package org.zaproxy.zap.extension.ascan;

import java.io.File;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.function.Consumer;
import java.util.regex.PatternSyntaxException;
import net.sf.json.JSON;
import net.sf.json.JSONException;
import net.sf.json.JSONObject;
import org.apache.commons.configuration.ConfigurationException;
import org.apache.commons.httpclient.URI;
import org.apache.commons.httpclient.URIException;
import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.parosproxy.paros.Constant;
import org.parosproxy.paros.control.Control;
import org.parosproxy.paros.core.scanner.Category;
import org.parosproxy.paros.core.scanner.HostProcess;
import org.parosproxy.paros.core.scanner.Plugin;
import org.parosproxy.paros.core.scanner.ScannerParamFilter;
import org.parosproxy.paros.db.DatabaseException;
import org.parosproxy.paros.model.HistoryReference;
import org.parosproxy.paros.model.Model;
import org.parosproxy.paros.network.HttpHeader;
import org.parosproxy.paros.network.HttpRequestHeader;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.zaproxy.zap.extension.api.ApiAction;
import org.zaproxy.zap.extension.api.ApiException;
import org.zaproxy.zap.extension.api.ApiImplementor;
import org.zaproxy.zap.extension.api.ApiResponse;
import org.zaproxy.zap.extension.api.ApiResponseElement;
import org.zaproxy.zap.extension.api.ApiResponseList;
import org.zaproxy.zap.extension.api.ApiResponseSet;
import org.zaproxy.zap.extension.api.ApiView;
import org.zaproxy.zap.extension.users.ExtensionUserManagement;
import org.zaproxy.zap.model.Context;
import org.zaproxy.zap.model.SessionStructure;
import org.zaproxy.zap.model.StructuralNode;
import org.zaproxy.zap.model.Target;
import org.zaproxy.zap.users.User;
import org.zaproxy.zap.utils.ApiUtils;
import org.zaproxy.zap.utils.XMLStringUtil;
import org.zaproxy.zap.utils.ZapXmlConfiguration;

/* loaded from: input_file:org/zaproxy/zap/extension/ascan/ActiveScanAPI.class */
public class ActiveScanAPI extends ApiImplementor {
    private static final Logger LOGGER = LogManager.getLogger(ActiveScanAPI.class);
    private static final String PREFIX = "ascan";
    private static final String ACTION_SCAN = "scan";
    private static final String ACTION_SCAN_AS_USER = "scanAsUser";
    private static final String ACTION_PAUSE_SCAN = "pause";
    private static final String ACTION_RESUME_SCAN = "resume";
    private static final String ACTION_STOP_SCAN = "stop";
    private static final String ACTION_PAUSE_ALL_SCANS = "pauseAllScans";
    private static final String ACTION_RESUME_ALL_SCANS = "resumeAllScans";
    private static final String ACTION_STOP_ALL_SCANS = "stopAllScans";
    private static final String ACTION_REMOVE_SCAN = "removeScan";
    private static final String ACTION_REMOVE_ALL_SCANS = "removeAllScans";
    private static final String ACTION_EXCLUDE_FROM_SCAN = "excludeFromScan";
    private static final String ACTION_CLEAR_EXCLUDED_FROM_SCAN = "clearExcludedFromScan";
    private static final String ACTION_ENABLE_ALL_SCANNERS = "enableAllScanners";
    private static final String ACTION_DISABLE_ALL_SCANNERS = "disableAllScanners";
    private static final String ACTION_ENABLE_SCANNERS = "enableScanners";
    private static final String ACTION_DISABLE_SCANNERS = "disableScanners";
    private static final String ACTION_SET_ENABLED_POLICIES = "setEnabledPolicies";
    private static final String ACTION_SET_POLICY_ATTACK_STRENGTH = "setPolicyAttackStrength";
    private static final String ACTION_SET_POLICY_ALERT_THRESHOLD = "setPolicyAlertThreshold";
    private static final String ACTION_SET_SCANNER_ATTACK_STRENGTH = "setScannerAttackStrength";
    private static final String ACTION_SET_SCANNER_ALERT_THRESHOLD = "setScannerAlertThreshold";
    private static final String ACTION_ADD_SCAN_POLICY = "addScanPolicy";
    private static final String ACTION_REMOVE_SCAN_POLICY = "removeScanPolicy";
    private static final String ACTION_UPDATE_SCAN_POLICY = "updateScanPolicy";
    private static final String ACTION_IMPORT_SCAN_POLICY = "importScanPolicy";
    private static final String ACTION_ADD_EXCLUDED_PARAM = "addExcludedParam";
    private static final String ACTION_MODIFY_EXCLUDED_PARAM = "modifyExcludedParam";
    private static final String ACTION_REMOVE_EXCLUDED_PARAM = "removeExcludedParam";
    private static final String ACTION_SKIP_SCANNER = "skipScanner";
    private static final String VIEW_STATUS = "status";
    private static final String VIEW_SCANS = "scans";
    private static final String VIEW_MESSAGES_IDS = "messagesIds";
    private static final String VIEW_ALERTS_IDS = "alertsIds";
    private static final String VIEW_EXCLUDED_FROM_SCAN = "excludedFromScan";
    private static final String VIEW_SCANNERS = "scanners";
    private static final String VIEW_POLICIES = "policies";
    private static final String VIEW_SCAN_POLICY_NAMES = "scanPolicyNames";
    private static final String VIEW_ATTACK_MODE_QUEUE = "attackModeQueue";
    private static final String VIEW_SCAN_PROGRESS = "scanProgress";
    private static final String VIEW_EXCLUDED_PARAMS = "excludedParams";
    private static final String VIEW_OPTION_EXCLUDED_PARAM_LIST = "optionExcludedParamList";
    private static final String VIEW_EXCLUDED_PARAM_TYPES = "excludedParamTypes";
    private static final String PARAM_URL = "url";
    private static final String PARAM_CONTEXT_ID = "contextId";
    private static final String PARAM_USER_ID = "userId";
    private static final String PARAM_REGEX = "regex";
    private static final String PARAM_RECURSE = "recurse";
    private static final String PARAM_JUST_IN_SCOPE = "inScopeOnly";
    private static final String PARAM_IDS = "ids";
    private static final String PARAM_ID = "id";
    private static final String PARAM_ATTACK_STRENGTH = "attackStrength";
    private static final String PARAM_ALERT_THRESHOLD = "alertThreshold";
    private static final String PARAM_SCAN_POLICY_NAME = "scanPolicyName";
    private static final String PARAM_PATH = "path";
    private static final String PARAM_CATEGORY_ID = "policyId";
    private static final String PARAM_SCAN_ID = "scanId";
    private static final String PARAM_SCANNER_ID = "scannerId";
    private static final String PARAM_METHOD = "method";
    private static final String PARAM_POST_DATA = "postData";
    private static final String PARAM_IDX = "idx";
    private static final String PARAM_TYPE = "type";
    private static final String PARAM_NAME = "name";
    private ExtensionActiveScan controller;

    /* loaded from: input_file:org/zaproxy/zap/extension/ascan/ActiveScanAPI$ExcludedParamApiResponse.class */
    private static class ExcludedParamApiResponse extends ApiResponse {
        private final Map<String, String> excludedParamData;
        private final ApiResponseSet<String> type;
        private final Map<String, String> typeData;

        public ExcludedParamApiResponse(ScannerParamFilter scannerParamFilter, int i) {
            super("excludedParam");
            this.excludedParamData = new HashMap();
            this.excludedParamData.put(ActiveScanAPI.PARAM_IDX, Integer.toString(i));
            this.excludedParamData.put("parameter", scannerParamFilter.getParamName());
            this.excludedParamData.put(ActiveScanAPI.PARAM_URL, scannerParamFilter.getWildcardedUrl());
            this.typeData = new HashMap();
            this.typeData.put(ActiveScanAPI.PARAM_ID, Integer.toString(scannerParamFilter.getType()));
            this.typeData.put("name", scannerParamFilter.getTypeString());
            this.type = new ApiResponseSet<>(ActiveScanAPI.PARAM_TYPE, this.typeData);
        }

