package com.jsql.util;

import com.jsql.model.InjectionModel;
import com.jsql.model.bean.util.Header;
import com.jsql.model.bean.util.Interaction;
import com.jsql.model.bean.util.Request;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
import java.net.HttpURLConnection;
import java.net.URLConnection;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.util.AbstractMap;
import java.util.ArrayList;
import java.util.Collections;
import java.util.EnumMap;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.regex.Pattern;
import org.apache.log4j.Logger;
import org.jsoup.Jsoup;
import org.jsoup.nodes.Element;
import org.jsoup.select.Elements;

/* loaded from: input_file:com/jsql/util/HeaderUtil.class */
public class HeaderUtil {
    private static final Logger LOGGER = Logger.getRootLogger();
    private InjectionModel injectionModel;

    public HeaderUtil(InjectionModel injectionModel) {
        this.injectionModel = injectionModel;
    }

    public static void sanitizeHeaders(HttpURLConnection httpURLConnection, AbstractMap.SimpleEntry<String, String> simpleEntry) {
        String trim = simpleEntry.getKey().trim();
        String trim2 = simpleEntry.getValue().trim();
        try {
            if ("Cookie".equalsIgnoreCase(trim)) {
                httpURLConnection.addRequestProperty(trim, trim2);
            } else {
                httpURLConnection.addRequestProperty(trim, URLDecoder.decode(trim2, StandardCharsets.UTF_8.name()));
            }
        } catch (UnsupportedEncodingException | NullPointerException e) {
            LOGGER.error(e, e);
        }
    }

