package org.zaproxy.zap.authentication;

import java.awt.GridBagLayout;
import java.awt.Insets;
import java.net.InetAddress;
import java.net.URI;
import java.net.UnknownHostException;
import java.util.HashMap;
import java.util.List;
import javax.swing.JLabel;
import net.sf.json.JSONObject;
import org.apache.commons.configuration.Configuration;
import org.apache.commons.configuration.ConfigurationException;
import org.apache.commons.httpclient.NTCredentials;
import org.apache.commons.httpclient.auth.AuthScope;
import org.apache.log4j.Logger;
import org.parosproxy.paros.Constant;
import org.parosproxy.paros.db.DatabaseException;
import org.parosproxy.paros.extension.ExtensionHook;
import org.parosproxy.paros.model.Session;
import org.zaproxy.zap.authentication.AuthenticationMethod;
import org.zaproxy.zap.authentication.AuthenticationMethodType;
import org.zaproxy.zap.authentication.UsernamePasswordAuthenticationCredentials;
import org.zaproxy.zap.extension.api.ApiDynamicActionImplementor;
import org.zaproxy.zap.extension.api.ApiException;
import org.zaproxy.zap.extension.api.ApiResponse;
import org.zaproxy.zap.extension.api.ApiResponseSet;
import org.zaproxy.zap.model.Context;
import org.zaproxy.zap.session.SessionManagementMethod;
import org.zaproxy.zap.session.WebSession;
import org.zaproxy.zap.users.User;
import org.zaproxy.zap.utils.ApiUtils;
import org.zaproxy.zap.utils.HirshbergMatcher;
import org.zaproxy.zap.utils.ZapPortNumberSpinner;
import org.zaproxy.zap.utils.ZapTextField;
import org.zaproxy.zap.view.LayoutHelper;

/* loaded from: input_file:WEB-INF/lib/zap-2.4.0.jar:org/zaproxy/zap/authentication/HttpAuthenticationMethodType.class */
public class HttpAuthenticationMethodType extends AuthenticationMethodType {
    public static final String CONTEXT_CONFIG_AUTH_HTTP = "context.authentication.http";
    public static final String CONTEXT_CONFIG_AUTH_HTTP_HOSTNAME = "context.authentication.http.hostname";
    public static final String CONTEXT_CONFIG_AUTH_HTTP_REALM = "context.authentication.http.realm";
    public static final String CONTEXT_CONFIG_AUTH_HTTP_PORT = "context.authentication.http.port";
    private static final int METHOD_IDENTIFIER = 3;
    private static final String API_METHOD_NAME = "httpAuthentication";
    private static final String PARAM_HOSTNAME = "hostname";
    private static final String PARAM_REALM = "realm";
    private static final String PARAM_PORT = "port";
    private static final Logger log = Logger.getLogger(HttpAuthenticationMethodType.class);
    private static final String METHOD_NAME = Constant.messages.getString("authentication.method.http.name");

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:WEB-INF/lib/zap-2.4.0.jar:org/zaproxy/zap/authentication/HttpAuthenticationMethodType$HttpAuthenticationMethod.class */
    public static class HttpAuthenticationMethod extends AuthenticationMethod {
        protected String hostname;
        protected int port = 80;
        protected String realm;

        @Override // org.zaproxy.zap.authentication.AuthenticationMethod
        public boolean isConfigured() {
            return (this.hostname == null || this.hostname.isEmpty() || this.realm == null || this.realm.isEmpty()) ? false : true;
        }

        @Override // org.zaproxy.zap.authentication.AuthenticationMethod
        protected AuthenticationMethod duplicate() {
            HttpAuthenticationMethod httpAuthenticationMethod = new HttpAuthenticationMethod();
            httpAuthenticationMethod.hostname = this.hostname;
            httpAuthenticationMethod.port = this.port;
            httpAuthenticationMethod.realm = this.realm;
            return httpAuthenticationMethod;
        }

        @Override // org.zaproxy.zap.authentication.AuthenticationMethod
        public AuthenticationCredentials createAuthenticationCredentials() {
            return new UsernamePasswordAuthenticationCredentials();
        }

        @Override // org.zaproxy.zap.authentication.AuthenticationMethod
        public AuthenticationMethodType getType() {
            return new HttpAuthenticationMethodType();
        }

