package org.owasp.webgoat.plugin;

import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.List;
import java.util.Random;
import javax.servlet.http.HttpSession;
import org.apache.ecs.Element;
import org.apache.ecs.ElementContainer;
import org.apache.ecs.StringElement;
import org.apache.ecs.html.BR;
import org.apache.ecs.html.Form;
import org.apache.ecs.html.H1;
import org.apache.ecs.html.Input;
import org.owasp.webgoat.session.WebSession;
import org.owasp.webgoat.util.HtmlEncoder;

/* loaded from: input_file:WebGoat.war:plugin_lessons/csrf-token-by-pass-1.0.jar:org/owasp/webgoat/plugin/CsrfTokenByPass.class */
public class CsrfTokenByPass extends CSRF {
    private static final String TRANSFER_FUNDS_PAGE = "main";
    private static final String TRANSFER_FUNDS_PARAMETER = "transferFunds";
    private static final String CSRFTOKEN = "CSRFToken";
    private static final int INVALID_TOKEN = 0;
    private final Random random = new SecureRandom();
    private static final Integer DEFAULT_RANKING = new Integer(123);

    @Override // org.owasp.webgoat.plugin.CSRF
    protected Element doTransfer(WebSession webSession) {
        int i;
        String encode = HtmlEncoder.encode(webSession.getParser().getRawParameter(TRANSFER_FUNDS_PARAMETER, ""));
        HtmlEncoder.encode(webSession.getParser().getRawParameter(CSRFTOKEN, ""));
        ElementContainer elementContainer = new ElementContainer();
        if (encode.length() != 0) {
            HttpSession session = webSession.getRequest().getSession();
            Integer num = (Integer) session.getAttribute(CSRFTOKEN);
            Integer valueOf = Integer.valueOf(webSession.getParser().getIntParameter(CSRFTOKEN, 0));
            if (encode.equalsIgnoreCase("main")) {
                int i2 = 0;
                while (true) {
                    i = i2;
                    if (i != 0) {
                        break;
                    }
                    i2 = this.random.nextInt();
                }
                session.setAttribute(CSRFTOKEN, Integer.valueOf(i));
                elementContainer.addElement(new H1("Electronic Transfer:"));
                Form form = new Form(getLink(), "POST");
                form.addAttribute("id", "transferForm");
                form.addElement(new Input("text", TRANSFER_FUNDS_PARAMETER, "0"));
                form.addElement(new Input("hidden", CSRFTOKEN, i));
                form.addElement(new Input("submit"));
                elementContainer.addElement(form);
            } else if (encode.length() > 0 && num != null && num.equals(valueOf)) {
                elementContainer.addElement(new H1("Electronic Transfer Complete"));
                elementContainer.addElement(new StringElement("Amount Transfered: " + encode));
                makeSuccess(webSession);
            }
            elementContainer.addElement(new BR());
            elementContainer.addElement(new BR());
            elementContainer.addElement(new BR());
        }
        return elementContainer;
    }

    @Override // org.owasp.webgoat.plugin.CSRF, org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Integer getDefaultRanking() {
        return DEFAULT_RANKING;
    }

    @Override // org.owasp.webgoat.plugin.CSRF, org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected List<String> getHints(WebSession webSession) {
        ArrayList arrayList = new ArrayList();
        arrayList.add("Add 'transferFunds=main' to the URL and inspect the form that is returned");
        arrayList.add("The forged request needs both a token and the transfer funds parameter");
        arrayList.add("Find the token in the page with transferFunds=main. Can you script a way to get the token?");
        return arrayList;
    }

    @Override // org.owasp.webgoat.plugin.CSRF, org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson, org.owasp.webgoat.session.Screen
    public String getTitle() {
        return "CSRF Token By-Pass";
    }
}
