package org.owasp.webgoat.plugin;

import java.text.DecimalFormat;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.List;
import org.apache.ecs.Element;
import org.apache.ecs.ElementContainer;
import org.apache.ecs.html.BR;
import org.apache.ecs.html.Center;
import org.apache.ecs.html.H1;
import org.apache.ecs.html.HR;
import org.apache.ecs.html.Input;
import org.apache.ecs.html.Script;
import org.apache.ecs.html.TD;
import org.apache.ecs.html.TH;
import org.apache.ecs.html.TR;
import org.apache.ecs.html.Table;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.SequentialLessonAdapter;
import org.owasp.webgoat.session.ECSFactory;
import org.owasp.webgoat.session.WebSession;
import org.owasp.webgoat.util.HtmlEncoder;

/* loaded from: input_file:WebGoat.war:plugin_lessons/client-side-validation-1.0.jar:org/owasp/webgoat/plugin/ClientSideValidation.class */
public class ClientSideValidation extends SequentialLessonAdapter {
    private boolean stage1FirstVisit = true;
    private boolean stage2FirstVisit = true;
    private static final Integer DEFAULT_RANKING = new Integer(120);

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.session.Screen
    public Element createContent(WebSession webSession) {
        return super.createStagedContent(webSession);
    }

    @Override // org.owasp.webgoat.lessons.SequentialLessonAdapter
    protected Element doStage1(WebSession webSession) {
        return evalStage1(webSession);
    }

    @Override // org.owasp.webgoat.lessons.SequentialLessonAdapter
    protected Element doStage2(WebSession webSession) {
        return stage2Content(webSession);
    }

    protected Element evalStage1(WebSession webSession) {
        ElementContainer elementContainer = new ElementContainer();
        String rawParameter = webSession.getParser().getRawParameter("field1", "");
        if (rawParameter.equalsIgnoreCase("platinum") || rawParameter.equalsIgnoreCase("gold") || rawParameter.equalsIgnoreCase("silver") || rawParameter.equalsIgnoreCase("bronze") || rawParameter.equalsIgnoreCase("pressone") || rawParameter.equalsIgnoreCase("presstwo")) {
            getLessonTracker(webSession).setStage(2);
            webSession.setMessage("Stage 1 completed.");
            elementContainer.addElement(doStage2(webSession));
        } else {
            if (!this.stage1FirstVisit) {
                webSession.setMessage("Keep looking for the coupon code.");
            }
            this.stage1FirstVisit = false;
            elementContainer.addElement(stage1Content(webSession));
        }
        return elementContainer;
    }

    protected Element stage1Content(WebSession webSession) {
        ElementContainer elementContainer = new ElementContainer();
        try {
            elementContainer.addElement(new Script().setSrc(LessonUtil.buildJsPath(webSession, this, "clientSideValidation.js")));
            elementContainer.addElement(new HR().setWidth("90%"));
            elementContainer.addElement(new Center().addElement(new H1().addElement("Shopping Cart")));
            elementContainer.addElement(createQtyTable(webSession));
            elementContainer.addElement(createTotalTable(webSession));
            elementContainer.addElement(new BR());
            elementContainer.addElement(new HR().setWidth("90%"));
        } catch (Exception e) {
            webSession.setMessage("Error generating " + getClass().getName());
            e.printStackTrace();
        }
        return elementContainer;
    }

    protected Element stage2Content(WebSession webSession) {
        ElementContainer elementContainer = new ElementContainer();
        try {
            elementContainer.addElement(new Script().setSrc(LessonUtil.buildJsPath(webSession, this, "clientSideValidation.js")));
            elementContainer.addElement(new HR().setWidth("90%"));
            elementContainer.addElement(new Center().addElement(new H1().addElement("Shopping Cart")));
            elementContainer.addElement(createQtyTable(webSession));
            elementContainer.addElement(createTotalTable(webSession));
            elementContainer.addElement(new BR());
            elementContainer.addElement(new HR().setWidth("90%"));
            DecimalFormat decimalFormat = new DecimalFormat("$0.00");
            String stringParameter = webSession.getParser().getStringParameter("GRANDTOT", "0");
            float f = 1.0f;
            try {
                f = decimalFormat.parse(stringParameter).floatValue();
            } catch (ParseException e) {
                try {
                    f = Float.parseFloat(stringParameter);
                } catch (NumberFormatException e2) {
                }
            }
            if (getTotalQty(webSession) <= 0 || f != 0.0f || this.stage2FirstVisit) {
                if (!this.stage2FirstVisit) {
                    webSession.setMessage("Your order isn't free yet.");
                }
                this.stage2FirstVisit = false;
            } else {
                makeSuccess(webSession);
            }
        } catch (Exception e3) {
            webSession.setMessage("Error generating " + getClass().getName());
            e3.printStackTrace();
        }
        return elementContainer;
    }