        @Override // org.zaproxy.zap.extension.api.ApiResponse
        public void toXML(Document document, Element element) {
            element.setAttribute(ActiveScanAPI.PARAM_TYPE, "set");
            for (Map.Entry<String, String> entry : this.excludedParamData.entrySet()) {
                Element createElement = document.createElement(entry.getKey());
                createElement.appendChild(document.createTextNode(XMLStringUtil.escapeControlChrs(entry.getValue())));
                element.appendChild(createElement);
            }
            Element createElement2 = document.createElement(this.type.getName());
            this.type.toXML(document, createElement2);
            element.appendChild(createElement2);
        }

        @Override // org.zaproxy.zap.extension.api.ApiResponse
        public JSON toJSON() {
            JSONObject jSONObject = new JSONObject();
            for (Map.Entry<String, String> entry : this.excludedParamData.entrySet()) {
                jSONObject.put(entry.getKey(), entry.getValue());
            }
            jSONObject.put(this.type.getName(), this.type.toJSON());
            return jSONObject;
        }

        @Override // org.zaproxy.zap.extension.api.ApiResponse
        public void toHTML(StringBuilder sb) {
            sb.append("<h2>" + getName() + "</h2>\n");
            sb.append("<table border=\"1\">\n");
            for (Map.Entry<String, String> entry : this.excludedParamData.entrySet()) {
                sb.append("<tr><td>\n");
                sb.append(entry.getKey());
                sb.append("</td><td>\n");
                sb.append(StringEscapeUtils.escapeHtml(entry.getValue()));
                sb.append("</td></tr>\n");
            }
            sb.append("<tr><td>\n");
            sb.append(this.type.getName());
            sb.append("</td><td>\n");
            sb.append("<table border=\"1\">\n");
            for (Map.Entry<String, String> entry2 : this.typeData.entrySet()) {
                sb.append("<tr><td>\n");
                sb.append(StringEscapeUtils.escapeHtml(entry2.getKey()));
                sb.append("</td><td>\n");
                String value = entry2.getValue();
                if (value != null) {
                    sb.append(StringEscapeUtils.escapeHtml(value.toString()));
                }
                sb.append("</td></tr>\n");
            }
            sb.append("</table>\n");
            sb.append("</td></tr>\n");
            sb.append("</table>\n");
        }

        @Override // org.zaproxy.zap.extension.api.ApiResponse
        public String toString(int i) {
            StringBuilder sb = new StringBuilder();
            for (int i2 = 0; i2 < i; i2++) {
                sb.append("\t");
            }
            sb.append("ApiResponseSet ");
            sb.append(getName());
            sb.append(" : [\n");
            for (Map.Entry<String, String> entry : this.excludedParamData.entrySet()) {
                for (int i3 = 0; i3 < i + 1; i3++) {
                    sb.append("\t");
                }
                sb.append(entry.getKey());
                sb.append(" = ");
                sb.append(entry.getValue());
                sb.append(HttpHeader.LF);
            }
            sb.append(this.type.toString(i + 1));
            for (int i4 = 0; i4 < i; i4++) {
                sb.append("\t");
            }
            sb.append("]\n");
            return sb.toString();
        }
    }

    /* loaded from: input_file:org/zaproxy/zap/extension/ascan/ActiveScanAPI$ScannerApiResponse.class */
    private class ScannerApiResponse extends ApiResponse {
        final Map<String, String> scannerData;
        final ApiResponseList dependencies;

        public ScannerApiResponse(ScanPolicy scanPolicy, Plugin plugin) {
            super("scanner");
            this.scannerData = new HashMap();
            this.scannerData.put(ActiveScanAPI.PARAM_ID, String.valueOf(plugin.getId()));
            this.scannerData.put("name", plugin.getName());
            this.scannerData.put("cweId", String.valueOf(plugin.getCweId()));
            this.scannerData.put("wascId", String.valueOf(plugin.getWascId()));
            this.scannerData.put(ActiveScanAPI.PARAM_ATTACK_STRENGTH, String.valueOf(plugin.getAttackStrength(true)));
            this.scannerData.put(ActiveScanAPI.PARAM_ALERT_THRESHOLD, String.valueOf(plugin.getAlertThreshold(true)));
            this.scannerData.put(ActiveScanAPI.PARAM_CATEGORY_ID, String.valueOf(plugin.getCategory()));
            this.scannerData.put("enabled", String.valueOf(plugin.isEnabled()));
            this.scannerData.put("quality", plugin.getStatus().toString());
            this.scannerData.put(ActiveScanAPI.VIEW_STATUS, plugin.getStatus().toString());
            this.scannerData.put("allDependenciesAvailable", Boolean.toString(scanPolicy.getPluginFactory().hasAllDependenciesAvailable(plugin)));
            this.dependencies = new ApiResponseList("dependencies");
            Iterator<Plugin> it = scanPolicy.getPluginFactory().getDependencies(plugin).iterator();
            while (it.hasNext()) {
                this.dependencies.addItem(new ApiResponseElement("dependency", Integer.toString(it.next().getId())));
            }
        }

        @Override // org.zaproxy.zap.extension.api.ApiResponse
        public void toXML(Document document, Element element) {
            element.setAttribute(ActiveScanAPI.PARAM_TYPE, "set");
            for (Map.Entry<String, String> entry : this.scannerData.entrySet()) {
                Element createElement = document.createElement(entry.getKey());
                createElement.appendChild(document.createTextNode(XMLStringUtil.escapeControlChrs(entry.getValue())));
                element.appendChild(createElement);
            }
            Element createElement2 = document.createElement(this.dependencies.getName());
            this.dependencies.toXML(document, createElement2);
            element.appendChild(createElement2);
        }

        @Override // org.zaproxy.zap.extension.api.ApiResponse
        public JSON toJSON() {
            JSONObject jSONObject = new JSONObject();
            for (Map.Entry<String, String> entry : this.scannerData.entrySet()) {
                jSONObject.put(entry.getKey(), entry.getValue());
            }
            jSONObject.put(this.dependencies.getName(), this.dependencies.toJSON().getJSONArray(this.dependencies.getName()));
            return jSONObject;
        }

        @Override // org.zaproxy.zap.extension.api.ApiResponse
        public void toHTML(StringBuilder sb) {
            sb.append("<h2>" + getName() + "</h2>\n");
            sb.append("<table border=\"1\">\n");
            for (Map.Entry<String, String> entry : this.scannerData.entrySet()) {
                sb.append("<tr><td>\n");
                sb.append(entry.getKey());
                sb.append("</td><td>\n");
                sb.append(StringEscapeUtils.escapeHtml(entry.getValue()));
                sb.append("</td></tr>\n");
            }
            sb.append("<tr><td>\n");
            sb.append(this.dependencies.getName());
            sb.append("</td><td>\n");
            sb.append("<table border=\"1\">\n");
            for (ApiResponse apiResponse : this.dependencies.getItems()) {
                sb.append("<tr><td>\n");
                apiResponse.toHTML(sb);
                sb.append("</td></tr>\n");
            }
            sb.append("</table>\n");
            sb.append("</td></tr>\n");
            sb.append("</table>\n");
        }

