package com.eviware.soapui.security.assertion;

import com.eviware.soapui.config.TestAssertionConfig;
import com.eviware.soapui.impl.support.AbstractHttpRequest;
import com.eviware.soapui.impl.support.http.HttpRequestTestStep;
import com.eviware.soapui.impl.wsdl.panels.assertions.AssertionCategoryMapping;
import com.eviware.soapui.impl.wsdl.panels.assertions.AssertionListEntry;
import com.eviware.soapui.impl.wsdl.submit.transports.http.HttpResponse;
import com.eviware.soapui.impl.wsdl.support.wss.WssCrypto;
import com.eviware.soapui.impl.wsdl.teststeps.WsdlMessageAssertion;
import com.eviware.soapui.impl.wsdl.teststeps.assertions.AbstractTestAssertionFactory;
import com.eviware.soapui.model.ModelItem;
import com.eviware.soapui.model.TestPropertyHolder;
import com.eviware.soapui.model.iface.MessageExchange;
import com.eviware.soapui.model.iface.Response;
import com.eviware.soapui.model.iface.SubmitContext;
import com.eviware.soapui.model.security.SecurityScan;
import com.eviware.soapui.model.security.SensitiveInformationTableModel;
import com.eviware.soapui.model.testsuite.Assertable;
import com.eviware.soapui.model.testsuite.AssertionError;
import com.eviware.soapui.model.testsuite.AssertionException;
import com.eviware.soapui.model.testsuite.ResponseAssertion;
import com.eviware.soapui.model.testsuite.TestAssertion;
import com.eviware.soapui.model.testsuite.TestProperty;
import com.eviware.soapui.model.testsuite.TestStep;
import com.eviware.soapui.security.SecurityTestRunContext;
import com.eviware.soapui.security.SensitiveInformationPropertyHolder;
import com.eviware.soapui.support.SecurityScanUtil;
import com.eviware.soapui.support.StringUtils;
import com.eviware.soapui.support.UISupport;
import com.eviware.soapui.support.components.JXToolBar;
import com.eviware.soapui.support.swing.JTableFactory;
import com.eviware.soapui.support.xml.XmlObjectConfigurationBuilder;
import com.eviware.soapui.support.xml.XmlObjectConfigurationReader;
import java.awt.BorderLayout;
import java.awt.Color;
import java.awt.Container;
import java.awt.Dimension;
import java.awt.FlowLayout;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import javax.swing.AbstractAction;
import javax.swing.Action;
import javax.swing.BorderFactory;
import javax.swing.JButton;
import javax.swing.JCheckBox;
import javax.swing.JDialog;
import javax.swing.JLabel;
import javax.swing.JPanel;
import javax.swing.JScrollPane;
import javax.swing.JSplitPane;
import javax.swing.border.EmptyBorder;
import javax.swing.event.ListSelectionEvent;
import javax.swing.event.ListSelectionListener;
import org.apache.commons.httpclient.HttpStatus;
import org.apache.xmlbeans.XmlObject;
import org.jdesktop.swingx.JXTable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/eviware/soapui/security/assertion/SensitiveInfoExposureAssertion.class */
public class SensitiveInfoExposureAssertion extends WsdlMessageAssertion implements ResponseAssertion {
    public static final String LABEL = "Sensitive Information Exposure";
    public static final String ID = "Sensitive Information Exposure";
    private static final String PREFIX = "~";
    private static final Logger log = LoggerFactory.getLogger(SensitiveInfoExposureAssertion.class);
    private static final String KEY_VALUE_SEPARATOR = "###";
    private static final String DIALOG_DESCRIPTION = "Configure Sensitive Information Exposure Assertion";
    private static final String DIALOG_TITLE = "Sensitive Information Exposure Assertion";
    private static final String TOKENS_TABLE_DESCRIPTION = "Sensitive information tokens to check. Use ~ as prefix for values that are regular expressions.";
    private static final String ASSERTION_SPECIFIC_EXPOSURE_LIST = "AssertionSpecificExposureList";
    private static final String INCLUDE_GLOBAL = "IncludeGlobal";
    private static final String INCLUDE_PROJECT_SPECIFIC = "IncludeProjectSpecific";
    private static final String DESCRIPTION = "Checks that the last received message does not expose sensitive information about the target system. Applicable to REST, SOAP and HTTP TestSteps.";
    boolean includeGlobal;
    private boolean includeProjectSpecific;
    private List<String> assertionSpecificExposureList;
    private JXTable tokenTable;

