package org.zaproxy.clientapi.core;

import java.io.BufferedReader;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.PrintStream;
import java.io.UnsupportedEncodingException;
import java.net.HttpURLConnection;
import java.net.InetSocketAddress;
import java.net.MalformedURLException;
import java.net.Proxy;
import java.net.URL;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.xml.parsers.DocumentBuilderFactory;
import org.apache.commons.lang.StringUtils;
import org.apache.tools.ant.MagicNames;
import org.apache.tools.mail.MailMessage;
import org.junit.Assert;
import org.w3c.dom.Document;
import org.zaproxy.clientapi.core.Alert;
import org.zaproxy.clientapi.gen.Acsrf;
import org.zaproxy.clientapi.gen.AjaxSpider;
import org.zaproxy.clientapi.gen.Ascan;
import org.zaproxy.clientapi.gen.Authentication;
import org.zaproxy.clientapi.gen.Autoupdate;
import org.zaproxy.clientapi.gen.Break;
import org.zaproxy.clientapi.gen.Context;
import org.zaproxy.clientapi.gen.Core;
import org.zaproxy.clientapi.gen.ForcedUser;
import org.zaproxy.clientapi.gen.HttpSessions;
import org.zaproxy.clientapi.gen.ImportLogFiles;
import org.zaproxy.clientapi.gen.Params;
import org.zaproxy.clientapi.gen.Pnh;
import org.zaproxy.clientapi.gen.Pscan;
import org.zaproxy.clientapi.gen.Reveal;
import org.zaproxy.clientapi.gen.Script;
import org.zaproxy.clientapi.gen.Search;
import org.zaproxy.clientapi.gen.Selenium;
import org.zaproxy.clientapi.gen.SessionManagement;
import org.zaproxy.clientapi.gen.Spider;
import org.zaproxy.clientapi.gen.Users;

/* loaded from: input_file:WEB-INF/lib/zap-api-2.4-v1.jar:org/zaproxy/clientapi/core/ClientApi.class */
public class ClientApi {
    private Proxy proxy;
    private boolean debug;
    private PrintStream debugStream;
    public Acsrf acsrf;
    public AjaxSpider ajaxSpider;
    public Ascan ascan;
    public Authentication authentication;
    public Autoupdate autoupdate;
    public Break brk;
    public Context context;
    public Core core;
    public ForcedUser forcedUser;
    public HttpSessions httpSessions;
    public ImportLogFiles logImportFiles;
    public Params params;
    public Pnh pnh;
    public Pscan pscan;
    public Reveal reveal;
    public Script script;
    public Search search;
    public Selenium selenium;
    public SessionManagement sessionManagement;
    public Spider spider;
    public Users users;

    public ClientApi(String str, int i) {
        this(str, i, false);
    }

    public ClientApi(String str, int i, boolean z) {
        this.proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(MailMessage.DEFAULT_HOST, 8090));
        this.debug = false;
        this.debugStream = System.out;
        this.acsrf = new Acsrf(this);
        this.ajaxSpider = new AjaxSpider(this);
        this.ascan = new Ascan(this);
        this.authentication = new Authentication(this);
        this.autoupdate = new Autoupdate(this);
        this.brk = new Break(this);
        this.context = new Context(this);
        this.core = new Core(this);
        this.forcedUser = new ForcedUser(this);
        this.httpSessions = new HttpSessions(this);
        this.logImportFiles = new ImportLogFiles(this);
        this.params = new Params(this);
        this.pnh = new Pnh(this);
        this.pscan = new Pscan(this);
        this.reveal = new Reveal(this);
        this.script = new Script(this);
        this.search = new Search(this);
        this.selenium = new Selenium(this);
        this.sessionManagement = new SessionManagement(this);
        this.spider = new Spider(this);
        this.users = new Users(this);
        this.proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(str, i));
        this.debug = z;
    }

    public void setDebugStream(PrintStream printStream) {
        this.debugStream = printStream;
    }

    public void accessUrl(String str) throws ClientApiException {
        accessUrlViaProxy(this.proxy, str);
    }

    private int statusToInt(ApiResponse apiResponse) {
        return Integer.parseInt(((ApiResponseElement) apiResponse).getValue());
    }

    public void checkAlerts(List<Alert> list, List<Alert> list2) throws ClientApiException {
        HashMap<String, List<Alert>> checkForAlerts = checkForAlerts(list, list2);
        verifyAlerts(checkForAlerts.get("requireAlerts"), checkForAlerts.get("reportAlerts"));
    }

