package generators.misc;

import algoanim.animalscript.AnimalScript;
import algoanim.primitives.Primitive;
import algoanim.primitives.generators.Language;
import algoanim.properties.AnimationPropertiesKeys;
import algoanim.properties.CircleProperties;
import algoanim.properties.PolylineProperties;
import algoanim.properties.RectProperties;
import algoanim.properties.TextProperties;
import algoanim.util.Coordinates;
import algoanim.util.Node;
import algoanim.util.Offset;
import generators.framework.Generator;
import generators.framework.GeneratorType;
import generators.framework.properties.AnimationPropertiesContainer;
import generators.tree.KDTree;
import interactionsupport.models.MultipleChoiceQuestionModel;
import java.awt.Color;
import java.awt.Font;
import java.awt.Point;
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.List;
import java.util.Locale;
import org.apache.commons.jxpath.ri.model.dynamic.DynamicPointerFactory;

/* loaded from: input_file:generators/misc/CSRF_Generator.class */
public class CSRF_Generator implements Generator {
    private Language lang;
    private PolylineProperties Pfeile;
    private CircleProperties Nutzer;
    private CircleProperties Angreifer;
    private String Domain;
    static int LEFT_OFFSET = 40;
    static int TOP_OFFSET = 100;
    static int HEAD_RADIUS = 25;
    static int BODY_RADIUS = 40;
    static int SITE_WIDTH = 70;
    private List<Primitive> graphPrimitives;
    private TextProperties textProps;
    private int currentStep = 0;
    Coordinates userCoor = new Coordinates(LEFT_OFFSET + BODY_RADIUS, (TOP_OFFSET + BODY_RADIUS) + 140);
    Coordinates attackerCoor = new Coordinates((LEFT_OFFSET + 250) + BODY_RADIUS, (TOP_OFFSET + BODY_RADIUS) + 285);
    Coordinates siteCoor = new Coordinates((LEFT_OFFSET + 250) + BODY_RADIUS, TOP_OFFSET);

    @Override // generators.framework.Generator
    public void init() {
        this.lang = new AnimalScript("Cross-Site-Request-Forgery", "Alexander Müller", DynamicPointerFactory.DYNAMIC_POINTER_FACTORY_ORDER, 600);
        this.lang.setStepMode(true);
        this.lang.setInteractionType(1024);
        this.graphPrimitives = new ArrayList();
    }

    @Override // generators.framework.Generator
    public String generate(AnimationPropertiesContainer animationPropertiesContainer, Hashtable<String, Object> hashtable) {
        if (animationPropertiesContainer == null || hashtable == null) {
            this.Pfeile = new PolylineProperties();
            this.Pfeile.set(AnimationPropertiesKeys.FWARROW_PROPERTY, true);
            this.Pfeile.set(AnimationPropertiesKeys.DEPTH_PROPERTY, 5);
            this.Nutzer = new CircleProperties();
            this.Nutzer.set(AnimationPropertiesKeys.FILLED_PROPERTY, true);
            this.Nutzer.set("fillColor", Color.BLUE);
            this.Angreifer = new CircleProperties();
            this.Angreifer.set(AnimationPropertiesKeys.FILLED_PROPERTY, true);
            this.Angreifer.set("fillColor", Color.RED);
            this.Domain = "www.bank.com";
        } else {
            this.Pfeile = (PolylineProperties) animationPropertiesContainer.getPropertiesByName("Pfeile");
            this.Nutzer = (CircleProperties) animationPropertiesContainer.getPropertiesByName("Nutzer");
            this.Angreifer = (CircleProperties) animationPropertiesContainer.getPropertiesByName("Angreifer");
            this.Domain = (String) hashtable.get("Domain");
        }
        this.Nutzer.set("color", this.Nutzer.get("fillColor"));
        this.Angreifer.set("color", this.Angreifer.get("fillColor"));
        this.textProps = new TextProperties();
        this.textProps.set("font", new Font("SansSerif", 0, 16));
        generateHeader();
        this.lang.nextStep("Einleitung");
        generateDiscription();
        this.lang.nextStep("Beispiel");
        this.lang.hideAllPrimitivesExcept(this.graphPrimitives);
        generateGraph();
        executeAlgo();
        this.lang.nextStep("Gegenmaßnahmen");
        this.graphPrimitives.clear();
        generateHeader();
        generateGraph();
        showCountermeasures();
        this.lang.nextStep("Fazit");
        this.lang.hideAllPrimitives();
        generateConclusion();
        this.lang.finalizeGeneration();
        return this.lang.toString();
    }