    /* loaded from: input_file:com/eviware/soapui/security/assertion/SensitiveInfoExposureAssertion$ConfigurationDialog.class */
    private class ConfigurationDialog extends JDialog {
        public static final String NO_SELECTION_MESSAGE = "<html>Select a token to see its description</html>";
        private JCheckBox includeProjectSpecificCheckBox;
        private JSplitPane splitPane;
        private boolean confirmed;
        private JLabel descriptionLabel;
        SensitiveInformationTableModel sensitiveInformationTableModel;

        /* JADX INFO: Access modifiers changed from: package-private */
        /* loaded from: input_file:com/eviware/soapui/security/assertion/SensitiveInfoExposureAssertion$ConfigurationDialog$AddTokenAction.class */
        public class AddTokenAction extends AbstractAction {
            public AddTokenAction() {
                putValue("SmallIcon", UISupport.createImageIcon("/add.gif"));
                putValue("ShortDescription", "Adds a token to assertion");
            }

            public void actionPerformed(ActionEvent actionEvent) {
                String str = "";
                while (str.trim().length() == 0) {
                    str = UISupport.prompt("Enter token. Use ~ as prefix for values that are regular expressions.", "New Token", str);
                    if (str == null) {
                        return;
                    }
                    if (str.trim().length() == 0) {
                        UISupport.showErrorMessage("Token was empty!");
                    }
                }
                String prompt = UISupport.prompt("Enter description", "New Description", "");
                if (prompt == null) {
                    prompt = "";
                }
                ConfigurationDialog.this.sensitiveInformationTableModel.addToken(str, prompt);
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        /* loaded from: input_file:com/eviware/soapui/security/assertion/SensitiveInfoExposureAssertion$ConfigurationDialog$RemoveTokenAction.class */
        public class RemoveTokenAction extends AbstractAction {
            public RemoveTokenAction() {
                putValue("SmallIcon", UISupport.createImageIcon("/delete.png"));
                putValue("ShortDescription", "Removes token from assertion");
            }

            public void actionPerformed(ActionEvent actionEvent) {
                ConfigurationDialog.this.sensitiveInformationTableModel.removeRows(SensitiveInfoExposureAssertion.this.tokenTable.getSelectedRows());
            }
        }

        public ConfigurationDialog() {
            super(UISupport.getMainFrame(), SensitiveInfoExposureAssertion.DIALOG_TITLE);
            this.confirmed = false;
            extractTokenTable();
            setLayout(new BorderLayout());
            createDescriptionLabel();
            getContentPane().add(UISupport.buildDescription(SensitiveInfoExposureAssertion.DIALOG_TITLE, SensitiveInfoExposureAssertion.DIALOG_DESCRIPTION, null), "North");
            createSplitPane();
            this.splitPane.setLeftComponent(createMainPane());
            this.splitPane.setRightComponent(this.descriptionLabel);
            getContentPane().add(this.splitPane, "Center");
            createButtonsPanel();
            setModal(true);
            setBounds(200, 150, 800, 600);
        }

        private void extractTokenTable() {
            SensitiveInformationPropertyHolder sensitiveInformationPropertyHolder = new SensitiveInformationPropertyHolder();
            for (String str : SensitiveInfoExposureAssertion.this.assertionSpecificExposureList) {
                if (!SensitiveInfoExposureAssertion.KEY_VALUE_SEPARATOR.equals(str)) {
                    String[] split = str.split(SensitiveInfoExposureAssertion.KEY_VALUE_SEPARATOR);
                    if (split.length == 2) {
                        sensitiveInformationPropertyHolder.setPropertyValue(split[0], split[1]);
                    } else if (split.length == 1) {
                        sensitiveInformationPropertyHolder.setPropertyValue(split[0], "");
                    }
                }
            }
            this.sensitiveInformationTableModel = new SensitiveInformationTableModel(sensitiveInformationPropertyHolder);
        }

