ContextAuthorizationPanel.java

package org.zaproxy.zap.extension.authorization;

import java.awt.CardLayout;
import java.awt.GridBagLayout;
import java.awt.Insets;
import java.util.regex.Pattern;
import java.util.regex.PatternSyntaxException;

import javax.swing.JComboBox;
import javax.swing.JLabel;
import javax.swing.JPanel;
import javax.swing.JTextField;
import javax.swing.border.EmptyBorder;

import org.apache.log4j.Logger;
import org.parosproxy.paros.Constant;
import org.parosproxy.paros.model.Session;
import org.parosproxy.paros.network.HttpStatusCode;
import org.zaproxy.zap.extension.authorization.BasicAuthorizationDetectionMethod.LogicalOperator;
import org.zaproxy.zap.model.Context;
import org.zaproxy.zap.utils.FontUtils;
import org.zaproxy.zap.view.AbstractContextPropertiesPanel;
import org.zaproxy.zap.view.LayoutHelper;

public class ContextAuthorizationPanel extends AbstractContextPropertiesPanel {

	private static final long serialVersionUID = 2416553589170267959L;
	private static final Logger log = Logger.getLogger(ContextAuthorizationPanel.class);

	private static final String PANEL_NAME = Constant.messages.getString("authorization.panel.title");

	private static final String LABEL_DESCRIPTION = Constant.messages
			.getHtmlWrappedString("authorization.panel.label.description");
	private static final String FIELD_LABEL_INTRO = Constant.messages
			.getHtmlWrappedString("authorization.detection.basic.field.intro");
	private static final String FIELD_LABEL_STATUS_CODE = Constant.messages
			.getString("authorization.detection.basic.field.statusCode");
	private static final String FIELD_LABEL_HEADER_PATTERN = Constant.messages
			.getString("authorization.detection.basic.field.headerPattern");
	private static final String FIELD_LABEL_BODY_PATTERN = Constant.messages
			.getString("authorization.detection.basic.field.bodyPattern");
	private static final String FIELD_VALUE_AND_COMPOSITION = Constant.messages
			.getString("authorization.detection.basic.field.composition.and");
	private static final String FIELD_VALUE_OR_COMPOSITION = Constant.messages
			.getString("authorization.detection.basic.field.composition.or");

	private static Object[] STATUS_CODES;
	static {
		// Prepare the status codes as an Object array which includes the "empty" option, as required by the
		// ComboBox
		STATUS_CODES = new Object[HttpStatusCode.CODES.length + 1];
		STATUS_CODES[0] = " -- ";
		for (int i = 0; i < HttpStatusCode.CODES.length; i++)
			STATUS_CODES[i + 1] = HttpStatusCode.CODES[i];

	}

	private JComboBox<Object> statusCodeComboBox;
	private JTextField headerPatternText;
	private JTextField bodyPatternText;
	private JComboBox<String> logicalOperatorComboBox;

	private ExtensionAuthorization extension;
	private AuthorizationDetectionMethod authorizationMethod;

	public ContextAuthorizationPanel(ExtensionAuthorization extension, int contextId) {
		super(contextId);
		this.extension = extension;
		initialize();
	}

	/**
	 * Builds the name of the panel based on the context id.
	 * 
	 * @param contextId the context id
	 * @return the string
	 */
	public static String buildName(int contextId) {
		return contextId + ": " + PANEL_NAME;
	}

	/**
	 * Initialize the panel.
	 */
	private void initialize() {
		this.setLayout(new CardLayout());
		this.setName(getContextIndex() + ": " + PANEL_NAME);
		this.setLayout(new GridBagLayout());
		this.setBorder(new EmptyBorder(2, 2, 2, 2));

		this.add(new JLabel(LABEL_DESCRIPTION), LayoutHelper.getGBC(0, 0, 2, 0.0D, new Insets(0, 0, 20, 0)));

		// Basic Authorization detection
		Insets insets = new Insets(2, 5, 2, 5);

		this.add(new JLabel(FIELD_LABEL_INTRO), LayoutHelper.getGBC(0, 1, 2, 0.0D, new Insets(0, 0, 5, 0)));

