package org.owasp.webgoat.plugin;

import com.sun.jna.platform.win32.COM.tlb.imp.TlbConst;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.TreeMap;
import org.apache.axis.Message;
import org.apache.ecs.Element;
import org.apache.ecs.ElementContainer;
import org.apache.ecs.StringElement;
import org.apache.ecs.html.BR;
import org.apache.ecs.html.Div;
import org.apache.ecs.html.Input;
import org.apache.ecs.html.LI;
import org.apache.ecs.html.OL;
import org.apache.ecs.html.TD;
import org.apache.ecs.html.TR;
import org.apache.ecs.html.Table;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.LessonAdapter;
import org.owasp.webgoat.session.ECSFactory;
import org.owasp.webgoat.session.ParameterNotFoundException;
import org.owasp.webgoat.session.WebSession;

/* loaded from: input_file:WebGoat.war:plugin_lessons/password-strength-1.0.jar:org/owasp/webgoat/plugin/PasswordStrength.class */
public class PasswordStrength extends LessonAdapter {
    private Map<String, Password> passwords = new TreeMap<String, Password>() { // from class: org.owasp.webgoat.plugin.PasswordStrength.1
        {
            put("pass1", new Password("123456", "seconds", "0", "dictionary based, in top 10 most used passwords"));
            put("pass2", new Password("abzfezd", "seconds", TlbConst.TYPELIB_MAJOR_VERSION_OFFICE, "26 chars on 7 positions, 8 billion possible combinations"));
            put("pass3", new Password("a9z1ezd", "seconds", "19", "26 + 10 chars on 7 positions = 78 billion possible combinations"));
            put("pass4", new Password("aB8fEzDq", "hours", "15", "26 + 26 + 10 chars on 8 positions = 218 trillion possible combinations"));
            put("pass5", new Password("z8!E?7D$", "days", "20", "96 chars on 8 positions = 66 quintillion possible combinations"));
            put("pass6", new Password("My1stPassword!:Redd", "quintillion years", "364", "96 chars on 19 positions = 46 undecillion possible combinations"));
        }
    };
    private static final Integer DEFAULT_RANKING = new Integer(6);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WebGoat.war:plugin_lessons/password-strength-1.0.jar:org/owasp/webgoat/plugin/PasswordStrength$Password.class */
    public class Password {
        String password;
        String timeUnit;
        String answer;
        private String explanation;

        public Password(String str, String str2, String str3, String str4) {
            this.password = str;
            this.timeUnit = str2;
            this.answer = str3;
            this.explanation = str4;
        }
    }

    private boolean checkSolution(WebSession webSession) throws ParameterNotFoundException {
        boolean z = true;
        for (int i = 1; i <= this.passwords.size(); i++) {
            String str = "pass" + i;
            z = z && webSession.getParser().getStringParameter(str, "").equals(this.passwords.get(str).answer);
        }
        return z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.session.Screen
    public Element createContent(WebSession webSession) {
        ElementContainer elementContainer = new ElementContainer();
        try {
            if (checkSolution(webSession)) {
                makeSuccess(webSession);
                elementContainer.addElement(new BR());
                elementContainer.addElement(new StringElement("As a guideline not bound to a single solution."));
                elementContainer.addElement(new BR());
                elementContainer.addElement(new StringElement("Assuming the calculations per second 4 billion: "));
                elementContainer.addElement(new BR());
                OL ol = new OL();
                for (Password password : this.passwords.values()) {
                    ol.addElement(new LI(String.format("%s - %s %s (%s)", password.password, password.answer, password.timeUnit, password.explanation)));
                }
                elementContainer.addElement(ol);
            } else {
                elementContainer.addElement(new BR());
                elementContainer.addElement(new StringElement("How much time would a desktop PC take to crack these passwords?"));
                elementContainer.addElement(new BR());
                elementContainer.addElement(new BR());
                Table table = new Table();
                for (Map.Entry<String, Password> entry : this.passwords.entrySet()) {
                    TR tr = new TR();
                    TD td = new TD();
                    TD td2 = new TD();
                    Input input = new Input("TEXT", entry.getKey(), "");
                    td.addElement(new StringElement("Password = " + entry.getValue().password));
                    td.setWidth("50%");
                    td2.addElement(input);
                    td2.addElement(new StringElement(Message.MIME_UNKNOWN + entry.getValue().timeUnit));
                    tr.addElement(td);
                    tr.addElement(td2);
                    table.addElement(tr);
                }
                elementContainer.addElement(table);
                elementContainer.addElement(new BR());
                elementContainer.addElement(new BR());
                Div div = new Div();
                div.addAttribute("align", "center");
                div.addElement(ECSFactory.makeButton("Go!"));
                elementContainer.addElement(div);
            }
        } catch (Exception e) {
            webSession.setMessage("Error generating " + getClass().getName());
            e.printStackTrace();
        }
        return elementContainer;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    public List<String> getHints(WebSession webSession) {
        ArrayList arrayList = new ArrayList();
        arrayList.add("Copy the passwords into the code checker.");
        return arrayList;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Integer getDefaultRanking() {
        return DEFAULT_RANKING;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    protected Category getDefaultCategory() {
        return Category.AUTHENTICATION;
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson
    public String getInstructions(WebSession webSession) {
        return "The accounts of your web application are only as safe as the passwords. For this exercise, your job is to test several passwords on <a onclick=\"window.open(this.href,'_blank');return false;\" href=\"https://howsecureismypassword.net\">https://howsecureismypassword.net</a>.  You must test all 6 passwords at the same time...<br><b> On your applications you should set good password requirements! </b>";
    }

    @Override // org.owasp.webgoat.lessons.LessonAdapter, org.owasp.webgoat.lessons.AbstractLesson, org.owasp.webgoat.session.Screen
    public String getTitle() {
        return "Password Strength";
    }
}
