package org.zaproxy.zap.authentication;

import java.awt.Component;
import java.awt.GridBagLayout;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.swing.JComboBox;
import javax.swing.JLabel;
import javax.swing.JList;
import javax.swing.JOptionPane;
import javax.swing.plaf.basic.BasicComboBoxRenderer;
import net.sf.json.JSONObject;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.httpclient.Cookie;
import org.apache.log4j.Logger;
import org.parosproxy.paros.Constant;
import org.parosproxy.paros.control.Control;
import org.parosproxy.paros.extension.ExtensionHook;
import org.parosproxy.paros.model.Session;
import org.zaproxy.zap.authentication.AuthenticationMethod;
import org.zaproxy.zap.extension.api.ApiDynamicActionImplementor;
import org.zaproxy.zap.extension.api.ApiException;
import org.zaproxy.zap.extension.api.ApiResponse;
import org.zaproxy.zap.extension.api.ApiResponseElement;
import org.zaproxy.zap.extension.api.ApiResponseSet;
import org.zaproxy.zap.extension.httpsessions.ExtensionHttpSessions;
import org.zaproxy.zap.extension.httpsessions.HttpSession;
import org.zaproxy.zap.extension.users.ExtensionUserManagement;
import org.zaproxy.zap.extension.users.UsersAPI;
import org.zaproxy.zap.model.Context;
import org.zaproxy.zap.session.CookieBasedSessionManagementMethodType;
import org.zaproxy.zap.session.SessionManagementMethod;
import org.zaproxy.zap.session.WebSession;
import org.zaproxy.zap.users.User;
import org.zaproxy.zap.utils.ApiUtils;
import org.zaproxy.zap.utils.HirshbergMatcher;
import org.zaproxy.zap.view.LayoutHelper;

/* loaded from: input_file:WEB-INF/lib/clientapi-2.8.jar:org/zaproxy/zap/authentication/ManualAuthenticationMethodType.class */
public class ManualAuthenticationMethodType extends AuthenticationMethodType {
    private static final int METHOD_IDENTIFIER = 0;
    private static final String METHOD_NAME = Constant.messages.getString("authentication.method.manual.name");
    private static final String API_METHOD_NAME = "manualAuthentication";
    private static final String ACTION_SET_CREDENTIALS = "manualAuthenticationCredentials";
    private static final String PARAM_SESSION_NAME = "sessionName";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/clientapi-2.8.jar:org/zaproxy/zap/authentication/ManualAuthenticationMethodType$ManualAuthenticationCredentials.class */
    public static class ManualAuthenticationCredentials implements AuthenticationCredentials {
        private static final String API_NAME = "ManualAuthenticationCredentials";
        private HttpSession selectedSession;

        private ManualAuthenticationCredentials() {
        }

        protected HttpSession getSelectedSession() {
            return this.selectedSession;
        }

        @Override // org.zaproxy.zap.authentication.AuthenticationCredentials
        public boolean isConfigured() {
            return this.selectedSession != null;
        }

        protected void setSelectedSession(HttpSession httpSession) {
            this.selectedSession = httpSession;
        }

        @Override // org.zaproxy.zap.authentication.AuthenticationCredentials
        public String encode(String str) {
            return Base64.encodeBase64String(this.selectedSession.getName().getBytes());
        }

        @Override // org.zaproxy.zap.authentication.AuthenticationCredentials
        public void decode(String str) {
            throw new IllegalStateException("Manual Authentication Credentials cannot be decoded.");
        }

        @Override // org.zaproxy.zap.authentication.AuthenticationCredentials
        public ApiResponse getApiResponseRepresentation() {
            HashMap hashMap = new HashMap();
            hashMap.put("type", API_NAME);
            hashMap.put(ManualAuthenticationMethodType.PARAM_SESSION_NAME, this.selectedSession != null ? this.selectedSession.getName() : Constant.USER_AGENT);
            return new ApiResponseSet("credentials", hashMap);
        }
    }

    /* loaded from: input_file:WEB-INF/lib/clientapi-2.8.jar:org/zaproxy/zap/authentication/ManualAuthenticationMethodType$ManualAuthenticationCredentialsOptionsPanel.class */
    private static class ManualAuthenticationCredentialsOptionsPanel extends AbstractCredentialsOptionsPanel<ManualAuthenticationCredentials> {
        private static final long serialVersionUID = -8081914793980311435L;
        private static final Logger log = Logger.getLogger(ManualAuthenticationCredentialsOptionsPanel.class);
        private JComboBox<HttpSession> sessionsComboBox;
        private Context uiSharedContext;

