package org.zaproxy.zap.authentication;
import java.awt.EventQueue;
import java.io.IOException;
import org.apache.commons.httpclient.HttpState;
import org.apache.commons.httpclient.URIException;
import org.apache.log4j.Logger;
import org.parosproxy.paros.Constant;
import org.parosproxy.paros.control.Control;
import org.parosproxy.paros.extension.history.ExtensionHistory;
import org.parosproxy.paros.model.HistoryReference;
import org.parosproxy.paros.model.Model;
import org.parosproxy.paros.network.HttpMessage;
import org.parosproxy.paros.network.HttpSender;
import org.parosproxy.paros.view.View;
import org.zaproxy.zap.model.SessionStructure;
import org.zaproxy.zap.session.SessionManagementMethod;
import org.zaproxy.zap.users.User;
import org.zaproxy.zap.utils.Stats;
public class AuthenticationHelper {
private HttpSender httpSender;
private SessionManagementMethod sessionManagementMethod;
private User user;
public AuthenticationHelper(HttpSender httpSender, SessionManagementMethod sessionManagementMethod, User user) {
super();
this.httpSender = httpSender;
this.sessionManagementMethod = sessionManagementMethod;
this.user = user;
}
private static final Logger log = Logger.getLogger(AuthenticationHelper.class);
private static final String HISTORY_TAG_AUTHENTICATION = "Authentication";
public static final String AUTH_SUCCESS_STATS = "stats.auth.success";
public static final String AUTH_FAILURE_STATS = "stats.auth.failure";
/**
* @deprecated use {@link #notifyOutputAuthSuccessful(HttpMessage)} instead.
*/
@Deprecated
public static void notifyOutputAuthSuccessful() {
notifyOutputAuthSuccessful(null);
}
public static void notifyOutputAuthSuccessful(HttpMessage msg) {
if (msg != null) {
// Always record stats
try {
Stats.incCounter(SessionStructure.getHostName(msg), AUTH_SUCCESS_STATS);
} catch (URIException e) {
// Ignore
}
}
// Let the user know it worked
if (View.isInitialised()) {
View.getSingleton().getOutputPanel()
.appendAsync(Constant.messages.getString("authentication.output.success") + "\n");
}
}
public static void notifyOutputAuthFailure(HttpMessage msg) {
// Always record stats
try {
Stats.incCounter(SessionStructure.getHostName(msg), AUTH_FAILURE_STATS);
} catch (URIException e) {
// Ignore
}
// Let the user know it failed
if (View.isInitialised()) {
View.getSingleton().getOutputPanel()
.appendAsync(Constant.messages.getString("authentication.output.failure") + "\n");
}
}
public HttpState getCorrespondingHttpState() {
if (user.getAuthenticatedSession() == null)
user.setAuthenticatedSession(sessionManagementMethod.createEmptyWebSession());
return user.getCorrespondingHttpState();
}
public static void addAuthMessageToHistory(HttpMessage msg) {
// Add message to history
try {
final HistoryReference ref = new HistoryReference(Model.getSingleton().getSession(),
HistoryReference.TYPE_AUTHENTICATION, msg);
ref.addTag(HISTORY_TAG_AUTHENTICATION);
if (View.isInitialised()) {
final ExtensionHistory extHistory = Control.getSingleton()
.getExtensionLoader()
.getExtension(ExtensionHistory.class);
if (extHistory != null) {
EventQueue.invokeLater(new Runnable() {
@Override
public void run() {
extHistory.addHistory(ref);
}
});
}
}
} catch (Exception ex) {
log.error("Cannot add authentication message to History tab.", ex);
}
}
public HttpMessage prepareMessage() {
return prepareMessage(this.sessionManagementMethod, this.user);
}
public static HttpMessage prepareMessage(SessionManagementMethod sessionManagementMethod, User user) {
HttpMessage msg = new HttpMessage();
// Make sure the message will be sent with a good WebSession that can record the changes
if (user.getAuthenticatedSession() == null)
user.setAuthenticatedSession(sessionManagementMethod.createEmptyWebSession());
msg.setRequestingUser(user);
return msg;
}
public User getRequestingUser() {
// Make sure the message will be sent with a good WebSession that can record the changes
if (user.getAuthenticatedSession() == null)
user.setAuthenticatedSession(sessionManagementMethod.createEmptyWebSession());
return user;
}
public void sendAndReceive(HttpMessage msg) throws IOException {
this.httpSender.sendAndReceive(msg);
}
public void sendAndReceive(HttpMessage msg, boolean followRedirect) throws IOException {
this.httpSender.sendAndReceive(msg, followRedirect);
}
public HttpSender getHttpSender() {
return httpSender;
}
}