package org.owasp.webgoat.plugin;

import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.List;
import org.apache.ecs.Element;
import org.apache.ecs.ElementContainer;
import org.apache.ecs.html.A;
import org.apache.ecs.html.BR;
import org.apache.ecs.html.Input;
import org.apache.ecs.html.P;
import org.apache.ecs.html.TD;
import org.apache.ecs.html.TR;
import org.apache.ecs.html.Table;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.SequentialLessonAdapter;
import org.owasp.webgoat.session.DatabaseUtilities;
import org.owasp.webgoat.session.ECSFactory;
import org.owasp.webgoat.session.ParameterNotFoundException;
import org.owasp.webgoat.session.WebSession;
import org.owasp.webgoat.session.WebgoatContext;

/* loaded from: input_file:WebGoat.war:plugin_lessons/soap-request-1.0.jar:org/owasp/webgoat/plugin/SoapRequest.class */
public class SoapRequest extends SequentialLessonAdapter {
    public static final String firstName = "getFirstName";
    public static final String lastName = "getLastName";
    public static final String loginCount = "getLoginCount";
    public static final String ccNumber = "getCreditCard";
    static int accessFirstName;
    static int accessLastName;
    static int accessCreditCard;
    static int accessLoginCount;
    private static WebgoatContext webgoatContext;
    private static final Integer DEFAULT_RANKING = new Integer(100);

    @Override // org.owasp.webgoat.lessons.AbstractLesson
    public void setWebgoatContext(WebgoatContext webgoatContext2) {
        webgoatContext = webgoatContext2;
    }

    @Override // org.owasp.webgoat.lessons.AbstractLesson
    public WebgoatContext getWebgoatContext() {
        return webgoatContext;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Category getDefaultCategory() {
        return Category.WEB_SERVICES;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected List<String> getHints(WebSession webSession) {
        ArrayList arrayList = new ArrayList();
        arrayList.add("Accessible operations are delimited by the &lt;operation&gt; tag contained within the &lt;portType&gt; section of the WSDL. <BR> Below is an example of a typical operation (getFirstName): <br><br>&lt;wsdl:portType name=\"SoapRequest\"&gt; <br>&lt;wsdl:<strong>operation name=\"getFirstName\"</strong>&gt;<br>&lt;wsdl:input message=\"impl:getFirstNameRequest\" name=\"getFirstNameRequest\" /&gt;<br>&lt;wsdl:output message=\"impl:getFirstNameResponse\" name=\"getFirstNameResponse\" /&gt;<br>&lt;wsdlsoap:operation soapAction=\"\" /&gt;&lt;/wsdl:portType&gt;<br><br>The methods invoked are defined by the input and output message attributes. Example: <strong>\"getFirstNameRequest\"</strong>");
        arrayList.add("There are several tags within a SOAP envelope. Each namespace is defined in the &lt;definitions&gt; section of the WSDL, and is declared using the (xmlns:namespace_name_here=\"namespace_reference_location_here\") format.<br><br>The following example defines a tag \"&lt;xsd:\", whose attribute structure will reference the namespace location assigned to it in the declaration:<br><strong>xmlns:xsd=\"http://www.w3.org/2001/XMLSchema</strong>");
        arrayList.add("Determine what parameters and types are required by the message definition corresponding to the operation's request method. This example defines a parameter (id) of type (int) in the namespace (xsd) for the method (getFirstNameRequest):<br>&lt;wsdl:message name=\"getFirstNameRequest\"<br><br>&lt;wsdl:<strong>part name=\"id\" type=\"xsd:int\"</strong> /&gt;<br>&lt;/wsdl:message&gt;<br><br>Examples of other types:<br>{boolean, byte, base64Binary, double, float, int, long, short, unsignedInt, unsignedLong, unsignedShort, string}.<br>");
        "A SOAP request uses the following HTTP header: <br><br> SOAPAction: some action header, can be &quot;&quot; <br><br>The SOAP message body has the following format:<br>&lt;?xml version=\"1.0\" encoding=\"UTF-8\"?&gt; <br>&lt;SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" <br>                   xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" <br>                   xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"&gt; <br>&nbsp;&nbsp;&lt;SOAP-ENV:Body&gt; <br>&nbsp;&nbsp;&nbsp;&nbsp;&lt;ns1:getFirstName SOAP-ENV:encodingStyle=\"http://schemas.xmlsoap.org/soap/encoding/\" xmlns:ns1=\"http://lessons\"&gt; <br>&nbsp;&nbsp;&nbsp;&nbsp;&lt;id xsi:type=\"xsd:int\"&gt;101&lt;/id&gt; <br>&nbsp;&nbsp;&nbsp;&nbsp;&lt;/ns1:getFirstName&gt; <br>&nbsp;&nbsp;&lt;/SOAP-ENV:Body&gt; <br>&lt;/SOAP-ENV:Envelope&gt; <br><br>Intercept the HTTP request and try to create a SOAP request.".replaceAll("(?s) ", "&nbsp;");
        arrayList.add("A SOAP request uses the following HTTP header: <br><br> SOAPAction: some action header, can be &quot;&quot; <br><br>The SOAP message body has the following format:<br>&lt;?xml version=\"1.0\" encoding=\"UTF-8\"?&gt; <br>&lt;SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\" <br>                   xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" <br>                   xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"&gt; <br>&nbsp;&nbsp;&lt;SOAP-ENV:Body&gt; <br>&nbsp;&nbsp;&nbsp;&nbsp;&lt;ns1:getFirstName SOAP-ENV:encodingStyle=\"http://schemas.xmlsoap.org/soap/encoding/\" xmlns:ns1=\"http://lessons\"&gt; <br>&nbsp;&nbsp;&nbsp;&nbsp;&lt;id xsi:type=\"xsd:int\"&gt;101&lt;/id&gt; <br>&nbsp;&nbsp;&nbsp;&nbsp;&lt;/ns1:getFirstName&gt; <br>&nbsp;&nbsp;&lt;/SOAP-ENV:Body&gt; <br>&lt;/SOAP-ENV:Envelope&gt; <br><br>Intercept the HTTP request and try to create a SOAP request.");
        return arrayList;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Integer getDefaultRanking() {
        return DEFAULT_RANKING;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson, org.owasp.webgoat.session.Screen
    public String getTitle() {
        return "Create a SOAP Request";
    }