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:WEB-INF/lib/clientapi-2.8.jar:org/zaproxy/zap/authentication/ManualAuthenticationMethodType$ManualAuthenticationCredentialsOptionsPanel$HttpSessionRenderer.class */
        public static class HttpSessionRenderer extends BasicComboBoxRenderer {
            private static final long serialVersionUID = 3654541772447187317L;

            private HttpSessionRenderer() {
            }

            public Component getListCellRendererComponent(JList jList, Object obj, int i, boolean z, boolean z2) {
                super.getListCellRendererComponent(jList, obj, i, z, z2);
                if (obj != null) {
                    setText(((HttpSession) obj).getName());
                }
                return this;
            }
        }

        public ManualAuthenticationCredentialsOptionsPanel(ManualAuthenticationCredentials manualAuthenticationCredentials, Context context) {
            super(manualAuthenticationCredentials);
            this.uiSharedContext = context;
            initialize();
        }

        protected void initialize() {
            setLayout(new GridBagLayout());
            add(new JLabel(Constant.messages.getString("authentication.method.manual.field.session")), LayoutHelper.getGBC(0, 0, 1, 0.5d));
            add(getSessionsComboBox(), LayoutHelper.getGBC(1, 0, 1, 0.5d));
            getSessionsComboBox().setRenderer(new HttpSessionRenderer());
            add(new JLabel(Constant.messages.getString("authentication.method.manual.field.description")), LayoutHelper.getGBC(0, 1, 2, HirshbergMatcher.MIN_RATIO, HirshbergMatcher.MIN_RATIO));
        }

        private JComboBox<HttpSession> getSessionsComboBox() {
            if (this.sessionsComboBox == null) {
                List<HttpSession> httpSessionsForContext = ((ExtensionHttpSessions) Control.getSingleton().getExtensionLoader().getExtension(ExtensionHttpSessions.NAME)).getHttpSessionsForContext(this.uiSharedContext);
                if (log.isDebugEnabled()) {
                    log.debug("Found sessions for Manual Authentication Config: " + httpSessionsForContext);
                }
                this.sessionsComboBox = new JComboBox<>(httpSessionsForContext.toArray(new HttpSession[httpSessionsForContext.size()]));
                this.sessionsComboBox.setSelectedItem(getCredentials().getSelectedSession());
            }
            return this.sessionsComboBox;
        }

        @Override // org.zaproxy.zap.authentication.AbstractCredentialsOptionsPanel
        public boolean validateFields() {
            if (this.sessionsComboBox.getSelectedIndex() >= 0) {
                return true;
            }
            JOptionPane.showMessageDialog(this, Constant.messages.getString("authentication.method.manual.dialog.error.nosession.text"), Constant.messages.getString("authentication.method.manual.dialog.error.title"), 2);
            this.sessionsComboBox.requestFocusInWindow();
            return false;
        }

        @Override // org.zaproxy.zap.authentication.AbstractCredentialsOptionsPanel
        public void saveCredentials() {
            log.info("Saving Manual Authentication Method: " + getSessionsComboBox().getSelectedItem());
            getCredentials().setSelectedSession((HttpSession) getSessionsComboBox().getSelectedItem());
        }
    }

    /* loaded from: input_file:WEB-INF/lib/clientapi-2.8.jar:org/zaproxy/zap/authentication/ManualAuthenticationMethodType$ManualAuthenticationMethod.class */
    public static class ManualAuthenticationMethod extends AuthenticationMethod {
        private int contextId;

        public ManualAuthenticationMethod(int i) {
            this.contextId = i;
        }

        protected int getContextId() {
            return this.contextId;
        }

        @Override // org.zaproxy.zap.authentication.AuthenticationMethod
        public boolean isConfigured() {
            return true;
        }

        @Override // org.zaproxy.zap.authentication.AuthenticationMethod
        public AuthenticationCredentials createAuthenticationCredentials() {
            return new ManualAuthenticationCredentials();
        }

