package com.iplanet.dpro.session.service;

import com.iplanet.dpro.session.SessionID;
import com.iplanet.log.LogException;
import com.iplanet.services.naming.WebtopNaming;
import com.iplanet.services.util.CookieUtils;
import com.sun.identity.security.DecodeAction;
import java.io.DataOutputStream;
import java.io.IOException;
import java.security.AccessController;
import java.util.StringTokenizer;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

/* JADX WARN: Classes with same name are omitted:
  input_file:117586-18/SUNWamclt/reloc/$PRODUCT_DIR/lib/am_sdk.jar:com/iplanet/dpro/session/service/GetHttpSession.class
 */
/* loaded from: input_file:117586-18/SUNWamsdk/reloc/$PRODUCT_DIR/lib/am_sdk.jar:com/iplanet/dpro/session/service/GetHttpSession.class */
public final class GetHttpSession extends HttpServlet {
    public static final String OP = "op";
    public static final String NO_OP = "";
    public static final String CREATE_OP = "create";
    public static final String RECOVER_OP = "recover";
    public static final String RELEASE_OP = "release";
    public static final String DOMAIN = "domain";
    private static final long MAX_TIMESTAMP_DIFF = 600000;

    private boolean validateRequest(HttpServletRequest httpServletRequest) {
        try {
            String cookieValueFromReq = CookieUtils.getCookieValueFromReq(httpServletRequest, "DSAMESecurityCookie");
            if (cookieValueFromReq == null) {
                SessionService.sessionDebug.error("GetHttpSession.validateRequest: no Security Cookie in the request");
                return false;
            }
            StringTokenizer stringTokenizer = new StringTokenizer((String) AccessController.doPrivileged(new DecodeAction(cookieValueFromReq)), "@");
            String nextToken = stringTokenizer.nextToken();
            if (Math.abs(System.currentTimeMillis() - Long.parseLong(stringTokenizer.nextToken())) > MAX_TIMESTAMP_DIFF) {
                SessionService.sessionDebug.error("GetHttpSession.validateRequest: Max time elapsed for the Request");
                return false;
            }
            if (WebtopNaming.getPlatformServerList().contains(nextToken)) {
                return true;
            }
            SessionService.sessionDebug.error(new StringBuffer().append("GetHttpSession.validateRequest: request host :").append(nextToken).append("was not part of the platformServerList").toString());
            return true;
        } catch (Exception e) {
            SessionService.sessionDebug.error("GetHttpSession.validateRequest: Exception while validating the request ", e);
            return false;
        }
    }

    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (!validateRequest(httpServletRequest)) {
            httpServletResponse.setStatus(403);
            return;
        }
        String parameter = httpServletRequest.getParameter(OP);
        if (parameter.equals(RECOVER_OP)) {
            HttpSession session = httpServletRequest.getSession(false);
            if (session == null) {
                SessionService.sessionDebug.error("GetHttpSession.recover: Old  HttpSession is not obtained");
                return;
            }
            if (SessionService.sessionDebug.messageEnabled()) {
                SessionService.sessionDebug.message("GetHttpSession.recover: Old HttpSession is obtained");
            }
            SessionID sessionID = new SessionID(httpServletRequest);
            if (sessionID.toString() != null) {
                SessionService.getSessionService().retrieveSession(sessionID, session);
                return;
            }
            return;
        }
        if (parameter.equals(CREATE_OP)) {
            HttpSession session2 = httpServletRequest.getSession(true);
            InternalSession newInternalSession = SessionService.getSessionService().newInternalSession(httpServletRequest.getParameter("domain"), session2);
            if (SessionService.sessionDebug.messageEnabled()) {
                SessionService.sessionDebug.message(new StringBuffer().append("GetHttpSession.create: Created new session=").append(newInternalSession.getID()).toString());
            }
            DataOutputStream dataOutputStream = new DataOutputStream(httpServletResponse.getOutputStream());
            dataOutputStream.writeUTF(newInternalSession.getID().toString());
            dataOutputStream.flush();
            dataOutputStream.close();
            return;
        }
        if (!parameter.equals(RELEASE_OP)) {
            SessionService.sessionDebug.error("GetHttpSession: unknown operation requested");
            httpServletResponse.setStatus(LogException.ALREADY_EXISTS);
            return;
        }
        SessionID sessionID2 = new SessionID(httpServletRequest);
        if (sessionID2.toString() != null) {
            if (SessionService.sessionDebug.messageEnabled()) {
                SessionService.sessionDebug.message(new StringBuffer().append("GetHttpSession.release: releasing session=").append(sessionID2).toString());
            }
            httpServletResponse.setStatus(SessionService.getSessionService().handleReleaseSession(sessionID2));
        } else if (SessionService.sessionDebug.messageEnabled()) {
            SessionService.sessionDebug.message("GetHttpSession.release: missing session id");
        }
    }

    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        doGet(httpServletRequest, httpServletResponse);
    }
}
