package org.owasp.webgoat.plugin;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import org.apache.ecs.Element;
import org.apache.ecs.ElementContainer;
import org.apache.ecs.StringElement;
import org.apache.ecs.html.B;
import org.apache.ecs.html.BR;
import org.apache.ecs.html.H1;
import org.apache.ecs.html.Input;
import org.apache.ecs.html.TD;
import org.apache.ecs.html.TH;
import org.apache.ecs.html.TR;
import org.apache.ecs.html.Table;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.LessonAdapter;
import org.owasp.webgoat.session.ECSFactory;
import org.owasp.webgoat.session.WebSession;

/* loaded from: input_file:WebGoat.war:plugin_lessons/forgot-password-1.0.jar:org/owasp/webgoat/plugin/ForgotPassword.class */
public class ForgotPassword extends LessonAdapter {
    private static final String USERNAME = "Username";
    private static final String COLOR = "Color";
    private static String USERNAME_RESPONSE = "";
    private static String COLOR_RESPONSE = "";
    private static int STAGE = 1;
    private static final HashMap<String, String> USERS = new HashMap<>();
    private static final HashMap<String, String> COLORS = new HashMap<>();
    private static final Integer DEFAULT_RANKING = new Integer(15);

    private void populateTables() {
        USERS.put("admin", "2275$starBo0rn3");
        USERS.put("jeff", "(_I_)illia(V)s");
        USERS.put("dave", "\\V/ich3r$");
        USERS.put("intern", "H3yn0w");
        USERS.put("webgoat", "webgoat");
        COLORS.put("admin", "green");
        COLORS.put("jeff", "orange");
        COLORS.put("dave", "purple");
        COLORS.put("intern", "yellow");
        COLORS.put("webgoat", "red");
    }

    protected Element doStage1(WebSession webSession) {
        ElementContainer elementContainer = new ElementContainer();
        elementContainer.addElement(new BR().addElement(new H1().addElement("Webgoat Password Recovery ")));
        Table align = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0).setWidth("90%").setAlign("center");
        if (webSession.isColor()) {
            align.setBorder(1);
        }
        TR tr = new TR();
        tr.addElement(new TH().addElement("Please input your username.  See the OWASP admin if you do not have an account.").setColSpan(2).setAlign("left"));
        align.addElement(tr);
        TR tr2 = new TR();
        tr2.addElement(new TD().addElement("*Required Fields").setWidth("30%"));
        align.addElement(tr2);
        TR tr3 = new TR();
        tr3.addElement(new TD().addElement("&nbsp;").setColSpan(2));
        align.addElement(tr3);
        TR tr4 = new TR();
        tr4.addElement(new TD(new B(new StringElement("*User Name: "))));
        tr4.addElement(new TD(new Input("TEXT", USERNAME, "")));
        align.addElement(tr4);
        align.addElement(new TR(new TD(ECSFactory.makeButton("Submit"))));
        elementContainer.addElement(align);
        return elementContainer;
    }

    protected Element doStage2(WebSession webSession) {
        ElementContainer elementContainer = new ElementContainer();
        elementContainer.addElement(new H1().addElement("Webgoat Password Recovery "));
        Table align = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0).setWidth("90%").setAlign("center");
        if (webSession.isColor()) {
            align.setBorder(1);
        }
        TR tr = new TR();
        tr.addElement(new TH().addElement("Secret Question: What is your favorite color?").setColSpan(2).setAlign("left"));
        align.addElement(tr);
        TR tr2 = new TR();
        tr2.addElement(new TD().addElement("*Required Fields").setWidth("30%"));
        align.addElement(tr2);
        TR tr3 = new TR();
        tr3.addElement(new TD().addElement("&nbsp;").setColSpan(2));
        align.addElement(tr3);
        TR tr4 = new TR();
        tr4.addElement(new TD(new B(new StringElement("*Answer: "))));
        tr4.addElement(new TD(new Input("TEXT", COLOR, "")));
        align.addElement(tr4);
        align.addElement(new TR(new TD(ECSFactory.makeButton("Submit"))));
        elementContainer.addElement(align);
        return elementContainer;
    }