    private void generateHeader() {
        TextProperties textProperties = new TextProperties();
        textProperties.set("font", new Font("SansSerif", 1, 24));
        this.graphPrimitives.add(this.lang.newText(new Coordinates(80, 30), getAlgorithmName(), "header", null, textProperties));
        RectProperties rectProperties = new RectProperties();
        rectProperties.set(AnimationPropertiesKeys.FILLED_PROPERTY, true);
        rectProperties.set("fillColor", Color.YELLOW);
        rectProperties.set(AnimationPropertiesKeys.DEPTH_PROPERTY, 2);
        this.graphPrimitives.add(this.lang.newRect(new Offset(-5, -5, "header", AnimalScript.DIRECTION_NW), new Offset(5, 5, "header", AnimalScript.DIRECTION_SE), "hRect", null, rectProperties));
    }

    private void generateDiscription() {
        this.lang.newText(new Coordinates(30, 100), "Cross-Site-Request-Forgery oder Session-Riding bezeichnet einen ", "description1", null, this.textProps);
        this.lang.newText(new Offset(0, 25, "description1", AnimalScript.DIRECTION_NW), "Angriff auf den Nutzer einer Webanwendung, bei dem der Browser des ", "description2", null, this.textProps);
        this.lang.newText(new Offset(0, 25, "description2", AnimalScript.DIRECTION_NW), "Nutzers ausgenutzt wird, um eine Transaktion in der Webanwendung ", "description3", null, this.textProps);
        this.lang.newText(new Offset(0, 25, "description3", AnimalScript.DIRECTION_NW), "durchzuführen. Dazu muss das Opfer bei der Webanwendung angemeldet ", "description4", null, this.textProps);
        this.lang.newText(new Offset(0, 25, "description4", AnimalScript.DIRECTION_NW), "sein und eine Webseite oder E-Mail mit Schadcode öffnen. Beim öffnen ", "description5", null, this.textProps);
        this.lang.newText(new Offset(0, 25, "description5", AnimalScript.DIRECTION_NW), "der Webseite/E-Mail wird der Code auf dem Gerät des Opfers ausgeführt ", "description6", null, this.textProps);
        this.lang.newText(new Offset(0, 25, "description6", AnimalScript.DIRECTION_NW), "und dabei die Transaktion durchgeführt.", "description7", null, this.textProps);
        this.lang.nextStep("Beschreibung");
        this.lang.newText(new Offset(0, 50, "description7", AnimalScript.DIRECTION_NW), "1. Der Nutzer loggt sich auf einer vertrauenswürdigen Webseite ein.", "algo11", null, this.textProps);
        this.lang.nextStep();
        this.lang.newText(new Offset(0, 25, "algo11", AnimalScript.DIRECTION_NW), "2. Authentifizierung des Nutzers durch die Webseite.", "algo21", null, this.textProps);
        this.lang.nextStep();
        this.lang.newText(new Offset(0, 25, "algo21", AnimalScript.DIRECTION_NW), "3. Der Angreifer sendet eine E-Mail oder einen Link mit ", "algo31", null, this.textProps);
        this.lang.newText(new Offset(25, 25, "algo31", AnimalScript.DIRECTION_NW), "Schadcode.", "algo32", null, this.textProps);
        this.lang.nextStep();
        this.lang.newText(new Offset(-25, 25, "algo32", AnimalScript.DIRECTION_NW), "4. Der Nutzer öffnet die Mail/den Link.", "algo41", null, this.textProps);
        this.lang.nextStep();
        this.lang.newText(new Offset(0, 25, "algo41", AnimalScript.DIRECTION_NW), "5. Der Browser des Nutzers führt den Code aus und startet die ", "algo51", null, this.textProps);
        this.lang.newText(new Offset(25, 25, "algo51", AnimalScript.DIRECTION_NW), "Transaktion mit der ursprünglichen Webseite.", "algo52", null, this.textProps);
    }

