package com.eviware.soapui.security.scan;

import com.eviware.soapui.config.StrategyTypeConfig;
import com.eviware.soapui.impl.wsdl.teststeps.PathLanguage;
import com.eviware.soapui.model.propertyexpansion.PropertyExpander;
import com.eviware.soapui.model.security.SecurityCheckedParameter;
import com.eviware.soapui.model.support.AbstractSubmitContext;
import com.eviware.soapui.model.testsuite.TestProperty;
import com.eviware.soapui.model.testsuite.TestStep;
import com.eviware.soapui.security.SecurityTestRunContext;
import com.eviware.soapui.support.JsonPathFacade;
import com.eviware.soapui.support.SecurityScanUtil;
import com.eviware.soapui.support.StringUtils;
import com.eviware.soapui.support.types.StringToStringMap;
import com.eviware.soapui.support.xml.XmlObjectTreeModel;
import com.eviware.soapui.support.xml.XmlUtils;
import com.eviware.soapui.tools.PropertyExpansionRemover;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.validation.constraints.NotNull;
import org.apache.xmlbeans.SchemaType;
import org.apache.xmlbeans.XmlException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/eviware/soapui/security/scan/ParameterValueInjector.class */
class ParameterValueInjector {
    public static final Logger log = LoggerFactory.getLogger(ParameterValueInjector.class);
    private Map<SecurityCheckedParameter, ArrayList<String>> mutations;
    private List<SecurityCheckedParameter> parameterList;
    private List<String> injectionStrings;
    private StrategyTypeConfig.Enum strategy;
    private boolean hasMutated;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/eviware/soapui/security/scan/ParameterValueInjector$JsonPathUpdater.class */
    public class JsonPathUpdater implements PathValueUpdater {
        private final String value;

        public JsonPathUpdater(String str) {
            this.value = str;
        }

        @Override // com.eviware.soapui.security.scan.ParameterValueInjector.PathValueUpdater
        public String updateValue(String str, String str2) {
            JsonPathFacade jsonPathFacade = new JsonPathFacade(this.value);
            jsonPathFacade.writeValue(str, str2);
            return jsonPathFacade.getCurrentJson();
        }

        @Override // com.eviware.soapui.security.scan.ParameterValueInjector.PathValueUpdater
        public boolean hasNodes(String str) {
            return !new JsonPathFacade(this.value).listLeafValues().isEmpty();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/eviware/soapui/security/scan/ParameterValueInjector$NullValueUpdater.class */
    public static class NullValueUpdater implements PathValueUpdater {
        private final String value;

        public NullValueUpdater(String str) {
            this.value = str;
        }

        @Override // com.eviware.soapui.security.scan.ParameterValueInjector.PathValueUpdater
        public String updateValue(String str, String str2) {
            return this.value;
        }

        @Override // com.eviware.soapui.security.scan.ParameterValueInjector.PathValueUpdater
        public boolean hasNodes(String str) {
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/eviware/soapui/security/scan/ParameterValueInjector$PathValueUpdater.class */
    public interface PathValueUpdater {
        String updateValue(String str, String str2);

        boolean hasNodes(String str);
    }

    /* loaded from: input_file:com/eviware/soapui/security/scan/ParameterValueInjector$XPathValueUpdater.class */
    public class XPathValueUpdater implements PathValueUpdater {
        private XmlObjectTreeModel model;

        public XPathValueUpdater(String str, SchemaType schemaType) {
            try {
                this.model = new XmlObjectTreeModel(schemaType.getTypeSystem(), XmlUtils.createXmlObject(str));
            } catch (XmlException unused) {
                throw new IllegalArgumentException("Non XML value: " + str);
            }
        }

        @Override // com.eviware.soapui.security.scan.ParameterValueInjector.PathValueUpdater
        public String updateValue(String str, String str2) {
            for (XmlObjectTreeModel.XmlTreeNode xmlTreeNode : this.model.selectTreeNodes(str)) {
                xmlTreeNode.setValue(1, str2);
            }
            return this.model.getXmlObject().toString();
        }