        @Override // org.zaproxy.zap.extension.api.ApiResponse
        public String toString(int i) {
            StringBuilder sb = new StringBuilder();
            for (int i2 = 0; i2 < i; i2++) {
                sb.append("\t");
            }
            sb.append("ScannerApiResponse ");
            sb.append(getName());
            sb.append(" : [\n");
            for (Map.Entry<String, String> entry : this.scannerData.entrySet()) {
                for (int i3 = 0; i3 < i + 1; i3++) {
                    sb.append("\t");
                }
                sb.append(entry.getKey());
                sb.append(" = ");
                sb.append(entry.getValue());
                sb.append(HttpHeader.LF);
            }
            this.dependencies.toString(i + 1);
            for (int i4 = 0; i4 < i; i4++) {
                sb.append("\t");
            }
            sb.append("]\n");
            return sb.toString();
        }
    }

    public ActiveScanAPI(ExtensionActiveScan extensionActiveScan) {
        this.controller = null;
        this.controller = extensionActiveScan;
        addApiAction(new ApiAction(ACTION_SCAN, (String[]) null, new String[]{PARAM_URL, PARAM_RECURSE, PARAM_JUST_IN_SCOPE, PARAM_SCAN_POLICY_NAME, PARAM_METHOD, PARAM_POST_DATA, "contextId"}));
        addApiAction(new ApiAction(ACTION_SCAN_AS_USER, (String[]) null, new String[]{PARAM_URL, "contextId", "userId", PARAM_RECURSE, PARAM_SCAN_POLICY_NAME, PARAM_METHOD, PARAM_POST_DATA}));
        addApiAction(new ApiAction(ACTION_PAUSE_SCAN, new String[]{"scanId"}));
        addApiAction(new ApiAction(ACTION_RESUME_SCAN, new String[]{"scanId"}));
        addApiAction(new ApiAction(ACTION_STOP_SCAN, new String[]{"scanId"}));
        addApiAction(new ApiAction(ACTION_REMOVE_SCAN, new String[]{"scanId"}));
        addApiAction(new ApiAction(ACTION_PAUSE_ALL_SCANS));
        addApiAction(new ApiAction(ACTION_RESUME_ALL_SCANS));
        addApiAction(new ApiAction(ACTION_STOP_ALL_SCANS));
        addApiAction(new ApiAction(ACTION_REMOVE_ALL_SCANS));
        addApiAction(new ApiAction(ACTION_CLEAR_EXCLUDED_FROM_SCAN));
        addApiAction(new ApiAction(ACTION_EXCLUDE_FROM_SCAN, new String[]{PARAM_REGEX}));
        addApiAction(new ApiAction(ACTION_ENABLE_ALL_SCANNERS, (String[]) null, new String[]{PARAM_SCAN_POLICY_NAME}));
        addApiAction(new ApiAction(ACTION_DISABLE_ALL_SCANNERS, (String[]) null, new String[]{PARAM_SCAN_POLICY_NAME}));
        addApiAction(new ApiAction(ACTION_ENABLE_SCANNERS, new String[]{PARAM_IDS}, new String[]{PARAM_SCAN_POLICY_NAME}));
        addApiAction(new ApiAction(ACTION_DISABLE_SCANNERS, new String[]{PARAM_IDS}, new String[]{PARAM_SCAN_POLICY_NAME}));
        addApiAction(new ApiAction(ACTION_SET_ENABLED_POLICIES, new String[]{PARAM_IDS}, new String[]{PARAM_SCAN_POLICY_NAME}));
        addApiAction(new ApiAction(ACTION_SET_POLICY_ATTACK_STRENGTH, new String[]{PARAM_ID, PARAM_ATTACK_STRENGTH}, new String[]{PARAM_SCAN_POLICY_NAME}));
        addApiAction(new ApiAction(ACTION_SET_POLICY_ALERT_THRESHOLD, new String[]{PARAM_ID, PARAM_ALERT_THRESHOLD}, new String[]{PARAM_SCAN_POLICY_NAME}));
        addApiAction(new ApiAction(ACTION_SET_SCANNER_ATTACK_STRENGTH, new String[]{PARAM_ID, PARAM_ATTACK_STRENGTH}, new String[]{PARAM_SCAN_POLICY_NAME}));
        addApiAction(new ApiAction(ACTION_SET_SCANNER_ALERT_THRESHOLD, new String[]{PARAM_ID, PARAM_ALERT_THRESHOLD}, new String[]{PARAM_SCAN_POLICY_NAME}));
        addApiAction(new ApiAction(ACTION_ADD_SCAN_POLICY, new String[]{PARAM_SCAN_POLICY_NAME}, new String[]{PARAM_ALERT_THRESHOLD, PARAM_ATTACK_STRENGTH}));
        addApiAction(new ApiAction(ACTION_REMOVE_SCAN_POLICY, new String[]{PARAM_SCAN_POLICY_NAME}));
        addApiAction(new ApiAction(ACTION_UPDATE_SCAN_POLICY, new String[]{PARAM_SCAN_POLICY_NAME}, new String[]{PARAM_ALERT_THRESHOLD, PARAM_ATTACK_STRENGTH}));
        addApiAction(new ApiAction(ACTION_IMPORT_SCAN_POLICY, new String[]{PARAM_PATH}));
        addApiAction(new ApiAction(ACTION_ADD_EXCLUDED_PARAM, new String[]{"name"}, new String[]{PARAM_TYPE, PARAM_URL}));
        addApiAction(new ApiAction(ACTION_MODIFY_EXCLUDED_PARAM, new String[]{PARAM_IDX}, new String[]{"name", PARAM_TYPE, PARAM_URL}));
        addApiAction(new ApiAction(ACTION_REMOVE_EXCLUDED_PARAM, new String[]{PARAM_IDX}));
        addApiAction(new ApiAction(ACTION_SKIP_SCANNER, new String[]{"scanId", PARAM_SCANNER_ID}));
        addApiView(new ApiView(VIEW_STATUS, (String[]) null, new String[]{"scanId"}));
        addApiView(new ApiView("scanProgress", (String[]) null, new String[]{"scanId"}));
        addApiView(new ApiView(VIEW_MESSAGES_IDS, new String[]{"scanId"}));
        addApiView(new ApiView(VIEW_ALERTS_IDS, new String[]{"scanId"}));
        addApiView(new ApiView(VIEW_SCANS));
        addApiView(new ApiView(VIEW_SCAN_POLICY_NAMES));
        addApiView(new ApiView(VIEW_EXCLUDED_FROM_SCAN));
        addApiView(new ApiView(VIEW_SCANNERS, (String[]) null, new String[]{PARAM_SCAN_POLICY_NAME, PARAM_CATEGORY_ID}));
        addApiView(new ApiView(VIEW_POLICIES, (String[]) null, new String[]{PARAM_SCAN_POLICY_NAME, PARAM_CATEGORY_ID}));
        addApiView(new ApiView(VIEW_ATTACK_MODE_QUEUE));
        addApiView(new ApiView(VIEW_EXCLUDED_PARAMS));
        ApiView apiView = new ApiView(VIEW_OPTION_EXCLUDED_PARAM_LIST);
        apiView.setDeprecated(true);
        addApiView(apiView);
        addApiView(new ApiView(VIEW_EXCLUDED_PARAM_TYPES));
    }