        private void createSplitPane() {
            this.splitPane = new JSplitPane(1);
            this.splitPane.setDividerLocation(0.7d);
            this.splitPane.setResizeWeight(0.7d);
            this.splitPane.setDividerSize(1);
        }

        private Container createMainPane() {
            JPanel jPanel = new JPanel(new BorderLayout());
            JPanel makeTokenTablePanel = makeTokenTablePanel();
            makeTokenTablePanel.setBorder(new EmptyBorder(10, 10, 10, 10));
            jPanel.add(makeTokenTablePanel, "Center");
            this.includeProjectSpecificCheckBox = new JCheckBox("Include project specific sensitive information configuration");
            this.includeProjectSpecificCheckBox.setSelected(SensitiveInfoExposureAssertion.this.includeProjectSpecific);
            JPanel jPanel2 = new JPanel(new BorderLayout());
            jPanel2.add(this.includeProjectSpecificCheckBox, "North");
            JLabel createLabelLink = UISupport.createLabelLink("/structure/assertions/security/tokens", "Learn about sensitive information assertions");
            createLabelLink.setBorder(new EmptyBorder(5, 10, 5, 0));
            jPanel2.add(createLabelLink, "South");
            jPanel.add(jPanel2, "South");
            return jPanel;
        }

        private void createDescriptionLabel() {
            this.descriptionLabel = new JLabel(NO_SELECTION_MESSAGE);
            this.descriptionLabel.setBorder(new EmptyBorder(20, 10, 10, 10));
            this.descriptionLabel.setVerticalAlignment(1);
        }

        private void createButtonsPanel() {
            JPanel jPanel = new JPanel(new FlowLayout(2));
            jPanel.setBorder(BorderFactory.createCompoundBorder(BorderFactory.createCompoundBorder(BorderFactory.createMatteBorder(1, 0, 0, 0, Color.GRAY), BorderFactory.createMatteBorder(1, 0, 0, 0, Color.WHITE)), BorderFactory.createEmptyBorder(3, 5, 3, 5)));
            JButton jButton = new JButton("Save");
            jButton.addActionListener(new ActionListener() { // from class: com.eviware.soapui.security.assertion.SensitiveInfoExposureAssertion.ConfigurationDialog.1
                public void actionPerformed(ActionEvent actionEvent) {
                    ConfigurationDialog.this.handleOk();
                }
            });
            jPanel.add(jButton);
            JButton jButton2 = new JButton("Cancel");
            jButton2.addActionListener(new ActionListener() { // from class: com.eviware.soapui.security.assertion.SensitiveInfoExposureAssertion.ConfigurationDialog.2
                public void actionPerformed(ActionEvent actionEvent) {
                    ConfigurationDialog.this.handleCancel();
                }
            });
            jPanel.add(jButton2);
            getContentPane().add(jPanel, "South");
            UISupport.initDialogActions(this, null, jButton);
        }

