package org.owasp.webgoat.session;

import java.util.Iterator;

import javax.servlet.http.HttpServlet;

public class WebgoatContext {

	public final static String DATABASE_CONNECTION_STRING = "DatabaseConnectionString";

	public final static String DATABASE_DRIVER = "DatabaseDriver";

	public final static String DATABASE_USER = "DatabaseUser";

	public final static String DATABASE_PASSWORD = "DatabasePassword";

	public final static String ENTERPRISE = "Enterprise";

	public final static String CODING_EXERCISES = "CodingExercises";
	
	public final static String SHOWCOOKIES = "ShowCookies";

	public final static String SHOWPARAMS = "ShowParams";

	public final static String SHOWREQUEST = "ShowRequest";

	public final static String SHOWSOURCE = "ShowSource";
	
	public final static String SHOWSOLUTION = "ShowSolution";
	
	public final static String SHOWHINTS = "ShowHints";

	public final static String DEFUSEOSCOMMANDS = "DefuseOSCommands";

	public final static String FEEDBACK_ADDRESS = "FeedbackAddress";

	public final static String DEBUG = "debug";

	private String databaseConnectionString;

	private String realConnectionString = null;

	private String databaseDriver;

	private String databaseUser;

	private String databasePassword;

	private boolean showCookies = false;

	private boolean showParams = false;

	private boolean showRequest = false;

	private boolean showSource = false;

	private boolean showSolution = false;

	private boolean defuseOSCommands = false;

	private boolean enterprise = false;

	private boolean codingExercises = false;
	
	private String feedbackAddress = "<A HREF=mailto:webgoat@owasp.org>webgoat@owasp.org</A>";

	private boolean isDebug = false;

	private String servletName;

	private HttpServlet servlet;

	public WebgoatContext(HttpServlet servlet) {
		this.servlet = servlet;
		databaseConnectionString = getParameter(servlet, DATABASE_CONNECTION_STRING);
		databaseDriver = getParameter(servlet, DATABASE_DRIVER);
		databaseUser = getParameter(servlet, DATABASE_USER);
		databasePassword = getParameter(servlet, DATABASE_PASSWORD);
		
		// initialize from web.xml
		showParams = "true".equals( getParameter(servlet, SHOWPARAMS ) );
		showCookies = "true".equals( getParameter(servlet, SHOWCOOKIES ) );
		showSource = "true".equals( getParameter(servlet, SHOWSOURCE ) );
		showSolution = "true".equals( getParameter( servlet, SHOWSOLUTION ) );
		defuseOSCommands = "true".equals( getParameter(servlet, DEFUSEOSCOMMANDS ) );
		enterprise = "true".equals( getParameter(servlet, ENTERPRISE ) );
		codingExercises = "true".equals( getParameter(servlet, CODING_EXERCISES ) );
		feedbackAddress = getParameter(servlet, FEEDBACK_ADDRESS ) != null ? 
				getParameter(servlet, FEEDBACK_ADDRESS ) : feedbackAddress;
		showRequest = "true".equals( getParameter(servlet, SHOWREQUEST ) );
		isDebug = "true".equals( getParameter(servlet, DEBUG ) );
		servletName = servlet.getServletName();
		
	}

	private String getParameter(HttpServlet servlet, String key) {
		String value = System.getenv().get(key);
		if (value == null)
			value = servlet.getInitParameter(key);
		return value;
	}
	
	/**
	 * returns the connection string with the real path to the database
	 * directory inserted at the word PATH
	 * 
	 * @return The databaseConnectionString value
	 */
	public String getDatabaseConnectionString() {
		if (realConnectionString == null)
			try {
				String path = servlet.getServletContext().getRealPath(
						"/database").replace('\\', '/');
				System.out.println("PATH: " + path);
				realConnectionString = databaseConnectionString.replaceAll(
						"PATH", path);
				System.out.println("Database Connection String: "
						+ realConnectionString);
			} catch (Exception e) {
				System.out
						.println("Couldn't open database: check web.xml database parameters");
				e.printStackTrace();
			}
		return realConnectionString;
	}

	/**
	 * Gets the databaseDriver attribute of the WebSession object
	 * 
	 * @return The databaseDriver value
	 */
	public String getDatabaseDriver() {
		return (databaseDriver);
	}

	/**
	 * Gets the databaseUser attribute of the WebSession object
	 * 
	 * @return The databaseUser value
	 */
	public String getDatabaseUser() {
		return (databaseUser);
	}

	/**
	 * Gets the databasePassword attribute of the WebSession object
	 * 
	 * @return The databasePassword value
	 */
	public String getDatabasePassword() {
		return (databasePassword);
	}

	public boolean isDefuseOSCommands() {
		return defuseOSCommands;
	}

	public boolean isEnterprise() {
		return enterprise;
	}

	public boolean isCodingExercises() {
		return codingExercises;
	}
	
	public String getFeedbackAddress() {
		return feedbackAddress;
	}

	public boolean isDebug() {
		return isDebug;
	}

	public String getServletName() {
		return servletName;
	}

	public boolean isShowCookies() {
		return showCookies;
	}

	public boolean isShowParams() {
		return showParams;
	}

	public boolean isShowRequest() {
		return showRequest;
	}

	public boolean isShowSource() {
		return showSource;
	}

	public boolean isShowSolution() {
		return showSolution;
	}

}