    @Override // org.zaproxy.zap.extension.api.ApiImplementor
    public String getPrefix() {
        return PREFIX;
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:93:0x02f6. Please report as an issue. */
    @Override // org.zaproxy.zap.extension.api.ApiImplementor
    public ApiResponse handleApiAction(String str, JSONObject jSONObject) throws ApiException {
        LOGGER.debug("handleApiAction {} {}", str, jSONObject);
        User user = null;
        Context context = null;
        try {
            boolean z = -1;
            switch (str.hashCode()) {
                case -2130430655:
                    if (str.equals(ACTION_EXCLUDE_FROM_SCAN)) {
                        z = 11;
                        break;
                    }
                    break;
                case -1768343555:
                    if (str.equals(ACTION_SET_POLICY_ATTACK_STRENGTH)) {
                        z = 17;
                        break;
                    }
                    break;
                case -1756062994:
                    if (str.equals(ACTION_DISABLE_ALL_SCANNERS)) {
                        z = 13;
                        break;
                    }
                    break;
                case -1608768518:
                    if (str.equals(ACTION_SCAN_AS_USER)) {
                        z = false;
                        break;
                    }
                    break;
                case -1196620386:
                    if (str.equals(ACTION_CLEAR_EXCLUDED_FROM_SCAN)) {
                        z = 10;
                        break;
                    }
                    break;
                case -1162312304:
                    if (str.equals(ACTION_ADD_SCAN_POLICY)) {
                        z = 21;
                        break;
                    }
                    break;
                case -934426579:
                    if (str.equals(ACTION_RESUME_SCAN)) {
                        z = 3;
                        break;
                    }
                    break;
                case -796225975:
                    if (str.equals(ACTION_MODIFY_EXCLUDED_PARAM)) {
                        z = 26;
                        break;
                    }
                    break;
                case -545840936:
                    if (str.equals(ACTION_ENABLE_SCANNERS)) {
                        z = 14;
                        break;
                    }
                    break;
                case -147208781:
                    if (str.equals(ACTION_REMOVE_SCAN_POLICY)) {
                        z = 22;
                        break;
                    }
                    break;
                case -92360565:
                    if (str.equals(ACTION_PAUSE_ALL_SCANS)) {
                        z = 6;
                        break;
                    }
                    break;
                case 3524221:
                    if (str.equals(ACTION_SCAN)) {
                        z = true;
                        break;
                    }
                    break;
                case 3540994:
                    if (str.equals(ACTION_STOP_SCAN)) {
                        z = 4;
                        break;
                    }
                    break;
                case 106440182:
                    if (str.equals(ACTION_PAUSE_SCAN)) {
                        z = 2;
                        break;
                    }
                    break;
                case 192222489:
                    if (str.equals(ACTION_REMOVE_ALL_SCANS)) {
                        z = 9;
                        break;
                    }
                    break;
                case 354634623:
                    if (str.equals(ACTION_SKIP_SCANNER)) {
                        z = 28;
                        break;
                    }
                    break;
                case 405638036:
                    if (str.equals(ACTION_IMPORT_SCAN_POLICY)) {
                        z = 24;
                        break;
                    }
                    break;
                case 543566786:
                    if (str.equals(ACTION_RESUME_ALL_SCANS)) {
                        z = 7;
                        break;
                    }
                    break;
                case 601323891:
                    if (str.equals(ACTION_ENABLE_ALL_SCANNERS)) {
                        z = 12;
                        break;
                    }
                    break;
                case 613402263:
                    if (str.equals(ACTION_STOP_ALL_SCANS)) {
                        z = 8;
                        break;
                    }
                    break;
                case 691202365:
                    if (str.equals(ACTION_DISABLE_SCANNERS)) {
                        z = 15;
                        break;
                    }
                    break;
                case 778074863:
                    if (str.equals(ACTION_SET_ENABLED_POLICIES)) {
                        z = 16;
                        break;
                    }
                    break;
                case 971759042:
                    if (str.equals(ACTION_ADD_EXCLUDED_PARAM)) {
                        z = 25;
                        break;
                    }
                    break;
                case 1056081599:
                    if (str.equals(ACTION_REMOVE_EXCLUDED_PARAM)) {
                        z = 27;
                        break;
                    }
                    break;
                case 1098535201:
                    if (str.equals(ACTION_REMOVE_SCAN)) {
                        z = 5;
                        break;
                    }
                    break;
                case 1135097035:
                    if (str.equals(ACTION_SET_SCANNER_ALERT_THRESHOLD)) {
                        z = 20;
                        break;
                    }
                    break;
                case 1526648069:
                    if (str.equals(ACTION_SET_SCANNER_ATTACK_STRENGTH)) {
                        z = 19;
                        break;
                    }
                    break;
                case 1828926392:
                    if (str.equals(ACTION_UPDATE_SCAN_POLICY)) {
                        z = 23;
                        break;
                    }
                    break;
                case 2135072707:
                    if (str.equals(ACTION_SET_POLICY_ALERT_THRESHOLD)) {
                        z = 18;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    validateParamExists(jSONObject, "contextId");
                    validateParamExists(jSONObject, "userId");
                    int intParam = ApiUtils.getIntParam(jSONObject, "userId");
                    ExtensionUserManagement extensionUserManagement = (ExtensionUserManagement) Control.getSingleton().getExtensionLoader().getExtension(ExtensionUserManagement.class);
                    if (extensionUserManagement == null) {
                        throw new ApiException(ApiException.Type.NO_IMPLEMENTOR, ExtensionUserManagement.NAME);
                    }
                    context = ApiUtils.getContextByParamId(jSONObject, "contextId");
                    user = extensionUserManagement.getContextUserAuthManager(context.getId()).getUserById(intParam);
                    if (user == null) {
                        throw new ApiException(ApiException.Type.USER_NOT_FOUND, "userId");
                    }
                case true:
                    String optionalStringParam = ApiUtils.getOptionalStringParam(jSONObject, PARAM_URL);
                    if (context == null && jSONObject.has("contextId") && !jSONObject.getString("contextId").isEmpty()) {
                        context = ApiUtils.getContextByParamId(jSONObject, "contextId");
                    }
                    boolean param = context != null ? false : getParam(jSONObject, PARAM_JUST_IN_SCOPE, false);
                    String str2 = null;
                    ScanPolicy scanPolicy = null;
                    try {
                        str2 = jSONObject.getString(PARAM_SCAN_POLICY_NAME);
                    } catch (Exception e) {
                    }
                    if (str2 != null) {
                        try {
                            if (str2.length() > 0) {
                                LOGGER.debug("handleApiAction scan policy ={}", str2);
                                scanPolicy = this.controller.getPolicyManager().getPolicy(str2);
                            }
                        } catch (ConfigurationException e2) {
                            throw new ApiException(ApiException.Type.DOES_NOT_EXIST, PARAM_SCAN_POLICY_NAME);
                        }
                    }
                    String param2 = getParam(jSONObject, PARAM_METHOD, HttpRequestHeader.GET);
                    if (param2.trim().length() == 0) {
                        param2 = HttpRequestHeader.GET;
                    }
                    if (Arrays.asList(HttpRequestHeader.METHODS).contains(param2)) {
                        return new ApiResponseElement(str, Integer.toString(scanURL(optionalStringParam, user, getParam(jSONObject, PARAM_RECURSE, true), param, param2, getParam(jSONObject, PARAM_POST_DATA, Constant.USER_AGENT), scanPolicy, context)));
                    }
                    throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_METHOD);
                case true:
                    getActiveScan(jSONObject).pauseScan();
                    return ApiResponseElement.OK;
                case true:
                    getActiveScan(jSONObject).resumeScan();
                    return ApiResponseElement.OK;
                case true:
                    getActiveScan(jSONObject).stopScan();
                    return ApiResponseElement.OK;
                case true:
                    if (this.controller.removeScan(jSONObject.getInt("scanId")) == null) {
                        throw new ApiException(ApiException.Type.DOES_NOT_EXIST, "scanId");
                    }
                    return ApiResponseElement.OK;
                case true:
                    this.controller.pauseAllScans();
                    return ApiResponseElement.OK;
                case true:
                    this.controller.resumeAllScans();
                    return ApiResponseElement.OK;
                case true:
                    this.controller.stopAllScans();
                    return ApiResponseElement.OK;
                case true:
                    this.controller.removeAllScans();
                    return ApiResponseElement.OK;
                case true:
                    try {
                        Model.getSingleton().getSession().setExcludeFromScanRegexs(new ArrayList());
                        return ApiResponseElement.OK;
                    } catch (DatabaseException e3) {
                        LOGGER.error(e3.getMessage(), e3);
                        throw new ApiException(ApiException.Type.INTERNAL_ERROR, e3.getMessage());
                    }
                case true:
                    try {
                        try {
                            Model.getSingleton().getSession().addExcludeFromScanRegexs(jSONObject.getString(PARAM_REGEX));
                            return ApiResponseElement.OK;
                        } catch (PatternSyntaxException e4) {
                            throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_REGEX);
                        }
                    } catch (DatabaseException e5) {
                        LOGGER.error(e5.getMessage(), e5);
                        throw new ApiException(ApiException.Type.INTERNAL_ERROR, e5.getMessage());
                    }
                case true:
                    ScanPolicy scanPolicyFromParams = getScanPolicyFromParams(jSONObject);
                    scanPolicyFromParams.getPluginFactory().setAllPluginEnabled(true);
                    scanPolicyFromParams.save();
