package org.owasp.webgoat.plugin;

import java.io.BufferedReader;
import java.io.File;
import java.io.FileReader;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import org.apache.axis.wsdl.symbolTable.SymbolTable;
import org.apache.ecs.Element;
import org.apache.ecs.ElementContainer;
import org.apache.ecs.html.BR;
import org.apache.ecs.html.Div;
import org.apache.ecs.html.Input;
import org.apache.ecs.html.Option;
import org.apache.ecs.html.P;
import org.apache.ecs.html.Script;
import org.apache.ecs.html.Select;
import org.apache.ecs.html.TD;
import org.apache.ecs.html.TR;
import org.apache.ecs.html.Table;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.SequentialLessonAdapter;
import org.owasp.webgoat.session.ECSFactory;
import org.owasp.webgoat.session.WebSession;

/* loaded from: input_file:WebGoat.war:plugin_lessons/client-side-filtering-1.0.jar:org/owasp/webgoat/plugin/ClientSideFiltering.class */
public class ClientSideFiltering extends SequentialLessonAdapter {
    private static final String ANSWER = "answer";
    private static final Integer DEFAULT_RANKING = new Integer(10);

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.session.Screen
    public Element createContent(WebSession webSession) {
        return super.createStagedContent(webSession);
    }

    protected Element createMainContent(WebSession webSession) {
        ElementContainer elementContainer = new ElementContainer();
        elementContainer.addElement("<link rel=\"stylesheet\" type=\"text/css\" href=\"" + LessonUtil.buildJspPath(webSession, this, "clientSideFiltering-stage1.css", true) + "\" />");
        try {
            elementContainer.addElement(new Script().setSrc(LessonUtil.buildJsPath(webSession, this, "clientSideFiltering.js")));
            Input input = new Input(Input.HIDDEN, "userID", 102);
            input.setID("userID");
            elementContainer.addElement(input);
            Div div = new Div();
            div.setID("lesson_wrapper");
            Div div2 = new Div();
            div2.setID("lesson_header");
            Div div3 = new Div();
            div3.setClass("lesson_workspace");
            div.addElement(div2);
            div.addElement(div3);
            elementContainer.addElement(div);
            div3.addElement(new BR());
            div3.addElement(new BR());
            div3.addElement(new P().addElement(getLabelManager().get("ClientSideFilteringSelectUser")));
            div3.addElement(createDropDown());
            div3.addElement(new P());
            Table align = new Table().setCellSpacing(0).setCellPadding(2).setBorder(1).setWidth("90%").setAlign("center");
            align.setID("hiddenEmployeeRecords");
            align.setStyle("display: none");
            div3.addElement(align);
            Table align2 = new Table().setCellSpacing(0).setCellPadding(2).setBorder(1).setWidth("90%").setAlign("center");
            TR tr = new TR();
            tr.addElement(new TD().addElement(getLabelManager().get("ClientSideFilteringUserID")));
            tr.addElement(new TD().addElement(getLabelManager().get("ClientSideFilteringFirstName")));
            tr.addElement(new TD().addElement(getLabelManager().get("ClientSideFilteringLastName")));
            tr.addElement(new TD().addElement(getLabelManager().get("ClientSideFilteringSSN")));
            tr.addElement(new TD().addElement(getLabelManager().get("ClientSideFilteringSalary")));
            align2.addElement(tr);
            TR tr2 = new TR();
            tr2.setID("employeeRecord");
            align2.addElement(tr2);
            div3.addElement(align2);
        } catch (Exception e) {
            webSession.setMessage(getLabelManager().get("ClientSideFilteringErrorGenerating") + getClass().getName());
            e.printStackTrace();
        }
        return elementContainer;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.owasp.webgoat.lessons.SequentialLessonAdapter
    public ElementContainer doStage1(WebSession webSession) {
        ElementContainer elementContainer = new ElementContainer();
        int i = 0;
        try {
            i = Integer.parseInt(new StringBuffer(webSession.getParser().getStringParameter(ANSWER, "")).toString());
        } catch (NumberFormatException e) {
        }
        if (i == 450000) {
            getLessonTracker(webSession).setStage(2);
            webSession.setMessage(getLabelManager().get("ClientSideFilteringStage1Complete"));
            elementContainer.addElement(doStage2(webSession));
        } else {
            elementContainer.addElement(stage1Content(webSession));
        }
        return elementContainer;
    }

    @Override // org.owasp.webgoat.lessons.SequentialLessonAdapter
    protected Element doStage2(WebSession webSession) {
        ElementContainer elementContainer = new ElementContainer();
        if (getFileContent(LessonUtil.getLessonDirectory(webSession, this) + "/jsp/clientSideFiltering.jsp").indexOf("[Managers/Manager/text()") != -1) {
            makeSuccess(webSession);
            elementContainer.addElement(stage2Content(webSession));
        } else {
            elementContainer.addElement(stage2Content(webSession));
        }
        return elementContainer;
    }