    private void generateGraph() {
        TextProperties textProperties = new TextProperties();
        textProperties.set("font", new Font("SansSerif", 0, 16));
        textProperties.set(AnimationPropertiesKeys.CENTERED_PROPERTY, true);
        textProperties.set(AnimationPropertiesKeys.DEPTH_PROPERTY, 3);
        RectProperties rectProperties = new RectProperties();
        rectProperties.set("color", Color.WHITE);
        rectProperties.set(AnimationPropertiesKeys.FILLED_PROPERTY, true);
        rectProperties.set("fillColor", Color.WHITE);
        rectProperties.set(AnimationPropertiesKeys.DEPTH_PROPERTY, 4);
        this.Nutzer.set(AnimationPropertiesKeys.DEPTH_PROPERTY, 5);
        this.graphPrimitives.add(this.lang.newCircle(this.userCoor, HEAD_RADIUS, "UserHead", null, this.Nutzer));
        this.graphPrimitives.add(this.lang.newCircle(new Coordinates(this.userCoor.getX(), this.userCoor.getY() + (2 * HEAD_RADIUS)), BODY_RADIUS, "UserBody", null, this.Nutzer));
        this.graphPrimitives.add(this.lang.newRect(new Coordinates(this.userCoor.getX() - BODY_RADIUS, this.userCoor.getY() + (2 * HEAD_RADIUS)), new Coordinates(this.userCoor.getX() + BODY_RADIUS, this.userCoor.getY() + (2 * HEAD_RADIUS) + BODY_RADIUS), "userRect", null, rectProperties));
        this.graphPrimitives.add(this.lang.newText(new Coordinates(this.userCoor.getX(), this.userCoor.getY() + (2 * HEAD_RADIUS)), "Nutzer", "userText", null, textProperties));
        this.Angreifer.set(AnimationPropertiesKeys.DEPTH_PROPERTY, 5);
        this.graphPrimitives.add(this.lang.newCircle(this.attackerCoor, HEAD_RADIUS, "AttackerHead", null, this.Angreifer));
        this.graphPrimitives.add(this.lang.newCircle(new Coordinates(this.attackerCoor.getX(), this.attackerCoor.getY() + (2 * HEAD_RADIUS)), BODY_RADIUS, "AttackerBody", null, this.Angreifer));
        this.graphPrimitives.add(this.lang.newRect(new Coordinates(this.attackerCoor.getX() - BODY_RADIUS, this.attackerCoor.getY() + (2 * HEAD_RADIUS)), new Coordinates(this.attackerCoor.getX() + BODY_RADIUS, this.attackerCoor.getY() + (2 * HEAD_RADIUS) + BODY_RADIUS), "attackerRect", null, rectProperties));
        this.graphPrimitives.add(this.lang.newText(new Coordinates(this.attackerCoor.getX(), this.attackerCoor.getY() + (2 * HEAD_RADIUS)), "Angreifer", "attackerText", null, textProperties));
        rectProperties.set("color", Color.BLACK);
        rectProperties.set(AnimationPropertiesKeys.FILLED_PROPERTY, true);
        rectProperties.set("fillColor", Color.YELLOW);
        this.graphPrimitives.add(this.lang.newRect(new Coordinates(this.siteCoor.getX() - (SITE_WIDTH / 2), this.siteCoor.getY()), new Coordinates(this.siteCoor.getX() + (SITE_WIDTH / 2), this.siteCoor.getY() + ((int) (SITE_WIDTH * 1.5d))), "siteRect", null, rectProperties));
        this.graphPrimitives.add(this.lang.newText(this.siteCoor, "HTML", "htmlText", null, textProperties));
        this.graphPrimitives.add(this.lang.newText(new Coordinates(this.siteCoor.getX(), this.siteCoor.getY() + ((int) (SITE_WIDTH * 1.5d))), "Webseite", "siteText", null, textProperties));
    }

