package com.ibm.nex.dsi.security;

import com.ibm.nex.core.json.JSONHelper;
import java.io.IOException;
import java.util.UUID;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/ibm/nex/dsi/security/OCMAuthenticationResource.class */
public class OCMAuthenticationResource extends HttpServlet {
    private static final long serialVersionUID = 6611862995271225044L;
    public static final String COPYRIGHT = "� Copyright UNICOM� Systems, Inc. 2021";
    public static String CROSS_SITE_TOKEN = "crossSiteToken";

    public void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (httpServletRequest.getPathInfo() == null) {
        }
        String parameter = httpServletRequest.getParameter("action");
        if (parameter.equalsIgnoreCase("handleGetAuthenticationInfo")) {
            handleGetAuthenticationInfo(httpServletRequest, httpServletResponse);
            return;
        }
        if (parameter.equalsIgnoreCase("handleLogOut")) {
            handleLogOut(httpServletRequest, httpServletResponse);
        } else if (parameter.equalsIgnoreCase("validateSession")) {
            validateSession(httpServletRequest, httpServletResponse);
        } else {
            httpServletResponse.setStatus(400);
            httpServletResponse.getOutputStream().write("The request cannot be fulfilled due to bad syntax".getBytes("UTF-8"));
        }
    }

    public void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setStatus(400);
        httpServletResponse.getOutputStream().write("GET requests are not allowed".getBytes("UTF-8"));
    }

    public void handleGetAuthenticationInfo(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        AuthenticationInfo authenticationInfo = SecurityUtil.getAuthenticationInfo(httpServletRequest);
        if (authenticationInfo == null) {
            httpServletResponse.setStatus(404);
            return;
        }
        Object attribute = httpServletRequest.getSession().getAttribute(CROSS_SITE_TOKEN);
        if (attribute == null) {
            attribute = UUID.randomUUID().toString();
            httpServletRequest.getSession().setAttribute(CROSS_SITE_TOKEN, attribute);
        }
        authenticationInfo.setCrossSiteToken(attribute.toString());
        authenticationInfo.setSessionTimeoutValue(httpServletRequest.getSession().getMaxInactiveInterval());
        httpServletResponse.setStatus(200);
        JSONHelper.toJson(authenticationInfo, httpServletResponse.getOutputStream(), true);
    }

    public Object handleLogOut(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String id = httpServletRequest.getSession().getId();
        httpServletRequest.getSession().invalidate();
        SecurityUtil.cleanupSessionInfo(httpServletRequest.getRemoteAddr(), id);
        httpServletResponse.setCharacterEncoding("UTF-8");
        httpServletResponse.getOutputStream().write("<result>success</result>".getBytes("UTF-8"));
        httpServletResponse.setStatus(200);
        return null;
    }

    public void validateSession(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String parameter = httpServletRequest.getParameter(CROSS_SITE_TOKEN);
        Object attribute = httpServletRequest.getSession().getAttribute(CROSS_SITE_TOKEN);
        if (parameter == null || attribute == null || !parameter.equals(attribute)) {
            httpServletResponse.setStatus(401);
        } else {
            httpServletResponse.setStatus(200);
        }
    }
}