                    return ApiResponseElement.OK;
                case true:
                    ScanPolicy scanPolicyFromParams2 = getScanPolicyFromParams(jSONObject);
                    scanPolicyFromParams2.getPluginFactory().setAllPluginEnabled(false);
                    scanPolicyFromParams2.save();
                    return ApiResponseElement.OK;
                case true:
                    ScanPolicy scanPolicyFromParams3 = getScanPolicyFromParams(jSONObject);
                    setScannersEnabled(scanPolicyFromParams3, getParam(jSONObject, PARAM_IDS, Constant.USER_AGENT).split(","), true);
                    scanPolicyFromParams3.save();
                    return ApiResponseElement.OK;
                case true:
                    ScanPolicy scanPolicyFromParams4 = getScanPolicyFromParams(jSONObject);
                    setScannersEnabled(scanPolicyFromParams4, getParam(jSONObject, PARAM_IDS, Constant.USER_AGENT).split(","), false);
                    scanPolicyFromParams4.save();
                    return ApiResponseElement.OK;
                case true:
                    ScanPolicy scanPolicyFromParams5 = getScanPolicyFromParams(jSONObject);
                    setEnabledCategories(scanPolicyFromParams5, getParam(jSONObject, PARAM_IDS, Constant.USER_AGENT).split(","));
                    scanPolicyFromParams5.save();
                    return ApiResponseElement.OK;
                case true:
                    int param3 = getParam(jSONObject, PARAM_ID, -1);
                    verifyCategoryId(param3, PARAM_ID);
                    ScanPolicy scanPolicyFromParams6 = getScanPolicyFromParams(jSONObject);
                    Plugin.AttackStrength attackStrengthFromParamAttack = getAttackStrengthFromParamAttack(jSONObject);
                    updateRulesOfCategoryInPolicy(param3, scanPolicyFromParams6, plugin -> {
                        plugin.setAttackStrength(attackStrengthFromParamAttack);
                    });
                    return ApiResponseElement.OK;
                case HistoryReference.TYPE_SPIDER_AJAX_TEMPORARY /* 18 */:
                    int param4 = getParam(jSONObject, PARAM_ID, -1);
                    verifyCategoryId(param4, PARAM_ID);
                    ScanPolicy scanPolicyFromParams7 = getScanPolicyFromParams(jSONObject);
                    Plugin.AlertThreshold alertThresholdFromParamAlertThreshold = getAlertThresholdFromParamAlertThreshold(jSONObject);
                    updateRulesOfCategoryInPolicy(param4, scanPolicyFromParams7, plugin2 -> {
                        plugin2.setAlertThreshold(alertThresholdFromParamAlertThreshold);
                    });
                    return ApiResponseElement.OK;
                case HistoryReference.TYPE_SPIDER_TEMPORARY /* 19 */:
                    ScanPolicy scanPolicyFromParams8 = getScanPolicyFromParams(jSONObject);
                    getScannerFromId(scanPolicyFromParams8, getParam(jSONObject, PARAM_ID, -1), PARAM_ID).setAttackStrength(getAttackStrengthFromParamAttack(jSONObject));
                    scanPolicyFromParams8.save();
                    return ApiResponseElement.OK;
                case true:
                    ScanPolicy scanPolicyFromParams9 = getScanPolicyFromParams(jSONObject);
                    getScannerFromId(scanPolicyFromParams9, getParam(jSONObject, PARAM_ID, -1), PARAM_ID).setAlertThreshold(getAlertThresholdFromParamAlertThreshold(jSONObject));
                    scanPolicyFromParams9.save();
                    return ApiResponseElement.OK;
                case HistoryReference.TYPE_CALLBACK /* 21 */:
                    String string = jSONObject.getString(PARAM_SCAN_POLICY_NAME);
                    if (this.controller.getPolicyManager().getAllPolicyNames().contains(string)) {
                        throw new ApiException(ApiException.Type.ALREADY_EXISTS, PARAM_SCAN_POLICY_NAME);
                    }
                    if (!this.controller.getPolicyManager().isLegalPolicyName(string)) {
                        throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_SCAN_POLICY_NAME);
                    }
                    ScanPolicy templatePolicy = this.controller.getPolicyManager().getTemplatePolicy();
                    templatePolicy.setName(string);
                    setAlertThreshold(templatePolicy, jSONObject);
                    setAttackStrength(templatePolicy, jSONObject);
                    this.controller.getPolicyManager().savePolicy(templatePolicy);
                    return ApiResponseElement.OK;
                case HistoryReference.TYPE_OAST /* 22 */:
                    ScanPolicy scanPolicyFromParams10 = getScanPolicyFromParams(jSONObject);
                    if (this.controller.getPolicyManager().getAllPolicyNames().size() == 1) {
                        throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, "You are not allowed to remove the last scan policy");
                    }
                    this.controller.getPolicyManager().deletePolicy(scanPolicyFromParams10.getName());
                    return ApiResponseElement.OK;
                case HistoryReference.TYPE_PARAM_DIGGER /* 23 */:
                    ScanPolicy scanPolicyFromParams11 = getScanPolicyFromParams(jSONObject);
                    if (isParamsChanged(scanPolicyFromParams11, jSONObject)) {
                        updateAlertThreshold(scanPolicyFromParams11, jSONObject);
                        updateAttackStrength(scanPolicyFromParams11, jSONObject);
                        this.controller.getPolicyManager().savePolicy(scanPolicyFromParams11);
                    }
                    return ApiResponseElement.OK;
                case ScanProgressActionIcon.CLICKABLE_ICON_WIDTH /* 24 */:
                    File file = new File(jSONObject.getString(PARAM_PATH));
                    if (!file.exists()) {
                        throw new ApiException(ApiException.Type.DOES_NOT_EXIST, PARAM_PATH);
                    }
                    if (!file.isFile()) {
                        throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_PATH);
                    }
                    try {
                        ScanPolicy scanPolicy2 = new ScanPolicy(new ZapXmlConfiguration(file));
                        String name = scanPolicy2.getName();
                        if (name.isEmpty()) {
                            name = file.getName();
                        }
                        if (this.controller.getPolicyManager().getAllPolicyNames().contains(name)) {
                            throw new ApiException(ApiException.Type.ALREADY_EXISTS, name);
                        }
                        if (!this.controller.getPolicyManager().isLegalPolicyName(name)) {
                            throw new ApiException(ApiException.Type.BAD_EXTERNAL_DATA, name);
                        }
                        try {
                            this.controller.getPolicyManager().savePolicy(scanPolicy2);
                            return ApiResponseElement.OK;
                        } catch (ConfigurationException e6) {
                            throw new ApiException(ApiException.Type.INTERNAL_ERROR, (Throwable) e6);
                        }
                    } catch (IllegalArgumentException | ConfigurationException e7) {
                        throw new ApiException(ApiException.Type.BAD_EXTERNAL_DATA, file.toString(), e7);
                    }
                case true:
                    int param5 = getParam(jSONObject, PARAM_TYPE, -1);
                    if (!ScannerParamFilter.getTypes().containsKey(Integer.valueOf(param5))) {
                        throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_TYPE);
                    }
                    String param6 = getParam(jSONObject, PARAM_URL, "*");
                    if (param6.isEmpty()) {
                        param6 = "*";
                    }
                    ScannerParamFilter scannerParamFilter = new ScannerParamFilter(jSONObject.getString("name"), param5, param6);
                    ArrayList arrayList = new ArrayList(this.controller.getScannerParam().getExcludedParamList());
                    arrayList.add(scannerParamFilter);
                    this.controller.getScannerParam().setExcludedParamList(arrayList);
                    return ApiResponseElement.OK;
                case true:
                    try {
                        int i = jSONObject.getInt(PARAM_IDX);
                        if (i < 0 || i >= this.controller.getScannerParam().getExcludedParamList().size()) {
                            throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_IDX);
                        }
                        ScannerParamFilter scannerParamFilter2 = this.controller.getScannerParam().getExcludedParamList().get(i);
                        String param7 = getParam(jSONObject, "name", scannerParamFilter2.getParamName());
                        if (param7.isEmpty()) {
                            param7 = scannerParamFilter2.getParamName();
                        }
                        int param8 = getParam(jSONObject, PARAM_TYPE, scannerParamFilter2.getType());
                        if (!ScannerParamFilter.getTypes().containsKey(Integer.valueOf(param8))) {
                            throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_TYPE);
                        }
                        String param9 = getParam(jSONObject, PARAM_URL, scannerParamFilter2.getWildcardedUrl());
                        if (param9.isEmpty()) {
                            param9 = "*";
                        }
                        ScannerParamFilter scannerParamFilter3 = new ScannerParamFilter(param7, param8, param9);
                        if (!scannerParamFilter2.equals(scannerParamFilter3)) {
                            ArrayList arrayList2 = new ArrayList(this.controller.getScannerParam().getExcludedParamList());
                            arrayList2.set(i, scannerParamFilter3);
                            this.controller.getScannerParam().setExcludedParamList(arrayList2);
                        }
                        return ApiResponseElement.OK;
                    } catch (JSONException e8) {
                        throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_IDX, e8);
                    }
                case true:
                    try {
                        int i2 = jSONObject.getInt(PARAM_IDX);
                        if (i2 < 0 || i2 >= this.controller.getScannerParam().getExcludedParamList().size()) {
                            throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_IDX);
                        }
                        ArrayList arrayList3 = new ArrayList(this.controller.getScannerParam().getExcludedParamList());
                        arrayList3.remove(i2);
                        this.controller.getScannerParam().setExcludedParamList(arrayList3);
                        return ApiResponseElement.OK;
                    } catch (JSONException e9) {
                        throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_IDX, e9);
                    }
                case true:
                    int param10 = getParam(jSONObject, PARAM_SCANNER_ID, -1);
                    if (param10 == -1) {
                        throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_SCANNER_ID);
                    }
                    String string2 = Constant.messages.getString("ascan.progress.label.skipped.reason.user");
                    getActiveScan(jSONObject).getHostProcesses().forEach(hostProcess -> {
                        hostProcess.pluginSkipped(param10, string2);
                    });
                    return ApiResponseElement.OK;
                default:
                    throw new ApiException(ApiException.Type.BAD_ACTION);
            }
        } catch (ConfigurationException e10) {
            throw new ApiException(ApiException.Type.INTERNAL_ERROR, e10.getMessage());
        }
    }