    private void executeAlgo() {
        PolylineProperties polylineProperties = this.Pfeile;
        TextProperties textProperties = new TextProperties();
        textProperties.set("font", new Font("SansSerif", 0, 16));
        textProperties.set(AnimationPropertiesKeys.CENTERED_PROPERTY, true);
        textProperties.set(AnimationPropertiesKeys.DEPTH_PROPERTY, 3);
        Coordinates convertToNode = Node.convertToNode(new Point(this.userCoor.getX() + BODY_RADIUS, this.userCoor.getY() + HEAD_RADIUS));
        Coordinates convertToNode2 = Node.convertToNode(new Point(this.siteCoor.getX() - BODY_RADIUS, this.siteCoor.getY() + SITE_WIDTH));
        Coordinates convertToNode3 = Node.convertToNode(new Point(this.attackerCoor.getX() - BODY_RADIUS, this.attackerCoor.getY() + HEAD_RADIUS));
        this.currentStep = 1;
        updateGraphSteps();
        this.lang.newPolyline(new Coordinates[]{convertToNode, convertToNode2}, "loginArrow", null, polylineProperties);
        Coordinates coordinates = new Coordinates((convertToNode.getX() + convertToNode2.getX()) / 2, (convertToNode.getY() + convertToNode2.getY()) / 2);
        this.lang.newText(coordinates, "Login", "loginText", null, textProperties);
        this.lang.nextStep();
        this.currentStep = 2;
        updateGraphSteps();
        this.lang.newPolyline(new Coordinates[]{convertToNode2, convertToNode}, "authArrow", null, polylineProperties);
        this.lang.newText(coordinates, "Authentifizierung", "authText", null, textProperties);
        this.lang.nextStep();
        this.currentStep = 3;
        updateGraphSteps();
        this.lang.newPolyline(new Coordinates[]{convertToNode3, convertToNode}, "loginArrow", null, polylineProperties);
        this.lang.newText(new Coordinates((convertToNode3.getX() + convertToNode.getX()) / 2, (convertToNode3.getY() + convertToNode.getY()) / 2), "E-Mail/Link", "mailText", null, textProperties);
        this.lang.nextStep();
        TextProperties textProperties2 = new TextProperties();
        textProperties2.set("font", new Font("SansSerif", 1, 16));
        this.graphPrimitives.add(this.lang.newText(new Coordinates(LEFT_OFFSET + 550, TOP_OFFSET + KDTree.GM_Y0), "Beispielhafter Aufbau der Mail:", "attackCode1", null, textProperties2));
        this.graphPrimitives.add(this.lang.newText(new Offset(0, 25, "attackCode1", AnimalScript.DIRECTION_NW), "[...]", "attackCode2", null, this.textProps));
        this.graphPrimitives.add(this.lang.newText(new Offset(0, 25, "attackCode2", AnimalScript.DIRECTION_NW), "<img src=" + this.Domain + "/transfer?acct=1234&amount=1000 width=1 height=1>", "attackCode3", null, this.textProps));
        this.graphPrimitives.add(this.lang.newText(new Offset(0, 25, "attackCode3", AnimalScript.DIRECTION_NW), "[...]", "attackCode4", null, this.textProps));
        this.lang.nextStep();
        this.graphPrimitives.add(this.lang.newText(new Offset(0, 50, "attackCode4", AnimalScript.DIRECTION_NW), "Beispielhafter Aufbau des Links:", "attackCode5", null, textProperties2));
        this.graphPrimitives.add(this.lang.newText(new Offset(0, 25, "attackCode5", AnimalScript.DIRECTION_NW), "[...]", "attackCode6", null, this.textProps));
        this.graphPrimitives.add(this.lang.newText(new Offset(0, 25, "attackCode6", AnimalScript.DIRECTION_NW), "<a href=" + this.Domain + "/transfer?acct=1234&amount=1000>View my Video!</a>", "attackCode7", null, this.textProps));
        this.graphPrimitives.add(this.lang.newText(new Offset(0, 25, "attackCode7", AnimalScript.DIRECTION_NW), "[...]", "attackCode8", null, this.textProps));
        this.lang.nextStep();
        this.currentStep = 4;
        updateGraphSteps();
        this.lang.nextStep();
        this.currentStep = 5;
        updateGraphSteps();
        this.lang.newPolyline(new Coordinates[]{convertToNode, convertToNode2}, "transArrow", null, polylineProperties);
        this.lang.newText(new Coordinates((convertToNode.getX() + convertToNode2.getX()) / 2, (convertToNode.getY() + convertToNode2.getY()) / 2), "Transaktion", "transText", null, textProperties);
        this.lang.nextStep();
        MultipleChoiceQuestionModel multipleChoiceQuestionModel = new MultipleChoiceQuestionModel("countermeasuresQuestion");
        multipleChoiceQuestionModel.setPrompt("Welche Gegenmaßnahmen sind Sinnvoll, um einen CSRF-Angriff zu verhindern?");
        multipleChoiceQuestionModel.addAnswer("Nutzung besserer Passwörter beim login.", 0, "Leider nicht korrekt, die Passwortstärke hat keinen Einfluss auf den Angriff.");
        multipleChoiceQuestionModel.addAnswer("Evaluieren der Transaktion auf Serverseite.", 100, "Korrekt! Die Transaktion sollte vom Server nicht ohne Prüfung durchgeführt werden.");
        multipleChoiceQuestionModel.addAnswer("Als Nutzer den Link überprüfen.", 30, "Leider nicht ganz. Ein CSRF-Angriff kann auch erfolgen, ohne dass der Nutzer direkt auf den Link klickt.");
        multipleChoiceQuestionModel.setNumberOfTries(1);
        this.lang.addMCQuestion(multipleChoiceQuestionModel);
    }

