package org.zaproxy.zap.extension.spider;

import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import net.sf.json.JSONObject;
import org.apache.commons.httpclient.URI;
import org.apache.commons.httpclient.URIException;
import org.apache.log4j.Logger;
import org.parosproxy.paros.control.Control;
import org.parosproxy.paros.model.Model;
import org.parosproxy.paros.model.SiteNode;
import org.parosproxy.paros.network.HttpHeader;
import org.parosproxy.paros.network.HttpMessage;
import org.zaproxy.zap.extension.api.ApiAction;
import org.zaproxy.zap.extension.api.ApiException;
import org.zaproxy.zap.extension.api.ApiImplementor;
import org.zaproxy.zap.extension.api.ApiResponse;
import org.zaproxy.zap.extension.api.ApiResponseElement;
import org.zaproxy.zap.extension.api.ApiResponseList;
import org.zaproxy.zap.extension.api.ApiView;
import org.zaproxy.zap.extension.users.ExtensionUserManagement;
import org.zaproxy.zap.model.Context;
import org.zaproxy.zap.model.ScanListenner;
import org.zaproxy.zap.spider.SpiderListener;
import org.zaproxy.zap.spider.filters.FetchFilter;
import org.zaproxy.zap.users.User;
import org.zaproxy.zap.utils.ApiUtils;

/* loaded from: input_file:WEB-INF/lib/clientapi-2.8.jar:org/zaproxy/zap/extension/spider/SpiderAPI.class */
public class SpiderAPI extends ApiImplementor implements ScanListenner, SpiderListener {
    private static final Logger log = Logger.getLogger(SpiderAPI.class);
    private static final String PREFIX = "spider";
    private static final String ACTION_START_SCAN = "scan";
    private static final String ACTION_START_SCAN_AS_USER = "scanAsUser";
    private static final String ACTION_STOP_SCAN = "stop";
    private static final String VIEW_STATUS = "status";
    private static final String VIEW_RESULTS = "results";
    private static final String PARAM_URL = "url";
    private static final String PARAM_USER_ID = "userId";
    private static final String PARAM_CONTEXT_ID = "contextId";
    private static final String PARAM_REGEX = "regex";
    private static final String ACTION_EXCLUDE_FROM_SCAN = "excludeFromScan";
    private static final String ACTION_CLEAR_EXCLUDED_FROM_SCAN = "clearExcludedFromScan";
    private static final String VIEW_EXCLUDED_FROM_SCAN = "excludedFromScan";
    private ExtensionSpider extension;
    private SpiderThread spiderThread;
    private int progress;
    private List<String> foundURIs = new ArrayList();

    public SpiderAPI(ExtensionSpider extensionSpider) {
        this.extension = extensionSpider;
        addApiAction(new ApiAction(ACTION_START_SCAN, new String[]{PARAM_URL}));
        addApiAction(new ApiAction(ACTION_START_SCAN_AS_USER, new String[]{PARAM_URL, "contextId", "userId"}));
        addApiAction(new ApiAction(ACTION_STOP_SCAN));
        addApiAction(new ApiAction(ACTION_CLEAR_EXCLUDED_FROM_SCAN));
        addApiAction(new ApiAction(ACTION_EXCLUDE_FROM_SCAN, new String[]{PARAM_REGEX}));
        addApiView(new ApiView(VIEW_STATUS));
        addApiView(new ApiView(VIEW_RESULTS));
        addApiView(new ApiView(VIEW_EXCLUDED_FROM_SCAN));
    }

    @Override // org.zaproxy.zap.extension.api.ApiImplementor
    public String getPrefix() {
        return PREFIX;
    }