        private JPanel makeTokenTablePanel() {
            JPanel jPanel = new JPanel(new BorderLayout());
            JXToolBar createToolbar = UISupport.createToolbar();
            createToolbar.add(UISupport.createToolbarButton((Action) new AddTokenAction()));
            createToolbar.add(UISupport.createToolbarButton((Action) new RemoveTokenAction()));
            SensitiveInfoExposureAssertion.this.tokenTable = JTableFactory.getInstance().makeJXTable(this.sensitiveInformationTableModel);
            SensitiveInfoExposureAssertion.this.tokenTable.setToolTipText(SensitiveInfoExposureAssertion.TOKENS_TABLE_DESCRIPTION);
            jPanel.add(createToolbar, "North");
            jPanel.add(new JScrollPane(SensitiveInfoExposureAssertion.this.tokenTable), "Center");
            SensitiveInfoExposureAssertion.this.tokenTable.setMinimumSize(new Dimension(HttpStatus.SC_BAD_REQUEST, HttpStatus.SC_MULTIPLE_CHOICES));
            SensitiveInfoExposureAssertion.this.tokenTable.getSelectionModel().addListSelectionListener(new ListSelectionListener() { // from class: com.eviware.soapui.security.assertion.SensitiveInfoExposureAssertion.ConfigurationDialog.3
                public void valueChanged(ListSelectionEvent listSelectionEvent) {
                    if (listSelectionEvent.getValueIsAdjusting()) {
                        int convertRowIndexToModel = SensitiveInfoExposureAssertion.this.tokenTable.convertRowIndexToModel(SensitiveInfoExposureAssertion.this.tokenTable.getSelectedRow());
                        if (convertRowIndexToModel == -1) {
                            ConfigurationDialog.this.descriptionLabel.setText(ConfigurationDialog.NO_SELECTION_MESSAGE);
                            return;
                        }
                        String str = (String) SensitiveInfoExposureAssertion.this.tokenTable.getValueAt(convertRowIndexToModel, 1);
                        String str2 = "";
                        if (str.startsWith("[")) {
                            str2 = String.valueOf(str.substring(1, str.indexOf("]"))) + ":";
                            str = str.substring(str2.length() + 1).trim();
                        }
                        ConfigurationDialog.this.descriptionLabel.setText("<html><b>" + str2 + "</b><br/>" + str + "</html>");
                    }
                }
            });
            return jPanel;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void handleOk() {
            SensitiveInfoExposureAssertion.this.assertionSpecificExposureList = SensitiveInfoExposureAssertion.this.createListFromTable(this.sensitiveInformationTableModel);
            SensitiveInfoExposureAssertion.this.includeProjectSpecific = this.includeProjectSpecificCheckBox.isSelected();
            SensitiveInfoExposureAssertion.this.setConfiguration(SensitiveInfoExposureAssertion.this.createConfiguration());
            this.confirmed = true;
            setVisible(false);
            dispose();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void handleCancel() {
            setVisible(false);
            dispose();
        }

        public boolean isConfirmed() {
            return this.confirmed;
        }
    }

    /* loaded from: input_file:com/eviware/soapui/security/assertion/SensitiveInfoExposureAssertion$Factory.class */
    public static class Factory extends AbstractTestAssertionFactory {
        public Factory() {
            super("Sensitive Information Exposure", "Sensitive Information Exposure", (Class<? extends TestAssertion>) SensitiveInfoExposureAssertion.class, (Class<? extends ModelItem>[]) new Class[]{SecurityScan.class, AbstractHttpRequest.class});
        }

        @Override // com.eviware.soapui.impl.wsdl.teststeps.assertions.TestAssertionFactory
        public String getCategory() {
            return AssertionCategoryMapping.SECURITY_CATEGORY;
        }

        @Override // com.eviware.soapui.impl.wsdl.teststeps.assertions.TestAssertionFactory
        public Class<? extends WsdlMessageAssertion> getAssertionClassType() {
            return SensitiveInfoExposureAssertion.class;
        }

        @Override // com.eviware.soapui.impl.wsdl.teststeps.assertions.TestAssertionFactory
        public AssertionListEntry getAssertionListEntry() {
            return new AssertionListEntry("Sensitive Information Exposure", "Sensitive Information Exposure", SensitiveInfoExposureAssertion.DESCRIPTION);
        }
    }

    public SensitiveInfoExposureAssertion(TestAssertionConfig testAssertionConfig, Assertable assertable) {
        super(testAssertionConfig, assertable, false, true, false, true);
        init();
    }