        @Override // com.eviware.soapui.security.scan.ParameterValueInjector.PathValueUpdater
        public boolean hasNodes(String str) {
            return this.model.selectTreeNodes(str).length > 0;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ParameterValueInjector(List<SecurityCheckedParameter> list, List<String> list2, StrategyTypeConfig.Enum r7) {
        this.mutations = new HashMap();
        this.mutations = new HashMap();
        this.parameterList = list;
        this.injectionStrings = list2;
        this.strategy = r7;
    }

    public StringToStringMap update(TestStep testStep, SecurityTestRunContext securityTestRunContext) throws Exception {
        return update(testStep, securityTestRunContext, false);
    }

    public StringToStringMap update(TestStep testStep, SecurityTestRunContext securityTestRunContext, boolean z) throws Exception {
        StringToStringMap stringToStringMap = new StringToStringMap();
        if (this.mutations.size() == 0) {
            mutateParameters(testStep, securityTestRunContext);
        }
        if (this.strategy == StrategyTypeConfig.ONE_BY_ONE) {
            drainMutationsForEachParameter(testStep, securityTestRunContext, stringToStringMap, z);
        } else {
            for (TestProperty testProperty : testStep.getPropertyList()) {
                String expand = securityTestRunContext.expand(testProperty.getValue());
                PathValueUpdater updaterForContent = getUpdaterForContent(expand, testProperty.getSchemaType());
                for (SecurityCheckedParameter securityCheckedParameter : this.parameterList) {
                    if (securityCheckedParameter.isChecked()) {
                        String str = null;
                        if (StringUtils.isNullOrEmpty(securityCheckedParameter.getXpath())) {
                            if (this.mutations.containsKey(securityCheckedParameter)) {
                                str = drainAndApplyFirstMutation(testStep, stringToStringMap, securityCheckedParameter);
                            }
                        } else if (!StringUtils.isNullOrEmpty(expand)) {
                            if (securityCheckedParameter.getName().equals(testProperty.getName()) && this.mutations.containsKey(securityCheckedParameter) && this.mutations.get(securityCheckedParameter).size() > 0) {
                                String drainAndApplyFirstMutationToXmlNodes = drainAndApplyFirstMutationToXmlNodes(stringToStringMap, securityCheckedParameter, updaterForContent);
                                str = z ? unescapeEscaped(drainAndApplyFirstMutationToXmlNodes) : drainAndApplyFirstMutationToXmlNodes;
                            }
                        }
                        if (str != null) {
                            testProperty.setValue(str);
                        }
                    }
                }
            }
        }
        return stringToStringMap;
    }

    private void drainMutationsForEachParameter(TestStep testStep, SecurityTestRunContext securityTestRunContext, StringToStringMap stringToStringMap, boolean z) throws XmlException {
        for (SecurityCheckedParameter securityCheckedParameter : this.parameterList) {
            if (this.mutations.containsKey(securityCheckedParameter) && this.mutations.get(securityCheckedParameter).size() > 0) {
                TestProperty testProperty = testStep.getProperties().get(securityCheckedParameter.getName());
                String expand = securityTestRunContext.expand(testProperty.getValue());
                if (StringUtils.isNullOrEmpty(securityCheckedParameter.getXpath())) {
                    drainAndApplyFirstMutation(testStep, stringToStringMap, securityCheckedParameter);
                    return;
                } else if (!StringUtils.isNullOrEmpty(expand)) {
                    String drainAndApplyFirstMutationToXmlNodes = drainAndApplyFirstMutationToXmlNodes(stringToStringMap, securityCheckedParameter, getUpdaterForContent(expand, testProperty.getSchemaType()));
                    testStep.getProperties().get(securityCheckedParameter.getName()).setValue(z ? unescapeEscaped(drainAndApplyFirstMutationToXmlNodes) : drainAndApplyFirstMutationToXmlNodes);
                    return;
                }
            }
        }
    }

    private static String unescapeEscaped(@NotNull String str) {
        return str.replaceAll("&lt;", "<");
    }

    private String drainAndApplyFirstMutationToXmlNodes(StringToStringMap stringToStringMap, SecurityCheckedParameter securityCheckedParameter, PathValueUpdater pathValueUpdater) {
        String updateValue = pathValueUpdater.updateValue(securityCheckedParameter.getXpath(), this.mutations.get(securityCheckedParameter).get(0));
        stringToStringMap.put((StringToStringMap) securityCheckedParameter.getLabel(), updateValue);
        this.mutations.get(securityCheckedParameter).remove(0);
        return updateValue;
    }

