package org.owasp.webgoat.plugin.GoatHillsFinancial;

import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import org.owasp.webgoat.session.ParameterNotFoundException;
import org.owasp.webgoat.session.UnauthenticatedException;
import org.owasp.webgoat.session.UnauthorizedException;
import org.owasp.webgoat.session.ValidationException;
import org.owasp.webgoat.session.WebSession;

/* loaded from: input_file:WebGoat.war:plugin_lessons/goat-hills-financial-1.0.jar:org/owasp/webgoat/plugin/GoatHillsFinancial/DefaultLessonAction.class */
public abstract class DefaultLessonAction implements LessonAction {
    private String lessonName;
    private String actionName;
    private GoatHillsFinancial lesson;

    public DefaultLessonAction(GoatHillsFinancial goatHillsFinancial, String str, String str2) {
        this.lesson = goatHillsFinancial;
        this.lessonName = str;
        this.actionName = str2;
    }

    @Override // org.owasp.webgoat.plugin.GoatHillsFinancial.LessonAction
    public void handleRequest(WebSession webSession) throws ParameterNotFoundException, UnauthenticatedException, UnauthorizedException, ValidationException {
        getLesson().setCurrentAction(webSession, getActionName());
        if (!isAuthenticated(webSession)) {
            throw new UnauthenticatedException();
        }
    }

    @Override // org.owasp.webgoat.plugin.GoatHillsFinancial.LessonAction
    public abstract String getNextPage(WebSession webSession);

    public GoatHillsFinancial getLesson() {
        return this.lesson;
    }

    public String getLessonName() {
        return this.lessonName;
    }

    @Override // org.owasp.webgoat.plugin.GoatHillsFinancial.LessonAction
    public String getActionName() {
        return this.actionName;
    }

    public void setSessionAttribute(WebSession webSession, String str, Object obj) {
        webSession.getRequest().getSession().setAttribute(str, obj);
    }

    public void setRequestAttribute(WebSession webSession, String str, Object obj) {
        webSession.getRequest().setAttribute(str, obj);
    }

    public void removeSessionAttribute(WebSession webSession, String str) {
        webSession.getRequest().getSession().removeAttribute(str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getSessionAttribute(WebSession webSession, String str) throws ParameterNotFoundException {
        String str2 = (String) webSession.getRequest().getSession().getAttribute(str);
        if (str2 == null) {
            throw new ParameterNotFoundException();
        }
        return str2;
    }

    protected boolean getBooleanSessionAttribute(WebSession webSession, String str) throws ParameterNotFoundException {
        Object attribute = webSession.getRequest().getSession().getAttribute(str);
        if (attribute == null) {
            throw new ParameterNotFoundException();
        }
        return ((Boolean) attribute).booleanValue();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public int getIntSessionAttribute(WebSession webSession, String str) throws ParameterNotFoundException {
        int i = -1;
        String str2 = (String) webSession.getRequest().getSession().getAttribute(str);
        if (str2 == null) {
            throw new ParameterNotFoundException();
        }
        try {
            i = Integer.parseInt(str2);
        } catch (NumberFormatException e) {
        }
        return i;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getRequestAttribute(WebSession webSession, String str) throws ParameterNotFoundException {
        String str2 = (String) webSession.getRequest().getAttribute(str);
        if (str2 == null) {
            throw new ParameterNotFoundException();
        }
        return str2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public int getIntRequestAttribute(WebSession webSession, String str) throws ParameterNotFoundException {
        int i = -1;
        String str2 = (String) webSession.getRequest().getAttribute(str);
        if (str2 == null) {
            throw new ParameterNotFoundException();
        }
        try {
            i = Integer.parseInt(str2);
        } catch (NumberFormatException e) {
        }
        return i;
    }

    @Override // org.owasp.webgoat.plugin.GoatHillsFinancial.LessonAction
    public int getUserId(WebSession webSession) throws ParameterNotFoundException {
        return getIntSessionAttribute(webSession, getLessonName() + "." + GoatHillsFinancial.USER_ID);
    }

    @Override // org.owasp.webgoat.plugin.GoatHillsFinancial.LessonAction
    public String getUserName(WebSession webSession) throws ParameterNotFoundException {
        String str = null;
        try {
            try {
                ResultSet executeQuery = WebSession.getConnection(webSession).createStatement(1004, 1007).executeQuery("SELECT first_name FROM employee WHERE userid = " + getUserId(webSession));
                if (executeQuery.next()) {
                    str = executeQuery.getString("first_name");
                }
            } catch (SQLException e) {
                webSession.setMessage("Error getting user name");
                e.printStackTrace();
            }
        } catch (Exception e2) {
            webSession.setMessage("Error getting user name");
            e2.printStackTrace();
        }
        return str;
    }

    @Override // org.owasp.webgoat.plugin.GoatHillsFinancial.LessonAction
    public boolean requiresAuthentication() {
        return true;
    }

    @Override // org.owasp.webgoat.plugin.GoatHillsFinancial.LessonAction
    public boolean isAuthenticated(WebSession webSession) {
        boolean z = false;
        try {
            z = getBooleanSessionAttribute(webSession, getLessonName() + ".isAuthenticated");
        } catch (ParameterNotFoundException e) {
        }
        return z;
    }

    @Override // org.owasp.webgoat.plugin.GoatHillsFinancial.LessonAction
    public boolean isAuthorized(WebSession webSession, int i, String str) {
        String str2 = (String) webSession.getRequest().getSession().getAttribute(getLessonName() + "." + GoatHillsFinancial.USER_ID);
        boolean z = false;
        try {
            try {
                z = WebSession.getConnection(webSession).createStatement(1004, 1007).executeQuery("SELECT * FROM auth WHERE auth.role in (SELECT roles.role FROM roles WHERE userid = " + i + ") and functionid = '" + str + "'").first();
                if (z) {
                    z = isAuthorizedForEmployee(webSession, Integer.parseInt(str2), i);
                }
            } catch (SQLException e) {
                webSession.setMessage("Error authorizing");
                e.printStackTrace();
            }
        } catch (Exception e2) {
            webSession.setMessage("Error authorizing");
            e2.printStackTrace();
        }
        return z;
    }

    public boolean isAuthorizedForEmployee(WebSession webSession, int i, int i2) {
        boolean z = false;
        try {
            try {
                PreparedStatement prepareStatement = WebSession.getConnection(webSession).prepareStatement("SELECT * FROM ownership WHERE employer_id = ? AND employee_id = ?", 1004, 1007);
                prepareStatement.setInt(1, i);
                prepareStatement.setInt(2, i2);
                z = prepareStatement.executeQuery().first();
            } catch (SQLException e) {
                webSession.setMessage("Error authorizing");
                e.printStackTrace();
            }
        } catch (Exception e2) {
            webSession.setMessage("Error authorizing");
            e2.printStackTrace();
        }
        return z;
    }

    protected void setStage(WebSession webSession, String str) {
        getLesson().setStage(webSession, str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setStageComplete(WebSession webSession, String str) {
        getLesson().setStageComplete(webSession, str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getStage(WebSession webSession) {
        return getLesson().getStage(webSession);
    }

    public String toString() {
        return getActionName();
    }
}