    protected Element makeOperationsLine(WebSession webSession) {
        ElementContainer elementContainer = new ElementContainer();
        Table cellPadding = new Table().setCellSpacing(0).setCellPadding(2);
        if (webSession.isColor()) {
            cellPadding.setBorder(1);
        }
        TR tr = new TR();
        tr.addElement(new TD().addElement("How many operations are defined in the WSDL: "));
        tr.addElement(new TD(new Input("TEXT", "count", "")));
        tr.addElement(new TD(ECSFactory.makeButton("Submit")).setAlign("LEFT"));
        cellPadding.addElement(tr);
        elementContainer.addElement(cellPadding);
        return elementContainer;
    }

    protected Element makeTypeLine(WebSession webSession) {
        ElementContainer elementContainer = new ElementContainer();
        Table cellPadding = new Table().setCellSpacing(0).setCellPadding(2);
        if (webSession.isColor()) {
            cellPadding.setBorder(1);
        }
        TR tr = new TR();
        tr.addElement(new TD().addElement("Now, what is the type of the (id) parameter in the \"getFirstNameRequest\" method: "));
        tr.addElement(new TD(new Input("TEXT", "type", "")));
        tr.addElement(new TD(ECSFactory.makeButton("Submit")).setAlign("LEFT"));
        cellPadding.addElement(tr);
        elementContainer.addElement(cellPadding);
        return elementContainer;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.session.Screen
    public Element createContent(WebSession webSession) {
        return super.createStagedContent(webSession);
    }

    @Override // org.owasp.webgoat.lessons.SequentialLessonAdapter
    protected Element doStage1(WebSession webSession) throws Exception {
        return viewWsdl(webSession);
    }

    @Override // org.owasp.webgoat.lessons.SequentialLessonAdapter
    protected Element doStage2(WebSession webSession) throws Exception {
        return determineType(webSession);
    }

    @Override // org.owasp.webgoat.lessons.SequentialLessonAdapter
    protected Element doStage3(WebSession webSession) throws Exception {
        return createSoapEnvelope(webSession);
    }

    protected Element viewWsdl(WebSession webSession) {
        ElementContainer elementContainer = new ElementContainer();
        try {
            if (webSession.getParser().getIntParameter("count") == 4) {
                getLessonTracker(webSession).setStage(2);
                webSession.setMessage("Stage 1 completed.");
                elementContainer.addElement(doStage2(webSession));
            } else {
                webSession.setMessage("Sorry, that is an incorrect count. Try Again.");
            }
        } catch (NumberFormatException e) {
            webSession.setMessage("Sorry, that answer is invalid. Try again.");
        } catch (ParameterNotFoundException e2) {
        } catch (Exception e3) {
            webSession.setMessage("Error generating " + getClass().getName());
            e3.printStackTrace();
        }
        if (getLessonTracker(webSession).getStage() == 1) {
            elementContainer.addElement(makeOperationsLine(webSession));
            A a = new A("services/SoapRequest?WSDL", "WebGoat WSDL File");
            elementContainer.addElement(new P().addElement("View the following WSDL and count available operations:"));
            elementContainer.addElement(new BR());
            elementContainer.addElement(a);
        }
        return elementContainer;
    }