    private void verifyAlerts(List<Alert> list, List<Alert> list2) throws ClientApiException {
        StringBuilder sb = new StringBuilder();
        if (list2.size() > 0) {
            sb.append("Found ").append(list2.size()).append(" alerts\n");
            for (Alert alert : list2) {
                sb.append('\t');
                sb.append(alert.toString());
                sb.append('\n');
            }
        }
        if (list != null && list.size() > 0) {
            if (sb.length() > 0) {
                sb.append('\n');
            }
            sb.append("Not found ").append(list.size()).append(" alerts\n");
            for (Alert alert2 : list) {
                sb.append('\t');
                sb.append(alert2.toString());
                sb.append('\n');
            }
        }
        if (sb.length() > 0) {
            if (this.debug) {
                this.debugStream.println("Failed: " + sb.toString());
            }
            throw new ClientApiException(sb.toString());
        }
    }

    public void checkAlerts(List<Alert> list, List<Alert> list2, File file) throws ClientApiException {
        HashMap<String, List<Alert>> checkForAlerts = checkForAlerts(list, list2);
        int size = checkForAlerts.get("reportAlerts").size();
        int size2 = checkForAlerts.get("requireAlerts").size();
        String format = String.format("Alerts Found: %d, Alerts required but not found: %d, Alerts ignored: %d", Integer.valueOf(size), Integer.valueOf(size2), Integer.valueOf(checkForAlerts.get("ignoredAlerts").size()));
        try {
            AlertsFile.saveAlertsToFile(checkForAlerts.get("requireAlerts"), checkForAlerts.get("reportAlerts"), checkForAlerts.get("ignoredAlerts"), file);
            if (size > 0 || size2 > 0) {
                Assert.fail("Check Alerts Failed!\n" + format);
            } else if (this.debug) {
                this.debugStream.println("Check Alerts Passed!\n" + format);
            }
        } catch (Exception e) {
            throw new ClientApiException(e);
        }
    }

    public List<Alert> getAlerts(String str, int i, int i2) throws ClientApiException {
        ArrayList arrayList = new ArrayList();
        ApiResponse alerts = this.core.alerts(str, String.valueOf(i), String.valueOf(i2));
        if (alerts != null && (alerts instanceof ApiResponseList)) {
            Iterator<ApiResponse> it = ((ApiResponseList) alerts).getItems().iterator();
            while (it.hasNext()) {
                ApiResponseSet apiResponseSet = (ApiResponseSet) it.next();
                arrayList.add(new Alert(apiResponseSet.getAttribute("alert"), apiResponseSet.getAttribute(MagicNames.ANT_FILE_TYPE_URL), Alert.Risk.valueOf(apiResponseSet.getAttribute("risk")), Alert.Confidence.valueOf(apiResponseSet.getAttribute("confidence")), apiResponseSet.getAttribute("param"), apiResponseSet.getAttribute("other"), apiResponseSet.getAttribute("attack"), apiResponseSet.getAttribute("description"), apiResponseSet.getAttribute("reference"), apiResponseSet.getAttribute("solution"), apiResponseSet.getAttribute("evidence"), Integer.parseInt(apiResponseSet.getAttribute("cweid")), Integer.parseInt(apiResponseSet.getAttribute("wascid"))));
            }
        }
        return arrayList;
    }

    private HashMap<String, List<Alert>> checkForAlerts(List<Alert> list, List<Alert> list2) throws ClientApiException {
        List<Alert> arrayList = new ArrayList<>();
        ArrayList arrayList2 = new ArrayList();
        for (Alert alert : getAlerts(null, -1, -1)) {
            boolean z = false;
            if (list != null) {
                Iterator<Alert> it = list.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    Alert next = it.next();
                    if (alert.matches(next)) {
                        if (this.debug) {
                            this.debugStream.println("Ignoring alert " + next);
                        }
                        arrayList2.add(alert);
                        z = true;
                    }
                }
            }
            if (!z) {
                arrayList.add(alert);
            }
            if (list2 != null) {
                Iterator<Alert> it2 = list2.iterator();
                while (true) {
                    if (it2.hasNext()) {
                        Alert next2 = it2.next();
                        if (alert.matches(next2)) {
                            if (this.debug) {
                                this.debugStream.println("Found alert " + alert);
                            }
                            list2.remove(next2);
                            arrayList.remove(alert);
                        }
                    }
                }
            }
        }
        HashMap<String, List<Alert>> hashMap = new HashMap<>();
        hashMap.put("reportAlerts", arrayList);
        hashMap.put("requireAlerts", list2);
        hashMap.put("ignoredAlerts", arrayList2);
        return hashMap;
    }

    private void accessUrlViaProxy(Proxy proxy, String str) throws ClientApiException {
        try {
            URL url = new URL(str);
            if (this.debug) {
                this.debugStream.println("Open URL: " + str);
            }
            HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection(proxy);
            httpURLConnection.connect();
            try {
                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream()));
                while (true) {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        break;
                    } else if (this.debug) {
                        this.debugStream.println(readLine);
                    }
                }
                bufferedReader.close();
            } catch (IOException e) {
                if (this.debug) {
                    this.debugStream.println("Ignoring exception " + e);
                }
            }
        } catch (Exception e2) {
            throw new ClientApiException(e2);
        }
    }