        @Override // org.zaproxy.zap.authentication.AuthenticationMethod
        public WebSession authenticate(SessionManagementMethod sessionManagementMethod, AuthenticationCredentials authenticationCredentials, User user) {
            if (!(authenticationCredentials instanceof ManualAuthenticationCredentials)) {
                Logger.getLogger(ManualAuthenticationMethod.class).error("Manual authentication credentials should be used for Manual authentication.");
                throw new AuthenticationMethod.UnsupportedAuthenticationCredentialsException("Manual authentication credentials should be used for Manual authentication.");
            }
            CookieBasedSessionManagementMethodType.CookieBasedSession cookieBasedSession = new CookieBasedSessionManagementMethodType.CookieBasedSession();
            for (Map.Entry<String, String> entry : ((ManualAuthenticationCredentials) authenticationCredentials).getSelectedSession().getTokenValuesUnmodifiableMap().entrySet()) {
                Cookie cookie = new Cookie();
                cookie.setName(entry.getKey());
                cookie.setValue(entry.getValue());
                cookieBasedSession.getHttpState().addCookie(cookie);
            }
            return cookieBasedSession;
        }

        @Override // org.zaproxy.zap.authentication.AuthenticationMethod
        public AuthenticationMethodType getType() {
            return new ManualAuthenticationMethodType();
        }

        @Override // org.zaproxy.zap.authentication.AuthenticationMethod
        public AuthenticationMethod duplicate() {
            return new ManualAuthenticationMethod(this.contextId);
        }

        @Override // org.zaproxy.zap.authentication.AuthenticationMethod
        public void onMethodPersisted() {
        }

        @Override // org.zaproxy.zap.authentication.AuthenticationMethod
        public void onMethodDiscarded() {
        }

        @Override // org.zaproxy.zap.authentication.AuthenticationMethod
        public ApiResponse getApiResponseRepresentation() {
            return new ApiResponseElement("methodName", ManualAuthenticationMethodType.API_METHOD_NAME);
        }

        @Override // org.zaproxy.zap.authentication.AuthenticationMethod
        public int hashCode() {
            return (31 * super.hashCode()) + this.contextId;
        }

        @Override // org.zaproxy.zap.authentication.AuthenticationMethod
        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            return super.equals(obj) && getClass() == obj.getClass() && this.contextId == ((ManualAuthenticationMethod) obj).contextId;
        }
    }

    @Override // org.zaproxy.zap.authentication.AuthenticationMethodType
    public String getName() {
        return METHOD_NAME;
    }

    @Override // org.zaproxy.zap.authentication.AuthenticationMethodType
    public boolean hasOptionsPanel() {
        return false;
    }

    @Override // org.zaproxy.zap.authentication.AuthenticationMethodType
    public boolean hasCredentialsOptionsPanel() {
        return true;
    }

    @Override // org.zaproxy.zap.authentication.AuthenticationMethodType
    public ManualAuthenticationMethod createAuthenticationMethod(int i) {
        return new ManualAuthenticationMethod(i);
    }

    @Override // org.zaproxy.zap.authentication.AuthenticationMethodType
    public AbstractAuthenticationMethodOptionsPanel buildOptionsPanel(Context context) {
        return null;
    }

    @Override // org.zaproxy.zap.authentication.AuthenticationMethodType
    public AbstractCredentialsOptionsPanel<? extends AuthenticationCredentials> buildCredentialsOptionsPanel(AuthenticationCredentials authenticationCredentials, Context context) {
        return new ManualAuthenticationCredentialsOptionsPanel((ManualAuthenticationCredentials) authenticationCredentials, context);
    }

    @Override // org.zaproxy.zap.authentication.AuthenticationMethodType
    public boolean isTypeForMethod(AuthenticationMethod authenticationMethod) {
        return authenticationMethod instanceof ManualAuthenticationMethod;
    }

    @Override // org.zaproxy.zap.authentication.AuthenticationMethodType
    public void hook(ExtensionHook extensionHook) {
    }

    @Override // org.zaproxy.zap.authentication.AuthenticationMethodType
    public AuthenticationMethod loadMethodFromSession(Session session, int i) {
        return new ManualAuthenticationMethod(i);
    }

    @Override // org.zaproxy.zap.authentication.AuthenticationMethodType
    public void persistMethodToSession(Session session, int i, AuthenticationMethod authenticationMethod) {
    }

    @Override // org.zaproxy.zap.authentication.AuthenticationMethodType
    public int getUniqueIdentifier() {
        return 0;
    }