    protected Element determineType(WebSession webSession) {
        ElementContainer elementContainer = new ElementContainer();
        try {
            if (webSession.getParser().getStringParameter("type").equals("int")) {
                getLessonTracker(webSession).setStage(3);
                webSession.setMessage("Stage 2 completed. ");
                elementContainer.addElement(doStage3(webSession));
            } else {
                webSession.setMessage("Sorry, that is an incorrect type. Try Again.");
            }
        } catch (ParameterNotFoundException e) {
        } catch (Exception e2) {
            webSession.setMessage("Error generating " + getClass().getName());
            e2.printStackTrace();
        }
        if (getLessonTracker(webSession).getStage() == 2) {
            elementContainer.addElement(makeTypeLine(webSession));
            A a = new A("services/SoapRequest?WSDL", "WebGoat WSDL File");
            elementContainer.addElement(new P().addElement("View the following WSDL and count available operations:"));
            elementContainer.addElement(new BR());
            elementContainer.addElement(a);
        }
        return elementContainer;
    }

    protected Element createSoapEnvelope(WebSession webSession) {
        ElementContainer elementContainer = new ElementContainer();
        if (accessFirstName + accessLastName + accessCreditCard + accessLoginCount >= 2) {
            accessLoginCount = 0;
            accessCreditCard = 0;
            accessLastName = 0;
            accessFirstName = 0;
            makeSuccess(webSession);
        } else {
            elementContainer.addElement(new P().addElement("Intercept the request and invoke any method by sending a valid SOAP request for a valid account. <br/>"));
            elementContainer.addElement(new P().addElement("You must access at least 2 of the methods to pass the lesson. <br/>"));
            elementContainer.addElement(ECSFactory.makeButton("Press to generate an HTTP request"));
            if (accessFirstName + accessLastName + accessCreditCard + accessLoginCount > 0) {
                elementContainer.addElement("<br><br>Methods Invoked:<br>");
                elementContainer.addElement("<ul>");
                if (accessFirstName > 0) {
                    elementContainer.addElement("<li>getFirstName</li>");
                }
                if (accessLastName > 0) {
                    elementContainer.addElement("<li>getLastName</li>");
                }
                if (accessCreditCard > 0) {
                    elementContainer.addElement("<li>getCreditCard</li>");
                }
                if (accessLoginCount > 0) {
                    elementContainer.addElement("<li>getLoginCount</li>");
                }
                elementContainer.addElement("</ul>");
            }
            A a = new A("services/SoapRequest?WSDL", "WebGoat WSDL File");
            elementContainer.addElement(new BR());
            elementContainer.addElement(a);
        }
        return elementContainer;
    }

    public String getResults(int i, String str) {
        ResultSet executeQuery;
        try {
            PreparedStatement prepareStatement = DatabaseUtilities.getConnection("guest", getWebgoatContext()).prepareStatement("SELECT * FROM user_data WHERE userid = ?");
            prepareStatement.setInt(1, i);
            try {
                executeQuery = prepareStatement.executeQuery();
            } catch (SQLException e) {
            }
            if (executeQuery == null || !executeQuery.next()) {
                return null;
            }
            return executeQuery.getString(str);
        } catch (Exception e2) {
            return null;
        }
    }

    public String getCreditCard(int i) {
        String results = getResults(i, WsSqlInjection.ccNumber);
        if (results == null) {
            return null;
        }
        accessCreditCard = 1;
        return results;
    }

    public String getFirstName(int i) {
        String results = getResults(i, "first_name");
        if (results == null) {
            return null;
        }
        accessFirstName = 1;
        return results;
    }

    public String getLastName(int i) {
        String results = getResults(i, "last_name");
        if (results == null) {
            return null;
        }
        accessLastName = 1;
        return results;
    }

    public String getLoginCount(int i) {
        String results = getResults(i, "login_count");
        if (results == null) {
            return null;
        }
        accessLoginCount = 1;
        return results;
    }
}