    public void checkResponseHeader(HttpURLConnection httpURLConnection, String str) throws IOException {
        BufferedReader bufferedReader;
        EnumMap enumMap = new EnumMap(Header.class);
        enumMap.put((EnumMap) Header.URL, (Header) str);
        enumMap.put((EnumMap) Header.RESPONSE, (Header) getHttpHeaders(httpURLConnection));
        Map map = (Map) enumMap.get(Header.RESPONSE);
        if (Pattern.matches("4\\d\\d", Integer.toString(httpURLConnection.getResponseCode())) && map.containsKey("WWW-Authenticate") && map.get("WWW-Authenticate") != null && ((String) map.get("WWW-Authenticate")).startsWith("Basic ")) {
            LOGGER.warn("Basic Authentication detected.\nPlease define and enable authentication information in the panel Preferences.\nOr open Advanced panel, add 'Authorization: Basic b3N..3Jk' to the Header, replace b3N..3Jk with the string 'osUserName:osPassword' encoded in Base64. You can use the Coder in jSQL to encode the string.");
        } else if (Pattern.matches("4\\d\\d", Integer.toString(httpURLConnection.getResponseCode())) && map.containsKey("WWW-Authenticate") && "NTLM".equals(map.get("WWW-Authenticate"))) {
            LOGGER.warn("NTLM Authentication detected.\nPlease define and enable authentication information in the panel Preferences.\nOr add username, password and domain information to the URL, e.g. http://domain\\user:password@127.0.0.1/[..]");
        } else if (Pattern.matches("4\\d\\d", Integer.toString(httpURLConnection.getResponseCode())) && map.containsKey("WWW-Authenticate") && map.get("WWW-Authenticate") != null && ((String) map.get("WWW-Authenticate")).startsWith("Digest ")) {
            LOGGER.warn("Digest Authentication detected.\nPlease define and enable authentication information in the panel Preferences.");
        } else if (Pattern.matches("4\\d\\d", Integer.toString(httpURLConnection.getResponseCode())) && map.containsKey("WWW-Authenticate") && "Negotiate".equals(map.get("WWW-Authenticate"))) {
            LOGGER.warn("Negotiate Authentication detected.\nPlease add username, password and domain information to the URL, e.g. http://domain\\user:password@127.0.0.1/[..]");
        } else if (Pattern.matches("1\\d\\d", Integer.toString(httpURLConnection.getResponseCode()))) {
            LOGGER.trace("Found status HTTP " + httpURLConnection.getResponseCode() + " Informational");
        } else if (Pattern.matches("2\\d\\d", Integer.toString(httpURLConnection.getResponseCode()))) {
            LOGGER.debug("Found status HTTP " + httpURLConnection.getResponseCode() + " Success");
        } else if (Pattern.matches("3\\d\\d", Integer.toString(httpURLConnection.getResponseCode()))) {
            LOGGER.warn("Found status HTTP " + httpURLConnection.getResponseCode() + " Redirection");
            if (this.injectionModel.getMediatorUtils().getPreferencesUtil().isFollowingRedirection()) {
                LOGGER.info("Redirecting to the next page...");
            } else {
                LOGGER.warn("If injection fails please test again with option 'Follow HTTP redirection' enabled.");
            }
        } else if (Pattern.matches("4\\d\\d", Integer.toString(httpURLConnection.getResponseCode()))) {
            LOGGER.warn("Found status HTTP " + httpURLConnection.getResponseCode() + " Client Error");
        } else if (Pattern.matches("5\\d\\d", Integer.toString(httpURLConnection.getResponseCode()))) {
            LOGGER.warn("Found status HTTP " + httpURLConnection.getResponseCode() + " Server Error");
        } else {
            LOGGER.trace("Found status HTTP " + httpURLConnection.getResponseCode() + " Unknown");
        }
        IOException iOException = null;
        StringBuilder sb = new StringBuilder();
        try {
            bufferedReader = new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream()));
            try {
                char[] cArr = new char[4096];
                while (bufferedReader.read(cArr) > 0) {
                    sb.append(cArr);
                }
                bufferedReader.close();
            } finally {
            }
        } catch (IOException e) {
            iOException = e;
            InputStream errorStream = httpURLConnection.getErrorStream();
            if (errorStream != null) {
                try {
                    bufferedReader = new BufferedReader(new InputStreamReader(errorStream));
                    try {
                        char[] cArr2 = new char[4096];
                        while (bufferedReader.read(cArr2) > 0) {
                            sb.append(cArr2);
                        }
                        bufferedReader.close();
                    } finally {
                    }
                } catch (Exception e2) {
                    iOException = new IOException("Exception reading Error Stream", e2);
                }
            }
        }
        if (this.injectionModel.getMediatorUtils().getPreferencesUtil().isNotTestingConnection()) {
            if (iOException != null) {
                LOGGER.debug("Connection test disabled, ignoring response HTTP " + httpURLConnection.getResponseCode() + "...");
            }
            iOException = null;
        } else if (iOException != null) {
            LOGGER.info("Please select option 'Disable connection test' and run again");
        }
        Elements select = Jsoup.parse(sb.toString()).select("form");
        StringBuilder sb2 = new StringBuilder();
        HashMap hashMap = new HashMap();
        Iterator<Element> it = select.iterator();
        while (it.hasNext()) {
            Element next = it.next();
            hashMap.put(next, new ArrayList());
            sb2.append("\n<form action=\"");
            sb2.append(next.attr("action"));
            sb2.append("\" method=\"");
            sb2.append(next.attr("method"));
            sb2.append("\" />");
            Iterator<Element> it2 = next.select("input").iterator();
            while (it2.hasNext()) {
                Element next2 = it2.next();
                sb2.append("\n    <input name=\"");
                sb2.append(next2.attr("name"));
                sb2.append("\" value=\"");
                sb2.append(next2.attr("value"));
                sb2.append("\" />");
                ((List) hashMap.get(next)).add(next2);
            }
            Collections.reverse((List) hashMap.get(next));
        }
        if (!select.isEmpty()) {
            if (this.injectionModel.getMediatorUtils().getPreferencesUtil().isParsingForm()) {
                LOGGER.debug("Found " + select.size() + " <form> in HTML body, adding input(s) to requests:" + ((Object) sb2));
                for (Map.Entry entry : hashMap.entrySet()) {
                    for (Element element : (List) entry.getValue()) {
                        if ("get".equalsIgnoreCase(((Element) entry.getKey()).attr("method"))) {
                            this.injectionModel.getMediatorUtils().getParameterUtil().getQueryString().add(0, new AbstractMap.SimpleEntry<>(element.attr("name"), element.attr("value")));
                        } else if ("post".equalsIgnoreCase(((Element) entry.getKey()).attr("method"))) {
                            this.injectionModel.getMediatorUtils().getParameterUtil().getRequest().add(0, new AbstractMap.SimpleEntry<>(element.attr("name"), element.attr("value")));
                        }
                    }
                }
            } else if (httpURLConnection.getResponseCode() != 200) {
                LOGGER.trace("Found " + select.size() + " ignored <form> in HTML body:" + ((Object) sb2));
                LOGGER.info("WAF can detect missing form parameters, you may enable 'Add <input> parameters' in Preferences and retry");
            } else {
                LOGGER.trace("Found " + select.size() + " <form> in HTML body while status 200 Success:" + ((Object) sb2));
            }
        }
        Optional map2 = Jsoup.parse(sb.toString()).select("input").select("[name=csrf_token], [name=csrfToken]").stream().findFirst().map(element2 -> {
            return new AbstractMap.SimpleEntry(element2.attr("name"), element2.attr("value"));
        });
        if (map2.isPresent()) {
            AbstractMap.SimpleEntry<String, String> simpleEntry = (AbstractMap.SimpleEntry) map2.get();
            if (this.injectionModel.getMediatorUtils().getPreferencesUtil().isProcessingCsrf()) {
                LOGGER.debug("Found Csrf token " + simpleEntry.getKey() + "=" + simpleEntry.getValue() + " in HTML body, adding token to querystring, request and header");
                this.injectionModel.getMediatorUtils().getConnectionUtil().setTokenCsrf(simpleEntry);
            } else {
                LOGGER.warn("Found Csrf token '" + simpleEntry.getKey() + "=" + simpleEntry.getValue() + "' in HTML body");
                iOException = new IOException("please activate Csrf processing in Preferences");
            }
        }
        enumMap.put((EnumMap) Header.SOURCE, (Header) sb.toString());
        Request request = new Request();
        request.setMessage(Interaction.MESSAGE_HEADER);
        request.setParameters(enumMap);
        this.injectionModel.sendToViews(request);
        if (iOException != null) {
            throw new IOException(iOException);
        }
    }

    public static Map<String, String> getHttpHeaders(URLConnection uRLConnection) {
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, List<String>> entry : uRLConnection.getHeaderFields().entrySet()) {
            hashMap.put(entry.getKey() == null ? "Status code" : entry.getKey(), String.join(",", entry.getValue()));
        }
        return hashMap;
    }
}
