package br.com.softplan.security.zap.api.authentication;

import br.com.softplan.security.zap.api.ZapHelper;
import br.com.softplan.security.zap.api.exception.ZapClientException;
import br.com.softplan.security.zap.api.model.AuthenticationInfo;
import br.com.softplan.security.zap.commons.ZapInfo;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.zaproxy.clientapi.core.ClientApi;
import org.zaproxy.clientapi.core.ClientApiException;

/* loaded from: input_file:br/com/softplan/security/zap/api/authentication/AbstractAuthenticationHandler.class */
public abstract class AbstractAuthenticationHandler implements AuthenticationHandler {
    private static final Logger LOGGER = LoggerFactory.getLogger(AbstractAuthenticationHandler.class);
    protected static final String UTF_8 = StandardCharsets.UTF_8.name();
    protected static final String ZAP_DEFAULT_CONTEXT_ID = "1";
    protected static final String ZAP_DEFAULT_SESSION_NAME = "Session 0";
    private ClientApi api;
    private ZapInfo zapInfo;
    private String apiKey;
    private AuthenticationInfo authenticationInfo;
    private String userId;

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractAuthenticationHandler(ClientApi clientApi, ZapInfo zapInfo, AuthenticationInfo authenticationInfo) {
        this.api = clientApi;
        this.zapInfo = zapInfo;
        this.apiKey = zapInfo.getApiKey();
        this.authenticationInfo = authenticationInfo;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ClientApi getApi() {
        return this.api;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ZapInfo getZapInfo() {
        return this.zapInfo;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getApiKey() {
        return this.apiKey;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AuthenticationInfo getAuthenticationInfo() {
        return this.authenticationInfo;
    }

    @Override // br.com.softplan.security.zap.api.authentication.AuthenticationHandler
    public void handleAuthentication(String str) {
        LOGGER.debug("--- Starting authentication handling ---");
        setupAuthentication(str);
        excludeUrlsFromScanners();
        setupLoggedInAndOutRegex();
        LOGGER.debug("--- Finished authentication handling ---\n");
    }

    protected abstract void setupAuthentication(String str);

    protected void excludeUrlsFromScanners() {
        try {
            String[] excludeFromScan = this.authenticationInfo.getExcludeFromScan();
            if (excludeFromScan != null) {
                for (String str : excludeFromScan) {
                    LOGGER.debug("Excluding URL '{}' from scanners.", str);
                    ZapHelper.validateResponse(this.api.spider.excludeFromScan(this.apiKey, "\\Q" + str + "\\E"), "Exclude '" + str + "' from Spider.");
                    ZapHelper.validateResponse(this.api.ascan.excludeFromScan(this.apiKey, "\\Q" + str + "\\E"), "Exclude '" + str + "' from Active Scan.");
                }
            }
        } catch (ClientApiException e) {
            LOGGER.error("Error excluding URLs from scanners.", e);
            throw new ZapClientException((Throwable) e);
        }
    }

    protected void setupLoggedInAndOutRegex() {
        String loggedInRegex = this.authenticationInfo.getLoggedInRegex();
        String loggedOutRegex = this.authenticationInfo.getLoggedOutRegex();
        if (loggedInRegex != null) {
            try {
                LOGGER.debug("Setting '{}' as the logged in regex.", loggedInRegex);
                ZapHelper.validateResponse(this.api.authentication.setLoggedInIndicator(this.apiKey, ZAP_DEFAULT_CONTEXT_ID, loggedInRegex), "Set logged in regex");
            } catch (ClientApiException e) {
                LOGGER.error("Error setting up logged in and/or logged out regex for authentication.", e);
                throw new ZapClientException((Throwable) e);
            }
        }
        if (loggedOutRegex != null) {
            LOGGER.debug("Setting '{}' as the logged out regex.", loggedOutRegex);
            ZapHelper.validateResponse(this.api.authentication.setLoggedOutIndicator(this.apiKey, ZAP_DEFAULT_CONTEXT_ID, loggedOutRegex), "Set logged out regex");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String createAndEnableUser() {
        LOGGER.debug("Creating and enabling user '{}'.", this.authenticationInfo.getUsername());
        try {
            this.userId = ZapHelper.extractResponse(this.api.users.newUser(this.apiKey, ZAP_DEFAULT_CONTEXT_ID, this.authenticationInfo.getUsername()));
            ZapHelper.validateResponse(this.api.users.setUserEnabled(this.apiKey, ZAP_DEFAULT_CONTEXT_ID, this.userId, Boolean.TRUE.toString()), "Enable the user");
            return this.userId;
        } catch (ClientApiException e) {
            LOGGER.error("Error creating and enabling user for authentication.", e);
            throw new ZapClientException((Throwable) e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setupUserCredentials() {
        LOGGER.debug("Setting up credentials for user '{}'.", this.authenticationInfo.getUsername());
        try {
            ZapHelper.validateResponse(this.api.users.setAuthenticationCredentials(this.apiKey, ZAP_DEFAULT_CONTEXT_ID, this.userId, "username=" + URLEncoder.encode(this.authenticationInfo.getUsername(), UTF_8) + "&password=" + URLEncoder.encode(this.authenticationInfo.getPassword(), UTF_8)), "Set the user's credentials");
        } catch (ClientApiException | UnsupportedEncodingException e) {
            LOGGER.error("Error setting up user's credential for authentication.", e);
            throw new ZapClientException((Throwable) e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void enableForcedUserMode() {
        LOGGER.debug("Setting up Forced User Mode.");
        try {
            ZapHelper.validateResponse(this.api.forcedUser.setForcedUser(this.apiKey, ZAP_DEFAULT_CONTEXT_ID, this.userId), "Set forced user.");
            ZapHelper.validateResponse(this.api.forcedUser.setForcedUserModeEnabled(this.apiKey, true), "Enable Forced User Mode.");
        } catch (ClientApiException e) {
            LOGGER.error("Error setting up Forced User Mode.", e);
            throw new ZapClientException((Throwable) e);
        }
    }

    protected void disableForcedUserMode() {
        LOGGER.debug("Disabling Forced User Mode.");
        try {
            ZapHelper.validateResponse(this.api.forcedUser.setForcedUserModeEnabled(this.apiKey, false), "Disable Forced User Mode.");
        } catch (ClientApiException e) {
            LOGGER.error("Error disabling Forced User Mode.", e);
            throw new ZapClientException((Throwable) e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addHttpSessionTokens(String str) {
        LOGGER.debug("Adding session tokens: {}.", Arrays.toString(this.authenticationInfo.getHttpSessionTokens()));
        try {
            for (String str2 : this.authenticationInfo.getHttpSessionTokens()) {
                ZapHelper.validateResponse(this.api.httpSessions.addSessionToken(this.apiKey, str, str2), "Add session tokens.");
            }
        } catch (ClientApiException e) {
            LOGGER.error("Error adding session tokens.", e);
            throw new ZapClientException((Throwable) e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setHttpSessionAsActive(String str) {
        LOGGER.debug("Setting session as active.");
        try {
            ZapHelper.validateResponse(this.api.httpSessions.setActiveSession(this.apiKey, str, ZAP_DEFAULT_SESSION_NAME), "Set session as active.");
        } catch (ClientApiException e) {
            LOGGER.error("Error setting session as active.", e);
            throw new ZapClientException((Throwable) e);
        }
    }
}