        @Override // org.zaproxy.zap.authentication.AuthenticationMethod
        public WebSession authenticate(SessionManagementMethod sessionManagementMethod, AuthenticationCredentials authenticationCredentials, User user) throws AuthenticationMethod.UnsupportedAuthenticationCredentialsException {
            WebSession authenticatedSession = user.getAuthenticatedSession();
            if (authenticatedSession == null) {
                authenticatedSession = sessionManagementMethod.createEmptyWebSession();
            }
            if (!(authenticationCredentials instanceof UsernamePasswordAuthenticationCredentials)) {
                throw new AuthenticationMethod.UnsupportedAuthenticationCredentialsException("Form based authentication method only supports " + UsernamePasswordAuthenticationCredentials.class.getSimpleName());
            }
            UsernamePasswordAuthenticationCredentials usernamePasswordAuthenticationCredentials = (UsernamePasswordAuthenticationCredentials) authenticationCredentials;
            try {
                authenticatedSession.getHttpState().setCredentials(new AuthScope(this.hostname, this.port, (this.realm == null || this.realm.isEmpty()) ? AuthScope.ANY_REALM : this.realm), new NTCredentials(usernamePasswordAuthenticationCredentials.getUsername(), usernamePasswordAuthenticationCredentials.getPassword(), InetAddress.getLocalHost().getCanonicalHostName(), this.hostname));
            } catch (UnknownHostException e) {
                HttpAuthenticationMethodType.log.error(e.getMessage(), e);
            }
            return authenticatedSession;
        }

        @Override // org.zaproxy.zap.authentication.AuthenticationMethod
        public ApiResponse getApiResponseRepresentation() {
            HashMap hashMap = new HashMap();
            hashMap.put("methodName", HttpAuthenticationMethodType.API_METHOD_NAME);
            hashMap.put("host", this.hostname);
            hashMap.put(HttpAuthenticationMethodType.PARAM_PORT, Integer.toString(this.port));
            hashMap.put(HttpAuthenticationMethodType.PARAM_REALM, this.realm);
            return new ApiResponseSet("method", hashMap);
        }
    }

    /* loaded from: input_file:WEB-INF/lib/zap-2.4.0.jar:org/zaproxy/zap/authentication/HttpAuthenticationMethodType$HttpAuthenticationMethodOptionsPanel.class */
    private static class HttpAuthenticationMethodOptionsPanel extends AbstractAuthenticationMethodOptionsPanel {
        private static final long serialVersionUID = 4341092284683481288L;
        private static final String HOSTNAME_LABEL = Constant.messages.getString("authentication.method.http.field.label.hostname");
        private static final String PORT_LABEL = Constant.messages.getString("authentication.method.http.field.label.port");
        private static final String REALM_LABEL = Constant.messages.getString("authentication.method.http.field.label.realm");
        private ZapTextField hostnameField;
        private ZapTextField realmField;
        private ZapPortNumberSpinner portNumberSpinner;
        private HttpAuthenticationMethod method;

        public HttpAuthenticationMethodOptionsPanel() {
            initialize();
        }

        private void initialize() {
            setLayout(new GridBagLayout());
            add(new JLabel(HOSTNAME_LABEL), LayoutHelper.getGBC(0, 0, 1, HirshbergMatcher.MIN_RATIO));
            this.hostnameField = new ZapTextField();
            add(this.hostnameField, LayoutHelper.getGBC(1, 0, 1, 1.0d, new Insets(0, 0, 0, 10)));
            add(new JLabel(PORT_LABEL), LayoutHelper.getGBC(2, 0, 1, HirshbergMatcher.MIN_RATIO));
            this.portNumberSpinner = new ZapPortNumberSpinner(80);
            add(this.portNumberSpinner, LayoutHelper.getGBC(3, 0, 1, HirshbergMatcher.MIN_RATIO));
            add(new JLabel(REALM_LABEL), LayoutHelper.getGBC(0, 1, 1, HirshbergMatcher.MIN_RATIO));
            this.realmField = new ZapTextField();
            add(this.realmField, LayoutHelper.getGBC(1, 1, 1, 1.0d, new Insets(0, 0, 0, 10)));
        }

        @Override // org.zaproxy.zap.authentication.AbstractAuthenticationMethodOptionsPanel
        public void validateFields() throws IllegalStateException {
            try {
                new URI(this.hostnameField.getText());
            } catch (Exception e) {
                this.hostnameField.requestFocusInWindow();
                throw new IllegalStateException(Constant.messages.getString("authentication.method.http.dialog.error.url.text"));
            }
        }

        @Override // org.zaproxy.zap.authentication.AbstractAuthenticationMethodOptionsPanel
        public void saveMethod() {
            getMethod().hostname = this.hostnameField.getText();
            getMethod().port = this.portNumberSpinner.m763getValue().intValue();
            getMethod().realm = this.realmField.getText();
        }

