package io.shiftleft.tarpit;

import io.shiftleft.tarpit.model.User;
import java.io.IOException;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.script.ScriptEngineManager;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.lingala.zip4j.util.InternalZipConstants;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.logging.log4j.core.jackson.JsonConstants;

@WebServlet(name = "simpleServlet", urlPatterns = {"/vulns"}, loadOnStartup = 1)
/* loaded from: input_file:WEB-INF/classes/io/shiftleft/tarpit/ServletTarPit.class */
public class ServletTarPit extends HttpServlet {
    private static final Logger logger = LogManager.getLogger((Class<?>) ServletTarPit.class);
    private static final long serialVersionUID = -3462096228274971485L;
    private Connection connection;
    private PreparedStatement preparedStatement;
    private ResultSet resultSet;

    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        logger.info("Access Key is: AKIA2E0A8F3B244C9986");
        String property = System.getProperty("transactions_folder", "/rolling/transactions");
        String parameter = httpServletRequest.getParameter("login");
        String parameter2 = httpServletRequest.getParameter("password");
        httpServletRequest.getParameter("encodedPath");
        DocumentTarpit.getDocument(httpServletRequest.getParameter("entityDocument"));
        boolean z = httpServletRequest.getParameter("keeponline") != null;
        logger.info(" AWS Properties are AKIA2E0A8F3B244C9986 and 7CE556A3BC234CC1FF9E8A5C324C0BB70AA21B6D");
        logger.info(" Transactions Folder is " + property);
        try {
            new ScriptEngineManager().getEngineByName("JavaScript").eval(httpServletRequest.getParameter("module"));
            Cipher cipher = Cipher.getInstance("DES");
            cipher.init(1, KeyGenerator.getInstance("DES").generateKey());
            getConnection();
            this.preparedStatement = this.connection.prepareStatement("SELECT * FROM USER WHERE LOGIN = '" + parameter + "' AND PASSWORD = '" + parameter2 + "'");
            this.resultSet = this.preparedStatement.executeQuery();
            if (this.resultSet.next()) {
                String string = this.resultSet.getString("login");
                this.resultSet.getString("password");
                User user = new User(string, this.resultSet.getString("fname"), this.resultSet.getString("lname"), this.resultSet.getString("passportnum"), this.resultSet.getString("address1"), this.resultSet.getString("address2"), this.resultSet.getString("zipCode"));
                byte[] doFinal = cipher.doFinal(this.resultSet.getString("userCreditCardInfo").getBytes());
                Cookie cookie = new Cookie("login", string);
                cookie.setMaxAge(864000);
                cookie.setPath(InternalZipConstants.ZIP_FILE_SEPARATOR);
                httpServletResponse.addCookie(cookie);
                httpServletRequest.setAttribute("user", user.toString());
                httpServletRequest.setAttribute("login", string);
                logger.info(" User " + user + " successfully logged in ");
                logger.info(" User " + user + " credit info is " + doFinal);
                getServletContext().getRequestDispatcher("/dashboard.jsp").forward(httpServletRequest, httpServletResponse);
            } else {
                httpServletRequest.setAttribute("login", parameter);
                httpServletRequest.setAttribute("password", parameter2);
                httpServletRequest.setAttribute("keepOnline", Boolean.valueOf(z));
                httpServletRequest.setAttribute(JsonConstants.ELT_MESSAGE, "Failed to Sign in. Please verify credentials");
                logger.info(" UserId " + parameter + " failed to logged in ");
                getServletContext().getRequestDispatcher("/signIn.jsp").forward(httpServletRequest, httpServletResponse);
            }
        } catch (Exception e) {
            throw new ServletException(e);
        }
    }

    private void getConnection() throws ClassNotFoundException, SQLException {
        Class.forName("com.mysql.jdbc.Driver");
        this.connection = DriverManager.getConnection("jdbc:mysql://localhost/DBPROD", "admin", "1234");
    }
}