    private void setAlertThreshold(ScanPolicy scanPolicy, JSONObject jSONObject) throws ApiException {
        if (isParamExists(jSONObject, PARAM_ALERT_THRESHOLD)) {
            try {
                scanPolicy.setDefaultThreshold(getAlertThresholdFromParamAlertThreshold(jSONObject));
            } catch (IllegalArgumentException e) {
                throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, e.getMessage(), e);
            }
        }
    }

    private void setAttackStrength(ScanPolicy scanPolicy, JSONObject jSONObject) throws ApiException {
        if (isParamExists(jSONObject, PARAM_ATTACK_STRENGTH)) {
            try {
                scanPolicy.setDefaultStrength(getAttackStrengthFromParamAttack(jSONObject));
            } catch (IllegalArgumentException e) {
                throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, e.getMessage(), e);
            }
        }
    }

    private boolean isParamsChanged(ScanPolicy scanPolicy, JSONObject jSONObject) throws ApiException {
        return isAlertThresholdChanged(scanPolicy, jSONObject) || isAttackStrengthChanged(scanPolicy, jSONObject);
    }

    private boolean isAlertThresholdChanged(ScanPolicy scanPolicy, JSONObject jSONObject) throws ApiException {
        if (isParamExists(jSONObject, PARAM_ALERT_THRESHOLD)) {
            return !scanPolicy.getDefaultThreshold().equals(getAlertThresholdFromParamAlertThreshold(jSONObject));
        }
        return false;
    }

    private boolean isAttackStrengthChanged(ScanPolicy scanPolicy, JSONObject jSONObject) throws ApiException {
        if (isParamExists(jSONObject, PARAM_ATTACK_STRENGTH)) {
            return !scanPolicy.getDefaultStrength().equals(getAttackStrengthFromParamAttack(jSONObject));
        }
        return false;
    }

    private void updateAlertThreshold(ScanPolicy scanPolicy, JSONObject jSONObject) throws ApiException {
        if (isAlertThresholdChanged(scanPolicy, jSONObject)) {
            scanPolicy.setDefaultThreshold(getAlertThresholdFromParamAlertThreshold(jSONObject));
        }
    }

    private void updateAttackStrength(ScanPolicy scanPolicy, JSONObject jSONObject) throws ApiException {
        if (isAttackStrengthChanged(scanPolicy, jSONObject)) {
            scanPolicy.setDefaultStrength(getAttackStrengthFromParamAttack(jSONObject));
        }
    }

    private boolean isParamExists(JSONObject jSONObject, String str) {
        return jSONObject.has(str) && StringUtils.isNotBlank(jSONObject.getString(str));
    }

    private ScanPolicy getScanPolicyFromParams(JSONObject jSONObject) throws ApiException {
        String str = null;
        try {
            str = jSONObject.getString(PARAM_SCAN_POLICY_NAME);
        } catch (Exception e) {
        }
        if (str == null || str.length() == 0) {
            return this.controller.getPolicyManager().getDefaultScanPolicy();
        }
        try {
            return this.controller.getPolicyManager().getPolicy(str);
        } catch (ConfigurationException e2) {
            throw new ApiException(ApiException.Type.DOES_NOT_EXIST, PARAM_SCAN_POLICY_NAME);
        }
    }

    private ActiveScan getActiveScan(JSONObject jSONObject) throws ApiException {
        int param = getParam(jSONObject, "scanId", -1);
        ActiveScan lastScan = param == -1 ? this.controller.getLastScan() : this.controller.getScan(param);
        if (lastScan == null) {
            throw new ApiException(ApiException.Type.DOES_NOT_EXIST, "scanId");
        }
        return lastScan;
    }

    private void setScannersEnabled(ScanPolicy scanPolicy, String[] strArr, boolean z) throws ApiException {
        ArrayList arrayList = null;
        try {
            for (String str : strArr) {
                String trim = str.trim();
                Plugin plugin = scanPolicy.getPluginFactory().getPlugin(Integer.parseInt(trim));
                if (plugin != null) {
                    plugin.setEnabled(z);
                } else {
                    if (arrayList == null) {
                        arrayList = new ArrayList();
                    }
                    arrayList.add(trim);
                }
            }
            if (arrayList != null) {
                throw new ApiException(ApiException.Type.DOES_NOT_EXIST, "IDs: " + arrayList);
            }
        } catch (NumberFormatException e) {
            LOGGER.warn("Failed to parse scanner ID: ", e);
            throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, e.getMessage(), e);
        }
    }

    private void setEnabledCategories(ScanPolicy scanPolicy, String[] strArr) throws ApiException, ConfigurationException {
        try {
            scanPolicy.getPluginFactory().setAllPluginEnabled(false);
            for (String str : strArr) {
                int parseInt = Integer.parseInt(str.trim());
                verifyCategoryId(parseInt, str.trim());
                updateRulesOfCategoryInPolicy(parseInt, scanPolicy, plugin -> {
                    plugin.setEnabled(true);
                });
            }
        } catch (NumberFormatException e) {
            LOGGER.warn("Failed to parse category ID: ", e);
            throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, e.getMessage(), e);
        }
    }

    private static void verifyCategoryId(int i, String str) throws ApiException {
        if (i < 0) {
            throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, str);
        }
        if (!Arrays.asList(Category.getAllNames()).contains(Category.getName(i))) {
            throw new ApiException(ApiException.Type.DOES_NOT_EXIST, Integer.toString(i));
        }
    }

    private void updateRulesOfCategoryInPolicy(int i, ScanPolicy scanPolicy, Consumer<Plugin> consumer) throws ConfigurationException {
        for (Plugin plugin : scanPolicy.getPluginFactory().getAllPlugin()) {
            if (plugin.getCategory() == i) {
                consumer.accept(plugin);
            }
        }
        scanPolicy.save();
    }