    private void showCountermeasures() {
        PolylineProperties polylineProperties = this.Pfeile;
        TextProperties textProperties = new TextProperties();
        textProperties.set("font", new Font("SansSerif", 0, 16));
        textProperties.set(AnimationPropertiesKeys.CENTERED_PROPERTY, true);
        textProperties.set(AnimationPropertiesKeys.DEPTH_PROPERTY, 3);
        Coordinates convertToNode = Node.convertToNode(new Point(this.userCoor.getX() + BODY_RADIUS, this.userCoor.getY() + HEAD_RADIUS));
        Coordinates convertToNode2 = Node.convertToNode(new Point(this.siteCoor.getX() - BODY_RADIUS, this.siteCoor.getY() + SITE_WIDTH));
        Coordinates convertToNode3 = Node.convertToNode(new Point(this.attackerCoor.getX() - BODY_RADIUS, this.attackerCoor.getY() + HEAD_RADIUS));
        this.currentStep = 1;
        updateCountermeasureSteps();
        this.lang.newPolyline(new Coordinates[]{convertToNode, convertToNode2}, "loginArrow", null, polylineProperties);
        Coordinates coordinates = new Coordinates((convertToNode.getX() + convertToNode2.getX()) / 2, (convertToNode.getY() + convertToNode2.getY()) / 2);
        this.lang.newText(coordinates, "Login", "loginText", null, textProperties);
        this.lang.nextStep();
        this.currentStep = 2;
        updateCountermeasureSteps();
        this.lang.newPolyline(new Coordinates[]{convertToNode2, convertToNode}, "authArrow", null, polylineProperties);
        this.lang.newText(coordinates, "Authentifizierung", "authText", null, textProperties);
        this.lang.nextStep();
        this.currentStep = 3;
        updateCountermeasureSteps();
        this.lang.nextStep();
        this.currentStep = 4;
        updateCountermeasureSteps();
        this.lang.newPolyline(new Coordinates[]{convertToNode, convertToNode2}, "visitArrow", null, polylineProperties);
        this.lang.newText(coordinates, "Besuch der Seite", "visitText", null, textProperties);
        this.lang.nextStep();
        this.currentStep = 5;
        updateCountermeasureSteps();
        this.lang.newPolyline(new Coordinates[]{convertToNode2, convertToNode}, "tokenArrow", null, polylineProperties);
        this.lang.newText(coordinates, "Token setzen", "tokenText", null, textProperties);
        this.lang.nextStep();
        this.currentStep = 6;
        updateCountermeasureSteps();
        this.lang.newPolyline(new Coordinates[]{convertToNode, convertToNode2}, "transArrow", null, polylineProperties);
        this.lang.newText(coordinates, "Transaktion", "transText", null, textProperties);
        this.lang.nextStep();
        this.currentStep = 7;
        updateCountermeasureSteps();
        this.lang.newPolyline(new Coordinates[]{convertToNode3, convertToNode}, "loginArrow", null, polylineProperties);
        this.lang.newText(new Coordinates((convertToNode3.getX() + convertToNode.getX()) / 2, (convertToNode3.getY() + convertToNode.getY()) / 2), "E-Mail/Link", "mailText", null, textProperties);
        TextProperties textProperties2 = new TextProperties();
        textProperties2.set("font", new Font("SansSerif", 1, 16));
        this.graphPrimitives.add(this.lang.newText(new Coordinates(LEFT_OFFSET + 550, TOP_OFFSET + KDTree.GM_Y0), "Beispielhafter Aufbau der Mail:", "attackCode1", null, textProperties2));
        this.graphPrimitives.add(this.lang.newText(new Offset(0, 25, "attackCode1", AnimalScript.DIRECTION_NW), "[...]", "attackCode2", null, this.textProps));
        this.graphPrimitives.add(this.lang.newText(new Offset(0, 25, "attackCode2", AnimalScript.DIRECTION_NW), "<img src=" + this.Domain + "/transfer?acct=1234&amount=1000 width=1 height=1>", "attackCode3", null, this.textProps));
        this.graphPrimitives.add(this.lang.newText(new Offset(0, 25, "attackCode3", AnimalScript.DIRECTION_NW), "[...]", "attackCode4", null, this.textProps));
        this.graphPrimitives.add(this.lang.newText(new Offset(0, 50, "attackCode4", AnimalScript.DIRECTION_NW), "Beispielhafter Aufbau des Links:", "attackCode5", null, textProperties2));
        this.graphPrimitives.add(this.lang.newText(new Offset(0, 25, "attackCode5", AnimalScript.DIRECTION_NW), "[...]", "attackCode6", null, this.textProps));
        this.graphPrimitives.add(this.lang.newText(new Offset(0, 25, "attackCode6", AnimalScript.DIRECTION_NW), "<a href=" + this.Domain + "/transfer?acct=1234&amount=1000>View my Video!</a>", "attackCode7", null, this.textProps));
        this.graphPrimitives.add(this.lang.newText(new Offset(0, 25, "attackCode7", AnimalScript.DIRECTION_NW), "[...]", "attackCode8", null, this.textProps));
        this.lang.nextStep();
        this.currentStep = 8;
        updateCountermeasureSteps();
        this.lang.nextStep();
        this.currentStep = 9;
        updateCountermeasureSteps();
        this.lang.newPolyline(new Coordinates[]{convertToNode, convertToNode2}, "transArrow", null, polylineProperties);
        Coordinates coordinates2 = new Coordinates((convertToNode.getX() + convertToNode2.getX()) / 2, (convertToNode.getY() + convertToNode2.getY()) / 2);
        this.lang.newText(coordinates2, "Transaktion", "transText", null, textProperties);
        this.lang.nextStep();
        this.currentStep = 10;
        updateCountermeasureSteps();
        this.lang.newPolyline(new Coordinates[]{convertToNode2, convertToNode}, "declineArrow", null, polylineProperties);
        this.lang.newText(coordinates2, "Abgelehnt", "declineText", null, textProperties);
    }