    @Override // org.zaproxy.zap.authentication.AuthenticationMethodType
    public ManualAuthenticationCredentials createAuthenticationCredentials() {
        return new ManualAuthenticationCredentials();
    }

    public static ManualAuthenticationCredentials createAuthenticationCredentials(HttpSession httpSession) {
        ManualAuthenticationCredentials manualAuthenticationCredentials = new ManualAuthenticationCredentials();
        manualAuthenticationCredentials.setSelectedSession(httpSession);
        return manualAuthenticationCredentials;
    }

    @Override // org.zaproxy.zap.authentication.AuthenticationMethodType
    public ApiDynamicActionImplementor getSetMethodForContextApiAction() {
        return new ApiDynamicActionImplementor(API_METHOD_NAME, null, null) { // from class: org.zaproxy.zap.authentication.ManualAuthenticationMethodType.1
            @Override // org.zaproxy.zap.extension.api.ApiDynamicActionImplementor
            public void handleAction(JSONObject jSONObject) throws ApiException {
                Context contextByParamId = ApiUtils.getContextByParamId(jSONObject, "contextId");
                ManualAuthenticationMethod createAuthenticationMethod = ManualAuthenticationMethodType.this.createAuthenticationMethod(contextByParamId.getIndex());
                if (!contextByParamId.getAuthenticationMethod().isSameType(createAuthenticationMethod)) {
                    AuthenticationMethodType.apiChangedAuthenticationMethodForContext(contextByParamId.getIndex());
                }
                contextByParamId.setAuthenticationMethod(createAuthenticationMethod);
            }
        };
    }

    @Override // org.zaproxy.zap.authentication.AuthenticationMethodType
    public ApiDynamicActionImplementor getSetCredentialsForUserApiAction() {
        return new ApiDynamicActionImplementor(ACTION_SET_CREDENTIALS, new String[]{PARAM_SESSION_NAME}, null) { // from class: org.zaproxy.zap.authentication.ManualAuthenticationMethodType.2
            @Override // org.zaproxy.zap.extension.api.ApiDynamicActionImplementor
            public void handleAction(JSONObject jSONObject) throws ApiException {
                Context contextByParamId = ApiUtils.getContextByParamId(jSONObject, "contextId");
                int intParam = ApiUtils.getIntParam(jSONObject, UsersAPI.PARAM_USER_ID);
                if (!ManualAuthenticationMethodType.this.isTypeForMethod(contextByParamId.getAuthenticationMethod())) {
                    throw new ApiException(ApiException.Type.BAD_TYPE, "User's credentials should match authentication method type of the context: " + contextByParamId.getAuthenticationMethod().getType().getName());
                }
                User userById = ((ExtensionUserManagement) Control.getSingleton().getExtensionLoader().getExtension(ExtensionUserManagement.NAME)).getContextUserAuthManager(contextByParamId.getIndex()).getUserById(intParam);
                if (userById == null) {
                    throw new ApiException(ApiException.Type.USER_NOT_FOUND, UsersAPI.PARAM_USER_ID);
                }
                String nonEmptyStringParam = ApiUtils.getNonEmptyStringParam(jSONObject, ManualAuthenticationMethodType.PARAM_SESSION_NAME);
                ExtensionHttpSessions extensionHttpSessions = (ExtensionHttpSessions) Control.getSingleton().getExtensionLoader().getExtension(ExtensionHttpSessions.NAME);
                if (extensionHttpSessions == null) {
                    throw new ApiException(ApiException.Type.NO_IMPLEMENTOR, "HttpSessions extension is not loaded.");
                }
                HttpSession httpSession = null;
                Iterator<HttpSession> it = extensionHttpSessions.getHttpSessionsForContext(contextByParamId).iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    HttpSession next = it.next();
                    if (next.getName().equals(nonEmptyStringParam)) {
                        httpSession = next;
                        break;
                    }
                }
                if (httpSession == null) {
                    throw new ApiException(ApiException.Type.DOES_NOT_EXIST, ManualAuthenticationMethodType.PARAM_SESSION_NAME);
                }
                ManualAuthenticationCredentials createAuthenticationCredentials = ManualAuthenticationMethodType.this.createAuthenticationCredentials();
                createAuthenticationCredentials.setSelectedSession(httpSession);
                userById.setAuthenticationCredentials(createAuthenticationCredentials);
            }
        };
    }
}
