1 /*
2  * Zed Attack Proxy (ZAP) and its related class files.
3  *
4  * ZAP is an HTTP/HTTPS proxy for assessing web application security.
5  *
6  * Copyright 2011 The ZAP Development Team
7  *
8  * Licensed under the Apache License, Version 2.0 (the "License");
9  * you may not use this file except in compliance with the License.
10  * You may obtain a copy of the License at
11  *
12  *     http://www.apache.org/licenses/LICENSE-2.0
13  *
14  * Unless required by applicable law or agreed to in writing, software
15  * distributed under the License is distributed on an "AS IS" BASIS,
16  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17  * See the License for the specific language governing permissions and
18  * limitations under the License.
19  */
20 package org.zaproxy.zap.extension.api;
21 
22 import java.math.BigInteger;
23 import java.security.SecureRandom;
24 import javax.swing.JOptionPane;
25 import org.parosproxy.paros.Constant;
26 import org.parosproxy.paros.extension.ExtensionAdaptor;
27 import org.parosproxy.paros.extension.ExtensionHook;
28 import org.parosproxy.paros.model.Model;
29 import org.zaproxy.zap.utils.DesktopUtils;
30 import org.zaproxy.zap.view.ZapMenuItem;
31 
32 public class ExtensionAPI extends ExtensionAdaptor {
33 
34     public static final String NAME = "ExtensionAPI";
35     /**
36      * @deprecated (2.7.0) Use {@link API#getBaseURL(boolean)} instead. This URL might not be
37      *     correct in all cases, for example, if the API is set 'Secure' (thus needing to use
38      *     HTTPS).
39      */
40     @Deprecated public static final String API_URL = "http://zap/";
41 
42     private OptionsApiPanel optionsApiPanel = null;
43     private ZapMenuItem menuAPI = null;
44     private CoreAPI coreApi = null;
45 
ExtensionAPI()46     public ExtensionAPI() {
47         super(NAME);
48         this.setOrder(10);
49     }
50 
51     @Override
getUIName()52     public String getUIName() {
53         return Constant.messages.getString("api.name");
54     }
55 
56     @Override
hook(ExtensionHook extensionHook)57     public void hook(ExtensionHook extensionHook) {
58         super.hook(extensionHook);
59         if (getView() != null) {
60             extensionHook.getHookView().addOptionPanel(getOptionsAPIPanel());
61             extensionHook.getHookMenu().addToolsMenuItem(getMenuAPI());
62         }
63 
64         coreApi = new CoreAPI(extensionHook.getModel().getOptionsParam().getConnectionParam());
65 
66         extensionHook.addApiImplementor(coreApi);
67         extensionHook.addApiImplementor(new ContextAPI());
68     }
69 
getOptionsAPIPanel()70     private OptionsApiPanel getOptionsAPIPanel() {
71         if (optionsApiPanel == null) {
72             optionsApiPanel = new OptionsApiPanel();
73         }
74         return optionsApiPanel;
75     }
76 
generateApiKey()77     public static String generateApiKey() {
78         SecureRandom random = new SecureRandom();
79         return new BigInteger(130, random).toString(32);
80     }
81 
getMenuAPI()82     private ZapMenuItem getMenuAPI() {
83         if (menuAPI == null) {
84             menuAPI = new ZapMenuItem("api.menu.tools.url");
85             menuAPI.setEnabled(DesktopUtils.canOpenUrlInBrowser());
86 
87             menuAPI.addActionListener(
88                     new java.awt.event.ActionListener() {
89 
90                         @Override
91                         public void actionPerformed(java.awt.event.ActionEvent e) {
92                             if (!API.getInstance().isEnabled()) {
93                                 String title =
94                                         Constant.messages.getString(
95                                                 "api.dialogue.browseApiNotEnabled.title");
96                                 String message =
97                                         Constant.messages.getString(
98                                                 "api.dialogue.browseApiNotEnabled.message");
99                                 String confirmButtonLabel =
100                                         Constant.messages.getString(
101                                                 "api.dialogue.browseApiNotEnabled.button.confirm.label");
102                                 String cancelButtonLabel =
103                                         Constant.messages.getString(
104                                                 "api.dialogue.browseApiNotEnabled.button.cancel.label");
105 
106                                 int option =
107                                         JOptionPane.showOptionDialog(
108                                                 getView().getMainFrame(),
109                                                 message,
110                                                 title,
111                                                 JOptionPane.YES_NO_OPTION,
112                                                 JOptionPane.QUESTION_MESSAGE,
113                                                 null,
114                                                 new String[] {
115                                                     confirmButtonLabel, cancelButtonLabel
116                                                 },
117                                                 null);
118 
119                                 if (option != JOptionPane.YES_OPTION) {
120                                     return;
121                                 }
122                                 Model.getSingleton()
123                                         .getOptionsParam()
124                                         .getApiParam()
125                                         .setEnabled(true);
126                             }
127 
128                             DesktopUtils.openUrlInBrowser(API.getInstance().getBaseURL(false));
129                         }
130                     });
131         }
132         return menuAPI;
133     }
134 
135     @Override
getAuthor()136     public String getAuthor() {
137         return Constant.ZAP_TEAM;
138     }
139 
140     @Override
getDescription()141     public String getDescription() {
142         return Constant.messages.getString("api.desc");
143     }
144 
getCoreAPI()145     public CoreAPI getCoreAPI() {
146         return this.coreApi;
147     }
148 
149     @Override
supportsDb(String type)150     public boolean supportsDb(String type) {
151         return true;
152     }
153 
154     @Override
supportsLowMemory()155     public boolean supportsLowMemory() {
156         return true;
157     }
158 }
159