    private String drainAndApplyFirstMutation(TestStep testStep, StringToStringMap stringToStringMap, SecurityCheckedParameter securityCheckedParameter) {
        ArrayList<String> arrayList = this.mutations.get(securityCheckedParameter);
        String str = arrayList.get(0);
        try {
            testStep.getProperties().get(securityCheckedParameter.getName()).setValue(str);
            updateRequestContentWithParam(testStep, securityCheckedParameter);
            stringToStringMap.put((StringToStringMap) securityCheckedParameter.getLabel(), str);
        } catch (Exception e) {
            log.warn("Failed to set parameter {} to '{}', Error: {}", new Object[]{securityCheckedParameter.getName(), str, e});
        }
        arrayList.remove(0);
        return str;
    }

    private void updateRequestContentWithParam(final TestStep testStep, final SecurityCheckedParameter securityCheckedParameter) {
        if (testStep.getProperty("Request").getValue().contains(PropertyExpansionRemover.EXPANSION_START + securityCheckedParameter.getName() + "}")) {
            testStep.getProperty("Request").setValue(PropertyExpander.expandProperties(new AbstractSubmitContext<TestStep>(testStep) { // from class: com.eviware.soapui.security.scan.ParameterValueInjector.1
                @Override // com.eviware.soapui.model.propertyexpansion.PropertyExpansionContext
                public Object getProperty(String str) {
                    return securityCheckedParameter.getName().equals(str) ? testStep.getProperties().get(str).getValue() : PropertyExpansionRemover.EXPANSION_START + str + "}";
                }
            }, testStep.getProperty("Request").getValue()));
        }
    }

    private void mutateParameters(TestStep testStep, SecurityTestRunContext securityTestRunContext) throws Exception {
        this.hasMutated = true;
        for (SecurityCheckedParameter securityCheckedParameter : this.parameterList) {
            if (securityCheckedParameter.isChecked()) {
                TestProperty testProperty = testStep.getProperties().get(securityCheckedParameter.getName());
                if (StringUtils.isNullOrEmpty(securityCheckedParameter.getXpath())) {
                    for (String str : this.injectionStrings) {
                        if (!this.mutations.containsKey(securityCheckedParameter)) {
                            this.mutations.put(securityCheckedParameter, new ArrayList<>());
                        }
                        this.mutations.get(securityCheckedParameter).add(str);
                    }
                } else if (testProperty.getValue() != null || testProperty.getDefaultValue() != null) {
                    PathValueUpdater updaterForContent = getUpdaterForContent(securityTestRunContext.expand(testProperty.getValue()), testProperty.getSchemaType());
                    for (String str2 : this.injectionStrings) {
                        if (updaterForContent.hasNodes(securityCheckedParameter.getXpath())) {
                            if (!this.mutations.containsKey(securityCheckedParameter)) {
                                this.mutations.put(securityCheckedParameter, new ArrayList<>());
                            }
                            this.mutations.get(securityCheckedParameter).add(str2);
                        }
                    }
                }
            }
        }
    }

    private PathValueUpdater getUpdaterForContent(String str, SchemaType schemaType) {
        PathLanguage forContent = PathLanguage.forContent(str);
        return forContent == null ? new NullValueUpdater(str) : forContent == PathLanguage.XPATH ? new XPathValueUpdater(str, SecurityScanUtil.getSchemaType(schemaType)) : new JsonPathUpdater(str);
    }

    public boolean hasNext() {
        boolean z = false;
        if (!this.mutations.isEmpty() || this.hasMutated) {
            Iterator<SecurityCheckedParameter> it = this.mutations.keySet().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (this.mutations.get(it.next()).size() > 0) {
                    z = true;
                    break;
                }
            }
        } else {
            z = this.parameterList.size() > 0;
        }
        if (!z) {
            clear();
        }
        return z;
    }

    public void clear() {
        this.mutations.clear();
        this.hasMutated = false;
    }
}