    protected ElementContainer createTotalTable(WebSession webSession) {
        ElementContainer elementContainer = new ElementContainer();
        String rawParameter = webSession.getParser().getRawParameter("field1", "");
        String encode = HtmlEncoder.encode(webSession.getParser().getRawParameter("field2", "4128 3214 0002 1999"));
        Table align = new Table().setCellSpacing(0).setCellPadding(2).setBorder(0).setWidth("90%").setAlign("center");
        if (webSession.isColor()) {
            align.setBorder(1);
        }
        elementContainer.addElement(new BR());
        TR tr = new TR();
        tr.addElement(new TD().addElement("Total before coupon is applied:"));
        tr.addElement(new TD().addElement(new Input("TEXT", "SUBTOT", webSession.getParser().getStringParameter("SUBTOT", "$0.00")).setReadOnly(true).setStyle("border:0px;")).setAlign("right"));
        align.addElement(tr);
        TR tr2 = new TR();
        tr2.addElement(new TD().addElement("Total to be charged to your credit card:"));
        tr2.addElement(new TD().addElement(new Input("TEXT", "GRANDTOT", webSession.getParser().getStringParameter("GRANDTOT", "$0.00")).setReadOnly(true).setStyle("border:0px;")).setAlign("right"));
        align.addElement(tr2);
        align.addElement(tr2);
        TR tr3 = new TR();
        tr3.addElement(new TD().addElement("&nbsp;").setColSpan(2));
        align.addElement(tr3);
        TR tr4 = new TR();
        tr4.addElement(new TD().addElement("Enter your credit card number:"));
        tr4.addElement(new TD().addElement(new Input("TEXT", "field2", encode)));
        align.addElement(tr4);
        TR tr5 = new TR();
        tr5.addElement(new TD().addElement("Enter your coupon code:"));
        Input input = new Input("TEXT", "field1", rawParameter);
        input.setOnKeyUp("isValidCoupon(field1.value)");
        tr5.addElement(new TD().addElement(input));
        align.addElement(tr5);
        Element makeButton = ECSFactory.makeButton("Purchase");
        TR tr6 = new TR();
        tr6.addElement(new TD().addElement(makeButton).setColSpan(2).setAlign("center"));
        align.addElement(tr6);
        elementContainer.addElement(align);
        return elementContainer;
    }

    protected int getTotalQty(WebSession webSession) {
        return (int) (((int) (((int) (((int) (0 + webSession.getParser().getFloatParameter("QTY1", 0.0f))) + webSession.getParser().getFloatParameter("QTY2", 0.0f))) + webSession.getParser().getFloatParameter("QTY3", 0.0f))) + webSession.getParser().getFloatParameter("QTY4", 0.0f));
    }