    private Plugin.AttackStrength getAttackStrengthFromParamAttack(JSONObject jSONObject) throws ApiException {
        try {
            return Plugin.AttackStrength.valueOf(jSONObject.getString(PARAM_ATTACK_STRENGTH).trim().toUpperCase());
        } catch (IllegalArgumentException e) {
            throw new ApiException(ApiException.Type.DOES_NOT_EXIST, PARAM_ATTACK_STRENGTH);
        }
    }

    private Plugin.AlertThreshold getAlertThresholdFromParamAlertThreshold(JSONObject jSONObject) throws ApiException {
        try {
            return Plugin.AlertThreshold.valueOf(jSONObject.getString(PARAM_ALERT_THRESHOLD).trim().toUpperCase());
        } catch (IllegalArgumentException e) {
            throw new ApiException(ApiException.Type.DOES_NOT_EXIST, PARAM_ALERT_THRESHOLD);
        }
    }

    private Plugin getScannerFromId(ScanPolicy scanPolicy, int i, String str) throws ApiException {
        if (i < 0) {
            throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, str);
        }
        Plugin plugin = scanPolicy.getPluginFactory().getPlugin(i);
        if (plugin == null) {
            throw new ApiException(ApiException.Type.DOES_NOT_EXIST, Integer.toString(i));
        }
        return plugin;
    }

    private int scanURL(String str, User user, boolean z, boolean z2, String str2, String str3, ScanPolicy scanPolicy, Context context) throws ApiException {
        Target target;
        boolean z3 = true;
        if (str == null || str.isEmpty()) {
            if (context == null || !context.hasNodesInContextFromSiteTree()) {
                throw new ApiException(ApiException.Type.MISSING_PARAMETER, PARAM_URL);
            }
            z3 = false;
        } else if (context != null && !context.isInContext(str)) {
            throw new ApiException(ApiException.Type.URL_NOT_IN_CONTEXT, PARAM_URL);
        }
        StructuralNode structuralNode = null;
        if (z3) {
            if (z) {
                try {
                    if (str.endsWith("/")) {
                        str = str.substring(0, str.length() - 1);
                    }
                } catch (URIException e) {
                    throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_URL, e);
                }
            }
            URI uri = new URI(str, true);
            String scheme = uri.getScheme();
            if (scheme == null || !(scheme.equalsIgnoreCase(HttpHeader.HTTP) || scheme.equalsIgnoreCase(HttpHeader.HTTPS))) {
                throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, "url does not have a scheme.");
            }
            try {
                Model singleton = Model.getSingleton();
                structuralNode = SessionStructure.find(singleton, uri, str2, str3);
                if (structuralNode == null && HttpRequestHeader.GET.equalsIgnoreCase(str2)) {
                    structuralNode = SessionStructure.find(singleton, uri, (String) null, str3);
                }
                if (structuralNode == null) {
                    throw new ApiException(ApiException.Type.URL_NOT_FOUND);
                }
            } catch (Exception e2) {
                throw new ApiException(ApiException.Type.INTERNAL_ERROR, e2);
            }
        }
        if (z3) {
            target = new Target(structuralNode);
            target.setContext(context);
        } else {
            target = new Target(context);
        }
        target.setRecurse(z);
        target.setInScopeOnly(z2);
        switch (Control.getSingleton().getMode()) {
            case safe:
                throw new ApiException(ApiException.Type.MODE_VIOLATION);
            case protect:
                if ((z3 && !Model.getSingleton().getSession().isInScope(str)) || (context != null && !context.isInScope())) {
                    throw new ApiException(ApiException.Type.MODE_VIOLATION);
                }
                break;
        }
        Object[] objArr = new Object[0];
        if (scanPolicy != null) {
            objArr = new Object[]{scanPolicy};
        }
        return this.controller.startScan(null, target, user, objArr);
    }

