package org.zaproxy.addon.spider.parser;

import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.Objects;
import java.util.SortedSet;
import java.util.TreeSet;
import java.util.stream.Collectors;
import net.htmlparser.jericho.Attribute;
import net.htmlparser.jericho.Element;
import net.htmlparser.jericho.FormControl;
import net.htmlparser.jericho.FormField;
import net.htmlparser.jericho.FormFields;
import net.htmlparser.jericho.Segment;
import net.htmlparser.jericho.Source;
import org.apache.commons.httpclient.URI;
import org.apache.commons.lang3.StringUtils;
import org.parosproxy.paros.network.HttpMessage;

/* loaded from: input_file:org/zaproxy/addon/spider/parser/SpiderHtmlFormParser.class */
public class SpiderHtmlFormParser extends SpiderParser {
    private static final String ENCODING_TYPE = "UTF-8";
    private static final String DEFAULT_EMPTY_VALUE = "";
    private static final String METHOD_GET = "GET";
    private static final String METHOD_POST = "POST";
    private URI uri;
    private String url;
    private Map<String, String> envAttributes = new HashMap();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/zaproxy/addon/spider/parser/SpiderHtmlFormParser$FormAction.class */
    public static class FormAction {
        final String action;
        final String method;

        FormAction(String str, String str2) {
            this.action = str;
            this.method = str2;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/zaproxy/addon/spider/parser/SpiderHtmlFormParser$FormData.class */
    public static class FormData implements Iterable<String> {
        private final List<FormDataField> fields;
        private final List<FormDataField> submitFields = new ArrayList();

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:org/zaproxy/addon/spider/parser/SpiderHtmlFormParser$FormData$IteratorImpl.class */
        public class IteratorImpl implements Iterator<String> {
            private boolean started;
            private List<FormDataField> consumedSubmitFields = new ArrayList();

            private IteratorImpl() {
            }

            @Override // java.util.Iterator
            public boolean hasNext() {
                return !this.started || this.consumedSubmitFields.size() < FormData.this.submitFields.size();
            }

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.Iterator
            public String next() {
                if (!this.started) {
                    this.started = true;
                } else if (this.consumedSubmitFields.size() >= FormData.this.submitFields.size()) {
                    throw new NoSuchElementException("No more form data to generate.");
                }
                boolean z = false;
                StringBuilder sb = new StringBuilder(100);
                for (FormDataField formDataField : FormData.this.fields) {
                    if (formDataField.isSubmit()) {
                        if (!z && !this.consumedSubmitFields.contains(formDataField)) {
                            z = true;
                            this.consumedSubmitFields.add(formDataField);
                        }
                    }
                    if (sb.length() > 0) {
                        sb.append('&');
                    }
                    sb.append(formDataField.getName());
                    sb.append('=');
                    sb.append(formDataField.getValue());
                }
                return sb.toString();
            }
        }

        private FormData(List<FormDataField> list) {
            this.fields = list;
            this.fields.forEach(formDataField -> {
                if (formDataField.isSubmit()) {
                    this.submitFields.add(formDataField);
                }
            });
        }

        @Override // java.lang.Iterable
        public Iterator<String> iterator() {
            return new IteratorImpl();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/zaproxy/addon/spider/parser/SpiderHtmlFormParser$FormDataField.class */
    public static class FormDataField {
        private String name;
        private String value;
        private boolean submit;

        public FormDataField(String str, String str2, boolean z) {
            try {
                this.name = URLEncoder.encode(str, SpiderHtmlFormParser.ENCODING_TYPE);
                this.value = URLEncoder.encode(str2, SpiderHtmlFormParser.ENCODING_TYPE);
                this.submit = z;
            } catch (UnsupportedEncodingException e) {
            }
        }