    public ApiResponse callApi(String str, String str2, String str3, Map<String, String> map) throws ClientApiException {
        try {
            return ApiResponseFactory.getResponse(callApiDom(str, str2, str3, map).getFirstChild());
        } catch (Exception e) {
            throw new ClientApiException(e);
        }
    }

    private Document callApiDom(String str, String str2, String str3, Map<String, String> map) throws ClientApiException {
        try {
            URL buildZapRequestUrl = buildZapRequestUrl("xml", str, str2, str3, map);
            if (this.debug) {
                this.debugStream.println("Open URL: " + buildZapRequestUrl);
            }
            return DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(((HttpURLConnection) buildZapRequestUrl.openConnection(this.proxy)).getInputStream());
        } catch (Exception e) {
            throw new ClientApiException(e);
        }
    }

    /* JADX WARN: Finally extract failed */
    public byte[] callApiOther(String str, String str2, String str3, Map<String, String> map) throws ClientApiException {
        try {
            URL buildZapRequestUrl = buildZapRequestUrl("other", str, str2, str3, map);
            if (this.debug) {
                this.debugStream.println("Open URL: " + buildZapRequestUrl);
            }
            InputStream inputStream = ((HttpURLConnection) buildZapRequestUrl.openConnection(this.proxy)).getInputStream();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            byte[] bArr = new byte[8192];
            while (true) {
                try {
                    try {
                        int read = inputStream.read(bArr);
                        if (read == -1) {
                            byteArrayOutputStream.close();
                            inputStream.close();
                            return byteArrayOutputStream.toByteArray();
                        }
                        byteArrayOutputStream.write(bArr, 0, read);
                    } catch (Throwable th) {
                        byteArrayOutputStream.close();
                        inputStream.close();
                        throw th;
                    }
                } catch (IOException e) {
                    throw new ClientApiException(e);
                }
            }
        } catch (Exception e2) {
            throw new ClientApiException(e2);
        }
    }

    private static URL buildZapRequestUrl(String str, String str2, String str3, String str4, Map<String, String> map) throws MalformedURLException {
        StringBuilder sb = new StringBuilder();
        sb.append("http://zap/");
        sb.append(str);
        sb.append('/');
        sb.append(str2);
        sb.append('/');
        sb.append(str3);
        sb.append('/');
        sb.append(str4);
        sb.append('/');
        if (map != null) {
            sb.append('?');
            for (Map.Entry<String, String> entry : map.entrySet()) {
                sb.append(encodeQueryParam(entry.getKey()));
                sb.append('=');
                if (entry.getValue() != null) {
                    sb.append(encodeQueryParam(entry.getValue()));
                }
                sb.append('&');
            }
        }
        return new URL(sb.toString());
    }

    private static String encodeQueryParam(String str) {
        try {
            return URLEncoder.encode(str, "UTF-8");
        } catch (UnsupportedEncodingException e) {
            return str;
        }
    }

    public void addExcludeFromContext(String str, String str2, String str3) throws Exception {
        this.context.excludeFromContext(str, str2, str3);
    }

    public void addIncludeInContext(String str, String str2, String str3) throws Exception {
        this.context.includeInContext(str, str2, str3);
    }

    public void includeOneMatchingNodeInContext(String str, String str2, String str3) throws Exception {
        boolean z = false;
        for (String str4 : getSessionUrls()) {
            if (str4.matches(str3)) {
                if (z) {
                    addExcludeFromContext(str, str2, str4);
                } else {
                    z = true;
                }
            }
        }
        if (!z) {
            throw new Exception("Unexpected result: No url found in site tree matching regex " + str3);
        }
    }

    private List<String> getSessionUrls() throws Exception {
        ArrayList arrayList = new ArrayList();
        ApiResponse urls = this.core.urls();
        if (urls != null && (urls instanceof ApiResponseList)) {
            ApiResponseElement apiResponseElement = (ApiResponseElement) ((ApiResponseList) urls).getItems().get(0);
            Iterator<ApiResponse> it = ((ApiResponseList) urls).getItems().iterator();
            while (it.hasNext()) {
                URL url = new URL(((ApiResponseElement) it.next()).getValue());
                arrayList.add(url.getProtocol() + "://" + url.getHost() + url.getPath());
            }
            System.out.println(apiResponseElement);
        }
        return arrayList;
    }

    public void activeScanSiteInScope(String str, String str2) throws Exception {
        this.ascan.scan(str, str2, "true", "true", StringUtils.EMPTY, StringUtils.EMPTY, StringUtils.EMPTY);
        int i = 0;
        while (i < 100) {
            i = statusToInt(this.ascan.status(StringUtils.EMPTY));
            if (this.debug) {
                System.out.println(String.format("Scanning %s Progress: %d%%", str2, Integer.valueOf(i)));
            }
            try {
                Thread.sleep(1000L);
            } catch (InterruptedException e) {
            }
        }
    }
}