		JPanel configContainerPanel = new JPanel(new GridBagLayout());
		configContainerPanel.setBorder(javax.swing.BorderFactory.createTitledBorder(null, "",
				javax.swing.border.TitledBorder.DEFAULT_JUSTIFICATION,
				javax.swing.border.TitledBorder.DEFAULT_POSITION, 
				FontUtils.getFont(FontUtils.Size.standard), java.awt.Color.black));
		this.add(configContainerPanel, LayoutHelper.getGBC(0, 2, 2, 0.0D));

		configContainerPanel.add(new JLabel(FIELD_LABEL_STATUS_CODE), LayoutHelper.getGBC(0, 2, 1, 0.0D));
		statusCodeComboBox = new JComboBox<>(STATUS_CODES);
		configContainerPanel.add(statusCodeComboBox, LayoutHelper.getGBC(1, 2, 1, 1.0D, insets));

		configContainerPanel.add(new JLabel(FIELD_LABEL_HEADER_PATTERN), LayoutHelper.getGBC(0, 3, 1, 0.0D));
		headerPatternText = new JTextField();
		configContainerPanel.add(headerPatternText, LayoutHelper.getGBC(1, 3, 1, 1.0D, insets));

		configContainerPanel.add(new JLabel(FIELD_LABEL_BODY_PATTERN), LayoutHelper.getGBC(0, 4, 1, 0.0D));
		bodyPatternText = new JTextField();
		configContainerPanel.add(bodyPatternText, LayoutHelper.getGBC(1, 4, 1, 1.0D, insets));

		logicalOperatorComboBox = new JComboBox<>(new String[] { FIELD_VALUE_AND_COMPOSITION,
				FIELD_VALUE_OR_COMPOSITION });
		configContainerPanel.add(logicalOperatorComboBox,
				LayoutHelper.getGBC(0, 5, 2, 0.0D, new Insets(2, 0, 2, 5)));

		// Padding
		this.add(new JLabel(), LayoutHelper.getGBC(0, 99, 2, 1.0D, 1.0D));
	}

	@Override
	public void initContextData(Session session, Context uiSharedContext) {
		this.authorizationMethod = uiSharedContext.getAuthorizationDetectionMethod();
		if (this.authorizationMethod != null) {
			if (authorizationMethod instanceof BasicAuthorizationDetectionMethod) {
				log.debug("Initializing panel with "
						+ BasicAuthorizationDetectionMethod.class.getSimpleName() + ": "
						+ authorizationMethod);
				BasicAuthorizationDetectionMethod method = (BasicAuthorizationDetectionMethod) this.authorizationMethod;

				if (method.bodyPattern != null)
					this.bodyPatternText.setText(method.bodyPattern.pattern());
				if (method.headerPattern != null)
					this.headerPatternText.setText(method.headerPattern.pattern());
				if (method.statusCode != BasicAuthorizationDetectionMethod.NO_STATUS_CODE)
					this.statusCodeComboBox.setSelectedItem(method.statusCode);
				if (method.logicalOperator == LogicalOperator.AND)
					this.logicalOperatorComboBox.setSelectedItem(FIELD_VALUE_AND_COMPOSITION);
				else
					this.logicalOperatorComboBox.setSelectedItem(FIELD_VALUE_OR_COMPOSITION);
				return;

			}
			log.warn("Unsupported authorization method on panel: "
					+ authorizationMethod.getClass().getSimpleName());
		}
	}

	@Override
	public void validateContextData(Session session) throws Exception {
		try {
			Pattern.compile(headerPatternText.getText());
			Pattern.compile(bodyPatternText.getText());
		} catch (PatternSyntaxException e) {
			throw new IllegalStateException(Constant.messages.getString(
					"authorization.detection.basic.error.illegalPattern", getUISharedContext().getName()), e);
		}
	}

	private void saveMethod() {
		Integer selectedStatusCode = (Integer) (statusCodeComboBox.getSelectedIndex() == 0 ? null
				: statusCodeComboBox.getSelectedItem());
		LogicalOperator selectedComposition = logicalOperatorComboBox.getSelectedItem().equals(
				FIELD_VALUE_AND_COMPOSITION) ? LogicalOperator.AND : LogicalOperator.OR;

		authorizationMethod = new BasicAuthorizationDetectionMethod(selectedStatusCode,
				headerPatternText.getText(), bodyPatternText.getText(), selectedComposition);
	}

	@Override
	public void saveTemporaryContextData(Context uiSharedContext) {
		saveMethod();
		uiSharedContext.setAuthorizationDetectionMethod(authorizationMethod);
	}

	@Override
	public void saveContextData(Session session) throws Exception {
		saveMethod();
		session.getContext(getContextIndex()).setAuthorizationDetectionMethod(authorizationMethod);
		log.debug("Saving authorization method: " + authorizationMethod);
	}

	@Override
	public String getHelpIndex() {
		// TODO Auto-generated method stub
		return null;
	}

}