    protected ElementContainer stage1Content(WebSession webSession) {
        ElementContainer elementContainer = new ElementContainer();
        try {
            elementContainer.addElement(createMainContent(webSession));
            Table cellPadding = new Table().setCellSpacing(0).setCellPadding(2);
            if (webSession.isColor()) {
                cellPadding.setBorder(1);
            }
            TR tr = new TR();
            tr.addElement(new TD().addElement(getLabelManager().get("ClientSideFilteringStage1Question")));
            tr.addElement(new TD(new Input("TEXT", ANSWER, "")));
            tr.addElement(new TD(ECSFactory.makeButton(getLabelManager().get("ClientSideFilteringStage1SubmitAnswer"))).setAlign("LEFT"));
            cellPadding.addElement(tr);
            elementContainer.addElement(cellPadding);
        } catch (Exception e) {
            webSession.setMessage(getLabelManager().get("ClientSideFilteringErrorGenerating") + getClass().getName());
            e.printStackTrace();
        }
        return elementContainer;
    }

    protected ElementContainer stage2Content(WebSession webSession) {
        ElementContainer elementContainer = new ElementContainer();
        try {
            elementContainer.addElement(createMainContent(webSession));
            elementContainer.addElement(new BR());
            elementContainer.addElement(new BR());
            Table cellPadding = new Table().setCellSpacing(0).setCellPadding(2);
            if (webSession.isColor()) {
                cellPadding.setBorder(1);
            }
            TR tr = new TR();
            tr.addElement(new TD(ECSFactory.makeButton(getLabelManager().get("ClientSideFilteringStage2Finish"))).setAlign("CENTER"));
            cellPadding.addElement(tr);
            elementContainer.addElement(cellPadding);
        } catch (Exception e) {
            webSession.setMessage(getLabelManager().get("ClientSideFilteringErrorGenerating") + getClass().getName());
            e.printStackTrace();
        }
        return elementContainer;
    }

    protected Select createDropDown() {
        Select select = new Select("UserSelect");
        select.setID("UserSelect");
        select.addElement(new Option(getLabelManager().get("ClientSideFilteringChoose"), "0", getLabelManager().get("ClientSideFilteringChoose")));
        select.addElement(new Option("Larry Stooge", "101", "Larry Stooge"));
        select.addElement(new Option("Curly Stooge", "103", "Curly Stooge"));
        select.addElement(new Option("Eric Walker", "104", "Eric Walker"));
        select.addElement(new Option("Tom Cat", "105", "Tom Cat"));
        select.addElement(new Option("Jerry Mouse", "106", "Jerry Mouse"));
        select.addElement(new Option("David Giambi", "107", "David Giambi"));
        select.addElement(new Option("Bruce McGuirre", "108", "Bruce McGuirre"));
        select.addElement(new Option("Sean Livingston", "109", "Sean Livingston"));
        select.addElement(new Option("Joanne McDougal", "110", "Joanne McDougal"));
        select.setOnChange("selectUser()");
        select.setOnFocus("fetchUserData()");
        return select;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Category getDefaultCategory() {
        return Category.AJAX_SECURITY;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    public List<String> getHints(WebSession webSession) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(getLabelManager().get("ClientSideFilteringHint1"));
        arrayList.add(getLabelManager().get("ClientSideFilteringHint2"));
        arrayList.add(getLabelManager().get("ClientSideFilteringHint3"));
        arrayList.add(getLabelManager().get("ClientSideFilteringHint4"));
        arrayList.add(getLabelManager().get("ClientSideFilteringHint5a") + " <a href = " + LessonUtil.buildJspPath(webSession, this, "clientSideFiltering.jsp?userId=102", true) + SymbolTable.ANON_TOKEN + getLabelManager().get("ClientSideFilteringHint5b") + "</a>" + getLabelManager().get("ClientSideFilteringHint5c"));
        arrayList.add(getLabelManager().get("ClientSideFilteringHint6"));
        arrayList.add(getLabelManager().get("ClientSideFilteringHint7"));
        arrayList.add(getLabelManager().get("ClientSideFilteringHint8"));
        arrayList.add(getLabelManager().get("ClientSideFilteringHint9"));
        arrayList.add(getLabelManager().get("ClientSideFilteringHint10"));
        return arrayList;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    public String getInstructions(WebSession webSession) {
        String str = "";
        if (getLessonTracker(webSession).getStage() == 1) {
            str = getLabelManager().get("ClientSideFilteringInstructions1");
        } else if (getLessonTracker(webSession).getStage() == 2) {
            str = getLabelManager().get("ClientSideFilteringInstructions2");
        }
        return str;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Integer getDefaultRanking() {
        return DEFAULT_RANKING;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson, org.owasp.webgoat.session.Screen
    public String getTitle() {
        return "LAB: Client Side Filtering";
    }

    private String getFileContent(String str) {
        BufferedReader bufferedReader = null;
        StringBuffer stringBuffer = new StringBuffer();
        try {
            try {
                bufferedReader = new BufferedReader(new FileReader(new File(str)));
                while (true) {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        break;
                    }
                    stringBuffer.append(readLine);
                }
                if (bufferedReader != null) {
                    try {
                        bufferedReader.close();
                    } catch (IOException e) {
                    }
                }
            } catch (Exception e2) {
                e2.printStackTrace();
                if (bufferedReader != null) {
                    try {
                        bufferedReader.close();
                    } catch (IOException e3) {
                    }
                }
            }
            return stringBuffer.toString();
        } catch (Throwable th) {
            if (bufferedReader != null) {
                try {
                    bufferedReader.close();
                } catch (IOException e4) {
                }
            }
            throw th;
        }
    }
}