    private void updateGraphSteps() {
        this.lang.hideAllPrimitivesExcept(this.graphPrimitives);
        TextProperties textProperties = this.textProps;
        TextProperties textProperties2 = new TextProperties();
        textProperties2.set("font", new Font("SansSerif", 1, 16));
        if (this.currentStep >= 1) {
            if (this.currentStep == 1) {
                textProperties = textProperties2;
            }
            this.lang.newText(new Coordinates(this.userCoor.getX() - BODY_RADIUS, this.attackerCoor.getY() + (2 * HEAD_RADIUS) + 32), "1. Der Nutzer loggt sich auf einer vertrauenswürdigen Webseite ein.", "algo1", null, textProperties);
            textProperties = this.textProps;
        }
        if (this.currentStep >= 2) {
            if (this.currentStep == 2) {
                textProperties = textProperties2;
            }
            this.lang.newText(new Offset(0, 25, "algo1", AnimalScript.DIRECTION_NW), "2. Authentifizierung des Nutzers durch die Webseite.", "algo2", null, textProperties);
            textProperties = this.textProps;
        }
        if (this.currentStep >= 3) {
            if (this.currentStep == 3) {
                textProperties = textProperties2;
            }
            this.lang.newText(new Offset(0, 25, "algo2", AnimalScript.DIRECTION_NW), "3. Der Angreifer sendet eine E-Mail oder einen Link mit ", "algo3a", null, textProperties);
            this.lang.newText(new Offset(25, 25, "algo3a", AnimalScript.DIRECTION_NW), "Schadcode.", "algo3b", null, textProperties);
            textProperties = this.textProps;
        }
        if (this.currentStep >= 4) {
            if (this.currentStep == 4) {
                textProperties = textProperties2;
            }
            this.lang.newText(new Offset(-25, 25, "algo3b", AnimalScript.DIRECTION_NW), "4. Der Nutzer öffnet die Mail/den Link.", "algo4", null, textProperties);
            textProperties = this.textProps;
        }
        if (this.currentStep >= 5) {
            if (this.currentStep == 5) {
                textProperties = textProperties2;
            }
            this.lang.newText(new Offset(0, 25, "algo4", AnimalScript.DIRECTION_NW), "5. Der Browser des Nutzers führt den Code aus und startet die ", "algo5a", null, textProperties);
            this.lang.newText(new Offset(25, 25, "algo5a", AnimalScript.DIRECTION_NW), "Transaktion mit der ursprünglichen Webseite.", "algo5b", null, textProperties);
            TextProperties textProperties3 = this.textProps;
        }
    }

