package com.vrondakis.zap;

import com.mashape.unirest.http.Unirest;
import com.mashape.unirest.http.exceptions.UnirestException;
import com.vrondakis.zap.workflow.RunZapAttackStepParameters;
import hudson.FilePath;
import hudson.Launcher;
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Paths;
import java.time.OffsetDateTime;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import net.sf.json.JSONObject;
import org.apache.commons.io.IOUtils;

/* loaded from: input_file:com/vrondakis/zap/ZapDriverImpl.class */
public class ZapDriverImpl implements ZapDriver {
    private String zapHost;
    private int zapPort;
    private FilePath zapDir;
    private int zapTimeout;
    private int crawlId;
    private String rootCaFile;
    private HashMap<Integer, Integer> failBuild = new HashMap<>();
    private List<String> allowedHosts = new ArrayList();
    private final List<Integer> startedScans = new ArrayList();
    private List<String> additionalConfigurations = new ArrayList();

    private JSONObject zapApi(String str, Map<String, String> map) throws ZapExecutionException {
        try {
            JSONObject fromObject = JSONObject.fromObject(IOUtils.toString(Unirest.get(new URI("http", null, getZapHost(), getZapPort(), "/JSON/" + str, ZapDriverController.formatParams(map), null).toString()).asString().getRawBody(), StandardCharsets.UTF_8));
            if (fromObject == null) {
                throw new ZapExecutionException("ZAP API returned an empty response.");
            }
            return fromObject;
        } catch (ZapExecutionException e) {
            throw e;
        } catch (Exception e2) {
            throw new ZapExecutionException("Failed call ZAP API.", e2);
        }
    }

    private void verifyApiResultIsOk(JSONObject jSONObject, String str) throws ZapExecutionException {
        if (!jSONObject.has("Result") || !jSONObject.getString("Result").equals("OK")) {
            throw new ZapExecutionException(str);
        }
    }

    private JSONObject zapApi(String str) throws ZapExecutionException {
        return zapApi(str, Collections.emptyMap());
    }

    @Override // com.vrondakis.zap.ZapDriver
    public void shutdownZap() throws ZapExecutionException {
        if (this.zapPort == 0 || this.zapHost == null) {
            throw new ZapExecutionException("Cannot shutdown Zap, missing Port and/or Host value.");
        }
        zapApi("core/action/shutdown");
    }

    @Override // com.vrondakis.zap.ZapDriver
    public void setZapMode(String str) throws ZapExecutionException {
        zapApi("core/action/setMode", Collections.singletonMap("mode", str));
    }

    @Override // com.vrondakis.zap.ZapDriver
    public void startZapCrawler(String str) throws ZapExecutionException {
        if (this.crawlId != 0) {
            throw new ZapExecutionException("ZAP Crawler already running");
        }
        this.crawlId = zapApi("spider/action/scan", Collections.singletonMap("url", str)).getInt("scan");
    }

    @Override // com.vrondakis.zap.ZapDriver
    public int zapCrawlerStatus() {
        try {
            return zapApi("spider/view/status", Collections.singletonMap("scanId", Integer.toString(this.crawlId))).getInt("status");
        } catch (ZapExecutionException e) {
            return 100;
        }
    }

    @Override // com.vrondakis.zap.ZapDriver
    public void zapCrawlerSuccess() throws InterruptedException, ZapExecutionException {
        OffsetDateTime now = OffsetDateTime.now();
        int zapTimeout = getZapTimeout();
        int zapCrawlerStatus = zapCrawlerStatus();
        while (zapCrawlerStatus < 100) {
            if (OffsetDateTime.now().isAfter(now.plusSeconds(zapTimeout))) {
                throw new ZapExecutionException("ZAP Crawler failed to complete within the set timeout of " + zapTimeout + " seconds.");
            }
            zapCrawlerStatus = zapCrawlerStatus();
            System.out.println("zap: Crawler progress is: " + zapCrawlerStatus + "%");
            if (zapCrawlerStatus != 100) {
                TimeUnit.SECONDS.sleep(10L);
            }
        }
    }

    @Override // com.vrondakis.zap.ZapDriver
    public void importUrls(String str) throws ZapExecutionException {
        System.out.println("zap: Importing URLs from " + str);
        verifyApiResultIsOk(zapApi("importurls/action/importurls", Collections.singletonMap("filePath", str)), "Request to import URLs returned a non-'OK' result.");
    }

    @Override // com.vrondakis.zap.ZapDriver
    public void loadSession(String str) throws ZapExecutionException {
        System.out.println("zap: Loading session from " + str);
        try {
            verifyApiResultIsOk(zapApi("core/action/loadSession", Collections.singletonMap("name", str)), "ZAP Session was empty, corrupt or non-existent.");
        } catch (Exception e) {
            throw new ZapExecutionException("Could not load session file.", e);
        }
    }

