);
        elementContainer.addElement(createLogoutLink());
        int stage = getLessonTracker(webSession).getStage();
        if (stage == 1) {
            elementContainer.addElement(createPlaintextQuestionContent());
        } else if (stage == 2) {
            elementContainer.addElement(createSSLQuestionContent());
        }
        return elementContainer;
    }

    private Element createPlaintextQuestionContent() {
        ElementContainer elementContainer = new ElementContainer();
        Div div = new Div();
        div.addAttribute("align", "center");
        div.addElement(new BR());
        div.addElement(new BR());
        div.addElement("What was the password?");
        div.addElement(new Input("TEXT", ANSWER));
        div.addElement(new Input(Input.SUBMIT, "Submit", "Submit"));
        elementContainer.addElement(div);
        return elementContainer;
    }

    private Element createSSLQuestionContent() {
        ElementContainer elementContainer = new ElementContainer();
        Table table = new Table();
        TR tr = new TR();
        TD td = new TD();
        TD td2 = new TD();
        TR tr2 = new TR();
        TD td3 = new TD();
        TD td4 = new TD();
        tr.addElement(td);
        tr.addElement(td2);
        tr2.addElement(td3);
        tr2.addElement(td4);
        table.addElement(tr);
        table.addElement(tr2);
        Div div = new Div();
        div.addAttribute("align", "center");
        elementContainer.addElement(new BR());
        elementContainer.addElement(new BR());
        td.addElement("Is the password still transmited in plaintext?");
        Select select = new Select();
        select.setName(YESNO);
        Option option = new Option();
        option.addElement("Yes");
        Option option2 = new Option();
        option2.addElement("No");
        select.addElement(option);
        select.addElement(option2);
        td2.addElement(select);
        td3.addElement("Which protocol is used for the transmission?");
        Select select2 = new Select();
        select2.setName(PROTOCOL);
        Option option3 = new Option();
        option3.addElement(HttpVersion.HTTP);
        Option option4 = new Option();
        option4.addElement(RtspHeaders.Values.UDP);
        Option option5 = new Option();
        option5.addElement("IPSEC");
        Option option6 = new Option();
        option6.addElement("MSNMS");
        Option option7 = new Option();
        option7.addElement("TLS");
        select2.addElement(option3);
        select2.addElement(option5);
        select2.addElement(option6);
        select2.addElement(option4);
        select2.addElement(option7);
        td4.addElement(select2);
        div.addElement(table);
        div.addElement(new Input(Input.SUBMIT, "Submit", "Submit"));
        elementContainer.addElement(div);
        return elementContainer;
    }

    private ResultSet getUser(String str, WebSession webSession) {
        Connection connection = null;
        try {
            try {
                connection = DatabaseUtilities.getConnection(webSession);
                PreparedStatement prepareStatement = connection.prepareStatement("SELECT * FROM user_data_tan WHERE first_name = ? ", 1004, 1007);
                prepareStatement.setString(1, str);
                ResultSet executeQuery = prepareStatement.executeQuery();
                if (connection != null) {
                    try {
                        connection.close();
                    } catch (Exception e) {
                        e.printStackTrace();
                    }
                }
                return executeQuery;
            } catch (Exception e2) {
                e2.printStackTrace();
                if (connection != null) {
                    try {
                        connection.close();
                    } catch (Exception e3) {
                        e3.printStackTrace();
                        return null;
                    }
                }
                return null;
            }
        } catch (Throwable th) {
            if (connection != null) {
                try {
                    connection.close();
                } catch (Exception e4) {
                    e4.printStackTrace();
                    throw th;
                }
            }
            throw th;
        }
    }

    private Element createLogoutLink() {
        A a = new A();
        a.addAttribute("href", getLink() + "&logout=true");
        a.addElement("Logout");
        Div div = new Div();
        div.addAttribute("align", "right");
        div.addElement(a);
        div.setStyle("margin-right:50px; mrgin-top:30px");
        return div;
    }
}