    private void updateCountermeasureSteps() {
        this.lang.hideAllPrimitivesExcept(this.graphPrimitives);
        TextProperties textProperties = this.textProps;
        TextProperties textProperties2 = new TextProperties();
        textProperties2.set("font", new Font("SansSerif", 1, 16));
        if (this.currentStep >= 1) {
            if (this.currentStep == 1) {
                textProperties = textProperties2;
            }
            this.lang.newText(new Coordinates(this.userCoor.getX() - BODY_RADIUS, this.attackerCoor.getY() + (2 * HEAD_RADIUS) + 32), "Mögliche Gegenmaßnahme von Serverseite:", "CMheader", null, textProperties2);
            this.lang.newText(new Offset(0, 25, "CMheader", AnimalScript.DIRECTION_NW), "1. Der Nutzer loggt sich auf einer vertrauenswürdigen Webseite ein.", "cm1", null, textProperties);
            textProperties = this.textProps;
        }
        if (this.currentStep >= 2) {
            if (this.currentStep == 2) {
                textProperties = textProperties2;
            }
            this.lang.newText(new Offset(0, 25, "cm1", AnimalScript.DIRECTION_NW), "2. Authentifizierung des Nutzers durch die Webseite.", "cm2", null, textProperties);
            textProperties = this.textProps;
        }
        if (this.currentStep >= 3) {
            if (this.currentStep == 3) {
                textProperties = textProperties2;
            }
            this.lang.newText(new Offset(0, 25, "cm2", AnimalScript.DIRECTION_NW), "3. Normale Nutzung der Webseite:", "cm3a", null, textProperties);
            textProperties = this.textProps;
        }
        if (this.currentStep >= 4) {
            if (this.currentStep == 4) {
                textProperties = textProperties2;
            }
            this.lang.newText(new Offset(25, 25, "cm3a", AnimalScript.DIRECTION_NW), "a) Besuchen der Webseite für Transaktion.", "cm3b", null, textProperties);
            textProperties = this.textProps;
        }
        if (this.currentStep >= 5) {
            if (this.currentStep == 5) {
                textProperties = textProperties2;
            }
            this.lang.newText(new Offset(0, 25, "cm3b", AnimalScript.DIRECTION_NW), "b) Setzen eines One-Time-Tokens (OTT) durch die Webseite.", "cm3c", null, textProperties);
            textProperties = this.textProps;
        }
        if (this.currentStep >= 6) {
            if (this.currentStep == 6) {
                textProperties = textProperties2;
            }
            this.lang.newText(new Offset(0, 25, "cm3c", AnimalScript.DIRECTION_NW), "c) Durchführen der Transaktion, validiert durch OTT.", "cm3d", null, textProperties);
            textProperties = this.textProps;
        }
        if (this.currentStep >= 7) {
            if (this.currentStep == 7) {
                textProperties = textProperties2;
            }
            this.lang.newText(new Offset(-25, 25, "cm3d", AnimalScript.DIRECTION_NW), "4. Der Angreifer sendet eine E-Mail oder einen Link mit ", "cm4a", null, textProperties);
            this.lang.newText(new Offset(25, 25, "cm4a", AnimalScript.DIRECTION_NW), "Schadcode.", "cm4b", null, textProperties);
            textProperties = this.textProps;
        }
        if (this.currentStep >= 8) {
            if (this.currentStep == 8) {
                textProperties = textProperties2;
            }
            this.lang.newText(new Offset(-25, 25, "cm4b", AnimalScript.DIRECTION_NW), "5. Der Nutzer öffnet die Mail/den Link.", "cm5", null, textProperties);
            textProperties = this.textProps;
        }
        if (this.currentStep >= 9) {
            if (this.currentStep == 9) {
                textProperties = textProperties2;
            }
            this.lang.newText(new Offset(0, 25, "cm5", AnimalScript.DIRECTION_NW), "6. Der Browser des Nutzers führt den Code aus und versucht ", "cm6a", null, textProperties);
            this.lang.newText(new Offset(25, 25, "cm6a", AnimalScript.DIRECTION_NW), "die Transaktion mit der ursprünglichen Webseite zu starten.", "cm6b", null, textProperties);
            textProperties = this.textProps;
        }
        if (this.currentStep >= 10) {
            if (this.currentStep == 10) {
                textProperties = textProperties2;
            }
            this.lang.newText(new Offset(-25, 25, "cm6b", AnimalScript.DIRECTION_NW), "7. Wegen dem fehlendem OTT wird die Transaktion nicht ausgeführt.", "cm7", null, textProperties);
            TextProperties textProperties3 = this.textProps;
        }
    }