    @Override // org.zaproxy.zap.extension.api.ApiImplementor
    public ApiResponse handleApiView(String str, JSONObject jSONObject) throws ApiException {
        ApiResponse apiResponse;
        boolean z = -1;
        switch (str.hashCode()) {
            case -1461526367:
                if (str.equals(VIEW_ALERTS_IDS)) {
                    z = 4;
                    break;
                }
                break;
            case -1436801706:
                if (str.equals(VIEW_EXCLUDED_PARAM_TYPES)) {
                    z = 12;
                    break;
                }
                break;
            case -933804751:
                if (str.equals(VIEW_EXCLUDED_FROM_SCAN)) {
                    z = 5;
                    break;
                }
                break;
            case -892481550:
                if (str.equals(VIEW_STATUS)) {
                    z = false;
                    break;
                }
                break;
            case -889730507:
                if (str.equals(VIEW_SCANNERS)) {
                    z = 6;
                    break;
                }
                break;
            case -872216116:
                if (str.equals(VIEW_MESSAGES_IDS)) {
                    z = 3;
                    break;
                }
                break;
            case -34773972:
                if (str.equals(VIEW_OPTION_EXCLUDED_PARAM_LIST)) {
                    z = 10;
                    break;
                }
                break;
            case 109250966:
                if (str.equals(VIEW_SCANS)) {
                    z = true;
                    break;
                }
                break;
            case 262225862:
                if (str.equals(VIEW_ATTACK_MODE_QUEUE)) {
                    z = 9;
                    break;
                }
                break;
            case 380182474:
                if (str.equals("scanProgress")) {
                    z = 2;
                    break;
                }
                break;
            case 546894160:
                if (str.equals(VIEW_POLICIES)) {
                    z = 7;
                    break;
                }
                break;
            case 1205244537:
                if (str.equals(VIEW_SCAN_POLICY_NAMES)) {
                    z = 8;
                    break;
                }
                break;
            case 2017182704:
                if (str.equals(VIEW_EXCLUDED_PARAMS)) {
                    z = 11;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                ActiveScan activeScan = getActiveScan(jSONObject);
                apiResponse = new ApiResponseElement(str, String.valueOf(activeScan.isStopped() ? 100 : activeScan.getProgress()));
                break;
            case true:
                ApiResponseList apiResponseList = new ApiResponseList(str);
                for (ActiveScan activeScan2 : this.controller.getAllScans()) {
                    HashMap hashMap = new HashMap();
                    hashMap.put(PARAM_ID, Integer.toString(activeScan2.getScanId()));
                    hashMap.put("progress", Integer.toString(activeScan2.getProgress()));
                    hashMap.put("state", activeScan2.getState().name());
                    hashMap.put("reqCount", Integer.toString(activeScan2.getTotalRequests()));
                    hashMap.put("alertCount", Integer.toString(activeScan2.getAlertsIds().size()));
                    hashMap.put("newAlertCount", Integer.toString(activeScan2.getTotalNewAlerts()));
                    apiResponseList.addItem(new ApiResponseSet(ACTION_SCAN, hashMap));
                }
                apiResponse = apiResponseList;
                break;
            case true:
                ApiResponseList apiResponseList2 = new ApiResponseList(str);
                for (HostProcess hostProcess : getActiveScan(jSONObject).getHostProcesses()) {
                    ApiResponseList apiResponseList3 = new ApiResponseList("HostProcess");
                    apiResponseList2.addItem(new ApiResponseElement(PARAM_ID, hostProcess.getHostAndPort()));
                    for (Plugin plugin : hostProcess.getCompleted()) {
                        apiResponseList3.addItem(createPluginProgressEntry(plugin, getStatus(hostProcess, plugin, "Complete"), plugin.getTimeFinished().getTime() - plugin.getTimeStarted().getTime(), hostProcess.getPluginRequestCount(plugin.getId()), hostProcess.getPluginStats(plugin.getId()).getAlertCount()));
                    }
                    for (Plugin plugin2 : hostProcess.getRunning()) {
                        int testCurrentCount = (hostProcess.getTestCurrentCount(plugin2) * 100) / hostProcess.getTestTotalCount();
                        if (testCurrentCount >= 100) {
                            testCurrentCount = 99;
                        }
                        apiResponseList3.addItem(createPluginProgressEntry(plugin2, testCurrentCount + "%", new Date().getTime() - plugin2.getTimeStarted().getTime(), hostProcess.getPluginRequestCount(plugin2.getId()), hostProcess.getPluginStats(plugin2.getId()).getAlertCount()));
                    }
                    for (Plugin plugin3 : hostProcess.getPending()) {
                        apiResponseList3.addItem(createPluginProgressEntry(plugin3, getStatus(hostProcess, plugin3, "Pending"), 0L, 0, 0));
                    }
                    apiResponseList2.addItem(apiResponseList3);
                }
                apiResponse = apiResponseList2;
                break;
            case true:
                ApiResponseList apiResponseList4 = new ApiResponseList(str);
                ActiveScan activeScan3 = getActiveScan(jSONObject);
                synchronized (activeScan3.getMessagesIds()) {
                    Iterator<Integer> it = activeScan3.getMessagesIds().iterator();
                    while (it.hasNext()) {
                        apiResponseList4.addItem(new ApiResponseElement(PARAM_ID, it.next().toString()));
                    }
                }
                apiResponse = apiResponseList4;
                break;
            case true:
                ApiResponseList apiResponseList5 = new ApiResponseList(str);
                ActiveScan activeScan4 = getActiveScan(jSONObject);
                synchronized (activeScan4.getAlertsIds()) {
                    Iterator<Integer> it2 = activeScan4.getAlertsIds().iterator();
                    while (it2.hasNext()) {
                        apiResponseList5.addItem(new ApiResponseElement(PARAM_ID, it2.next().toString()));
                    }
                }
                apiResponse = apiResponseList5;
                break;
            case true:
                apiResponse = new ApiResponseList(str);
                Iterator<String> it3 = Model.getSingleton().getSession().getExcludeFromScanRegexs().iterator();
                while (it3.hasNext()) {
                    ((ApiResponseList) apiResponse).addItem(new ApiResponseElement(PARAM_REGEX, it3.next()));
                }
                break;
            case true:
                ScanPolicy scanPolicyFromParams = getScanPolicyFromParams(jSONObject);
                List<Plugin> allPlugin = scanPolicyFromParams.getPluginFactory().getAllPlugin();
                int param = getParam(jSONObject, PARAM_CATEGORY_ID, -1);
                if (param != -1) {
                    verifyCategoryId(param, PARAM_CATEGORY_ID);
                }
                ApiResponseList apiResponseList6 = new ApiResponseList(str);
                for (Plugin plugin4 : allPlugin) {
                    if (param == -1 || param == plugin4.getCategory()) {
                        apiResponseList6.addItem(new ScannerApiResponse(scanPolicyFromParams, plugin4));
                    }
                }
                apiResponse = apiResponseList6;
                break;
            case true:
                ScanPolicy scanPolicyFromParams2 = getScanPolicyFromParams(jSONObject);
                String[] allNames = Category.getAllNames();
                ApiResponseList apiResponseList7 = new ApiResponseList(str);
                for (String str2 : allNames) {
                    int category = Category.getCategory(str2);
                    Plugin.AttackStrength policyAttackStrength = getPolicyAttackStrength(scanPolicyFromParams2, category);
                    Plugin.AlertThreshold policyAlertThreshold = getPolicyAlertThreshold(scanPolicyFromParams2, category);
                    HashMap hashMap2 = new HashMap();
                    hashMap2.put(PARAM_ID, String.valueOf(category));
                    hashMap2.put("name", str2);
                    hashMap2.put(PARAM_ATTACK_STRENGTH, policyAttackStrength == null ? Constant.USER_AGENT : String.valueOf(policyAttackStrength));
                    hashMap2.put(PARAM_ALERT_THRESHOLD, policyAlertThreshold == null ? Constant.USER_AGENT : String.valueOf(policyAlertThreshold));
                    hashMap2.put("enabled", String.valueOf(isPolicyEnabled(scanPolicyFromParams2, category)));
                    apiResponseList7.addItem(new ApiResponseSet("policy", hashMap2));
                }
                apiResponse = apiResponseList7;
                break;
            case true:
                ApiResponseList apiResponseList8 = new ApiResponseList(str);
                Iterator<String> it4 = this.controller.getPolicyManager().getAllPolicyNames().iterator();
                while (it4.hasNext()) {
                    apiResponseList8.addItem(new ApiResponseElement("policy", it4.next()));
                }
                apiResponse = apiResponseList8;
                break;
            case true:
                apiResponse = new ApiResponseElement(str, String.valueOf(this.controller.getAttackModeStackSize()));
                break;
            case true:
            case true:
                ApiResponseList apiResponseList9 = new ApiResponseList(str);
                List<ScannerParamFilter> excludedParamList = this.controller.getScannerParam().getExcludedParamList();
                for (int i = 0; i < excludedParamList.size(); i++) {
                    apiResponseList9.addItem(new ExcludedParamApiResponse(excludedParamList.get(i), i));
                }
                apiResponse = apiResponseList9;
                break;
            case true:
                ApiResponseList apiResponseList10 = new ApiResponseList(str);
                for (Map.Entry<Integer, String> entry : ScannerParamFilter.getTypes().entrySet()) {
                    HashMap hashMap3 = new HashMap();
                    hashMap3.put(PARAM_ID, Integer.toString(entry.getKey().intValue()));
                    hashMap3.put("name", entry.getValue());
                    apiResponseList10.addItem(new ApiResponseSet(PARAM_TYPE, hashMap3));
                }
                apiResponse = apiResponseList10;
                break;
            default:
                throw new ApiException(ApiException.Type.BAD_VIEW);
        }
        return apiResponse;
    }

    private static ApiResponseList createPluginProgressEntry(Plugin plugin, String str, long j, int i, int i2) {
        ApiResponseList apiResponseList = new ApiResponseList("Plugin");
        apiResponseList.addItem(new ApiResponseElement("name", plugin.getName()));
        apiResponseList.addItem(new ApiResponseElement(PARAM_ID, Integer.toString(plugin.getId())));
        apiResponseList.addItem(new ApiResponseElement("quality", plugin.getStatus().toString()));
        apiResponseList.addItem(new ApiResponseElement(VIEW_STATUS, str));
        apiResponseList.addItem(new ApiResponseElement("timeInMs", Long.toString(j)));
        apiResponseList.addItem(new ApiResponseElement("reqCount", Integer.toString(i)));
        apiResponseList.addItem(new ApiResponseElement("alertCount", Integer.toString(i2)));
        return apiResponseList;
    }

    private boolean isPolicyEnabled(ScanPolicy scanPolicy, int i) {
        for (Plugin plugin : scanPolicy.getPluginFactory().getAllPlugin()) {
            if (plugin.getCategory() == i && !plugin.isEnabled()) {
                return false;
            }
        }
        return true;
    }

    private Plugin.AttackStrength getPolicyAttackStrength(ScanPolicy scanPolicy, int i) {
        Plugin.AttackStrength attackStrength = null;
        for (Plugin plugin : scanPolicy.getPluginFactory().getAllPlugin()) {
            if (plugin.getCategory() == i) {
                if (attackStrength == null) {
                    attackStrength = plugin.getAttackStrength(true);
                } else if (!attackStrength.equals(plugin.getAttackStrength(true))) {
                    return null;
                }
            }
        }
        return attackStrength;
    }

    private Plugin.AlertThreshold getPolicyAlertThreshold(ScanPolicy scanPolicy, int i) {
        Plugin.AlertThreshold alertThreshold = null;
        for (Plugin plugin : scanPolicy.getPluginFactory().getAllPlugin()) {
            if (plugin.getCategory() == i) {
                if (alertThreshold == null) {
                    alertThreshold = plugin.getAlertThreshold(true);
                } else if (!alertThreshold.equals(plugin.getAlertThreshold(true))) {
                    return null;
                }
            }
        }
        return alertThreshold;
    }

    private static String getStatus(HostProcess hostProcess, Plugin plugin, String str) {
        if (!hostProcess.isSkipped(plugin)) {
            return str;
        }
        String skippedReason = hostProcess.getSkippedReason(plugin);
        return skippedReason == null ? Constant.messages.getString("ascan.progress.label.skipped") : Constant.messages.getString("ascan.progress.label.skippedWithReason", skippedReason);
    }
}