    private void init() {
        XmlObjectConfigurationReader xmlObjectConfigurationReader = new XmlObjectConfigurationReader(getConfiguration());
        this.includeGlobal = xmlObjectConfigurationReader.readBoolean(INCLUDE_GLOBAL, true);
        this.includeProjectSpecific = xmlObjectConfigurationReader.readBoolean(INCLUDE_PROJECT_SPECIFIC, true);
        this.assertionSpecificExposureList = StringUtils.toStringList(xmlObjectConfigurationReader.readStrings(ASSERTION_SPECIFIC_EXPOSURE_LIST));
        if (this.includeGlobal) {
            migrateCopyOfGlobalListToAssertion();
        }
    }

    private void migrateCopyOfGlobalListToAssertion() {
        Map<String, String> globalEntriesList = SecurityScanUtil.globalEntriesList();
        for (String str : this.assertionSpecificExposureList) {
            if (!KEY_VALUE_SEPARATOR.equals(str)) {
                String[] split = str.split(KEY_VALUE_SEPARATOR);
                if (split.length == 2) {
                    globalEntriesList.put(split[0], split[1]);
                } else if (split.length == 1) {
                    globalEntriesList.put(split[0], "");
                }
            }
        }
        ArrayList arrayList = new ArrayList();
        for (Map.Entry<String, String> entry : globalEntriesList.entrySet()) {
            if (entry.getValue().equals("")) {
                arrayList.add(entry.getKey());
            } else {
                arrayList.add(String.valueOf(entry.getKey()) + KEY_VALUE_SEPARATOR + entry.getValue());
            }
        }
        this.assertionSpecificExposureList = arrayList;
        this.includeGlobal = false;
    }

    @Override // com.eviware.soapui.impl.wsdl.teststeps.WsdlMessageAssertion
    protected String internalAssertResponse(MessageExchange messageExchange, SubmitContext submitContext) throws AssertionException {
        if (shouldSkipAssertion(messageExchange, submitContext)) {
            return WssCrypto.STATUS_OK;
        }
        Map<String, String> createCheckMap = createCheckMap(submitContext);
        ArrayList arrayList = new ArrayList();
        String responseContent = messageExchange.getResponseContent();
        HashSet hashSet = new HashSet();
        try {
            for (Map.Entry<String, String> entry : createCheckMap.entrySet()) {
                String key = entry.getKey();
                boolean startsWith = key.trim().startsWith(PREFIX);
                String value = !entry.getValue().equals("") ? entry.getValue() : key;
                if (startsWith) {
                    key = key.substring(key.indexOf(PREFIX) + 1);
                }
                String contains = SecurityScanUtil.contains(submitContext, responseContent, key, startsWith);
                if (contains != null) {
                    String str = String.valueOf(value) + " - Token [" + key + "] found [" + contains + "]";
                    if (!hashSet.contains(str)) {
                        arrayList.add(new AssertionError(str));
                        hashSet.add(str);
                    }
                }
            }
        } catch (Throwable th) {
            log.error("Error while performing assertion", th);
        }
        if (hashSet.isEmpty()) {
            return WssCrypto.STATUS_OK;
        }
        throw new AssertionException((AssertionError[]) arrayList.toArray(new AssertionError[arrayList.size()]));
    }

    private boolean shouldSkipAssertion(MessageExchange messageExchange, SubmitContext submitContext) {
        if (!(submitContext instanceof SecurityTestRunContext)) {
            return false;
        }
        if (messageExchange.getResponseContent() == null) {
            return true;
        }
        TestStep testStep = ((SecurityTestRunContext) submitContext).getOriginalTestStepResult().getTestStep();
        if (!(testStep instanceof HttpRequestTestStep)) {
            return false;
        }
        HttpResponse response = ((HttpRequestTestStep) testStep).getHttpRequest().getResponse();
        Response response2 = messageExchange.getResponse();
        if (response == null || response2 == null) {
            return false;
        }
        return org.apache.commons.lang3.StringUtils.equals(response.getContentAsString(), response2.getContentAsString());
    }