    @Override // com.vrondakis.zap.ZapDriver
    public void loadPolicy(String str) throws ZapExecutionException {
        JSONObject zapApi = zapApi("ascan/action/importScanPolicy", Collections.singletonMap("path", str));
        boolean z = zapApi.has("Result") && zapApi.getString("Result").equals("OK");
        boolean z2 = zapApi.has("code") && zapApi.getString("code").equals("already_exists");
        if (z || z2) {
            throw new ZapExecutionException("Request to import scan policy returned a non-'OK' result.");
        }
    }

    @Override // com.vrondakis.zap.ZapDriver
    public boolean zapAttack(RunZapAttackStepParameters runZapAttackStepParameters) throws ZapExecutionException, URISyntaxException {
        this.startedScans.clear();
        JSONObject zapApi = zapApi("core/view/sites");
        ArrayList arrayList = new ArrayList();
        Iterator it = zapApi.getJSONArray("sites").iterator();
        while (it.hasNext()) {
            Object next = it.next();
            String obj = next.toString();
            if (!arrayList.stream().anyMatch(str -> {
                return str.equals(next.toString());
            }) && beginScan(obj, runZapAttackStepParameters)) {
                arrayList.add(obj);
            }
        }
        return true;
    }

    private boolean beginScan(String str, RunZapAttackStepParameters runZapAttackStepParameters) throws URISyntaxException, ZapExecutionException {
        List<String> list = this.allowedHosts;
        String host = new URI(str).getHost();
        if (!host.equals("localhost.localdomain")) {
            if (this.allowedHosts.isEmpty()) {
                InetAddress inetAddress = null;
                try {
                    inetAddress = InetAddress.getByName(host);
                } catch (Exception e) {
                    e.printStackTrace();
                }
                if (inetAddress == null) {
                    return false;
                }
                if (!inetAddress.isAnyLocalAddress() && !inetAddress.isLoopbackAddress()) {
                    return false;
                }
            } else if (!list.contains(host)) {
                System.out.println("zap: Host " + host + " is not in the allowedHosts parameter and is not a local host. Not scanning.");
                return false;
            }
        }
        String str2 = "ascan/action/scan";
        HashMap hashMap = new HashMap();
        hashMap.put("url", str);
        if (runZapAttackStepParameters.getUser() != 0) {
            System.out.println("zap: Loading user ID: " + runZapAttackStepParameters.getUser());
            str2 = str2 + "AsUser";
            hashMap.put("userId", Integer.toString(runZapAttackStepParameters.getUser()));
        }
        if (runZapAttackStepParameters.getScanPolicyName() != null && !runZapAttackStepParameters.getScanPolicyName().isEmpty()) {
            hashMap.put("scanPolicyName", runZapAttackStepParameters.getScanPolicyName());
        }
        this.startedScans.add(Integer.valueOf(zapApi(str2, hashMap).getInt("scan")));
        return true;
    }

    @Override // com.vrondakis.zap.ZapDriver
    public int zapAttackStatus() {
        int i;
        int size = this.startedScans.size();
        int i2 = 0;
        if (this.startedScans.isEmpty()) {
            return 100;
        }
        Iterator<Integer> it = this.startedScans.iterator();
        while (it.hasNext()) {
            try {
                i = 0 + zapApi("ascan/view/status", Collections.singletonMap("scanId", Integer.toString(it.next().intValue()))).getInt("status");
            } catch (ZapExecutionException e) {
                i = 100;
            }
            i2 += i;
        }
        return i2 / size;
    }

    @Override // com.vrondakis.zap.ZapDriver
    public void startZapProcess(String str, FilePath filePath, Launcher launcher) throws IOException {
        ArrayList arrayList = new ArrayList();
        String[] strArr = new String[1];
        strArr[0] = launcher.isUnix() ? "zap.sh" : "zap.bat";
        arrayList.add(Paths.get(str, strArr).toString());
        arrayList.add("-daemon");
        arrayList.add("-host");
        arrayList.add(this.zapHost);
        arrayList.add("-port");
        arrayList.add(Integer.toString(this.zapPort));
        if (this.zapDir != null) {
            arrayList.add("-dir");
            arrayList.add(this.zapDir.getRemote());
        }
        arrayList.add("-config");
        arrayList.add("api.disablekey=true");
        arrayList.add("-config");
        arrayList.add("api.addrs.addr.regex=true");
        arrayList.add("-config");
        arrayList.add("api.addrs.addr.name=.*");
        arrayList.add("-config");
        arrayList.add("connection.timeoutInSecs=600");
        for (String str2 : this.additionalConfigurations) {
            arrayList.add("-config");
            arrayList.add(str2);
        }
        if (this.rootCaFile != null) {
            arrayList.add("-certload");
            arrayList.add(this.rootCaFile);
        }
        launcher.launch().stdout(launcher.getListener().getLogger()).stderr(launcher.getListener().getLogger()).cmds(arrayList).pwd(filePath).start();
        launcher.getListener().getLogger().println("zap: Started successfully");
    }

