package org.owasp.webgoat.plugin;

import java.util.ArrayList;
import java.util.List;
import org.apache.ecs.Element;
import org.apache.ecs.ElementContainer;
import org.apache.ecs.StringElement;
import org.apache.ecs.html.Input;
import org.apache.ecs.html.P;
import org.apache.ecs.html.TD;
import org.apache.ecs.html.TR;
import org.apache.ecs.html.Table;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.SequentialLessonAdapter;
import org.owasp.webgoat.session.ECSFactory;
import org.owasp.webgoat.session.WebSession;

/* loaded from: input_file:WebGoat.war:plugin_lessons/basic-authentication-1.0.jar:org/owasp/webgoat/plugin/BasicAuthentication.class */
public class BasicAuthentication extends SequentialLessonAdapter {
    private static final String EMPTY_STRING = "";
    private static final String WEBGOAT_BASIC = "webgoat_basic";
    private static final String AUTHORIZATION = "Authorization";
    private static final String ORIGINAL_AUTH = "Original_Auth";
    private static final String ORIGINAL_USER = "Original.user";
    private static final String BASIC = "basic";
    private static final String JSESSIONID = "JSESSIONID";
    private static final String HEADER_NAME = "header";
    private static final String HEADER_VALUE = "value";
    private static final Integer DEFAULT_RANKING = new Integer(100);

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.session.Screen
    public Element createContent(WebSession webSession) {
        return super.createStagedContent(webSession);
    }

    @Override // org.owasp.webgoat.lessons.SequentialLessonAdapter
    protected Element doStage1(WebSession webSession) throws Exception {
        String str;
        String str2;
        ElementContainer elementContainer = new ElementContainer();
        try {
            str = new String(webSession.getParser().getStringParameter("header", ""));
            str2 = new String(webSession.getParser().getStringParameter("value", ""));
        } catch (Exception e) {
            webSession.setMessage("Error generating " + getClass().getName());
            e.printStackTrace();
        }
        if (str.equalsIgnoreCase("Authorization") && (str2.equals("guest:guest") || str2.equals("webgoat:webgoat"))) {
            getLessonTracker(webSession).setStage(2);
            return doStage2(webSession);
        }
        if (str.length() > 0 && !str.equalsIgnoreCase("Authorization")) {
            webSession.setMessage(getLabelManager().get("BasicAuthHeaderNameIncorrect"));
        }
        if (str2.length() > 0 && !str2.equals("guest:guest") && !str2.equals("webgoat:webgoat")) {
            webSession.setMessage(getLabelManager().get("BasicAuthHeaderValueIncorrect"));
        }
        Table border = new Table(0).setCellSpacing(0).setCellPadding(0).setBorder(0);
        if (webSession.isColor()) {
            border.setBorder(1);
        }
        TR tr = new TR();
        TR tr2 = new TR();
        tr.addElement(new TD(new StringElement(getLabelManager().get("BasicAuthenticationWhatIsNameOfHeader"))));
        tr2.addElement(new TD(new StringElement(getLabelManager().get("BasicAuthenticationWhatIsDecodedValueOfHeader"))));
        tr.addElement(new TD(new Input("TEXT", "header", str.toString())));
        tr2.addElement(new TD(new Input("TEXT", "value", str2.toString())));
        border.addElement(tr);
        border.addElement(tr2);
        elementContainer.addElement(border);
        elementContainer.addElement(new P());
        elementContainer.addElement(ECSFactory.makeButton(getLabelManager().get("Submit")));
        return elementContainer;
    }

    @Override // org.owasp.webgoat.lessons.SequentialLessonAdapter
    protected Element doStage2(WebSession webSession) throws Exception {
        ElementContainer elementContainer = new ElementContainer();
        try {
        } catch (Exception e) {
            webSession.setMessage(getLabelManager().get("ErrorGenerating") + getClass().getName());
            e.printStackTrace();
        }
        if (webSession.getRequest().isUserInRole(WEBGOAT_BASIC)) {
            String property = getLessonTracker(webSession).getLessonProperties().getProperty(ORIGINAL_USER, "");
            getLessonTracker(webSession, property).setCompleted(true);
            getLessonTracker(webSession, property).setStage(1);
            getLessonTracker(webSession, property).store(webSession, this);
            makeSuccess(webSession);
            webSession.setMessage(getLabelManager().get("BasicAuthenticiationGreenStars1") + property + getLabelManager().get("BasicAuthenticationGreenStars2"));
            return elementContainer;
        }
        String property2 = getLessonTracker(webSession).getLessonProperties().getProperty(ORIGINAL_AUTH, "");
        String property3 = getLessonTracker(webSession).getLessonProperties().getProperty(JSESSIONID, webSession.getCookie(JSESSIONID));
        if (property3.equals(webSession.getCookie(JSESSIONID))) {
            getLessonTracker(webSession).getLessonProperties().setProperty(JSESSIONID, property3);
            getLessonTracker(webSession).getLessonProperties().setProperty(ORIGINAL_AUTH, webSession.getHeader("Authorization"));
            getLessonTracker(webSession, BASIC).getLessonProperties().setProperty(ORIGINAL_USER, webSession.getUserName());
            getLessonTracker(webSession, BASIC).setStage(2);
            getLessonTracker(webSession, BASIC).store(webSession, this, BASIC);
        }
        webSession.setMessage(getLabelManager().get("BasicAuthenticationStage1Completed"));
        if (!property2.equals("") && !property2.equals(webSession.getHeader("Authorization"))) {
            elementContainer.addElement(getLabelManager().get("BasicAuthenticationAlmostThere1") + "Authorization" + getLabelManager().get("BasicAuthenticationAlmostThere2") + webSession.getUserName() + getLabelManager().get("BasicAuthenticationAlmostThere3"));
        } else if (property3.equals(webSession.getCookie(JSESSIONID))) {
            elementContainer.addElement(getLabelManager().get("BasicAuthenticationUseTheHints"));
        } else {
            elementContainer.addElement(getLabelManager().get("BasicAuthenticationReallyClose"));
        }
        return elementContainer;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Category getDefaultCategory() {
        return Category.AUTHENTICATION;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    public List<String> getHints(WebSession webSession) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(getLabelManager().get("BasicAuthenticationHint1"));
        arrayList.add(getLabelManager().get("BasicAuthenticationHint2"));
        arrayList.add(getLabelManager().get("BasicAuthenticationHint3"));
        arrayList.add(getLabelManager().get("BasicAuthenticationHint4"));
        arrayList.add(getLabelManager().get("BasicAuthenticationHint5"));
        arrayList.add(getLabelManager().get("BasicAuthenticationHint6"));
        arrayList.add(getLabelManager().get("BasicAuthenticationHint7"));
        arrayList.add(getLabelManager().get("BasicAuthenticationHint8"));
        arrayList.add(getLabelManager().get("BasicAuthenticationHint9"));
        return arrayList;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Integer getDefaultRanking() {
        return DEFAULT_RANKING;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson, org.owasp.webgoat.session.Screen
    public String getTitle() {
        return "Basic Authentication";
    }
}