        @Override // org.zaproxy.zap.authentication.AbstractAuthenticationMethodOptionsPanel
        public void bindMethod(AuthenticationMethod authenticationMethod) throws AuthenticationMethodType.UnsupportedAuthenticationMethodException {
            this.method = (HttpAuthenticationMethod) authenticationMethod;
            this.hostnameField.setText(this.method.hostname);
            this.portNumberSpinner.setValue(this.method.port);
            this.realmField.setText(this.method.realm);
        }

        @Override // org.zaproxy.zap.authentication.AbstractAuthenticationMethodOptionsPanel
        public HttpAuthenticationMethod getMethod() {
            return this.method;
        }
    }

    @Override // org.zaproxy.zap.authentication.AuthenticationMethodType
    public HttpAuthenticationMethod createAuthenticationMethod(int i) {
        return new HttpAuthenticationMethod();
    }

    @Override // org.zaproxy.zap.authentication.AuthenticationMethodType
    public String getName() {
        return METHOD_NAME;
    }

    @Override // org.zaproxy.zap.authentication.AuthenticationMethodType
    public int getUniqueIdentifier() {
        return 3;
    }

    @Override // org.zaproxy.zap.authentication.AuthenticationMethodType
    public AbstractAuthenticationMethodOptionsPanel buildOptionsPanel(Context context) {
        return new HttpAuthenticationMethodOptionsPanel();
    }

    @Override // org.zaproxy.zap.authentication.AuthenticationMethodType
    public boolean hasOptionsPanel() {
        return true;
    }

    @Override // org.zaproxy.zap.authentication.AuthenticationMethodType
    public AbstractCredentialsOptionsPanel<? extends AuthenticationCredentials> buildCredentialsOptionsPanel(AuthenticationCredentials authenticationCredentials, Context context) {
        return new UsernamePasswordAuthenticationCredentials.UsernamePasswordAuthenticationCredentialsOptionsPanel((UsernamePasswordAuthenticationCredentials) authenticationCredentials);
    }

    @Override // org.zaproxy.zap.authentication.AuthenticationMethodType
    public boolean hasCredentialsOptionsPanel() {
        return true;
    }

    @Override // org.zaproxy.zap.authentication.AuthenticationMethodType
    public boolean isTypeForMethod(AuthenticationMethod authenticationMethod) {
        return authenticationMethod instanceof HttpAuthenticationMethod;
    }

    @Override // org.zaproxy.zap.authentication.AuthenticationMethodType
    public void hook(ExtensionHook extensionHook) {
    }

    @Override // org.zaproxy.zap.authentication.AuthenticationMethodType
    public AuthenticationMethod loadMethodFromSession(Session session, int i) throws DatabaseException {
        HttpAuthenticationMethod createAuthenticationMethod = createAuthenticationMethod(i);
        List<String> contextDataStrings = session.getContextDataStrings(i, 201);
        if (contextDataStrings != null && contextDataStrings.size() > 0) {
            createAuthenticationMethod.hostname = contextDataStrings.get(0);
        }
        List<String> contextDataStrings2 = session.getContextDataStrings(i, 202);
        if (contextDataStrings2 != null && contextDataStrings2.size() > 0) {
            createAuthenticationMethod.realm = contextDataStrings2.get(0);
        }
        List<String> contextDataStrings3 = session.getContextDataStrings(i, 203);
        if (contextDataStrings3 != null && contextDataStrings3.size() > 0) {
            try {
                createAuthenticationMethod.port = Integer.parseInt(contextDataStrings3.get(0));
            } catch (Exception e) {
                log.error("Unable to load HttpAuthenticationMethod. ", e);
            }
        }
        return createAuthenticationMethod;
    }

    @Override // org.zaproxy.zap.authentication.AuthenticationMethodType
    public void persistMethodToSession(Session session, int i, AuthenticationMethod authenticationMethod) throws AuthenticationMethodType.UnsupportedAuthenticationMethodException, DatabaseException {
        if (!(authenticationMethod instanceof HttpAuthenticationMethod)) {
            throw new AuthenticationMethodType.UnsupportedAuthenticationMethodException("Http Authentication type only supports: " + HttpAuthenticationMethod.class);
        }
        HttpAuthenticationMethod httpAuthenticationMethod = (HttpAuthenticationMethod) authenticationMethod;
        session.setContextData(i, 201, httpAuthenticationMethod.hostname);
        session.setContextData(i, 202, httpAuthenticationMethod.realm);
        session.setContextData(i, 203, Integer.toString(httpAuthenticationMethod.port));
    }