        public String getName() {
            return this.name;
        }

        public String getValue() {
            return this.value;
        }

        public boolean isSubmit() {
            return this.submit;
        }
    }

    @Override // org.zaproxy.addon.spider.parser.SpiderParser
    public boolean parseResource(ParseContext parseContext) {
        getLogger().debug("Parsing an HTML message for forms...");
        if (!parseContext.getSpiderParam().isProcessForm()) {
            return false;
        }
        Source source = parseContext.getSource();
        HttpMessage httpMessage = parseContext.getHttpMessage();
        String baseUrl = parseContext.getBaseUrl();
        this.uri = httpMessage.getRequestHeader().getURI();
        Element firstElement = source.getFirstElement("base");
        if (firstElement != null) {
            getLogger().debug("Base tag was found in HTML: {}", firstElement.getDebugInfo());
            String attributeValue = firstElement.getAttributeValue("href");
            if (attributeValue != null && !attributeValue.isEmpty()) {
                baseUrl = getCanonicalUrl(parseContext, attributeValue, baseUrl);
            }
        }
        for (Element element : source.getAllElements("form")) {
            this.envAttributes.clear();
            Iterator it = element.getAttributes().iterator();
            while (it.hasNext()) {
                Attribute attribute = (Attribute) it.next();
                this.envAttributes.put(attribute.getKey(), attribute.getValue());
            }
            for (FormAction formAction : processFormActions(element, element.getAttributeValue("method"), baseUrl, source)) {
                String str = formAction.action;
                String str2 = formAction.method;
                getLogger().debug("Found new form with method: '{}' and action: {}", str2, str);
                if (parseContext.getSpiderParam().isPostForm() || str2 == null || !str2.trim().equalsIgnoreCase(METHOD_POST)) {
                    if (str.contains("#")) {
                        str = str.substring(0, str.lastIndexOf("#"));
                    }
                    this.url = getCanonicalUrl(parseContext, str, baseUrl);
                    FormData prepareFormDataSet = prepareFormDataSet(parseContext, element);
                    if (str2 != null && str2.trim().equalsIgnoreCase(METHOD_POST)) {
                        String canonicalUrl = getCanonicalUrl(parseContext, str, baseUrl);
                        if (canonicalUrl == null) {
                            return false;
                        }
                        getLogger().debug("Canonical URL constructed using '{}': {}", str, canonicalUrl);
                        Iterator<String> it2 = prepareFormDataSet.iterator();
                        while (it2.hasNext()) {
                            notifyPostResourceFound(parseContext, canonicalUrl, it2.next());
                        }
                    } else if (!str.contains("?")) {
                        processGetForm(parseContext, str + "?", baseUrl, prepareFormDataSet);
                    } else if (str.endsWith("?")) {
                        processGetForm(parseContext, str, baseUrl, prepareFormDataSet);
                    } else {
                        processGetForm(parseContext, str + "&", baseUrl, prepareFormDataSet);
                    }
                } else {
                    getLogger().debug("Skipping form with POST method because of user settings.");
                }
            }
        }
        return false;
    }

    private List<FormAction> processFormActions(Element element, String str, String str2, Source source) {
        ArrayList arrayList = new ArrayList();
        String attributeValue = element.getAttributeValue("action");
        if (attributeValue == null) {
            getLogger().debug("No form 'action' defined. Using base URL: {}", str2);
            attributeValue = str2;
        }
        List list = (List) element.getChildElements().stream().filter(this::allowedButtonType).filter(element2 -> {
            return StringUtils.isEmpty(element2.getAttributeValue("form"));
        }).collect(Collectors.toList());
        if (StringUtils.isNotEmpty(element.getAttributeValue("id"))) {
            String attributeValue2 = element.getAttributeValue("id");
            list.addAll((Collection) source.getAllElements("button").stream().filter(this::allowedButtonType).filter(element3 -> {
                return Objects.equals(element3.getAttributeValue("form"), attributeValue2);
            }).collect(Collectors.toList()));
        }
        if (list.isEmpty()) {
            arrayList.add(new FormAction(attributeValue, str));
        } else {
            String str3 = attributeValue;
            list.forEach(element4 -> {
                if (StringUtils.isEmpty(element4.getAttributeValue("formaction"))) {
                    arrayList.add(new FormAction(str3, processFormMethodWithButton(element4, str)));
                } else {
                    arrayList.add(new FormAction(element4.getAttributeValue("formaction"), processFormMethodWithButton(element4, str)));
                }
            });
        }
        return arrayList;
    }

    private boolean allowedButtonType(Element element) {
        String attributeValue = element.getAttributeValue("type");
        return (!element.getStartTag().getName().equals("button") || "button".equalsIgnoreCase(attributeValue) || "reset".equalsIgnoreCase(attributeValue)) ? false : true;
    }

    private String processFormMethodWithButton(Element element, String str) {
        String attributeValue = element.getAttributeValue("formmethod");
        return (StringUtils.isEmpty(attributeValue) || !(attributeValue.equalsIgnoreCase(METHOD_GET) || attributeValue.equalsIgnoreCase(METHOD_POST))) ? str : attributeValue;
    }

    private void processGetForm(ParseContext parseContext, String str, String str2, FormData formData) {
        Iterator<String> it = formData.iterator();
        while (it.hasNext()) {
            String next = it.next();
            getLogger().debug("Submitting form with GET method and query with form parameters: {}", next);
            processUrl(parseContext, str + next, str2);
        }
    }