    private void generateConclusion() {
        generateHeader();
        this.lang.newText(new Coordinates(30, 100), "Cross-Site-Request-Forgeries gehören zu den am weitesten verbreiteten ", "conclusion1", null, this.textProps);
        this.lang.newText(new Offset(0, 25, "conclusion1", AnimalScript.DIRECTION_NW), "Angriffen auf IT-Systeme. ", "conclusion2", null, this.textProps);
        this.lang.newText(new Offset(0, 25, "conclusion2", AnimalScript.DIRECTION_NW), "Sie können allerdings unter anderem verhindert werden, indem vom ", "conclusion3", null, this.textProps);
        this.lang.newText(new Offset(0, 25, "conclusion3", AnimalScript.DIRECTION_NW), "Server One-Time-Tokens verwendet werden. Ein solches Token wird vom ", "conclusion4", null, this.textProps);
        this.lang.newText(new Offset(0, 25, "conclusion4", AnimalScript.DIRECTION_NW), "Server zufällig generiert und an den Nutzer gesendet. Der Angreifer ", "conclusion5", null, this.textProps);
        this.lang.newText(new Offset(0, 25, "conclusion5", AnimalScript.DIRECTION_NW), "kann auf dieses Token nicht zugreifen, da es nur im Kontext der ", "conclusion6", null, this.textProps);
        this.lang.newText(new Offset(0, 25, "conclusion6", AnimalScript.DIRECTION_NW), "vertrauenswürdigen Webseite eingesehen werden kann. Um eine ", "conclusion7", null, this.textProps);
        this.lang.newText(new Offset(0, 25, "conclusion7", AnimalScript.DIRECTION_NW), "Transaktion durchzuführen, muss das Token wieder an den Server ", "conclusion8", null, this.textProps);
        this.lang.newText(new Offset(0, 25, "conclusion8", AnimalScript.DIRECTION_NW), "gesendet und verifiziert werden. ", "conclusion9", null, this.textProps);
        this.lang.newText(new Offset(0, 25, "conclusion9", AnimalScript.DIRECTION_NW), "Zudem kann durch das Anfordern einer PIN oder eines Passworts bei der ", "conclusion10", null, this.textProps);
        this.lang.newText(new Offset(0, 25, "conclusion10", AnimalScript.DIRECTION_NW), "Transaktion ein CSRF-Angriff verhindert werden, da hierbei die ", "conclusion11", null, this.textProps);
        this.lang.newText(new Offset(0, 25, "conclusion11", AnimalScript.DIRECTION_NW), "Transaktion nicht ohne Best�tigung durch den Nutzer durchgeführt ", "conclusion12", null, this.textProps);
        this.lang.newText(new Offset(0, 25, "conclusion12", AnimalScript.DIRECTION_NW), "wird.", "conclusion13", null, this.textProps);
    }

    @Override // generators.framework.Generator
    public String getName() {
        return "Cross-Site-Request-Forgery";
    }

    @Override // generators.framework.Generator
    public String getAlgorithmName() {
        return "Cross-Site-Request-Forgery";
    }

    @Override // generators.framework.Generator
    public String getAnimationAuthor() {
        return "Alexander Müller";
    }

    @Override // generators.framework.Generator
    public String getDescription() {
        return "Cross-Site-Request-Forgery oder Session-Riding bezeichnet einen Angriff auf den Nutzer einer Webanwendung, bei dem der Browser des Nutzers ausgenutzt wird, um eine Transaktion in der Webanwendung durchzuführen. Dazu muss das Opfer bei der Webanwendung angemeldet sein und eine Webseite oder E-Mail mit Schadcode öffnen. Beim öffnen der Webseite/E-Mail wird der Code auf dem Gerät des Opfers ausgeführt und dabei die Transaktion durchgeführt.";
    }

    @Override // generators.framework.Generator
    public String getCodeExample() {
        return "Der Nutzer meldet sich normal bei der Webanwendung an und wird durch diese Authentifiziert. Anschließend wird der Nutzer dazu gebracht eine E-Mail oder Webseite mit Schadcode zu öffnen und den darin enthaltenen Code dadurch auszuführen. Der Code wird dabei vom auf der Webanwendung authentifizierten Browser ausgeführt und dabei die Transaktion durchgeführt.";
    }

    @Override // generators.framework.Generator
    public String getFileExtension() {
        return Generator.ANIMALSCRIPT_FORMAT_EXTENSION;
    }

    @Override // generators.framework.Generator
    public Locale getContentLocale() {
        return Locale.GERMAN;
    }

    @Override // generators.framework.Generator
    public GeneratorType getGeneratorType() {
        return new GeneratorType(GeneratorType.GENERATOR_TYPE_MORE);
    }

    @Override // generators.framework.Generator
    public String getOutputLanguage() {
        return "Pseudo-Code";
    }

    public static void main(String[] strArr) {
        CSRF_Generator cSRF_Generator = new CSRF_Generator();
        cSRF_Generator.init();
        cSRF_Generator.generate(null, null);
        System.out.println(cSRF_Generator.lang);
    }
}