    protected Element doStage3(WebSession webSession) {
        ElementContainer elementContainer = new ElementContainer();
        elementContainer.addElement(new H1().addElement("Webgoat Password Recovery "));
        Table align = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0).setWidth("90%").setAlign("center");
        if (webSession.isColor()) {
            align.setBorder(1);
        }
        TR tr = new TR();
        tr.addElement(new TH().addElement("For security reasons, please change your password immediately.").setColSpan(2).setAlign("left"));
        align.addElement(tr);
        TR tr2 = new TR();
        tr2.addElement(new TD().addElement(new BR().addElement(new B().addElement(new StringElement("Results:")))).setAlign("left"));
        align.addElement(tr2);
        TR tr3 = new TR();
        tr3.addElement(new TD().addElement(new StringElement("Username: " + USERNAME_RESPONSE)));
        align.addElement(tr3);
        TR tr4 = new TR();
        tr4.addElement(new TD().addElement(new StringElement("Color: " + COLOR_RESPONSE)));
        align.addElement(tr4);
        TR tr5 = new TR();
        tr5.addElement(new TD().addElement(new StringElement("Password: " + USERS.get(USERNAME_RESPONSE).toString())));
        align.addElement(tr5);
        elementContainer.addElement(align);
        if (USERNAME_RESPONSE.equals("admin") && COLOR_RESPONSE.equals("green")) {
            makeSuccess(webSession);
        } else if (!USERNAME_RESPONSE.equals("webgoat") && USERS.containsKey(USERNAME_RESPONSE)) {
            webSession.setMessage("Close. Now try to get the password of a privileged account.");
        }
        return elementContainer;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.session.Screen
    public Element createContent(WebSession webSession) {
        ElementContainer elementContainer = new ElementContainer();
        if (webSession.getParser().getStringParameter(COLOR, "").length() > 0) {
            STAGE = 2;
        } else {
            STAGE = 1;
        }
        if (USERS.size() == 0) {
            populateTables();
        }
        if (STAGE == 2) {
            String stringParameter = webSession.getParser().getStringParameter(COLOR, "");
            if (COLORS.get(USERNAME_RESPONSE).equals(stringParameter)) {
                STAGE = 1;
                COLOR_RESPONSE = stringParameter;
                elementContainer.addElement(doStage3(webSession));
            } else {
                webSession.setMessage("Incorrect response for " + USERNAME_RESPONSE + ". Please try again!");
                elementContainer.addElement(doStage2(webSession));
            }
        } else if (STAGE == 1) {
            String stringParameter2 = webSession.getParser().getStringParameter(USERNAME, "");
            if (USERS.containsKey(stringParameter2)) {
                STAGE = 2;
                USERNAME_RESPONSE = stringParameter2;
                elementContainer.addElement(doStage2(webSession));
            } else {
                if (stringParameter2.length() > 0) {
                    webSession.setMessage("Not a valid username. Please try again.");
                }
                elementContainer.addElement(doStage1(webSession));
            }
        } else {
            elementContainer.addElement(doStage1(webSession));
            STAGE = 1;
        }
        return elementContainer;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Category getDefaultCategory() {
        return Category.AUTHENTICATION;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    public List<String> getHints(WebSession webSession) {
        ArrayList arrayList = new ArrayList();
        arrayList.add("There is no lock out policy in place, brute force your way!");
        arrayList.add("Try using usernames you might encounter throughout WebGoat.");
        arrayList.add("There are only so many possible colors, can you guess one?");
        arrayList.add("The administrative account is \"admin\"");
        return arrayList;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Integer getDefaultRanking() {
        return DEFAULT_RANKING;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson, org.owasp.webgoat.session.Screen
    public String getTitle() {
        return "Forgot Password";
    }
}