    protected ElementContainer createQtyTable(WebSession webSession) {
        ElementContainer elementContainer = new ElementContainer();
        Table align = new Table().setCellSpacing(0).setCellPadding(2).setBorder(1).setWidth("90%").setAlign("center");
        if (webSession.isColor()) {
            align.setBorder(1);
        }
        TR tr = new TR();
        tr.addElement(new TH().addElement("Shopping Cart Items -- To Buy Now").setWidth("70%"));
        tr.addElement(new TH().addElement("Price").setWidth("10%"));
        tr.addElement(new TH().addElement("Quantity").setWidth("10%"));
        tr.addElement(new TH().addElement("Total").setWidth("10%"));
        align.addElement(tr);
        TR tr2 = new TR();
        tr2.addElement(new TD().addElement("Studio RTA - Laptop/Reading Cart with Tilting Surface - Cherry "));
        tr2.addElement(new TD().addElement(new Input("TEXT", "PRC1", webSession.getParser().getStringParameter("PRC1", "$69.99")).setSize(10).setReadOnly(true).setStyle("border:0px;")).setAlign("right"));
        Input input = new Input("TEXT", "QTY1", webSession.getParser().getStringParameter("QTY1", "0"));
        input.setOnKeyUp("updateTotals();");
        input.setOnLoad("updateTotals();");
        input.setSize(10);
        tr2.addElement(new TD().addElement(input).setAlign("right"));
        tr2.addElement(new TD().addElement(new Input("TEXT", "TOT1", webSession.getParser().getStringParameter("TOT1", "$0.00")).setSize(10).setReadOnly(true).setStyle("border:0px;")).setAlign("right"));
        align.addElement(tr2);
        TR tr3 = new TR();
        tr3.addElement(new TD().addElement("Dynex - Traditional Notebook Case"));
        tr3.addElement(new TD().addElement(new Input("TEXT", "PRC2", webSession.getParser().getStringParameter("PRC2", "$27.99")).setSize(10).setReadOnly(true).setStyle("border:0px;")).setAlign("right"));
        Input input2 = new Input("TEXT", "QTY2", webSession.getParser().getStringParameter("QTY2", "0"));
        input2.setOnKeyUp("updateTotals();");
        input2.setSize(10);
        tr3.addElement(new TD().addElement(input2).setAlign("right"));
        tr3.addElement(new TD().addElement(new Input("TEXT", "TOT2", webSession.getParser().getStringParameter("TOT2", "$0.00")).setSize(10).setReadOnly(true).setStyle("border:0px;")).setAlign("right"));
        align.addElement(tr3);
        TR tr4 = new TR();
        tr4.addElement(new TD().addElement("Hewlett-Packard - Pavilion Notebook with Intelï¿½ Centrinoï¿½"));
        tr4.addElement(new TD().addElement(new Input("TEXT", "PRC3", webSession.getParser().getStringParameter("PRC3", "$1599.99")).setSize(10).setReadOnly(true).setStyle("border:0px;")).setAlign("right"));
        Input input3 = new Input("TEXT", "QTY3", webSession.getParser().getStringParameter("QTY3", "0"));
        input3.setOnKeyUp("updateTotals();");
        input3.setSize(10);
        tr4.addElement(new TD().addElement(input3).setAlign("right"));
        tr4.addElement(new TD().addElement(new Input("TEXT", "TOT3", webSession.getParser().getStringParameter("TOT3", "$0.00")).setSize(10).setReadOnly(true).setStyle("border:0px;")).setAlign("right"));
        align.addElement(tr4);
        TR tr5 = new TR();
        tr5.addElement(new TD().addElement("3 - Year Performance Service Plan $1000 and Over "));
        tr5.addElement(new TD().addElement(new Input("TEXT", "PRC4", webSession.getParser().getStringParameter("PRC4", "$299.99")).setSize(10).setReadOnly(true).setStyle("border:0px;")).setAlign("right"));
        Input input4 = new Input("TEXT", "QTY4", webSession.getParser().getStringParameter("QTY4", "0"));
        input4.setOnKeyUp("updateTotals();");
        input4.setSize(10);
        tr5.addElement(new TD().addElement(input4).setAlign("right"));
        tr5.addElement(new TD().addElement(new Input("TEXT", "TOT4", webSession.getParser().getStringParameter("TOT4", "$0.00")).setSize(10).setReadOnly(true).setStyle("border:0px;")).setAlign("right"));
        align.addElement(tr5);
        elementContainer.addElement(align);
        return elementContainer;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Category getDefaultCategory() {
        return Category.AJAX_SECURITY;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    public List<String> getHints(WebSession webSession) {
        ArrayList arrayList = new ArrayList();
        arrayList.add("Use Firebug to examine the JavaScript.");
        arrayList.add("Using Firebug, you can add breakpoints in the JavaScript.");
        arrayList.add("Use Firebug to find the array of encrypted coupon codes, and step through the JavaScript to see the decrypted values.");
        arrayList.add("You can use Firebug to inspect (and modify) the HTML.");
        arrayList.add("Use Firebug to remove the 'readonly' attribute from the input next to 'The total charged to your credit card:' and set the value to 0.");
        return arrayList;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    public String getInstructions(WebSession webSession) {
        String str = "";
        if (getLessonTracker(webSession).getStage() == 1) {
            str = "STAGE 1:\tFor this exercise, your mission is to discover a coupon code to receive an unintended discount.";
        } else if (getLessonTracker(webSession).getStage() == 2) {
            str = "STAGE 2:\tNow, try to get your entire order for free.";
        }
        return str;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Integer getDefaultRanking() {
        return DEFAULT_RANKING;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson, org.owasp.webgoat.session.Screen
    public String getTitle() {
        return "Insecure Client Storage";
    }
}