    @Override // org.zaproxy.zap.authentication.AuthenticationMethodType
    public AuthenticationCredentials createAuthenticationCredentials() {
        return new UsernamePasswordAuthenticationCredentials();
    }

    @Override // org.zaproxy.zap.authentication.AuthenticationMethodType
    public ApiDynamicActionImplementor getSetMethodForContextApiAction() {
        return new ApiDynamicActionImplementor(API_METHOD_NAME, new String[]{PARAM_HOSTNAME, PARAM_REALM}, new String[]{PARAM_PORT}) { // from class: org.zaproxy.zap.authentication.HttpAuthenticationMethodType.1
            @Override // org.zaproxy.zap.extension.api.ApiDynamicActionImplementor
            public void handleAction(JSONObject jSONObject) throws ApiException {
                Context contextByParamId = ApiUtils.getContextByParamId(jSONObject, "contextId");
                HttpAuthenticationMethod createAuthenticationMethod = HttpAuthenticationMethodType.this.createAuthenticationMethod(contextByParamId.getIndex());
                createAuthenticationMethod.hostname = ApiUtils.getNonEmptyStringParam(jSONObject, HttpAuthenticationMethodType.PARAM_HOSTNAME);
                try {
                    new URI(createAuthenticationMethod.hostname);
                    if (jSONObject.containsKey(HttpAuthenticationMethodType.PARAM_REALM)) {
                        createAuthenticationMethod.realm = jSONObject.getString(HttpAuthenticationMethodType.PARAM_REALM);
                    }
                    if (jSONObject.containsKey(HttpAuthenticationMethodType.PARAM_PORT)) {
                        try {
                            createAuthenticationMethod.port = Integer.parseInt(jSONObject.getString(HttpAuthenticationMethodType.PARAM_PORT));
                        } catch (Exception e) {
                            throw new ApiException(ApiException.Type.BAD_FORMAT, HttpAuthenticationMethodType.PARAM_PORT);
                        }
                    }
                    if (!contextByParamId.getAuthenticationMethod().isSameType(createAuthenticationMethod)) {
                        AuthenticationMethodType.apiChangedAuthenticationMethodForContext(contextByParamId.getIndex());
                    }
                    contextByParamId.setAuthenticationMethod(createAuthenticationMethod);
                } catch (Exception e2) {
                    throw new ApiException(ApiException.Type.BAD_FORMAT, HttpAuthenticationMethodType.PARAM_HOSTNAME);
                }
            }
        };
    }

    @Override // org.zaproxy.zap.authentication.AuthenticationMethodType
    public ApiDynamicActionImplementor getSetCredentialsForUserApiAction() {
        return UsernamePasswordAuthenticationCredentials.getSetCredentialsForUserApiAction(this);
    }

    @Override // org.zaproxy.zap.authentication.AuthenticationMethodType
    public void exportData(Configuration configuration, AuthenticationMethod authenticationMethod) {
        if (!(authenticationMethod instanceof HttpAuthenticationMethod)) {
            throw new AuthenticationMethodType.UnsupportedAuthenticationMethodException("HTTP based authentication type only supports: " + HttpAuthenticationMethod.class.getName());
        }
        HttpAuthenticationMethod httpAuthenticationMethod = (HttpAuthenticationMethod) authenticationMethod;
        configuration.setProperty(CONTEXT_CONFIG_AUTH_HTTP_HOSTNAME, httpAuthenticationMethod.hostname);
        configuration.setProperty(CONTEXT_CONFIG_AUTH_HTTP_REALM, httpAuthenticationMethod.realm);
        configuration.setProperty(CONTEXT_CONFIG_AUTH_HTTP_PORT, Integer.valueOf(httpAuthenticationMethod.port));
    }

    @Override // org.zaproxy.zap.authentication.AuthenticationMethodType
    public void importData(Configuration configuration, AuthenticationMethod authenticationMethod) throws ConfigurationException {
        if (!(authenticationMethod instanceof HttpAuthenticationMethod)) {
            throw new AuthenticationMethodType.UnsupportedAuthenticationMethodException("HTTP based authentication type only supports: " + HttpAuthenticationMethod.class.getName());
        }
        HttpAuthenticationMethod httpAuthenticationMethod = (HttpAuthenticationMethod) authenticationMethod;
        httpAuthenticationMethod.hostname = configuration.getString(CONTEXT_CONFIG_AUTH_HTTP_HOSTNAME);
        httpAuthenticationMethod.realm = configuration.getString(CONTEXT_CONFIG_AUTH_HTTP_REALM);
        httpAuthenticationMethod.port = configuration.getInt(CONTEXT_CONFIG_AUTH_HTTP_PORT);
    }
}