    private FormData prepareFormDataSet(ParseContext parseContext, Element element) {
        LinkedList linkedList = new LinkedList();
        Iterator it = getFormFields(parseContext, element).iterator();
        while (it.hasNext()) {
            FormField formField = (FormField) it.next();
            getLogger().debug("New form field: {}", formField.getDebugInfo());
            Iterator<String> it2 = getDefaultTextValue(parseContext, formField).iterator();
            while (it2.hasNext()) {
                linkedList.add(new FormDataField(formField.getName(), it2.next(), formField.getFormControl().getFormControlType().isSubmit()));
            }
        }
        return new FormData(linkedList);
    }

    private static FormFields getFormFields(ParseContext parseContext, Element element) {
        TreeSet treeSet = new TreeSet();
        addAll(treeSet, element, "input");
        addAll(treeSet, element, "textarea");
        addAll(treeSet, element, "select");
        addAll(treeSet, element, "button");
        String attributeValue = element.getAttributeValue("id");
        if (attributeValue != null && !attributeValue.isEmpty()) {
            addAll(treeSet, parseContext.getSource().getAllElements("form", attributeValue, true));
        }
        Iterator it = treeSet.iterator();
        while (it.hasNext()) {
            String str = (String) ((FormControl) it.next()).getAttributesMap().get("form");
            if (str != null && !str.equals(attributeValue)) {
                it.remove();
            }
        }
        return new FormFields(treeSet);
    }

    private static void addAll(SortedSet<FormControl> sortedSet, Segment segment, String str) {
        addAll(sortedSet, segment.getAllElements(str));
    }

    private static void addAll(SortedSet<FormControl> sortedSet, List<Element> list) {
        Iterator<Element> it = list.iterator();
        while (it.hasNext()) {
            FormControl formControl = it.next().getFormControl();
            if (formControl != null) {
                sortedSet.add(formControl);
            }
        }
    }

    private List<String> getDefaultTextValue(ParseContext parseContext, FormField formField) {
        String name = formField.getName();
        HashMap hashMap = new HashMap();
        ArrayList arrayList = new ArrayList();
        hashMap.putAll(formField.getFormControl().getAttributesMap());
        hashMap.put("Control Type", formField.getFormControl().getFormControlType().name());
        if (formField.getFormControl().getFormControlType().isSubmit()) {
            ArrayList arrayList2 = new ArrayList();
            Iterator it = formField.getPredefinedValues().iterator();
            while (it.hasNext()) {
                arrayList2.add(parseContext.getValueGenerator().getValue(this.uri, this.url, name, (String) it.next(), arrayList, this.envAttributes, hashMap));
            }
            return arrayList2;
        }
        List values = formField.getValues();
        String str = null;
        if (formField.getFormControl().getAttributesMap().containsKey("value")) {
            str = (String) formField.getFormControl().getAttributesMap().get("value");
        }
        getLogger().debug("Existing values: {}", values);
        if (values.isEmpty() || (values.size() == 1 && ((String) values.get(0)).isEmpty())) {
            Collection predefinedValues = formField.getPredefinedValues();
            if (!predefinedValues.isEmpty()) {
                arrayList.addAll(predefinedValues);
                if (str == null) {
                    Iterator it2 = predefinedValues.iterator();
                    str = (String) it2.next();
                    if (it2.hasNext()) {
                        str = (String) it2.next();
                    }
                }
            }
            str = str == null ? DEFAULT_EMPTY_VALUE : str;
        } else if (str == null) {
            str = (String) values.get(0);
        }
        String value = parseContext.getValueGenerator().getValue(this.uri, this.url, name, str, arrayList, this.envAttributes, hashMap);
        getLogger().debug("Generated: {}. For field {}", value, formField.getName());
        ArrayList arrayList3 = new ArrayList(1);
        arrayList3.add(value);
        return arrayList3;
    }

    private void notifyPostResourceFound(ParseContext parseContext, String str, String str2) {
        getLogger().debug("Submitting form with POST method and message body with form parameters (normal encoding): {}", str2);
        notifyListenersResourceFound(SpiderResourceFound.builder().setMessage(parseContext.getHttpMessage()).setDepth(parseContext.getDepth() + 1).setUri(str).setMethod(METHOD_POST).setBody(str2).build());
    }

    @Override // org.zaproxy.addon.spider.parser.SpiderParser
    public boolean canParseResource(ParseContext parseContext, boolean z) {
        return !z && parseContext.getHttpMessage().getResponseHeader().isHtml();
    }
}