    @Override // com.vrondakis.zap.ZapDriver
    public void enablePassiveScanners(List<Integer> list) throws ZapExecutionException {
        zapApi("pscan/action/disableAllScanners/");
        String join = String.join(",", (Iterable<? extends CharSequence>) list.stream().map(num -> {
            return num.toString();
        }).collect(Collectors.toList()));
        HashMap hashMap = new HashMap();
        hashMap.put("ids", join);
        zapApi("pscan/action/enableScanners/", hashMap);
    }

    @Override // com.vrondakis.zap.ZapDriver
    public void disablePassiveScanners(List<Integer> list) throws ZapExecutionException {
        zapApi("pscan/action/enableAllScanners/");
        String join = String.join(",", (Iterable<? extends CharSequence>) list.stream().map(num -> {
            return num.toString();
        }).collect(Collectors.toList()));
        HashMap hashMap = new HashMap();
        hashMap.put("ids", join);
        zapApi("pscan/action/disableScanners/", hashMap);
    }

    @Override // com.vrondakis.zap.ZapDriver
    public void zapAliveCheck() throws ZapExecutionException {
        OffsetDateTime now = OffsetDateTime.now();
        while (!OffsetDateTime.now().isAfter(now.plusSeconds(100L))) {
            try {
                TimeUnit.SECONDS.sleep(20L);
                System.out.println("zap: Attempting to connect to ZAP at " + getZapHost() + ":" + getZapPort());
                new Socket(getZapHost(), getZapPort());
                return;
            } catch (IOException e) {
            } catch (InterruptedException e2) {
            }
        }
        throw new ZapExecutionException("Timed out waiting for ZAP application to become active for new connections.");
    }

    @Override // com.vrondakis.zap.ZapDriver
    public String getZapReport() throws IOException, UnirestException, URISyntaxException {
        return IOUtils.toString(Unirest.get(new URI("http", null, this.zapHost, this.zapPort, "/OTHER/core/other/jsonreport", "formMethod=GET", null).toString()).asString().getRawBody(), StandardCharsets.UTF_8);
    }

    @Override // com.vrondakis.zap.ZapDriver
    public String getZapReportXML() throws IOException, UnirestException, URISyntaxException {
        return IOUtils.toString(Unirest.get(new URI("http", null, this.zapHost, this.zapPort, "/other/core/other/xmlreport", "formMethod=GET", null).toString()).asString().getRawBody(), StandardCharsets.UTF_8);
    }

    @Override // com.vrondakis.zap.ZapDriver
    public void setZapHost(String str) {
        this.zapHost = str;
    }

    @Override // com.vrondakis.zap.ZapDriver
    public void setZapPort(int i) {
        this.zapPort = i;
    }

    @Override // com.vrondakis.zap.ZapDriver
    public void setZapDir(FilePath filePath) {
        this.zapDir = filePath;
    }

    @Override // com.vrondakis.zap.ZapDriver
    public void setFailBuild(int i, int i2, int i3, int i4) {
        this.failBuild.put(4, Integer.valueOf(i));
        this.failBuild.put(3, Integer.valueOf(i2));
        this.failBuild.put(2, Integer.valueOf(i3));
        this.failBuild.put(1, Integer.valueOf(i4));
    }

    @Override // com.vrondakis.zap.ZapDriver
    public void setZapTimeout(int i) {
        this.zapTimeout = i;
    }

    @Override // com.vrondakis.zap.ZapDriver
    public void setAllowedHosts(List<String> list) {
        this.allowedHosts = list;
    }

    @Override // com.vrondakis.zap.ZapDriver
    public int getZapTimeout() {
        return this.zapTimeout;
    }

    @Override // com.vrondakis.zap.ZapDriver
    public int getZapPort() {
        return this.zapPort;
    }

    @Override // com.vrondakis.zap.ZapDriver
    public FilePath getZapDir() {
        return this.zapDir;
    }

    @Override // com.vrondakis.zap.ZapDriver
    public HashMap<Integer, Integer> getFailBuild() {
        return this.failBuild;
    }

    @Override // com.vrondakis.zap.ZapDriver
    public String getZapHost() {
        return this.zapHost;
    }

    @Override // com.vrondakis.zap.ZapDriver
    public List<String> getAllowedHosts() {
        return this.allowedHosts;
    }

    @Override // com.vrondakis.zap.ZapDriver
    public int zapRecordsToScan() throws ZapExecutionException {
        return zapApi("pscan/view/recordsToScan", Collections.emptyMap()).getInt("recordsToScan");
    }

    @Override // com.vrondakis.zap.ZapDriver
    public void setZapRootCaFile(String str) {
        this.rootCaFile = str;
    }

    @Override // com.vrondakis.zap.ZapDriver
    public String getZapRootCaFile() {
        return this.rootCaFile;
    }

    @Override // com.vrondakis.zap.ZapDriver
    public void setAdditionalConfigurations(List<String> list) {
        this.additionalConfigurations = list;
    }

    @Override // com.vrondakis.zap.ZapDriver
    public List<String> getAdditionalConfigurations() {
        return this.additionalConfigurations;
    }
}