    @Override // org.zaproxy.zap.extension.api.ApiImplementor
    public ApiResponse handleApiAction(String str, JSONObject jSONObject) throws ApiException {
        log.debug("Request for handleApiAction: " + str + " (params: " + jSONObject.toString() + ")");
        boolean z = -1;
        switch (str.hashCode()) {
            case -2130430655:
                if (str.equals(ACTION_EXCLUDE_FROM_SCAN)) {
                    z = 4;
                    break;
                }
                break;
            case -1608768518:
                if (str.equals(ACTION_START_SCAN_AS_USER)) {
                    z = true;
                    break;
                }
                break;
            case -1196620386:
                if (str.equals(ACTION_CLEAR_EXCLUDED_FROM_SCAN)) {
                    z = 3;
                    break;
                }
                break;
            case 3524221:
                if (str.equals(ACTION_START_SCAN)) {
                    z = false;
                    break;
                }
                break;
            case 3540994:
                if (str.equals(ACTION_STOP_SCAN)) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                scanURL(ApiUtils.getNonEmptyStringParam(jSONObject, PARAM_URL), null);
                break;
            case true:
                String nonEmptyStringParam = ApiUtils.getNonEmptyStringParam(jSONObject, PARAM_URL);
                int intParam = ApiUtils.getIntParam(jSONObject, "userId");
                ExtensionUserManagement extensionUserManagement = (ExtensionUserManagement) Control.getSingleton().getExtensionLoader().getExtension(ExtensionUserManagement.NAME);
                if (extensionUserManagement != null) {
                    Context contextByParamId = ApiUtils.getContextByParamId(jSONObject, "contextId");
                    if (!contextByParamId.isIncluded(nonEmptyStringParam)) {
                        throw new ApiException(ApiException.Type.URL_NOT_IN_CONTEXT, "contextId");
                    }
                    User userById = extensionUserManagement.getContextUserAuthManager(contextByParamId.getIndex()).getUserById(intParam);
                    if (userById != null) {
                        scanURL(nonEmptyStringParam, userById);
                        break;
                    } else {
                        throw new ApiException(ApiException.Type.USER_NOT_FOUND, "userId");
                    }
                } else {
                    throw new ApiException(ApiException.Type.NO_IMPLEMENTOR, ExtensionUserManagement.NAME);
                }
            case true:
                if (this.spiderThread != null) {
                    this.spiderThread.stopScan();
                    break;
                }
                break;
            case true:
                try {
                    Model.getSingleton().getSession().setExcludeFromSpiderRegexs(new ArrayList());
                    break;
                } catch (SQLException e) {
                    throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
                }
            case true:
                try {
                    Model.getSingleton().getSession().addExcludeFromSpiderRegex(jSONObject.getString(PARAM_REGEX));
                    break;
                } catch (Exception e2) {
                    throw new ApiException(ApiException.Type.BAD_FORMAT, PARAM_REGEX);
                }
            default:
                throw new ApiException(ApiException.Type.BAD_ACTION);
        }
        return ApiResponseElement.OK;
    }

    private boolean scanInProgress() {
        return (this.spiderThread == null || this.spiderThread.isStopped()) ? false : true;
    }

    private void scanURL(String str, User user) throws ApiException {
        log.debug("API Spider scanning url: " + str);
        if (scanInProgress()) {
            throw new ApiException(ApiException.Type.SCAN_IN_PROGRESS);
        }
        try {
            URI uri = new URI(str, true);
            SiteNode findNode = Model.getSingleton().getSession().getSiteTree().findNode(uri);
            String scheme = uri.getScheme();
            if (scheme == null || !(scheme.equalsIgnoreCase(HttpHeader.HTTP) || scheme.equalsIgnoreCase(HttpHeader.HTTPS))) {
                throw new ApiException(ApiException.Type.BAD_FORMAT);
            }
            this.spiderThread = new SpiderThread(this.extension, "API", this);
            if (findNode != null) {
                this.spiderThread.setStartNode(findNode);
            } else {
                this.spiderThread.setStartURI(uri);
            }
            if (user != null) {
                this.spiderThread.setScanAsUser(user);
            }
            this.foundURIs.clear();
            this.progress = 0;
            this.spiderThread.addSpiderListener(this);
            this.spiderThread.start();
        } catch (URIException e) {
            throw new ApiException(ApiException.Type.BAD_FORMAT);
        }
    }

    @Override // org.zaproxy.zap.extension.api.ApiImplementor
    public ApiResponse handleApiView(String str, JSONObject jSONObject) throws ApiException {
        ApiResponse apiResponseList;
        if (VIEW_STATUS.equals(str)) {
            apiResponseList = new ApiResponseElement(str, Integer.toString(this.progress));
        } else if (VIEW_RESULTS.equals(str)) {
            apiResponseList = new ApiResponseList(str);
            Iterator<String> it = this.foundURIs.iterator();
            while (it.hasNext()) {
                ((ApiResponseList) apiResponseList).addItem(new ApiResponseElement(PARAM_URL, it.next()));
            }
        } else {
            if (!VIEW_EXCLUDED_FROM_SCAN.equals(str)) {
                throw new ApiException(ApiException.Type.BAD_VIEW);
            }
            apiResponseList = new ApiResponseList(str);
            Iterator<String> it2 = Model.getSingleton().getSession().getExcludeFromSpiderRegexs().iterator();
            while (it2.hasNext()) {
                ((ApiResponseList) apiResponseList).addItem(new ApiResponseElement(PARAM_REGEX, it2.next()));
            }
        }
        return apiResponseList;
    }

    @Override // org.zaproxy.zap.model.ScanListenner
    public void scanFinshed(String str) {
    }

    @Override // org.zaproxy.zap.model.ScanListenner
    public void scanProgress(String str, int i, int i2) {
    }

    @Override // org.zaproxy.zap.spider.SpiderListener
    public void spiderProgress(int i, int i2, int i3) {
        this.progress = i;
    }

    @Override // org.zaproxy.zap.spider.SpiderListener
    public void foundURI(String str, String str2, FetchFilter.FetchStatus fetchStatus) {
        if (fetchStatus.equals(FetchFilter.FetchStatus.VALID) || fetchStatus.equals(FetchFilter.FetchStatus.SEED)) {
            this.foundURIs.add(str);
        }
    }

    @Override // org.zaproxy.zap.spider.SpiderListener
    public void readURI(HttpMessage httpMessage) {
    }

    @Override // org.zaproxy.zap.spider.SpiderListener
    public void spiderComplete(boolean z) {
        this.progress = 100;
    }
}