    @Override // com.eviware.soapui.impl.wsdl.teststeps.WsdlMessageAssertion
    protected String internalAssertProperty(TestPropertyHolder testPropertyHolder, String str, MessageExchange messageExchange, SubmitContext submitContext) throws AssertionException {
        Map<String, String> createCheckMap = createCheckMap(submitContext);
        ArrayList arrayList = new ArrayList();
        String propertyValue = testPropertyHolder.getPropertyValue(str);
        HashSet hashSet = new HashSet();
        try {
            for (Map.Entry<String, String> entry : createCheckMap.entrySet()) {
                String key = entry.getKey();
                boolean startsWith = key.trim().startsWith(PREFIX);
                String value = !entry.getValue().equals("") ? entry.getValue() : key;
                if (startsWith) {
                    key = key.substring(key.indexOf(PREFIX) + 1);
                }
                String contains = SecurityScanUtil.contains(submitContext, propertyValue, key, startsWith);
                if (contains != null) {
                    String str2 = String.valueOf(value) + " - Token [" + key + "] found [" + contains + "] in property " + str;
                    if (!hashSet.contains(str2)) {
                        arrayList.add(new AssertionError(str2));
                        hashSet.add(str2);
                    }
                }
            }
        } catch (Throwable th) {
            log.error("Error while asserting property", th);
        }
        if (hashSet.isEmpty()) {
            return WssCrypto.STATUS_OK;
        }
        throw new AssertionException((AssertionError[]) arrayList.toArray(new AssertionError[arrayList.size()]));
    }

    private Map<String, String> createCheckMap(SubmitContext submitContext) {
        HashMap hashMap = new HashMap();
        hashMap.putAll(createTokenMap());
        if (this.includeProjectSpecific) {
            hashMap.putAll(SecurityScanUtil.projectEntriesList(this));
        }
        return propertyExpansionSupport(hashMap, submitContext);
    }

    private Map<String, String> propertyExpansionSupport(Map<String, String> map, SubmitContext submitContext) {
        HashMap hashMap = new HashMap();
        for (Map.Entry<String, String> entry : map.entrySet()) {
            hashMap.put(submitContext.expand(entry.getKey()), submitContext.expand(entry.getValue()));
        }
        return hashMap;
    }

    protected XmlObject createConfiguration() {
        XmlObjectConfigurationBuilder xmlObjectConfigurationBuilder = new XmlObjectConfigurationBuilder();
        xmlObjectConfigurationBuilder.add(ASSERTION_SPECIFIC_EXPOSURE_LIST, (String[]) this.assertionSpecificExposureList.toArray(new String[this.assertionSpecificExposureList.size()]));
        xmlObjectConfigurationBuilder.add(INCLUDE_PROJECT_SPECIFIC, this.includeProjectSpecific);
        xmlObjectConfigurationBuilder.add(INCLUDE_GLOBAL, this.includeGlobal);
        return xmlObjectConfigurationBuilder.finish();
    }

    @Override // com.eviware.soapui.impl.wsdl.teststeps.WsdlMessageAssertion, com.eviware.soapui.model.testsuite.TestAssertion
    public boolean configure() {
        ConfigurationDialog configurationDialog = new ConfigurationDialog();
        configurationDialog.setVisible(true);
        return configurationDialog.isConfirmed();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public List<String> createListFromTable(SensitiveInformationTableModel sensitiveInformationTableModel) {
        ArrayList arrayList = new ArrayList();
        for (TestProperty testProperty : sensitiveInformationTableModel.getHolder().getPropertyList()) {
            arrayList.add(String.valueOf(testProperty.getName()) + KEY_VALUE_SEPARATOR + testProperty.getValue());
        }
        return arrayList;
    }

    Map<String, String> createTokenMap() {
        HashMap hashMap = new HashMap();
        for (String str : this.assertionSpecificExposureList) {
            if (!KEY_VALUE_SEPARATOR.equals(str)) {
                String[] split = str.split(KEY_VALUE_SEPARATOR);
                if (split.length == 2) {
                    hashMap.put(split[0], split[1]);
                } else if (split.length == 1) {
                    hashMap.put(split[0], "");
                }
            }
        }
        return hashMap;
    }
}
